From patchwork Thu Dec 26 20:50:20 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adhemerval Zanella <adhemerval.zanella@linaro.org>
X-Patchwork-Id: 853703
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp4950268wrq;
 Thu, 26 Dec 2024 12:50:53 -0800 (PST)
X-Forwarded-Encrypted: i=3;
 AJvYcCV9ZxmVuYNNDMgbdAdnmzB8vV2GHAooAl4f97ES/xP9P3iQXSTL54YdlMo2geKbr6Ex2rqtcw==@linaro.org
X-Google-Smtp-Source: AGHT+IHhISYQCPI9Vw2d5istKOd+9nYN4Djk1LnUHOnB12u4FughU69feygebWiKQjTqvGyU9k3I
X-Received: by 2002:a05:6214:400a:b0:6d8:7c82:e542 with SMTP id
 6a1803df08f44-6dd2331a3famr384266156d6.4.1735246253317;
 Thu, 26 Dec 2024 12:50:53 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1735246253; cv=pass;
 d=google.com; s=arc-20240605;
 b=Zm5UHBpwGc5p0oiMaPDbEW7bUOXTzakBZmcnoGZ3rW1Q7+fS/wH8m9FcGyKrkAx9xr
 B3inYA7My0J/QHoEoGoJYOUXnFwRqfOKIoS5LMXaoNseuE3fp1i9EM80Xmy4QDIuA8c/
 QgFLsWcSxOhX2JScNcyz5dWq8gjo4Xdt08dFC504y3504naoRuARNXI+bPjOTNfFY9L5
 tbGJKDjxWV1zjDyLFDgJeEEgdCrcj4RM6ty7u0oAxD7LR+1wGzb7R7C289vRfqvKRUOJ
 m2QnqgfAEVR6gX2l9EC6tE80hfIJ/NCaiZA3xV/P55iHXixUPOKX5mPsuzPQIhN6/LIG
 jong==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
 h=errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:message-id:date:subject:cc:to:from:dkim-signature
 :dkim-filter:arc-filter:dmarc-filter:delivered-to:dkim-filter;
 bh=8RmO0O16tPt+j9mUz2+vMrE/PwDaQqulwfAhUA4m324=;
 fh=hJveAxjXoERxTT1/Aw1CsKqUTyRsUnRLEa40TGk7EDE=;
 b=ewUM1V6V7hwb9CFt7x2QcubeOUZKkYws4bVyConlGJuQkmBk2g4qptxvVm5P2Vdcqh
 RZNVGMmkbbNxWCl8vvfA5U1cfSzK7jK65Cfhr2njbEOK56TPcRwOjWRvN6DyfxhO3fQE
 eAjfAINXbiJPYDxNoPLHksLWv8rQtGmcAOiwKXOTMc57QMR847Gt3tkg3CICzmmf+pMe
 Mhrod29BYMwChdhdPhg/By0M5N2p6CqrJxIHe3OFzaLNC33Xxi9kA8EGMwayphHgz2d+
 oz4skMAoAvF38TBKW7v5MVWQYsqe+7f4znMMb/AS4uBzCBVNWwmH3xVp75ZH+L2Jq8cG
 PDRg==; dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=Kd2lieqA;
 arc=pass (i=1); spf=pass (google.com: domain of
 libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <libc-alpha-bounces~patch=linaro.org@sourceware.org>
Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97])
 by mx.google.com with ESMTPS id
 6a1803df08f44-6dd1824ee52si212558436d6.337.2024.12.26.12.50.52
 for <patch@linaro.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 26 Dec 2024 12:50:53 -0800 (PST)
Received-SPF: pass (google.com: domain of
 libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as
 permitted sender) client-ip=8.43.85.97;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=Kd2lieqA;
 arc=pass (i=1); spf=pass (google.com: domain of
 libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
 by sourceware.org (Postfix) with ESMTP id 859DC3858C48
 for <patch@linaro.org>; Thu, 26 Dec 2024 20:50:52 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 859DC3858C48
Authentication-Results: sourceware.org; dkim=pass (2048-bit key,
 unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256
 header.s=google header.b=Kd2lieqA
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com
 [IPv6:2607:f8b0:4864:20::62a])
 by sourceware.org (Postfix) with ESMTPS id 1ABD23858D20
 for <libc-alpha@sourceware.org>; Thu, 26 Dec 2024 20:50:36 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 1ABD23858D20
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 1ABD23858D20
