From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <adhemerval.zanella@linaro.org>
Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com
 [IPv6:2607:f8b0:4864:20::32c])
 by sourceware.org (Postfix) with ESMTPS id 0CC18385840C
 for <libc-alpha@sourceware.org>; Fri, 28 Jan 2022 17:07:44 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 0CC18385840C
Received: by mail-ot1-x32c.google.com with SMTP id
 g15-20020a9d6b0f000000b005a062b0dc12so6317243otp.4
 for <libc-alpha@sourceware.org>; Fri, 28 Jan 2022 09:07:44 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
 :content-language:to:references:from:in-reply-to
 :content-transfer-encoding;
 bh=fIzQiXYfsrjjDNZSULcSKDmnKicHcWahrUdqgTCJ3n0=;
 b=s2mV2n25/I2az3iUX3eAuZUJ9kAX/RhSeIahXNd0EAyL6Y4TcGcWQNGFUOkZRIK8YK
 HVvGArVNAFT5E+hfxgQCOmPT7iM5Yq0H+4D4eCOkIsCEg3Gl54WBzbqyM6jDh2HR/J/Q
 +BChY5ErqP6DNSHXw8N+jA2X0Vxk7sYKEqjAaBxgJeDGwgeF+zIPOPQCaC8qcxIatzuK
 v152u27ugEyb03lkSKMm1EnwAZMehyrL15uahmyQOFVidG+ThtyjHeHM/zYRjjnchdRC
 2A1O++jzfc85sME9lOHeKEtSXvHzxXVwlEhu4qhi5+G3QOAyU0YpoiMxrwH/4OBFQiq0
 7spg==
X-Gm-Message-State: AOAM533wM/z+1ApAV4U/lN664xnd2ook8nHhkCw38wODvvP+7v89y26z
 9cZarZEMybmWwVemAljKVS6JZal5iBapIw==
X-Google-Smtp-Source: ABdhPJyXbVp9Kb6usDgE1KYGoOBc+ATP/rCuQ6m5l1Mh3spDxyLcVDVl+TcV5VXDBklWCyTuf8GVJQ==
X-Received: by 2002:a05:6830:43ac:: with SMTP id
 s44mr5520207otv.88.1643389663112; 
 Fri, 28 Jan 2022 09:07:43 -0800 (PST)
Received: from ?IPV6:2804:431:c7ca:709a:aad4:4e8:bc05:17ad?
 ([2804:431:c7ca:709a:aad4:4e8:bc05:17ad])
 by smtp.gmail.com with ESMTPSA id c20sm13450578ots.50.2022.01.28.09.07.42
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Fri, 28 Jan 2022 09:07:42 -0800 (PST)
Message-ID: <a9828191-eb42-ded7-a29f-2768ed94d906@linaro.org>
Date: Fri, 28 Jan 2022 14:07:40 -0300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.5.1
Subject: Re: [PATCH 2/2] linux: posix_spawn: return EINVAL on argc < 1
Content-Language: en-US
To: =?UTF-8?Q?Cristian_Rodr=c3=adguez?= <crrodriguez@opensuse.org>,
 libc-alpha@sourceware.org
References: <20220128133937.9555-1-crrodriguez@opensuse.org>
 <CAPBLoAcQYmDEh5DwtgZeg6C_E6tSCT4ix7WMm8u6+x8KCSBDnA@mail.gmail.com>
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
In-Reply-To: <CAPBLoAcQYmDEh5DwtgZeg6C_E6tSCT4ix7WMm8u6+x8KCSBDnA@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-12.1 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_NUMSUBJECT,
 NICE_REPLY_A, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jan 2022 17:07:45 -0000



On 28/01/2022 12:26, Cristian Rodríguez wrote:
> This apparently does not do what I wanted..
> 
> if (argv[0] == NULL || !strlen(argv[0]))
>     {
>     errno = EINVAL;
>     return errno;
> }
> 
> is a better check I think.
> 
> On Fri, Jan 28, 2022 at 10:48 AM Cristian Rodríguez
> <crrodriguez@opensuse.org> wrote:
>>
>> posix_spawn allows argc < 1 but the specification says that
>> "The value in argv[0] should point to a filename string.."
>> So there must be at least one non-null argument.
>>
>> Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
>> ---
>>  sysdeps/unix/sysv/linux/spawni.c | 5 +++++
>>  1 file changed, 5 insertions(+)
>>
>> diff --git a/sysdeps/unix/sysv/linux/spawni.c b/sysdeps/unix/sysv/linux/spawni.c
>> index 93359c708b..23617c9165 100644
>> --- a/sysdeps/unix/sysv/linux/spawni.c
>> +++ b/sysdeps/unix/sysv/linux/spawni.c
>> @@ -334,6 +334,11 @@ __spawnix (pid_t * pid, const char *file,
>>         errno = E2BIG;
>>         return errno;
>>        }
>> +    if (argc < 1)
>> +      {
>> +       errno = EINVAL;
>> +       return errno;
>> +      }
>>
>>    int prot = (PROT_READ | PROT_WRITE
>>              | ((GL (dl_stack_flags) & PF_X) ? PROT_EXEC : 0));
>> --
>> 2.34.1


Since Linux is discussing changing on execve syscall [1], I think it would be
better to the same not only for posix_spawn, but rather to all execve
functions.

And since all ends up calling execve, even posix_spawn, I think it would be
better to:

  1. Make posix/execve.c call __execveat.
    1.1. It would also allow remove the Hurd implementation 'sysdeps/mach/hurd/execve.c'
  2. Add the proper check on generic, Linux, and Hurd implementation execveat.
    2.1. Maybe even add __execveat_internal that just issue the syscall and let the
         generic wrapper handle the argument parsing.
  3. Add a regression test.

I also think returning EINVAL is better than the kernel EFAULT one (it seems that
the last message on thread does settle for that).

[1] https://lore.kernel.org/all/20220126114447.25776-1-ariadne@dereferenced.org/