| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 2 Apr 2023 09:45:57 +0200
From: Willy Tarreau <w@....eu>
To: Thomas Weißschuh <linux@...ssschuh.net>
Cc: Shuah Khan <shuah@...nel.org>, linux-kernel@...r.kernel.org,
linux-kselftest@...r.kernel.org
Subject: Re: [PATCH 2/3] tools/nolibc: let FILE streams contain an fd
Hi Thomas,
On Tue, Mar 28, 2023 at 09:01:30PM +0000, Thomas Weißschuh wrote:
> This enables the usage of the stream APIs with arbitrary filedescriptors.
>
> It will be used by a future testcase.
> Users can also use nolibc-specific code to do the same.
>
> Signed-off-by: Thomas Weißschuh <linux@...ssschuh.net>
> ---
> tools/include/nolibc/stdio.h | 36 +++++++-----------------------------
> 1 file changed, 7 insertions(+), 29 deletions(-)
>
> diff --git a/tools/include/nolibc/stdio.h b/tools/include/nolibc/stdio.h
> index 96ac8afc5aee..cb58912b98e5 100644
> --- a/tools/include/nolibc/stdio.h
> +++ b/tools/include/nolibc/stdio.h
> @@ -21,17 +21,13 @@
> #define EOF (-1)
> #endif
>
> -/* just define FILE as a non-empty type */
> typedef struct FILE {
> - char dummy[1];
> + int fd;
> } FILE;
In my opinion this makes the usage of FILE* more complicated than before.
Look for example at your vfprintf() test case, you had to do this with
the fd provided by memfd_create():
w = vfprintf(&(FILE) { fd }, fmt, args);
This is particularly ugly especially for code that needs to be exposed
to end-user. Also it breaks compatibility with glibc that is seldom used
to check if trouble comes from nolibc or from the test itself. It would
be much better to have fdopen() here but the new struct makes this
impossible.
I would propose instead to go back to the previous definition and simply
change its semantics a little bit:
/* just define FILE as a non-empty type. The value of the pointer gives
* the FD: FILE=~fd for fd>=0 or NULL for fd<0. This way positive FILE
* are immediately identified as abnormal entries (i.e. possible copies
* of valid pointers to something else).
typedef struct FILE {
char dummy[1];
} FILE;
Then we can have:
static __attribute__((unused)) FILE* const stdin = (FILE*)(uintptr_t)~STDIN_FILENO;
static __attribute__((unused)) FILE* const stdout = (FILE*)(uintptr_t)~STDOUT_FILENO;
static __attribute__((unused)) FILE* const stderr = (FILE*)(uintptr_t)~STDERR_FILENO;
/* provides a FILE* equivalent of fd. The mode is ignored. */
static __attribute__((unused))
FILE *fdopen(int fd, const char *mode)
{
if (fd < 0)
return NULL;
return (FILE*)(uintptr_t)~fd;
}
And your FD can simply be passed this way:
fd = memfd_create("vfprintf", 0);
if (fd == -1) {
pad_spc(llen, 64, "[FAIL]\n");
return 1;
}
va_start(args, fmt);
w = vfprintf(fdopen(fd, "w+"), fmt, args);
va_end(args);
This way it works more like common usage and restores glibc compatibility.
Regards,
Willy
Powered by blists - more mailing lists