glibc/csu/check_fds.c
Adhemerval Zanella 06ab719d30 Fix Linux fcntl OFD locks for non-LFS architectures (BZ#20251)
This patch fixes the OFD ("file private") locks for architectures that
support non-LFS flock definition (__USE_FILE_OFFSET64 not defined). The
issue in this case is both F_OFD_{GETLK,SETLK,SETLKW} and
F_{SET,GET}L{W}K64 expects a flock64 argument and when using old
F_OFD_* flags with a non LFS flock argument the kernel might interpret
the underlying data wrongly.  Kernel idea originally was to avoid using
such flags in non-LFS syscall, but since GLIBC uses fcntl with LFS
semantic as default it is possible to provide the functionality and
avoid the bogus struct kernel passing by adjusting the struct manually
for the required flags.

The idea follows other LFS interfaces that provide two symbols:

  1. A new LFS fcntl64 is added on default ABI with the usual macros to
     select it for FILE_OFFSET_BITS=64.

  2. The Linux non-LFS fcntl use a stack allocated struct flock64 for
     F_OFD_{GETLK,SETLK,SETLKW} copy the results on the user provided
     struct.

  3. Keep a compat symbol with old broken semantic for architectures
     that do not define __OFF_T_MATCHES_OFF64_T.

So for architectures which defines __USE_FILE_OFFSET64, fcntl64 will
aliased to fcntl and no adjustment would be required.  So to actually
use F_OFD_* with LFS support the source must be built with LFS support
(_FILE_OFFSET_BITS=64).

Also F_OFD_SETLKW command is handled a cancellation point, as for
F_SETLKW{64}.

Checked on x86_64-linux-gnu and i686-linux-gnu.

	[BZ #20251]
	* NEWS: Mention fcntl64 addition.
	* csu/check_fds.c: Replace __fcntl_nocancel by __fcntl64_nocancel.
	* login/utmp_file.c: Likewise.
	* sysdeps/posix/fdopendir.c: Likewise.
	* sysdeps/posix/opendir.c: Likewise.
	* sysdeps/unix/pt-fcntl.c: Likewise.
	* include/fcntl.h (__libc_fcntl64, __fcntl64,
	__fcntl64_nocancel_adjusted): New prototype.
	(__fcntl_nocancel_adjusted): Remove prototype.
	* io/Makefile (routines): Add fcntl64.
	(CFLAGS-fcntl64.c): New rule.
	* io/Versions [GLIBC_2.28] (fcntl64): New symbol.
	[GLIBC_PRIVATE] (__libc_fcntl): Rename to __libc_fcntl64.
	* io/fcntl.h (fcntl64): Add prototype and redirect if
	__USE_FILE_OFFSET64 is defined.
	* io/fcntl64.c: New file.
	* manual/llio.text: Add a note for which commands fcntl acts a
	cancellation point.
	* nptl/Makefile (CFLAGS-fcntl64.c): New rule.
	* sysdeps/mach/hurd/fcntl.c: Alias fcntl to fcntl64 symbols.
	* sysdeps/mach/hurd/i386/libc.abilist [GLIBC_2.28] (fcntl, fcntl64):
	New symbols.
	* sysdeps/unix/sysv/linux/fcntl.c (__libc_fcntl): Fix F_GETLK64,
	F_OFD_GETLK, F_SETLK64, F_SETLKW64, F_OFD_SETLK, and F_OFD_SETLKW for
	non-LFS case.
	* sysdeps/unix/sysv/linux/fcntl64.c: New file.
	* sysdeps/unix/sysv/linux/fcntl_nocancel.c (__fcntl_nocancel): Rename
	to __fcntl64_nocancel.
	(__fcntl_nocancel_adjusted): Rename to __fcntl64_nocancel_adjusted.
	* sysdeps/unix/sysv/linux/not-cancel.h (__fcntl_nocancel): Rename
	to __fcntl64_nocancel.
	* sysdeps/unix/sysv/linux/tst-ofdlocks.c: New file.
	* sysdeps/unix/sysv/linux/tst-ofdlocks-compat.c: Likewise.
	* sysdeps/unix/sysv/linux/Makefile (tests): Add tst-ofdlocks.
	(tests-internal): Add tst-ofdlocks-compat.
	* sysdeps/unix/sysv/linux/aarch64/libc.abilist [GLIBC_2.28]
	(fcntl64): New symbol.
	* sysdeps/unix/sysv/linux/alpha/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/ia64/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc-le.abilist: Likewise.
	* sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/x86_64/64/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/arm/libc.abilist [GLIBC_2.28] (fcntl,
	fcntl64): Likewise.
	* sysdeps/unix/sysv/linux/hppa/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/i386/libc.abilis: Likewise.
	* sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/microblaze/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/nios2/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist:
	Likewise.
	* sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist:
	Likewise.
	* sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/sh/libc.abilist: Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist: Likewise.
2018-06-26 13:22:53 -03:00

97 lines
3.1 KiB
C

/* Copyright (C) 2000-2018 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
#include <errno.h>
#include <fcntl.h>
#include <paths.h>
#include <unistd.h>
#include <sys/stat.h>
#include <sys/sysmacros.h>
/* Try to get a machine dependent instruction which will make the
program crash. This is used in case everything else fails. */
#include <abort-instr.h>
#ifndef ABORT_INSTRUCTION
/* No such instruction is available. */
# define ABORT_INSTRUCTION
#endif
#include <device-nrs.h>
#include <not-cancel.h>
/* Should other OSes (e.g., Hurd) have different versions which can
be written in a better way? */
static void
check_one_fd (int fd, int mode)
{
if (__builtin_expect (__fcntl64_nocancel (fd, F_GETFD), 0) == -1
&& errno == EBADF)
{
const char *name;
dev_t dev;
/* For writable descriptors we use /dev/full. */
if ((mode & O_ACCMODE) == O_WRONLY)
{
name = _PATH_DEV "full";
dev = __gnu_dev_makedev (DEV_FULL_MAJOR, DEV_FULL_MINOR);
}
else
{
name = _PATH_DEVNULL;
dev = __gnu_dev_makedev (DEV_NULL_MAJOR, DEV_NULL_MINOR);
}
/* Something is wrong with this descriptor, it's probably not
opened. Open /dev/null so that the SUID program we are
about to start does not accidentally use this descriptor. */
int nullfd = __open_nocancel (name, mode, 0);
/* We are very paranoid here. With all means we try to ensure
that we are actually opening the /dev/null device and nothing
else.
Note that the following code assumes that STDIN_FILENO,
STDOUT_FILENO, STDERR_FILENO are the three lowest file
decsriptor numbers, in this order. */
struct stat64 st;
if (__builtin_expect (nullfd != fd, 0)
|| __builtin_expect (__fxstat64 (_STAT_VER, fd, &st), 0) != 0
|| __builtin_expect (S_ISCHR (st.st_mode), 1) == 0
|| st.st_rdev != dev)
/* We cannot even give an error message here since it would
run into the same problems. */
while (1)
/* Try for ever and ever. */
ABORT_INSTRUCTION;
}
}
void
__libc_check_standard_fds (void)
{
/* Check all three standard file descriptors. The O_NOFOLLOW flag
is really paranoid but some people actually are. If /dev/null
should happen to be a symlink to somewhere else and not the
device commonly known as "/dev/null" we bail out. */
check_one_fd (STDIN_FILENO, O_WRONLY | O_NOFOLLOW);
check_one_fd (STDOUT_FILENO, O_RDONLY | O_NOFOLLOW);
check_one_fd (STDERR_FILENO, O_RDONLY | O_NOFOLLOW);
}