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=2607:f8b0:4864:20::62a
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735246236; cv=none;
 b=Y2fZTRNdZFQN+kM/iK/uWXur4clWLfZrfnXVNkZ3sQ69Pt0KOkarCUa2/qEIPiXNHd6FSd7OfRhzcQpOFZkFmBnUpX9HXL7dBi9CmfB9x+DR3O+LYOGVdg4JCVZUce0aJk5VyHrBw60FufzKnzqu2U84mBn/4PnQ8IDxqmHFUvI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1735246236; c=relaxed/simple;
 bh=/sBFwBeZpcxUoXtveoVKlNZjglCtFmEzRVW6eKp+OF4=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=YbXfH/0tOgpgPbdgN0QtD1x6Wz1+OLoG8m4NJ+mHQbIcJ7EpHZ8Q1we7pV0W4C9+C1CmYDAMMdiSOZV2iF8HjBRcpqn7AFYOfl+lFm4nJabZV1E4YkFL+VUjjA7bm/sB1FfPCmO+eHTES4aIByPEIGc0sgpUnSyxMppHK19THog=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1ABD23858D20
Received: by mail-pl1-x62a.google.com with SMTP id
 d9443c01a7336-2161eb95317so82092915ad.1
 for <libc-alpha@sourceware.org>; Thu, 26 Dec 2024 12:50:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1735246234; x=1735851034; darn=sourceware.org;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=8RmO0O16tPt+j9mUz2+vMrE/PwDaQqulwfAhUA4m324=;
 b=Kd2lieqAb3xPH/T8hJo23EwALTKB/VjKv0HRHwvgFgkx0+PbZGCWXLcvckz685WuJ9
 zVPksOfS+26HKiM1IwPjiqmNgnvDmZ2mcYrSo6MeZjBdxHhX3kBY0epZMLXbxwqraOFe
 fdEVSIan8vsS0FbCHFUkar6H1GTv/WdQpu52M10a+EYAudxx6Hli0IAvCQy3C1raXEhe
 YLkymKEFX48FpvAa84thziQVLKodIGp/J3JaJvgLHgZPwxHO4Ag36o0dC/SQFA1Wb3Y2
 TQPnmC29koNrKmQQfe2w9Ec29YccB2AuWrpc6cJuB5lQLz0ILQBi2W2qnBKejM+SwJdJ
 kXFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1735246235; x=1735851035;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=8RmO0O16tPt+j9mUz2+vMrE/PwDaQqulwfAhUA4m324=;
 b=mh5gu2hVROV7EFSZTyacwjWQM/eNFI4xuh8vP8rNcVyTeCzXVvX7hEY5dhJ9voZANL
 2gQlq9uRWIrGNuds61NoQW9DgnxNhuCVE081By/p1oX93okBINdM+okosPxFdOn4JPss
 P2nImn0YTLLbF13vZ4tY+VRxaqcZV1VqMregFKTnxkbCGpJwv8MfcUknSUCufml6iV7w
 arW8g3G6qtDPDkrOKsG0rxU+gQqnJdmZkqO25hCeHijJjlCBaj6ZsUKUkZ3pPFfeGvrV
 SuGD3CFY8sLvSTdlhrq9a9tw3mFe1A51iL2AunYQdUhCPdxcqyhRsJLSq6qFU39LrR7P
 wrZQ==
X-Gm-Message-State: AOJu0YwF19weLSYtJf0xWTHqv7SopWB8yTAFj/bM0b0sE85r1ZMcJAZ3
 /7LgPY4DgWyr2QbAB9QT5opmdckNwUhj7yd224QA8EhvaCWLVYDrprFCDI5JRtTnK5ZXgFjOfIV
 Y
X-Gm-Gg: ASbGncuZzEridJGj/4G6bGVgfHwO6azK/KDnW9N623o+Ey115e9pgJ915kTAZsWKj59
 g9gCsg+skb/itwOYrukF9+leZcbKjCR1DrYXwaK0XdhCXXU9ZRdfMS64S6/epS+ZJduQDS+CrTN
 jc83ycVaZ1Ci5dc82xxRcMar7F22wqnd5nmZaynTjubFhbKzXQlu4coqhw1kiw1SZxN9JGsjoT0
 SxOcIcY5fRiIqeF6YjdYnNJMzbQ7pzZkkjvp9GOZ9E+mkuHuMTHAxfgmd7kAvsQVviLKHZiMCrt
 j47EX7BfWl8+y4GTGoOXpmDHp9Cw
X-Received: by 2002:a05:6a00:858a:b0:725:460e:6bc0 with SMTP id
 d2e1a72fcca58-72abdbd8ff6mr29419710b3a.0.1735246234527;
 Thu, 26 Dec 2024 12:50:34 -0800 (PST)
Received: from ubuntu-vm.. (201-92-184-234.dsl.telesp.net.br. [201.92.184.234])
 by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72aad8fd7b0sm2644033b3a.139.2024.12.26.12.50.32
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 26 Dec 2024 12:50:34 -0800 (PST)
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: libc-alpha@sourceware.org
Cc: DJ Delorie <dj@redhat.com>,
 Adhemerval Zanella <adhemerval.zanella@linaro.org>
Subject: [PATCH] linux: Use __libc_procutils_read_file on __readonly_area
Date: Thu, 26 Dec 2024 17:50:20 -0300
Message-ID: <20241226205027.3865649-1-adhemerval.zanella@linaro.org>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org

