[v2] Correct access attribute on memfrob (bug 28475)

Message ID	alpine.DEB.2.22.394.2110192055210.10354@digraph.polyomino.org.uk
State	New
Headers	show Return-Path: <libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org> DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 6A8073857C7A IronPort-SDR: 4AAkfmiJBQXb95DzBvt6p+z/3ngT4ko5sHrt03k5S92sPXglfeFw1MLsWi7E2eEZX01Tdj2D0U AkgFrEC1NTWSgBb3ogRDZC6Rsy6fnjMQYcIUsjJoW7l/TLlheAHZZX2FxQ8CW6ZaVrWXP1r+4J 8dyVT39EhnZhfx7E8rvL88OplMeehmjWt9C0dj5S4G1V3jV+C43Y7l6Gu+ExVnB1WnfBf562oo vZjmbeQHxW81BArXPEJofVQzd2d+n8UknaP0WTj8jHfgsLCmesKvUTNNke8Hl5QFmQlnFsdXaW OhqLcrKyVXTxLe/Pu/JM3WPy IronPort-SDR: cUy1/C3c/HXig7Bii8zTvaY0niJghewA6QYNZtW5aLR6UY9zvLDp8fETOMYon2Rd7/fEggRmJE q3AX1u5d2Ei6oNSxV3e1rhfIXtotTAN7HmFM8Q755b86GFJuvLB6do4F70y4oAVfLn/uhXb9hf T8UIwb/+AFtZCB2xx3sA3iOmdSOQVBvgY0UcNnEdRnYAXMIy41IIhi+9m3MSoE2im+M5bt9DAv 4rJHNNj67N7QCYwyBokgUsA9vjqJx8W5Ps4zkPU1Cd3JBzJSsT/HBwA7iQKFZczk+1YiOidjYt T1k= Date: Tue, 19 Oct 2021 20:56:03 +0000 From: Joseph Myers <joseph@codesourcery.com> To: Florian Weimer <fweimer@redhat.com> Subject: [PATCH v2] Correct access attribute on memfrob (bug 28475) In-Reply-To: <87v91syew0.fsf@oldenburg.str.redhat.com> Message-ID: <alpine.DEB.2.22.394.2110192055210.10354@digraph.polyomino.org.uk> References: <alpine.DEB.2.22.394.2110191724140.10354@digraph.polyomino.org.uk> <87v91syew0.fsf@oldenburg.str.redhat.com> User-Agent: Alpine 2.22 (DEB 394 2020-01-19) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Precedence: list Cc: libc-alpha@sourceware.org Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org Sender: "Libc-alpha" <libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org>
Series	[v2] Correct access attribute on memfrob (bug 28475) \| expand [v2] Correct access attribute on memfrob (bug 28475)

Message ID

alpine.DEB.2.22.394.2110192055210.10354@digraph.polyomino.org.uk

State

New

Headers

DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 6A8073857C7A
IronPort-SDR: 
 4AAkfmiJBQXb95DzBvt6p+z/3ngT4ko5sHrt03k5S92sPXglfeFw1MLsWi7E2eEZX01Tdj2D0U
 AkgFrEC1NTWSgBb3ogRDZC6Rsy6fnjMQYcIUsjJoW7l/TLlheAHZZX2FxQ8CW6ZaVrWXP1r+4J
 8dyVT39EhnZhfx7E8rvL88OplMeehmjWt9C0dj5S4G1V3jV+C43Y7l6Gu+ExVnB1WnfBf562oo
 vZjmbeQHxW81BArXPEJofVQzd2d+n8UknaP0WTj8jHfgsLCmesKvUTNNke8Hl5QFmQlnFsdXaW
 OhqLcrKyVXTxLe/Pu/JM3WPy
IronPort-SDR: 
 cUy1/C3c/HXig7Bii8zTvaY0niJghewA6QYNZtW5aLR6UY9zvLDp8fETOMYon2Rd7/fEggRmJE
 q3AX1u5d2Ei6oNSxV3e1rhfIXtotTAN7HmFM8Q755b86GFJuvLB6do4F70y4oAVfLn/uhXb9hf
 T8UIwb/+AFtZCB2xx3sA3iOmdSOQVBvgY0UcNnEdRnYAXMIy41IIhi+9m3MSoE2im+M5bt9DAv
 4rJHNNj67N7QCYwyBokgUsA9vjqJx8W5Ps4zkPU1Cd3JBzJSsT/HBwA7iQKFZczk+1YiOidjYt
 T1k=
Date: Tue, 19 Oct 2021 20:56:03 +0000
From: Joseph Myers <joseph@codesourcery.com>
To: Florian Weimer <fweimer@redhat.com>
Subject: [PATCH v2] Correct access attribute on memfrob (bug 28475)
In-Reply-To: <87v91syew0.fsf@oldenburg.str.redhat.com>
Message-ID: <alpine.DEB.2.22.394.2110192055210.10354@digraph.polyomino.org.uk>
References: <alpine.DEB.2.22.394.2110191724140.10354@digraph.polyomino.org.uk>
 <87v91syew0.fsf@oldenburg.str.redhat.com>
User-Agent: Alpine 2.22 (DEB 394 2020-01-19)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Precedence: list
Cc: libc-alpha@sourceware.org
Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org
Sender: "Libc-alpha"
 <libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org>

Series

[v2] Correct access attribute on memfrob (bug 28475) | expand

Commit Message

Joseph Myers Oct. 19, 2021, 8:56 p.m. UTC

As noted in bug 28475, the access attribute on memfrob in <string.h>
is incorrect: the function both reads and writes the memory pointed to
by its argument, so it needs to use __read_write__, not
__write_only__.  This incorrect attribute results in a build failure
for accessing uninitialized memory for s390x-linux-gnu-O3 with
build-many-glibcs.py using GCC mainline.

