From 791f4641142e2aced85de082e5783b4fb0b977c2 Mon Sep 17 00:00:00 2001 From: Brennan Xavier McManus Date: Tue, 9 Jan 2024 18:44:02 -0500 Subject: tools/nolibc/stdlib: fix memory error in realloc() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pass user_p_len to memcpy() instead of heap->len to prevent realloc() from copying an extra sizeof(heap) bytes from beyond the allocated region. Signed-off-by: Brennan Xavier McManus Cc: stable@vger.kernel.org Reviewed-by: Ammar Faizi Fixes: 0e0ff638400be8f497a35b51a4751fd823f6bd6a ("tools/nolibc/stdlib: Implement `malloc()`, `calloc()`, `realloc()` and `free()`") Signed-off-by: Willy Tarreau Signed-off-by: Thomas Weißschuh --- tools/include/nolibc/stdlib.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/include/nolibc/stdlib.h b/tools/include/nolibc/stdlib.h index bacfd35c5156..5be9d3c7435a 100644 --- a/tools/include/nolibc/stdlib.h +++ b/tools/include/nolibc/stdlib.h @@ -185,7 +185,7 @@ void *realloc(void *old_ptr, size_t new_size) if (__builtin_expect(!ret, 0)) return NULL; - memcpy(ret, heap->user_p, heap->len); + memcpy(ret, heap->user_p, user_p_len); munmap(heap, heap->len); return ret; } -- cgit v1.2.3 From 689230b674188163fe56b3aecd7d01f79ca518e6 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Sun, 18 Feb 2024 16:51:03 -0300 Subject: tools/nolibc/string: export strlen() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As with commit 8d304a374023, "tools/nolibc/string: export memset() and memmove()", gcc -Os without -ffreestanding may fail to compile with: cc -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib -lgcc -static -o test test.c /usr/bin/ld: /tmp/cccIasKL.o: in function `main': test.c:(.text.startup+0x1e): undefined reference to `strlen' collect2: error: ld returned 1 exit status As on the aforementioned commit, this patch adds a section to export this function so compilation works on those cases too. Signed-off-by: Rodrigo Campos Signed-off-by: Thomas Weißschuh --- tools/include/nolibc/string.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/include/nolibc/string.h b/tools/include/nolibc/string.h index a01c69dd495f..ed15c22b1b2a 100644 --- a/tools/include/nolibc/string.h +++ b/tools/include/nolibc/string.h @@ -123,7 +123,7 @@ char *strcpy(char *dst, const char *src) * thus itself, hence the asm() statement below that's meant to disable this * confusing practice. */ -static __attribute__((unused)) +__attribute__((weak,unused,section(".text.nolibc_strlen"))) size_t strlen(const char *str) { size_t len; -- cgit v1.2.3 From 34d232c39a1e05ba734dc6ad9dc01d15788cd91d Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Sun, 18 Feb 2024 16:51:04 -0300 Subject: tools/nolibc: Fix strlcat() return code and size usage MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The return code should always be strlen(src) + strnlen(dst, size). Let's make sure to copy at most size-1 bytes from src and null-terminate the dst buffer if we did copied something. While we can use strnlen() and strncpy() to implement strlcat(), this is simple enough and results in shorter code when compiled. Signed-off-by: Rodrigo Campos Signed-off-by: Thomas Weißschuh --- tools/include/nolibc/string.h | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/tools/include/nolibc/string.h b/tools/include/nolibc/string.h