This is an archive of the discontinued LLVM Phabricator instance.

Differential D88728

[lldb] Check for and use ptsname_r if available
ClosedPublic

Authored by labath on Oct 2 2020, 4:49 AM.

Details

Reviewers
mgorny
MaskRay
Commits
rG3dfb94986170: [lldb] Check for and use ptsname_r if available
Summary

ptsname is not thread-safe. ptsname_r is available on most (but not all)
systems -- use it preferentially.

In the patch I also improve the thread-safety of the ptsname fallback
path by wrapping it in a mutex. This should guarantee the safety of a
typical ptsname implementation using a single static buffer, as long as
all callers go through this function.

I also remove the error arguments, as the only way this function can
fail is if the "primary" fd is not valid. This is a programmer error as
this requirement is documented, and all callers ensure that is the case.

Diff Detail

Event Timeline

labath created this revision.Oct 2 2020, 4:49 AM
Herald added a project: Restricted Project. · View Herald TranscriptOct 2 2020, 4:49 AM
Herald added a subscriber: emaste. · View Herald Transcript
labath requested review of this revision.Oct 2 2020, 4:49 AM
Herald added a subscriber: JDevlieghere. · View Herald TranscriptOct 2 2020, 4:49 AM
Harbormaster completed remote builds in B73770: Diff 295793.Oct 2 2020, 5:00 AM
mgorny added inline comments.Oct 2 2020, 5:58 AM
lldb/source/Host/common/PseudoTerminal.cpp
149

I would really feel better with a real error handling here. It shouldn't be hard to use ErrorOr here.

labath added inline comments.Oct 2 2020, 6:30 AM
lldb/source/Host/common/PseudoTerminal.cpp
149

Yeah, but what are you going to do with that value? Pass it to the caller? The existing callers are ignoring the error return anyway, and I don't want to add error handling everywhere as afaict, this function can't fail unless the user messes up the master state (which is not something I want to support).

mgorny added inline comments.Oct 2 2020, 6:48 AM
lldb/source/Host/common/PseudoTerminal.cpp
149

I get your point but I've literally wasted days because of missing error handling, so I'd really preferred if we wouldn't make it even worse. Though I guess assert is good enough.

labath added inline comments.Oct 2 2020, 7:01 AM
lldb/source/Host/common/PseudoTerminal.cpp
149

In some ways it's even better because it will point you straight to the place where the assumption is violated, whereas a propagated logic error can manifest itself much farther away (or not at all). :)

MaskRay added inline comments.Oct 2 2020, 8:53 AM
lldb/source/Host/common/PseudoTerminal.cpp
149

If ptsname/ptsname_r fails, buf will be uninitialized and trigger a use-of-uninitialized-value error.

149

... in a -DLLVM_ENABLE_ASSERTIONS=off build.

This probably still needs some protection.

labath added inline comments.Oct 5 2020, 4:35 AM
lldb/source/Host/common/PseudoTerminal.cpp
149

What kind of protection did you have it mind? Initialize the buffer to an empty string?

MaskRay accepted this revision.Oct 6 2020, 4:48 PM

LGTM. Worth mentioning that this will be in POSIX issue 8 https://www.austingroupbugs.net/bug_view_page.php?bug_id=508

lldb/source/Host/common/PseudoTerminal.cpp
149

In the case of a non-zero return value, buf[0] = '\0' is probably sufficient to avoid an uninitialized value.

This revision is now accepted and ready to land.Oct 6 2020, 4:48 PM
labath added a comment.Oct 7 2020, 6:24 AM
In D88728#2315648, @MaskRay wrote:

LGTM. Worth mentioning that this will be in POSIX issue 8 https://www.austingroupbugs.net/bug_view_page.php?bug_id=508

Oh, cool. I didn't know posix is still being worked on :P

lldb/source/Host/common/PseudoTerminal.cpp
149

sounds good.

This revision was landed with ongoing or failed builds.Oct 7 2020, 6:29 AM
Closed by commit rG3dfb94986170: [lldb] Check for and use ptsname_r if available (authored by labath). · Explain Why
This revision was automatically updated to reflect the committed changes.
labath added a commit: rG3dfb94986170: [lldb] Check for and use ptsname_r if available.

