diff options
-rw-r--r-- | ChangeLog | 29 | ||||
-rw-r--r-- | Versions.def | 1 | ||||
-rw-r--r-- | debug/Versions | 3 | ||||
-rw-r--r-- | debug/fortify_fail.c | 1 | ||||
-rw-r--r-- | include/stdio.h | 1 | ||||
-rw-r--r-- | io/bits/fcntl2.h | 248 | ||||
-rw-r--r-- | io/fcntl.h | 4 | ||||
-rw-r--r-- | misc/sys/cdefs.h | 12 | ||||
-rw-r--r-- | rt/Makefile | 4 | ||||
-rw-r--r-- | rt/Versions | 3 | ||||
-rw-r--r-- | rt/bits/mqueue2.h | 56 | ||||
-rw-r--r-- | rt/mq_open.c | 16 | ||||
-rw-r--r-- | rt/mqueue.h | 6 | ||||
-rw-r--r-- | sysdeps/unix/sysv/linux/mq_open.c | 14 |
14 files changed, 258 insertions, 140 deletions
@@ -1,3 +1,32 @@ +2007-09-15 Jakub Jelinek <jakub@redhat.com> + + * rt/Versions (librt): Export __mq_open_2@@GLIBC_2.7. + * rt/Makefile (headers): Add bits/mqueue2.h. + * rt/mqueue.h: Include bits/mqueue2.h if -D_FORTIFY_SOURCE=2, + optimizing with GCC and __va_arg_pack_len is defined. + * rt/bits/mqueue2.h: New file. + * rt/mq_open.c (__mq_open): Renamed from mq_open. + (mq_open): New strong_alias. + (__mq_open_2): New function. + * sysdeps/unix/sysv/linux/mq_open.c (__mq_open): Renamed from mq_open. + (mq_open): New strong_alias. + (__mq_open_2): New function. + * debug/Versions (libc): Export __fortify_fail@@GLIBC_PRIVATE. + * Versions.def (librt): Add GLIBC_2.7 version. + * debug/fortify_fail.c (__fortify_fail): Add libc_hidden_def. + * include/stdio.h (__fortify_fail): Add libc_hidden_proto. + + * misc/sys/cdefs.h (__errordecl, __va_arg_pack_len): Define. + * io/fcntl.h: Include bits/fcntl2.h when __va_arg_pack_len + is defined rather than when not C++. + * io/bits/fcntl2.h (__open_alias, __open64_alias, __openat_alias, + __openat64_alias): New redirects. + (__open_too_many_args, __open_missing_mode, __open64_too_many_args, + __open64_missing_mode, __openat_too_many_args, __openat_missing_mode, + __openat64_too_many_args, __openat64_missing_mode): New __errordecls. + (open, open64, openat, openat64): Rewrite as __extern_always_inline + functions instead of function-like macros. + 2007-09-14 H.J. Lu <hongjiu.lu@intel.com> * sysdeps/i386/i586/memcpy.S (__memcpy_chk): New definition. diff --git a/Versions.def b/Versions.def index 7365b54..af37782 100644 --- a/Versions.def +++ b/Versions.def @@ -100,6 +100,7 @@ librt { GLIBC_2.3.3 GLIBC_2.3.4 GLIBC_2.4 + GLIBC_2.7 } libutil { GLIBC_2.0 diff --git a/debug/Versions b/debug/Versions index 31c1e83..e467cc0 100644 --- a/debug/Versions +++ b/debug/Versions @@ -42,4 +42,7 @@ libc { GLIBC_2.7 { __fread_chk; __fread_unlocked_chk; } + GLIBC_PRIVATE { + __fortify_fail; + } } diff --git a/debug/fortify_fail.c b/debug/fortify_fail.c index 66494a6..3b5821e 100644 --- a/debug/fortify_fail.c +++ b/debug/fortify_fail.c @@ -32,3 +32,4 @@ __fortify_fail (msg) __libc_message (2, "*** %s ***: %s terminated\n", msg, __libc_argv[0] ?: "<unknown>"); } +libc_hidden_def (__fortify_fail) diff --git a/include/stdio.h b/include/stdio.h index 84b8af9..4b30e6a 100644 --- a/include/stdio.h +++ b/include/stdio.h @@ -67,6 +67,7 @@ extern void __libc_fatal (__const char *__message) __attribute__ ((__noreturn__)); extern void __libc_message (int do_abort, __const char *__fnt, ...); extern void __fortify_fail (const char *msg) __attribute__ ((noreturn)); +libc_hidden_proto (__fortify_fail) /* Acquire ownership of STREAM. */ extern void __flockfile (FILE *__stream); diff --git a/io/bits/fcntl2.h b/io/bits/fcntl2.h index 5b9fcd5..fbe8585 100644 --- a/io/bits/fcntl2.h +++ b/io/bits/fcntl2.h @@ -25,161 +25,149 @@ appropriate third/fourth parameter. */ #ifndef __USE_FILE_OFFSET64 extern int __open_2 (__const char *__path, int __oflag) __nonnull ((1)); +extern int __REDIRECT (__open_alias, (__const char *__path, int __oflag, ...), + open) __nonnull ((1)); #else -extern int __REDIRECT (__open_2, (__const char *__file, int __oflag), +extern int __REDIRECT (__open_2, (__const char *__path, int __oflag), __open64_2) __nonnull ((1)); +extern int __REDIRECT (__open_alias, (__const char *__path, int __oflag, ...), + open64) __nonnull ((1)); #endif +__errordecl (__open_too_many_args, + "open can be called either with 2 or 3 arguments, not more"); +__errordecl (__open_missing_mode, + "open with O_CREAT in second argument needs 3 arguments"); -#define open(fname, flags, ...) \ - (__extension__ \ - ({ int ___r; \ - /* If the compiler complains about an invalid type, excess elements, \ - etc. in the initialization this means a parameter of the wrong type \ - has been passed to open. */ \ - int ___arr[] = { __VA_ARGS__ }; \ - if (__builtin_constant_p (flags) && ((flags) & O_CREAT) != 0) \ - { \ - /* If the compiler complains about the size of this array type the \ - mode parameter is missing since O_CREAT has been used. */ \ - typedef int __open_missing_mode[((flags) & O_CREAT) != 0 \ - ? ((long int) sizeof (___arr) \ - - (long int) sizeof (int)) : 1];\ - } \ - if (sizeof (___arr) == 0) \ - { \ - if (__builtin_constant_p (flags) && ((flags) & O_CREAT) == 0) \ - ___r = open (fname, flags); \ - else \ - ___r = __open_2 (fname, flags); \ - } \ - else \ - { \ - /* If the compiler complains about the size of this array type too \ - many parameters have been passed to open. */ \ - typedef int __open_too_many_args[-(sizeof (___arr) \ - > sizeof (int))]; \ - ___r = open (fname, flags, ___arr[0]); \ - } \ - ___r; \ - })) +__extern_always_inline int +open (__const char *__path, int __oflag, ...) +{ + if (__va_arg_pack_len () > 1) + __open_too_many_args (); + + if (__builtin_constant_p (__oflag)) + { + if ((__oflag & O_CREAT) != 0 && __va_arg_pack_len () < 1) + { + __open_missing_mode (); + return __open_2 (__path, __oflag); + } + return __open_alias (__path, __oflag, __va_arg_pack ()); + } + + if (__va_arg_pack_len () < 1) + return __open_2 (__path, __oflag); + + return __open_alias (__path, __oflag, __va_arg_pack ()); +} #ifdef __USE_LARGEFILE64 extern int __open64_2 (__const char *__path, int __oflag) __nonnull ((1)); +extern int __REDIRECT (__open64_alias, (__const char *__path, int __oflag, + ...), open64) __nonnull ((1)); +__errordecl (__open64_too_many_args, + "open64 can be called either with 2 or 3 arguments, not more"); +__errordecl (__open64_missing_mode, + "open64 with O_CREAT in second argument needs 3 arguments"); + +__extern_always_inline int +open64 (__const char *__path, int __oflag, ...) +{ + if (__va_arg_pack_len () > 1) + __open64_too_many_args (); -# define open64(fname, flags, ...) \ - (__extension__ \ - ({ int ___r; \ - /* If the compiler