From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 18434 invoked from network); 28 Aug 2021 03:15:12 -0000
Received: from mother.openwall.net (195.42.179.200)
  by inbox.vuxu.org with ESMTPUTF8; 28 Aug 2021 03:15:12 -0000
Received: (qmail 22370 invoked by uid 550); 28 Aug 2021 03:15:10 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 22352 invoked from network); 28 Aug 2021 03:15:09 -0000
X-Virus-Scanned: Debian amavisd-new at disroot.org
Mime-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail;
	t=1630120497; bh=carWZSNp3NPe3ewc7fh7XcpAdCaRTb8dSL8gid2fnEk=;
	h=Subject:From:To:Cc:Date:In-Reply-To;
	b=Qa6ZTqsHp0jsdOPKpq7qeuhz/K4MM1xhXDUhYaVb+8sUIAG67kSOACZmfIh5/fS60
	 rdiyE9pG5gocP00KkeoMKKr8eCRhE7miiSy8iaVZVvQkk53E/0bAIobYPltGF0D2jg
	 98fXpR9IPIvcSecTwWpZ2WTjCqnfxQSt5lCTDWMEkPAkHqSlkzAZ5be11/Oj1arwTl
	 l0Huzy67HmZ4TUQDKvSjjtQXiZytWee7EVU8056sm5CW4LLuvboQH7e/gEly8U+GYg
	 WzcNEYAeKsJRIfViBUKMF+EUJxHbLWL4jBTa5+9xpzB1Y5+AMuvSsIIHqmkNO8NUqx
	 xRORLcmCsKHsg==
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8
From: =?utf-8?q?=C3=89rico_Nogueira?= <ericonr@disroot.org>
To: <musl@lists.openwall.com>
Cc: <2010267516@qq.com>
Date: Fri, 27 Aug 2021 23:58:11 -0300
Message-Id: <CDUT4S6JD78D.MIJNK22HIE4B@mussels>
In-Reply-To: <20210827134302.GT13220@brightrain.aerifal.cx>
Subject: Re: [musl] What if the line in /proc/mounts is too long when
 calling getmntent_r?

