From patchwork Thu Dec 21 18:59:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1879401 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=HZc93q5x; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sx09w2GFjz1ydZ for ; Fri, 22 Dec 2023 06:00:20 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 55A96384CBA1 for ; Thu, 21 Dec 2023 19:00:18 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) by sourceware.org (Postfix) with ESMTPS id E2CD03858413 for ; Thu, 21 Dec 2023 18:59:45 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E2CD03858413 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org E2CD03858413 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::433 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185188; cv=none; b=Ke50RKfCv8RoPTWHVAE9PtRqRaCmUGg3G7ZGMaSW8q9zlPQvldUx4HHyhIBIPsN3zs5P65tdaAXBLif2Dmxgkr0fM7kbLbO7fFNcoOA29spYTrsHsgBZELhkcqr4g7x4blYAN2JEKqHwyRncR0xk8Fguw6LicryuUS2/9rv5Xeo= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185188; c=relaxed/simple; bh=2awUj00zJtPLF0dHzUtKM/MNLAvGOinbnLGAQV9r4rU=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=FsOgxNq966RWqm82NZQzpnOC1J9z6MjOD4nkipZLXcAD8P85gRZbazDWCvMG0T7wfVgdA3LcQDJZYHeElW9BmrsUy6PLUGyXYBkYdbbbzJEPneJzbNLpvyFsdmczREaPMrLhltDwEt5mPus8frSixmpkZBN4gV7hALoVAfitHys= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x433.google.com with SMTP id d2e1a72fcca58-6d47bb467a9so1643532b3a.1 for ; Thu, 21 Dec 2023 10:59:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1703185184; x=1703789984; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=j4v+wLOSZ5jb+O3RNFp1x/EtvvMwvnAJYv0eByTvmec=; b=HZc93q5xWpnJK9IVZXozt6/GzxWD891FHaaODM2GeQ5NWTY88gyZtjOkF3nX4KMOPI Z5Pyj8mvSjp6o8ockHvabORHXulGYbIO91qZxz/4uDbDNKYLtsO0S3KNLlsOx2JRwtJ9 OKPZzCzj4vJ7AVCVxXTLccotCPOh/DAYOxIEpTjOZevXMDhYOexETZWMI8GCxp7BnN9R By7UksewRUNVNmy7bXNvSznU075vWGMeHKpordbYsrtR3jJlX9VuwtH6rSqi0X/DOi8Q ttesqWe7OU17s4ocWXhDe5F8yVltnzKaVT373F8QTggGpTXaxeRRAR0KvrJ3sL86t3za 7TLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703185184; x=1703789984; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=j4v+wLOSZ5jb+O3RNFp1x/EtvvMwvnAJYv0eByTvmec=; b=NnbgW5X9AIDSJrY6BALe96Xh1lq5B5m15f6tw4K2LbaSwEmtuE6m5fRpOnX0mw91FH Y4Iat4/7w60rbadhvcdrbcGjZuGpulejLvPkrrZ9SFz6jVxb9WpjrwCreovmSIHCz2LN O7gk0FgWEAsHnLUpHWVbziwWiO5JgbNJdpUXEDDyGZ8nJlFPkirf0BqDzNFbkVEZz7Ci JDK1ku9uvFYHTiaBF7gkPU+VucHS4WqLwptuf2P3zqHA+d/mBZf0BbVnS+b+oZPH+6Ef iTT77ZmdXz3EWaw1ocovvR38fRtSyRzR9IsM/qy3SP8nY/FkUNRkPmw+047Kam8N6rBR SkZg== X-Gm-Message-State: AOJu0YznwjbnfbCksRXc6wwvVr/r/wpL1tbLCR3QnHiikEp3R0P8i82w NtUaS2Xy8E6IadxqRTKOAuqVNRf8wyTpVoxR7C+UAAwL9yo= X-Google-Smtp-Source: AGHT+IHYWYOkmqGql8vikq/xMJDdJj3jo7g1rlT/0ImcRSvt0UjNT3EdPEODxNp2hVg4RzcO9zl/fA== X-Received: by 2002:a05:6a20:89a5:b0:194:eefc:370e with SMTP id h37-20020a056a2089a500b00194eefc370emr1292109pzg.52.1703185184107; Thu, 21 Dec 2023 10:59:44 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:8192:ecd7:d327:bea0:14dc]) by smtp.gmail.com with ESMTPSA id a9-20020a63e409000000b005cdbebd61d8sm1946165pgi.9.2023.12.21.10.59.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 10:59:43 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH 01/15] debug: Adapt fortify tests to libsupport Date: Thu, 21 Dec 2023 15:59:15 -0300 Message-Id: <20231221185929.1307116-2-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> References: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org Checked on aarch64, armhf, x86_64, and i686. Reviewed-by: Siddhesh Poyarekar --- debug/test-stpcpy_chk.c | 2 +- debug/test-strcpy_chk.c | 2 +- debug/tst-fortify.c | 55 +++++++++++++++++++++------------------- debug/tst-longjmp_chk.c | 8 +++--- debug/tst-longjmp_chk2.c | 6 ++--- debug/tst-longjmp_chk3.c | 6 ++--- 6 files changed, 39 insertions(+), 40 deletions(-) diff --git a/debug/test-stpcpy_chk.c b/debug/test-stpcpy_chk.c index 938f3c0ceb..0b9fed49cc 100644 --- a/debug/test-stpcpy_chk.c +++ b/debug/test-stpcpy_chk.c @@ -19,7 +19,7 @@ #define STRCPY_RESULT(dst, len) ((dst) + (len)) #define TEST_MAIN #define TEST_NAME "stpcpy_chk" -#include "../string/test-string.h" +#include extern void __attribute__ ((noreturn)) __chk_fail (void); char *simple_stpcpy_chk (char *, const char *, size_t); diff --git a/debug/test-strcpy_chk.c b/debug/test-strcpy_chk.c index 792e789e1e..684e0bdd9b 100644 --- a/debug/test-strcpy_chk.c +++ b/debug/test-strcpy_chk.c @@ -20,7 +20,7 @@ # define STRCPY_RESULT(dst, len) dst # define TEST_MAIN # define TEST_NAME "strcpy_chk" -# include "../string/test-string.h" +# include /* This test case implicitly tests the availability of the __chk_fail symbol, which is part of the public ABI and may be used diff --git a/debug/tst-fortify.c b/debug/tst-fortify.c index 3744aadad4..20e926751a 100644 --- a/debug/tst-fortify.c +++ b/debug/tst-fortify.c @@ -23,6 +23,7 @@ #include #include +#include #include #include #include @@ -36,6 +37,10 @@ #include #include #include +#include + +#include +#include #ifndef _GNU_SOURCE # define MEMPCPY memcpy @@ -52,15 +57,10 @@ #define obstack_chunk_alloc malloc #define obstack_chunk_free free -char *temp_filename; -static void do_prepare (void); -static int do_test (void); -#define PREPARE(argc, argv) do_prepare () -#define TEST_FUNCTION do_test () -#include "../test-skeleton.c" +static char *temp_filename; static void -do_prepare (void) +do_prepare (int argc, char *argv[]) { int temp_fd = create_temp_file ("tst-chk1.", &temp_filename); if (temp_fd == -1) @@ -77,10 +77,11 @@ do_prepare (void) exit (1); } } +#define PREPARE do_prepare -volatile int chk_fail_ok; -volatile int ret; -jmp_buf chk_fail_buf; +static volatile int chk_fail_ok; +static volatile int ret; +static jmp_buf chk_fail_buf; static void handler (int sig) @@ -102,22 +103,22 @@ wchar_t wbuf[10]; #define buf_size sizeof (buf) #endif -volatile size_t l0; -volatile char *p; -volatile wchar_t *wp; -const char *str1 = "JIHGFEDCBA"; -const char *str2 = "F"; -const char *str3 = "%s%n%s%n"; -const char *str4 = "Hello, "; -const char *str5 = "World!\n"; -const wchar_t *wstr1 = L"JIHGFEDCBA"; -const wchar_t *wstr2 = L"F"; -const wchar_t *wstr3 = L"%s%n%s%n"; -const wchar_t *wstr4 = L"Hello, "; -const wchar_t *wstr5 = L"World!\n"; -char buf2[10] = "%s"; -int num1 = 67; -int num2 = 987654; +static volatile size_t l0; +static volatile char *p; +static volatile wchar_t *wp; +static const char *str1 = "JIHGFEDCBA"; +static const char *str2 = "F"; +static const char *str3 = "%s%n%s%n"; +static const char *str4 = "Hello, "; +static const char *str5 = "World!\n"; +static const wchar_t *wstr1 = L"JIHGFEDCBA"; +static const wchar_t *wstr2 = L"F"; +static const wchar_t *wstr3 = L"%s%n%s%n"; +static const wchar_t *wstr4 = L"Hello, "; +static const wchar_t *wstr5 = L"World!\n"; +static char buf2[10] = "%s"; +static int num1 = 67; +static int num2 = 987654; #define FAIL() \ do { printf ("Failure on line %d\n", __LINE__); ret = 1; } while (0) @@ -1815,3 +1816,5 @@ do_test (void) return ret; } + +#include diff --git a/debug/tst-longjmp_chk.c b/debug/tst-longjmp_chk.c index e4e93d2a36..37f858606b 100644 --- a/debug/tst-longjmp_chk.c +++ b/debug/tst-longjmp_chk.c @@ -10,11 +10,7 @@ #include #include - -static int do_test(void); -#define TEST_FUNCTION do_test () -#include "../test-skeleton.c" - +#include static jmp_buf b; @@ -76,3 +72,5 @@ do_test (void) puts ("second longjmp returned"); return 1; } + +#include diff --git a/debug/tst-longjmp_chk2.c b/debug/tst-longjmp_chk2.c index 1810ab44d7..7e1ee3edc5 100644 --- a/debug/tst-longjmp_chk2.c +++ b/debug/tst-longjmp_chk2.c @@ -10,9 +10,7 @@ #include #include -static int do_test (void); -#define TEST_FUNCTION do_test () -#include "../test-skeleton.c" +#include static jmp_buf mainloop; static sigset_t mainsigset; @@ -126,3 +124,5 @@ do_test (void) return 0; } + +#include diff --git a/debug/tst-longjmp_chk3.c b/debug/tst-longjmp_chk3.c index f1e576ad5b..3050806c44 100644 --- a/debug/tst-longjmp_chk3.c +++ b/debug/tst-longjmp_chk3.c @@ -20,10 +20,6 @@ #include #include -static int do_test (void); -#define TEST_FUNCTION do_test () -#include "../test-skeleton.c" - static char buf[SIGSTKSZ * 4]; static jmp_buf jb; @@ -83,3 +79,5 @@ do_test (void) puts ("longjmp returned and shouldn't"); return 1; } + +#include From patchwork Thu Dec 21 18:59:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1879409 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=kGpJDdGE; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=8.43.85.97; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sx0Bf0J3dz1yr5 for ; Fri, 22 Dec 2023 06:00:58 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 5B7683870856 for ; Thu, 21 Dec 2023 19:00:55 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-oa1-x29.google.com (mail-oa1-x29.google.com [IPv6:2001:4860:4864:20::29]) by sourceware.org (Postfix) with ESMTPS id 19B5D386186B for ; Thu, 21 Dec 2023 18:59:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 19B5D386186B Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 19B5D386186B Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2001:4860:4864:20::29 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185189; cv=none; b=JXFe4SNIR7YhAUZvJ1/wl5m0+pXQxMXwslqUT/e1OaxrMutYOOO8satb3/ovh6tYpWcqAn5vR8+jU4XawTgQJBjukBcsYPEqNan154N5WtVtvAq+otlQFcmYIv15z6IO+TvVk58UoAYaeUSd4VnhcLf75Q3ZIsQj2QL9RRycM98= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185189; c=relaxed/simple; bh=hhgC2bh0eGBgUHbOSRieTVdEAFQFRzxIdryVK+6f7LI=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=T1nKeHKXT1EM8lGe20nUrv9ouE7smD7UMLc12Dc867pc+csHMOzAVlcXoiu/rz06bKL+5TX3kNgqvN76UfNJPHFTTE/QoHtKJJ9cHTevEy8ahgjQXxl8jzhARJBAYa5BHv2ypWPEmBtlSsyXPC4Yjpa07hgRrSGdswE06N9gLW0= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-oa1-x29.google.com with SMTP id 586e51a60fabf-2043e721daaso129800fac.2 for ; Thu, 21 Dec 2023 10:59:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1703185186; x=1703789986; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=TLl4uZ5zM2ZP/IqJmVIBfhvMkBEXhdbPBgEsRG414Go=; b=kGpJDdGEkjMg3+Qg0UJbLYlUP0r4yKv2ia5V/lrEq/B6JKvt1kslxtXoPNCqRktmCl vtUEZ2t9QNllLKz3otwRiSvaJowFryFEWMySf7/CxciO1LT4sPXcB43yeE6xgoMdk1jd XuH+aY93JrfdD5AWQ3PKcjU1i80A1FdXcV+nhDFdLbI97Iw4pnKylMeNEoXzps2tH2ib dQUL5yLAypnK4bPqI1nUYUxjvCtqFuPjBGkQnZaBe+vLSSimMGxAOCp8Ma/ZqBfLnDvF RJL62cZCtIql9Lh++6hL0dwBssQQm0/B25yIqNPI3s7PxNfmQB+LL0nn+tbIhAy2DTpe 6gKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703185186; x=1703789986; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TLl4uZ5zM2ZP/IqJmVIBfhvMkBEXhdbPBgEsRG414Go=; b=LXczs7twgAa/jLYC3kWJzHQneO+LtrHbTwNj2iH7ayuFSfkFdMTTyA5n35qDpNmeJX syUTsfAKGTqdJxQ++2iqHU41mQwBGa870qSdEF2N4Yds+323jOE0eig63I3VKdRLbW29 yEFdv9zus0Ly8HZeYVTZN+n9jvMI3YdhLWYbaLpiaOBHYmwTXG/Ye41QQAREhVY4F4Tg vlCt5BtB2LS31k8fCwlrU0jzKCvCBdqbXQZu/0XXd7iZbIT5ArXgKyNTpNb07Rd22NCO vzKXDGzVmqmPQ66gXBm+hRHHb/U21Ml7SzBFQUrIaf/gtEIXxz48nFay9j/OLR/AtOIn 9skA== X-Gm-Message-State: AOJu0Yx+wggxMmaHgYxflyj7Oe742wtsA9BSg/f+iUOqFmSRq6MKVi5g UGvykO1MQdk4idx10A+DXzVT+xcwdVFCFmdnlQP0nwOycSo= X-Google-Smtp-Source: AGHT+IEzLX3xq8x/CVvlNe19xBZp2EB21tX3HprEKhYOqbBabdMHYcFp88+pEfSRXrj607a8eF1Q3A== X-Received: by 2002:a05:6870:f149:b0:1fb:75a:6d1a with SMTP id l9-20020a056870f14900b001fb075a6d1amr277724oac.65.1703185186244; Thu, 21 Dec 2023 10:59:46 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:8192:ecd7:d327:bea0:14dc]) by smtp.gmail.com with ESMTPSA id a9-20020a63e409000000b005cdbebd61d8sm1946165pgi.9.2023.12.21.10.59.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 10:59:45 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH 02/15] debug: Increase tst-fortify checks for compiler without __va_arg_pack support Date: Thu, 21 Dec 2023 15:59:16 -0300 Message-Id: <20231221185929.1307116-3-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> References: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org The fortify wrappers for varargs functions already add fallbacks to builtins calls if __va_arg_pack is not supported. Checked on aarch64, armhf, x86_64, and i686. Reviewed-by: Siddhesh Poyarekar --- debug/tst-fortify.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/debug/tst-fortify.c b/debug/tst-fortify.c index 20e926751a..5cd9d22feb 100644 --- a/debug/tst-fortify.c +++ b/debug/tst-fortify.c @@ -130,7 +130,7 @@ static int num2 = 987654; chk_fail_ok = 0; \ FAIL (); \ } -#if __USE_FORTIFY_LEVEL >= 2 && (!defined __cplusplus || defined __va_arg_pack) +#if __USE_FORTIFY_LEVEL >= 2 # define CHK_FAIL2_START CHK_FAIL_START # define CHK_FAIL2_END CHK_FAIL_END #else @@ -419,7 +419,6 @@ do_test (void) stpncpy (buf + 6, "cd", l0 + 5); CHK_FAIL_END -# if !defined __cplusplus || defined __va_arg_pack CHK_FAIL_START sprintf (buf + 8, "%d", num1); CHK_FAIL_END @@ -439,7 +438,6 @@ do_test (void) CHK_FAIL_START swprintf (wbuf + 8, l0 + 3, L"%d", num1); CHK_FAIL_END -# endif memcpy (buf, str1 + 2, 9); CHK_FAIL_START @@ -550,7 +548,6 @@ do_test (void) FAIL (); } -# if !defined __cplusplus || defined __va_arg_pack CHK_FAIL_START sprintf (a.buf1 + (O + 7), "%d", num1); CHK_FAIL_END @@ -562,7 +559,6 @@ do_test (void) CHK_FAIL_START snprintf (a.buf1 + (O + 7), l0 + 3, "%d", num2); CHK_FAIL_END -# endif memcpy (a.buf1, str1 + (3 - O), 8 + O); CHK_FAIL_START From patchwork Thu Dec 21 18:59:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1879400 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=jLVreUpi; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sx09s16pNz1ydZ for ; Fri, 22 Dec 2023 06:00:16 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 976943864C5D for ; Thu, 21 Dec 2023 19:00:13 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-oo1-xc33.google.com (mail-oo1-xc33.google.com [IPv6:2607:f8b0:4864:20::c33]) by sourceware.org (Postfix) with ESMTPS id ADCA33861859 for ; Thu, 21 Dec 2023 18:59:49 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org ADCA33861859 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org ADCA33861859 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::c33 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185190; cv=none; b=CGb50Yot+RoaGW6CepVGx5Kayb7kunY3ZXDacZhyV8hhVNQzF80sqM63c/3l1pvPj8jN2r5Ual2WVwbwi4fCIFgEi0NOsryDIGH5HW6j30TIT1jtYsLj9CNfcRalH8a0B4x7ddpJshJg3gpGbgV8kElE8DyC9lA5tx54N+QJc8k= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185190; c=relaxed/simple; bh=k1713LFYRlIy3qnyEHvVoeeQLL+DNZ5DFqZr/vl/KXQ=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=O9wQ9nF7vFKk3sCjmN0EoAD9CWQJt4MXgBz0X2qEx2Eren5AdPij71Jcqqsszq6lBIid4nOZ4WUdqfn0sl6fDANb8lWar9VxO1gGOalTcHsTAAmSEftoRuJfrbitjgCLp4S5s60mD3JF7f/DBFZaFt4Fjk9mEOKapWOE7jpNqF0= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-oo1-xc33.google.com with SMTP id 006d021491bc7-594178b3959so777591eaf.0 for ; Thu, 21 Dec 2023 10:59:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1703185188; x=1703789988; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=bVbV422tiQZ9O663979Ox6WGT4oVLRQUR/M2jQJ/+io=; b=jLVreUpiFFlLl8OxccxxoV5TaelNUfoTSmLWSkY/Im0I1JANl1PSBDwkGWnMJjUL8G DSpmcPppslIxH7aUYonB2OHTcCRgyEqoZRxkf6DOd050kxITIV1U1CUNOyU2zzaBe298 mlZF1ehdy7yBf7FXsD09Sm6fNZYTnqfrsRGA4QAP+Sm4JRQUYkGzix87uFQvzU0SBUh4 2bKJ7eveXzQhlQTm42pL9M+CJ5ShARkAXZELtPNaWoqELQRayp7wZr1O75E6faQxK2b+ AicjBS0HwX/K6n+CJXV4wDpEnY8fNiPB1Jmnz4gDu/KjsKkewHbgP0AP5paDZ9sCTu1O LUwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703185188; x=1703789988; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bVbV422tiQZ9O663979Ox6WGT4oVLRQUR/M2jQJ/+io=; b=RLPpx1ovn2eKguo7hOMAdXCsK9ZBQ8zHZSTn2vdQi+ZjhmZXdQMGqhg/qbjV/OA3kA y3UIt3XwHxW7ye0KAAobiPrDS/tmQgZhZ39YPyGUjztuPluSzsfAWEtw5Gg0ubQ24dGg uDh6oZC1mVR5tS7eP0OTJNNf+jmeD/Nnh6irMRF8G2DZCa67AfRF0WkFI02CLOhtUYIU jrC9k2VKqCscyMPmqxGNJOi5evJR6UlPOyluvi3LeG90ksRAVlyoLSeBVvP1eJboNwiy WKK1JkZcMgdPs1s2CjijHBSLOSFzfga+Crwf8EknFyVWfCbAJigOODzLLfeJWV+e9gJ8 ov3Q== X-Gm-Message-State: AOJu0YxFgZOhEJRIerPSVRfTMQ3naVNtF6CBcjh/RlAvFa7mezipystw VekNxQqAQt6ZKEnz3r4NS/eap9xkFQfcFgYznz+xONBSpXA= X-Google-Smtp-Source: AGHT+IG1N3x0rkfNBrRCW1AZ5IVorB/cdiJGiSkXm5dp4kvdUk2057cYP91xR/18CmDvDU9A3Txldw== X-Received: by 2002:a05:6359:5e8a:b0:170:f1ac:af13 with SMTP id px10-20020a0563595e8a00b00170f1acaf13mr211371rwb.23.1703185188387; Thu, 21 Dec 2023 10:59:48 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:8192:ecd7:d327:bea0:14dc]) by smtp.gmail.com with ESMTPSA id a9-20020a63e409000000b005cdbebd61d8sm1946165pgi.9.2023.12.21.10.59.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 10:59:47 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH 03/15] debug: Add fortify dprintf tests Date: Thu, 21 Dec 2023 15:59:17 -0300 Message-Id: <20231221185929.1307116-4-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> References: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org Similar to other printf-like ones. Checked on aarch64, armhf, x86_64, and i686. Reviewed-by: Siddhesh Poyarekar --- debug/tst-fortify.