From owner-freebsd-current@freebsd.org Mon Sep 14 08:01:35 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E3E653F5FFC for ; Mon, 14 Sep 2020 08:01:35 +0000 (UTC) (envelope-from hps@selasky.org) Received: from mail.turbocat.net (turbocat.net [88.99.82.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Bqf2Q6k4qz4Mh2; Mon, 14 Sep 2020 08:01:34 +0000 (UTC) (envelope-from hps@selasky.org) Received: from hps2020.home.selasky.org (unknown [178.17.145.105]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.turbocat.net (Postfix) with ESMTPSA id CB5BD2602CF; Mon, 14 Sep 2020 10:01:26 +0200 (CEST) Subject: Re: ioctl argument type [Was Re: svn commit: r359968 - head/sys/kern] To: Xin LI , FreeBSD Current Cc: phk@freebsd.org, jilles@freebsd.org, Doug Rabson , Xin Li References: <202004151320.03FDKqT7027080@repo.freebsd.org> From: Hans Petter Selasky Message-ID: Date: Mon, 14 Sep 2020 10:00:57 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4Bqf2Q6k4qz4Mh2 X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.67 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:mail.turbocat.net:c]; MID_RHS_MATCH_FROM(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[selasky.org]; NEURAL_HAM_LONG(-1.03)[-1.034]; RCPT_COUNT_FIVE(0.00)[6]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-0.36)[-0.361]; NEURAL_HAM_MEDIUM(-0.97)[-0.971]; FREEMAIL_TO(0.00)[gmail.com,freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:88.99.0.0/16, country:DE]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-current] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Sep 2020 08:01:35 -0000 On 2020-09-14 09:44, Xin LI wrote: > Hi, > > I have seen Chromium trigger the warning (I run -CURRENT with INVARIANTS) > and looked into the code history a little bit. > > It seems that the command was changed to u_long in r36846 > with a > follow up commit of r38517 > , possibly > because ioctl was defined to take an unsigned long command before FreeBSD. > > Internally, we have truncated it to 32-bit since 2005 (r140406 > ), and this > recent change made it a silent behavior. POSIX, on the other hand, defined > > ioctl as taking an int as its second parameter, but neither Linux (glibc in > particular, despite its documentation says > > differently) nor macOS appear to define it that way, but Solaris seems > to be > defining it as an int. > > What was the motivation to keep the prototype definition as > > int > ioctl(int fd, unsigned long request, ...); > > instead of: > > int > ioctl(int fd, int request, ...); > > Other than to make existing code happy? Alternatively, will it be a good > idea to give compiler some hints (e.g. by using __attribute__(enable_if)) > to emit errors, if we insist keeping the existing signature? > > > On Wed, Apr 15, 2020 at 6:21 AM Hans Petter Selasky > wrote: > >> Author: hselasky >> Date: Wed Apr 15 13:20:51 2020 >> New Revision: 359968 >> URL: https://svnweb.freebsd.org/changeset/base/359968 >> >> Log: >> Cast all ioctl command arguments through uint32_t internally. >> >> Hide debug print showing use of sign extended ioctl command argument >> under INVARIANTS. The print is available to all and can easily fill >> up the logs. >> >> No functional change intended. >> >> MFC after: 1 week >> Sponsored by: Mellanox Technologies >> >> Modified: >> head/sys/kern/sys_generic.c >> >> Modified: head/sys/kern/sys_generic.c >> >> ============================================================================== >> --- head/sys/kern/sys_generic.c Wed Apr 15 13:13:46 2020 (r359967) >> +++ head/sys/kern/sys_generic.c Wed Apr 15 13:20:51 2020 (r359968) >> @@ -652,18 +652,19 @@ int >> sys_ioctl(struct thread *td, struct ioctl_args *uap) >> { >> u_char smalldata[SYS_IOCTL_SMALL_SIZE] >> __aligned(SYS_IOCTL_SMALL_ALIGN); >> - u_long com; >> + uint32_t com; >> int arg, error; >> u_int size; >> caddr_t data; >> >> +#ifdef INVARIANTS >> if (uap->com > 0xffffffff) { >> printf( >> "WARNING pid %d (%s): ioctl sign-extension ioctl >> %lx\n", >> td->td_proc->p_pid, td->td_name, uap->com); >> - uap->com &= 0xffffffff; >> } >> - com = uap->com; >> +#endif >> + com = (uint32_t)uap->com; >> >> /* >> * Interpret high order word to find amount of data to be >> Hi, Using unsigned long is not cross platform compatible, especially when you have 32-bit compat shim layers. On 64-bit platforms long is usually 64-bit and on 32-bit platforms long is usually 32-bit. You've brought up a good question with a good history line. Maybe we should just "#if 0" the INVARIANTS check and remove that code? --HPS