Correct the attribute.  Fixing this shows up that some calls to
memfrob in elf/ tests are reading uninitialized memory; I'm not
entirely sure of the purpose of those calls, but guess they are about
ensuring that the stack space is indeed allocated at that point in the
function, and so it matters that they are calling a function whose
semantics are unknown to the compiler.  Thus, change the first memfrob
call in those tests to use explicit_bzero instead, as suggested by
Florian in
<https://sourceware.org/pipermail/libc-alpha/2021-October/132119.html>,
to avoid the use of uninitialized memory.

Tested for x86_64, and with build-many-glibcs.py (GCC mainline) for
s390x-linux-gnu-O3.

---

Changed in version 2 to use explicit_bzero in the elf/ tests as
suggested by Florian.

Comments

Florian Weimer Oct. 20, 2021, 7:33 a.m. UTC | #1

* Joseph Myers:

> diff --git a/elf/tst-execstack-needed.c b/elf/tst-execstack-needed.c
> index 8b794a3d47..85078e40ef 100644
> --- a/elf/tst-execstack-needed.c
> +++ b/elf/tst-execstack-needed.c
> @@ -26,7 +26,7 @@ static void
>  deeper (void (*f) (void))
>  {
>    char stack[1100 * 1024];
> -  memfrob (stack, sizeof stack);
> +  explicit_bzero (stack, sizeof stack);
>    (*f) ();
>    memfrob (stack, sizeof stack);
>  }
> diff --git a/elf/tst-execstack-prog.c b/elf/tst-execstack-prog.c
> index 8663153372..1b34bb5597 100644
> --- a/elf/tst-execstack-prog.c
> +++ b/elf/tst-execstack-prog.c
> @@ -25,7 +25,7 @@ static void
>  deeper (void (*f) (void))
>  {
>    char stack[1100 * 1024];
> -  memfrob (stack, sizeof stack);
> +  explicit_bzero (stack, sizeof stack);
>    (*f) ();
>    memfrob (stack, sizeof stack);
>  }
> diff --git a/elf/tst-execstack.c b/elf/tst-execstack.c
> index 114f341d76..7e898b4f58 100644
> --- a/elf/tst-execstack.c
> +++ b/elf/tst-execstack.c
> @@ -227,7 +227,7 @@ static void
>  deeper (void (*f) (void))
>  {
>    char stack[1100 * 1024];
> -  memfrob (stack, sizeof stack);
> +  explicit_bzero (stack, sizeof stack);
>    (*f) ();
>    memfrob (stack, sizeof stack);
>  }
> diff --git a/string/string.h b/string/string.h
> index 04e1b7067d..201d7e31c8 100644
> --- a/string/string.h
> +++ b/string/string.h
> @@ -495,7 +495,7 @@ extern char *strfry (char *__string) __THROW __nonnull ((1));
>  
>  /* Frobnicate N bytes of S.  */
>  extern void *memfrob (void *__s, size_t __n) __THROW __nonnull ((1))
> -    __attr_access ((__write_only__, 1, 2));
> +    __attr_access ((__read_write__, 1, 2));
>  
>  # ifndef basename
>  /* Return the file name within directory of FILENAME.  We don't

Patch looks good.

Thanks,
Florian

diff --git a/elf/tst-execstack-needed.c b/elf/tst-execstack-needed.c
index 8b794a3d47..85078e40ef 100644
--- a/elf/tst-execstack-needed.c
+++ b/elf/tst-execstack-needed.c
@@ -26,7 +26,7 @@  static void
 deeper (void (*f) (void))
 {
   char stack[1100 * 1024];
-  memfrob (stack, sizeof stack);
+  explicit_bzero (stack, sizeof stack);
   (*f) ();
   memfrob (stack, sizeof stack);
 }
diff --git a/elf/tst-execstack-prog.c b/elf/tst-execstack-prog.c
index 8663153372..1b34bb5597 100644
--- a/elf/tst-execstack-prog.c
+++ b/elf/tst-execstack-prog.c
@@ -25,7 +25,7 @@  static void
 deeper (void (*f) (void))
 {
   char stack[1100 * 1024];
-  memfrob (stack, sizeof stack);
+  explicit_bzero (stack, sizeof stack);
   (*f) ();
   memfrob (stack, sizeof stack);
 }
diff --git a/elf/tst-execstack.c b/elf/tst-execstack.c
index 114f341d76..7e898b4f58 100644
--- a/elf/tst-execstack.c
+++ b/elf/tst-execstack.c
@@ -227,7 +227,7 @@  static void
 deeper (void (*f) (void))
 {
   char stack[1100 * 1024];
-  memfrob (stack, sizeof stack);
+  explicit_bzero (stack, sizeof stack);
   (*f) ();
   memfrob (stack, sizeof stack);
 }
diff --git a/string/string.h b/string/string.h
index 04e1b7067d..201d7e31c8 100644
--- a/string/string.h
+++ b/string/string.h
@@ -495,7 +495,7 @@  extern char *strfry (char *__string) __THROW __nonnull ((1));
 
 /* Frobnicate N bytes of S.  */
 extern void *memfrob (void *__s, size_t __n) __THROW __nonnull ((1))
-    __attr_access ((__write_only__, 1, 2));
+    __attr_access ((__read_write__, 1, 2));
 
 # ifndef basename
 /* Return the file name within directory of FILENAME.  We don't