From: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
To: Sergey Bugaev <bugaevc@gmail.com>
Cc: Florian Weimer <fweimer@redhat.com>, libc-alpha@sourceware.org
Subject: Re: [PATCH v2 3/3] io: Add FORTIFY_SOURCE check for fcntl arguments
Date: Mon, 29 May 2023 17:14:09 -0300 [thread overview]
Message-ID: <e22f0ee7-b31e-caaa-2ea0-5423ee7f0bb2@linaro.org> (raw)
In-Reply-To: <CAN9u=HfjNX8ryX7ry=Xj4Hcs8-cAvjsP48iy6WmRMQgVEkKBMg@mail.gmail.com>
On 29/05/23 16:57, Sergey Bugaev wrote:
> On Mon, May 29, 2023 at 9:09 PM Adhemerval Zanella Netto
> <adhemerval.zanella@linaro.org> wrote:
>>> It's not really required. Apparently even an 'inline' function call is
>>> enough to to disarm __builtin_constant_p [0]; I just threw both
>>> volatile and noinline in for good measure.>
>>> [0] https://godbolt.org/z/v9569KGTT
>>
>> It is because afaiu 'volatile' does not really match the semantics of what you
>> are trying to do here. Maybe if you really need the compile to force lvalue
>> evaluation, it should use something similar to math_opt_barrier.
>
> So, an asm block that does nothing, but is said to read and modify the
> value? Sounds better indeed, and reminds me of how
> std::hint::black_box is implemented.
Now that you brought Rust black_box, we already something similar on
benchtests: DO_NOT_OPTIMIZE_OUT.
>
>> Nevermind, you do need to check for __USE_LARGEFILE64 symbols. But
>> you can omit the '#if defined", they are always defined.
>
> Uhh that's unfortunate actually. I hoped the test would check the
> non-__USE_LARGEFILE64 configuration as well, to catch some
> __USE_LARGEFILE64-only definition being used unconditionally, for
> example.
>
The LFS names are not considered a namespace pollution, so I think that's
why it always provided (just check tst-fortify.c LFS name usage, like
pread64).
>> And debugging a bit, it seems that I found another issue. Building
>> tst-fortify-c-lfs-1-def.c the post-processed output (-E -dD) for fcntl call is:
>>
>> res = (0 ? __fcntl_2_inline (0, 2) : !__builtin_constant_p (2) ? __fcntl_alias (0, 2, 0) : (__fcntl_is_int (2) ? __builtin_types_compatible_p (__typeof (0), int) : __fcntl_is_const_uint64_t_ptr (2) ? (__builtin_types_compatible_p (__typeof (0), const __uint64_t *) || __builtin_types_compatible_p (__typeof (0), __uint64_t *)) : __fcntl_is_uint64_t_ptr (2) ? __builtin_types_compatible_p (__typeof (0), __uint64_t *) : __fcntl_is_const_fowner_ex (2) ? (__builtin_types_compatible_p (__typeof (0), const struct f_owner_ex *) || __builtin_types_compatible_p (__typeof (0), struct f_owner_ex *)) : __fcntl_is_fowner_ex (2) ? __builtin_types_compatible_p (__typeof (0), struct f_owner_ex *) : __fcntl_is_const_flock (2, 0) ? (__builtin_types_compatible_p (__typeof (0), const struct flock *) || __builtin_types_compatible_p (__typeof (0), struct flock *)) : __fcntl_is_flock (2, 0) ? __builtin_types_compatible_p (__typeof (0), struct flock *) : __fcntl_is_const_flock64 (2, 0) ? (__builtin_types_compatible_p (__typeof (0), const struct flock64 *) || __builtin_types_compatible_p (__typeof (0), struct flock64 *)) : __fcntl_is_flock64 (2, 0) ? __builtin_types_compatible_p (__typeof (0), struct flock64 *) : 1) ? __fcntl_alias (0, 2, 0) : __fcntl_warn (0, 2, 0));
>>
>> Which is the non-LFS version.
>
> Hmm, I don't see the issue? And the test passes, doesn't it? :)
> (If it passes *despite* the 32-vs-64 confusion, that is a problem in
> itself, that'd mean it's not checking what it's supposed to be
> checking.)
