lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 2 Feb 2017 09:15:04 +0100
From:   Nicolas Iooss <nicolas.iooss_linux@....org>
To:     hpa@...or.com, Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, x86@...nel.org
Cc:     linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 1/1] x86, relocs: add printf attribute to die()

On 02/02/17 02:39, hpa@...or.com wrote:
> On January 31, 2017 10:52:11 AM PST, Nicolas Iooss <nicolas.iooss_linux@....org> wrote:
>> Hello,
>>
>> As I have not received any comment on the patch I sent in December, I
>> am
>> wondering whether I did anything wrong with it. How can I get it queued
>> for the next merge window?
>>
>> Thanks,
>> Nicolas
>>
>> On 18/12/16 20:47, Nicolas Iooss wrote:
>>> Adding such an attribute helps to detect errors in the format string
>> at
>>> build time. After doing this, the compiler complains about such
>> issues:
>>>
>>>     arch/x86/tools/relocs.c:460:5: error: format specifies type 'int'
>>>     but the argument has type 'Elf64_Xword' (aka 'unsigned long')
>>>     [-Werror,-Wformat]
>>>                                     sec->shdr.sh_size);
>>>                                     ^~~~~~~~~~~~~~~~~
>>>     arch/x86/tools/relocs.c:464:5: error: format specifies type 'int'
>>>     but the argument has type 'Elf64_Off' (aka 'unsigned long')
>>>     [-Werror,-Wformat]
>>>                                     sec->shdr.sh_offset,
>> strerror(errno));
>>>                                     ^~~~~~~~~~~~~~~~~~~
>>>
>>> When relocs.c is included by relocs_32.c, sec->shdr.sh_size and
>>> sec->shdr.sh_offset are 32-bit unsigned integers. When the file is
>>> included by relocs_64.c, these expressions are 64-bit unsigned
>> integers.
>>>
>>> Introduce a PRIuELF macro to define the right format to use when
>>> printing sh_size and sh_offset values.
>>>
>>> While at it, constify the format attribute of die().
>>>
>>> Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@....org>
>>> ---
>>> I sent the first versions of this patch in September (cf.
>>> https://patchwork.kernel.org/patch/9312665/) but it has not been
>>> applied.
>>>
>>> As commit adee8705d251 ("x86/build: Annotate die() with noreturn to
>> fix
>>> build warning on clang") introduced the noreturn attribute to die(),
>>> this patch now only adds the printf attribute.
>>>
>>>  arch/x86/tools/relocs.c        | 14 +++++++-------
>>>  arch/x86/tools/relocs.h        |  3 ++-
>>>  arch/x86/tools/relocs_32.c     |  3 +++
>>>  arch/x86/tools/relocs_64.c     |  3 +++
>>>  arch/x86/tools/relocs_common.c |  2 +-
>>>  5 files changed, 16 insertions(+), 9 deletions(-)
>>>
>>> diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c
>>> index 0c2fae8d929d..4cad603b8d58 100644
>>> --- a/arch/x86/tools/relocs.c
>>> +++ b/arch/x86/tools/relocs.c
>>> @@ -397,7 +397,7 @@ static void read_shdrs(FILE *fp)
>>>  		    ehdr.e_shnum);
>>>  	}
>>>  	if (fseek(fp, ehdr.e_shoff, SEEK_SET) < 0) {
>>> -		die("Seek to %d failed: %s\n",
>>> +		die("Seek to %"PRIuELF" failed: %s\n",
>>>  			ehdr.e_shoff, strerror(errno));
>>>  	}
>>>  	for (i = 0; i < ehdr.e_shnum; i++) {
>>> @@ -431,11 +431,11 @@ static void read_strtabs(FILE *fp)
>>>  		}
>>>  		sec->strtab = malloc(sec->shdr.sh_size);
>>>  		if (!sec->strtab) {
>>> -			die("malloc of %d bytes for strtab failed\n",
>>> +			die("malloc of %"PRIuELF" bytes for strtab failed\n",
>>>  				sec->shdr.sh_size);
>>>  		}
>>>  		if (fseek(fp, sec->shdr.sh_offset, SEEK_SET) < 0) {
>>> -			die("Seek to %d failed: %s\n",
>>> +			die("Seek to %"PRIuELF" failed: %s\n",
>>>  				sec->shdr.sh_offset, strerror(errno));
>>>  		}
>>>  		if (fread(sec->strtab, 1, sec->shdr.sh_size, fp)