Revision Contents

PathSize
lldb/
cmake/
modules/
1 line
include/
lldb/
Host/
2 lines
13 lines
source/
Host/
common/
2 lines
58 lines
Plugins/
Platform/
MacOSX/
objcxx/
32 lines
Process/
FreeBSD/
3 lines
gdb-remote/
2 lines

Diff 296658

lldb/cmake/modules/LLDBGenerateConfig.cmake

# This file contains all the logic for running configure-time checks # This file contains all the logic for running configure-time checks
include(CheckSymbolExists) include(CheckSymbolExists)
include(CheckIncludeFile) include(CheckIncludeFile)
include(CheckIncludeFiles) include(CheckIncludeFiles)
include(CheckLibraryExists) include(CheckLibraryExists)
set(CMAKE_REQUIRED_DEFINITIONS -D_GNU_SOURCE) set(CMAKE_REQUIRED_DEFINITIONS -D_GNU_SOURCE)
check_symbol_exists(ppoll poll.h HAVE_PPOLL) check_symbol_exists(ppoll poll.h HAVE_PPOLL)
check_symbol_exists(ptsname_r stdlib.h HAVE_PTSNAME_R)
set(CMAKE_REQUIRED_DEFINITIONS) set(CMAKE_REQUIRED_DEFINITIONS)
check_symbol_exists(sigaction signal.h HAVE_SIGACTION) check_symbol_exists(sigaction signal.h HAVE_SIGACTION)
check_cxx_symbol_exists(accept4 "sys/socket.h" HAVE_ACCEPT4) check_cxx_symbol_exists(accept4 "sys/socket.h" HAVE_ACCEPT4)
check_include_file(termios.h HAVE_TERMIOS_H) check_include_file(termios.h HAVE_TERMIOS_H)
check_include_file("sys/types.h" HAVE_SYS_TYPES_H) check_include_file("sys/types.h" HAVE_SYS_TYPES_H)
check_include_files("sys/types.h;sys/event.h" HAVE_SYS_EVENT_H) check_include_files("sys/types.h;sys/event.h" HAVE_SYS_EVENT_H)
Show All 28 Lines

lldb/include/lldb/Host/Config.h.cmake

Show All 14 Lines
#cmakedefine01 HAVE_SYS_TYPES_H #cmakedefine01 HAVE_SYS_TYPES_H
#cmakedefine01 HAVE_SYS_EVENT_H #cmakedefine01 HAVE_SYS_EVENT_H
#cmakedefine01 HAVE_PPOLL #cmakedefine01 HAVE_PPOLL
#cmakedefine01 HAVE_PTSNAME_R
#cmakedefine01 HAVE_SIGACTION #cmakedefine01 HAVE_SIGACTION
#cmakedefine01 HAVE_PROCESS_VM_READV #cmakedefine01 HAVE_PROCESS_VM_READV
#cmakedefine01 HAVE_NR_PROCESS_VM_READV #cmakedefine01 HAVE_NR_PROCESS_VM_READV
#ifndef HAVE_LIBCOMPRESSION #ifndef HAVE_LIBCOMPRESSION
#cmakedefine HAVE_LIBCOMPRESSION #cmakedefine HAVE_LIBCOMPRESSION
Show All 27 Lines