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/debug/tst-fortify.c b/debug/tst-fortify.c index 5cd9d22feb..888eae25ad 100644 --- a/debug/tst-fortify.c +++ b/debug/tst-fortify.c @@ -59,6 +59,8 @@ static char *temp_filename; +static int temp_fd_dprintf; + static void do_prepare (int argc, char *argv[]) { @@ -76,6 +78,13 @@ do_prepare (int argc, char *argv[]) unlink (temp_filename); exit (1); } + + temp_fd_dprintf = create_temp_file ("tst-chk2.", NULL); + if (temp_fd_dprintf == -1) + { + printf ("cannot create temporary file: %m\n"); + exit (1); + } } #define PREPARE do_prepare @@ -901,6 +910,10 @@ do_test (void) || n1 != 1 || n2 != 2) FAIL (); + if (dprintf (temp_fd_dprintf, "%s%n%s%n", str2, &n1, str2, &n2) != 2 + || n1 != 1 || n2 != 2) + FAIL (); + strcpy (buf2 + 2, "%n%s%n"); /* When the format string is writable and contains %n, with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */ @@ -914,6 +927,11 @@ do_test (void) FAIL (); CHK_FAIL2_END + CHK_FAIL2_START + if (dprintf (temp_fd_dprintf, buf2, str2, &n1, str2, &n1) != 2) + FAIL (); + CHK_FAIL2_END + /* But if there is no %n, even writable format string should work. */ buf2[6] = '\0'; @@ -1263,6 +1281,10 @@ do_test (void) snprintf (buf, buf_size, "%3$d\n", 1, 2, 3, 4); CHK_FAIL2_END + CHK_FAIL2_START + dprintf (temp_fd_dprintf, "%3$d\n", 1, 2, 3, 4); + CHK_FAIL2_END + int sp[2]; if (socketpair (PF_UNIX, SOCK_STREAM, 0, sp)) FAIL (); From patchwork Thu Dec 21 18:59:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1879403 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=vZUNeIeU; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=8.43.85.97; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sx09x3BT6z20Gb for ; Fri, 22 Dec 2023 06:00:21 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 211E83847718 for ; Thu, 21 Dec 2023 19:00:19 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-il1-x12e.google.com (mail-il1-x12e.google.com [IPv6:2607:f8b0:4864:20::12e]) by sourceware.org (Postfix) with ESMTPS id 823BC385B532 for ; Thu, 21 Dec 2023 18:59:51 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 823BC385B532 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 823BC385B532 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::12e ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185193; cv=none; b=IdRsD5rjuyP4kUkr2VasKiLiZ+kXlaw0I0bAzQ0ZU6UAsQCxfpcrhicWIaVx2rRyUtXncGo7JuC/cGhku8c+UHDSCVRffVTXoAWI8N5f01/+r0NefPFjrj4fXiqN9xzi2dbJ74oL1WcvXBfEYi9qFFyPTNPZE57Ql1wYyg+F95o= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185193; c=relaxed/simple; bh=e694cuZ44CNyt5dfALndjqMXp3Fa5Cj+qkRwaNVsNPw=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=N5BxeyWo/WIDKhcBNo6DEG5j5QSi91x2kMifwzxReLd4YBvoLtkYAmHu3xonDZPMztOOyIxYkR1Wk+6gpDkEHjusxBIIHvlrH2HlLWgC13K5CX+23kxpgMlPTce1ylOSpPuk5htoWLtmcVH2ySjKQz/fI0/UVlZWQ2fiWbzLq58= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-il1-x12e.google.com with SMTP id e9e14a558f8ab-35fd5a13285so2942555ab.3 for ; Thu, 21 Dec 2023 10:59:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1703185190; x=1703789990; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=vv53uQpYbZuGOr4ynPza99NntS1MMyxrhLUOdBkxv+4=; b=vZUNeIeU6p9X1ToHtUItVMu2pY3PuCX5rakRU5UENrVAuhmdlfEKUpXxYlxdag2cRv CZ8xCzwTNnY47Ai8JHFcIX8kjJMc7PZZUU8G/WeJky1f3rY1IyHn6wXtwi0dOsTyNTWY W7aMBdCPLjeM93keq/hE892lqdjo6OegC5EKs0+ZuhA8comf8Eua7QTKrWbnfP66kkbW FAtXttGQ65aeDPGCu8IjfxUZy4DLOvSs4UF346S2A3uT/mi32TPdC9kFy77NxNo9GwUf 4ranvwwgRgTYS5tn8+KigUZpIM7IZ48QHxobxqFsvOH0FQERhLzByp5md9eDEx2GYIMo zU3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703185190; x=1703789990; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vv53uQpYbZuGOr4ynPza99NntS1MMyxrhLUOdBkxv+4=; b=e/09rwBpM0wwGQQGcPeqOJfUfzPJYa3Xq4sAu+u8+bS6IhF+kqFUKptAzkg5qGL9Y6 lm9/xy8A2Fa9AeYz+Jk9QF3oIdoD7obiWy6vXZAlm1ohj7vyZuao8f6u2PHqXidmgYx5 Am1qABRRrfLnYmbuN3FMG0B20t9ogaVdFe283n+YLptvR/w3tS1TE8ujFRcFCvBMu3/u rCiixX3BECX1ymDXK+zbgJ1X9b5MNFBt+3uBtKIM97AiBsLpZnhfAL0MrcLZ2PmFnHem dxuZsCrK+ty70quGqQUvx9W9Mzknw0yoLIAayncd0vEoKX8+x87ZWsfrW9+VuPozwVM4 GUig== X-Gm-Message-State: AOJu0YwGfA54jjh6/YIZykdW6EQvDHkSoLW0DlFjEOED0Ge+MOMmUmgy JDcVTDRpHMameaduSEH6s2r9nb8tee1FG3FgjJNup1cvnMc= X-Google-Smtp-Source: AGHT+IHYYTGwmgJb1LUxoMCUpQniuQ8Dl0oZS5tVYHgOxdGqiwpptedgXd66gmzfL73Z6DuQQS8ZFg== X-Received: by 2002:a05:6e02:1b02:b0:35f:ac66:e863 with SMTP id i2-20020a056e021b0200b0035fac66e863mr110439ilv.50.1703185190187; Thu, 21 Dec 2023 10:59:50 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:8192:ecd7:d327:bea0:14dc]) by smtp.gmail.com with ESMTPSA id a9-20020a63e409000000b005cdbebd61d8sm1946165pgi.9.2023.12.21.10.59.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 10:59:49 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH 04/15] debug: Add fortify syslog tests Date: Thu, 21 Dec 2023 15:59:18 -0300 Message-Id: <20231221185929.1307116-5-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> References: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org It requires to be in a container tests to avoid logging bogus information on the system. The syslog also requires to be checked in a different process because the internal printf call will abort with the internal syslog lock taken (which makes subsequent syslog calls deadlock). Checked on aarch64, armhf, x86_64, and i686. Reviewed-by: Siddhesh Poyarekar --- debug/Makefile | 5 ++ debug/tst-fortify-syslog.c | 128 +++++++++++++++++++++++++++++++++++++ 2 files changed, 133 insertions(+) create mode 100644 debug/tst-fortify-syslog.c diff --git a/debug/Makefile b/debug/Makefile index c49e5d86ec..fdc250e209 100644 --- a/debug/Makefile +++ b/debug/Makefile @@ -179,6 +179,7 @@ CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1 CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 CFLAGS-tst-sprintf-fortify-rdonly.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 +CFLAGS-tst-fortify-syslog.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 # _FORTIFY_SOURCE tests. # Auto-generate tests for _FORTIFY_SOURCE for different levels, compilers and @@ -293,6 +294,10 @@ tests-time64 += \ $(tests-all-time64-chk) \ # tests-time64 +tests-container += \ + tst-fortify-syslog \ + # tests-container + ifeq ($(have-ssp),yes) tests += tst-ssp-1 endif diff --git a/debug/tst-fortify-syslog.c b/debug/tst-fortify-syslog.c new file mode 100644 index 0000000000..26a93d9be8 --- /dev/null +++ b/debug/tst-fortify-syslog.c @@ -0,0 +1,128 @@ +/* Fortify tests for syslog interface. + Copyright (C) 2023 Free Software Foundation, Inc. + Copyright The GNU Toolchain Authors. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +static const char *str2 = "F"; +static char buf2[10] = "%s"; + +static volatile int chk_fail_ok; +static jmp_buf chk_fail_buf; + +static void +handler (int sig) +{ + if (chk_fail_ok) + { + chk_fail_ok = 0; + longjmp (chk_fail_buf, 1); + } + else + _exit (127); +} + +#define FAIL() \ + do { \ + printf ("Failure on line %d\n", __LINE__); \ + support_record_failure (); \ + } while (0) +#define CHK_FAIL_START \ + chk_fail_ok = 1; \ + if (! setjmp (chk_fail_buf)) \ + { +#define CHK_FAIL_END \ + chk_fail_ok = 0; \ + FAIL (); \ + } + +static void +call_vsyslog (int priority, const char *format, ...) +{ + va_list va; + va_start (va, format); + vsyslog (priority, format, va); + va_end (va); +} + +static void +run_syslog_chk (void *closure) +{ + int n1; + CHK_FAIL_START + syslog (LOG_USER | LOG_DEBUG, buf2, str2, &n1, str2, &n1); + CHK_FAIL_END +} + +static void +run_vsyslog_chk (void *closure) +{ + int n1; + CHK_FAIL_START + call_vsyslog (LOG_USER | LOG_DEBUG, buf2, str2, &n1, str2, &n1); + CHK_FAIL_END +} + +static int +do_test (void) +{ + set_fortify_handler (handler); + + int n1, n2; + + n1 = n2 = 0; + syslog (LOG_USER | LOG_DEBUG, "%s%n%s%n", str2, &n1, str2, &n2); + TEST_COMPARE (n1, 1); + TEST_COMPARE (n2, 2); + + n1 = n2 = 0; + call_vsyslog (LOG_USER | LOG_DEBUG, "%s%n%s%n", str2, &n1, str2, &n2); + TEST_COMPARE (n1, 1); + TEST_COMPARE (n2, 2); + + strcpy (buf2 + 2, "%n%s%n"); + + /* The wrapper tests need to be in a subprocess because the abort called by + printf does not unlock the internal syslog lock. */ + { + struct support_capture_subprocess result + = support_capture_subprocess (run_syslog_chk, NULL); + support_capture_subprocess_check (&result, "syslog", 0, sc_allow_stderr); + support_capture_subprocess_free (&result); + } + + { + struct support_capture_subprocess result + = support_capture_subprocess (run_vsyslog_chk, NULL); + support_capture_subprocess_check (&result, "syslog", 0, sc_allow_stderr); + support_capture_subprocess_free (&result); + } + + return 0; +} + +#include From patchwork Thu Dec 21 18:59:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1879404 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=b+fUc2+E; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sx0B15TMjz1ydZ for ; Fri, 22 Dec 2023 06:00:25 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 85CE5386C5A6 for ; Thu, 21 Dec 2023 19:00:23 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com [IPv6:2607:f8b0:4864:20::42d]) by sourceware.org (Postfix) with ESMTPS id 9CF4E3857B8B for ; Thu, 21 Dec 2023 18:59:53 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9CF4E3857B8B Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 9CF4E3857B8B Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::42d ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185195; cv=none; b=iI6Kx65MIksc+VYswu/6sj+wECBCNskgtpbA0eMsz/xTNZ1qBOTLuwSKxtdIo2nOt+eAKymcaWjoQVWzlbuEZ96J0Fw4e/71zrSpvN3YAuCyPAC/qIgsOGu/hFLqekxK/7ALudMb07yVH7NSvMfePqKqyxqumM8H/RyrN7ybG9A= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185195; c=relaxed/simple; bh=LkVto+uxfCH1mih0rDbCzw3O4jPPzKoGkJ+Jou262sk=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=sLp9bshWFTkkzigdAaOzhfb3gAUVE9tBbqBOABf8OFls1U3f8J7XXABablTzYwSWehiDYMucmXq08b+ex1s0JvULJQgtXUZ0rz72ieaZQGYdtjmnwDsKZeyISdDzprSbYBwx47vhbW8YZPLIiiDQajfNqbql14wcBAWvvBCUc48= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x42d.google.com with SMTP id d2e1a72fcca58-6d93d15db24so1069894b3a.0 for ; Thu, 21 Dec 2023 10:59:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1703185192; x=1703789992; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=RFcUo9tu0w9v5JgwlrGSPqesrXrB1UX0MN/OqyNpNZ0=; b=b+fUc2+EnTlu+rc+au0DZZxbb9ND8r61HmP274uzJRDk9bHsPUX1/M4vMrftcbySM5 63EADsKI4N3LTYr2h/zb+xUKWMJ4j2y5le1WHB0m6geb4FkMoKHbp4ypNQ7nRNdUgr2K aJcovSvpWFlhpO+L0Xj2JwhCCQfIVRYo5up3qX0T5ECQxbuqhGRsvsVSxjA3d+//omPF 5GYRTMPQRIm/5l67kaHmAM8JQK0MsKrzklrilxfrOfV9mE+O+uVgjJ8ugazU7gbTDJMe Ai/CsjBAmKFF99KmKbD/NnR9ERm1jNfoVCbGdqU0gqb//FWFj7OLmNB8w8jStxRKF+W5 YHAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703185192; x=1703789992; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RFcUo9tu0w9v5JgwlrGSPqesrXrB1UX0MN/OqyNpNZ0=; b=KxdCZYlSuLzFpji8sRdAVW6E/VedwRTPHHfF+1NqQgD2SA5y0GpMVeEKt+lvbAqw6N P1eojwziGpXnw/0WII96w4DwFTQYJHPwq5XH04BpNnv7xeD9ShR8UdFoVL/iBb/KeBvd Sqmptb1L8tlZAQBX8llIXRl0p9VR+6OIOeXPwfd8W2Z8aV3eHDZzS5eOWsAYEHHjrmzC 8hSdBzx3xo9nasReIZLLCAOp2YpDMWU64OO5LZ9zkhpvg0RYI6cijwUQE6zXVz+HxUO3 e71VdvMqI+vmKCTQ6dXlNNvk3b6cScQ9UdViCt4j6O2XoDOAEc7zknv9fC7tAw/SQoDK QvAg== X-Gm-Message-State: AOJu0YxdXfidQCOZ4GTqSCLyb48+BrwGNqyH4BAjmURR0cdG2w04wmfj bRvg8npp+4A4hba3p5VrXgDrELIie3tNtt2ItOFWMClO684= X-Google-Smtp-Source: AGHT+IEfpttoGTrIOF/CXlIV3YBh2PADlqX8QZ5uJZaWJpY0VpJnWI6tKeo3TzjtNppuamLZ8vQe5A== X-Received: by 2002:a05:6a20:54a1:b0:18f:97c:8a1b with SMTP id i33-20020a056a2054a100b0018f097c8a1bmr152895pzk.70.1703185191902; Thu, 21 Dec 2023 10:59:51 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:8192:ecd7:d327:bea0:14dc]) by smtp.gmail.com with ESMTPSA id a9-20020a63e409000000b005cdbebd61d8sm1946165pgi.9.2023.12.21.10.59.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 10:59:51 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH 05/15] debug: Add fortify wprintf tests Date: Thu, 21 Dec 2023 15:59:19 -0300 Message-Id: <20231221185929.1307116-6-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> References: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org Similar to other printf-like ones. It requires to be in a different process so we can change the orientation of stdout. Checked on aarch64, armhf, x86_64, and i686. --- debug/Makefile | 2 + debug/tst-fortify-wide.c | 104 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 106 insertions(+) create mode 100644 debug/tst-fortify-wide.c diff --git a/debug/Makefile b/debug/Makefile index fdc250e209..ed90ef7030 100644 --- a/debug/Makefile +++ b/debug/Makefile @@ -180,6 +180,7 @@ CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 CFLAGS-tst-sprintf-fortify-rdonly.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 CFLAGS-tst-fortify-syslog.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 +CFLAGS-tst-fortify-wide.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 # _FORTIFY_SOURCE tests. # Auto-generate tests for _FORTIFY_SOURCE for different levels, compilers and @@ -283,6 +284,7 @@ tests = \ tst-backtrace4 \ tst-backtrace5 \ tst-backtrace6 \ + tst-fortify-wide \ tst-longjmp_chk \ tst-longjmp_chk2 \ tst-realpath-chk \ diff --git a/debug/tst-fortify-wide.c b/debug/tst-fortify-wide.c new file mode 100644 index 0000000000..6947d04fa6 --- /dev/null +++ b/debug/tst-fortify-wide.c @@ -0,0 +1,104 @@ +/* Fortify check for wprintf. + Copyright (C) 2004-2023 Free Software Foundation, Inc. + Copyright The GNU Toolchain Authors. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +#include + +static volatile int chk_fail_ok; +static volatile int ret; +static jmp_buf chk_fail_buf; + +static void +handler (int sig) +{ + if (chk_fail_ok) + { + chk_fail_ok = 0; + longjmp (chk_fail_buf, 1); + } + else + _exit (127); +} + +static const wchar_t *wstr3 = L"%ls%n%ls%n"; +static const wchar_t *wstr4 = L"Hello, "; +static const wchar_t *wstr5 = L"World!\n"; +static wchar_t wbuf2[20] = L"%ls"; + +#define WFAIL \ + do { wprintf (L"Failure on line %d\n", __LINE__); ret = 1; } while (0) +#define CHK_FAIL_START \ + chk_fail_ok = 1; \ + if (! setjmp (chk_fail_buf)) \ + { +#define CHK_FAIL_END \ + chk_fail_ok = 0; \ + WFAIL; \ + } + +static int +do_test (void) +{ + set_fortify_handler (handler); + + int n1, n2; + + int orientation = fwide (stdout, 1); + if (orientation <= 0) + WFAIL; + + /* Constant literals passed directly are always ok + (even with warnings about possible bugs from GCC). */ + if (wprintf (L"%ls%n%ls%n", wstr4, &n1, wstr5, &n2) != 14 + || n1 != 7 || n2 != 14) + WFAIL; + + /* In this case the format string is not known at compile time, + but resides in read-only memory, so is ok. */ + if (wprintf (wstr3, wstr4, &n1, wstr5, &n2) != 14 + || n1 != 7 || n2 != 14) + WFAIL; + + wcpcpy (&wbuf2[3], L"%n%ls%n"); + /* When the format string is writable and contains %n, + with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */ + CHK_FAIL_START + if (wprintf (wbuf2, wstr4, &n1, wstr5, &n1) != 14) + WFAIL; + CHK_FAIL_END + + /* But if there is no %n, even writable format string + should work. */ + wbuf2[8] = L'\0'; + if (wprintf (&wbuf2[5], wstr5) != 7) + WFAIL; + + /* Check whether missing N$ formats are detected. */ + CHK_FAIL_START + wprintf (L"%3$d\n", 1, 2, 3, 4); + CHK_FAIL_END + + return ret; +} + +#include From patchwork Thu Dec 21 18:59:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1879412 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=TxkqTLMM; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=8.43.85.97; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sx0CL59NPz1ydZ for ; Fri, 22 Dec 2023 06:01:34 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 29A903875DD9 for ; Thu, 21 Dec 2023 19:01:24 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-oi1-x233.google.com (mail-oi1-x233.google.com [IPv6:2607:f8b0:4864:20::233]) by sourceware.org (Postfix) with ESMTPS id 1C8873857C51 for ; Thu, 21 Dec 2023 18:59:55 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 1C8873857C51 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 1C8873857C51 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::233 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185197; cv=none; b=c4pWzmNTW72cTAc0/Z+cdHMJDGyQvzSXg8lgZv4mlRmCacgKq+v8j1dIrFwGFtzQVxSOP+bKdTzGeoXyS3xeVUA6391Ih2ytH6gkBpm5g8PUW/USY6RiRYokdDD8NtxoZ1RUz6qi88kSr5ilYe8ay4gVBqn1Zrzt4bXMR74fTuA= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185197; c=relaxed/simple; bh=BqKSUqgwuaTBUZ66xe31q6tkgRWz1lWkRZmL+4Sgcts=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=WEo1L5Pfx06YpX+gJKAqiXB3bAxNA7SD2u71PtPpKVSr5LhDIPj+QwRKo+abw1xoGOq7QDUtZhZyVzBjskoQAwdkHG1x13LA8xb5Qm91dE6OwypEf9BOYhv3dao8T5hh83Th1WO+gvRFrLpasHWVLnLIegppsDo4lJKUibrp/w0= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-oi1-x233.google.com with SMTP id 5614622812f47-3bb6ed2b913so807801b6e.2 for ; Thu, 21 Dec 2023 10:59:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1703185194; x=1703789994; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=EEkGBHJO/+/x4P2rY0Y3YacoNsTn01X+5ABFy1M4y7g=; b=TxkqTLMMEJrJtgNOBcDHWL1qnamCf9wgsQ5Kt/tAsUkuoUPDEDkGeb67gNPgEXmzan p2FxniDBwYdUcwQ+HEF+b2EbFqLHzHHtQ+PXeXdrdIEAKVMo1S1zli+EQsbhwT5vdD9w 6UeePzujgw/49iiUh+FyyYOqlidRtMK/Ou5dQNIuczDYGxOtCIbLCWKgRlrVxpAjREXY q7c9zAlZNg9w/LG9uNBtLeQdq9io+VoThlqYCd7isLu/yJCqjchW4EfwvFVELooLvoND h7dt/rI/0tj7Ja8B14OU+qTlpW2snDPtrfYmGovfg4USYp0MdgVy65n9ADaahGU8srE0 c20A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703185194; x=1703789994; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EEkGBHJO/+/x4P2rY0Y3YacoNsTn01X+5ABFy1M4y7g=; b=vE9ie+Hak4wJQM4BWcYyj+PpDlpD/fZBihJ81HM+PQiCJFDWg9MhFW2uVOf0ZSS6OX ytnViqb9qZCK1bzxrF2380iQqV0ryKTEFFVKJjaXv30c6yT9RyQBxOOwnhp0xZL4CDUh R0rjcfbiOyf3S0KwehQj8EChl9vYYqMVzwPj2ScF628/e0W/C4wDLq6+qh0lYWKzudsG +Q+Aazbfujgi9X6USRGlE0MJBxPziE+G1KvtEFDHjcKpNS4Hm0fczNeIb0E425gTAUW6 kIFFU5ZucoPgtiCdu5La3++KNmVQgjM1TyKnrn0ARitGZqi6eMou73Z4K292Y+VT46vP UKWQ== X-Gm-Message-State: AOJu0Ywwzq+xczYh/nXM+f8svk9fdMHfvU3DamDZnoWCpsxcoV7M9QtT XFngb6+a/jQ8H8pOM1W3RF/9H/6uUEkeHleykNwuQ3+elnw= X-Google-Smtp-Source: AGHT+IHZdYuEixMO1yB47GBJDLE5h1hnGmtDggQ6W7J/8T9oKHK1/2+wAdvywKjnXOvEjcfQoLlA7A== X-Received: by 2002:a05:6870:e2d3:b0:1fb:8965:e2b1 with SMTP id w19-20020a056870e2d300b001fb8965e2b1mr270587oad.64.1703185193739; Thu, 21 Dec 2023 10:59:53 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:8192:ecd7:d327:bea0:14dc]) by smtp.gmail.com with ESMTPSA id a9-20020a63e409000000b005cdbebd61d8sm1946165pgi.9.2023.12.21.10.59.