__open64_2 to support _FORTIFY_SOURCE

Jan Leupold via Xenomai Fri, 11 Sep 2020 01:18:18 -0700

Am 11.09.20 um 09:55 schrieb Jan Kiszka:
> On 11.09.20 08:22, Jan Leupold via Xenomai wrote:
>> Am 10.09.20 um 18:27 schrieb Jan Kiszka:
>>> On 10.09.20 18:14, Jan Kiszka via Xenomai wrote:
>>>> On 10.09.20 16:46, Jan Leupold via Xenomai wrote:
>>>>> __open_2() and __open64_2() from glibc add runtime precondition tests for 
>>>>> the
>>>>> 'oflag' parameter to the functionality of open()/open64(). They may be 
>>>>> used when
>>>>> the macro _FORTIFY_SOURCE is defined when compiling the application code. 
>>>>> Added
>>>>> these wrappers to cover those cases.
>>>>>
>>>>> Signed-off-by: Jan Leupold <leup...@rsi-elektrotechnik.de>
>>>>> ---
>>>>>  include/cobalt/fcntl.h     |  4 ++++
>>>>>  lib/cobalt/cobalt.wrappers |  2 ++
>>>>>  lib/cobalt/rtdm.c          | 32 ++++++++++++++++++++++++++++++++
>>>>>  lib/cobalt/wrappers.c      | 12 ++++++++++++
>>>>>  4 files changed, 50 insertions(+)
>>>>>
>>>>> diff --git a/include/cobalt/fcntl.h b/include/cobalt/fcntl.h
>>>>> index d54989389..f1052c28d 100644
>>>>> --- a/include/cobalt/fcntl.h
>>>>> +++ b/include/cobalt/fcntl.h
>>>>> @@ -31,6 +31,10 @@ COBALT_DECL(int, open(const char *path, int oflag, 
>>>>> ...));
>>>>>  
>>>>>  COBALT_DECL(int, open64(const char *path, int oflag, ...));
>>>>>  
>>>>> +COBALT_DECL(int, __open_2(const char *path, int oflag));
>>>>> +
>>>>> +COBALT_DECL(int, __open64_2(const char *path, int oflag));
>>>>> +
>>>>>  COBALT_DECL(int, fcntl(int fd, int cmd, ...));
>>>>>  
>>>>>  #ifdef __cplusplus
>>>>> diff --git a/lib/cobalt/cobalt.wrappers b/lib/cobalt/cobalt.wrappers
>>>>> index f63a170f8..0e954764d 100644
>>>>> --- a/lib/cobalt/cobalt.wrappers
>>>>> +++ b/lib/cobalt/cobalt.wrappers
>>>>> @@ -54,6 +54,8 @@
>>>>>  --wrap mq_notify
>>>>>  --wrap open
>>>>>  --wrap open64
>>>>> +--wrap __open_2
>>>>> +--wrap __open64_2
>>>>>  --wrap socket
>>>>>  --wrap close
>>>>>  --wrap ioctl
>>>>> diff --git a/lib/cobalt/rtdm.c b/lib/cobalt/rtdm.c
>>>>> index 9f3dcd25f..80d08b18f 100644
>>>>> --- a/lib/cobalt/rtdm.c
>>>>> +++ b/lib/cobalt/rtdm.c
>>>>> @@ -23,6 +23,7 @@
>>>>>  #include <pthread.h>
>>>>>  #include <fcntl.h>
>>>>>  #include <unistd.h>
>>>>> +#include <stdlib.h>
>>>>>  #include <sys/socket.h>
>>>>>  #include <sys/mman.h>
>>>>>  #include <rtdm/rtdm.h>
>>>>> @@ -94,6 +95,37 @@ COBALT_IMPL(int, open64, (const char *path, int oflag, 
>>>>> ...))
>>>>>   return do_open(path, oflag | O_LARGEFILE, mode);
>>>>>  }
>>>>>  
>>>>> +COBALT_IMPL(int, __open_2, (const char *path, int oflag))
>>>>> +{
>>>>> +    /* __open_2() from glibc adds a runtime precondition test for the 
>>>>> 'oflag'
>>>>> +     * parameter to the functionality of open(). It may be used when the 
>>>>> macro
>>>>> +     * _FORTIFY_SOURCE is defined when compiling the application code.
>>>>> +     */
>>>>> +    if (__OPEN_NEEDS_MODE(oflag)) {
>>>>> +        const char* msg =
>>>>> +            "invalid open call: O_CREAT or O_TMPFILE without mode\n";
>>>>> +        ssize_t n = write(STDERR_FILENO, msg, strlen(msg));
>>>>> +        (void) n;
>>>>> +        abort();
>>>>> +    }
>>>>> +
>>>>> + return do_open(path, oflag, 0);
>>>>> +}
>>>>> +
>>>>> +COBALT_IMPL(int, __open64_2, (const char *path, int oflag))
>>>>> +{
>>>>> +    /* just like __open_2() and open64() */
>>>>> +    if (__OPEN_NEEDS_MODE(oflag)) {
>>>>> +        const char* msg =