lldb/include/lldb/Host/PseudoTerminal.h

Show First 20 LinesShow All 99 Lines▼ Show 20 Linespublic:
/// \see PseudoTerminal::ReleaseSecondaryFileDescriptor() /// \see PseudoTerminal::ReleaseSecondaryFileDescriptor()
int GetSecondaryFileDescriptor() const; int GetSecondaryFileDescriptor() const;
/// Get the name of the secondary pseudo terminal. /// Get the name of the secondary pseudo terminal.
/// ///
/// A primary pseudo terminal should already be valid prior to /// A primary pseudo terminal should already be valid prior to
/// calling this function. /// calling this function.
/// ///
/// \param[out] error_str
/// An pointer to an error that can describe any errors that
/// occur. This can be NULL if no error status is desired.
///
/// \return /// \return
/// The name of the secondary pseudo terminal as a NULL terminated /// The name of the secondary pseudo terminal.
/// C. This string that comes from static memory, so a copy of
/// the string should be made as subsequent calls can change
/// this value. NULL is returned if this object doesn't have
/// a valid primary pseudo terminal opened or if the call to
/// \c ptsname() fails.
/// ///
/// \see PseudoTerminal::OpenFirstAvailablePrimary() /// \see PseudoTerminal::OpenFirstAvailablePrimary()
const char *GetSecondaryName(char *error_str, size_t error_len) const; std::string GetSecondaryName() const;
/// Open the first available pseudo terminal. /// Open the first available pseudo terminal.
/// ///
/// Opens the first available pseudo terminal with \a oflag as the /// Opens the first available pseudo terminal with \a oflag as the
/// permissions. The opened primary file descriptor is stored in this object /// permissions. The opened primary file descriptor is stored in this object
/// and can be accessed by calling the /// and can be accessed by calling the
/// PseudoTerminal::GetPrimaryFileDescriptor() accessor. Clients can call the /// PseudoTerminal::GetPrimaryFileDescriptor() accessor. Clients can call the
/// PseudoTerminal::ReleasePrimaryFileDescriptor() accessor function if they /// PseudoTerminal::ReleasePrimaryFileDescriptor() accessor function if they
▲ Show 20 LinesShow All 90 LinesShow Last 20 Lines

lldb/source/Host/common/ProcessLaunchInfo.cpp

Show First 20 LinesShow All 216 Lines▼ Show 20 Lines#if !defined(_WIN32)
// intended for a system call in generic code. But this will have to // intended for a system call in generic code. But this will have to
// do for now. // do for now.
open_flags |= O_CLOEXEC; open_flags |= O_CLOEXEC;
#endif #endif
if (!m_pty->OpenFirstAvailablePrimary(open_flags, nullptr, 0)) { if (!m_pty->OpenFirstAvailablePrimary(open_flags, nullptr, 0)) {
return llvm::createStringError(llvm::inconvertibleErrorCode(), return llvm::createStringError(llvm::inconvertibleErrorCode(),
"PTY::OpenFirstAvailablePrimary failed"); "PTY::OpenFirstAvailablePrimary failed");
} }
const FileSpec secondary_file_spec(m_pty->GetSecondaryName(nullptr, 0)); const FileSpec secondary_file_spec(m_pty->GetSecondaryName());
// Only use the secondary tty if we don't have anything specified for // Only use the secondary tty if we don't have anything specified for
// input and don't have an action for stdin // input and don't have an action for stdin
if (GetFileActionForFD(STDIN_FILENO) == nullptr) if (GetFileActionForFD(STDIN_FILENO) == nullptr)
AppendOpenFileAction(STDIN_FILENO, secondary_file_spec, true, false); AppendOpenFileAction(STDIN_FILENO, secondary_file_spec, true, false);
// Only use the secondary tty if we don't have anything specified for // Only use the secondary tty if we don't have anything specified for
// output and don't have an action for stdout // output and don't have an action for stdout
▲ Show 20 LinesShow All 117 LinesShow Last 20 Lines