>
> The fcntl macro will always expand to the same thing (modulo C vs C++
> type check differences). But then __fcntl_alias and __fcntl_warn both
> reference the same symbol that fcntl would reference had it not been
> for the fortification -- which is going to be the 'fcntl64' symbol
> with __USE_FILE_OFFSET64.
>
>> So I think this patch should do the same:
>>
>> #ifndef __USE_FILE_OFFSET64
>> # define fcntl(fd, cmd, ...) \
>> (__VA_OPT__ (0 ?) __fcntl_2_inline (fd, cmd) \
>> __VA_OPT__ (: \
>> !__builtin_constant_p (cmd) ? __fcntl_alias (fd, cmd, __VA_ARGS__) \
>> : __fcntl_type_check (cmd, __VA_ARGS__, 0) \
>> ? __fcntl_alias (fd, cmd, __VA_ARGS__) \
>> : __fcntl_warn (fd, cmd, __VA_ARGS__)))
>> #else
>> # define fcntl(fd, cmd, ...) \
>> (__VA_OPT__ (0 ?) __fcntl_2_inline (fd, cmd) \
>> __VA_OPT__ (: \
>> !__builtin_constant_p (cmd) ? __fcntl64_alias (fd, cmd, __VA_ARGS__) \
>> : __fcntl_type_check (cmd, __VA_ARGS__, 0) \
>> ? __fcntl64_alias (fd, cmd, __VA_ARGS__) \
>> : __fcntl64_warn (fd, cmd, __VA_ARGS__)))
>> #endif
>
> What's the point? -- __fcntl_alias and __fcntl64_alias are supposed to
> both reference the same thing (fcntl64 or __fcntl_time64) with
> __USE_FILE_OFFSET64. Or more generally: do the same thing as the
> non-fortified definition does.
>
> Hope this makes sense.
Yeah, I forgot __fcntl_alias is in fact ... an alias. So in fact there is no
issue here.
next prev parent reply other threads:[~2023-05-29 20:14 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-28 17:20 [PATCH v2 0/3] fcntl fortification Sergey Bugaev
2023-05-28 17:20 ` [PATCH v2 1/3] support: Add support_fcntl_support_ofd_locks () Sergey Bugaev
2023-05-29 13:18 ` Adhemerval Zanella Netto
2023-05-28 17:20 ` [PATCH v2 2/3] cdefs.h: Define __glibc_warn_system_headers_{begin,end} Sergey Bugaev
2023-05-29 14:50 ` [PATCH v2 2/3] cdefs.h: Define __glibc_warn_system_headers_{begin, end} Adhemerval Zanella Netto
2023-05-28 17:20 ` [PATCH v2 3/3] io: Add FORTIFY_SOURCE check for fcntl arguments Sergey Bugaev
2023-05-29 16:54 ` Adhemerval Zanella Netto
2023-05-29 17:31 ` Sergey Bugaev
2023-05-29 18:09 ` Adhemerval Zanella Netto
2023-05-29 19:57 ` Sergey Bugaev
2023-05-29 20:14 ` Adhemerval Zanella Netto [this message]
2023-05-29 20:49 ` Sergey Bugaev
2023-05-29 21:09 ` Adhemerval Zanella Netto
2023-05-29 21:59 ` Sergey Bugaev
2023-05-30 11:34 ` Adhemerval Zanella Netto
2023-05-30 7:41 ` Florian Weimer
2023-05-30 9:07 ` Sergey Bugaev
2023-05-30 9:50 ` Florian Weimer
2023-05-30 11:35 ` Adhemerval Zanella Netto
2023-05-30 8:09 ` [PATCH v2 0/3] fcntl fortification Florian Weimer
2023-05-30 10:46 ` Sergey Bugaev
2023-05-30 11:08 ` Florian Weimer
2023-05-30 11:34 ` Sergey Bugaev
2023-05-30 11:50 ` Florian Weimer
2023-05-30 11:51 ` Florian Weimer
2023-05-30 12:15 ` Sergey Bugaev
2023-05-30 12:26 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e22f0ee7-b31e-caaa-2ea0-5423ee7f0bb2@linaro.org \
--to=adhemerval.zanella@linaro.org \
--cc=bugaevc@gmail.com \
--cc=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).