[lxc-devel] [lxc/master] compiler: more hardening
brauner on Github
lxc-bot at linuxcontainers.org
Tue May 5 12:05:40 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200505/45241061/attachment.bin>
-------------- next part --------------
From 6acf25e36a6df5f10b24fe57b4f186723d22bdf9 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 5 May 2020 09:21:33 +0200
Subject: [PATCH 1/2] gcc: add -Warray-bounds, -Wrestrict, -Wreturn-local-addr,
-Wstringop-overflow
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
configure.ac | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/configure.ac b/configure.ac
index d9365ac026..c55810831e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -753,6 +753,10 @@ AX_CHECK_COMPILE_FLAG([-Wnested-externs], [CFLAGS="$CFLAGS -Wnested-externs"],,[
AX_CHECK_COMPILE_FLAG([-fasynchronous-unwind-tables], [CFLAGS="$CFLAGS -fasynchronous-unwind-tables"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-pipe], [CFLAGS="$CFLAGS -pipe"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-fexceptions], [CFLAGS="$CFLAGS -fexceptions"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-Warray-bounds], [CFLAGS="$CFLAGS -Warray-bounds"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-Wrestrict], [CFLAGS="$CFLAGS -Wrestrict"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-Wreturn-local-addr], [CFLAGS="$CFLAGS -Wreturn-local-addr"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-Wstringop-overflow], [CFLAGS="$CFLAGS -Wstringop-overflow"],,[-Werror])
AX_CHECK_LINK_FLAG([-z relro], [LDFLAGS="$LDFLAGS -z relro"],,[])
AX_CHECK_LINK_FLAG([-z now], [LDFLAGS="$LDFLAGS -z now"],,[])
From 674c9692988d964a2cc841159a074f023221f887 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 5 May 2020 14:04:34 +0200
Subject: [PATCH 2/2] compiler: support new access attributes
which will allow us to catch more oob accesses.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/af_unix.h | 29 +++++++++++++++++-------
src/lxc/compiler.h | 18 +++++++++++++++
src/lxc/conf.h | 3 ++-
src/lxc/confile.h | 11 ++++++---
src/lxc/confile_utils.h | 9 ++++++--
src/lxc/file_utils.h | 49 +++++++++++++++++++++++++++++++----------
6 files changed, 93 insertions(+), 26 deletions(-)
diff --git a/src/lxc/af_unix.h b/src/lxc/af_unix.h
index 2531b0b106..5a1482c353 100644
--- a/src/lxc/af_unix.h
+++ b/src/lxc/af_unix.h
@@ -7,22 +7,35 @@
#include <sys/socket.h>
#include <sys/un.h>
+#include "compiler.h"
+
/* does not enforce \0-termination */
extern int lxc_abstract_unix_open(const char *path, int type, int flags);
extern void lxc_abstract_unix_close(int fd);
/* does not enforce \0-termination */
extern int lxc_abstract_unix_connect(const char *path);
+
extern int lxc_abstract_unix_send_fds(int fd, int *sendfds, int num_sendfds,
- void *data, size_t size);
-extern int lxc_abstract_unix_send_fds_iov(int fd, int *sendfds,
- int num_sendfds, struct iovec *iov,
- size_t iovlen);
+ void *data, size_t size)
+__access_r(2, 3) __access_r(4, 5);
+
+extern int lxc_abstract_unix_send_fds_iov(int fd, int *sendfds, int num_sendfds,
+ struct iovec *iov, size_t iovlen)
+__access_r(2, 3);
+
+extern int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds,
+ void *data, size_t size)
+__access_r(2, 3) __access_r(4, 5);
+
extern int lxc_unix_send_fds(int fd, int *sendfds, int num_sendfds, void *data,
size_t size);
-extern int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds,
- void *data, size_t size);
-extern int lxc_abstract_unix_send_credential(int fd, void *data, size_t size);
-extern int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size);
+
+extern int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
+__access_r(2, 3);
+
+extern int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
+__access_w(2, 3);
+
extern int lxc_unix_sockaddr(struct sockaddr_un *ret, const char *path);
extern int lxc_unix_connect(struct sockaddr_un *addr);
extern int lxc_unix_connect_type(struct sockaddr_un *addr, int type);
diff --git a/src/lxc/compiler.h b/src/lxc/compiler.h
index 92cd9fd141..114fb81baf 100644
--- a/src/lxc/compiler.h
+++ b/src/lxc/compiler.h
@@ -57,4 +57,22 @@
#define __cgfsng_ops
+/* access attribute */
+#define __access_r(x, y)
+#define __access_w(x, y)
+#define __access_rw(x, y)
+
+#ifdef __has_attribute
+#if __has_attribute(access)
+#undef __access_r
+#define __access_r(x, y) __attribute__((access(read_only, x, y)))
+
+#undef __access_w
+#define __access_w(x, y) __attribute__((access(write_only, x, y)))
+
+#undef __access_rw
+#define __access_rw(x, y) __attribute__((access(read_write, x, y)))
+#endif
+#endif
+
#endif /* __LXC_COMPILER_H */
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 346b736e17..63d6e8cfb7 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -404,7 +404,8 @@ struct lxc_conf {
};
extern int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
- size_t buf_size);
+ size_t buf_size)
+__access_r(3, 4);
#ifdef HAVE_TLS
extern thread_local struct lxc_conf *current_config;
diff --git a/src/lxc/confile.h b/src/lxc/confile.h
index 624d9a0c25..a457c9a17f 100644
--- a/src/lxc/confile.h
+++ b/src/lxc/confile.h
@@ -9,6 +9,8 @@
#include <lxc/attach_options.h>
#include <lxc/lxccontainer.h>
+#include "compiler.h"
+
struct lxc_conf;
struct lxc_list;
@@ -46,21 +48,24 @@ struct new_config_item {
extern struct lxc_config_t *lxc_get_config(const char *key);
/* List all available config items. */
-extern int lxc_list_config_items(char *retv, int inlen);
+extern int lxc_list_config_items(char *retv, int inlen)
+__access_rw(1, 2);
/* Given a configuration key namespace (e.g. lxc.apparmor) list all associated
* subkeys for that namespace.