complains about an invalid type, excess elements, \ - etc. in the initialization this means a parameter of the wrong type \ - has been passed to open64. */ \ - int ___arr[] = { __VA_ARGS__ }; \ - if (__builtin_constant_p (flags) && ((flags) & O_CREAT) != 0) \ - { \ - /* If the compiler complains about the size of this array type the \ - mode parameter is missing since O_CREAT has been used. */ \ - typedef int __open_missing_mode[((flags) & O_CREAT) != 0 \ - ? ((long int) sizeof (___arr) \ - - (long int) sizeof (int)) : 1];\ - } \ - if (sizeof (___arr) == 0) \ - { \ - if (__builtin_constant_p (flags) && ((flags) & O_CREAT) == 0) \ - ___r = open64 (fname, flags); \ - else \ - ___r = __open64_2 (fname, flags); \ - } \ - else \ - { \ - /* If the compiler complains about the size of this array type too \ - many parameters have been passed to open64. */ \ - typedef int __open_too_many_args[-(sizeof (___arr) \ - > sizeof (int))]; \ - ___r = open64 (fname, flags, ___arr[0]); \ - } \ - ___r; \ - })) + if (__builtin_constant_p (__oflag)) + { + if ((__oflag & O_CREAT) != 0 && __va_arg_pack_len () < 1) + { + __open64_missing_mode (); + return __open64_2 (__path, __oflag); + } + return __open64_alias (__path, __oflag, __va_arg_pack ()); + } + + if (__va_arg_pack_len () < 1) + return __open64_2 (__path, __oflag); + + return __open64_alias (__path, __oflag, __va_arg_pack ()); +} #endif + #ifdef __USE_ATFILE # ifndef __USE_FILE_OFFSET64 extern int __openat_2 (int __fd, __const char *__path, int __oflag) __nonnull ((2)); +extern int __REDIRECT (__openat_alias, (int __fd, __const char *__path, + int __oflag, ...), openat) + __nonnull ((2)); # else -extern int __REDIRECT (__openat_2, (int __fd, __const char *__file, +extern int __REDIRECT (__openat_2, (int __fd, __const char *__path, int __oflag), __openat64_2) __nonnull ((2)); +extern int __REDIRECT (__openat_alias, (int __fd, __const char *__path, + int __oflag, ...), openat64) + __nonnull ((2)); # endif +__errordecl (__openat_too_many_args, + "openat can be called either with 3 or 4 arguments, not more"); +__errordecl (__openat_missing_mode, + "openat with O_CREAT in third argument needs 4 arguments"); + +__extern_always_inline int +openat (int __fd, __const char *__path, int __oflag, ...) +{ + if (__va_arg_pack_len () > 1) + __openat_too_many_args (); + + if (__builtin_constant_p (__oflag)) + { + if ((__oflag & O_CREAT) != 0 && __va_arg_pack_len () < 1) + { + __openat_missing_mode (); + return __openat_2 (__fd, __path, __oflag); + } + return __openat_alias (__fd, __path, __oflag, __va_arg_pack ()); + } + + if (__va_arg_pack_len () < 1) + return __openat_2 (__fd, __path, __oflag); -# define openat(fd, fname, flags, ...) \ - (__extension__ \ - ({ int ___r; \ - /* If the compiler complains about an invalid type, excess elements, \ - etc. in the initialization this means a parameter of the wrong type \ - has been passed to openat. */ \ - int ___arr[] = { __VA_ARGS__ }; \ - if (__builtin_constant_p (flags) && ((flags) & O_CREAT) != 0) \ - { \ - /* If the compiler complains about the size of this array type the \ - mode parameter is missing since O_CREAT has been used. */ \ - typedef int __open_missing_mode[((flags) & O_CREAT) != 0 \ - ? ((long