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 10:59:53 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH 06/15] cdefs.h: Add clang fortify directives Date: Thu, 21 Dec 2023 15:59:20 -0300 Message-Id: <20231221185929.1307116-7-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> References: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org For instance, the read wrapper is currently expanded as: extern __inline __attribute__((__always_inline__)) __attribute__((__artificial__)) __attribute__((__warn_unused_result__)) ssize_t read (int __fd, void *__buf, size_t __nbytes) { return __glibc_safe_or_unknown_len (__nbytes, sizeof (char), __glibc_objsize0 (__buf)) ? __read_alias (__fd, __buf, __nbytes) : __glibc_unsafe_len (__nbytes, sizeof (char), __glibc_objsize0 (__buf)) ? __read_chk_warn (__fd, __buf, __nbytes, __builtin_object_size (__buf, 0)) : __read_chk (__fd, __buf, __nbytes, __builtin_object_size (__buf, 0)); } The wrapper relies on __builtin_object_size call lowers to a constant at compile-time and many other operations in the wrapper depends on having a single, known value for parameters. Because this is impossible to have for function parameters, the wrapper depends heavily on inlining to work and While this is an entirely viable approach on GCC, it is not fully reliable on clang. This is because by the time llvm gets to inlining and optimizing, there is a minimal reliable source and type-level information available (more information on a more deep explanation on how to fortify wrapper works on clang [1]). To allow the wrapper to work reliably and with the same functionality as with GCC, clang requires a different approach: * __attribute__((diagnose_if(c, “str”, “warning”))) which is a function level attribute; if the compiler can determine that 'c' is true at compile-time, it will emit a warning with the text 'str1'. If it would be better to emit an error, the wrapper can use "error" instead of "warning". * __attribute__((overloadable)) which is also a function-level attribute; and it allows C++-style overloading to occur on C functions. * __attribute__((pass_object_size(n))) which is a parameter-level attribute; and it makes the compiler evaluate __builtin_object_size(param, n) at each call site of the function that has the parameter, and passes it in as a hidden parameter. This attribute has two side-effects that are key to how FORTIFY works: 1. It can overload solely on pass_object_size (e.g. there are two overloads of foo in void foo(char * __attribute__((pass_object_size(0))) c); void foo(char *); (The one with pass_object_size attribute has precende over the default one). 2. A function with at least one pass_object_size parameter can never have its address taken (and overload resolution respects this). Thus the read wrapper can be implemented as follows, without hindering any fortify coverage compile and runtime: extern __inline __attribute__((__always_inline__)) __attribute__((__artificial__)) __attribute__((__overloadable__)) __attribute__((__warn_unused_result__)) ssize_t read (int __fd, void *const __attribute__((pass_object_size (0))) __buf, size_t __nbytes) __attribute__((__diagnose_if__ ((((__builtin_object_size (__buf, 0)) != -1ULL && (__nbytes) > (__builtin_object_size (__buf, 0)) / (1))), "read called with bigger length than size of the destination buffer", "warning"))) { return (__builtin_object_size (__buf, 0) == (size_t) -1) ? __read_alias (__fd, __buf, __nbytes) : __read_chk (__fd, __buf, __nbytes, __builtin_object_size (__buf, 0)); } To avoid changing the current semantic for GCC, a set of macros is defined to enable the clang required attributes, along with some changes on internal macros to avoid the need to issue the symbol_chk symbols (which are done through the __diagnose_if__ attribute for clang). The read wrapper is simplified as: __fortify_function __attribute_overloadable__ __wur ssize_t read (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), size_t __nbytes) __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf, "read called with bigger length than " "size of the destination buffer") { return __glibc_fortify (read, __nbytes, sizeof (char), __glibc_objsize0 (__buf), __fd, __buf, __nbytes); } There is no expected semantic or code change when using GCC. Also, clang does not support __va_arg_pack, so variadic functions are expanded to call va_arg implementations. The error function must not have bodies (address takes are expanded to nonfortified calls), and with the __fortify_function compiler might still create a body with the C++ mangling name (due to the overload attribute). In this case, the function is defined with __fortify_function_error_function macro instead. [1] https://docs.google.com/document/d/1DFfZDICTbL7RqS74wJVIJ-YnjQOj1SaoqfhbgddFYSM/edit Checked on aarch64, armhf, x86_64, and i686. --- misc/sys/cdefs.h | 194 ++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 166 insertions(+), 28 deletions(-) diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h index 90c21e2703..659ffc96a7 100644 --- a/misc/sys/cdefs.h +++ b/misc/sys/cdefs.h @@ -144,6 +144,35 @@ # define __END_DECLS #endif +/* GCC 4.3 and above with -std=c99 or -std=gnu99 implements ISO C99 + inline semantics, unless -fgnu89-inline is used. Using __GNUC_STDC_INLINE__ + or __GNUC_GNU_INLINE is not a good enough check for gcc because gcc versions + older than 4.3 may define these macros and still not guarantee GNU inlining + semantics. + + clang++ identifies itself as gcc-4.2, but has support for GNU inlining + semantics, that can be checked for by using the __GNUC_STDC_INLINE_ and + __GNUC_GNU_INLINE__ macro definitions. */ +#if (!defined __cplusplus || __GNUC_PREREQ (4,3) \ + || (defined __clang__ && (defined __GNUC_STDC_INLINE__ \ + || defined __GNUC_GNU_INLINE__))) +# if defined __GNUC_STDC_INLINE__ || defined __cplusplus +# define __extern_inline extern __inline __attribute__ ((__gnu_inline__)) +# define __extern_always_inline \ + extern __always_inline __attribute__ ((__gnu_inline__)) +# else +# define __extern_inline extern __inline +# define __extern_always_inline extern __always_inline +# endif +#endif + +/* The overloadable attribute was added on clang 2.6. */ +#if defined __clang_major__ \ + && (__clang_major__ + (__clang_minor__ >= 6) > 2) +# define __attribute_overloadable__ __attribute__((__overloadable__)) +#else +# define __attribute_overloadable__ +#endif /* Fortify support. */ #define __bos(ptr) __builtin_object_size (ptr, __USE_FORTIFY_LEVEL > 1) @@ -187,27 +216,162 @@ __s, __osz)) \ && !__glibc_safe_len_cond ((__SIZE_TYPE__) (__l), __s, __osz)) +/* To correctly instrument the fortify wrapper clang requires the + pass_object_size attribute, and the attribute has the restriction that the + argument needs to be 'const'. Furthermore, to make it usable with C + interfaces, clang provides the overload attribute, which provides a C++ + like function overload support. The overloaded fortify wrapper with the + pass_object_size attribute has precedence over the default symbol. + + Also, clang does not support __va_arg_pack, so variadic functions are + expanded to issue va_arg implementations. The error function must not have + bodies (address takes are expanded to nonfortified calls), and with + __fortify_function compiler might still create a body with the C++ + mangling name (due to the overload attribute). In this case, the function + is defined with __fortify_function_error_function macro instead. + + The argument size check is also done with a clang-only attribute, + __attribute__ ((__diagnose_if__ (...))), different than gcc which calls + symbol_chk_warn alias with uses __warnattr attribute. */ +#ifdef __extern_always_inline +# define __fortify_function __extern_always_inline __attribute_artificial__ +# ifdef __clang__ +# define __fortify_use_clang 1 + +# define __fortify_function_error_function static __attribute__((unused)) + +# define __fortify_clang_pass_object_size_n(n) \ + __attribute__ ((pass_object_size (n))) +# define __fortify_clang_pass_object_size0 \ + __fortify_clang_pass_object_size_n (0) +# define __fortify_clang_pass_object_size \ + __fortify_clang_pass_object_size_n (__USE_FORTIFY_LEVEL > 1) + +# define __fortify_clang_pass_dynamic_object_size_n(n) \ + __attribute__ ((pass_dynamic_object_size (n))) +# define __fortify_clang_pass_dynamic_object_size0 \ + __fortify_clang_pass_dynamic_object_size_n (0) +# define __fortify_clang_pass_dynamic_object_size \ + __fortify_clang_pass_dynamic_object_size_n (1) + +# define __fortify_clang_bos_static_lt_impl(bos_val, n, s) \ + ((bos_val) != -1ULL && (n) > (bos_val) / (s)) +# define __fortify_clang_bos_static_lt2(__n, __e, __s) \ + __fortify_clang_bos_static_lt_impl (__bos (__e), __n, __s) +# define __fortify_clang_bos_static_lt(__n, __e) \ + __fortify_clang_bos_static_lt2 (__n, __e, 1) +# define __fortify_clang_bos0_static_lt2(__n, __e, __s) \ + __fortify_clang_bos_static_lt_impl (__bos0 (__e), __n, __s) +# define __fortify_clang_bos0_static_lt(__n, __e) \ + __fortify_clang_bos0_static_lt2 (__n, __e, 1) + +# define __fortify_clang_bosn_args(bos_fn, n, buf, div, complaint) \ + (__fortify_clang_bos_static_lt_impl (bos_fn (buf), n, div)), (complaint), \ + "warning" + +# define __fortify_clang_warning(__c, __msg) \ + __attribute__ ((__diagnose_if__ ((__c), (__msg), "warning"))) +# define __fortify_clang_warning_only_if_bos0_lt(n, buf, complaint) \ + __attribute__ ((__diagnose_if__ \ + (__fortify_clang_bosn_args (__bos0, n, buf, 1, complaint)))) +# define __fortify_clang_warning_only_if_bos0_lt2(n, buf, div, complaint) \ + __attribute__ ((__diagnose_if__ \ + (__fortify_clang_bosn_args (__bos0, n, buf, div, complaint)))) +# define __fortify_clang_warning_only_if_bos_lt(n, buf, complaint) \ + __attribute__ ((__diagnose_if__ \ + (__fortify_clang_bosn_args (__bos, n, buf, 1, complaint)))) +# define __fortify_clang_warning_only_if_bos_lt2(n, buf, div, complaint) \ + __attribute__ ((__diagnose_if__ \ + (__fortify_clang_bosn_args (__bos, n, buf, div, complaint)))) + +# if __USE_FORTIFY_LEVEL == 3 +# define __fortify_clang_overload_arg(__type, __attr, __name) \ + __type __attr const __fortify_clang_pass_dynamic_object_size __name +# define __fortify_clang_overload_arg0(__type, __attr, __name) \ + __type __attr const __fortify_clang_pass_dynamic_object_size0 __name +# else +# define __fortify_clang_overload_arg(__type, __attr, __name) \ + __type __attr const __fortify_clang_pass_object_size __name +# define __fortify_clang_overload_arg0(__type, __attr, __name) \ + __type __attr const __fortify_clang_pass_object_size0 __name +# endif + +# define __fortify_clang_mul_may_overflow(size, n) \ + ((size | n) >= (((size_t)1) << (8 * sizeof (size_t) / 2))) + +# define __fortify_clang_size_too_small(__bos, __dest, __len) \ + (__bos (__dest) != (size_t) -1 && __bos (__dest) < __len) +# define __fortify_clang_warn_if_src_too_large(__dest, __src) \ + __fortify_clang_warning (__fortify_clang_size_too_small (__glibc_objsize, \ + __dest, \ + __builtin_strlen (__src) + 1), \ + "destination buffer will always be overflown by source") +# define __fortify_clang_warn_if_dest_too_small(__dest, __len) \ + __fortify_clang_warning (__fortify_clang_size_too_small (__glibc_objsize, \ + __dest, \ + __len), \ + "function called with bigger length than the destination buffer") +# define __fortify_clang_warn_if_dest_too_small0(__dest, __len) \ + __fortify_clang_warning (__fortify_clang_size_too_small (__glibc_objsize0, \ + __dest, \ + __len), \ + "function called with bigger length than the destination buffer") +# else +# define __fortify_use_clang 0 +# define __fortify_clang_warning(__c, __msg) +# define __fortify_clang_warning_only_if_bos0_lt(__n, __buf, __complaint) +# define __fortify_clang_warning_only_if_bos0_lt2(__n, __buf, __div, complaint) +# define __fortify_clang_warning_only_if_bos_lt(__n, __buf, __complaint) +# define __fortify_clang_warning_only_if_bos_lt2(__n, __buf, div, __complaint) +# define __fortify_clang_overload_arg(__type, __attr, __name) \ + __type __attr __name +# define __fortify_clang_overload_arg0(__type, __attr, __name) \ + __fortify_clang_overload_arg (__type, __attr, __name) +# define __fortify_clang_warn_if_src_too_large(__dest, __src) +# define __fortify_clang_warn_if_dest_too_small(__dest, __len) +# define __fortify_clang_warn_if_dest_too_small0(__dest, __len) +# endif +#else +# define __fortify_use_clang 0 +#endif + + /* Fortify function f. __f_alias, __f_chk and __f_chk_warn must be declared. */ -#define __glibc_fortify(f, __l, __s, __osz, ...) \ +#if !__fortify_use_clang +# define __glibc_fortify(f, __l, __s, __osz, ...) \ (__glibc_safe_or_unknown_len (__l, __s, __osz) \ ? __ ## f ## _alias (__VA_ARGS__) \ : (__glibc_unsafe_len (__l, __s, __osz) \ ? __ ## f ## _chk_warn (__VA_ARGS__, __osz) \ : __ ## f ## _chk (__VA_ARGS__, __osz))) +#else +# define __glibc_fortify(f, __l, __s, __osz, ...) \ + (__osz == (__SIZE_TYPE__) -1) \ + ? __ ## f ## _alias (__VA_ARGS__) \ + : __ ## f ## _chk (__VA_ARGS__, __osz) +#endif /* Fortify function f, where object size argument passed to f is the number of elements and not total size. */ -#define __glibc_fortify_n(f, __l, __s, __osz, ...) \ +#if !__fortify_use_clang +# define __glibc_fortify_n(f, __l, __s, __osz, ...) \ (__glibc_safe_or_unknown_len (__l, __s, __osz) \ ? __ ## f ## _alias (__VA_ARGS__) \ : (__glibc_unsafe_len (__l, __s, __osz) \ ? __ ## f ## _chk_warn (__VA_ARGS__, (__osz) / (__s)) \ : __ ## f ## _chk (__VA_ARGS__, (__osz) / (__s)))) +# else +# define __glibc_fortify_n(f, __l, __s, __osz, ...) \ + (__osz == (__SIZE_TYPE__) -1) \ + ? __ ## f ## _alias (__VA_ARGS__) \ + : __ ## f ## _chk (__VA_ARGS__, (__osz) / (__s)) #endif +#endif /* __USE_FORTIFY_LEVEL > 0 */ + #if __GNUC_PREREQ (4,3) # define __warnattr(msg) __attribute__((__warning__ (msg))) # define __errordecl(name, msg) \ @@ -452,32 +616,6 @@ # define __attribute_artificial__ /* Ignore */ #endif -/* GCC 4.3 and above with -std=c99 or -std=gnu99 implements ISO C99 - inline semantics, unless -fgnu89-inline is used. Using __GNUC_STDC_INLINE__ - or __GNUC_GNU_INLINE is not a good enough check for gcc because gcc versions - older than 4.3 may define these macros and still not guarantee GNU inlining - semantics. - - clang++ identifies itself as gcc-4.2, but has support for GNU inlining - semantics, that can be checked for by using the __GNUC_STDC_INLINE_ and - __GNUC_GNU_INLINE__ macro definitions. */ -#if (!defined __cplusplus || __GNUC_PREREQ (4,3) \ - || (defined __clang__ && (defined __GNUC_STDC_INLINE__ \ - || defined __GNUC_GNU_INLINE__))) -# if defined __GNUC_STDC_INLINE__ || defined __cplusplus -# define __extern_inline extern __inline __attribute__ ((__gnu_inline__)) -# define __extern_always_inline \ - extern __always_inline __attribute__ ((__gnu_inline__)) -# else -# define __extern_inline extern __inline -# define __extern_always_inline extern __always_inline -# endif -#endif - -#ifdef __extern_always_inline -# define __fortify_function __extern_always_inline __attribute_artificial__ -#endif - /* GCC 4.3 and above allow passing all anonymous arguments of an __extern_always_inline function to some other vararg function. */ #if __GNUC_PREREQ (4,3) From patchwork Thu Dec 21 18:59:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1879406 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=jDG2DNjv; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sx0BT5wZyz1ydZ for ; Fri, 22 Dec 2023 06:00:49 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id D5D10384CB9E for ; Thu, 21 Dec 2023 19:00:47 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) by sourceware.org (Postfix) with ESMTPS id 047D33861881 for ; Thu, 21 Dec 2023 18:59:57 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 047D33861881 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 047D33861881 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::12a ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185199; cv=none; b=pV/iBDjSvIHHlOeY917i8xlsh5s0L3d5AKDfQSxrJTM1pebBMOIVZ6l10wF16UbKXdls31tieYxeeEXtQZ7LDx3zkzMXUzd8s/K1UEQRu843yqA6lumTZ5DYOLcKO5X0s1zvVwZsdOO52gT08HmE+rNp0mghoKSidO7QDE2dihw= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185199; c=relaxed/simple; bh=oKx6UnrAJzG2qI4OdHeYSQ8Kh+JmVqMPEm6fMC7DIDA=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=K2Tjv9QTGOsTO87V30NIRDODNLYn1TEiQF6zTJ81I0dbJuaY0CrpwHZrY+EYBaFEMJqDF8ZQySJ9a2OZGZMaB/0aVkxL9JW0fWB4hCCNF56c38rxbQj0yahBrxHhlcpjQ6pd7bpC+7MLu4uOIBqSiwmo4Vili6FBLB7W/E/qq/E= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-il1-x12a.google.com with SMTP id e9e14a558f8ab-35fcea0ac1aso5368545ab.1 for ; Thu, 21 Dec 2023 10:59:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1703185195; x=1703789995; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=YwLsxYwL32FM3awvSTRit7Lb+3sgfb/IlmJxqFTFdwk=; b=jDG2DNjvNxYGMp/2TgG8MHwXcp5gDvlzYovPzGnk52v6pslW0TXWG45nCeGUiow8VP 4kBr5mmuGJPuoW+Yb2EWgziIPXUBKZsjbaHZ7QxpJEgUXaXgq/SDd1bp3mNUSqiTIDDC E+djhauK2IMgGY/nVG5Vjne84gpIZL+Q20GM0a3xvN7Nh47vWMNbZIxy9YEfeDDLZkwC bh2BB6WFD4OlNf7gVlbXfRrw4oh2wAOpowCcSizK1EoHHhbX14lXlJMZWRKD1lmSOSR4 mmcHxK+cJSiWd1jT8BhYCC6ONV77AeCNcw3KDiSDMMbZ89de4xcEZPlWQtIVhDPV9w11 8aJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703185195; x=1703789995; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YwLsxYwL32FM3awvSTRit7Lb+3sgfb/IlmJxqFTFdwk=; b=uHaZ2yyntE6LDNqpO/FSlsQ4eZH0BNjBbkO9zpgK4wBxLIglYyWA0vsbQWGFjB/uie 2Im+gwwtJlAs/PxyGxy+J+4tv2Wi1yiLAV5+Tz+I9uUd6SjbMiqKumKKUyVbdN5+q173 idPsvLeSS5XrNC1XtDyeTVu2OGTu46LzX4a48cdr9Q9HgBASbm+eNutUsxxCUj48Hx8F JWWqNE6FC72JZLMmvpY7HCN3a2aaFVon1smMc2R6fQLRY6RGgAW3XAknsYXYnJ5M8Nm1 RU5gBnkxCppzWRp1eOlTa/SP09lEHR5NbUajCHNoxYA00o420B6o9++r3+tjml7BKBrH TOKA== X-Gm-Message-State: AOJu0YxO4AkNFbJp1skYpGuaUXrHdaQ54+EltVHhDVPwWaOnp9/QbmMy 1lI8Vs0pRvX6bAWsogPaHDjFDU4COo97lvpeEltnyEfnC54= X-Google-Smtp-Source: AGHT+IEAbptZVaSsUiNm8T6rjQyuPzirqq7TZxAXB6gLhBUD4pQqq5R+9sZyczh0ZMrb2ZIVxr1F2w== X-Received: by 2002:a05:6e02:1e09:b0:35f:d9ac:55de with SMTP id g9-20020a056e021e0900b0035fd9ac55demr85425ila.128.1703185195472; Thu, 21 Dec 2023 10:59:55 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:8192:ecd7:d327:bea0:14dc]) by smtp.gmail.com with ESMTPSA id a9-20020a63e409000000b005cdbebd61d8sm1946165pgi.9.2023.12.21.10.59.