From patchwork Thu Dec 21 18:59:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 757039 Delivered-To: patch@linaro.org Received: by 2002:a5d:67c6:0:b0:336:6142:bf13 with SMTP id n6csp1055282wrw; Thu, 21 Dec 2023 11:02:01 -0800 (PST) X-Google-Smtp-Source: AGHT+IHWDUG2tjs6TwJbVVRAS/8nnk9c2rsbplCmebrl114KvHJn5k9HR0fkVrHDIr3WkAl7ICTs X-Received: by 2002:a9d:7b46:0:b0:6d8:74e2:7cf0 with SMTP id f6-20020a9d7b46000000b006d874e27cf0mr147904oto.75.1703185320826; Thu, 21 Dec 2023 11:02:00 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1703185320; cv=pass; d=google.com; s=arc-20160816; b=FdFOC6HWRlN5J6QDrXBnmZ6crwvPQzjRRx7ZRi+A0dx+W0dLZ4vqQ4+Gygc9yP7Mae MccFFqRXOKt5S/09W3D2qaac8ipq2H4NhmalMCDZlci0rDSd2mzVSRvliftiLBXP6QSF 4hrZdFjJbTCOJY1jhebIzrfAkkhbZpN4UO0SSqabtDJBil3KSK6SmZc6RuhhGxoJuxfX bSFoLjnn6HG91bcJ1OQstzjkZ0OXfxtLshROMbD+6sR/5d1o11vac6KeE90isDEh2xS5 SLYG6ZFpoFlYN2KWAUcJZlJPQN35bMXqNL6h8gZdwVMIHzWjXEmm4sLCo4vt2Oh1U3sk emdg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=kAVxnOuZOcMbmghxoXcQO+Li2FnJV3Itd4MkTSPN2qM=; fh=JNN3k7BRNI1OnWdIBK9jlpNeitGd8uBm02dHI75AGcg=; b=U2vqDuSC5Ng0vMCvB2ZLQNgidu3UwExdBvQVgyCYGVCQULkLpTsQMNbQw5PRV+vn30 k4GpR7E5EMQNfetUOOo4JmFwevxTDwANRTyIpBfgEG/JuY8WLFeIcqTTLNrbmh/Iu1C5 UcKYjJ0jdrUEwrKyWI2UOG5mOluusTP+v6S7lBpc3G+H5OKRPohD+hgr+Bi8NwRBYCE+ 9UA8F2EE74yh/ew6TNSX6hgqL/00SNiGvbWNDCC+E6BjxlgoPL6Xf3f+yp+QXHocNOl8 zkiYUQ2NjFytbRMV4uqsho3nAhUPo4zGoqyzRarj/WAXv12n4gJHisoIgiGHJ+Jn/gGl s+JA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=BRYbpcEy; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id q3-20020ab02643000000b007cc03fc58e4si493683uao.106.2023.12.21.11.02.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 11:02:00 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=BRYbpcEy; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 89E4A3870C36 for ; Thu, 21 Dec 2023 19:01:57 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) by sourceware.org (Postfix) with ESMTPS id E94FD38618E3 for ; Thu, 21 Dec 2023 19:00:04 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E94FD38618E3 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org E94FD38618E3 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::433 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185206; cv=none; b=TBx+uv+To2fcOwaeEwmIOaNUQABHY1spDmXDc4psb142hqMQ00R5lmO3leGmBdv4HhGjvK+/RJPOMPgUHQFR1fthXTkPClmrZtmrmKkJq+X4jbThmcJw73KKA6I8LzlTyBlqxNobSRtib9VIWniPl6ysuxxu3ue98oa7eMvOz1c= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185206; c=relaxed/simple; bh=SMk/Qup28/N/uMlr24t3DEfEFQfSQKfE0rR4ibU+F3c=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=Ec5cvzJ4svpD5O4WS1rGgRfhoJWhFUo+IQRGY64Crc3az1pEdo0STBTiQJ4L8Dzom8iSU0LxZKZm5y5sHcOFlkPUJhHAeB60CqeU+aGZWyZPQNb8WLOH2GXBtr7qu30t32kXk8nqyq9sssWRlvSmHlTpVMiCny/cuecNWYm7UDc= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x433.google.com with SMTP id d2e1a72fcca58-6d7e67d31caso787122b3a.1 for ; Thu, 21 Dec 2023 11:00:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1703185203; x=1703790003; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=kAVxnOuZOcMbmghxoXcQO+Li2FnJV3Itd4MkTSPN2qM=; b=BRYbpcEyoUCvqnZgLfvyHAr5IOLVHMsoAgOCeBOwSJkEJCfw1LaU/Y6IvA6+uGXO3K 1ODs0ZS2MrOGK55paVmN5La+s4msyujJoaa2hPJu30CPkB+6tqjLlOfyfWPG1VWzxbDN