lldb/source/Host/common/PseudoTerminal.cpp

//===-- PseudoTerminal.cpp ------------------------------------------------===// //===-- PseudoTerminal.cpp ------------------------------------------------===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "lldb/Host/PseudoTerminal.h" #include "lldb/Host/PseudoTerminal.h"
#include "lldb/Host/Config.h" #include "lldb/Host/Config.h"
#include "llvm/Support/Errc.h"
#include "llvm/Support/Errno.h" #include "llvm/Support/Errno.h"
#include <cassert>
#include <limits.h>
#include <mutex>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#if defined(TIOCSCTTY) #if defined(TIOCSCTTY)
#include <sys/ioctl.h> #include <sys/ioctl.h>
#endif #endif
#include "lldb/Host/PosixApi.h" #include "lldb/Host/PosixApi.h"
▲ Show 20 LinesShow All 101 Lines▼ Show 20 Lines
// True when successful, false indicating an error occurred. // True when successful, false indicating an error occurred.
bool PseudoTerminal::OpenSecondary(int oflag, char *error_str, bool PseudoTerminal::OpenSecondary(int oflag, char *error_str,
size_t error_len) { size_t error_len) {
if (error_str) if (error_str)
error_str[0] = '\0'; error_str[0] = '\0';
CloseSecondaryFileDescriptor(); CloseSecondaryFileDescriptor();
// Open the primary side of a pseudo terminal std::string name = GetSecondaryName();
const char *secondary_name = GetSecondaryName(error_str, error_len); m_secondary_fd = llvm::sys::RetryAfterSignal(-1, ::open, name.c_str(), oflag);
if (secondary_name == nullptr)
return false;
m_secondary_fd =
llvm::sys::RetryAfterSignal(-1, ::open, secondary_name, oflag);
if (m_secondary_fd < 0) { if (m_secondary_fd < 0) {
if (error_str) if (error_str)
ErrnoToStr(error_str, error_len); ErrnoToStr(error_str, error_len);
return false; return false;
} }
return true; return true;
} }
// Get the name of the secondary pseudo terminal. A primary pseudo terminal std::string PseudoTerminal::GetSecondaryName() const {
// should already be valid prior to calling this function (see assert(m_primary_fd >= 0);
// OpenFirstAvailablePrimary()). #if HAVE_PTSNAME_R
// char buf[PATH_MAX];
// RETURNS: buf[0] = '\0';
// NULL if no valid primary pseudo terminal or if ptsname() fails. int r = ptsname_r(m_primary_fd, buf, sizeof(buf));
mgornyUnsubmitted
Not Done
ReplyInline Actions

I would really feel better with a real error handling here. It shouldn't be hard to use ErrorOr here.

mgorny: I would really feel better with a real error handling here. It shouldn't be hard to use…
labathAuthorUnsubmitted
Done
ReplyInline Actions

Yeah, but what are you going to do with that value? Pass it to the caller? The existing callers are ignoring the error return anyway, and I don't want to add error handling everywhere as afaict, this function can't fail unless the user messes up the master state (which is not something I want to support).

labath: Yeah, but what are you going to do with that value? Pass it to the caller? The existing callers…
mgornyUnsubmitted
Not Done
ReplyInline Actions

I get your point but I've literally wasted days because of missing error handling, so I'd really preferred if we wouldn't make it even worse. Though I guess assert is good enough.

mgorny: I get your point but I've literally wasted days because of missing error handling, so I'd…
labathAuthorUnsubmitted
Done
ReplyInline Actions

In some ways it's even better because it will point you straight to the place where the assumption is violated, whereas a propagated logic error can manifest itself much farther away (or not at all). :)

labath: In some ways it's even better because it will point you straight to the place where the…
MaskRayUnsubmitted
Not Done
ReplyInline Actions

If ptsname/ptsname_r fails, buf will be uninitialized and trigger a use-of-uninitialized-value error.

MaskRay: If `ptsname/ptsname_r` fails, buf will be uninitialized and trigger a use-of-uninitialized…
MaskRayUnsubmitted
Not Done
ReplyInline Actions

... in a -DLLVM_ENABLE_ASSERTIONS=off build.

This probably still needs some protection.

MaskRay: ... in a -DLLVM_ENABLE_ASSERTIONS=off build. This probably still needs some protection.
labathAuthorUnsubmitted
Done
ReplyInline Actions

What kind of protection did you have it mind? Initialize the buffer to an empty string?

labath: What kind of protection did you have it mind? Initialize the buffer to an empty string?
MaskRayUnsubmitted
Not Done
ReplyInline Actions

In the case of a non-zero return value, buf[0] = '\0' is probably sufficient to avoid an uninitialized value.

