From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com [IPv6:2607:f8b0:4864:20::22d]) by sourceware.org (Postfix) with ESMTPS id 36EA7385840C for ; Mon, 29 May 2023 21:09:15 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 36EA7385840C Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-oi1-x22d.google.com with SMTP id 5614622812f47-39831cb47fbso2462742b6e.1 for ; Mon, 29 May 2023 14:09:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1685394554; x=1687986554; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=tVvwM2woou3OBVfCHwsoceirjEfc1VswCSMD2ybMNlY=; b=xXio255fLrPtjMVVgnsiU1GW7kdh8JZRUyn3+UM19vvSTELAnJgq1aaSdsgj8QsO2y uxru118MtYmK+Zrnk6pHm+7eNpR7tNIma2en8IMfKPpitAY/76BOX6/GNBLazaOu5Jib bgQEXsA2YTWCJoCgdDI1yazfLxv9Pm1pa+vBCmRvAkQhkQyV5npYQU1u9TqXiUUN8Sg/ BHq3a8IZoYPPipjL5WJnuZ6FCPUawcD09vAcXL2UpTc0IQxBhaBBMlcabBGGiaSD3PC7 t1f0ZeBD7fkc8jTkpFfs/2WHa1ybpNzfelygb9nO6BTVyb+MTKHpUNFGylr/IWs7Nr/G ucBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685394554; x=1687986554; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=tVvwM2woou3OBVfCHwsoceirjEfc1VswCSMD2ybMNlY=; b=XieXat4ctxGxCu+vJVYbXOFjw6C6QsyhwbyvJtJIdZLW2es292IyhzSFOaeh2rea8M TEsgk3Ns03Lio0zcoSAGfdlXuQJldH+gqC+iPWv2TsWEsCfXkw+MAO/xM/8w/IMPJuqm CmOb6JCgaANy+RO+ZaLFLD+i/lXWctskG2CekFDvG55u8vp/US5zY2m5/e9X5S503Vb2 PdkKR+SCvT5XxjBrnF9HDH6hykayll6y6+U6Xgi2q49ZatCkjXSVLRY1dQAkRQSqMeqT GbJfqbrU7BH9CVDnSOPRK1O916BVNvCLjAAEio/YuJGYVNfy8T6ViQoFzVUwwK4uJ9w2 OTgg== X-Gm-Message-State: AC+VfDxbFrU87S1eLEsFahywYzskKwmM2LzNQKCyJtBUiw2oI/N0GwId Hyut5AIOQjjL+CjgMyK6Ono5xA== X-Google-Smtp-Source: ACHHUZ5upsaGs40UPmQPRi0hSfcnj9LdpveByiMuqxXi34HxXVn9UNkjParCN73qy3z/N++YwK1uWA== X-Received: by 2002:aca:2217:0:b0:393:fb3e:6151 with SMTP id b23-20020aca2217000000b00393fb3e6151mr102552oic.50.1685394554507; Mon, 29 May 2023 14:09:14 -0700 (PDT) Received: from ?IPV6:2804:1b3:a7c1:4dd5:b058:c94a:90a7:2c43? ([2804:1b3:a7c1:4dd5:b058:c94a:90a7:2c43]) by smtp.gmail.com with ESMTPSA id f8-20020a4ab648000000b0055530a42ce3sm1676570ooo.34.2023.05.29.14.09.11 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 29 May 2023 14:09:13 -0700 (PDT) Message-ID: Date: Mon, 29 May 2023 18:09:10 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.11.1 Subject: Re: [PATCH v2 3/3] io: Add FORTIFY_SOURCE check for fcntl arguments Content-Language: en-US To: Sergey Bugaev Cc: Florian Weimer , libc-alpha@sourceware.org References: <20230528172013.73111-1-bugaevc@gmail.com> <20230528172013.73111-4-bugaevc@gmail.com> <31457dbb-a805-262f-4b62-be0b40960ca6@linaro.org> <8354c659-cfb0-993a-2764-72a2cd6f6ed4@linaro.org> From: Adhemerval Zanella Netto Organization: Linaro In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-6.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,KAM_SHORT,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 29/05/23 17:49, Sergey Bugaev wrote: > On Mon, May 29, 2023 at 11:14 PM Adhemerval Zanella Netto > wrote: >> Now that you brought Rust black_box, we already something similar on >> benchtests: DO_NOT_OPTIMIZE_OUT. > > I see, thanks -- but that also seems different in that it doesn't mark > the value as the output of the asm block, so the compiler could see > that it's returned unmodified. So it wouldn't be suitable here. It is returned unmodified, but the asm acts a compiler barrier which gcc documentation also declares as 'strong memory barrier' [1] (which I think was written before C11 memory semantic). [1] https://gcc.gnu.org/onlinedocs/gcc/Volatiles.html > > Rust's black_box is / was [0] instead implemented as > > llvm_asm!("" : : "r"(&mut dummy) : "memory" : "volatile"); What the 'volatile' constraint does for the llvm_asm? Is is to mimic a 'asm volatile' or is something else? > > i.e. it marks the mutable reference to the value as inline asm's > input, not the value itself. > > [0]: nowadays it's a compiler intrinsic that still gets codegenned to > a similar asm block when using the LLVM codegen backend Yeah, without a compiler intrinsic with proper semantic we need to rely on hacks such this asm barrier to prevent code optimization. > >> The LFS names are not considered a namespace pollution, so I think that's >> why it always provided (just check tst-fortify.c LFS name usage, like >> pread64). > > They may be always provided when building tst-fortify.c, but they're > certainly not always provided when building user code (not even > provided by default): > > $ gcc use-fcntl64.c -Werror > use-fcntl64.c: In function ‘main’: > use-fcntl64.c:6:3: error: implicit declaration of function ‘fcntl64’; > did you mean ‘fcntl’? [-Werror=implicit-function-declaration] > 6 | fcntl64 (0, F_GETFD); > | ^~~~~~~ > | fcntl > cc1: all warnings being treated as errors > $ gcc use-fcntl64.c -D _LARGEFILE64_SOURCE -Werror > (builds successfully) > > So this has to be supported, and ideally tested too. It is exported because all tests are actually built with _GNU_SOURCE (done by include/libc-symbols.h), so the test check is superfluous. It also leaks implementation details, such as internal defines. Usually to check for internal implementation we use test-internal (which are built statically). But if you really want to check for _LARGEFILE64_SOURCE, you will need to add *another* fortify test that undef _GNU_SOURCE (like stdlib/tst-strtol-binary-c11.c for instance).