ZrOkeZmDdCW0/XXrsEHw0TxR2EUkTN7KQKMVFMafYJzSUdVJb37DOyYvldpykQ6hqLOk AqrBUo+evcNffIZRyjlteBr5o+iQVabAD4OEha81N+vKcFrvYggqdcw+yEV88uj4PC7s nMXt1T4xBVA+h0Udt/WxfZHn6ZgpJP0FiNCBKWIv/SoXD0lezYdOLwqRKc8AOBfUrRhi 3Deg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703185203; x=1703790003; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kAVxnOuZOcMbmghxoXcQO+Li2FnJV3Itd4MkTSPN2qM=; b=FpxVZzZtlG7fHgl5UmhYRhCqyu1866XnxXELAY3YNJ2Ld4efBPmuwF87eY8DFrT/89 2cSqTe1Gq3m5nD9CNxt1NRyAa4JgykE1zmPnvifAgtzucnSARNnQFfqqF6QjHfV5Es/V 8zPwPyY8krdRQxhrGHAVX7NslXU5IrZEFEY4CDuflOeLnkWM5eUysnxEjXObErX7H0+L oLYmvE1+EOrbYcnL0eKlwjsglF+brEgWSF/s6orhpsm24NTbOu5NADLThqndB1xwmMKj Klbr0wJhn8FGf3GgCEZMemAnN9xr8Ab4zkOral1vZ1FtW6Y+9VEWGVBg03+2TU34G5zC vBvw== X-Gm-Message-State: AOJu0YwJ10dYAuuzu0mzHC64Rtpryf153v6GLgtZiUIYJ+IJf6n/qAyf rnraxYOZamLNYE9T3th22YaLdGKp5Ii0f3tLHm3l7qyUIvo= X-Received: by 2002:a05:6a20:7f8c:b0:18f:f3f4:e61 with SMTP id d12-20020a056a207f8c00b0018ff3f40e61mr140105pzj.3.1703185203398; Thu, 21 Dec 2023 11:00:03 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:8192:ecd7:d327:bea0:14dc]) by smtp.gmail.com with ESMTPSA id a9-20020a63e409000000b005cdbebd61d8sm1946165pgi.9.2023.12.21.11.00.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 11:00:02 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH 11/15] socket: Improve fortify with clang Date: Thu, 21 Dec 2023 15:59:25 -0300 Message-Id: <20231221185929.1307116-12-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> References: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patch=linaro.org@sourceware.org It improve fortify checks recv, recvfrom, poll, and ppoll. The compile and runtime hecks have similar coverage as with GCC. Checked on aarch64, armhf, x86_64, and i686. --- io/bits/poll2.h | 29 +++++++++++++++++++++-------- socket/bits/socket2.h | 20 ++++++++++++++++---- 2 files changed, 37 insertions(+), 12 deletions(-) diff --git a/io/bits/poll2.h b/io/bits/poll2.h index d85d3ff48d..745c29fe0d 100644 --- a/io/bits/poll2.h +++ b/io/bits/poll2.h @@ -33,8 +33,13 @@ extern int __REDIRECT (__poll_chk_warn, (struct pollfd *__fds, nfds_t __nfds, __poll_chk) __warnattr ("poll called with fds buffer too small file nfds entries"); -__fortify_function __fortified_attr_access (__write_only__, 1, 2) int -poll (struct pollfd *__fds, nfds_t __nfds, int __timeout) +__fortify_function __fortified_attr_access (__write_only__, 1, 2) +__attribute_overloadable__ int +poll (__fortify_clang_overload_arg (struct pollfd *, ,__fds), nfds_t __nfds, + int __timeout) + __fortify_clang_warning_only_if_bos_lt2 (__nfds, __fds, sizeof (*__fds), + "poll called with fds buffer " + "too small file nfds entries") { return __glibc_fortify (poll, __nfds, sizeof (*__fds), __glibc_objsize (__fds), @@ -58,9 +63,13 @@ extern int __REDIRECT (__ppoll64_chk_warn, (struct pollfd *__fds, nfds_t __n, __ppoll64_chk) __warnattr ("ppoll called with fds buffer too small file nfds entries"); -__fortify_function __fortified_attr_access (__write_only__, 1, 2) int -ppoll (struct pollfd *__fds, nfds_t __nfds, const struct timespec *__timeout, - const __sigset_t *__ss) +__fortify_function __fortified_attr_access (__write_only__, 1, 