The assert/test-assert-2 overrides malloc to check if assert works
when malloc is not avaiable.  However, when fortification is enabled
__aprintf checks if the format is on a read-only area with
__readonly_area, and since it uses fopen (which calls malloc) the
prints ends up failing due a fortify abort.

This patch replace the fopen usage with __libc_procutils_read_file_ext,
which uses a static buffer.  The buffer used on current
__libc_procutils_read_file (PROCUTILS_MAX_LINE_LEN/256) is not suitable
to read the /proc/self/maps because the pathname can be up to PATH_MAX.

It removes the malloc usage from fopen and fixes the assert/test-assert-2
regression when glibc is configured with fortification.

Checked on aarch64-linux-gnu.
---
 sysdeps/unix/sysv/linux/procutils.c     |  29 ++++--
 sysdeps/unix/sysv/linux/procutils.h     |   8 ++
 sysdeps/unix/sysv/linux/readonly-area.c | 125 ++++++++++++------------
 3 files changed, 96 insertions(+), 66 deletions(-)

diff --git a/sysdeps/unix/sysv/linux/procutils.c b/sysdeps/unix/sysv/linux/procutils.c
index 86d3d37329..55f332ed58 100644
--- a/sysdeps/unix/sysv/linux/procutils.c
+++ b/sysdeps/unix/sysv/linux/procutils.c
@@ -70,13 +70,10 @@ next_line (char **r, int fd, char *const buffer, char **cp, char **re,
   return 1;
 }
 
-bool
-__libc_procutils_read_file (const char *filename,
-			    procutils_closure_t closure,
-			    void *arg)
+static bool
+procutils_read_file (const char *filename, char *buffer, size_t buffer_size,
+		     procutils_closure_t closure, void *arg)
 {
-  enum { buffer_size = PROCUTILS_MAX_LINE_LEN };
-  char buffer[buffer_size];
   char *buffer_end = buffer + buffer_size;
   char *cp = buffer_end;
   char *re = buffer_end;
@@ -96,3 +93,23 @@ __libc_procutils_read_file (const char *filename,
 
   return r == 1;
 }
+
+
+bool
+__libc_procutils_read_file (const char *filename,
+			    procutils_closure_t closure,
+			    void *arg)
+{
+  enum { buffer_size = PROCUTILS_MAX_LINE_LEN };
+  char buffer[buffer_size];
+  return procutils_read_file (filename, buffer, buffer_size, closure, arg);
+}
+
+bool
+__libc_procutils_read_file_ext (const char *filename,
+				char *buffer, size_t size,
+				procutils_closure_t closure,
+				void *arg)
+{
+  return procutils_read_file (filename, buffer, size, closure, arg);
+}
diff --git a/sysdeps/unix/sysv/linux/procutils.h b/sysdeps/unix/sysv/linux/procutils.h
index acf1ec587a..e328ef5df4 100644
--- a/sysdeps/unix/sysv/linux/procutils.h
+++ b/sysdeps/unix/sysv/linux/procutils.h
@@ -20,6 +20,7 @@
 #define _PROCUTILS_H
 
 #include <stdbool.h>
+#include <stddef.h>
 
 typedef int (*procutils_closure_t) (const char *line, void *arg);
 
@@ -41,4 +42,11 @@ bool __libc_procutils_read_file (const char *filename,
 				 procutils_closure_t closure,
 				 void *arg) attribute_hidden;
 
+/* Same as __libc_procutils_read_file, but instead of using a stack allocated
+   buffer of PROCUTILS_MAX_LINE_LEN size, use BUFFER of SIZE instead.  */
+bool __libc_procutils_read_file_ext (const char *filename,
+				     char *buffer, size_t size,
+				     procutils_closure_t closure,
+				     void *arg) attribute_hidden;
+
 #endif
diff --git a/sysdeps/unix/sysv/linux/readonly-area.c b/sysdeps/unix/sysv/linux/readonly-area.c
index 67975cf10d..adeec8aeaa 100644
--- a/sysdeps/unix/sysv/linux/readonly-area.c
+++ b/sysdeps/unix/sysv/linux/readonly-area.c
@@ -16,23 +16,77 @@
    <https://www.gnu.org/licenses/>.  */
 
