Linux: Add ppoll fortify symbol for 64 bit time_t (BZ# 29746)

Similar to ppoll, the poll.h header needs to redirect the poll call
to a proper fortified ppoll with 64 bit time_t support.

The implementation is straightforward, just need to add a similar
check as __poll_chk and call the 64 bit time_t ppoll version.  The
debug fortify tests are also extended to cover 64 bit time_t for
affected ABIs.

Unfortunately it requires an aditional symbol, which makes backport
tricky.  One possibility is to add a static inline version if compiler
supports is and call abort instead of __chk_fail, so fortified version
will call __poll64 in the end.

Another possibility is to just remove the fortify support for
_TIME_BITS=64.

Checked on i686-linux-gnu.

debug/Makefile

@@ -120,8 +120,10 @@ CPPFLAGS-tst-chk-cancel.c += -D_FORTIFY_SOURCE=2
 # CFLAGS for the file.
 
 tests-all-chk = tst-fortify
-tests-c-chk =
-tests-cc-chk =
+tests-c-def-chk =
+tests-cc-def-chk =
+tests-c-time64-chk =
+tests-cc-time64-chk =
 
 CFLAGS-tst-fortify.c += -Wno-format -Wno-deprecated-declarations -Wno-error
 
@@ -130,11 +132,11 @@ define cflags-default
 endef
 
 define cflags-lfs
-CFLAGS-tst-fortify-$(1)-lfs-$(2).$(1) += -D_FILE_OFFSET_BITS=64
+CFLAGS-tst-fortify-$(1)-lfs-$(2)-$(3).$(1) += -D_FILE_OFFSET_BITS=64
 endef
 
 define cflags-nongnu
-CFLAGS-tst-fortify-$(1)-nongnu-$(2).$(1) += -D_LARGEFILE64_SOURCE=1
+CFLAGS-tst-fortify-$(1)-nongnu-$(2)-$(3).$(1) += -D_LARGEFILE64_SOURCE=1
 endef
 
 src-chk-nongnu = \#undef _GNU_SOURCE
@@ -145,12 +147,12 @@ src-chk-nongnu = \#undef _GNU_SOURCE
 # And they also generate warnings from warning attributes, which
 # cannot be disabled via pragmas, so require -Wno-error to be used.
 define gen-chk-test
-tests-$(1)-chk += tst-fortify-$(1)-$(2)-$(3)
-CFLAGS-tst-fortify-$(1)-$(2)-$(3).$(1) += -D_FORTIFY_SOURCE=$(3) -Wno-format \
+tests-$(1)-$(4)-chk += tst-fortify-$(1)-$(2)-$(3)-$(4)
+CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += -D_FORTIFY_SOURCE=$(3) -Wno-format \
 					  -Wno-deprecated-declarations \
 					  -Wno-error
-$(eval $(call cflags-$(2),$(1),$(3)))
-$(objpfx)tst-fortify-$(1)-$(2)-$(3).$(1): tst-fortify.c Makefile
+$(eval $(call cflags-$(2),$(1),$(3),$(4)))
+$(objpfx)tst-fortify-$(1)-$(2)-$(3)-$(4).$(1): tst-fortify.c Makefile
 	( echo "/* Autogenerated from Makefile.  */"; \
 	  echo "$(src-chk-$(2))"; \
 	  echo "#include \"tst-fortify.c\"" ) > $$@.tmp
@@ -159,19 +161,29 @@ endef
 
 chk-extensions = c cc
 chk-types = default lfs nongnu
+# 64 bit time_t implies LFS.
+chk-types-time64 = default nongnu
 chk-levels = 1 2 3
 
 $(foreach e,$(chk-extensions), \
   $(foreach t,$(chk-types), \
     $(foreach l,$(chk-levels), \
-      $(eval $(call gen-chk-test,$(e),$(t),$(l))))))
+      $(eval $(call gen-chk-test,$(e),$(t),$(l),def)))))
 
-tests-all-chk += $(tests-c-chk) $(tests-cc-chk)
+tests-all-chk += $(tests-c-def-chk) $(tests-cc-def-chk)
+
+$(foreach e,$(chk-extensions), \
+  $(foreach t,$(chk-types-time64), \
+    $(foreach l,$(chk-levels), \
+      $(eval $(call gen-chk-test,$(e),$(t),$(l),time64)))))
+
+tests-all-time64-chk += $(tests-c-time64-chk) $(tests-cc-time64-chk)
 
 define link-cc
 LDLIBS-$(1) = -lstdc++
 endef
-$(foreach t,$(tests-cc-chk), $(eval $(call link-cc,$(t))))
+$(foreach t,$(tests-cc-def-chk), $(eval $(call link-cc,$(t))))
+$(foreach t,$(tests-cc-time64-chk), $(eval $(call link-cc,$(t))))
 
 # backtrace_symbols only works if we link with -rdynamic.  backtrace
 # requires unwind tables on most architectures.
@@ -201,6 +213,10 @@ tests = backtrace-tst \
 	tst-realpath-chk \
 	$(tests-all-chk)
 
