This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: FD_SET and FORTIFY_SOURCE

From: KOSAKI Motohiro <kosaki dot motohiro at gmail dot com>
To: libc-alpha <libc-alpha at sourceware dot org>
Cc: Motohiro KOSAKI <kosaki dot motohiro at gmail dot com>
Date: Sun, 24 Mar 2013 16:17:40 -0400
Subject: Re: FD_SET and FORTIFY_SOURCE
References: <512F0CC6 dot 8080302 at redhat dot com> <20130228134139 dot GL20323 at brightrain dot aerifal dot cx> <512F84B2 dot 1000501 at redhat dot com> <512FCFD0 dot 5050108 at gmail dot com>

> I think current __FD_ELT is right implemenation. It only fail when passed argument is not
> dynamic allocated.

Ugh. I was wrong. Current __FD_ELT is not correct. I received a bug
report this feature makes invalid program abort when running ruby on
Ubuntu.

Because Ruby uses howmany macro and allocates fd_set from heap and Ubuntu enable
_FORTIFY_SOURCE=2 by default.

https://github.com/ruby/ruby/blob/ruby_1_9_3/thread.c#L2347

There is unfortunate conflict here. glibc __FD_ELT check POSIX
validness, not Linux validness. Linux support >1024 fd number since
Linux 2.2.12 (about 15years ago).

As far as I skimmed Debian Code Search, su, rsyslog, ssh and other
several BSD derived
software use the same technique. I think the current situation is
dangerous and I believe
we shouldn't break existing software in the real world.


Side note: POSIX and Other OSs status

POSIX:
 > [EINVAL]The nfds argument is less than 0 or greater than FD_SETSIZE.
    http://pubs.opengroup.org/onlinepubs/007908775/xsh/select.html

*BSD, HP-UX:
    Ignore POSIX and support allocation fd_set from heap.

    http://netbsd.gw.com/cgi-bin/man-cgi?select++NetBSD-4.0
    http://www.openbsd.org/cgi-bin/man.cgi?query=select&manpath=OpenBSD+4.4
    http://h20000.www2.hp.com/bc/docs/support/SupportManual/c02267349/c02267349.pdf

Mac OS X:
    return EINVAL when >FD_SETSIZE and  _DARWIN_UNLIMITED_SELECT
    is not defined. i.e. every practical applications turn on
_DARWIN_UNLIMITED_SELECT.

Solaris:
    select return EINVAL when >FD_SETSIZE. Instead, provide
select_large_fdset().
    i.e. applications do #define select(n, r, w, e, t)
select_large_fdset((n), (r), (w), (e), (t)).


So, there are several options.

1. only turn on __FD_ELT check when running on hurd.
2. only turn on __FD_ELT check when defined some specific macro. (e.g.
likes darwin,
    but disable by default)
2-2. make FORTIFY_SOURCE variant and check POSIX compliance if enabled.
3. provide select_large_fdset() likes solaris. (I strongly don't
recommend. all application
    need to modify and recompilation)

What do you think?

Follow-Ups:
- Re: FD_SET and FORTIFY_SOURCE
  - From: KOSAKI Motohiro
- Re: FD_SET and FORTIFY_SOURCE
  - From: Carlos O'Donell

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]