This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH v2 1/2][BZ #16274] Fix shm_open.

From: OndÅej BÃlka <neleai at seznam dot cz>
To: Carlos O'Donell <carlos at redhat dot com>
Cc: libc-alpha at sourceware dot org
Date: Fri, 29 Nov 2013 19:02:50 +0100
Subject: Re: [PATCH v2 1/2][BZ #16274] Fix shm_open.
Authentication-results: sourceware.org; auth=none
References: <20131129004016 dot GA19990 at domone dot podge> <5297F6B6 dot 5010609 at redhat dot com>

On Thu, Nov 28, 2013 at 09:06:46PM -0500, Carlos O'Donell wrote:
> On 11/28/2013 07:40 PM, OndÅej BÃlka wrote:
> > Hi,
> > 
> > during second revision of patch I added a explicit null check but for
> > some reason got these backwards.
> > 
> > As result of testsuite stayed same I assumed it was ok but did not
> > expected that actual test is:
> > 
> >   /* Create the shared memory object.  */
> >   fd = shm_open ("/shm-test", O_RDWR | O_CREAT | O_TRUNC | O_EXCL,
> > 0600);
> >   if (fd == -1)
> >     {
> >       /* We don't regard this as a bug.  Simply don't run the test.  It
> > could
> >          means there is no such implementation or the object is already
> > in
> >          use in which case we don't want to disturb.  */
> >       perror ("failed to create a shared memory object: shm_open");
> >       return 0;
> >     }
> > 
> > which succeeded.
> 
> Please immediately change the test to be something else e.g. "/glibc-shm-test"
> and remove the `return 0;' case.and repost v2 of the patch.
> 
> I don't want this test case to bite us again, it's silly not to expect that
> you have some control over the name of the shared memory file.
> 
> > @@ -151,7 +151,7 @@ shm_open (const char *name, int oflag, mode_t mode)
> >    namelen = strlen (name);
> >  
> >    /* Validate the filename.  */
> > -  if (name[0] == '\0' || namelen > NAME_MAX || strchr (name, '/') == NULL)
> > +  if (name[0] == '\0' || namelen > NAME_MAX || strchr (name, '/') != NULL)
> 
> POSIX says:
> If name begins with the slash character, then processes calling shm_open() 
> with the same value of name refer to the same shared memory object, as long 
> as that name has not been removed. If name does not begin with the slash 
> character, the effect is implementation-defined. The interpretation of slash 
> characters other than the leading slash character in name is 
> implementation-defined.
> 
> So we are going to say:
> - glibc's implementation allows a name without a starting slash e.g. "foo"
> - glibc's implementation does not allow non-leading slashes e.g. "foo/bar"
>   - Even though Linux allows mkdir on /dev/shm e.g.
>     mkdir /dev/shm/foo; shm_open "foo/bar"
> 
> Could you please add two stubs for shm_open, and shm_unlink in
> manual/memory.texi and include our implementation-defined details there?
> 
> In summary:
> 
> * Fix the test.
> * Document the implementation-defined choices we've just made.
> 
> Post v2 please.
> 
> Cheers,
> Carlos.

A fix with testcase is here. I changed detection of skipping test to
checking if errno is ENOSYS. I send documentation in separate patch.

	[BZ #16274]
	* sysdeps/unix/sysv/linux/shm_open.c (shm_open): Correctly
	handle filename validation.
	* rt/tst-shm.c (do_test, do_open: Do not skip a test when
	shm_open fails.

---
 rt/tst-shm.c                       | 31 ++++++++++++++++---------------
 sysdeps/unix/sysv/linux/shm_open.c |  4 ++--
 2 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/rt/tst-shm.c b/rt/tst-shm.c
index cb4b1ee..7f21d4e 100644
--- a/rt/tst-shm.c
+++ b/rt/tst-shm.c
@@ -41,12 +41,12 @@ do_open (void)
   int fd;
 
   /* Create the shared memory object.  */
-  fd = shm_open ("/shm-test", O_RDWR, 0600);
+  fd = shm_open ("/glibc-shm-test", O_RDWR, 0600);
   if (fd == -1)
     {
-      /* We don't regard this as a bug.  Simply don't run the test.  It could
-	 means there is no such implementation or the object is already in
-	 use in which case we don't want to disturb.  */
+      /* If shm_open is unimplemented we skip a test.  */
+      if (errno != ENOSYS)
+        error (EXIT_FAILURE, 0, "failed to open shared memory object: shm_open");
       perror ("failed to open shared memory object: shm_open");
       return -1;
     }
@@ -143,12 +143,13 @@ do_test (void)
 
