All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 1/2] dtprobed: handle a crashed parser child better
@ 2025-01-16 21:33 Nick Alcock
  2025-01-16 21:33 ` [PATCH 2/2] libcommon: turn off FORTIFY_SOURCE more aggressively Nick Alcock
  2025-01-16 22:08 ` [DTrace-devel] [PATCH 1/2] dtprobed: handle a crashed parser child better Kris Van Hees
  0 siblings, 2 replies; 4+ messages in thread
From: Nick Alcock @ 2025-01-16 21:33 UTC (permalink / raw)
  To: dtrace, dtrace-devel

When a parser child crashes and is restarted, its file handles
might change: we should pick up the new fhes if so.

Signed-off-by: Nick Alcock <nick.alcock@oracle.com>
---
 dtprobed/dtprobed.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/dtprobed/dtprobed.c b/dtprobed/dtprobed.c
index 86865eb467b67..c0597b7329d37 100644
--- a/dtprobed/dtprobed.c
+++ b/dtprobed/dtprobed.c
@@ -769,7 +769,13 @@ process_dof(pid_t pid, int out, int in, dev_t dev, ino_t inum, dev_t exec_dev,
 		if (!provider) {
 			if (tries++ > 1)
 				goto err;
+			/*
+			 * Tidying reopens the parser in and out pipes: catch
+			 * up with this.
+			 */
 			dof_parser_tidy(1);
+			out = parser_out_pipe;
+			in = parser_in_pipe;
 			continue;
 		}
 		if (provider->type != DIT_PROVIDER && provider->type != DIT_EOF)
-- 
2.47.1.279.g84c5f4e78e


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH 2/2] libcommon: turn off FORTIFY_SOURCE more aggressively
  2025-01-16 21:33 [PATCH 1/2] dtprobed: handle a crashed parser child better Nick Alcock
@ 2025-01-16 21:33 ` Nick Alcock
  2025-01-16 22:09   ` Kris Van Hees
  2025-01-16 22:08 ` [DTrace-devel] [PATCH 1/2] dtprobed: handle a crashed parser child better Kris Van Hees
  1 sibling, 1 reply; 4+ messages in thread
From: Nick Alcock @ 2025-01-16 21:33 UTC (permalink / raw)
  To: dtrace, dtrace-devel

This is incompatible with dof_parser_t's use of trailing strings of
variable length, and buys us nothing anyway since we're running in a
seccomped parser child and any buffer overruns are harmless and cannot
result in anything other than a dying child.  We were already -U'ing
FORTIFY_SOURCE in libcommon_CPPFLAGS, but that precedes CFLAGS on the
command line, so if the build system passes -D_FORTIFY_SOURCE there, it
still takes effect.

Use _NOCFLAGS and _NOCPPFLAGS to explicitly disable every level of
fortification that currently exists.

Signed-off-by: Nick Alcock <nick.alcock@oracle.com>
---
 libcommon/Build | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libcommon/Build b/libcommon/Build
index fd54dc044f9af..00c0d46d125e4 100644
--- a/libcommon/Build
+++ b/libcommon/Build
@@ -10,4 +10,6 @@ libcommon_TARGET = libcommon
 libcommon_DIR := $(current-dir)
 libcommon_CPPFLAGS := -Ilibcommon -Ilibproc -U_FORTIFY_SOURCE
 libcommon_SOURCES = dof_parser.c dof_parser_host.c dt_list.c
+libcommon_NOCFLAGS := -D_FORTIFY_SOURCE -D_FORTIFY_SOURCE=1 -D_FORTIFY_SOURCE=2 -D_FORTIFY_SOURCE=3
+libcommon_NOCPPFLAGS := -D_FORTIFY_SOURCE -D_FORTIFY_SOURCE=1 -D_FORTIFY_SOURCE=2 -D_FORTIFY_SOURCE=3
 libcommon_LIBSOURCES = libcommon
-- 
2.47.1.279.g84c5f4e78e


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [DTrace-devel] [PATCH 1/2] dtprobed: handle a crashed parser child better
  2025-01-16 21:33 [PATCH 1/2] dtprobed: handle a crashed parser child better Nick Alcock
  2025-01-16 21:33 ` [PATCH 2/2] libcommon: turn off FORTIFY_SOURCE more aggressively Nick Alcock
@ 2025-01-16 22:08 ` Kris Van Hees
  1 sibling, 0 replies; 4+ messages in thread
From: Kris Van Hees @ 2025-01-16 22:08 UTC (permalink / raw)
  To: Nick Alcock; +Cc: dtrace, dtrace-devel