* Must be implemented when adding a new configuration key.
*/
extern int lxc_list_subkeys(struct lxc_conf *conf, const char *key, char *retv,
- int inlen);
+ int inlen)
+__access_rw(3, 4);
/* List all configuration items associated with a given network. For example
* pass "lxc.net.[i]" to retrieve all configuration items associated with
* the network associated with index [i].
*/
extern int lxc_list_net(struct lxc_conf *c, const char *key, char *retv,
- int inlen);
+ int inlen)
+__access_rw(3, 4);
extern int lxc_config_read(const char *file, struct lxc_conf *conf,
bool from_include);
diff --git a/src/lxc/confile_utils.h b/src/lxc/confile_utils.h
index 62990e98c4..1568ccec5d 100644
--- a/src/lxc/confile_utils.h
+++ b/src/lxc/confile_utils.h
@@ -5,6 +5,7 @@
#include <stdbool.h>
+#include "compiler.h"
#include "conf.h"
#include "confile_utils.h"
@@ -49,12 +50,16 @@ extern char *lxc_ipvlan_flag_to_isolation(int mode);
extern int set_config_string_item(char **conf_item, const char *value);
extern int set_config_string_item_max(char **conf_item, const char *value,
- size_t max);
+ size_t max)
+__access_r(2, 3);
+
extern int set_config_path_item(char **conf_item, const char *value);
extern int set_config_bool_item(bool *conf_item, const char *value,
bool empty_conf_action);
extern int config_ip_prefix(struct in_addr *addr);
-extern int network_ifname(char *valuep, const char *value, size_t size);
+extern int network_ifname(char *valuep, const char *value, size_t size)
+__access_r(2, 3);
+
extern void rand_complete_hwaddr(char *hwaddr);
extern bool lxc_config_net_is_hwaddr(const char *line);
extern bool new_hwaddr(char *hwaddr);
diff --git a/src/lxc/file_utils.h b/src/lxc/file_utils.h
index 6d5dbf68d6..f9c8abe033 100644
--- a/src/lxc/file_utils.h
+++ b/src/lxc/file_utils.h
@@ -12,27 +12,52 @@
#include <sys/vfs.h>
#include <unistd.h>
+#include "compiler.h"
+
/* read and write whole files */
extern int lxc_write_to_file(const char *filename, const void *buf,
- size_t count, bool add_newline, mode_t mode);
-extern int lxc_readat(int dirfd, const char *filename, void *buf, size_t count);
+ size_t count, bool add_newline, mode_t mode)
+__access_r(2, 3);
+
+extern int lxc_readat(int dirfd, const char *filename, void *buf, size_t count)
+__access_w(3, 4);
+
extern int lxc_writeat(int dirfd, const char *filename, const void *buf,
- size_t count);
+ size_t count)
+__access_r(3, 4);
+
extern int lxc_write_openat(const char *dir, const char *filename,
- const void *buf, size_t count);
-extern int lxc_read_from_file(const char *filename, void *buf, size_t count);
+ const void *buf, size_t count)
+__access_r(3, 4);
+
+extern int lxc_read_from_file(const char *filename, void *buf, size_t count)
+__access_w(2, 3);
/* send and receive buffers completely */
-extern ssize_t lxc_write_nointr(int fd, const void *buf, size_t count);
+extern ssize_t lxc_write_nointr(int fd, const void *buf, size_t count)
+__access_r(2, 3);
+
extern ssize_t lxc_pwrite_nointr(int fd, const void *buf, size_t count,
- off_t offset);
-extern ssize_t lxc_send_nointr(int sockfd, void *buf, size_t len, int flags);
-extern ssize_t lxc_read_nointr(int fd, void *buf, size_t count);
+ off_t offset)
+__access_r(2, 3);
+
+extern ssize_t lxc_send_nointr(int sockfd, void *buf, size_t len, int flags)
+__access_r(2, 3);
+
+extern ssize_t lxc_read_nointr(int fd, void *buf, size_t count)
+__access_w(2, 3);
+
extern ssize_t lxc_read_nointr_expect(int fd, void *buf, size_t count,
- const void *expected_buf);
+ const void *expected_buf)
+__access_w(2, 3);
+
extern ssize_t lxc_read_file_expect(const char *path, void *buf, size_t count,
- const void *expected_buf);
-extern ssize_t lxc_recv_nointr(int sockfd, void *buf, size_t len, int flags);
+ const void *expected_buf)
+__access_w(2, 3);
+
+extern ssize_t lxc_recv_nointr(int sockfd, void *buf, size_t len, int flags)
+__access_w(2, 3);
+
ssize_t lxc_recvmsg_nointr_iov(int sockfd, struct iovec *iov, size_t iovlen,
int flags);
More information about the lxc-devel
mailing list