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 10:59:54 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH 07/15] libio: Improve fortify with clang Date: Thu, 21 Dec 2023 15:59:21 -0300 Message-Id: <20231221185929.1307116-8-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> References: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org It improve fortify checks for sprintf, vsprintf, vsnsprintf, fprintf, dprintf, asprintf, __asprintf, obstack_printf, gets, fgets, fgets_unlocked, fread, and fread_unlocked. The runtime checks have similar support coverage as with GCC. For function with variadic argument (sprintf, snprintf, fprintf, printf, dprintf, asprintf, __asprintf, obstack_printf) the fortify wrapper calls the va_arg version since clang does not support __va_arg_pack. Checked on aarch64, armhf, x86_64, and i686. --- libio/bits/stdio2.h | 173 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 153 insertions(+), 20 deletions(-) diff --git a/libio/bits/stdio2.h b/libio/bits/stdio2.h index 266dccdd1e..7dc75694bd 100644 --- a/libio/bits/stdio2.h +++ b/libio/bits/stdio2.h @@ -31,15 +31,29 @@ __NTH (sprintf (char *__restrict __s, const char *__restrict __fmt, ...)) __glibc_objsize (__s), __fmt, __va_arg_pack ()); } +#elif __fortify_use_clang +/* clang does not have __va_arg_pack, so defer to va_arg version. */ +__fortify_function_error_function __attribute_overloadable__ int +__NTH (sprintf (__fortify_clang_overload_arg (char *, __restrict, __s), + const char *__restrict __fmt, ...)) +{ + __gnuc_va_list __fortify_ap; + __builtin_va_start (__fortify_ap, __fmt); + int __r = __builtin___vsprintf_chk (__s, __USE_FORTIFY_LEVEL - 1, + __glibc_objsize (__s), __fmt, + __fortify_ap); + __builtin_va_end (__fortify_ap); + return __r; +} #elif !defined __cplusplus # define sprintf(str, ...) \ __builtin___sprintf_chk (str, __USE_FORTIFY_LEVEL - 1, \ __glibc_objsize (str), __VA_ARGS__) #endif -__fortify_function int -__NTH (vsprintf (char *__restrict __s, const char *__restrict __fmt, - __gnuc_va_list __ap)) +__fortify_function __attribute_overloadable__ int +__NTH (vsprintf (__fortify_clang_overload_arg (char *, __restrict, __s), + const char *__restrict __fmt, __gnuc_va_list __ap)) { return __builtin___vsprintf_chk (__s, __USE_FORTIFY_LEVEL - 1, __glibc_objsize (__s), __fmt, __ap); @@ -55,15 +69,33 @@ __NTH (snprintf (char *__restrict __s, size_t __n, __glibc_objsize (__s), __fmt, __va_arg_pack ()); } +# elif __fortify_use_clang +/* clang does not have __va_arg_pack, so defer to va_arg version. */ +__fortify_function_error_function __attribute_overloadable__ int +__NTH (snprintf (__fortify_clang_overload_arg (char *, __restrict, __s), + size_t __n, const char *__restrict __fmt, ...)) +{ + __gnuc_va_list __fortify_ap; + __builtin_va_start (__fortify_ap, __fmt); + int __r = __builtin___vsnprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, + __glibc_objsize (__s), __fmt, + __fortify_ap); + __builtin_va_end (__fortify_ap); + return __r; +} # elif !defined __cplusplus # define snprintf(str, len, ...) \ __builtin___snprintf_chk (str, len, __USE_FORTIFY_LEVEL - 1, \ __glibc_objsize (str), __VA_ARGS__) # endif -__fortify_function int -__NTH (vsnprintf (char *__restrict __s, size_t __n, - const char *__restrict __fmt, __gnuc_va_list __ap)) +__fortify_function __attribute_overloadable__ int +__NTH (vsnprintf (__fortify_clang_overload_arg (char *, __restrict, __s), + size_t __n, const char *__restrict __fmt, + __gnuc_va_list __ap)) + __fortify_clang_warning (__fortify_clang_bos_static_lt (__n, __s), + "call to vsnprintf may overflow the destination " + "buffer") { return __builtin___vsnprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, __glibc_objsize (__s), __fmt, __ap); @@ -85,6 +117,30 @@ printf (const char *__restrict __fmt, ...) { return __printf_chk (__USE_FORTIFY_LEVEL - 1, __fmt, __va_arg_pack ()); } +# elif __fortify_use_clang +/* clang does not have __va_arg_pack, so defer to va_arg version. */ +__fortify_function_error_function __attribute_overloadable__ __nonnull ((1)) int +fprintf (__fortify_clang_overload_arg (FILE *, __restrict, __stream), + const char *__restrict __fmt, ...) +{ + __gnuc_va_list __fortify_ap; + __builtin_va_start (__fortify_ap, __fmt); + int __r = __builtin___vfprintf_chk (__stream, __USE_FORTIFY_LEVEL - 1, + __fmt, __fortify_ap); + __builtin_va_end (__fortify_ap); + return __r; +} + +__fortify_function_error_function __attribute_overloadable__ int +printf (__fortify_clang_overload_arg (const char *, __restrict, __fmt), ...) +{ + __gnuc_va_list __fortify_ap; + __builtin_va_start (__fortify_ap, __fmt); + int __r = __builtin___vprintf_chk (__USE_FORTIFY_LEVEL - 1, __fmt, + __fortify_ap); + __builtin_va_end (__fortify_ap); + return __r; +} # elif !defined __cplusplus # define printf(...) \ __printf_chk (__USE_FORTIFY_LEVEL - 1, __VA_ARGS__) @@ -92,8 +148,9 @@ printf (const char *__restrict __fmt, ...) __fprintf_chk (stream, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__) # endif -__fortify_function int -vprintf (const char *__restrict __fmt, __gnuc_va_list __ap) +__fortify_function __attribute_overloadable__ int +vprintf (__fortify_clang_overload_arg (const char *, __restrict, __fmt), + __gnuc_va_list __ap) { #ifdef __USE_EXTERN_INLINES return __vfprintf_chk (stdout, __USE_FORTIFY_LEVEL - 1, __fmt, __ap); @@ -117,6 +174,18 @@ dprintf (int __fd, const char *__restrict __fmt, ...) return __dprintf_chk (__fd, __USE_FORTIFY_LEVEL - 1, __fmt, __va_arg_pack ()); } +# elif __fortify_use_clang +__fortify_function_error_function __attribute_overloadable__ int +dprintf (int __fd, __fortify_clang_overload_arg (const char *, __restrict, + __fmt), ...) +{ + __gnuc_va_list __fortify_ap; + __builtin_va_start (__fortify_ap, __fmt); + int __r = __vdprintf_chk (__fd, __USE_FORTIFY_LEVEL - 1, __fmt, + __fortify_ap); + __builtin_va_end (__fortify_ap); + return __r; +} # elif !defined __cplusplus # define dprintf(fd, ...) \ __dprintf_chk (fd, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__) @@ -153,6 +222,43 @@ __NTH (obstack_printf (struct obstack *__restrict __obstack, return __obstack_printf_chk (__obstack, __USE_FORTIFY_LEVEL - 1, __fmt, __va_arg_pack ()); } +# elif __fortify_use_clang +__fortify_function_error_function __attribute_overloadable__ int +__NTH (asprintf (__fortify_clang_overload_arg (char **, __restrict, __ptr), + const char *__restrict __fmt, ...)) +{ + __gnuc_va_list __fortify_ap; + __builtin_va_start (__fortify_ap, __fmt); + int __r = __vasprintf_chk (__ptr, __USE_FORTIFY_LEVEL - 1, __fmt, + __fortify_ap); + __builtin_va_end (__fortify_ap); + return __r; +} + +__fortify_function_error_function __attribute_overloadable__ int +__NTH (__asprintf (__fortify_clang_overload_arg (char **, __restrict, __ptr), + const char *__restrict __fmt, ...)) +{ + __gnuc_va_list __fortify_ap; + __builtin_va_start (__fortify_ap, __fmt); + int __r = __vasprintf_chk (__ptr, __USE_FORTIFY_LEVEL - 1, __fmt, + __fortify_ap); + __builtin_va_end (__fortify_ap); + return __r; +} + +__fortify_function_error_function __attribute_overloadable__ int +__NTH (obstack_printf (__fortify_clang_overload_arg (struct obstack *, + __restrict, __obstack), + const char *__restrict __fmt, ...)) +{ + __gnuc_va_list __fortify_ap; + __builtin_va_start (__fortify_ap, __fmt); + int __r = __obstack_vprintf_chk (__obstack, __USE_FORTIFY_LEVEL - 1, + __fmt, __fortify_ap); + __builtin_va_end (__fortify_ap); + return __r; +} # elif !defined __cplusplus # define asprintf(ptr, ...) \ __asprintf_chk (ptr, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__) @@ -182,8 +288,11 @@ __NTH (obstack_vprintf (struct obstack *__restrict __obstack, #endif #if __GLIBC_USE (DEPRECATED_GETS) -__fortify_function __wur char * -gets (char *__str) +__fortify_function __wur __attribute_overloadable__ char * +gets (__fortify_clang_overload_arg (char *, , __str)) + __fortify_clang_warning (__glibc_objsize (__str) == (size_t) -1, + "please use fgets or getline instead, gets " + "can not specify buffer size") { if (__glibc_objsize (__str) != (size_t) -1) return __gets_chk (__str, __glibc_objsize (__str)); @@ -192,48 +301,70 @@ gets (char *__str) #endif __fortify_function __wur __fortified_attr_access (__write_only__, 1, 2) -__nonnull ((3)) char * -fgets (char *__restrict __s, int __n, FILE *__restrict __stream) +__nonnull ((3)) __attribute_overloadable__ char * +fgets (__fortify_clang_overload_arg (char *, __restrict, __s), int __n, + FILE *__restrict __stream) + __fortify_clang_warning (__fortify_clang_bos_static_lt (__n, __s) && __n > 0, + "fgets called with bigger size than length of " + "destination buffer") { size_t sz = __glibc_objsize (__s); if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) return __fgets_alias (__s, __n, __stream); +#if !__fortify_use_clang if (__glibc_unsafe_len (__n, sizeof (char), sz)) return __fgets_chk_warn (__s, sz, __n, __stream); +#endif return __fgets_chk (__s, sz, __n, __stream); } -__fortify_function __wur __nonnull ((4)) size_t -fread (void *__restrict __ptr, size_t __size, size_t __n, - FILE *__restrict __stream) +__fortify_function __wur __nonnull ((4)) __attribute_overloadable__ size_t +fread (__fortify_clang_overload_arg (void *, __restrict, __ptr), + size_t __size, size_t __n, FILE *__restrict __stream) + __fortify_clang_warning (__fortify_clang_bos0_static_lt (__size * __n, __ptr) + && !__fortify_clang_mul_may_overflow (__size, __n), + "fread called with bigger size * n than length " + "of destination buffer") { size_t sz = __glibc_objsize0 (__ptr); if (__glibc_safe_or_unknown_len (__n, __size, sz)) return __fread_alias (__ptr, __size, __n, __stream); +#if !__fortify_use_clang if (__glibc_unsafe_len (__n, __size, sz)) return __fread_chk_warn (__ptr, sz, __size, __n, __stream); +#endif return __fread_chk (__ptr, sz, __size, __n, __stream); } #ifdef __USE_GNU __fortify_function __wur __fortified_attr_access (__write_only__, 1, 2) -__nonnull ((3)) char * -fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream) +__nonnull ((3)) __attribute_overloadable__ char * +fgets_unlocked (__fortify_clang_overload_arg (char *, __restrict, __s), + int __n, FILE *__restrict __stream) + __fortify_clang_warning (__fortify_clang_bos_static_lt (__n, __s) && __n > 0, + "fgets called with bigger size than length of " + "destination buffer") { size_t sz = __glibc_objsize (__s); if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) return __fgets_unlocked_alias (__s, __n, __stream); +#if !__fortify_use_clang if (__glibc_unsafe_len (__n, sizeof (char), sz)) return __fgets_unlocked_chk_warn (__s, sz, __n, __stream); +#endif return __fgets_unlocked_chk (__s, sz, __n, __stream); } #endif #ifdef __USE_MISC # undef fread_unlocked -__fortify_function __wur __nonnull ((4)) size_t -fread_unlocked (void *__restrict __ptr, size_t __size, size_t __n, - FILE *__restrict __stream) +__fortify_function __wur __nonnull ((4)) __attribute_overloadable__ size_t +fread_unlocked (__fortify_clang_overload_arg0 (void *, __restrict, __ptr), + size_t __size, size_t __n, FILE *__restrict __stream) + __fortify_clang_warning (__fortify_clang_bos0_static_lt (__size * __n, __ptr) + && !__fortify_clang_mul_may_overflow (__size, __n), + "fread_unlocked called with bigger size * n than " + "length of destination buffer") { size_t sz = __glibc_objsize0 (__ptr); if (__glibc_safe_or_unknown_len (__n, __size, sz)) @@ -261,8 +392,10 @@ fread_unlocked (void *__restrict __ptr, size_t __size, size_t __n, # endif return __fread_unlocked_alias (__ptr, __size, __n, __stream); } +# if !__fortify_use_clang if (__glibc_unsafe_len (__n, __size, sz)) return __fread_unlocked_chk_warn (__ptr, sz, __size, __n, __stream); +# endif return __fread_unlocked_chk (__ptr, sz, __size, __n, __stream); } From patchwork Thu Dec 21 18:59:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1879411 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=rMSdNDzN; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sx0C72qfnz1ydZ for ; Fri, 22 Dec 2023 06:01:23 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 08A453882041 for ; Thu, 21 Dec 2023 19:01:13 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) by sourceware.org (Postfix) with ESMTPS id BB51C3858436 for ; Thu, 21 Dec 2023 18:59:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org BB51C3858436 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org BB51C3858436 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::435 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185200; cv=none; b=HouUFwoSPH8ECInmn3iJMiU/kETrIRDkMFIFQilsd9IQCh7hoRaQby7nd8texEgm+hSLdskiQal94fQGx+gr4TaY+1CQ14Mi2d7K+Ebp4apeR5YKasNwxjt/w9Epii/1MFD+Lc1iMCkb7EmHivRQeRaLsq2x5srUtSuzsn7XdUc= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185200; c=relaxed/simple; bh=3/b1tO21Q36coU5OqzUrl8JcRZYYJ/PidqujGYb3NwY=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=kAnh+MqJ5m68fWyNVliNeDg9StaImv5CRu4onjsI/UtTX77eksr+zHm0wgcr9U7K/htASArVTXA3f9wUGNLdLaLch9w1ge2ENadAQZfNiSXmnTR6AQ1jIZGxhmdl/kzrtwSPvXw0p+EniVcCFW6unYlbsJVkq6/sg3c3v7CWC5I= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x435.google.com with SMTP id d2e1a72fcca58-6d5c4cb8a4cso615299b3a.3 for ; Thu, 21 Dec 2023 10:59:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1703185197; x=1703789997; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=kka7j/sdnm7KuaH4xKqFvU6wFsZxUMTEffpjhif+4Tw=; b=rMSdNDzNEx9vNPcYzKdQQOE5Pv3SgejSo8b7qzX/ectqzofKHjXiewT6qbMdyjeGA+ sjgR4YigJg6xjjXh8bPrsRxWGrqT+rssjuWnx5M3ggOSy1JjBQ2QFXt6IN8e5zhQRW2H Ts6iqEdj/lRQGRJe4La2ynjp+IWvXe5+WnKR60/ofS27NxrEAP1K2vGrqVIvbrlQe25H YVjKh735Vb4MA9LegvK7h9Z3V1CMdT4bDWlvNXBZi0kdMVo6m0YQHEsJkTmaGhu7GmG1 G6rjnDpKRQW5wVWaKbXJ3KoLNSO3LbcxDMCGkzNLMaaxNN/svoJ80S6qdX0ozeB5Btci 2Wlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703185197; x=1703789997; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kka7j/sdnm7KuaH4xKqFvU6wFsZxUMTEffpjhif+4Tw=; b=JYlD5Q+BvbhiuZCOW85Fp8eichPmCm2P1AxmJzWgH4O3aeNzqeTFr0sYjJ/Ttzwc+N pz9SjuJTs/NTtA6dqz4Nd49id42Is40+AzSFXTLxYSJVhm2JfaOhN3F3E10EaLLxri25 FezI+YVkHfgUf/2I6MXbMvY1SLFKCfesIsDxirLqNLXBy1TSVc0hd6u8EGPv2bdTr1fn GAc4abjWekbQjtbkpviyvJbqWZThZpwFPAqhsjyKtTvVdBOkuGiQdHH/p+1xU/HqzxDy xwpVa2QgRqyW/xwxSd5WetcIrNXyj+dtSWe+4xJwlOZraX784yKTqfJ4I5MNZT2+g0g9 2h/Q== X-Gm-Message-State: AOJu0Yyjw1+42Yn/8KeQ6c346r4DpxudQzgEXHMsJ5JjQlV+Aantksf5 7gLY1G6QbAvZeswR31yY+XEbES8XERDIDjB9kW1ZKZdg6ho= X-Google-Smtp-Source: AGHT+IEDsLD4RGIoyaUaMK9ndzv5t+bhZJDNnBGsRrHj+IQ7DUI4C7H68f85PKcj4M2Mqcc8mlsbdA== X-Received: by 2002:a05:6a00:2a8:b0:6d8:6abc:ca17 with SMTP id q8-20020a056a0002a800b006d86abcca17mr125903pfs.15.1703185197284; Thu, 21 Dec 2023 10:59:57 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:8192:ecd7:d327:bea0:14dc]) by smtp.gmail.com with ESMTPSA id a9-20020a63e409000000b005cdbebd61d8sm1946165pgi.9.2023.12.21.10.59.