2) +__attribute_overloadable__ int +ppoll (__fortify_clang_overload_arg (struct pollfd *, ,__fds), nfds_t __nfds, + const struct timespec *__timeout, const __sigset_t *__ss) + __fortify_clang_warning_only_if_bos_lt2 (__nfds, __fds, sizeof (*__fds), + "ppoll called with fds buffer " + "too small file nfds entries") { return __glibc_fortify (ppoll64, __nfds, sizeof (*__fds), __glibc_objsize (__fds), @@ -81,9 +90,13 @@ extern int __REDIRECT (__ppoll_chk_warn, (struct pollfd *__fds, nfds_t __nfds, __ppoll_chk) __warnattr ("ppoll called with fds buffer too small file nfds entries"); -__fortify_function __fortified_attr_access (__write_only__, 1, 2) int -ppoll (struct pollfd *__fds, nfds_t __nfds, const struct timespec *__timeout, - const __sigset_t *__ss) +__fortify_function __fortified_attr_access (__write_only__, 1, 2) +__attribute_overloadable__ int +ppoll (__fortify_clang_overload_arg (struct pollfd *, ,__fds), nfds_t __nfds, + const struct timespec *__timeout, const __sigset_t *__ss) + __fortify_clang_warning_only_if_bos_lt2 (__nfds, __fds, sizeof (*__fds), + "ppoll called with fds buffer " + "too small file nfds entries") { return __glibc_fortify (ppoll, __nfds, sizeof (*__fds), __glibc_objsize (__fds), diff --git a/socket/bits/socket2.h b/socket/bits/socket2.h index ffcc671625..f8ad72ff79 100644 --- a/socket/bits/socket2.h +++ b/socket/bits/socket2.h @@ -30,14 +30,20 @@ extern ssize_t __REDIRECT (__recv_chk_warn, __warnattr ("recv called with bigger length than size of destination " "buffer"); -__fortify_function ssize_t -recv (int __fd, void *__buf, size_t __n, int __flags) +__fortify_function __attribute_overloadable__ ssize_t +recv (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), size_t __n, + int __flags) + __fortify_clang_warning_only_if_bos0_lt (__n, __buf, + "recv called with bigger length than " + "size of destination buffer") { size_t sz = __glibc_objsize0 (__buf); if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) return __recv_alias (__fd, __buf, __n, __flags); +#if !__fortify_use_clang if (__glibc_unsafe_len (__n, sizeof (char), sz)) return __recv_chk_warn (__fd, __buf, __n, sz, __flags); +#endif return __recv_chk (__fd, __buf, __n, sz, __flags); } @@ -57,15 +63,21 @@ extern ssize_t __REDIRECT (__recvfrom_chk_warn, __warnattr ("recvfrom called with bigger length than size of " "destination buffer"); -__fortify_function ssize_t -recvfrom (int __fd, void *__restrict __buf, size_t __n, int __flags, +__fortify_function __attribute_overloadable__ ssize_t +recvfrom (int __fd, __fortify_clang_overload_arg0 (void *, __restrict, __buf), + size_t __n, int __flags, __SOCKADDR_ARG __addr, socklen_t *__restrict __addr_len) + __fortify_clang_warning_only_if_bos0_lt (__n, __buf, + "recvfrom called with bigger length " + "than size of destination buffer") { size_t sz = __glibc_objsize0 (__buf); if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) return __recvfrom_alias (__fd, __buf, __n, __flags, __addr, __addr_len); +#if !__fortify_use_clang if (__glibc_unsafe_len (__n, sizeof (char), sz)) return __recvfrom_chk_warn (__fd, __buf, __n, sz, __flags, __addr, __addr_len); +#endif return __recvfrom_chk (__fd, __buf, __n, sz, __flags, __addr, __addr_len); }