On Thu, Jan 16, 2025 at 09:33:31PM +0000, Nick Alcock via DTrace-devel wrote:
> When a parser child crashes and is restarted, its file handles
> might change: we should pick up the new fhes if so.
> 
> Signed-off-by: Nick Alcock <nick.alcock@oracle.com>

Reviewed-by: Kris Van Hees <kris.van.hees@oracle.com>

> ---
>  dtprobed/dtprobed.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/dtprobed/dtprobed.c b/dtprobed/dtprobed.c
> index 86865eb467b67..c0597b7329d37 100644
> --- a/dtprobed/dtprobed.c
> +++ b/dtprobed/dtprobed.c
> @@ -769,7 +769,13 @@ process_dof(pid_t pid, int out, int in, dev_t dev, ino_t inum, dev_t exec_dev,
>  		if (!provider) {
>  			if (tries++ > 1)
>  				goto err;
> +			/*
> +			 * Tidying reopens the parser in and out pipes: catch
> +			 * up with this.
> +			 */
>  			dof_parser_tidy(1);
> +			out = parser_out_pipe;
> +			in = parser_in_pipe;
>  			continue;
>  		}
>  		if (provider->type != DIT_PROVIDER && provider->type != DIT_EOF)
> -- 
> 2.47.1.279.g84c5f4e78e
> 
> 
> _______________________________________________
> DTrace-devel mailing list
> DTrace-devel@oss.oracle.com
> https://oss.oracle.com/mailman/listinfo/dtrace-devel

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] libcommon: turn off FORTIFY_SOURCE more aggressively
  2025-01-16 21:33 ` [PATCH 2/2] libcommon: turn off FORTIFY_SOURCE more aggressively Nick Alcock
@ 2025-01-16 22:09   ` Kris Van Hees
  0 siblings, 0 replies; 4+ messages in thread
From: Kris Van Hees @ 2025-01-16 22:09 UTC (permalink / raw)
  To: Nick Alcock; +Cc: dtrace, dtrace-devel

On Thu, Jan 16, 2025 at 09:33:32PM +0000, Nick Alcock wrote:
> This is incompatible with dof_parser_t's use of trailing strings of
> variable length, and buys us nothing anyway since we're running in a
> seccomped parser child and any buffer overruns are harmless and cannot
> result in anything other than a dying child.  We were already -U'ing
> FORTIFY_SOURCE in libcommon_CPPFLAGS, but that precedes CFLAGS on the
> command line, so if the build system passes -D_FORTIFY_SOURCE there, it
> still takes effect.
> 
> Use _NOCFLAGS and _NOCPPFLAGS to explicitly disable every level of
> fortification that currently exists.
> 
> Signed-off-by: Nick Alcock <nick.alcock@oracle.com>

Reviewed-by: Kris Van Hees <kris.van.hees@oracle.com>

> ---
>  libcommon/Build | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/libcommon/Build b/libcommon/Build
> index fd54dc044f9af..00c0d46d125e4 100644
> --- a/libcommon/Build
> +++ b/libcommon/Build
> @@ -10,4 +10,6 @@ libcommon_TARGET = libcommon
>  libcommon_DIR := $(current-dir)
>  libcommon_CPPFLAGS := -Ilibcommon -Ilibproc -U_FORTIFY_SOURCE
>  libcommon_SOURCES = dof_parser.c dof_parser_host.c dt_list.c
> +libcommon_NOCFLAGS := -D_FORTIFY_SOURCE -D_FORTIFY_SOURCE=1 -D_FORTIFY_SOURCE=2 -D_FORTIFY_SOURCE=3
> +libcommon_NOCPPFLAGS := -D_FORTIFY_SOURCE -D_FORTIFY_SOURCE=1 -D_FORTIFY_SOURCE=2 -D_FORTIFY_SOURCE=3
>  libcommon_LIBSOURCES = libcommon
> -- 
> 2.47.1.279.g84c5f4e78e
> 

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-01-16 22:10 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-16 21:33 [PATCH 1/2] dtprobed: handle a crashed parser child better Nick Alcock
2025-01-16 21:33 ` [PATCH 2/2] libcommon: turn off FORTIFY_SOURCE more aggressively Nick Alcock
2025-01-16 22:09   ` Kris Van Hees
2025-01-16 22:08 ` [DTrace-devel] [PATCH 1/2] dtprobed: handle a crashed parser child better Kris Van Hees

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.