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 10:59:56 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH 08/15] string: Improve fortify with clang Date: Thu, 21 Dec 2023 15:59:22 -0300 Message-Id: <20231221185929.1307116-9-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> References: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org It improve fortify checks for strcpy, stpcpy, strncpy, stpncpy, strcat, strncat, strlcpy, and strlcat. The runtime and compile checks have similar coverage as with GCC. Checked on aarch64, armhf, x86_64, and i686. --- string/bits/string_fortified.h | 57 +++++++++++++++++++++------------- 1 file changed, 35 insertions(+), 22 deletions(-) diff --git a/string/bits/string_fortified.h b/string/bits/string_fortified.h index 23ef064168..d3ee250642 100644 --- a/string/bits/string_fortified.h +++ b/string/bits/string_fortified.h @@ -73,24 +73,29 @@ __NTH (explicit_bzero (void *__dest, size_t __len)) } #endif -__fortify_function char * -__NTH (strcpy (char *__restrict __dest, const char *__restrict __src)) +__fortify_function __attribute_overloadable__ char * +__NTH (strcpy (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { return __builtin___strcpy_chk (__dest, __src, __glibc_objsize (__dest)); } #ifdef __USE_XOPEN2K8 -__fortify_function char * -__NTH (stpcpy (char *__restrict __dest, const char *__restrict __src)) +__fortify_function __attribute_overloadable__ char * +__NTH (stpcpy (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { return __builtin___stpcpy_chk (__dest, __src, __glibc_objsize (__dest)); } #endif -__fortify_function char * -__NTH (strncpy (char *__restrict __dest, const char *__restrict __src, - size_t __len)) +__fortify_function __attribute_overloadable__ char * +__NTH (strncpy (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src, size_t __len)) + __fortify_clang_warn_if_dest_too_small (__dest, __len) { return __builtin___strncpy_chk (__dest, __src, __len, __glibc_objsize (__dest)); @@ -98,8 +103,10 @@ __NTH (strncpy (char *__restrict __dest, const char *__restrict __src, #ifdef __USE_XOPEN2K8 # if __GNUC_PREREQ (4, 7) || __glibc_clang_prereq (2, 6) -__fortify_function char * -__NTH (stpncpy (char *__dest, const char *__src, size_t __n)) +__fortify_function __attribute_overloadable__ char * +__NTH (stpncpy (__fortify_clang_overload_arg (char *, ,__dest), + const char *__src, size_t __n)) + __fortify_clang_warn_if_dest_too_small (__dest, __n) { return __builtin___stpncpy_chk (__dest, __src, __n, __glibc_objsize (__dest)); @@ -112,8 +119,9 @@ extern char *__stpncpy_chk (char *__dest, const char *__src, size_t __n, extern char *__REDIRECT_NTH (__stpncpy_alias, (char *__dest, const char *__src, size_t __n), stpncpy); -__fortify_function char * -__NTH (stpncpy (char *__dest, const char *__src, size_t __n)) +__fortify_function __attribute_overloadable__ char * +__NTH (stpncpy (__fortify_clang_overload_arg (char *, ,__dest), + const char *__src, size_t __n)) { if (__bos (__dest) != (size_t) -1 && (!__builtin_constant_p (__n) || __n > __bos (__dest))) @@ -124,16 +132,19 @@ __NTH (stpncpy (char *__dest, const char *__src, size_t __n)) #endif -__fortify_function char * -__NTH (strcat (char *__restrict __dest, const char *__restrict __src)) +__fortify_function __attribute_overloadable__ char * +__NTH (strcat (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { return __builtin___strcat_chk (__dest, __src, __glibc_objsize (__dest)); } -__fortify_function char * -__NTH (strncat (char *__restrict __dest, const char *__restrict __src, - size_t __len)) +__fortify_function __attribute_overloadable__ char * +__NTH (strncat (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src, size_t __len)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { return __builtin___strncat_chk (__dest, __src, __len, __glibc_objsize (__dest)); @@ -146,9 +157,10 @@ extern size_t __REDIRECT_NTH (__strlcpy_alias, (char *__dest, const char *__src, size_t __n), strlcpy); -__fortify_function size_t -__NTH (strlcpy (char *__restrict __dest, const char *__restrict __src, - size_t __n)) +__fortify_function __attribute_overloadable__ size_t +__NTH (strlcpy (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src, size_t __n)) + __fortify_clang_warn_if_dest_too_small (__dest, __n) { if (__glibc_objsize (__dest) != (size_t) -1 && (!__builtin_constant_p (__n > __glibc_objsize (__dest)) @@ -163,9 +175,10 @@ extern size_t __REDIRECT_NTH (__strlcat_alias, (char *__dest, const char *__src, size_t __n), strlcat); -__fortify_function size_t -__NTH (strlcat (char *__restrict __dest, const char *__restrict __src, - size_t __n)) +__fortify_function __attribute_overloadable__ size_t +__NTH (strlcat (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src, size_t __n)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { if (__glibc_objsize (__dest) != (size_t) -1 && (!__builtin_constant_p (__n > __glibc_objsize (__dest)) From patchwork Thu Dec 21 18:59:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1879413 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=ssU9v3mr; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sx0CW6TJYz1ydZ for ; Fri, 22 Dec 2023 06:01:43 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 9EEB9387085A for ; Thu, 21 Dec 2023 19:01:34 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) by sourceware.org (Postfix) with ESMTPS id 9C8F93858292 for ; Thu, 21 Dec 2023 19:00:00 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9C8F93858292 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 9C8F93858292 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::530 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185202; cv=none; b=h4TqT22nA/4VY1QDkGl8Mocm/lNqjL47uR/0754+0RJvqhlwsSbhvIvKbOirZu9Xs9xZaIS1XqiTof2jgv63R2rGcTZfwGCbmOZDbtxvDFxxLKVdaAv6lxo/FzomIvPel0vkNYokF8uoaOr4Bk8Y2yPH1Bkinh5fnIGfTMCajLA= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185202; c=relaxed/simple; bh=qrRxmfPRJL/sXSPvoBikMkiPfjLkDlN+gxTUb+m6bIA=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=hpy9b9ePEDtGQCyEoy2YFe501gLpLoTvHl1blzQg5VLJp94qdIEuIcKZk3ahux8YtvnkDx0Z08FLGERPMlQnmbR+DbGwC7gyH5ffYiG2Dl/Jf84RcEr7SdVzi1WG4GGZD0OxIQ6iOv9b/aNmOV4LWklkfwJXhwrsAncJuSyVeMU= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pg1-x530.google.com with SMTP id 41be03b00d2f7-5bdbe2de25fso865668a12.3 for ; Thu, 21 Dec 2023 11:00:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1703185199; x=1703789999; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=O6Wsthlf3nlQyUQnyQPEBtulveFzvYZp4F0qBzqq2Q0=; b=ssU9v3mrUuYn2IGPZnmAAMlQvwnTKvme8iyGtoOQ37drxTSBQ44WUqW6vxpSf6N3IL JaK7qEuPSU8tW3UaYMpUfbmpfrYI1jTXev3c4LFJlxI3ZpcQ8v7R2VgOrFK9OlJa9lKJ yTbfnWlzgNFln3xcmaFKiHi6dsmw6t4RS89xIAAc7EFoAj9EHBGnNDc7M1yUokY7gL6z HwO5KJdkuO3eILMTJ1KqsyqBRNHOeILp11ucqkmUHOFPHbRCmAYbdjxPPSZVF/XGZjZA o2kph8GralmLK2/qnQyfnX6TS6W+Qjxo0Lr4FFT7QjXy8/7UmW0LQo+z4JLj61cbCQ3V NDUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703185199; x=1703789999; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=O6Wsthlf3nlQyUQnyQPEBtulveFzvYZp4F0qBzqq2Q0=; b=qPMXRLg2piU/GwNhlwNz8HRukl2fk58lRgW4150jCt18xJw5HgflOaxr5LegISD5nC q/ioSviWNpflMi1Gs+VbPMdpXXO4oKGkZXGnrND93ouKpzQl3LUu5nJBxeB8OxmLXHTB +v3TZQcmuC67Z5m6YghvD2WvJ8ZDhNfM4TfVD/SmigmeFw5cbifV9QrEOQwFbpwRsWUy hB1zb6MTRe9jbvLJcb+qcExdY5YdbjBt7/WOH3NhW4LAL9Jy3uxA1T18JqhrUfjrE7O9 /4UGl4/WmyeFG+CUd71tm6WQGWp7pFeRMYJ4WAMnq6QJqtOUT3m0tJJDkwTMJhJ5slzp ejJA== X-Gm-Message-State: AOJu0YxroeFpEnO8pqsWnb2xo6XrYLAMXRi3cVa8IweAY2Nqi5I0L8ll oFH8ljuvszYZrpwjyauxWriw8j2sA7zXi4XwzEPnjE+eQXw= X-Google-Smtp-Source: AGHT+IHvEWH44lvHscrsBiJZQT7Hr46zsG8xWD9LJz4CdQDlNBJQil2Rjs3ib/4TK0i5Erj18JNGrA== X-Received: by 2002:a05:6a20:bb81:b0:190:1c0:1c25 with SMTP id fd1-20020a056a20bb8100b0019001c01c25mr122963pzb.91.1703185199148; Thu, 21 Dec 2023 10:59:59 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:8192:ecd7:d327:bea0:14dc]) by smtp.gmail.com with ESMTPSA id a9-20020a63e409000000b005cdbebd61d8sm1946165pgi.9.2023.12.21.10.59.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 10:59:58 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH 09/15] stdlib: Improve fortify with clang Date: Thu, 21 Dec 2023 15:59:23 -0300 Message-Id: <20231221185929.1307116-10-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> References: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org It improve fortify checks for realpath, ptsname_r, wctomb, mbstowcs, and wcstombs. The runtime and compile checks have similar coverage as with GCC. Checked on aarch64, armhf, x86_64, and i686. --- stdlib/bits/stdlib.h | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/stdlib/bits/stdlib.h b/stdlib/bits/stdlib.h index c6c0082ad5..1f89c1e69f 100644 --- a/stdlib/bits/stdlib.h +++ b/stdlib/bits/stdlib.h @@ -33,15 +33,22 @@ extern char *__REDIRECT_NTH (__realpath_chk_warn, __warnattr ("second argument of realpath must be either NULL or at " "least PATH_MAX bytes long buffer"); -__fortify_function __wur char * -__NTH (realpath (const char *__restrict __name, char *__restrict __resolved)) +__fortify_function __attribute_overloadable__ __wur char * +__NTH (realpath (const char *__restrict __name, + __fortify_clang_overload_arg (char *, __restrict, __resolved))) +#if defined _LIBC_LIMITS_H_ && defined PATH_MAX + __fortify_clang_warning_only_if_bos_lt (PATH_MAX, __resolved, + "second argument of realpath must be " + "either NULL or at least PATH_MAX " + "bytes long buffer") +#endif { size_t sz = __glibc_objsize (__resolved); if (sz == (size_t) -1) return __realpath_alias (__name, __resolved); -#if defined _LIBC_LIMITS_H_ && defined PATH_MAX +#if !__fortify_use_clang && defined _LIBC_LIMITS_H_ && defined PATH_MAX if (__glibc_unsafe_len (PATH_MAX, sizeof (char), sz)) return __realpath_chk_warn (__name, __resolved, sz); #endif @@ -61,8 +68,13 @@ extern int __REDIRECT_NTH (__ptsname_r_chk_warn, __nonnull ((2)) __warnattr ("ptsname_r called with buflen bigger than " "size of buf"); -__fortify_function int -__NTH (ptsname_r (int __fd, char *__buf, size_t __buflen)) +__fortify_function __attribute_overloadable__ int +__NTH (ptsname_r (int __fd, + __fortify_clang_overload_arg (char *, ,__buf), + size_t __buflen)) + __fortify_clang_warning_only_if_bos_lt (__buflen, __buf, + "ptsname_r called with buflen " + "bigger than size of buf") { return __glibc_fortify (ptsname_r, __buflen, sizeof (char), __glibc_objsize (__buf), @@ -75,8 +87,8 @@ extern int __wctomb_chk (char *__s, wchar_t __wchar, size_t __buflen) extern int __REDIRECT_NTH (__wctomb_alias, (char *__s, wchar_t __wchar), wctomb) __wur; -__fortify_function __wur int -__NTH (wctomb (char *__s, wchar_t __wchar)) +__fortify_function __attribute_overloadable__ __wur int +__NTH (wctomb (__fortify_clang_overload_arg (char *, ,__s), wchar_t __wchar)) { /* We would have to include to get a definition of MB_LEN_MAX. But this would only disturb the namespace. So we define our own @@ -113,12 +125,17 @@ extern size_t __REDIRECT_NTH (__mbstowcs_chk_warn, __warnattr ("mbstowcs called with dst buffer smaller than len " "* sizeof (wchar_t)"); -__fortify_function size_t -__NTH (mbstowcs (wchar_t *__restrict __dst, const char *__restrict __src, +__fortify_function __attribute_overloadable__ size_t +__NTH (mbstowcs (__fortify_clang_overload_arg (wchar_t *, __restrict, __dst), + const char *__restrict __src, size_t __len)) + __fortify_clang_warning_only_if_bos0_lt2 (__len, __dst, sizeof (wchar_t), + "mbstowcs called with dst buffer " + "smaller than len * sizeof (wchar_t)") { if (__builtin_constant_p (__dst == NULL) && __dst == NULL) return __mbstowcs_nulldst (__dst, __src, __len); + else return __glibc_fortify_n (mbstowcs, __len, sizeof (wchar_t), __glibc_objsize (__dst), __dst, __src, __len); @@ -139,8 +156,9 @@ extern size_t __REDIRECT_NTH (__wcstombs_chk_warn, size_t __len, size_t __dstlen), __wcstombs_chk) __warnattr ("wcstombs called with dst buffer smaller than len"); -__fortify_function size_t -__NTH (wcstombs (char *__restrict __dst, const wchar_t *__restrict __src, +__fortify_function __attribute_overloadable__ size_t +__NTH (wcstombs (__fortify_clang_overload_arg (char *, __restrict, __dst), + const wchar_t *__restrict __src, size_t __len)) { return __glibc_fortify (wcstombs, __len, sizeof (char), From patchwork Thu Dec 21 18:59:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1879408 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=vnkq40dd; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=8.43.85.97; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sx0Bc64zgz1ydZ for ; Fri, 22 Dec 2023 06:00:56 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 45C0C386F447 for ; Thu, 21 Dec 2023 19:00:54 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) by sourceware.org (Postfix) with ESMTPS id 28F77386180E for ; Thu, 21 Dec 2023 19:00:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 28F77386180E Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 28F77386180E Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::431 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185205; cv=none; b=Rk4yH0ZHtYIgbMy6kqrAGJkkLgqhDyk72Wp8l8YpnBmguzGOvAc6okBMXTIPZLHp2CwXa6yLXcrEuer29VIFAOw5AIrkel//F9ESEOVx+EJ/q4gHj+oEpaseDIKOV++3TGEsadLE7qcFJvCs3Jl81vY2THrWmI9Y7fTvc0VLnVc= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185205; c=relaxed/simple; bh=KSzvvJR1rYeIar16yNVimBN3MAyw1pqgvrhsaA0yOFs=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=NK8xUWyF5DtYZiytTvF8amqxGPXQ34VpIhO2s+gcZAG9NmU8PmxsXHmRMk5d4A5I5dE3R1LeA9ixKoX9vTSlrYdnXIB030BN5NvyHULUYGvmD4zVPK8pjK2GqFI3DkgWHjWSmXJQlOJsEQbeljBorRkvRW31I7IuJC8dD38a380= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x431.google.com with SMTP id d2e1a72fcca58-6d728c75240so1038952b3a.1 for ; Thu, 21 Dec 2023 11:00:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1703185201; x=1703790001; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fnj2/iywEVSsTH2LVmhWAkcsNbWNrUfJAqdZ4pgVMUI=; b=vnkq40dd7h4MvrObAO0DXQQ+YvdiPZG474Umu4m4sgESBvfDRhWogZzVjWUx1SJwG7 +TfVBaCgwfahsmQyEDjQEuRbPk5ByW1SpkfTiWZN7DsYK4YUGTQNGm7oug1b21oU+4nZ U1+lPtWbfwRJwYS5LZuzKEgrhFn7c1h4gh18RP/yOq4nMsxJ1SyJvrYIE9Lx1OiVN029 XjlRmNI9CoPAylXtQzMmMfqlgRGhufDgxZw0Xuk3ovndJhKsPXyVaWjcVSu/GTgJc03y LvKPQWt1nIETWJN80ktpQkkM+068OPDjuMirH6H+QV8JF5aJFyo+w3IFNDNqBaJQhy6U eAPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703185201; x=1703790001; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fnj2/iywEVSsTH2LVmhWAkcsNbWNrUfJAqdZ4pgVMUI=; b=fhuUsrW7zYWCoCla6AXjaGO9uvEbWSHJBpGmNm7vj5nHSs3lb1DLfpAGmUSRdschv8 ZSay/65FNeg6/7PJQ8B1EHynXtjX2tM2KCsX9D0rDG5HDSMpoQxAM5OSfQ+G+Kr0zD+g 3218538Ro4QdDDhWo8rGf1hDDir2hLX2RxgZS+f2JAwfQNeh/akpxgKiQ/sJQjT/thQb D2CIXfyRfVZSub+6V5psrxtjUPUS8odgLHTmI6T0ytwUq6bBDHESwbDasYvdf8kgSGOa co1WLS5uE/HiW12BH7nWbaewAN8dE72X8TnS1OP0B9N8QzODFbVmkGnNKHav326XTAda m0xw== X-Gm-Message-State: AOJu0YxiQj6tppN+6o6UZe5Y4tHUXXN+mu6g5O+NjhvucDRwE74Ec1Dk I8RTbaby1XcbS8ANF/er2ih+IaRdcB0MALl5FxrYhKAWYUQ= X-Google-Smtp-Source: AGHT+IEoiICsAMjIdF/tpmF7mqN/epg39NCA6MyXZHp4osxqOHCNapDaBJUoFYjRLs1VylHkLaK6uA== X-Received: by 2002:a05:6a21:8186:b0:18d:b43:78ea with SMTP id pd6-20020a056a21818600b0018d0b4378eamr125004pzb.43.1703185200830; Thu, 21 Dec 2023 11:00:00 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:8192:ecd7:d327:bea0:14dc]) by smtp.gmail.com with ESMTPSA id a9-20020a63e409000000b005cdbebd61d8sm1946165pgi.9.2023.12.21.10.59.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 11:00:00 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH 10/15] unistd: Improve fortify with clang Date: Thu, 21 Dec 2023 15:59:24 -0300 Message-Id: <20231221185929.1307116-11-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> References: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org It improve fortify checks for read, pread, pread64, readlink, readlinkat, getcwd, getwd, confstr, getgroups, ttyname_r, getlogin_r, gethostname, and getdomainname. The compile and runtime checks have similar coverage as with GCC. Checked on aarch64, armhf, x86_64, and i686. --- posix/bits/unistd.h | 110 +++++++++++++++++++++++++++++++++----------- 1 file changed, 82 insertions(+), 28 deletions(-) diff --git a/posix/bits/unistd.h b/posix/bits/unistd.h index 6a381116a9..cc19865348 100644 --- a/posix/bits/unistd.h +++ b/posix/bits/unistd.h @@ -22,8 +22,12 @@ # include -__fortify_function __wur ssize_t -read (int __fd, void *__buf, size_t __nbytes) +__fortify_function __attribute_overloadable__ __wur ssize_t +read (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), size_t __nbytes) + __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf, + "read called with bigger length than " + "size of the destination buffer") + { return __glibc_fortify (read, __nbytes, sizeof (char), __glibc_objsize0 (__buf), @@ -32,16 +36,24 @@ read (int __fd, void *__buf, size_t __nbytes) #if defined __USE_UNIX98 || defined __USE_XOPEN2K8 # ifndef __USE_FILE_OFFSET64 -__fortify_function __wur ssize_t -pread (int __fd, void *__buf, size_t __nbytes, __off_t __offset) +__fortify_function __attribute_overloadable__ __wur ssize_t +pread (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), + size_t __nbytes, __off_t __offset) + __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf, + "pread called with bigger length than " + "size of the destination buffer") { return __glibc_fortify (pread, __nbytes, sizeof (char), __glibc_objsize0 (__buf), __fd, __buf, __nbytes, __offset); } # else -__fortify_function __wur ssize_t -pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset) +__fortify_function __attribute_overloadable__ __wur ssize_t +pread (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), + size_t __nbytes, __off64_t __offset) + __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf, + "pread called with bigger length than " + "size of the destination buffer") { return __glibc_fortify (pread64, __nbytes, sizeof (char), __glibc_objsize0 (__buf), @@ -50,8 +62,12 @@ pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset) # endif # ifdef __USE_LARGEFILE64 -__fortify_function __wur ssize_t -pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset) +__fortify_function __attribute_overloadable__ __wur ssize_t +pread64 (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), + size_t __nbytes, __off64_t __offset) + __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf, + "pread64 called with bigger length than " + "size of the destination buffer") { return __glibc_fortify (pread64, __nbytes, sizeof (char), __glibc_objsize0 (__buf), @@ -61,9 +77,14 @@ pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset) #endif #if defined __USE_XOPEN_EXTENDED || defined __USE_XOPEN2K -__fortify_function __nonnull ((1, 2)) __wur ssize_t -__NTH (readlink (const char *__restrict __path, char *__restrict __buf, +__fortify_function __attribute_overloadable__ __nonnull ((1, 2)) __wur ssize_t +__NTH (readlink (const char *__restrict __path, + __fortify_clang_overload_arg0 (char *, __restrict, __buf), size_t __len)) + __fortify_clang_warning_only_if_bos_lt (__len, __buf, + "readlink called with bigger length " + "than size of destination buffer") + { return __glibc_fortify (readlink, __len, sizeof (char), __glibc_objsize (__buf), @@ -72,9 +93,13 @@ __NTH (readlink (const char *__restrict __path, char *__restrict __buf, #endif #ifdef __USE_ATFILE -__fortify_function __nonnull ((2, 3)) __wur ssize_t +__fortify_function __attribute_overloadable__ __nonnull ((2, 3)) __wur ssize_t __NTH (readlinkat (int __fd, const char *__restrict __path, - char *__restrict __buf, size_t __len)) + __fortify_clang_overload_arg0 (char *, __restrict, __buf), + size_t __len)) + __fortify_clang_warning_only_if_bos_lt (__len, __buf, + "readlinkat called with bigger length " + "than size of destination buffer") { return __glibc_fortify (readlinkat, __len, sizeof (char), __glibc_objsize (__buf), @@ -82,8 +107,11 @@ __NTH (readlinkat (int __fd, const char *__restrict __path, } #endif -__fortify_function __wur char * -__NTH (getcwd (char *__buf, size_t __size)) +__fortify_function __attribute_overloadable__ __wur char * +__NTH (getcwd (__fortify_clang_overload_arg (char *, , __buf), size_t __size)) + __fortify_clang_warning_only_if_bos_lt (__size, __buf, + "getcwd called with bigger length " + "than size of destination buffer") { return __glibc_fortify (getcwd, __size, sizeof (char), __glibc_objsize (__buf), @@ -91,8 +119,9 @@ __NTH (getcwd (char *__buf, size_t __size)) } #if defined __USE_MISC || defined __USE_XOPEN_EXTENDED -__fortify_function __nonnull ((1)) __attribute_deprecated__ __wur char * -__NTH (getwd (char *__buf)) +__fortify_function __attribute_overloadable__ __nonnull ((1)) +__attribute_deprecated__ __wur char * +__NTH (getwd (__fortify_clang_overload_arg (char *,, __buf))) { if (__glibc_objsize (__buf) != (size_t) -1) return __getwd_chk (__buf, __glibc_objsize (__buf)); @@ -100,8 +129,12 @@ __NTH (getwd (char *__buf)) } #endif -__fortify_function size_t -__NTH (confstr (int __name, char *__buf, size_t __len)) +__fortify_function __attribute_overloadable__ size_t +__NTH (confstr (int __name, __fortify_clang_overload_arg (char *, ,__buf), + size_t __len)) + __fortify_clang_warning_only_if_bos_lt (__len, __buf, + "confstr called with bigger length than " + "size of destination buffer") { return __glibc_fortify (confstr, __len, sizeof (char), __glibc_objsize (__buf), @@ -109,8 +142,13 @@ __NTH (confstr (int __name, char *__buf, size_t __len)) } -__fortify_function int -__NTH (getgroups (int __size, __gid_t __list[])) +__fortify_function __attribute_overloadable__ int +__NTH (getgroups (int __size, + __fortify_clang_overload_arg (__gid_t *, , __list))) + __fortify_clang_warning_only_if_bos_lt (__size * sizeof (__gid_t), __list, + "getgroups called with bigger group " + "count than what can fit into " + "destination buffer") { return __glibc_fortify (getgroups, __size, sizeof (__gid_t), __glibc_objsize (__list), @@ -118,8 +156,13 @@ __NTH (getgroups (int __size, __gid_t __list[])) } -__fortify_function int -__NTH (ttyname_r (int __fd, char *__buf, size_t __buflen)) +__fortify_function __attribute_overloadable__ int +__NTH (ttyname_r (int __fd, + __fortify_clang_overload_arg (char *, ,__buf), + size_t __buflen)) + __fortify_clang_warning_only_if_bos_lt (__buflen, __buf, + "ttyname_r called with bigger buflen " + "than size of destination buffer") { return __glibc_fortify (ttyname_r, __buflen, sizeof (char), __glibc_objsize (__buf), @@ -128,8 +171,11 @@ __NTH (ttyname_r (int __fd, char *__buf, size_t __buflen)) #ifdef __USE_POSIX199506 -__fortify_function int -getlogin_r (char *__buf, size_t __buflen) +__fortify_function __attribute_overloadable__ int +getlogin_r (__fortify_clang_overload_arg (char *, ,__buf), size_t __buflen) + __fortify_clang_warning_only_if_bos_lt (__buflen, __buf, + "getlogin_r called with bigger buflen " + "than size of destination buffer") { return __glibc_fortify (getlogin_r, __buflen, sizeof (char), __glibc_objsize (__buf), @@ -139,8 +185,12 @@ getlogin_r (char *__buf, size_t __buflen) #if defined __USE_MISC || defined __USE_UNIX98 -__fortify_function int -__NTH (gethostname (char *__buf, size_t __buflen)) +__fortify_function __attribute_overloadable__ int +__NTH (gethostname (__fortify_clang_overload_arg (char *, ,__buf), + size_t __buflen)) + __fortify_clang_warning_only_if_bos_lt (__buflen, __buf, + "gethostname called with bigger buflen " + "than size of destination buffer") { return __glibc_fortify (gethostname, __buflen, sizeof (char), __glibc_objsize (__buf), @@ -150,8 +200,12 @@ __NTH (gethostname (char *__buf, size_t __buflen)) #if defined __USE_MISC || (defined __USE_XOPEN && !defined __USE_UNIX98) -__fortify_function int -__NTH (getdomainname (char *__buf, size_t __buflen)) +__fortify_function __attribute_overloadable__ int +__NTH (getdomainname (__fortify_clang_overload_arg (char *, ,__buf), + size_t __buflen)) + __fortify_clang_warning_only_if_bos_lt (__buflen, __buf, + "getdomainname called with bigger " + "buflen than size of destination buffer") { return __glibc_fortify (getdomainname, __buflen, sizeof (char), __glibc_objsize (__buf), From patchwork Thu Dec 21 18:59:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1879415 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=BRYbpcEy; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sx0Cw5w8jz1ydZ for ; Fri, 22 Dec 2023 06:02:04 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 6AE1F3865C21 for ; Thu, 21 Dec 2023 19:02:00 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) by sourceware.org (Postfix) with ESMTPS id E94FD38618E3 for ; Thu, 21 Dec 2023 19:00:04 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E94FD38618E3 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org E94FD38618E3 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::433 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185206; cv=none; b=TBx+uv+To2fcOwaeEwmIOaNUQABHY1spDmXDc4psb142hqMQ00R5lmO3leGmBdv4HhGjvK+/RJPOMPgUHQFR1fthXTkPClmrZtmrmKkJq+X4jbThmcJw73KKA6I8LzlTyBlqxNobSRtib9VIWniPl6ysuxxu3ue98oa7eMvOz1c= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185206; c=relaxed/simple; bh=SMk/Qup28/N/uMlr24t3DEfEFQfSQKfE0rR4ibU+F3c=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=Ec5cvzJ4svpD5O4WS1rGgRfhoJWhFUo+IQRGY64Crc3az1pEdo0STBTiQJ4L8Dzom8iSU0LxZKZm5y5sHcOFlkPUJhHAeB60CqeU+aGZWyZPQNb8WLOH2GXBtr7qu30t32kXk8nqyq9sssWRlvSmHlTpVMiCny/cuecNWYm7UDc= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x433.google.com with SMTP id d2e1a72fcca58-6d7e67d31caso787122b3a.1 for ; Thu, 21 Dec 2023 11:00:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1703185203; x=1703790003; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=kAVxnOuZOcMbmghxoXcQO+Li2FnJV3Itd4MkTSPN2qM=; b=BRYbpcEyoUCvqnZgLfvyHAr5IOLVHMsoAgOCeBOwSJkEJCfw1LaU/Y6IvA6+uGXO3K 1ODs0ZS2MrOGK55paVmN5La+s4msyujJoaa2hPJu30CPkB+6tqjLlOfyfWPG1VWzxbDN ZrOkeZmDdCW0/XXrsEHw0TxR2EUkTN7KQKMVFMafYJzSUdVJb37DOyYvldpykQ6hqLOk AqrBUo+evcNffIZRyjlteBr5o+iQVabAD4OEha81N+vKcFrvYggqdcw+yEV88uj4PC7s nMXt1T4xBVA+h0Udt/WxfZHn6ZgpJP0FiNCBKWIv/SoXD0lezYdOLwqRKc8AOBfUrRhi 3Deg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703185203; x=1703790003; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kAVxnOuZOcMbmghxoXcQO+Li2FnJV3Itd4MkTSPN2qM=; b=FpxVZzZtlG7fHgl5UmhYRhCqyu1866XnxXELAY3YNJ2Ld4efBPmuwF87eY8DFrT/89 2cSqTe1Gq3m5nD9CNxt1NRyAa4JgykE1zmPnvifAgtzucnSARNnQFfqqF6QjHfV5Es/V 8zPwPyY8krdRQxhrGHAVX7NslXU5IrZEFEY4CDuflOeLnkWM5eUysnxEjXObErX7H0+L oLYmvE1+EOrbYcnL0eKlwjsglF+brEgWSF/s6orhpsm24NTbOu5NADLThqndB1xwmMKj Klbr0wJhn8FGf3GgCEZMemAnN9xr8Ab4zkOral1vZ1FtW6Y+9VEWGVBg03+2TU34G5zC vBvw== X-Gm-Message-State: AOJu0YwJ10dYAuuzu0mzHC64Rtpryf153v6GLgtZiUIYJ+IJf6n/qAyf rnraxYOZamLNYE9T3th22YaLdGKp5Ii0f3tLHm3l7qyUIvo= X-Google-Smtp-Source: AGHT+IGv3wdru0i+zZv5gupfr08j4ZzEvILYCxrkWMNe6NGc8wpC/f9IDiTcWICa3x62W2BYRLW2GA== X-Received: by 2002:a05:6a20:7f8c:b0:18f:f3f4:e61 with SMTP id d12-20020a056a207f8c00b0018ff3f40e61mr140105pzj.3.1703185203398; Thu, 21 Dec 2023 11:00:03 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:8192:ecd7:d327:bea0:14dc]) by smtp.gmail.com with ESMTPSA id a9-20020a63e409000000b005cdbebd61d8sm1946165pgi.9.2023.12.21.11.00.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 11:00:02 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH 11/15] socket: Improve fortify with clang Date: Thu, 21 Dec 2023 15:59:25 -0300 Message-Id: <20231221185929.1307116-12-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> References: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org It improve fortify checks recv, recvfrom, poll, and ppoll. The compile and runtime hecks have similar coverage as with GCC. Checked on aarch64, armhf, x86_64, and i686. --- io/bits/poll2.h | 29 +++++++++++++++++++++-------- socket/bits/socket2.h | 20 ++++++++++++++++---- 2 files changed, 37 insertions(+), 12 deletions(-) diff --git a/io/bits/poll2.h b/io/bits/poll2.h index d85d3ff48d..745c29fe0d 100644 --- a/io/bits/poll2.h +++ b/io/bits/poll2.h @@ -33,8 +33,13 @@ extern int __REDIRECT (__poll_chk_warn, (struct pollfd *__fds, nfds_t __nfds, __poll_chk) __warnattr ("poll called with fds buffer too small file nfds entries"); -__fortify_function __fortified_attr_access (__write_only__, 1, 2) int -poll (struct pollfd *__fds, nfds_t __nfds, int __timeout) +__fortify_function __fortified_attr_access (__write_only__, 1, 2) +__attribute_overloadable__ int +poll (__fortify_clang_overload_arg (struct pollfd *, ,__fds), nfds_t __nfds, + int __timeout) + __fortify_clang_warning_only_if_bos_lt2 (__nfds, __fds, sizeof (*__fds), + "poll called with fds buffer " + "too small file nfds entries") { return __glibc_fortify (poll, __nfds, sizeof (*__fds), __glibc_objsize (__fds), @@ -58,9 +63,13 @@ extern int __REDIRECT (__ppoll64_chk_warn, (struct pollfd *__fds, nfds_t __n, __ppoll64_chk) __warnattr ("ppoll called with fds buffer too small file nfds entries"); -__fortify_function __fortified_attr_access (__write_only__, 1, 2) int -ppoll (struct pollfd *__fds, nfds_t __nfds, const struct timespec *__timeout, - const __sigset_t *__ss) +__fortify_function __fortified_attr_access (__write_only__, 1, 2) +__attribute_overloadable__ int +ppoll (__fortify_clang_overload_arg (struct pollfd *, ,__fds), nfds_t __nfds, + const struct timespec *__timeout, const __sigset_t *__ss) + __fortify_clang_warning_only_if_bos_lt2 (__nfds, __fds, sizeof (*__fds), + "ppoll called with fds buffer " + "too small file nfds entries") { return __glibc_fortify (ppoll64, __nfds, sizeof (*__fds), __glibc_objsize (__fds), @@ -81,9 +90,13 @@ extern int __REDIRECT (__ppoll_chk_warn, (struct pollfd *__fds, nfds_t __nfds, __ppoll_chk) __warnattr ("ppoll called with fds buffer too small file nfds entries"); -__fortify_function __fortified_attr_access (__write_only__, 1, 2) int -ppoll (struct pollfd *__fds, nfds_t __nfds, const struct timespec *__timeout, - const __sigset_t *__ss) +__fortify_function __fortified_attr_access (__write_only__, 1, 2) +__attribute_overloadable__ int +ppoll (__fortify_clang_overload_arg (struct pollfd *, ,__fds), nfds_t __nfds, + const struct timespec *__timeout, const __sigset_t *__ss) + __fortify_clang_warning_only_if_bos_lt2 (__nfds, __fds, sizeof (*__fds), + "ppoll called with fds buffer " + "too small file nfds entries") { return __glibc_fortify (ppoll, __nfds, sizeof (*__fds), __glibc_objsize (__fds), diff --git a/socket/bits/socket2.h b/socket/bits/socket2.h index ffcc671625..f8ad72ff79 100644 --- a/socket/bits/socket2.h +++ b/socket/bits/socket2.h @@ -30,14 +30,20 @@ extern ssize_t __REDIRECT (__recv_chk_warn, __warnattr ("recv called with bigger length than size of destination " "buffer"); -__fortify_function ssize_t -recv (int __fd, void *__buf, size_t __n, int __flags) +__fortify_function __attribute_overloadable__ ssize_t +recv (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), size_t __n, + int __flags) + __fortify_clang_warning_only_if_bos0_lt (__n, __buf, + "recv called with bigger length than " + "size of destination buffer") { size_t sz = __glibc_objsize0 (__buf); if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) return __recv_alias (__fd, __buf, __n, __flags); +#if !__fortify_use_clang if (__glibc_unsafe_len (__n, sizeof (char), sz)) return __recv_chk_warn (__fd, __buf, __n, sz, __flags); +#endif return __recv_chk (__fd, __buf, __n, sz, __flags); } @@ -57,15 +63,21 @@ extern ssize_t __REDIRECT (__recvfrom_chk_warn, __warnattr ("recvfrom called with bigger length than size of " "destination buffer"); -__fortify_function ssize_t -recvfrom (int __fd, void *__restrict __buf, size_t __n, int __flags, +__fortify_function __attribute_overloadable__ ssize_t +recvfrom (int __fd, __fortify_clang_overload_arg0 (void *, __restrict, __buf), + size_t __n, int __flags, __SOCKADDR_ARG __addr, socklen_t *__restrict __addr_len) + __fortify_clang_warning_only_if_bos0_lt (__n, __buf, + "recvfrom called with bigger length " + "than size of destination buffer") { size_t sz = __glibc_objsize0 (__buf); if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) return __recvfrom_alias (__fd, __buf, __n, __flags, __addr, __addr_len); +#if !__fortify_use_clang if (__glibc_unsafe_len (__n, sizeof (char), sz)) return __recvfrom_chk_warn (__fd, __buf, __n, sz, __flags, __addr, __addr_len); +#endif return __recvfrom_chk (__fd, __buf, __n, sz, __flags, __addr, __addr_len); } From patchwork Thu Dec 21 18:59:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1879414 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=uqYONK06; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sx0Cs3Yfhz1ydZ for ; Fri, 22 Dec 2023 06:02:01 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 4E77A3864C65 for ; Thu, 21 Dec 2023 19:01:56 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) by sourceware.org (Postfix) with ESMTPS id B1A2F384DEC0 for ; Thu, 21 Dec 2023 19:00:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B1A2F384DEC0 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org B1A2F384DEC0 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::42f ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185208; cv=none; b=THSjJ3+6MB+ZF+8ohnCsRLb6p8HjRpFbNa6Kg485l8bIJCGMvnIw0XZWuv4kdCU2LLbHXrQzOoMENLEuMY1cFRwYgFZ62V7TzF5/VFvzfRczhOl1nKgt10z+B/moCwV0IkTtjiMSI2o5RFhOaN/xYaplzaL5joJkYNg74Xa+4iI= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185208; c=relaxed/simple; bh=KGPx8L9/99Xs+uFUrXQd69OoVbOgz1wPVCOc60k4rFs=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=H18mn9I+vcdUyTvqfu9On0oNbcH1r1Kg/w5rmJ/aSdUcIoIZiKa8yDI7YGHcLhNEan8Fw5czmRDItzbfm4BmwZjL0RXVnwb0Y9r8dRzMl3CotYDChVO8LLe6RtbGUXEw1oRltnKYVkduBkjiZpUgyjWr9TGYnsqabu5vVR0D4+M= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x42f.google.com with SMTP id d2e1a72fcca58-6d94308279dso834886b3a.2 for ; Thu, 21 Dec 2023 11:00:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1703185205; x=1703790005; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DFiPWdaibLsWNpMdH26VAD+eJvMmerM/T8rQUKBZNmY=; b=uqYONK06fb9N3ueCFKx4w+BE3WEjYMlH6LRH2eawceb0dhNPUSsNJ23wx5ai2snP+5 9zyWrfl9pJLSlXH8F+26lS4+BRESikpCZW9QkbauwSlfdY3vhnrS2nsIiOlbTnXeo0Tc DWXMnxFuBJIqfmp+WoMmeaSB3wpsf2+9Va6rnC+PEnsQNBBVRXvZeebCV9Y/qsp0VOo5 r2BgwyAca5TlD3oRDV0OGWN1bmvjmPf282K/ghzFWZ8AWZucu/hAMeubIgkNcLyGzBmJ ynAzuSlu+VLgtLcAS8zJVuVDnC0gEJhNDq3KNPPCxyIlOSy3zLp5xVHQzDH9ok4pObsR 4P+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703185205; x=1703790005; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DFiPWdaibLsWNpMdH26VAD+eJvMmerM/T8rQUKBZNmY=; b=EBhzw0jEdBSpHgELb3kmgws5Kb//0TkQhDzcaJX7hxm+Xy/v7rDQZMXutXKELb1GPH 5opzcpeUyAHEysJaHEqN+lOLWIPlA3Q4nR/73EjcZyFZvaW9KzbESpDrvkxqCdW00b/4 6ZLpteB6TiHC0BVbtyOHEG1dFv+QmuRTqfjSj0zGssyxQrblnOVH+O4c9v+i0awUZZc7 03N0lNciu9PW6u2xPzJSVRDHCJwZuJ3edoxT+YkfWV92MvvYpc1YnZfsYcm+vpr9lsbC PmPCHAM8cSC7UdMH+KKNxqaTwexQU3VJMbVfD5uOq46+v3tVeaf8Zr+xh8F/rH8e1PNM CQmw== X-Gm-Message-State: AOJu0Yz40RjewwP09+yr0gxuIQPclZRq+8llCKbiEY6w8avxf4AcU550 6g9Nzu9I1WtU57g9/ziSbpnFxVVzxMHFpxdYpW3a855u80E= X-Google-Smtp-Source: AGHT+IFr3ecikH2Swj1ix/sHZlWLgMjk4DienBEpM11IugBK5zmfmdrzmMT+ANn6038JM9K4W93lYw== X-Received: by 2002:a05:6a20:9191:b0:190:9d87:f9e4 with SMTP id v17-20020a056a20919100b001909d87f9e4mr138631pzd.72.1703185205226; Thu, 21 Dec 2023 11:00:05 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:8192:ecd7:d327:bea0:14dc]) by smtp.gmail.com with ESMTPSA id a9-20020a63e409000000b005cdbebd61d8sm1946165pgi.9.2023.12.21.11.00.