 
   /* Create the shared memory object.  */
-  fd = shm_open ("/shm-test", O_RDWR | O_CREAT | O_TRUNC | O_EXCL, 0600);
+  fd = shm_open ("/glibc-shm-test", O_RDWR | O_CREAT | O_TRUNC | O_EXCL, 0600);
   if (fd == -1)
     {
-      /* We don't regard this as a bug.  Simply don't run the test.  It could
-	 means there is no such implementation or the object is already in
-	 use in which case we don't want to disturb.  */
+      /* If shm_open is unimplemented we skip a test.  */
+      if (errno != ENOSYS)
+        error (EXIT_FAILURE, 0, "failed to open shared memory object: shm_open");
+
       perror ("failed to create a shared memory object: shm_open");
       return 0;
     }
@@ -160,18 +161,18 @@ do_test (void)
          shared memory itself.  */
       perror ("failed to size of shared memory object: ftruncate");
       close (fd);
-      shm_unlink ("/shm-test");
+      shm_unlink ("/glibc-shm-test");
       return 0;
     }
 
   if (fstat64 (fd, &st) == -1)
     {
-      shm_unlink ("/shm-test");
+      shm_unlink ("/glibc-shm-test");
       error (EXIT_FAILURE, 0, "initial stat failed");
     }
   if (st.st_size != 4000)
     {
-      shm_unlink ("/shm-test");
+      shm_unlink ("/glibc-shm-test");
       error (EXIT_FAILURE, 0, "initial size not correct");
     }
 
@@ -184,7 +185,7 @@ do_test (void)
       /* Couldn't create a second process.  */
       perror ("fork");
       close (fd);
-      shm_unlink ("/shm-test");
+      shm_unlink ("/glibc-shm-test");
       return 0;
     }
 
@@ -199,7 +200,7 @@ do_test (void)
       kill (pid1, SIGTERM);
       waitpid (pid1, &ignore, 0);
       close (fd);
-      shm_unlink ("/shm-test");
+      shm_unlink ("/glibc-shm-test");
       return 0;
     }
 
@@ -208,14 +209,14 @@ do_test (void)
   waitpid (pid2, &status2, 0);
 
   /* Now we can unlink the shared object.  */
-  shm_unlink ("/shm-test");
+  shm_unlink ("/glibc-shm-test");
 
   return (!WIFEXITED (status1) || WEXITSTATUS (status1) != 0
 	  || !WIFEXITED (status2) || WEXITSTATUS (status2) != 0);
 }
 #define TEST_FUNCTION do_test ()
 
-#define CLEANUP_HANDLER shm_unlink ("/shm-test");
+#define CLEANUP_HANDLER shm_unlink ("/glibc-shm-test");
 
 
 #include "../test-skeleton.c"
diff --git a/sysdeps/unix/sysv/linux/shm_open.c b/sysdeps/unix/sysv/linux/shm_open.c
index 482b49c..7bb2874 100644
--- a/sysdeps/unix/sysv/linux/shm_open.c
+++ b/sysdeps/unix/sysv/linux/shm_open.c
@@ -151,7 +151,7 @@ shm_open (const char *name, int oflag, mode_t mode)
   namelen = strlen (name);
 
   /* Validate the filename.  */
-  if (name[0] == '\0' || namelen > NAME_MAX || strchr (name, '/') == NULL)
+  if (name[0] == '\0' || namelen > NAME_MAX || strchr (name, '/') != NULL)
     {
       __set_errno (EINVAL);
       return -1;
@@ -241,7 +241,7 @@ shm_unlink (const char *name)
   namelen = strlen (name);
 
   /* Validate the filename.  */
-  if (name[0] == '\0' || namelen > NAME_MAX || strchr (name, '/') == NULL)
+  if (name[0] == '\0' || namelen > NAME_MAX || strchr (name, '/') != NULL)
     {
       __set_errno (ENOENT);
       return -1;
-- 
1.8.4.rc3

Follow-Ups:
- [PATCH 2/2] Document shm_open and shm_close
  - From: OndÅej BÃlka
- Re: [PATCH v2 1/2][BZ #16274] Fix shm_open.
  - From: Andreas Schwab
- Re: [PATCH v2 1/2][BZ #16274] Fix shm_open.
  - From: Carlos O'Donell

References:
- [PATCH][BZ #16274] Fix shm_open.
  - From: OndÅej BÃlka
- Re: [PATCH][BZ #16274] Fix shm_open.
  - From: Carlos O'Donell

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]