From: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
To: Sergey Bugaev <bugaevc@gmail.com>
Cc: Florian Weimer <fweimer@redhat.com>, libc-alpha@sourceware.org
Subject: Re: [PATCH v2 3/3] io: Add FORTIFY_SOURCE check for fcntl arguments
Date: Mon, 29 May 2023 18:09:10 -0300 [thread overview]
Message-ID: <b776bb21-7f2d-5dc4-3e88-86147ae3c8fe@linaro.org> (raw)
In-Reply-To: <CAN9u=HcPrcsmwomgh7MAbqm6JKXYP-dmnFKmg=zPaPaBSD82LA@mail.gmail.com>
On 29/05/23 17:49, Sergey Bugaev wrote:
> On Mon, May 29, 2023 at 11:14 PM Adhemerval Zanella Netto
> <adhemerval.zanella@linaro.org> wrote:
>> Now that you brought Rust black_box, we already something similar on
>> benchtests: DO_NOT_OPTIMIZE_OUT.
>
> I see, thanks -- but that also seems different in that it doesn't mark
> the value as the output of the asm block, so the compiler could see
> that it's returned unmodified. So it wouldn't be suitable here.
It is returned unmodified, but the asm acts a compiler barrier which gcc
documentation also declares as 'strong memory barrier' [1] (which I think was
written before C11 memory semantic).
[1] https://gcc.gnu.org/onlinedocs/gcc/Volatiles.html
>
> Rust's black_box is / was [0] instead implemented as
>
> llvm_asm!("" : : "r"(&mut dummy) : "memory" : "volatile");
What the 'volatile' constraint does for the llvm_asm? Is is to mimic a
'asm volatile' or is something else?
>
> i.e. it marks the mutable reference to the value as inline asm's
> input, not the value itself.
>
> [0]: nowadays it's a compiler intrinsic that still gets codegenned to
> a similar asm block when using the LLVM codegen backend
Yeah, without a compiler intrinsic with proper semantic we need to rely on
hacks such this asm barrier to prevent code optimization.
>
>> The LFS names are not considered a namespace pollution, so I think that's
>> why it always provided (just check tst-fortify.c LFS name usage, like
>> pread64).
>
> They may be always provided when building tst-fortify.c, but they're
> certainly not always provided when building user code (not even
> provided by default):
>
> $ gcc use-fcntl64.c -Werror
> use-fcntl64.c: In function ‘main’:
> use-fcntl64.c:6:3: error: implicit declaration of function ‘fcntl64’;
> did you mean ‘fcntl’? [-Werror=implicit-function-declaration]
> 6 | fcntl64 (0, F_GETFD);
> | ^~~~~~~
> | fcntl
> cc1: all warnings being treated as errors
> $ gcc use-fcntl64.c -D _LARGEFILE64_SOURCE -Werror
> (builds successfully)
>
> So this has to be supported, and ideally tested too.
It is exported because all tests are actually built with _GNU_SOURCE (done
by include/libc-symbols.h), so the test check is superfluous. It also
leaks implementation details, such as internal defines. Usually to check
for internal implementation we use test-internal (which are built
statically).
But if you really want to check for _LARGEFILE64_SOURCE, you will need to
add *another* fortify test that undef _GNU_SOURCE (like stdlib/tst-strtol-binary-c11.c
for instance).
next prev parent reply other threads:[~2023-05-29 21:09 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-28 17:20 [PATCH v2 0/3] fcntl fortification Sergey Bugaev
2023-05-28 17:20 ` [PATCH v2 1/3] support: Add support_fcntl_support_ofd_locks () Sergey Bugaev
2023-05-29 13:18 ` Adhemerval Zanella Netto
2023-05-28 17:20 ` [PATCH v2 2/3] cdefs.h: Define __glibc_warn_system_headers_{begin,end} Sergey Bugaev
2023-05-29 14:50 ` [PATCH v2 2/3] cdefs.h: Define __glibc_warn_system_headers_{begin, end} Adhemerval Zanella Netto
2023-05-28 17:20 ` [PATCH v2 3/3] io: Add FORTIFY_SOURCE check for fcntl arguments Sergey Bugaev
2023-05-29 16:54 ` Adhemerval Zanella Netto
2023-05-29 17:31 ` Sergey Bugaev
2023-05-29 18:09 ` Adhemerval Zanella Netto
2023-05-29 19:57 ` Sergey Bugaev
2023-05-29 20:14 ` Adhemerval Zanella Netto
2023-05-29 20:49 ` Sergey Bugaev
2023-05-29 21:09 ` Adhemerval Zanella Netto [this message]
2023-05-29 21:59 ` Sergey Bugaev
2023-05-30 11:34 ` Adhemerval Zanella Netto
2023-05-30 7:41 ` Florian Weimer
2023-05-30 9:07 ` Sergey Bugaev
2023-05-30 9:50 ` Florian Weimer
2023-05-30 11:35 ` Adhemerval Zanella Netto
2023-05-30 8:09 ` [PATCH v2 0/3] fcntl fortification Florian Weimer
2023-05-30 10:46 ` Sergey Bugaev
2023-05-30 11:08 ` Florian Weimer
2023-05-30 11:34 ` Sergey Bugaev
2023-05-30 11:50 ` Florian Weimer
2023-05-30 11:51 ` Florian Weimer
2023-05-30 12:15 ` Sergey Bugaev
2023-05-30 12:26 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b776bb21-7f2d-5dc4-3e88-86147ae3c8fe@linaro.org \
--to=adhemerval.zanella@linaro.org \
--cc=bugaevc@gmail.com \
--cc=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).