+tests-time64 += \
+	$(tests-all-time64-chk) \
+	# tests-time64
+
 ifeq ($(have-ssp),yes)
 tests += tst-ssp-1
 endif
@@ -210,7 +226,7 @@ tests += tst-chk-cancel
 endif
 
 ifeq (,$(CXX))
-tests-unsupported = $(tests-cc-chk)
+tests-unsupported = $(tests-cc-def-chk) $(test-cc-time64-chk)
 endif
 
 extra-libs = libpcprofile
@@ -235,6 +251,7 @@ define chk-gen-locales
 $(objpfx)$(1).out: $(gen-locales)
 endef
 $(foreach t, $(tests-all-chk), $(eval $(call chk-gen-locales,$(t))))
+$(foreach t, $(tests-all-time64-chk), $(eval $(call chk-gen-locales,$(t))))
 endif
 
 sLIBdir := $(shell echo $(slibdir) | sed 's,lib\(\|64\)$$,\\\\$$LIB,')

include/sys/poll.h

@@ -2,13 +2,16 @@
 # include <io/sys/poll.h>
 
 #ifndef _ISOMAC
+#include <include/struct___timespec64.h>
+
 extern int __poll (struct pollfd *__fds, unsigned long int __nfds,
 		   int __timeout);
 libc_hidden_proto (__poll)
 libc_hidden_proto (ppoll)
 
 # if __TIMESIZE == 64
-#  define __ppoll64 __ppoll
+#  define __ppoll64 ppoll
+#  define __ppoll64_chk __ppoll_chk
 # else
 # include <time.h>
 # include <signal.h>

io/bits/poll2.h

@@ -43,6 +43,30 @@ poll (struct pollfd *__fds, nfds_t __nfds, int __timeout)
 
 
 #ifdef __USE_GNU
+# ifdef __USE_TIME_BITS64
+extern int __REDIRECT (__ppoll64_alias, (struct pollfd *__fds, nfds_t __nfds,
+				       const struct timespec *__timeout,
+				       const __sigset_t *__ss), __ppoll64);
+extern int __ppoll64_chk (struct pollfd *__fds, nfds_t __nfds,
+			  const struct timespec *__timeout,
+			  const __sigset_t *__ss, __SIZE_TYPE__ __fdslen)
+    __attr_access ((__write_only__, 1, 2));
+extern int __REDIRECT (__ppoll64_chk_warn, (struct pollfd *__fds, nfds_t __n,
+					    const struct timespec *__timeout,
+					    const __sigset_t *__ss,
+					    __SIZE_TYPE__ __fdslen),
+		       __ppoll64_chk)
+  __warnattr ("ppoll called with fds buffer too small file nfds entries");
+
+__fortify_function __fortified_attr_access (__write_only__, 1, 2) int
+ppoll (struct pollfd *__fds, nfds_t __nfds, const struct timespec *__timeout,
+       const __sigset_t *__ss)
+{
+  return __glibc_fortify (ppoll64, __nfds, sizeof (*__fds),
+			  __glibc_objsize (__fds),
+			  __fds, __nfds, __timeout, __ss);
+}
+# else
 extern int __REDIRECT (__ppoll_alias, (struct pollfd *__fds, nfds_t __nfds,
 				       const struct timespec *__timeout,
 				       const __sigset_t *__ss), ppoll);
@@ -65,6 +89,7 @@ ppoll (struct pollfd *__fds, nfds_t __nfds, const struct timespec *__timeout,
 			  __glibc_objsize (__fds),
 			  __fds, __nfds, __timeout, __ss);
 }
+# endif
 #endif
 
 __END_DECLS

sysdeps/unix/sysv/linux/Versions

@@ -313,6 +313,11 @@ libc {
     process_madvise;
     process_mrelease;
   }
+  GLIBC_2.37 {
+%ifdef TIME64_NON_DEFAULT
+    __ppoll64_chk;
+%endif
+  }
   GLIBC_PRIVATE {
     # functions used in other libraries
     __syscall_rt_sigqueueinfo;

sysdeps/unix/sysv/linux/arm/be/libc.abilist

@@ -513,6 +513,7 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F
 GLIBC_2.4 _Exit F
 GLIBC_2.4 _IO_2_1_stderr_ D 0xa0
 GLIBC_2.4 _IO_2_1_stdin_ D 0xa0

sysdeps/unix/sysv/linux/arm/le/libc.abilist

@@ -510,6 +510,7 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F
 GLIBC_2.4 _Exit F
 GLIBC_2.4 _IO_2_1_stderr_ D 0xa0
 GLIBC_2.4 _IO_2_1_stdin_ D 0xa0

sysdeps/unix/sysv/linux/csky/libc.abilist

@@ -2669,3 +2669,4 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F

sysdeps/unix/sysv/linux/hppa/libc.abilist

@@ -2618,6 +2618,7 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F
 GLIBC_2.4 __confstr_chk F
 GLIBC_2.4 __fgets_chk F
 GLIBC_2.4 __fgets_unlocked_chk F

sysdeps/unix/sysv/linux/i386/libc.abilist

@@ -2802,6 +2802,7 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F
 GLIBC_2.4 __confstr_chk F
 GLIBC_2.4 __fgets_chk F
 GLIBC_2.4 __fgets_unlocked_chk F

sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist

@@ -514,6 +514,7 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F
 GLIBC_2.4 _Exit F
 GLIBC_2.4 _IO_2_1_stderr_ D 0x98
 GLIBC_2.4 _IO_2_1_stdin_ D 0x98

sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist

@@ -2745,6 +2745,7 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F
 GLIBC_2.4 __confstr_chk F
 GLIBC_2.4 __fgets_chk F
 GLIBC_2.4 __fgets_unlocked_chk F

sysdeps/unix/sysv/linux/microblaze/be/libc.abilist

@@ -2718,3 +2718,4 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F

sysdeps/unix/sysv/linux/microblaze/le/libc.abilist

@@ -2715,3 +2715,4 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F

sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist

@@ -2710,6 +2710,7 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F
 GLIBC_2.4 __confstr_chk F
 GLIBC_2.4 __fgets_chk F
 GLIBC_2.4 __fgets_unlocked_chk F

sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist

@@ -2708,6 +2708,7 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F
 GLIBC_2.4 __confstr_chk F
 GLIBC_2.4 __fgets_chk F
 GLIBC_2.4 __fgets_unlocked_chk F

sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist

@@ -2716,6 +2716,7 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F
 GLIBC_2.4 __confstr_chk F
 GLIBC_2.4 __fgets_chk F
 GLIBC_2.4 __fgets_unlocked_chk F

sysdeps/unix/sysv/linux/nios2/libc.abilist

@@ -2757,3 +2757,4 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F

sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist

@@ -2772,6 +2772,7 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F
 GLIBC_2.4 _IO_fprintf F
 GLIBC_2.4 _IO_printf F
 GLIBC_2.4 _IO_sprintf F

sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist

@@ -2805,6 +2805,7 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F
 GLIBC_2.4 _IO_fprintf F
 GLIBC_2.4 _IO_printf F
 GLIBC_2.4 _IO_sprintf F

sysdeps/unix/sysv/linux/ppoll.c

@@ -67,7 +67,7 @@ __ppoll64 (struct pollfd *fds, nfds_t nfds, const struct __timespec64 *timeout,
 libc_hidden_def (__ppoll64)
 
 int
-__ppoll (struct pollfd *fds, nfds_t nfds, const struct timespec *timeout,
+ppoll (struct pollfd *fds, nfds_t nfds, const struct timespec *timeout,
          const sigset_t *sigmask)
 {
   struct __timespec64 ts64;
@@ -77,5 +77,4 @@ __ppoll (struct pollfd *fds, nfds_t nfds, const struct timespec *timeout,
   return __ppoll64 (fds, nfds, timeout ? &ts64 : NULL, sigmask);
 }
 #endif
-strong_alias (__ppoll, ppoll)
 libc_hidden_def (ppoll)

sysdeps/unix/sysv/linux/ppoll_chk.c

@@ -0,0 +1,42 @@
+/* Fortify ppoll implementation.  Linux version.
+   Copyright (C) 2022 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <poll.h>
+
+int
+__ppoll64_chk (struct pollfd *fds, nfds_t nfds,
+	       const struct __timespec64 *tmo, const __sigset_t *ss,
+	       __SIZE_TYPE__ fdslen)
+{
+  if (fdslen / sizeof (*fds) < nfds)
+    __chk_fail ();
+
+  return __ppoll64 (fds, nfds, tmo, ss);
+}
+
+#if __TIMESIZE != 64
+int
+__ppoll_chk (struct pollfd *fds, nfds_t nfds, const struct timespec *tmo,
+	     const __sigset_t *ss, __SIZE_TYPE__ fdslen)
+{
+  if (fdslen / sizeof (*fds) < nfds)
+    __chk_fail ();
+
+  return ppoll (fds, nfds, tmo, ss);
+}
+#endif

sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist

@@ -2770,6 +2770,7 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F
 GLIBC_2.4 _IO_fprintf F
 GLIBC_2.4 _IO_printf F
 GLIBC_2.4 _IO_sprintf F

sysdeps/unix/sysv/linux/sh/be/libc.abilist

@@ -2625,6 +2625,7 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F
 GLIBC_2.4 __confstr_chk F
 GLIBC_2.4 __fgets_chk F
 GLIBC_2.4 __fgets_unlocked_chk F

sysdeps/unix/sysv/linux/sh/le/libc.abilist

@@ -2622,6 +2622,7 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F
 GLIBC_2.4 __confstr_chk F
 GLIBC_2.4 __fgets_chk F
 GLIBC_2.4 __fgets_unlocked_chk F

sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist

@@ -2765,6 +2765,7 @@ GLIBC_2.36 pidfd_open F
 GLIBC_2.36 pidfd_send_signal F
 GLIBC_2.36 process_madvise F
 GLIBC_2.36 process_mrelease F
+GLIBC_2.37 __ppoll64_chk F
 GLIBC_2.4 _IO_fprintf F
 GLIBC_2.4 _IO_printf F
 GLIBC_2.4 _IO_sprintf F