>>> @@ -456,11 +456,11 @@ static void read_symtabs(FILE *fp)
>>>  		}
>>>  		sec->symtab = malloc(sec->shdr.sh_size);
>>>  		if (!sec->symtab) {
>>> -			die("malloc of %d bytes for symtab failed\n",
>>> +			die("malloc of %"PRIuELF" bytes for symtab failed\n",
>>>  				sec->shdr.sh_size);
>>>  		}
>>>  		if (fseek(fp, sec->shdr.sh_offset, SEEK_SET) < 0) {
>>> -			die("Seek to %d failed: %s\n",
>>> +			die("Seek to %"PRIuELF" failed: %s\n",
>>>  				sec->shdr.sh_offset, strerror(errno));
>>>  		}
>>>  		if (fread(sec->symtab, 1, sec->shdr.sh_size, fp)
>>> @@ -489,11 +489,11 @@ static void read_relocs(FILE *fp)
>>>  		}
>>>  		sec->reltab = malloc(sec->shdr.sh_size);
>>>  		if (!sec->reltab) {
>>> -			die("malloc of %d bytes for relocs failed\n",
>>> +			die("malloc of %"PRIuELF" bytes for relocs failed\n",
>>>  				sec->shdr.sh_size);
>>>  		}
>>>  		if (fseek(fp, sec->shdr.sh_offset, SEEK_SET) < 0) {
>>> -			die("Seek to %d failed: %s\n",
>>> +			die("Seek to %"PRIuELF" failed: %s\n",
>>>  				sec->shdr.sh_offset, strerror(errno));
>>>  		}
>>>  		if (fread(sec->reltab, 1, sec->shdr.sh_size, fp)
>>> diff --git a/arch/x86/tools/relocs.h b/arch/x86/tools/relocs.h
>>> index 1d23bf953a4a..f41416c31608 100644
>>> --- a/arch/x86/tools/relocs.h
>>> +++ b/arch/x86/tools/relocs.h
>>> @@ -16,7 +16,8 @@
>>>  #include <regex.h>
>>>  #include <tools/le_byteshift.h>
>>>  
>>> -void die(char *fmt, ...) __attribute__((noreturn));
>>> +void die(const char *fmt, ...) __attribute__((noreturn))
>>> +	__attribute__((format(printf, 1, 2)));
>>>  
>>>  #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
>>>  
>>> diff --git a/arch/x86/tools/relocs_32.c b/arch/x86/tools/relocs_32.c
>>> index b2ade2bb4162..8024ec473e6a 100644
>>> --- a/arch/x86/tools/relocs_32.c
>>> +++ b/arch/x86/tools/relocs_32.c
>>> @@ -14,4 +14,7 @@
>>>  #define ELF_ST_BIND(o)		ELF32_ST_BIND(o)
>>>  #define ELF_ST_VISIBILITY(o)	ELF32_ST_VISIBILITY(o)
>>>  
>>> +/* printf format for Elf32_Off */
>>> +#define PRIuELF PRIu32
>>> +
>>>  #include "relocs.c"
>>> diff --git a/arch/x86/tools/relocs_64.c b/arch/x86/tools/relocs_64.c
>>> index 56b61b743c4c..2cf4de5c9d99 100644
>>> --- a/arch/x86/tools/relocs_64.c
>>> +++ b/arch/x86/tools/relocs_64.c
>>> @@ -14,4 +14,7 @@
>>>  #define ELF_ST_BIND(o)          ELF64_ST_BIND(o)
>>>  #define ELF_ST_VISIBILITY(o)    ELF64_ST_VISIBILITY(o)
>>>  
>>> +/* printf format for Elf64_Off */
>>> +#define PRIuELF PRIu64
>>> +
>>>  #include "relocs.c"
>>> diff --git a/arch/x86/tools/relocs_common.c
>> b/arch/x86/tools/relocs_common.c
>>> index acab636bcb34..30adb44eff79 100644
>>> --- a/arch/x86/tools/relocs_common.c
>>> +++ b/arch/x86/tools/relocs_common.c
>>> @@ -1,6 +1,6 @@
>>>  #include "relocs.h"
>>>  
>>> -void die(char *fmt, ...)
>>> +void die(const char *fmt, ...)
>>>  {
>>>  	va_list ap;
>>>  	va_start(ap, fmt);
>>>
> 
> Both are wrong... either PRIu64 or add a cast.

I described in a previous email (https://lkml.org/lkml/2016/9/3/200) the
types which are used. Here is a part of this email:

* When compiling relocs_32.c, sec->shdr.sh_size is of type Elf32_Word
(unsigned int) and sec->shdr.sh_offset is Elf32_Off (unsigned int).
* When compiling relocs_64.c, sec->shdr.sh_size is Elf64_Xword (long
long unsigned int when the compiler is in 32-bit mode, long unsigned int
in 64-bit mode) and sec->shdr.sh_offset is Elf64_Off (same real type as
sec->shdr.sh_size).

With this in mind, would you accept a patch which casts everything to
64-bit integers (uint64_t) and uses PRIu64 (which is %llu on 32-bit x86
and %lu on 64-bit x86)?

Nicolas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