diff options
| author | George Burgess IV <gbiv@google.com> | 2017-07-24 15:05:05 -0700 |
|---|---|---|
| committer | George Burgess IV <gbiv@google.com> | 2017-07-27 17:00:13 -0700 |
| commit | b97049c0390cb1a11b9cb0b14391972e69398ce5 (patch) | |
| tree | c331f88d0cb75e427564fdebd15738adf410f501 /libc/include/unistd.h | |
| parent | 38bcf2b704eb5038668759d2dd37115aea1dc437 (diff) | |
| download | bionic-b97049c0390cb1a11b9cb0b14391972e69398ce5.tar.gz | |
libc: Split FORTIFY into its own headers
This patch cleans up our standard headers by moving most of the FORTIFY
cruft out in to its own sandbox. In order to include the *_chk and
*_real declarations, you can either enable FORTIFY, or `#define
__BIONIC_DECLARE_FORTIFY_HELPERS`.
Both sys/select.h and strings.h are explicitly ignored by this patch.
Both of these files have very small __BIONIC_FORTIFY blocks, and don't
define any actual FORTIFY'ed functions (just macros, and 3 *_chk
functions).
This patch also makes the versioner ignore the FORTIFY implementation
headers, since we're guaranteed to pick the FORTIFY'ed headers up when
looking at the regular headers. (...Not to mention that making the
FORTIFY'ed headers freestanding would be annoying to do and maintain for
~no benefit).
We bake the knowledge of where FORTIFY headers live directly into the
versioner. We could go with a more general approach (e.g. adding an -X
IGNORED_FILE flag that tells the versioner to ignore
$HEADER_PATH/$IGNORED_FILE), but we'd then have to repeat that for every
test, every manual invocation of the versioner, etc. for no benefit
that's obvious to me.
Bug: 12231437
Test: m checkbuild on bullhead internal master + CtsBionicTestCases. no
new errors.
Change-Id: Iffc0cc609009b33d989cdaddde0a809282131a5b
Diffstat (limited to 'libc/include/unistd.h')
| -rw-r--r-- | libc/include/unistd.h | 496 |
1 files changed, 2 insertions, 494 deletions
diff --git a/libc/include/unistd.h b/libc/include/unistd.h index e024527ef..bacc5a761 100644 --- a/libc/include/unistd.h +++ b/libc/include/unistd.h @@ -241,505 +241,13 @@ int tcsetpgrp(int __fd, pid_t __pid); } while (_rc == -1 && errno == EINTR); \ _rc; }) -/* TODO(unified-headers): Factor out all the FORTIFY features. */ -char* __getcwd_chk(char*, size_t, size_t) __INTRODUCED_IN(24); - -ssize_t __pread_chk(int, void*, size_t, off_t, size_t) __INTRODUCED_IN(23); -ssize_t __pread_real(int, void*, size_t, off_t) __RENAME(pread); - -ssize_t __pread64_chk(int, void*, size_t, off64_t, size_t) __INTRODUCED_IN(23); -ssize_t __pread64_real(int, void*, size_t, off64_t) __RENAME(pread64) __INTRODUCED_IN(12); - -ssize_t __pwrite_chk(int, const void*, size_t, off_t, size_t) __INTRODUCED_IN(24); -ssize_t __pwrite_real(int, const void*, size_t, off_t) __RENAME(pwrite); - -ssize_t __pwrite64_chk(int, const void*, size_t, off64_t, size_t) __INTRODUCED_IN(24); -ssize_t __pwrite64_real(int, const void*, size_t, off64_t) __RENAME(pwrite64) - __INTRODUCED_IN(12); - -ssize_t __read_chk(int, void*, size_t, size_t) __INTRODUCED_IN(21); -ssize_t __write_chk(int, const void*, size_t, size_t) __INTRODUCED_IN(24); -ssize_t __readlink_chk(const char*, char*, size_t, size_t) __INTRODUCED_IN(23); -ssize_t __readlinkat_chk(int dirfd, const char*, char*, size_t, size_t) __INTRODUCED_IN(23); - int getdomainname(char*, size_t) __INTRODUCED_IN(26); int setdomainname(const char*, size_t) __INTRODUCED_IN(26); -#if defined(__BIONIC_FORTIFY) - -#if defined(__USE_FILE_OFFSET64) -#define __PREAD_PREFIX(x) __pread64_ ## x -#define __PWRITE_PREFIX(x) __pwrite64_ ## x -#else -#define __PREAD_PREFIX(x) __pread_ ## x -#define __PWRITE_PREFIX(x) __pwrite_ ## x +#if defined(__BIONIC_INCLUDE_FORTIFY_HEADERS) +#include <bits/fortify/unistd.h> #endif -#if defined(__clang__) -#define __error_if_overflows_ssizet(what) \ - __enable_if(what > SSIZE_MAX, #what " must be <= SSIZE_MAX") \ - __errorattr(#what " must be <= SSIZE_MAX") - -#define __enable_if_no_overflow_ssizet(what) \ - __enable_if((what) <= SSIZE_MAX, "enabled if " #what " <= SSIZE_MAX") - -#define __error_if_overflows_objectsize(what, objsize) \ - __enable_if((objsize) != __BIONIC_FORTIFY_UNKNOWN_SIZE && \ - (what) > (objsize), \ - "'" #what "' bytes overflows the given object") \ - __errorattr("'" #what "' bytes overflows the given object") - -__BIONIC_ERROR_FUNCTION_VISIBILITY -char* getcwd(char* buf, size_t size) __overloadable - __error_if_overflows_objectsize(size, __bos(buf)); - -#if __ANDROID_API__ >= __ANDROID_API_N__ -__BIONIC_FORTIFY_INLINE -char* getcwd(char* const __pass_object_size buf, size_t size) __overloadable { - size_t bos = __bos(buf); - - /* - * Clang responds bos==0 if buf==NULL - * (https://llvm.org/bugs/show_bug.cgi?id=23277). Given that NULL is a valid - * value, we need to handle that. - */ - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE || buf == NULL) { - return __call_bypassing_fortify(getcwd)(buf, size); - } - - return __getcwd_chk(buf, size, bos); -} -#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */ - -#if __ANDROID_API__ >= __ANDROID_API_M__ -__BIONIC_ERROR_FUNCTION_VISIBILITY -ssize_t pread(int fd, void* buf, size_t count, off_t offset) __overloadable - __error_if_overflows_ssizet(count); - -__BIONIC_ERROR_FUNCTION_VISIBILITY -ssize_t pread(int fd, void* buf, size_t count, off_t offset) __overloadable - __enable_if_no_overflow_ssizet(count) - __error_if_overflows_objectsize(count, __bos0(buf)); - -__BIONIC_FORTIFY_INLINE -ssize_t pread(int fd, void* const __pass_object_size0 buf, size_t count, - off_t offset) __overloadable { - size_t bos = __bos0(buf); - - if (count == __BIONIC_FORTIFY_UNKNOWN_SIZE) { - return __PREAD_PREFIX(real)(fd, buf, count, offset); - } - - return __PREAD_PREFIX(chk)(fd, buf, count, offset, bos); -} - -__BIONIC_ERROR_FUNCTION_VISIBILITY -ssize_t pread64(int fd, void* buf, size_t count, off64_t offset) __overloadable - __error_if_overflows_ssizet(count); - -__BIONIC_ERROR_FUNCTION_VISIBILITY -ssize_t pread64(int fd, void* buf, size_t count, off64_t offset) __overloadable - __enable_if_no_overflow_ssizet(count) - __error_if_overflows_objectsize(count, __bos0(buf)); - -__BIONIC_FORTIFY_INLINE -ssize_t pread64(int fd, void* const __pass_object_size0 buf, size_t count, - off64_t offset) __overloadable { - size_t bos = __bos0(buf); - - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { - return __pread64_real(fd, buf, count, offset); - } - - return __pread64_chk(fd, buf, count, offset, bos); -} -#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */ - -#if __ANDROID_API__ >= __ANDROID_API_N__ -__BIONIC_ERROR_FUNCTION_VISIBILITY -ssize_t pwrite(int fd, const void* buf, size_t count, off_t offset) - __overloadable - __error_if_overflows_ssizet(count); - -__BIONIC_ERROR_FUNCTION_VISIBILITY -ssize_t pwrite(int fd, const void* buf, size_t count, off_t offset) - __overloadable - __enable_if_no_overflow_ssizet(count) - __error_if_overflows_objectsize(count, __bos0(buf)); - -__BIONIC_FORTIFY_INLINE -ssize_t pwrite(int fd, const void* const __pass_object_size0 buf, size_t count, - off_t offset) __overloadable { - size_t bos = __bos0(buf); - - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { - return __PWRITE_PREFIX(real)(fd, buf, count, offset); - } - - return __PWRITE_PREFIX(chk)(fd, buf, count, offset, bos); -} - -__BIONIC_ERROR_FUNCTION_VISIBILITY -ssize_t pwrite64(int fd, const void* buf, size_t count, off64_t offset) - __overloadable - __error_if_overflows_ssizet(count); - -__BIONIC_ERROR_FUNCTION_VISIBILITY -ssize_t pwrite64(int fd, const void* buf, size_t count, off64_t