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 11:00:04 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH 12/15] syslog: Improve fortify with clang Date: Thu, 21 Dec 2023 15:59:26 -0300 Message-Id: <20231221185929.1307116-13-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> References: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org It improve fortify checks for syslog and vsyslog. The compile and runtime hecks have similar coverage as with GCC. The syslog fortify wrapper calls the va_arg version, since clang does not support __va_arg_pack. Checked on aarch64, armhf, x86_64, and i686. --- misc/bits/syslog.h | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/misc/bits/syslog.h b/misc/bits/syslog.h index d7de90ed14..969ce9e431 100644 --- a/misc/bits/syslog.h +++ b/misc/bits/syslog.h @@ -36,6 +36,15 @@ syslog (int __pri, const char *__fmt, ...) { __syslog_chk (__pri, __USE_FORTIFY_LEVEL - 1, __fmt, __va_arg_pack ()); } +#elif __fortify_use_clang && defined __USE_MISC +__fortify_function_error_function __attribute_overloadable__ void +syslog (int __pri, __fortify_clang_overload_arg (const char *, , __fmt), ...) +{ + __gnuc_va_list __fortify_ap; + __builtin_va_start (__fortify_ap, __fmt); + __vsyslog_chk (__pri, __USE_FORTIFY_LEVEL - 1, __fmt, __fortify_ap); + __builtin_va_end (__fortify_ap); +} #elif !defined __cplusplus # define syslog(pri, ...) \ __syslog_chk (pri, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__) @@ -43,8 +52,9 @@ syslog (int __pri, const char *__fmt, ...) #ifdef __USE_MISC -__fortify_function void -vsyslog (int __pri, const char *__fmt, __gnuc_va_list __ap) +__fortify_function __attribute_overloadable__ void +vsyslog (int __pri, __fortify_clang_overload_arg (const char *, ,__fmt), + __gnuc_va_list __ap) { __vsyslog_chk (__pri, __USE_FORTIFY_LEVEL - 1, __fmt, __ap); } From patchwork Thu Dec 21 18:59:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1879410 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=m7kF63hL; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sx0Bn5TgDz1ydZ for ; Fri, 22 Dec 2023 06:01:05 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id DAEBE386F43F for ; Thu, 21 Dec 2023 19:01:01 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-oa1-x30.google.com (mail-oa1-x30.google.com [IPv6:2001:4860:4864:20::30]) by sourceware.org (Postfix) with ESMTPS id 571AB386480D for ; Thu, 21 Dec 2023 19:00:08 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 571AB386480D Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 571AB386480D Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2001:4860:4864:20::30 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185210; cv=none; b=Xfuc7cJhEzO50rL/oDKVUe+WRMFi7vcFEmsGLJfpMT5jW6wn4J8P1DBkVZyP875mbyn1EnRVmB/9eEjc9D7Pqe/uWgi1idTKM3Z9Ohkq2xzz+oF90qOcIYIk4LMw3Zews3SMMnG7bxZVAehCwU1X07QRVRKzK407kd5fD2nTifc= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185210; c=relaxed/simple; bh=MBhyaBpYyIZwVyXZ4+VYWk1dBzEsDo/so4oXDW8pnq4=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=QhxGjo0YR9LY6E5I4GdsSiszk+t7o0KJ/lP+Zejw765V49SE1yqg4XYFv+K9cPl2c2UonCxndM2/fKV6MJ2nUHQtuQDTSJNIg0QfK1BTcuLirAr0Teks15BIA8nXd9WNrLKUaqpSzdcx3v9GavObdZBz1YcGP/40bhBU5t2vREo= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-oa1-x30.google.com with SMTP id 586e51a60fabf-203fb334415so630767fac.2 for ; Thu, 21 Dec 2023 11:00:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1703185207; x=1703790007; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=QVgi/FkUHcDj4aRGgz03tsM/zP6/epc4Zcfa3AaEJSQ=; b=m7kF63hLsth2YNYKFvsuJ8pwKqk1JR07wggE2scunbOYuFHoDLYHnRv2DU/8mmiKKa jV3FpndZbvFKMU+TOc638EQylFWVTRh3xO7cPrFqct6KAtuNtu4wOLFhaWywaONHBDAt cXQ116bmdVO+9fGre8pmM8nt3sZtg6gIe9IqXUnV/0SZFi8um/5ZMVRqbYHFynDQP92K 0tsTgjvoc59hshdtk0lPnC4RRyuxjRi0/Q9a4eXn9xZa31zruXLHhM/lyLrWwy0fQYl4 k4hThn/fosu9kX2Ge6xG0WgLzoVNeFi9w2mQEOFXcrYVrpD2wXFjC7s9gij9kyN7JXd9 32pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703185207; x=1703790007; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QVgi/FkUHcDj4aRGgz03tsM/zP6/epc4Zcfa3AaEJSQ=; b=UvMCZ9JPWZCGPfI4AiCYnt6juhoeE/4WSkTO5QIRstO+uvIbKJp6xzxZp4RLPbpPHc zlPQcDj9Mc0xEvMj1cGTDJbXRu22LXmWybL7CI548FVTSXsW2N5SAfHsd5SPBNyCE8G6 X+CsyJAAJR9+tSRDfmlbCa50KVOuh+oWT2WJ4qsBGaJjh+2P8Gea3cd2wHf7Idw+163s KREn1U2Mu0YhIiw3rk9egiG4UVfOoesn3q7rOpH2jTdl58mED+DSz0iaUU4FNwO6+nMz 3HtLNM9vkhZiClkaom7XS+hq8QaIWFwwYJer61tGQ/ehP0EfBTX9RWZOFK1jm7lq68yt ft8w== X-Gm-Message-State: AOJu0YyHFAopoJ5SUjN5UQ1DNsnDjP8UuQ3Fwek+eUQLiDmEIExw3qY9 gAbbX2Nd7XGp2n/1bjBuwwP88mIW1oQBq9SodyUHbpu6PJ4= X-Google-Smtp-Source: AGHT+IHhp5Nk6hPxuGaAoMnR5OSjeV2dWHyQXYEq4+eRxmY0ruIvP/SM5i8H65SYQEGaDD9vm+WL2g== X-Received: by 2002:a05:6870:c085:b0:204:34c:647c with SMTP id c5-20020a056870c08500b00204034c647cmr308911oad.29.1703185207007; Thu, 21 Dec 2023 11:00:07 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:8192:ecd7:d327:bea0:14dc]) by smtp.gmail.com with ESMTPSA id a9-20020a63e409000000b005cdbebd61d8sm1946165pgi.9.2023.12.21.11.00.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 11:00:06 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH 13/15] wcsmbs: Improve fortify with clang Date: Thu, 21 Dec 2023 15:59:27 -0300 Message-Id: <20231221185929.1307116-14-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> References: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org It improve fortify checks for wmemcpy, wmemmove, wmemset, wcscpy, wcpcpy, wcsncpy, wcpncpy, wcscat, wcsncat, wcslcpy, wcslcat, swprintf, fgetws, fgetws_unlocked, wcrtomb, mbsrtowcs, wcsrtombs, mbsnrtowcs, and wcsnrtombs. The compile and runtime checks have similar coverage as with GCC. Checked on aarch64, armhf, x86_64, and i686. --- wcsmbs/bits/wchar2.h | 167 ++++++++++++++++++++++++++++++------------- 1 file changed, 119 insertions(+), 48 deletions(-) diff --git a/wcsmbs/bits/wchar2.h b/wcsmbs/bits/wchar2.h index 6e6234d606..c9c4681c82 100644 --- a/wcsmbs/bits/wchar2.h +++ b/wcsmbs/bits/wchar2.h @@ -20,17 +20,24 @@ # error "Never include directly; use instead." #endif -__fortify_function wchar_t * -__NTH (wmemcpy (wchar_t *__restrict __s1, const wchar_t *__restrict __s2, - size_t __n)) +__fortify_function __attribute_overloadable__ wchar_t * +__NTH (wmemcpy (__fortify_clang_overload_arg (wchar_t *, __restrict, __s1), + const wchar_t *__restrict __s2, size_t __n)) + __fortify_clang_warning_only_if_bos0_lt2 (__n, __s1, sizeof (wchar_t), + "wmemcpy called with length bigger " + "than size of destination buffer") { return __glibc_fortify_n (wmemcpy, __n, sizeof (wchar_t), __glibc_objsize0 (__s1), __s1, __s2, __n); } -__fortify_function wchar_t * -__NTH (wmemmove (wchar_t *__s1, const wchar_t *__s2, size_t __n)) +__fortify_function __attribute_overloadable__ wchar_t * +__NTH (wmemmove (__fortify_clang_overload_arg (wchar_t *, ,__s1), + const wchar_t *__s2, size_t __n)) + __fortify_clang_warning_only_if_bos0_lt2 (__n, __s1, sizeof (wchar_t), + "wmemmove called with length bigger " + "than size of destination buffer") { return __glibc_fortify_n (wmemmove, __n, sizeof (wchar_t), __glibc_objsize0 (__s1), @@ -38,9 +45,12 @@ __NTH (wmemmove (wchar_t *__s1, const wchar_t *__s2, size_t __n)) } #ifdef __USE_GNU -__fortify_function wchar_t * -__NTH (wmempcpy (wchar_t *__restrict __s1, const wchar_t *__restrict __s2, - size_t __n)) +__fortify_function __attribute_overloadable__ wchar_t * +__NTH (wmempcpy (__fortify_clang_overload_arg (wchar_t *, __restrict, __s1), + const wchar_t *__restrict __s2, size_t __n)) + __fortify_clang_warning_only_if_bos0_lt2 (__n, __s1, sizeof (wchar_t), + "wmempcpy called with length bigger " + "than size of destination buffer") { return __glibc_fortify_n (wmempcpy, __n, sizeof (wchar_t), __glibc_objsize0 (__s1), @@ -48,16 +58,21 @@ __NTH (wmempcpy (wchar_t *__restrict __s1, const wchar_t *__restrict __s2, } #endif -__fortify_function wchar_t * -__NTH (wmemset (wchar_t *__s, wchar_t __c, size_t __n)) +__fortify_function __attribute_overloadable__ wchar_t * +__NTH (wmemset (__fortify_clang_overload_arg (wchar_t *, ,__s), wchar_t __c, + size_t __n)) + __fortify_clang_warning_only_if_bos0_lt2 (__n, __s, sizeof (wchar_t), + "wmemset called with length bigger " + "than size of destination buffer") { return __glibc_fortify_n (wmemset, __n, sizeof (wchar_t), __glibc_objsize0 (__s), __s, __c, __n); } -__fortify_function wchar_t * -__NTH (wcscpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src)) +__fortify_function __attribute_overloadable__ wchar_t * +__NTH (wcscpy (__fortify_clang_overload_arg (wchar_t *, __restrict, __dest), + const wchar_t *__restrict __src)) { size_t sz = __glibc_objsize (__dest); if (sz != (size_t) -1) @@ -65,8 +80,9 @@ __NTH (wcscpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src)) return __wcscpy_alias (__dest, __src); } -__fortify_function wchar_t * -__NTH (wcpcpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src)) +__fortify_function __attribute_overloadable__ wchar_t * +__NTH (wcpcpy (__fortify_clang_overload_arg (wchar_t *, __restrict, __dest), + const wchar_t *__restrict __src)) { size_t sz = __glibc_objsize (__dest); if (sz != (size_t) -1) @@ -74,26 +90,33 @@ __NTH (wcpcpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src)) return __wcpcpy_alias (__dest, __src); } -__fortify_function wchar_t * -__NTH (wcsncpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src, - size_t __n)) +__fortify_function __attribute_overloadable__ wchar_t * +__NTH (wcsncpy (__fortify_clang_overload_arg (wchar_t *, __restrict, __dest), + const wchar_t *__restrict __src, size_t __n)) + __fortify_clang_warning_only_if_bos0_lt2 (__n, __dest, sizeof (wchar_t), + "wcsncpy called with length bigger " + "than size of destination buffer") { return __glibc_fortify_n (wcsncpy, __n, sizeof (wchar_t), __glibc_objsize (__dest), __dest, __src, __n); } -__fortify_function wchar_t * -__NTH (wcpncpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src, - size_t __n)) +__fortify_function __attribute_overloadable__ wchar_t * +__NTH (wcpncpy (__fortify_clang_overload_arg (wchar_t *, __restrict, __dest), + const wchar_t *__restrict __src, size_t __n)) + __fortify_clang_warning_only_if_bos0_lt2 (__n, __dest, sizeof (wchar_t), + "wcpncpy called with length bigger " + "than size of destination buffer") { return __glibc_fortify_n (wcpncpy, __n, sizeof (wchar_t), __glibc_objsize (__dest), __dest, __src, __n); } -__fortify_function wchar_t * -__NTH (wcscat (wchar_t *__restrict __dest, const wchar_t *__restrict __src)) +__fortify_function __attribute_overloadable__ wchar_t * +__NTH (wcscat (__fortify_clang_overload_arg (wchar_t *, __restrict, __dest), + const wchar_t *__restrict __src)) { size_t sz = __glibc_objsize (__dest); if (sz != (size_t) -1) @@ -101,9 +124,9 @@ __NTH (wcscat (wchar_t *__restrict __dest, const wchar_t *__restrict __src)) return __wcscat_alias (__dest, __src); } -__fortify_function wchar_t * -__NTH (wcsncat (wchar_t *__restrict __dest, const wchar_t *__restrict __src, - size_t __n)) +__fortify_function __attribute_overloadable__ wchar_t * +__NTH (wcsncat (__fortify_clang_overload_arg (wchar_t *, __restrict, __dest), + const wchar_t *__restrict __src, size_t __n)) { size_t sz = __glibc_objsize (__dest); if (sz != (size_t) -1) @@ -112,9 +135,12 @@ __NTH (wcsncat (wchar_t *__restrict __dest, const wchar_t *__restrict __src, } #ifdef __USE_MISC -__fortify_function size_t -__NTH (wcslcpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src, - size_t __n)) +__fortify_function __attribute_overloadable__ size_t +__NTH (wcslcpy (__fortify_clang_overload_arg (wchar_t *, __restrict, __dest), + const wchar_t *__restrict __src, size_t __n)) + __fortify_clang_warning_only_if_bos0_lt2 (__n, __dest, sizeof (wchar_t), + "wcslcpy called with length bigger " + "than size of destination buffer") { if (__glibc_objsize (__dest) != (size_t) -1 && (!__builtin_constant_p (__n @@ -125,9 +151,9 @@ __NTH (wcslcpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src, return __wcslcpy_alias (__dest, __src, __n); } -__fortify_function size_t -__NTH (wcslcat (wchar_t *__restrict __dest, const wchar_t *__restrict __src, - size_t __n)) +__fortify_function __attribute_overloadable__ size_t +__NTH (wcslcat (__fortify_clang_overload_arg (wchar_t *, __restrict, __dest), + const wchar_t *__restrict __src, size_t __n)) { if (__glibc_objsize (__dest) != (size_t) -1 && (!__builtin_constant_p (__n > __glibc_objsize (__dest) @@ -150,6 +176,23 @@ __NTH (swprintf (wchar_t *__restrict __s, size_t __n, sz / sizeof (wchar_t), __fmt, __va_arg_pack ()); return __swprintf_alias (__s, __n, __fmt, __va_arg_pack ()); } +#elif __fortify_use_clang +__fortify_function_error_function __attribute_overloadable__ int +__NTH (swprintf (__fortify_clang_overload_arg (wchar_t *, __restrict, __s), + size_t __n, const wchar_t *__restrict __fmt, ...)) +{ + __gnuc_va_list __fortify_ap; + __builtin_va_start (__fortify_ap, __fmt); + int __r; + if (__glibc_objsize (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) + __r = __vswprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, + __glibc_objsize (__s) / sizeof (wchar_t), + __fmt, __fortify_ap); + else + __r = __vswprintf_alias (__s, __n, __fmt, __fortify_ap); + __builtin_va_end (__fortify_ap); + return __r; +} #elif !defined __cplusplus /* XXX We might want to have support in gcc for swprintf. */ # define swprintf(s, n, ...) \ @@ -207,34 +250,46 @@ vfwprintf (__FILE *__restrict __stream, } #endif -__fortify_function __wur wchar_t * -fgetws (wchar_t *__restrict __s, int __n, __FILE *__restrict __stream) +__fortify_function __attribute_overloadable__ __wur wchar_t * +fgetws (__fortify_clang_overload_arg (wchar_t *, __restrict, __s), int __n, + __FILE *__restrict __stream) + __fortify_clang_warning_only_if_bos_lt2 (__n, __s, sizeof (wchar_t), + "fgetws called with length bigger " + "than size of destination buffer") { size_t sz = __glibc_objsize (__s); if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), sz)) return __fgetws_alias (__s, __n, __stream); +#if !__fortify_use_clang if (__glibc_unsafe_len (__n, sizeof (wchar_t), sz)) return __fgetws_chk_warn (__s, sz / sizeof (wchar_t), __n, __stream); +#endif return __fgetws_chk (__s, sz / sizeof (wchar_t), __n, __stream); } #ifdef __USE_GNU -__fortify_function __wur wchar_t * -fgetws_unlocked (wchar_t *__restrict __s, int __n, __FILE *__restrict __stream) +__fortify_function __attribute_overloadable__ __wur wchar_t * +fgetws_unlocked (__fortify_clang_overload_arg (wchar_t *, __restrict, __s), + int __n, __FILE *__restrict __stream) + __fortify_clang_warning_only_if_bos_lt2 (__n, __s, sizeof (wchar_t), + "fgetws_unlocked called with length bigger " + "than size of destination buffer") { size_t sz = __glibc_objsize (__s); if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), sz)) return __fgetws_unlocked_alias (__s, __n, __stream); +# if !