index ed15c22b1b2a..cc51fd6b63d0 100644 --- a/tools/include/nolibc/string.h +++ b/tools/include/nolibc/string.h @@ -187,22 +187,31 @@ char *strndup(const char *str, size_t maxlen) static __attribute__((unused)) size_t strlcat(char *dst, const char *src, size_t size) { - size_t len; - char c; + size_t len = 0; - for (len = 0; dst[len]; len++) - ; + for (; len < size; len++) { + if (dst[len] == '\0') + break; + } - for (;;) { - c = *src; - if (len < size) - dst[len] = c; - if (!c) + /* + * We want len < size-1. But as size is unsigned and can wrap + * around, we use len + 1 instead. + */ + while (len + 1 < size) { + dst[len] = *src; + if (*src == '\0') break; len++; src++; } + if (len < size) + dst[len] = '\0'; + + while (*src++) + len++; + return len; } -- cgit v1.2.3 From fbffce819e5ac151e137f881b89a9c1da0ebb76c Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Sun, 18 Feb 2024 16:51:05 -0300 Subject: tools/nolibc: Fix strlcpy() return code and size usage MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The return code should always be strlen(src), and we should copy at most size-1 bytes. While we are there, make sure to null-terminate the dst buffer if we copied something. Signed-off-by: Rodrigo Campos Signed-off-by: Thomas Weißschuh --- tools/include/nolibc/string.h | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/tools/include/nolibc/string.h b/tools/include/nolibc/string.h index cc51fd6b63d0..565230a4ad47 100644 --- a/tools/include/nolibc/string.h +++ b/tools/include/nolibc/string.h @@ -219,16 +219,18 @@ static __attribute__((unused)) size_t strlcpy(char *dst, const char *src, size_t size) { size_t len; - char c; - for (len = 0;;) { - c = src[len]; - if (len < size) - dst[len] = c; - if (!c) - break; - len++; + for (len = 0; len < size; len++) { + dst[len] = src[len]; + if (!dst[len]) + return len; } + if (size) + dst[size-1] = '\0'; + + while (src[len]) + len++; + return len; } -- cgit v1.2.3 From 1063649cf531c276740b7f011df2eed82227ba92 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Sun, 18 Feb 2024 16:51:06 -0300 Subject: selftests/nolibc: Add tests for strlcat() and strlcpy() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I've verified that the tests matches libbsd's strlcat()/strlcpy() implementation. Please note that as strlcat()/strlcpy() are not part of the libc, the tests are only compiled when using nolibc. Signed-off-by: Rodrigo Campos Signed-off-by: Thomas Weißschuh --- tools/testing/selftests/nolibc/nolibc-test.c | 40 ++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/tools/testing/selftests/nolibc/nolibc-test.c b/tools/testing/selftests/nolibc/nolibc-test.c index 6ba4f8275ac4..d373fc14706c 100644 --- a/tools/testing/selftests/nolibc/nolibc-test.c +++ b/tools/testing/selftests/nolibc/nolibc-test.c @@ -600,6 +600,25 @@ int expect_strne(const char *expr, int llen, const char *cmp) return ret; } +#define EXPECT_STRBUFEQ(cond, expr, buf, val, cmp) \ + do { if (!