Message ID | 20230730192605.2423480-1-bugaevc@gmail.com |
---|---|
Headers |
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 66C1C3857733 for <patchwork@sourceware.org>; Sun, 30 Jul 2023 19:26:37 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 66C1C3857733 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1690745197; bh=gVTSh75c1c3xsiUSzW3gV5Z4NMS5s8+sfBy59DuF4HE=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=S2Zggm4LUPPh1bv7+tntLUGTY/+M1HAIpk+y1ZgiZ0uxf1T4GtaPPjtteSyHOjaee QWiVAVoY9KQ8QlgrF+de2+7K1FmZX1IgGNjTERTP+72zj7mu/gjaol3NsMGF48m26X zWcX/8wmtj+12q5ibkbt4HPWXDeqLKyw4wzCFYu4= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) by sourceware.org (Postfix) with ESMTPS id 15A643858D35 for <libc-alpha@sourceware.org>; Sun, 30 Jul 2023 19:26:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 15A643858D35 Received: by mail-lf1-x12b.google.com with SMTP id 2adb3069b0e04-4fb960b7c9dso6065777e87.0 for <libc-alpha@sourceware.org>; Sun, 30 Jul 2023 12:26:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690745172; x=1691349972; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=gVTSh75c1c3xsiUSzW3gV5Z4NMS5s8+sfBy59DuF4HE=; b=ZGfc+PRxw7ZYh9msYdA57angdZPE2guJfWPZTFQsInw3H2MJWi7liDP8vDcswosPXe /FeufVzgBL3q48+p4HZYSEKgCg7YTEUinBT9uFBpW0AIvoBMS84WEcX7Az09qxYxOF+U 7epWRrQjEfFziRTY4A6JQhITjriLpb57msEWTjbe7TGNPPi2c+HUnJ//ztl/Ueam0nGv CIVll79KAsxfFMMZLysBV7+7Y8l+89d3CSlodqoEd80mdAy1efjwCrAI4mXZ5SOYPIcx nXUC+vsdL27+LS+PmQ8pgt9X9RgfPJmplyapp1ACL2Gd+BetQaW1IPLyvHk3264ROND8 bc1A== X-Gm-Message-State: ABy/qLZuMl2R/XRj11FGXWxGj8u/iWEMsIIAUYYKomkZYndDvrHpeiaI B1mapbRT0KQOVE0BbvZdkluuX37+DMYUNA== X-Google-Smtp-Source: APBJJlE5Jun6U4IBnOybAC0mQDb6b/2AIimca+0Z4d4BE0mwzW9tDl/VPaElDHcKOA1agXXoLJkv6g== X-Received: by 2002:a05:6512:3d88:b0:4fb:78b1:1cd4 with SMTP id k8-20020a0565123d8800b004fb78b11cd4mr5807937lfv.49.1690745172111; Sun, 30 Jul 2023 12:26:12 -0700 (PDT) Received: from localhost.localdomain ([2a02:2168:b344:a600:4435:f106:1598:d2b0]) by smtp.gmail.com with ESMTPSA id y8-20020a197508000000b004fe2f085d5csm532447lfe.299.2023.07.30.12.26.11 for <libc-alpha@sourceware.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 30 Jul 2023 12:26:11 -0700 (PDT) To: libc-alpha@sourceware.org Subject: [PATCH v4 0/6] fcntl fortification Date: Sun, 30 Jul 2023 22:25:55 +0300 Message-ID: <20230730192605.2423480-1-bugaevc@gmail.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=subscribe> From: Sergey Bugaev via Libc-alpha <libc-alpha@sourceware.org> Reply-To: Sergey Bugaev <bugaevc@gmail.com> Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org> |
Series |
fcntl fortification
|
|
Message
Sergey Bugaev
July 30, 2023, 7:25 p.m. UTC
Hello, this is the v4 of the fcntl fortification work. v1 was at [0], v2 at [1], v3 at [2]. [0]: https://sourceware.org/pipermail/libc-alpha/2023-May/148332.html [1]: https://sourceware.org/pipermail/libc-alpha/2023-May/148569.html [2]: https://sourceware.org/pipermail/libc-alpha/2023-June/149096.html Changes since v3: - Rebased onto the latest master. - Fixed the bug found by Linaro CI (thanks!): F_DUPFD_CLOEXEC is not always defined, so it has to be surrounded by ifdef checks too. - This patchset is now compatible with Frédéric Bérat's work on fortifying glibc itself / --enable-fortify-source! - Fixed a bug: F_GETLK etc may have the same values as F_GETLK64 etc, so the previous version of this patchset would complain about F_GETLK64 usage with struct flock64, since the check for F_GETLK happened first. This is now fixed by accepting both struct flock and struct flock64 if F_GETLK has the same value as F_GETLK64. - Found and fixed a few cases of what seems to be actual commmand / type confusion in the tests! Specifically, it was calling fcntl64 (fd, F_SETLK, &flock64) in a few places, which is incorrect according to my understanding and my tests of Linux behavior. Please see the first patch for some more details, and please correct me if I'm wrong! I've checked that this builds and passes tests (there are a few test failures, but they all seem unrelated) for x86_64-linux-gnu and i686-linux-gnu with and without --enable-fortify-source. I've also checked that it builds for x86_64-gnu with and without --enable-fortify-source, but I haven't run the tests. Sergey
Comments
On Sun, Jul 30, 2023, at 3:25 PM, Sergey Bugaev via Libc-alpha wrote:
> this is the v4 of the fcntl fortification work.
I apologize if this has already been discussed, but I can't find any mention of it. What does this patch do with code that supplies an *unnecessary* third argument to fcntl and/or open? (For example, `open(fname, O_RDONLY, 0)`.
I have seen this fairly often and it's harmless, so I think it should probably continue to be allowed. I can see an argument for warning about this, but I think that belongs in the compiler, with a dedicated -W option to squelch it.
zw
On 31/07/23 11:40, Zack Weinberg via Libc-alpha wrote: > On Sun, Jul 30, 2023, at 3:25 PM, Sergey Bugaev via Libc-alpha wrote: >> this is the v4 of the fcntl fortification work. > > I apologize if this has already been discussed, but I can't find any mention of it. What does this patch do with code that supplies an *unnecessary* third argument to fcntl and/or open? (For example, `open(fname, O_RDONLY, 0)`. > > I have seen this fairly often and it's harmless, so I think it should probably continue to be allowed. I can see an argument for warning about this, but I think that belongs in the compiler, with a dedicated -W option to squelch it. My understanding reviewing the previous revision is the other way around: like __open_2 the idea is warn if the fcntl requires a third argument based on second argument value. Like fortified open, adding an extra argument where it is not required should not trigger a fortify issue.