From patchwork Mon Nov 6 20:25:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1860456 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=WBgFYauO; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SPNDs6b9sz1yQ5 for ; Tue, 7 Nov 2023 07:27:09 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 6729B3857341 for ; Mon, 6 Nov 2023 20:27:07 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-yw1-x112c.google.com (mail-yw1-x112c.google.com [IPv6:2607:f8b0:4864:20::112c]) by sourceware.org (Postfix) with ESMTPS id 6F103385772D for ; Mon, 6 Nov 2023 20:26:11 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6F103385772D Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6F103385772D Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::112c ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1699302372; cv=none; b=Q6JdHHM/ATLVWV8EgrSVrSaFjmVfC6vgDLKAGet3kKq2jXvzhf4Vhe3HIWI/WltJt5Fp7v+5ZN+hHM3WliTrmlqticH9m1ekOyJ+EwGt61ZTH0DyI3ppIjv9U3vRrsA5QXtltBzRWOk4VVr6BlXQU0fPpWnIlZAt254Ly8qV+IM= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1699302372; c=relaxed/simple; bh=gT1Owjqxwo58o5QvjCZGRSejbqZkCjTLDvctR8VX/kY=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=leLTGd3pcqKfikem6LWekZK/1iU+CYGkWhP2g1F1ST0JKttlPxu3GQMqM7xvD7NshHlxqJ+0SZtmEKJ4V0Emy7KJdS8UjZYgxXp1LALRBALbKHEcoKww+1PPybnnwQv3dLC7TOi+6YVhF7PU9nSezhJp+FRsbQsgSCy8ScpIGQs= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-yw1-x112c.google.com with SMTP id 00721157ae682-5b499b18b28so59298057b3.0 for ; Mon, 06 Nov 2023 12:26:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1699302370; x=1699907170; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=QBVtmlfcSAfxXI6tDT4EK8Q1svp3xH/pl2RiMpQxq1o=; b=WBgFYauOOpKAoBKJNCzIA24dn3kQ1/uIz98FusYzLTmSh3vU8JZiFjC3yCrsmE+Z5g uJS0IhQx3oTdITqicvOBQ5BNfNHQ5O0ltzJsXBiihUqIKqW9VXUROvs0MUXjVhoJm1Bc /ZvyUb/8b4SlJbt4pW/jJjjLN5ngd7za0YPOFCUSLa1NrPVq0NYNTX9d/gHSq05zjcbC lBYWGl80fxcOpEF7awGt3it21VLksuwOpyfQAaTu7Qf7sq76wwOaaQ3ta98GW0JyBost LPGU6/XZDhGOTsZciaD/Lo1+xePLJEDjEFD/cV7Wx9Ki9n4qHooVugjWKhH4Sxj+XVI6 xfdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699302370; x=1699907170; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QBVtmlfcSAfxXI6tDT4EK8Q1svp3xH/pl2RiMpQxq1o=; b=TjaNgx3bTppe6SiJLIDAL27sQmZYSysSTDt7acJl3aYlnQPCI0R/1uMrg8lNYb6aQ7 zmI7PKo+mHgtCqHHzJPtynQg6P5Tl5u8fMJE4xuYpigyG4mR3c+7SOHwDKrqEChryZ84 lXXQEODJ8fzR/nyU7aLaJ/YbICnj+EvePKm4lQvHxgt0zYYA43LNq/rbu+XLuGkMPhwA VpuTq/PC1IiKyB//UHxz2x6kGb2XB8r3L0JrTGkXl4bmT/bWDkBdELei8FaafW/GH27p 0mzQ8CpWfWIhi+dnWJylbH8ATtcKwFv/m+HDyjORjI3pFaItHOS/ars2PIRaq9ZmVqmy Oetw== X-Gm-Message-State: AOJu0YwcSHPHTbzVJwXfduyuPtbC5ud07HgQqecTV001OHgGLprQf+r9 gL/K8tbtFKH6uEh4YDqCM0hno/vnQAFmB2SS0u6vsg== X-Google-Smtp-Source: AGHT+IEmolj36ce1a5cqm6BA2RzXqEuK4JRY/5qAZBdl5zovB9IXFSGS5HRJyg2W9BlyJme+xtHxqA== X-Received: by 2002:a05:690c:f92:b0:5a7:b893:6f64 with SMTP id df18-20020a05690c0f9200b005a7b8936f64mr13515258ywb.16.1699302370106; Mon, 06 Nov 2023 12:26:10 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:a715:c1a0:7281:6384:2ee9]) by smtp.gmail.com with ESMTPSA id ci7-20020a05690c0a8700b005a7b8fddfedsm4707154ywb.41.2023.11.06.12.26.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:26:09 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH v3 06/19] elf: Do not parse ill-formatted strings Date: Mon, 6 Nov 2023 17:25:39 -0300 Message-Id: <20231106202552.3404059-7-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231106202552.3404059-1-adhemerval.zanella@linaro.org> References: <20231106202552.3404059-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org Instead of ignoring ill-formatted tunable strings, first, check all the tunable definitions are correct and then set each tunable value. It means that partially invalid strings, like "key1=value1:key2=key2=value' or 'key1=value':key2=value2=value2' do not enable 'key1=value1'. It avoids possible user-defined errors in tunable definitions. Checked on x86_64-linux-gnu. Reviewed-by: Siddhesh Poyarekar --- elf/dl-tunables.c | 48 ++++++++++++++++++++++++++++++++++------------ elf/tst-tunables.c | 13 +++++++++---- 2 files changed, 45 insertions(+), 16 deletions(-) diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c index 082a76d9c4..e1198869d6 100644 --- a/elf/dl-tunables.c +++ b/elf/dl-tunables.c @@ -154,17 +154,29 @@ __tunable_set_val (tunable_id_t id, tunable_val_t *valp, tunable_num_t *minp, do_tunable_update_val (cur, valp, minp, maxp); } -/* Parse the tunable string VALSTRING. VALSTRING is a duplicated value, - where delimiters ':' are replaced with '\0', so string tunables are null - terminated. */ -static void -parse_tunables (char *valstring) +struct tunable_toset_t +{ + tunable_t *t; + const char *value; +}; + +enum { tunables_list_size = array_length (tunable_list) }; + +/* Parse the tunable string VALSTRING and set TUNABLES with the found tunables + and their respectibles values. VALSTRING is a duplicated values, where + delimiters ':' are replaced with '\0', so string tunables are null + terminated. + Return the number of tunables found (including 0 if the string is empty) + or -1 if for a ill-formatted definition. */ +static int +parse_tunables_string (char *valstring, struct tunable_toset_t *tunables) { if (valstring == NULL || *valstring == '\0') - return; + return 0; char *p = valstring; bool done = false; + int ntunables = 0; while (!done) { @@ -177,7 +189,7 @@ parse_tunables (char *valstring) /* If we reach the end of the string before getting a valid name-value pair, bail out. */ if (*p == '\0') - break; + return -1; /* We did not find a valid name-value pair before encountering the colon. */ @@ -190,30 +202,42 @@ parse_tunables (char *valstring) /* Skip the '='. */ p++; - const char *value = p; + char *value = p; while (*p != '=' && *p != ':' && *p != '\0') p++; if (*p == '=') - break; + return -1; else if (*p == '\0') done = true; else *p++ = '\0'; /* Add the tunable if it exists. */ - for (size_t i = 0; i < sizeof (tunable_list) / sizeof (tunable_t); i++) + for (size_t i = 0; i < tunables_list_size; i++) { tunable_t *cur = &tunable_list[i]; if (tunable_is_name (cur->name, name)) { - tunable_initialize (cur, value); + tunables[ntunables++] = (struct tunable_toset_t) { cur, value }; break; } } } + + return ntunables; +} + +static void +parse_tunables (char *valstring) +{ + struct tunable_toset_t tunables[tunables_list_size]; + int ntunables = parse_tunables_string (valstring, tunables); + + for (int i = 0; i < ntunables; i++) + tunable_initialize (tunables[i].t, tunables[i].value); } /* Initialize the tunables list from the environment. For now we only use the @@ -240,7 +264,7 @@ __tunables_init (char **envp) continue; } - for (int i = 0; i < sizeof (tunable_list) / sizeof (tunable_t); i++) + for (int i = 0; i < tunables_list_size; i++) { tunable_t *cur = &tunable_list[i]; diff --git a/elf/tst-tunables.c b/elf/tst-tunables.c index 7fe9907e05..e1ad44f27c 100644 --- a/elf/tst-tunables.c +++ b/elf/tst-tunables.c @@ -161,7 +161,7 @@ static const struct test_t 0, 0, }, - /* If there is a ill-formatted key=value, everything after is also ignored. */ + /* Ill-formatted tunables string is not parsed. */ { "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096:glibc.malloc.check=2", 0, @@ -186,13 +186,18 @@ static const struct test_t 0, 0, }, - /* Valid tunables set before ill-formatted ones are set. */ { "glibc.malloc.check=2:glibc.malloc.mmap_threshold=4096=4096", - 2, 0, 0, - } + 0, + }, + { + "glibc.malloc.check=2:glibc.malloc.mmap_threshold=4096=4096", + 0, + 0, + 0, + }, }; static int