MaskRay: In the case of a non-zero return value, `buf[0] = '\0'` is probably sufficient to avoid an…
labathAuthorUnsubmitted
Done
ReplyInline Actions

sounds good.

labath: sounds good.
// The name of the secondary pseudo terminal as a NULL terminated C string assert(r == 0);
// that comes from static memory, so a copy of the string should be return buf;
// made as subsequent calls can change this value. #else
const char *PseudoTerminal::GetSecondaryName(char *error_str, static std::mutex mutex;
size_t error_len) const { std::lock_guard<std::mutex> guard(mutex);
if (error_str) const char *r = ptsname(m_primary_fd);
error_str[0] = '\0'; assert(r != nullptr);
return r;
if (m_primary_fd < 0) { #endif
if (error_str)
::snprintf(error_str, error_len, "%s",
"primary file descriptor is invalid");
return nullptr;
}
const char *secondary_name = ::ptsname(m_primary_fd);
if (error_str && secondary_name == nullptr)
ErrnoToStr(error_str, error_len);
return secondary_name;
} }
// Fork a child process and have its stdio routed to a pseudo terminal. // Fork a child process and have its stdio routed to a pseudo terminal.
// //
// In the parent process when a valid pid is returned, the primary file // In the parent process when a valid pid is returned, the primary file
// descriptor can be used as a read/write access to stdio of the child process. // descriptor can be used as a read/write access to stdio of the child process.
// //
// In the child process the stdin/stdout/stderr will already be routed to the // In the child process the stdin/stdout/stderr will already be routed to the
▲ Show 20 LinesShow All 109 LinesShow Last 20 Lines

lldb/source/Plugins/Platform/MacOSX/objcxx/PlatformiOSSimulatorCoreSimulatorSupport.mm

Show First 20 LinesShow All 401 Lines▼ Show 20 Lines case FileAction::eFileActionDuplicate:
break; break;
case FileAction::eFileActionOpen: { case FileAction::eFileActionOpen: {
FileSpec file_spec = file_action->GetFileSpec(); FileSpec file_spec = file_action->GetFileSpec();
if (file_spec) { if (file_spec) {
const int master_fd = launch_info.GetPTY().GetPrimaryFileDescriptor(); const int master_fd = launch_info.GetPTY().GetPrimaryFileDescriptor();
if (master_fd != PseudoTerminal::invalid_fd) { if (master_fd != PseudoTerminal::invalid_fd) {
// Check in case our file action open wants to open the secondary // Check in case our file action open wants to open the secondary
const char *secondary_path = FileSpec secondary_spec(launch_info.GetPTY().GetSecondaryName());
launch_info.GetPTY().GetSecondaryName(NULL, 0);
if (secondary_path) {
FileSpec secondary_spec(secondary_path);
if (file_spec == secondary_spec) { if (file_spec == secondary_spec) {
int secondary_fd = int secondary_fd =
launch_info.GetPTY().GetSecondaryFileDescriptor(); launch_info.GetPTY().GetSecondaryFileDescriptor();
if (secondary_fd == PseudoTerminal::invalid_fd) if (secondary_fd == PseudoTerminal::invalid_fd)
secondary_fd = secondary_fd =
launch_info.GetPTY().OpenSecondary(O_RDWR, nullptr, 0); launch_info.GetPTY().OpenSecondary(O_RDWR, nullptr, 0);
if (secondary_fd == PseudoTerminal::invalid_fd) { if (secondary_fd == PseudoTerminal::invalid_fd) {
error.SetErrorStringWithFormat( error.SetErrorStringWithFormat(
"unable to open secondary pty '%s'", secondary_path); "unable to open secondary pty '%s'", secondary_path);
return error; // Failure return error; // Failure
} }
[options setValue:[NSNumber numberWithInteger:secondary_fd] [options setValue:[NSNumber numberWithInteger:secondary_fd]
forKey:key]; forKey:key];
return error; // Success return error; // Success
} }
} }
}
Status posix_error; Status posix_error;
int oflag = file_action->GetActionArgument(); int oflag = file_action->GetActionArgument();
int created_fd = int created_fd =
open(file_spec.GetPath().c_str(), oflag, S_IRUSR | S_IWUSR); open(file_spec.GetPath().c_str(), oflag, S_IRUSR | S_IWUSR);
if (created_fd >= 0) { if (created_fd >= 0) {
auto file_options = File::OpenOptions(0); auto file_options = File::OpenOptions(0);
if ((oflag & O_RDWR) || (oflag & O_RDONLY)) if ((oflag & O_RDWR) || (oflag & O_RDONLY))
file_options |= File::eOpenOptionRead; file_options |= File::eOpenOptionRead;
▲ Show 20 LinesShow All 210 LinesShow Last 20 Lines