>>>>> +            "invalid open64 call: O_CREAT or O_TMPFILE without mode\n";
>>>>> +        ssize_t n = write(STDERR_FILENO, msg, strlen(msg));
>>>>> +        (void) n;
>>>>> +        abort();
>>>>> +    }
>>>>> +
>>>>> + return do_open(path, oflag | O_LARGEFILE, 0);
>>>>> +}
>>>>> +
>>>>>  COBALT_IMPL(int, socket, (int protocol_family, int socket_type, int 
>>>>> protocol))
>>>>>  {
>>>>>   int s;
>>>>> diff --git a/lib/cobalt/wrappers.c b/lib/cobalt/wrappers.c
>>>>> index ed8fbaf16..5d86607de 100644
>>>>> --- a/lib/cobalt/wrappers.c
>>>>> +++ b/lib/cobalt/wrappers.c
>>>>> @@ -205,6 +205,18 @@ int __real_open64(const char *path, int oflag, ...)
>>>>>  }
>>>>>  #endif
>>>>>  
>>>>> +__weak
>>>>> +int __real___open_2(const char *path, int oflag)
>>>>> +{
>>>>> +    return __open_2(path, oflag);
>>>>> +}
>>>>> +
>>>>> +__weak
>>>>> +int __real___open64_2(const char *path, int oflag)
>>>>> +{
>>>>> +    return __open64_2(path, oflag);
>>>>> +}
>>>>> +
>>>>>  __weak
>>>>>  int __real_socket(int protocol_family, int socket_type, int protocol)
>>>>>  {
>>>>>
>>>>
>>>> Thanks, applied to next.
>>>>
>>>
>>> Currently stressing multiple CI infrastructures, and our internal one 
>>> already revealed that you will soon see red lights in some jobs here:
>>>
>>> https://gitlab.denx.de/Xenomai/xenomai/-/pipelines/4644
>>>
>>>   CC       libcobalt_la-wrappers.lo
>>> wrappers.c: In function '__real___open_2':
>>> wrappers.c:211:12: error: implicit declaration of function '__open_2'; did 
>>> you mean 'openat'? [-Werror=implicit-function-declaration]
>>>      return __open_2(path, oflag);
>>>             ^~~~~~~~
>>>             openat
>>> wrappers.c: In function '__real___open64_2':
>>> wrappers.c:217:12: error: implicit declaration of function '__open64_2'; 
>>> did you mean 'open64'? [-Werror=implicit-function-declaration]
>>>      return __open64_2(path, oflag);
>>>             ^~~~~~~~~~
>>>             open64
>>> cc1: all warnings being treated as errors
>>>
>>> We need to account for non-fortified setups.
>>
>> I see several ways to handle this:
>>
>> 1. put both functions in a separate source file, which is always compilied
>> with _FORTIFY_SOURCE=2. Could be a mess if some supported platforms do not
>> support fortify.
>>
>> 2. copy the function declarations from fcntl2.h into wrappers.c
>> This will probably break with the next glibc release
>>
>> 3. remove both wrappers, I mean "__real___open_2()" and
>> "__real___open64_2()". As both functions are not designed to be
>> called directly by user code there should be no need to provide
>> support for __STD(__open_2(...)). Would compile but then fail at
>> link time.
>>
> 
> 4. Only include the wrappers when we are building fortified?
>    "#if __USE_FORTIFY_LEVEL > 0"? Some even do


"#if __USE_FORTIFY_LEVEL > 0" only for __real___open*? OK!
If applied also for __cobalt___open* then this would require fortified
applications to use --enable-fortify when compiling Xenomai.

Jan


-- 
_____________________________________________________________
R-S-I Elektrotechnik GmbH & Co. KG
Woelkestrasse 11
D-85301 Schweitenkirchen
Fon: +49 8444 9204-0
Fax: +49 8444 9204-50
www.rsi-elektrotechnik.de

_____________________________________________________________
Amtsgericht Ingolstadt - GmbH: HRB 191328 - KG: HRA 170363
Geschäftsführer: Dr.-Ing. Michael Sorg, Dipl.-Ing. Franz Sorg
USt-IdNr.: DE 128592548

Re: [PATCH] lib/cobalt: Wrap __open_2/__open64_2 to support _FORTIFY_SOURCE

Reply via email to