offset) - __overloadable - __enable_if_no_overflow_ssizet(count) - __error_if_overflows_objectsize(count, __bos0(buf)); - -__BIONIC_FORTIFY_INLINE -ssize_t pwrite64(int fd, const void* const __pass_object_size0 buf, - size_t count, off64_t offset) __overloadable { - size_t bos = __bos0(buf); - - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { - return __pwrite64_real(fd, buf, count, offset); - } - - return __pwrite64_chk(fd, buf, count, offset, bos); -} -#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */ - -#if __ANDROID_API__ >= __ANDROID_API_L__ -__BIONIC_ERROR_FUNCTION_VISIBILITY -ssize_t read(int fd, void* buf, size_t count) __overloadable - __error_if_overflows_ssizet(count); - -__BIONIC_ERROR_FUNCTION_VISIBILITY -ssize_t read(int fd, void* buf, size_t count) __overloadable - __enable_if_no_overflow_ssizet(count) - __error_if_overflows_objectsize(count, __bos0(buf)); - -__BIONIC_FORTIFY_INLINE -ssize_t read(int fd, void* const __pass_object_size0 buf, size_t count) - __overloadable { - size_t bos = __bos0(buf); - - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { - return __call_bypassing_fortify(read)(fd, buf, count); - } - - return __read_chk(fd, buf, count, bos); -} -#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */ - -#if __ANDROID_API__ >= __ANDROID_API_N__ -__BIONIC_ERROR_FUNCTION_VISIBILITY -ssize_t write(int fd, const void* buf, size_t count) __overloadable - __error_if_overflows_ssizet(count); - -__BIONIC_ERROR_FUNCTION_VISIBILITY -ssize_t write(int fd, const void* buf, size_t count) __overloadable - __enable_if_no_overflow_ssizet(count) - __error_if_overflows_objectsize(count, __bos0(buf)); - -__BIONIC_FORTIFY_INLINE -ssize_t write(int fd, const void* const __pass_object_size0 buf, size_t count) - __overloadable { - size_t bos = __bos0(buf); - - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { - return __call_bypassing_fortify(write)(fd, buf, count); - } - - return __write_chk(fd, buf, count, bos); -} -#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */ - -#if __ANDROID_API__ >= __ANDROID_API_M__ -__BIONIC_ERROR_FUNCTION_VISIBILITY -ssize_t readlink(const char* path, char* buf, size_t size) __overloadable - __error_if_overflows_ssizet(size); - -__BIONIC_ERROR_FUNCTION_VISIBILITY -ssize_t readlink(const char* path, char* buf, size_t size) __overloadable - __enable_if_no_overflow_ssizet(size) - __error_if_overflows_objectsize(size, __bos(buf)); - -__BIONIC_FORTIFY_INLINE -ssize_t readlink(const char* path, char* const __pass_object_size buf, - size_t size) __overloadable { - size_t bos = __bos(buf); - - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { - return __call_bypassing_fortify(readlink)(path, buf, size); - } - - return __readlink_chk(path, buf, size, bos); -} - -__BIONIC_ERROR_FUNCTION_VISIBILITY -ssize_t readlinkat(int dirfd, const char* path, char* buf, size_t size) - __overloadable - __error_if_overflows_ssizet(size); - -__BIONIC_ERROR_FUNCTION_VISIBILITY -ssize_t readlinkat(int dirfd, const char* path, char* buf, size_t size) - __overloadable - __enable_if_no_overflow_ssizet(size) - __error_if_overflows_objectsize(size, __bos(buf)); - -__BIONIC_FORTIFY_INLINE -ssize_t readlinkat(int dirfd, const char* path, - char* const __pass_object_size buf, size_t size) - __overloadable { - size_t bos = __bos(buf); - - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { - return __call_bypassing_fortify(readlinkat)(dirfd, path, buf, size); - } - - return __readlinkat_chk(dirfd, path, buf, size, bos); -} -#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */ - -#undef __enable_if_no_overflow_ssizet -#undef __error_if_overflows_objectsize -#undef __error_if_overflows_ssizet -#else /* defined(__clang__) */ - -char* __getcwd_real(char*, size_t) __RENAME(getcwd); -ssize_t __read_real(int, void*, size_t) __RENAME(read); -ssize_t __write_real(int, const void*, size_t) __RENAME(write); -ssize_t __readlink_real(const char*, char*, size_t) __RENAME(readlink); -ssize_t __readlinkat_real(int dirfd, const char*, char*, size_t) __RENAME(readlinkat); - -__errordecl(__getcwd_dest_size_error, "getcwd called with size bigger than destination"); -__errordecl(__pread_dest_size_error, "pread called with size bigger than destination"); -__errordecl(__pread_count_toobig_error, "pread called with count > SSIZE_MAX"); -__errordecl(__pread64_dest_size_error, "pread64 called with size bigger than destination"); -__errordecl(__pread64_count_toobig_error, "pread64 called with count > SSIZE_MAX"); -__errordecl(__pwrite_dest_size_error, "pwrite called with size bigger than destination"); -__errordecl(__pwrite_count_toobig_error, "pwrite called with count > SSIZE_MAX"); -__errordecl(__pwrite64_dest_size_error, "pwrite64 called with size bigger than destination"); -__errordecl(__pwrite64_count_toobig_error, "pwrite64 called with count > SSIZE_MAX"); -__errordecl(__read_dest_size_error, "read called with size bigger than destination"); -__errordecl(__read_count_toobig_error, "read called with count > SSIZE_MAX"); -__errordecl(__write_dest_size_error, "write called with size bigger than destination"); -__errordecl(__write_count_toobig_error, "write called with count > SSIZE_MAX"); -__errordecl(__readlink_dest_size_error, "readlink called with size bigger than destination"); -__errordecl(__readlink_size_toobig_error, "readlink called with size > SSIZE_MAX"); -__errordecl(__readlinkat_dest_size_error, "readlinkat called with size bigger than destination"); -__errordecl(__readlinkat_size_toobig_error, "readlinkat called with size > SSIZE_MAX"); - -#if __ANDROID_API__ >= __ANDROID_API_N__ -__BIONIC_FORTIFY_INLINE -char* getcwd(char* buf, size_t size) __overloadable { - size_t bos = __bos(buf); - - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { - return __getcwd_real(buf, size); - } - - if (__builtin_constant_p(size) && (size > bos)) { - __getcwd_dest_size_error(); - } - - if (__builtin_constant_p(size) && (size <= bos)) { - return __getcwd_real(buf, size); - } - - return __getcwd_chk(buf, size, bos); -} -#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */ - -#if __ANDROID_API__ >= __ANDROID_API_M__ -__BIONIC_FORTIFY_INLINE -ssize_t pread(int fd, void* buf, size_t count, off_t offset) { - size_t bos = __bos0(buf); - - if (__builtin_constant_p(count) && (count > SSIZE_MAX)) { - __PREAD_PREFIX(count_toobig_error)(); - } - - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { - return __PREAD_PREFIX(real)(fd, buf, count, offset); - } - - if (__builtin_constant_p(count) && (count > bos)) { - __PREAD_PREFIX(dest_size_error)(); - } - - if (__builtin_constant_p(count) && (count <= bos)) { - return __PREAD_PREFIX(real)(fd, buf, count, offset); - } - - return __PREAD_PREFIX(chk)(fd, buf, count, offset, bos); -} - -__BIONIC_FORTIFY_INLINE -ssize_t pread64(int fd, void* buf, size_t count, off64_t offset) { - size_t bos = __bos0(buf); - - if (__builtin_constant_p(count) && (count > SSIZE_MAX)) { - __pread64_count_toobig_error(); - } - - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { - return __pread64_real(fd, buf, count, offset); - } - - if (__builtin_constant_p(count) && (count > bos)) { - __pread64_dest_size_error(); - } - - if (__builtin_constant_p(count) && (count <= bos)) { - return __pread64_real(fd, buf, count, offset); - } - - return __pread64_chk(fd, buf, count, offset, bos); -} -#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */ - -#if __ANDROID_API__ >= __ANDROID_API_N__ -__BIONIC_FORTIFY_INLINE -ssize_t pwrite(int fd, const void* buf, size_t count, off_t offset) { - size_t bos = __bos0(buf); - - if (__builtin_constant_p(count) && (count > SSIZE_MAX)) { - __PWRITE_PREFIX(count_toobig_error)(); - } - - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { - return __PWRITE_PREFIX(real)(fd, buf, count, offset); - } - - if (__builtin_constant_p(count) && (count > bos)) { - __PWRITE_PREFIX(dest_size_error)(); - } - - if (__builtin_constant_p(count) && (count <= bos)) { - return __PWRITE_PREFIX(real)(fd, buf, count, offset); - } - - return __PWRITE_PREFIX(chk)(fd, buf, count, offset, bos); -} - -__BIONIC_FORTIFY_INLINE -ssize_t pwrite64(int fd, const void* buf, size_t count, off64_t offset) { - size_t bos = __bos0(buf); - - if (__builtin_constant_p(count) && (count > SSIZE_MAX)) { - __pwrite64_count_toobig_error(); - } - - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { - return __pwrite64_real(fd, buf, count, offset); - } - - if (__builtin_constant_p(count) && (count > bos)) { - __pwrite64_dest_size_error(); - } - - if (__builtin_constant_p(count) && (count <= bos)) { - return __pwrite64_real(fd, buf, count, offset); - } - - return __pwrite64_chk(fd, buf, count, offset, bos); -} -#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */ - -#if __ANDROID_API__ >= __ANDROID_API_L__ -__BIONIC_FORTIFY_INLINE -ssize_t read(int fd, void* buf, size_t count) { - size_t bos = __bos0(buf); - - if (__builtin_constant_p(count) && (count > SSIZE_MAX)) { - __read_count_toobig_error(); - } - - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { - return __read_real(fd, buf, count); - } - - if (__builtin_constant_p(count) && (count > bos)) { - __read_dest_size_error(); - } - - if (__builtin_constant_p(count) && (count <= bos)) { - return __read_real(fd, buf, count); - } - - return __read_chk(fd, buf, count, bos); -} -#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */ - -#if __ANDROID_API__ >= __ANDROID_API_N__ -__BIONIC_FORTIFY_INLINE -ssize_t write(int fd, const void* buf, size_t count) { - size_t bos = __bos0(buf); - - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { - return __write_real(fd, buf, count); - } - - if (__builtin_constant_p(count) && (count > bos)) { - __write_dest_size_error(); - } - - if (__builtin_constant_p(count) && (count <= bos)) { - return __write_real(fd, buf, count); - } - - return __write_chk(fd, buf, count, bos); -} -#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */ - -#if __ANDROID_API__ >= __ANDROID_API_M__ -__BIONIC_FORTIFY_INLINE -ssize_t readlink(const char* path, char* buf, size_t size) { - size_t bos = __bos(buf); - - if (__builtin_constant_p(size) && (size > SSIZE_MAX)) { - __readlink_size_toobig_error(); - } - - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { - return __readlink_real(path, buf, size); - } - - if (__builtin_constant_p(size) && (size > bos)) { - __readlink_dest_size_error(); - } - - if (__builtin_constant_p(size) && (size <= bos)) { - return __readlink_real(path, buf, size); - } - - return __readlink_chk(path, buf, size, bos); -} - -__BIONIC_FORTIFY_INLINE -ssize_t readlinkat(int dirfd, const char* path, char* buf, size_t size) { - size_t bos = __bos(buf); - - if (__builtin_constant_p(size) && (size > SSIZE_MAX)) { - __readlinkat_size_toobig_error(); - } - - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { - return __readlinkat_real(dirfd, path, buf, size); - } - - if (__builtin_constant_p(size) && (size > bos)) { - __readlinkat_dest_size_error(); - } - - if (__builtin_constant_p(size) && (size <= bos)) { - return __readlinkat_real(dirfd, path, buf, size); - } - - return __readlinkat_chk(dirfd, path, buf, size, bos); -} -#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */ -#endif /* defined(__clang__) */ -#undef __PREAD_PREFIX -#undef __PWRITE_PREFIX -#endif /* defined(__BIONIC_FORTIFY) */ - __END_DECLS #endif /* _UNISTD_H_ */ |