int) sizeof (___arr) \ - - (long int) sizeof (int)) : 1];\ - } \ - if (sizeof (___arr) == 0) \ - { \ - if (__builtin_constant_p (flags) && ((flags) & O_CREAT) == 0) \ - ___r = openat (fd, fname, flags); \ - else \ - ___r = __openat_2 (fd, fname, flags); \ - } \ - else \ - { \ - /* If the compiler complains about the size of this array type too \ - many parameters have been passed to openat. */ \ - typedef int __open_too_many_args[-(sizeof (___arr) \ - > sizeof (int))]; \ - ___r = openat (fd, fname, flags, ___arr[0]); \ - } \ - ___r; \ - })) + return __openat_alias (__fd, __path, __oflag, __va_arg_pack ()); +} # ifdef __USE_LARGEFILE64 extern int __openat64_2 (int __fd, __const char *__path, int __oflag) __nonnull ((2)); +extern int __REDIRECT (__openat64_alias, (int __fd, __const char *__path, + int __oflag, ...), openat64) + __nonnull ((2)); +__errordecl (__openat64_too_many_args, + "openat64 can be called either with 3 or 4 arguments, not more"); +__errordecl (__openat64_missing_mode, + "openat64 with O_CREAT in third argument needs 4 arguments"); + +__extern_always_inline int +openat64 (int __fd, __const char *__path, int __oflag, ...) +{ + if (__va_arg_pack_len () > 1) + __openat64_too_many_args (); + + if (__builtin_constant_p (__oflag)) + { + if ((__oflag & O_CREAT) != 0 && __va_arg_pack_len () < 1) + { + __openat64_missing_mode (); + return __openat64_2 (__fd, __path, __oflag); + } + return __openat64_alias (__fd, __path, __oflag, __va_arg_pack ()); + } + + if (__va_arg_pack_len () < 1) + return __openat64_2 (__fd, __path, __oflag); -# define openat64(fd, fname, flags, ...) \ - (__extension__ \ - ({ int ___r; \ - /* If the compiler complains about an invalid type, excess elements, \ - etc. in the initialization this means a parameter of the wrong type \ - has been passed to openat64. */ \ - int ___arr[] = { __VA_ARGS__ }; \ - if (__builtin_constant_p (flags) && ((flags) & O_CREAT) != 0) \ - { \ - /* If the compiler complains about the size of this array type the \ - mode parameter is missing since O_CREAT has been used. */ \ - typedef int __open_missing_mode[((flags) & O_CREAT) != 0 \ - ? ((long int) sizeof (___arr) \ - - (long int) sizeof (int)) : 1];\ - } \ - if (sizeof (___arr) == 0) \ - { \ - if (__builtin_constant_p (flags) && ((flags) & O_CREAT) == 0) \ - ___r = openat64 (fd, fname, flags); \ - else \ - ___r = __openat64_2 (fd, fname, flags); \ - } \ - else \ - { \ - /* If the compiler complains about the size of this array type too \ - many parameters have been passed to openat64. */ \ - typedef int __open_too_many_args[-(sizeof (___arr) \ - > sizeof (int))]; \ - ___r = openat64 (fd, fname, flags, ___arr[0]); \ - } \ - ___r; \ - })) + return __openat64_alias (__fd, __path, __oflag, __va_arg_pack ()); +} # endif #endif @@ -211,9 +211,9 @@ extern int posix_fallocate64 (int __fd, __off64_t __offset, __off64_t __len); #endif -/* Define some macros helping to catch common problems. */ +/* Define some inlines helping to catch common problems. */ #if __USE_FORTIFY_LEVEL > 0 && defined __extern_always_inline \ - && !defined __cplusplus + && defined __va_arg_pack_len # include <bits/fcntl2.h> #endif diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h index bacfe2f..6b2a4fd 