lldb/source/Plugins/Process/FreeBSD/ProcessFreeBSD.cpp

Show First 20 LinesShow All 374 Lines▼ Show 20 LinesStatus ProcessFreeBSD::DoLaunch(Module *module,
const lldb_private::FileAction *file_action; const lldb_private::FileAction *file_action;
// Default of empty will mean to use existing open file descriptors // Default of empty will mean to use existing open file descriptors
FileSpec stdin_file_spec{}; FileSpec stdin_file_spec{};
FileSpec stdout_file_spec{}; FileSpec stdout_file_spec{};
FileSpec stderr_file_spec{}; FileSpec stderr_file_spec{};
const FileSpec dbg_pts_file_spec{ const FileSpec dbg_pts_file_spec{launch_info.GetPTY().GetSecondaryName()};
launch_info.GetPTY().GetSecondaryName(NULL, 0)};
file_action = launch_info.GetFileActionForFD(STDIN_FILENO); file_action = launch_info.GetFileActionForFD(STDIN_FILENO);
stdin_file_spec = stdin_file_spec =
GetFileSpec(file_action, stdin_file_spec, dbg_pts_file_spec); GetFileSpec(file_action, stdin_file_spec, dbg_pts_file_spec);
file_action = launch_info.GetFileActionForFD(STDOUT_FILENO); file_action = launch_info.GetFileActionForFD(STDOUT_FILENO);
stdout_file_spec = stdout_file_spec =
GetFileSpec(file_action, stdout_file_spec, dbg_pts_file_spec); GetFileSpec(file_action, stdout_file_spec, dbg_pts_file_spec);
▲ Show 20 LinesShow All 688 LinesShow Last 20 Lines

lldb/source/Plugins/Process/gdb-remote/ProcessGDBRemote.cpp

Show First 20 LinesShow All 812 Lines▼ Show 20 Lines if (error.Success()) {
FileSpec::Style::native); FileSpec::Style::native);
} else if (platform_sp && platform_sp->IsHost()) { } else if (platform_sp && platform_sp->IsHost()) {
// If the debugserver is local and we aren't disabling STDIO, lets use // If the debugserver is local and we aren't disabling STDIO, lets use
// a pseudo terminal to instead of relying on the 'O' packets for stdio // a pseudo terminal to instead of relying on the 'O' packets for stdio
// since 'O' packets can really slow down debugging if the inferior // since 'O' packets can really slow down debugging if the inferior
// does a lot of output. // does a lot of output.
if ((!stdin_file_spec || !stdout_file_spec || !stderr_file_spec) && if ((!stdin_file_spec || !stdout_file_spec || !stderr_file_spec) &&
pty.OpenFirstAvailablePrimary(O_RDWR | O_NOCTTY, nullptr, 0)) { pty.OpenFirstAvailablePrimary(O_RDWR | O_NOCTTY, nullptr, 0)) {
FileSpec secondary_name{pty.GetSecondaryName(nullptr, 0)}; FileSpec secondary_name(pty.GetSecondaryName());
if (!stdin_file_spec) if (!stdin_file_spec)
stdin_file_spec = secondary_name; stdin_file_spec = secondary_name;
if (!stdout_file_spec) if (!stdout_file_spec)
stdout_file_spec = secondary_name; stdout_file_spec = secondary_name;
if (!stderr_file_spec) if (!stderr_file_spec)
▲ Show 20 LinesShow All 4,547 LinesShow Last 20 Lines