On Fri Aug 27, 2021 at 10:43 AM -03, Rich Felker wrote:
> On Fri, Aug 27, 2021 at 10:26:35AM -0300, =C3=89rico Nogueira wrote:
> > Apparently I failed to CC you	in my original reply, sorry.
> >=20
> > Forwarded message from =C3=89rico Nogueira on Fri Aug 27, 2021 at 10:05=
 AM:
> >=20
> > Unfortunately your message was sent all garbled (please try to stick to
> > plain text email ;), so I'm reproducing it cleanly underneath with my
> > answer:
> >=20
> > >Hi!
> > >  I want to get cgroups mount information from /proc/mounts, but when =
i calling struct mntent *getmntent_r(FILE *f, struct mntent *mnt, char *lin=
ebuf, int buflen), i got nothing...
> > >  I run the program in a container.
> > >
> > >  alpine docker image:  amd64/alpine:3.14
> > >  musl: 1.2.2
> > >  program: =20
> > >
> > >    #include <stdio.h>
> > >
> > >    #include <stdlib.h>
> > >
> > >    #include <mntent.h>
> > >
> > >
> > >    #define CGROUP_MAX_VAL 512
> > >
> > >
> > >    int main(void)
> > >
> > >    {
> > >
> > >      struct mntent ent;
> > >
> > >      FILE *f;
> > >
> > >      char buf[CGROUP_MAX_VAL];
> > >
> > >
> > >      f =3D setmntent("/proc/mounts", "r");
> > >
> > >      if (f =3D=3D NULL) {
> > >
> > >        perror("setmntent");
> > >
> > >        exit(1);
> > >
> > >      }
> > >
> > >
> > >      while (getmntent_r(f, &ent, buf, sizeof(buf)) !=3D NULL) {
> > >
> > >        printf("%s %s\n", ent.mnt_type, ent.mnt_opts);
> > >
> > >      }
> >=20
> > The man page specifies that getmntent_r can return NULL on error, you
> > should check errno to see if anything happened. In this case, it would
> > be ERANGE, which tells you your buffer was too small.
> >=20
> > >
> > >
> > >      endmntent(f);
> > >
> > >    }
> > >
> > >  contents of file "/proc/mounts"
> > >
> > >    overlay / overlay rw,relatime,lowerdir=3D/var/lib/containerd/io.co=
ntainerd.snapshotter.v1.overlayfs/snapshots/955/fs:/var/lib/containerd/io.c=
ontainerd.snapshotter.v1.overlayfs/snapshots/954/fs:/var/lib/containerd/io.=
containerd.snapshotter.v1.overlayfs/snapshots/953/fs:/var/lib/containerd/io=
.containerd.snapshotter.v1.overlayfs/snapshots/952/fs:/var/lib/containerd/i=
o.containerd.snapshotter.v1.overlayfs/snapshots/941/fs:/var/lib/containerd/=
io.containerd.snapshotter.v1.overlayfs/snapshots/940/fs:/var/lib/containerd=
/io.containerd.snapshotter.v1.overlayfs/snapshots/879/fs:/var/lib/container=
d/io..containerd.snapshotter.v1.overlayfs/snapshots/325/fs,upperdir=3D/var/=
lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/956/fs,work=
dir=3D/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/=
956/work 0 0
> > >
> > >    proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
> > >
> > >    tmpfs /dev tmpfs rw,nosuid,size=3D65536k,mode=3D755 0 0
> > >
> > >    devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=3D5,mode=3D62=
0,ptmxmode=3D666 0 0
> > >
> > >    mqueue /dev/mqueue mqueue rw,nosuid,nodev,noexec,relatime 0 0
> > >
> > >    sysfs /sys sysfs ro,nosuid,nodev,noexec,relatime 0 0
> > >
> > >    tmpfs /sys/fs/cgroup tmpfs rw,nosuid,nodev,noexec,relatime,mode=3D=
755 0 0
> > >
> > >    cgroup /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relati=
me,xattr,release_agent=3D/usr/lib/systemd/systemd-cgroups-agent,name=3Dsyst=
emd 0 0
> > >
> > >    cgroup /sys/fs/cgroup/net_cls,net_prio cgroup rw,nosuid,nodev,noex=
ec,relatime,net_prio,net_cls 0 0
> > >
> > >    cgroup /sys/fs/cgroup/pids cgroup rw,nosuid,nodev,noexec,relatime,=
pids 0 0
> > >
> > >    cgroup /sys/fs/cgroup/hugetlb cgroup rw,nosuid,nodev,noexec,relati=
me,hugetlb 0 0
> > >
> > >    cgroup /sys/fs/cgroup/cpuset cgroup rw,nosuid,nodev,noexec,relatim=
e,cpuset 0 0
> > >
> > >    cgroup /sys/fs/cgroup/blkio cgroup rw,nosuid,nodev,noexec,relatime=
,blkio 0 0
> > >
> > >    cgroup /sys/fs/cgroup/devices cgroup rw,nosuid,nodev,noexec,relati=
me,devices 0 0
> > >
> > >    cgroup /sys/fs/cgroup/freezer cgroup rw,nosuid,nodev,noexec,relati=
me,freezer 0 0
> > >
> > >    cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,nosuid,nodev,noexec,re=
latime,cpuacct,cpu 0 0
> > >
> > >    cgroup /sys/fs/cgroup/memory cgroup rw,nosuid,nodev,noexec,relatim=
e,memory 0 0
> > >
> > >    cgroup /sys/fs/cgroup/perf_event cgroup rw,nosuid,nodev,noexec,rel=
atime,perf_event 0 0
> > >
> > >    ...
> > >
> > >
> > >  I find the first line of the file /proc/mounts has 822 characters(In=
 theory the 'overlay' could be even longer), more than CGROUP_MAX_VAL(512) =
defined in the proagram. Function fget in getmntent_r cann't get the whole =
line into linebuf, neither the character '\n'. And the function strchr(line=
buf, '\n') returns false, causing program returnd.=20
> > >  The function struct mntent *getmntent(FILE *f) is a good chioce to d=
eal this. But it can not be used in multiple threads, right?
> >=20
> > Correct, getmntent isn't thread safe.
> >=20
> > >  Maybe the implementation of GNU libc struct mntent *__getmntent_r (F=
ILE *stream, struct mntent *mp, char *buffer, int bufsiz) can be referenced=
.
> >=20
> > >From what I can see, glibc silently throws away any and all chars that
> > don't fit in the provided buffer until it finds a newline. getmntent_r
> > isn't actually specified, so I guess its behavior is a bit up to the
> > implementation. Anyhow, musl's reports ERANGE properly (maybe the man
> > page can be fixed to mention it?) and you should use a dynamic buffer i=
n
> > your program if you expect to deal with huge entries, and resize it if
> > getmntent_r fails with ERANGE.
>
> I'm not sure what the right way to recover in that situation is
> supposed to be, though... You can't just call it again with musl's
> current implementation or you'll start in the middle of a line, which
> is clearly wrong. But if you do the glibc thing and throw away the
> rest of the line, you also lose a line of data.

Don't you just skip the line entirely, due to the fscanf call? At least
that's what I assumed it was meant for.

		if (!strchr(linebuf, '\n')) {
			fscanf(f, "%*[^\n]%*[\n]");
			errno =3D ERANGE;
			return 0;
		}

So the current interface doesn't allow trying again to read the too-long
entry, since it will just have moved to the next one. I doubt any users
of the function will try to call getmntent_r again after it's returned
0, even if in this case it might still return the rest of the entries.

For possible changes, losing the rest of the line bothers me somewhat,
though it's supposedly what users on glibc will already expect. Do you
think doing fseek(f, -fgets_result, SEEK_CUR) without the fscanf call to
rewind until the start of the line would be valid? It would allow one to
retry again with bigger buffers. This is bad, of course, if there are
folks writing code to call getmntent_r again even after it returns 0 (it
would be very kooky code, since differentiating between the 0 returns
sounds complicated to me, unless they used errno=3D=3DERANGE as a
sinalizer); in their case, they expect to receive the next entry, but
the function would just loop eternally with too short a buffer. This
corner case feels like it would come from coding to the observed
behavior rather than any specification, so I don't know if it needs to
be respected.

>
> Rich