100644 --- a/misc/sys/cdefs.h +++ b/misc/sys/cdefs.h @@ -132,6 +132,7 @@ #define __bos(ptr) __builtin_object_size (ptr, __USE_FORTIFY_LEVEL > 1) #define __bos0(ptr) __builtin_object_size (ptr, 0) #define __warndecl(name, msg) extern void name (void) +#define __errordecl(name, msg) extern void name (void) /* Support for flexible arrays. */ @@ -281,7 +282,10 @@ /* GCC 4.3 and above with -std=c99 or -std=gnu99 implements ISO C99 inline semantics, unless -fgnu89-inline is used. */ -#if !defined __cplusplus || __GNUC_PREREQ (4,3) +#if !defined __cplusplus || __GNUC_PREREQ (4,3) \ + || (defined __GNUC_RH_RELEASE__ && __GNUC__ == 4 \ + && __GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ == 2 \ + && __GNUC_RH_RELEASE__ >= 23) # if defined __GNUC_STDC_INLINE__ || defined __cplusplus # define __extern_inline extern __inline __attribute__ ((__gnu_inline__)) # define __extern_always_inline \ @@ -294,8 +298,12 @@ /* GCC 4.3 and above allow passing all anonymous arguments of an __extern_always_inline function to some other vararg function. */ -#if __GNUC_PREREQ (4,3) +#if __GNUC_PREREQ (4,3) \ + || (defined __GNUC_RH_RELEASE__ && __GNUC__ == 4 \ + && __GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ == 2 \ + && __GNUC_RH_RELEASE__ >= 23) # define __va_arg_pack() __builtin_va_arg_pack () +# define __va_arg_pack_len() __builtin_va_arg_pack_len () #endif /* It is possible to compile containing GCC extensions even if GCC is diff --git a/rt/Makefile b/rt/Makefile index 148ded9..fe25309 100644 --- a/rt/Makefile +++ b/rt/Makefile @@ -1,4 +1,4 @@ -# Copyright (C) 1997-2004, 2006 Free Software Foundation, Inc. +# Copyright (C) 1997-2004, 2006, 2007 Free Software Foundation, Inc. # This file is part of the GNU C Library. # The GNU C Library is free software; you can redistribute it and/or @@ -21,7 +21,7 @@ # subdir := rt -headers := aio.h mqueue.h bits/mqueue.h +headers := aio.h mqueue.h bits/mqueue.h bits/mqueue2.h aio-routines := aio_cancel aio_error aio_fsync aio_misc aio_read \ aio_read64 aio_return aio_suspend aio_write \ diff --git a/rt/Versions b/rt/Versions index 51bb033..2921c9c 100644 --- a/rt/Versions +++ b/rt/Versions @@ -22,4 +22,7 @@ librt { mq_open; mq_close; mq_unlink; mq_getattr; mq_setattr; mq_notify; mq_send; mq_receive; mq_timedsend; mq_timedreceive; } + GLIBC_2.7 { + __mq_open_2; + } } diff --git a/rt/bits/mqueue2.h b/rt/bits/mqueue2.h new file mode 100644 index 0000000..4c90609 --- /dev/null +++ b/rt/bits/mqueue2.h @@ -0,0 +1,56 @@ +/* Checking macros for mq functions. + Copyright (C) 2007 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +#ifndef _FCNTL_H +# error "Never include <bits/mqueue2.h> directly; use <mqueue.h> instead." +#endif + +/* Check that calls to mq_open with O_CREAT set have an appropriate third and fourth + parameter. */ +extern mqd_t mq_open (__const char *__name, int __oflag, ...) + __THROW __nonnull ((1)); +extern mqd_t __mq_open_2 (__const char *__name, int __oflag) __nonnull ((1)); +extern mqd_t __REDIRECT (__mq_open_alias, (__const char *__name, int __oflag, ...), + mq_open) __nonnull ((1)); +__errordecl (__mq_open_wrong_number_of_args, + "mq_open can be called either with 2 or 4 arguments"); +__errordecl (__mq_open_missing_mode_and_attr, + "mq_open