(cond)) result(llen, SKIPPED); else ret += expect_str_buf_eq(expr, buf, val, llen, cmp); } while (0) + +static __attribute__((unused)) +int expect_str_buf_eq(size_t expr, const char *buf, size_t val, int llen, const char *cmp) +{ + llen += printf(" = %lu <%s> ", expr, buf); + if (strcmp(buf, cmp) != 0) { + result(llen, FAIL); + return 1; + } + if (expr != val) { + result(llen, FAIL); + return 1; + } + + result(llen, OK); + return 0; +} /* declare tests based on line numbers. There must be exactly one test per line. */ #define CASE_TEST(name) \ @@ -991,6 +1010,14 @@ int run_stdlib(int min, int max) for (test = min; test >= 0 && test <= max; test++) { int llen = 0; /* line length */ + /* For functions that take a long buffer, like strlcat() + * Add some more chars after the \0, to test functions that overwrite the buffer set + * the \0 at the exact right position. + */ + char buf[10] = "test123456"; + buf[4] = '\0'; + + /* avoid leaving empty lines below, this will insert holes into * test numbers. */ @@ -1007,6 +1034,19 @@ int run_stdlib(int min, int max) CASE_TEST(strchr_foobar_z); EXPECT_STRZR(1, strchr("foobar", 'z')); break; CASE_TEST(strrchr_foobar_o); EXPECT_STREQ(1, strrchr("foobar", 'o'), "obar"); break; CASE_TEST(strrchr_foobar_z); EXPECT_STRZR(1, strrchr("foobar", 'z')); break; +#ifdef NOLIBC + CASE_TEST(strlcat_0); EXPECT_STRBUFEQ(1, strlcat(buf, "bar", 0), buf, 3, "test"); break; + CASE_TEST(strlcat_1); EXPECT_STRBUFEQ(1, strlcat(buf, "bar", 1), buf, 4, "test"); break; + CASE_TEST(strlcat_5); EXPECT_STRBUFEQ(1, strlcat(buf, "bar", 5), buf, 7, "test"); break; + CASE_TEST(strlcat_6); EXPECT_STRBUFEQ(1, strlcat(buf, "bar", 6), buf, 7, "testb"); break; + CASE_TEST(strlcat_7); EXPECT_STRBUFEQ(1, strlcat(buf, "bar", 7), buf, 7, "testba"); break; + CASE_TEST(strlcat_8); EXPECT_STRBUFEQ(1, strlcat(buf, "bar", 8), buf, 7, "testbar"); break; + CASE_TEST(strlcpy_0); EXPECT_STRBUFEQ(1, strlcpy(buf, "bar", 0), buf, 3, "test"); break; + CASE_TEST(strlcpy_1); EXPECT_STRBUFEQ(1, strlcpy(buf, "bar", 1), buf, 3, ""); break; + CASE_TEST(strlcpy_2); EXPECT_STRBUFEQ(1, strlcpy(buf, "bar", 2), buf, 3, "b"); break; + CASE_TEST(strlcpy_3); EXPECT_STRBUFEQ(1, strlcpy(buf, "bar", 3), buf, 3, "ba"); break; + CASE_TEST(strlcpy_4); EXPECT_STRBUFEQ(1, strlcpy(buf, "bar", 4), buf, 3, "bar"); break; +#endif CASE_TEST(memcmp_20_20); EXPECT_EQ(1, memcmp("aaa\x20", "aaa\x20", 4), 0); break; CASE_TEST(memcmp_20_60); EXPECT_LT(1, memcmp("aaa\x20", "aaa\x60", 4), 0); break; CASE_TEST(memcmp_60_20); EXPECT_GT(1, memcmp("aaa\x60", "aaa\x20", 4), 0); break; -- cgit v1.2.3 From e93b912ecf6ab113c9d4ec9ced2fa30dfac24c70 Mon Sep 17 00:00:00 2001 From: Thomas Weißschuh Date: Wed, 10 Apr 2024 23:27:06 +0200 Subject: tools/nolibc/string: remove open-coded strnlen() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The same header already defines an implementation of strnlen(), so use it. Signed-off-by: Thomas Weißschuh --- tools/include/nolibc/string.h | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/tools/include/nolibc/string.h b/tools/include/nolibc/string.h index 565230a4ad47..f9ab28421e6d 100644 --- a/tools/include/nolibc/string.h +++ b/tools/include/nolibc/string.h @@ -187,12 +187,7 @@ char *strndup(const char *str, size_t maxlen) static __attribute__((unused)) size_t strlcat(char *dst, const char *src, size_t size) { - size_t len = 0; - - for (; len < size; len++) { - if (dst[len] == '\0') - break; - } + size_t len = strnlen(dst, size); /* * We want len < size-1. But as size is unsigned and can wrap -- cgit v1.2.3 From 0adab2b6b7336fb6ee3c6456a432dad3b1d25647 Mon Sep 17 00:00:00 2001 From: Thomas Weißschuh Date: Sun, 14 Apr 2024 01:45:09 +0200 Subject: tools/nolibc: add support for uname(2) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit All supported kernels are assumed to use struct new_utsname. This is validated in test_uname(). uname(2) can for example be used in ksft_min_kernel_version() from the kernels selftest framework. Link: https://lore.kernel.org/lkml/20240412123536.GA32444@redhat.com/ Signed-off-by: Thomas Weißschuh Acked-by: Willy Tarreau --- tools/include/nolibc/sys.h | 27 ++++++++++++++++++ tools/testing/selftests/nolibc/nolibc-test.c | 42 ++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) diff --git a/tools/include/nolibc/sys.h b/tools/include/nolibc/sys.h index dda9dffd1d74..7b82bc3cf107 100644 --- a/tools/include/nolibc/sys.h +++ b/tools/include/nolibc/sys.h @@ -22,6 +22,7 @@ #include /* for statx() */ #include #include +#include #include "arch.h" #include "errno.h" @@ -1139,6 +1140,32 @@ int umount2(const char *path, int flags) } +/* + * int uname(struct utsname *buf); + */ + +struct utsname { + char sysname[65]; + char nodename[65]; + char release[65]; + char version[65]; + char machine[65]; + char domainname[65]; +}; + +static __attribute__((unused)) +int sys_uname(struct utsname *buf) +{ + return my_syscall1(__NR_uname, buf); +} + +static __attribute__((unused)) +int uname(struct utsname *buf) +{ + return __sysret(sys_uname(buf)); +} + + /* * int unlink(const char *path); */ diff --git a/tools/testing/selftests/nolibc/nolibc-test.c b/tools/testing/selftests/nolibc/nolibc-test.c index d373fc14706c..94bb6e11c16f 100644 --- a/tools/testing/selftests/nolibc/nolibc-test.c +++ b/tools/testing/selftests/nolibc/nolibc-test.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include #include @@ -780,6 +781,45 @@ int test_stat_timestamps(void) return 0; } +int test_uname(void) +{ + struct utsname buf; + char osrelease[sizeof(buf.release)]; + ssize_t r; + int fd; + + memset(&buf.domainname, 'P', sizeof(buf.domainname)); + + if (uname(&buf)) + return 1; + + if (strncmp("Linux", buf.sysname, sizeof(buf.sysname))) + return 1; + + fd = open("/proc/sys/kernel/osrelease", O_RDONLY); + if (fd == -1) + return 1; + + r = read(fd, osrelease, sizeof(osrelease)); + if (r == -1) + return 1; + + close(fd); + + if (osrelease[r - 1] == '\n') + r--; + + /* Validate one of the later fields to ensure field sizes are correct */ + if (strncmp(osrelease, buf.release, r)) + return 1; + + /* Ensure the field domainname is set, it is missing from struct old_utsname */ + if (strnlen(buf.domainname, sizeof(buf.domainname)) == sizeof(buf.domainname)) + return 1; + + return 0; +} + int test_mmap_munmap(void) { int ret, fd, i, page_size; @@ -985,6 +1025,8 @@ int run_syscall(int min, int max) CASE_TEST(stat_fault); EXPECT_SYSER(1, stat(NULL, &stat_buf), -1, EFAULT); break; CASE_TEST(stat_timestamps); EXPECT_SYSZR(1, test_stat_timestamps()); break; CASE_TEST(symlink_root); EXPECT_SYSER(1, symlink("/", "/"), -1, EEXIST); break; + CASE_TEST(uname); EXPECT_SYSZR(proc, test_uname()); break; + CASE_TEST(uname_fault); EXPECT_SYSER(1, uname(NULL), -1, EFAULT); break; CASE_TEST(unlink_root); EXPECT_SYSER(1, unlink("/"), -1, EISDIR); break; CASE_TEST(unlink_blah); EXPECT_SYSER(1, unlink("/proc/self/blah"), -1, ENOENT); break; CASE_TEST(wait_child); EXPECT_SYSER(1, wait(&tmp), -1, ECHILD); break; -- cgit v1.2.3