 #include <errno.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <stdio_ext.h>
+#include <procutils.h>
 #include <stdlib.h>
-#include <string.h>
-#include "libio/libioP.h"
+#include <stdint.h>
 
-/* Return 1 if the whole area PTR .. PTR+SIZE is not writable.
-   Return -1 if it is writable.  */
+struct proc_self_find_map_t
+{
+  size_t size;
+  uintptr_t ptr;
+  uintptr_t ptr_end;
+};
+
+static int
+proc_self_find_map (const char *line, void *arg)
+{
+  struct proc_self_find_map_t *a = arg;
+
+  char *p;
+  uintptr_t from = strtoul (line, &p, 16);
+  if (p == line || *p++ != '-')
+    return -1;
+
+  char *q;
+  uintptr_t to = strtoul (p, &q, 16);
+  if (q == p || *q++ != ' ')
+    return -1;
+
+  if (from < a->ptr_end && to > a->ptr)
+    {
+      /* Found an entry that at least partially covers the area.  */
+      if (*q++ != 'r' || *q++ != '-')
+	return 1;
+
+      if (from <= a->ptr && to >= a->ptr_end)
+	{
+	  a->size = 0;
+	  return 1;
+	}
+      else if (from <= a->ptr)
+	a->size -= to - a->ptr;
+      else if (to >= a->ptr_end)
+	a->size -= a->ptr_end - from;
+      else
+	a->size -= to - from;
+
+      if (a->size == 0)
+	return 1;
+    }
+
+  return 0;
+}
 
 int
 __readonly_area (const char *ptr, size_t size)
 {
-  const void *ptr_end = ptr + size;
+  /* Each line is in the form:
 
-  FILE *fp = fopen ("/proc/self/maps", "rce");
-  if (fp == NULL)
+     hexnumber-hexnumber perms hexnumber dev inode pathname
+
+     with all fields up to pathname being aligned to 48 (32-bit architectures)
+     or 72 (64-bit architectures) characteres.  */
+  enum { buffer_size = 25 + sizeof(void *) * 6 - 1 + PATH_MAX };
+  char buffer[buffer_size];
+
+  struct proc_self_find_map_t args =
+    {
+      .size = size,
+      .ptr = (uintptr_t) ptr,
+      .ptr_end = (uintptr_t) ptr + size
+    };
+  if (!__libc_procutils_read_file_ext ("/proc/self/maps", buffer, buffer_size,
+				   proc_self_find_map,  &args))
     {
       /* It is the system administrator's choice to not have /proc
 	 available to this process (e.g., because it runs in a chroot
@@ -49,56 +103,7 @@ __readonly_area (const char *ptr, size_t size)
       return -1;
     }
 
-  /* We need no locking.  */
-  __fsetlocking (fp, FSETLOCKING_BYCALLER);
-
-  char *line = NULL;
-  size_t linelen = 0;
-
-  while (! __feof_unlocked (fp))
-    {
-      if (__getdelim (&line, &linelen, '\n', fp) <= 0)
-	break;
-
-      char *p;
-      uintptr_t from = strtoul (line, &p, 16);
-
-      if (p == line || *p++ != '-')
-	break;
-
-      char *q;
-      uintptr_t to = strtoul (p, &q, 16);
-
-      if (q == p || *q++ != ' ')
-	break;
-
-      if (from < (uintptr_t) ptr_end && to > (uintptr_t) ptr)
-	{
-	  /* Found an entry that at least partially covers the area.  */
-	  if (*q++ != 'r' || *q++ != '-')
-	    break;
-
-	  if (from <= (uintptr_t) ptr && to >= (uintptr_t) ptr_end)
-	    {
-	      size = 0;
-	      break;
-	    }
-	  else if (from <= (uintptr_t) ptr)
-	    size -= to - (uintptr_t) ptr;
-	  else if (to >= (uintptr_t) ptr_end)
-	    size -= (uintptr_t) ptr_end - from;
-	  else
-	    size -= to - from;
-
-	  if (!size)
-	    break;
-	}
-    }
-
-  fclose (fp);
-  free (line);
-
   /* If the whole area between ptr and ptr_end is covered by read-only
      VMAs, return 1.  Otherwise return -1.  */
-  return size == 0 ? 1 : -1;
+  return args.size == 0 ? 1 : -1;
 }