with O_CREAT in second argument needs 4 arguments"); + +__extern_always_inline mqd_t +mq_open (__const char *__name, int __oflag, ...) +{ + if (__va_arg_pack_len () != 0 && __va_arg_pack_len () != 2) + __mq_open_wrong_number_of_args (); + + if (__builtin_constant_p (__oflag)) + { + if ((__oflag & O_CREAT) != 0 && __va_arg_pack_len () == 0) + { + __mq_open_missing_mode_and_attr (); + return __mq_open_2 (__name, __oflag); + } + return __mq_open_alias (__name, __oflag, __va_arg_pack ()); + } + + if (__va_arg_pack_len () == 0) + return __mq_open_2 (__name, __oflag); + + return __mq_open_alias (__name, __oflag, __va_arg_pack ()); +} diff --git a/rt/mq_open.c b/rt/mq_open.c index dea5741..77d872e 100644 --- a/rt/mq_open.c +++ b/rt/mq_open.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2004 Free Software Foundation, Inc. +/* Copyright (C) 2004, 2007 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -18,6 +18,7 @@ #include <errno.h> #include <mqueue.h> +#include <stdio.h> /* Establish connection between a process and a message queue NAME and return message queue descriptor or (mqd_t) -1 on error. OFLAG determines @@ -27,10 +28,21 @@ attributes. If the fourth argument is NULL, default attributes are used. */ mqd_t -mq_open (const char *name, int oflag, ...) +__mq_open (const char *name, int oflag, ...) { __set_errno (ENOSYS); return (mqd_t) -1; } +strong_alias (__mq_open, mq_open); stub_warning (mq_open) + +mqd_t +__mq_open_2 (const char *name, int oflag) +{ + if (oflag & O_CREAT) + __fortify_fail ("invalid mq_open call: O_CREAT without mode and attr"); + + return __mq_open (name, oflag); +} +stub_warning (__mq_open_2) #include <stub-tag.h> diff --git a/rt/mqueue.h b/rt/mqueue.h index b811330..a4c3e1b 100644 --- a/rt/mqueue.h +++ b/rt/mqueue.h @@ -90,6 +90,12 @@ extern int mq_timedsend (mqd_t __mqdes, __const char *__msg_ptr, __nonnull ((2, 5)); #endif +/* Define some inlines helping to catch common problems. */ +#if __USE_FORTIFY_LEVEL > 0 && defined __extern_always_inline \ + && defined __va_arg_pack_len +# include <bits/mqueue2.h> +#endif + __END_DECLS #endif /* mqueue.h */ diff --git a/sysdeps/unix/sysv/linux/mq_open.c b/sysdeps/unix/sysv/linux/mq_open.c index eac6e01..6330fee 100644 --- a/sysdeps/unix/sysv/linux/mq_open.c +++ b/sysdeps/unix/sysv/linux/mq_open.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2004, 2005 Free Software Foundation, Inc. +/* Copyright (C) 2004, 2005, 2007 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -20,6 +20,7 @@ #include <mqueue.h> #include <stdarg.h> #include <stddef.h> +#include <stdio.h> #include <sysdep.h> #ifdef __NR_mq_open @@ -32,7 +33,7 @@ attributes. If the fourth argument is NULL, default attributes are used. */ mqd_t -mq_open (const char *name, int oflag, ...) +__mq_open (const char *name, int oflag, ...) { if (name[0] != '/') { @@ -54,7 +55,16 @@ mq_open (const char *name, int oflag, ...) return INLINE_SYSCALL (mq_open, 4, name + 1, oflag, mode, attr); } +strong_alias (__mq_open, mq_open); +mqd_t +__mq_open_2 (const char *name, int oflag) +{ + if (oflag & O_CREAT) + __fortify_fail ("invalid mq_open call: O_CREAT without mode and attr"); + + return __mq_open (name, oflag); +} #else # include <rt/mq_open.c> #endif |