Re: [OE-core] [PATCH pseudo 4/4] Do not return address of local variable - unverified

From: "Damian Wrobel" <dwrobel@ertelnet.rybnik.pl>
To: "Seebs" <seebs@seebs.net>
Cc: "openembedded-core" <openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core] [PATCH pseudo 4/4] Do not return address of local variable - unverified
Date: Thu, 29 Jul 2021 14:37:28 +0200	[thread overview]
Message-ID: <17af2450a5a.11cd2feba245412.5780322336925190641@ertelnet.rybnik.pl> (raw)
In-Reply-To: <20210728151641.667338a5@seebsdell>

 ---- On Wed, 28 Jul 2021 22:16:41 +0200 Seebs <seebs@seebs.net> wrote ----
 > On Wed, 28 Jul 2021 11:36:22 +0200
 > "Damian Wrobel" <dwrobel@ertelnet.rybnik.pl> wrote:
 > 
 > > Do I correctly assume that pseudo_client_op() has to be fully
 > > reentrant?
 > 
 > No. It's never been even a tiny bit reentrant. We used to do the
 > allocate and free thing, and it was incredibly expensive, and the
 > nature of the thing requires confidence that we never, ever, have
 > more than one thing writing and reading over the socket at a time,
 > so it's just Not Reentrant. During one call to pseudo_client_op,

 > there will never be another, and all the IPC stuff uses a single
 > consistent local buffer that it returns the address of.
 > 
 > Declaring that as static without changing the initializer would indeed
 > break everything -- we rely on the initializer working. Changing it to
 > static means it only gets initialized once...
 > 
 > Changing it to:
 > 
 >     static pseudo_msg_t msg;
 >     msg = pseudo_msg_t { .type = PSEUDO_MSG_OP };
 > 
 > would probably be fine, because then it'd be initialized. Otherwise,
 > we'd get failures when msg got overwritten and reused.

Looking at the code I see that:

$ grep -n msg pseudo_client.c | grep -A 1 ".type = PSEUDO_MSG_OP"
1592:	pseudo_msg_t msg = { .type = PSEUDO_MSG_OP };
1848:		pseudo_msg_stat(&msg, buf);
1875:	msg.type = PSEUDO_MSG_OP;
1876:	msg.op = op;

the PSEUDO_MSG_OP is being unconditionally assigned to the msg.type
before any real usage of the 'msg' structure. So, if I'm not mistaken that code was
already tested and didn't work well and was reverted here[1].

[1] http://git.yoctoproject.org/cgit/cgit.cgi/pseudo/commit/?h=oe-core&id=b988b0a6b8afd8d459bc9a2528e834f63a3d59b2

--
Regards,
Damian

 > 
 > Or just changing `result = &msg` to something like `result =
 > &xattrdb_data`, which would be nonsensical but it turns out not to
 > matter, as the only caller that reaches this case is the caller
 > that's just checking yes/no "is the return value not a null pointer".
 > 
 > -s
 > 
 > 
 > 
 > 