__fortify_use_clang if (__glibc_unsafe_len (__n, sizeof (wchar_t), sz)) return __fgetws_unlocked_chk_warn (__s, sz / sizeof (wchar_t), __n, __stream); +# endif return __fgetws_unlocked_chk (__s, sz / sizeof (wchar_t), __n, __stream); } #endif -__fortify_function __wur size_t -__NTH (wcrtomb (char *__restrict __s, wchar_t __wchar, - mbstate_t *__restrict __ps)) +__fortify_function __attribute_overloadable__ __wur size_t +__NTH (wcrtomb (__fortify_clang_overload_arg (char *, __restrict, __s), + wchar_t __wchar, mbstate_t *__restrict __ps)) { /* We would have to include to get a definition of MB_LEN_MAX. But this would only disturb the namespace. So we define our own @@ -249,18 +304,26 @@ __NTH (wcrtomb (char *__restrict __s, wchar_t __wchar, return __wcrtomb_alias (__s, __wchar, __ps); } -__fortify_function size_t -__NTH (mbsrtowcs (wchar_t *__restrict __dst, const char **__restrict __src, +__fortify_function __attribute_overloadable__ size_t +__NTH (mbsrtowcs (__fortify_clang_overload_arg (wchar_t *, __restrict, __dst), + const char **__restrict __src, size_t __len, mbstate_t *__restrict __ps)) + __fortify_clang_warning_only_if_bos_lt2 (__len, __dst, sizeof (wchar_t), + "mbsrtowcs called with dst buffer " + "smaller than len * sizeof (wchar_t)") { return __glibc_fortify_n (mbsrtowcs, __len, sizeof (wchar_t), __glibc_objsize (__dst), __dst, __src, __len, __ps); } -__fortify_function size_t -__NTH (wcsrtombs (char *__restrict __dst, const wchar_t **__restrict __src, +__fortify_function __attribute_overloadable__ size_t +__NTH (wcsrtombs (__fortify_clang_overload_arg (char *, __restrict, __dst), + const wchar_t **__restrict __src, size_t __len, mbstate_t *__restrict __ps)) + __fortify_clang_warning_only_if_bos_lt (__len, __dst, + "wcsrtombs called with dst buffer " + "smaller than len") { return __glibc_fortify (wcsrtombs, __len, sizeof (char), __glibc_objsize (__dst), @@ -269,18 +332,26 @@ __NTH (wcsrtombs (char *__restrict __dst, const wchar_t **__restrict __src, #ifdef __USE_XOPEN2K8 -__fortify_function size_t -__NTH (mbsnrtowcs (wchar_t *__restrict __dst, const char **__restrict __src, - size_t __nmc, size_t __len, mbstate_t *__restrict __ps)) +__fortify_function __attribute_overloadable__ size_t +__NTH (mbsnrtowcs (__fortify_clang_overload_arg (wchar_t *, __restrict, __dst), + const char **__restrict __src, size_t __nmc, size_t __len, + mbstate_t *__restrict __ps)) + __fortify_clang_warning_only_if_bos_lt (sizeof (wchar_t) * __len, __dst, + "mbsnrtowcs called with dst buffer " + "smaller than len * sizeof (wchar_t)") { return __glibc_fortify_n (mbsnrtowcs, __len, sizeof (wchar_t), __glibc_objsize (__dst), __dst, __src, __nmc, __len, __ps); } -__fortify_function size_t -__NTH (wcsnrtombs (char *__restrict __dst, const wchar_t **__restrict __src, - size_t __nwc, size_t __len, mbstate_t *__restrict __ps)) +__fortify_function __attribute_overloadable__ size_t +__NTH (wcsnrtombs (__fortify_clang_overload_arg (char *, __restrict, __dst), + const wchar_t **__restrict __src, size_t __nwc, + size_t __len, mbstate_t *__restrict __ps)) + __fortify_clang_warning_only_if_bos_lt (__len, __dst, + "wcsnrtombs called with dst buffer " + "smaller than len") { return __glibc_fortify (wcsnrtombs, __len, sizeof (char), __glibc_objsize (__dst), From patchwork Thu Dec 21 18:59:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1879416 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=ljeKR7D3; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sx0DP3bX8z1ydZ for ; Fri, 22 Dec 2023 06:02:29 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 811323881D1D for ; Thu, 21 Dec 2023 19:02:19 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-il1-x132.google.com (mail-il1-x132.google.com [IPv6:2607:f8b0:4864:20::132]) by sourceware.org (Postfix) with ESMTPS id 29B683858402 for ; Thu, 21 Dec 2023 19:00:10 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 29B683858402 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 29B683858402 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::132 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185212; cv=none; b=V5or12L2/6z2X6cdPogoWQgbOteb8GfUGcRbECnLmUN3RF6zhQ3p3JDV244vCWVUn14R5m2E113+xRjAUFeTxy5269j9sDsRc6WJKrXvSU91Nnvf48Np1bSxJGd/5xEaMwt4/TujdWVqEYdcQ7WHCY8w9Bkw3IaXD3iNCoynKlc= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185212; c=relaxed/simple; bh=ZlYkZP+3CSV87CtK108se2sIyyFykBiV7F166IGISeI=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=v80Ui9ZtBFd3WfOf7eoGisWyegYfg26ajnRBY/1MaJaW3H1GAvRxAbuOm0XRPXI9hxxz3v/FdX2cDW4JNzvbN7MYBMrMqzTYUFqDQQZ5CkkcGTJlZEaXj0i9g+Q0y8feEb5P0gudLiES8Mgd6ulXOYTXT99eazRZn5HNqOlt4/4= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-il1-x132.google.com with SMTP id e9e14a558f8ab-35d82fb7e86so4290725ab.2 for ; Thu, 21 Dec 2023 11:00:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1703185209; x=1703790009; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=MS3FwM8vo9Nam2qloio0KNzMXLmjvAQeAtRpkk8B6As=; b=ljeKR7D3PoAD8nYdEct1ItlKV8BcT6j63w7UdwKvJRRjdE0b0VP6ZiAUi1cjyqkVPH 6Gfgl6mQixH5nijq8LP4OY2kV3C85h88BhIrPIoSkvJqnoJDNPlVYbtFqsnea8oeitvW kFweq9e712AlRlZodZTCF3Aq6o/4bA90wFtkgiw86jSfh+IIBfRKC14nFmpGJmi6pnAK bAX74WJ9EG/7CubYfaD0PhHnsjWQFem9bLetRdy6u6Q9OOxNjJ1sylzpPAdDIxMYKyu8 QGvxckC8R3Ly5PWRrVhy8KDyvgCRyjRGmB4sjyP0c7gCbWI3sub2+B+57jPOJFmdlhoW JUsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703185209; x=1703790009; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MS3FwM8vo9Nam2qloio0KNzMXLmjvAQeAtRpkk8B6As=; b=hVzVrozdlWjHo2lhoKqzI1ZUsH68zTZl6DZzBbIq2ZxFO45HLNum4QwOlOGeHO1yaI EBhVBYSJ4U5jcN11ms9mmEgGmTSMgFb1DwqEljvmCkC7BP945sdLMtWoaZ67CQCb4Tr6 ZRpKq6TX1WLzGfsHoC0ZcZmf0XybiLasQF22oD/Z+HnU1Ikvk578J5yKqusy363tUaXI yzIsz9+DcbkxEQFe/oRKhG+k0O1RLqFOSeplSJWDgk9yB6jlADlUkAxca1ycVdFuJTHy A3y3Z85APEEeZyrVcImGXliPiPuOsBnTRfHuMV+9J5g79oCi90HehfeEyV8do39TrGIm 5gzg== X-Gm-Message-State: AOJu0YzxmGYCINz2bQOFO2uMM8r9UGQh7cn0MLKHgGd+VdVANG9K2bCJ l9ePk+6e1v9NENZIBQiPZGMzJuKK2dPPcbn7goSur6/hW90= X-Google-Smtp-Source: AGHT+IEv6YcJoQXzUQVGTzwbyyMhrXsXwiU/4Ji8QWyWavOG9UXrJAh4oENeF8GNaN0nMs5Pm9E99w== X-Received: by 2002:a05:6e02:1c48:b0:35d:6619:c5fc with SMTP id d8-20020a056e021c4800b0035d6619c5fcmr99514ilg.43.1703185208883; Thu, 21 Dec 2023 11:00:08 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:8192:ecd7:d327:bea0:14dc]) by smtp.gmail.com with ESMTPSA id a9-20020a63e409000000b005cdbebd61d8sm1946165pgi.9.2023.12.21.11.00.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 11:00:08 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH 14/15] debug: Improve fcntl.h fortify warnings with clang Date: Thu, 21 Dec 2023 15:59:28 -0300 Message-Id: <20231221185929.1307116-15-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> References: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org It improves open, open64, openat, and openat64. The compile and runtime checks have similar coverage as with GCC. Checked on aarch64, armhf, x86_64, and i686. --- io/bits/fcntl2.h | 92 ++++++++++++++++++++++++++++++++++++++++++++++++ io/fcntl.h | 3 +- misc/sys/cdefs.h | 7 ++++ 3 files changed, 100 insertions(+), 2 deletions(-) diff --git a/io/bits/fcntl2.h b/io/bits/fcntl2.h index bdb48fa815..6aa7793a81 100644 --- a/io/bits/fcntl2.h +++ b/io/bits/fcntl2.h @@ -32,6 +32,8 @@ extern int __REDIRECT (__open_2, (const char *__path, int __oflag), extern int __REDIRECT (__open_alias, (const char *__path, int __oflag, ...), open64) __nonnull ((1)); #endif + +#ifdef __va_arg_pack_len __errordecl (__open_too_many_args, "open can be called either with 2 or 3 arguments, not more"); __errordecl (__open_missing_mode, @@ -58,12 +60,34 @@ open (const char *__path, int __oflag, ...) return __open_alias (__path, __oflag, __va_arg_pack ()); } +#elif __fortify_use_clang +__fortify_function_error_function __attribute_overloadable__ int +open (const char *__path, int __oflag, mode_t __mode, ...) + __fortify_clang_unavailable ("open can be called either with 2 or 3 arguments, not more"); + +__fortify_function __attribute_overloadable__ int +open (__fortify_clang_overload_arg (const char *, ,__path), int __oflag) + __fortify_clang_prefer_this_overload + __fortify_clang_error (__OPEN_NEEDS_MODE (__oflag), + "open with O_CREAT or O_TMPFILE in second argument needs 3 arguments") +{ + return __open_2 (__path, __oflag); +} + +__fortify_function __attribute_overloadable__ int +open (__fortify_clang_overload_arg (const char *, ,__path), int __oflag, + mode_t __mode) +{ + return __open_alias (__path, __oflag); +} +#endif #ifdef __USE_LARGEFILE64 extern int __open64_2 (const char *__path, int __oflag) __nonnull ((1)); extern int __REDIRECT (__open64_alias, (const char *__path, int __oflag, ...), open64) __nonnull ((1)); +# ifdef __va_arg_pack_len __errordecl (__open64_too_many_args, "open64 can be called either with 2 or 3 arguments, not more"); __errordecl (__open64_missing_mode, @@ -90,6 +114,27 @@ open64 (const char *__path, int __oflag, ...) return __open64_alias (__path, __oflag, __va_arg_pack ()); } +# elif __fortify_use_clang +__fortify_function_error_function __attribute_overloadable__ int +open64 (const char *__path, int __oflag, mode_t __mode, ...) + __fortify_clang_unavailable ("open64 can be called either with 2 or 3 arguments, not more"); + +__fortify_function __attribute_overloadable__ int +open64 (__fortify_clang_overload_arg (const char *, ,__path), int __oflag) + __fortify_clang_prefer_this_overload + __fortify_clang_error (__OPEN_NEEDS_MODE (__oflag), + "open64 with O_CREAT or O_TMPFILE in second argument needs 3 arguments") +{ + return __open64_2 (__path, __oflag); +} + +__fortify_function __attribute_overloadable__ int +open64 (__fortify_clang_overload_arg (const char *, ,__path), int __oflag, + mode_t __mode) +{ + return __open64_alias (__path, __oflag); +} +# endif #endif @@ -108,6 +153,8 @@ extern int __REDIRECT (__openat_alias, (int __fd, const char *__path, int __oflag, ...), openat64) __nonnull ((2)); # endif + +# ifdef __va_arg_pack_len __errordecl (__openat_too_many_args, "openat can be called either with 3 or 4 arguments, not more"); __errordecl (__openat_missing_mode, @@ -134,6 +181,28 @@ openat (int __fd, const char *__path, int __oflag, ...) return __openat_alias (__fd, __path, __oflag, __va_arg_pack ()); } +# elif __fortify_use_clang +__fortify_function_error_function __attribute_overloadable__ int +openat (int __fd, const char *__path, int __oflag, mode_t __mode, ...) + __fortify_clang_unavailable ("openat can be called either with 3 or 4 arguments, not more"); + +__fortify_function __attribute_overloadable__ int +openat (int __fd, __fortify_clang_overload_arg (const char *, ,__path), + int __oflag) + __fortify_clang_prefer_this_overload + __fortify_clang_error (__OPEN_NEEDS_MODE (__oflag), + "openat with O_CREAT or O_TMPFILE in third argument needs 4 arguments") +{ + return __openat_2 (__fd, __path, __oflag); +} + +__fortify_function __attribute_overloadable__ int +openat (int __fd, __fortify_clang_overload_arg (const char *, ,__path), + int __oflag, mode_t __mode) +{ + return __openat_alias (__fd, __path, __oflag); +} +# endif # ifdef __USE_LARGEFILE64 @@ -147,6 +216,7 @@ __errordecl (__openat64_too_many_args, __errordecl (__openat64_missing_mode, "openat64 with O_CREAT or O_TMPFILE in third argument needs 4 arguments"); +# ifdef __va_arg_pack_len __fortify_function int openat64 (int __fd, const char *__path, int __oflag, ...) { @@ -168,5 +238,27 @@ openat64 (int __fd, const char *__path, int __oflag, ...) return __openat64_alias (__fd, __path, __oflag, __va_arg_pack ()); } +# elif __fortify_use_clang +__fortify_function_error_function __attribute_overloadable__ int +openat64 (int __fd, const char *__path, int __oflag, mode_t __mode, ...) + __fortify_clang_unavailable ("openat64 can be called either with 3 or 4 arguments, not more"); + +__fortify_function __attribute_overloadable__ int +openat64 (int __fd, __fortify_clang_overload_arg (const char *, ,__path), + int __oflag) + __fortify_clang_prefer_this_overload + __fortify_clang_error (__OPEN_NEEDS_MODE (__oflag), + "openat64 with O_CREAT or O_TMPFILE in third argument needs 4 arguments") +{ + return __openat64_2 (__fd, __path, __oflag); +} + +__fortify_function __attribute_overloadable__ int +openat64 (int __fd, __fortify_clang_overload_arg (const char *, ,__path), + int __oflag, mode_t __mode) +{ + return __openat64_alias (__fd, __path, __oflag); +} +# endif # endif #endif diff --git a/io/fcntl.h b/io/fcntl.h index dd620c086f..ac5e5cb72c 100644 --- a/io/fcntl.h +++ b/io/fcntl.h @@ -337,8 +337,7 @@ extern int posix_fallocate64 (int __fd, off64_t __offset, off64_t __len); /* Define some inlines helping to catch common problems. */ -#if __USE_FORTIFY_LEVEL > 0 && defined __fortify_function \ - && defined __va_arg_pack_len +#if __USE_FORTIFY_LEVEL > 0 && defined __fortify_function # include #endif diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h index 659ffc96a7..a9022621e2 100644 --- a/misc/sys/cdefs.h +++ b/misc/sys/cdefs.h @@ -271,6 +271,8 @@ # define __fortify_clang_warning(__c, __msg) \ __attribute__ ((__diagnose_if__ ((__c), (__msg), "warning"))) +# define __fortify_clang_error(__c, __msg) \ + __attribute__ ((__diagnose_if__ ((__c), (__msg), "error"))) # define __fortify_clang_warning_only_if_bos0_lt(n, buf, complaint) \ __attribute__ ((__diagnose_if__ \ (__fortify_clang_bosn_args (__bos0, n, buf, 1, complaint)))) @@ -284,6 +286,11 @@ __attribute__ ((__diagnose_if__ \ (__fortify_clang_bosn_args (__bos, n, buf, div, complaint)))) +# define __fortify_clang_prefer_this_overload \ + __attribute__ ((enable_if (1, ""))) +# define __fortify_clang_unavailable(__msg) \ + __attribute__ ((unavailable(__msg))) + # if __USE_FORTIFY_LEVEL == 3 # define __fortify_clang_overload_arg(__type, __attr, __name) \ __type __attr const __fortify_clang_pass_dynamic_object_size __name From patchwork Thu Dec 21 18:59:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1879417 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=Rf4V05pl; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=8.43.85.97; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sx0Db0d7pz1ydZ for ; Fri, 22 Dec 2023 06:02:39 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 446283884510 for ; Thu, 21 Dec 2023 19:02:28 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-oa1-x2c.google.com (mail-oa1-x2c.google.com [IPv6:2001:4860:4864:20::2c]) by sourceware.org (Postfix) with ESMTPS id 44931386483A for ; Thu, 21 Dec 2023 19:00:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 44931386483A Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 44931386483A Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2001:4860:4864:20::2c ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185213; cv=none; b=hXSIRQieZc/rZks7JAT+g1oLwbPbqNVgIlOmAcQcDQMQM6lICufhBfNENBHx2tHQDwpT4UsKefHdY0CCMVAwsf1VCY/BL1sQIziiDLK562FRH0CgvbTr16bzpZmW8Pi3YmCOJVH22pQdDdKp5Dzu4PlOVNl4F7XRyTsehGV7Lx8= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185213; c=relaxed/simple; bh=lUM9r+i9ii24+v8dqFii9sEBtWAGGbQhqJsHzmzNfJ0=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=Hs3DRmbv3DEAuG2Rnkt92jGCI+J1iNBrUnxlhHCnCLzoa1pZKmBhcjI5kNg7QFfVzxnh9G37uRrQrJ6NB1A57sD7EyrsQKDlh4rjR25BcwN3NA1qlWrx2e8pi2gx0o34paAEos8XxOMDEGZbOoVTYJSg3tHiotj8fXqw2FPGRVA= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-oa1-x2c.google.com with SMTP id 586e51a60fabf-2041064831bso757887fac.3 for ; Thu, 21 Dec 2023 11:00:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1703185211; x=1703790011; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=zJ1WEfBX7wXWDN/2IZ2D/88qLBvsCBl84PYhuvSQEU0=; b=Rf4V05plTOA3LbU/552iWs00hcoPEeirnYGeY13MBFnrMY3FT/lK0gdzN6UL3oho66 t2YIDOhDSaTxdQd0O5aRhSU0p063gkVDZizz2NDdgprknSOavIerr306mNgnCCE3p/40 yW0ydRiWPFk+2Z5DUFZYikJWVVaseJeQaTjXyz93J45Hhg1ElgKD3Zmpbs9pC5F/09UV dBSVY1d/3yX1a32u+++HoCOG7kyTbkZKFexhFPi2IlaI7aDmDtGqvgCVtce3VebWlizn Wx4NWGja7R3OcIaFeAbHsIpHfJZzbtv2iMOMn/DHtfTVq0DLx2pAUi1u/3JthW2oPmvI rG1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703185211; x=1703790011; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zJ1WEfBX7wXWDN/2IZ2D/88qLBvsCBl84PYhuvSQEU0=; b=Yw1SASsSF75tyK/29AXQrLapbJxVy+LczWK/TJeYZAyXZU2SIy/+LA6s9D7kosCe1F reZv1xY3F4WDz1M7iUluAEfvGrbk+EoxmybAbzxgoN3neQ5NOMRptWLGcEvFkSQDpiB+ uCH+15UxAVAg7Rt7/ggkwm5U304I7c41DCyB7m/WZcqOxwHSyZkAqDyGmJnyKc7QWrkz zWaRE2VB7/j9TSN5P6r4Ey+W5dEq+EF983foG4+va3rWidxC4yDdFYz6OpWIdU0U4lUI dFaSsrIdwZtGckDTvV0/gui8I2PMcpczOwzSsBtIqd+p/BlGqZtQOmTKIaal2NEeqUMt uYRA== X-Gm-Message-State: AOJu0Ywjt2GwLxqEuRd3AWk6/PSPZJK73rNzipABTVkm5wKB4yw2oJWo QmfIWb+ZF6P6gN1nbmzlqjvFL0LIx7KieCdGfz4KyL+Uf8o= X-Google-Smtp-Source: AGHT+IFFgXUfi6SvdPljjw2zpA7IlrPI80KXgz4OSEOuR95hUblNhP2lsoqTtQLoR13qw9g6974cIg== X-Received: by 2002:a05:6870:7191:b0:204:1347:4775 with SMTP id d17-20020a056870719100b0020413474775mr252794oah.72.1703185210957; Thu, 21 Dec 2023 11:00:10 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:8192:ecd7:d327:bea0:14dc]) by smtp.gmail.com with ESMTPSA id a9-20020a63e409000000b005cdbebd61d8sm1946165pgi.9.2023.12.21.11.00.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 11:00:10 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH 15/15] debug: Improve mqueue.h fortify warnings with clang Date: Thu, 21 Dec 2023 15:59:29 -0300 Message-Id: <20231221185929.1307116-16-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> References: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org It improve mq_open. The compile and runtime checks have similar coverage as with GCC. Checked on aarch64, armhf, x86_64, and i686. --- rt/bits/mqueue2.h | 29 +++++++++++++++++++++++++++++ rt/mqueue.h | 3 +-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/rt/bits/mqueue2.h b/rt/bits/mqueue2.h index c1d86662dc..69897fd578 100644 --- a/rt/bits/mqueue2.h +++ b/rt/bits/mqueue2.h @@ -29,6 +29,8 @@ extern mqd_t __mq_open_2 (const char *__name, int __oflag) extern mqd_t __REDIRECT_NTH (__mq_open_alias, (const char *__name, int __oflag, ...), mq_open) __nonnull ((1)); + +#ifdef __va_arg_pack_len __errordecl (__mq_open_wrong_number_of_args, "mq_open can be called either with 2 or 4 arguments"); __errordecl (__mq_open_missing_mode_and_attr, @@ -55,3 +57,30 @@ __NTH (mq_open (const char *__name, int __oflag, ...)) return __mq_open_alias (__name, __oflag, __va_arg_pack ()); } +#elif __fortify_use_clang +__fortify_function_error_function __attribute_overloadable__ mqd_t +__NTH (mq_open (const char *__name, int __oflag, mode_t mode)) + __fortify_clang_unavailable ("mq_open can be called either with 2 or 4 arguments"); + +__fortify_function_error_function __attribute_overloadable__ mqd_t +__NTH (mq_open (const char *__name, int __oflag, mode_t mode, + struct mq_attr *attr, ...)) + __fortify_clang_unavailable ("mq_open can be called either with 2 or 4 arguments"); + +__fortify_function __attribute_overloadable__ mqd_t +__NTH (mq_open (__fortify_clang_overload_arg (const char *, ,__name), + int __oflag)) + __fortify_clang_prefer_this_overload + __fortify_clang_error ((__oflag & O_CREAT), + "mq_open with O_CREAT in second argument needs 4 arguments") +{ + return __mq_open_alias (__name, __oflag); +} + +__fortify_function __attribute_overloadable__ mqd_t +__NTH (mq_open (__fortify_clang_overload_arg (const char *, ,__name), + int __oflag, int __mode, struct mq_attr *__attr)) +{ + return __mq_open_alias (__name, __oflag, __mode, __attr); +} +#endif diff --git a/rt/mqueue.h b/rt/mqueue.h index 126a6b54b3..9279763841 100644 --- a/rt/mqueue.h +++ b/rt/mqueue.h @@ -110,8 +110,7 @@ extern int __REDIRECT (mq_timedsend, (mqd_t __mqdes, #endif /* Define some inlines helping to catch common problems. */ -#if __USE_FORTIFY_LEVEL > 0 && defined __fortify_function \ - && defined __va_arg_pack_len +#if __USE_FORTIFY_LEVEL > 0 && defined __fortify_function # include #endif