[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/6] enforce use of G_GNUC_PRINTF annotations

To: qemu-devel@xxxxxxxxxx
From: Daniel P. Berrangé <berrange@xxxxxxxxxx>
Date: Mon, 19 Dec 2022 08:01:59 -0500
Cc: "Dr. David Alan Gilbert" <dgilbert@xxxxxxxxxx>, qemu-ppc@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx, Laurent Vivier <lvivier@xxxxxxxxxx>, Markus Armbruster <armbru@xxxxxxxxxx>, Daniel Henrique Barboza <danielhb413@xxxxxxxxx>, virtio-fs@xxxxxxxxxx, Michael Roth <michael.roth@xxxxxxx>, Alex Bennée <alex.bennee@xxxxxxxxxx>, qemu-block@xxxxxxxxxx, Peter Maydell <peter.maydell@xxxxxxxxxx>, qemu-arm@xxxxxxxxxx, Paul Durrant <paul@xxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>, Cédric Le Goater <clg@xxxxxxxx>, John Snow <jsnow@xxxxxxxxxx>, Stefan Hajnoczi <stefanha@xxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Gerd Hoffmann <kraxel@xxxxxxxxxx>, Greg Kurz <groug@xxxxxxxx>, Thomas Huth <thuth@xxxxxxxxxx>, Daniel P. Berrangé <berrange@xxxxxxxxxx>
Delivery-date: Mon, 19 Dec 2022 13:02:28 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

We've been very gradually adding G_GNUC_PRINTF annotations
to functions over years. This has been useful in detecting
certain malformed printf strings, or cases where we pass
user data as the printf format which is a potential security
flaw.

Given the inherant memory corruption danger in use of format
strings vs mis-matched variadic arguments, it is worth applying
G_GNUC_PRINTF to all functions using printf, even if we know
they are safe.

The compilers can reasonably reliably identify such places
with the -Wsuggest-attribute=format / -Wmissing-format-attribute
flags.

This series adds G_GNUC_PRINTF / G_GNUC_SCANF to allow the code
locations that the compilers highlight. Then it adds the above
warning flags to the build flags, to catch any future additions
of functions that take printf/scanf format strings.

Daniel P. Berrangé (6):
  disas: add G_GNUC_PRINTF to gstring_printf
  hw/xen: use G_GNUC_PRINTF/SCANF for various functions
  tools/virtiofsd: add G_GNUC_PRINTF for logging functions
  util/error: add G_GNUC_PRINTF for various functions
  tests: add G_GNUC_PRINTF for various functions
  enforce use of G_GNUC_PRINTF attributes

 configure                         |  2 ++
 disas.c                           |  1 +
 hw/xen/xen-bus.c                  |  1 +
 hw/xen/xen_pvdev.c                |  1 +
 include/hw/xen/xen-bus-helper.h   |  6 ++++--
 include/hw/xen/xen-bus.h          |  3 ++-
 tests/qtest/ahci-test.c           |  3 +++
 tests/qtest/arm-cpu-features.c    |  1 +
 tests/qtest/erst-test.c           |  2 +-
 tests/qtest/ide-test.c            |  3 ++-
 tests/qtest/ivshmem-test.c        |  4 ++--
 tests/qtest/libqmp.c              |  2 +-
 tests/qtest/libqos/libqos-pc.h    |  6 ++++--
 tests/qtest/libqos/libqos-spapr.h |  6 ++++--
 tests/qtest/libqos/libqos.h       |  6 ++++--
 tests/qtest/libqos/virtio-9p.c    |  1 +
 tests/qtest/migration-helpers.h   |  1 +
 tests/qtest/rtas-test.c           |  2 +-
 tests/qtest/usb-hcd-uhci-test.c   |  4 ++--
 tests/unit/test-qmp-cmds.c        | 13 +++++++++----
 tools/virtiofsd/fuse_log.c        |  1 +
 tools/virtiofsd/fuse_log.h        |  6 ++++--
 tools/virtiofsd/passthrough_ll.c  |  1 +
 util/error-report.c               |  1 +
 util/error.c                      |  1 +
 25 files changed, 55 insertions(+), 23 deletions(-)

-- 
2.38.1

Follow-Ups:
- Re: [PATCH 0/6] enforce use of G_GNUC_PRINTF annotations
  - From: Paolo Bonzini
- [PATCH 5/6] tests: add G_GNUC_PRINTF for various functions
  - From: Daniel P. Berrangé
- [PATCH 3/6] tools/virtiofsd: add G_GNUC_PRINTF for logging functions
  - From: Daniel P. Berrangé
- [PATCH 1/6] disas: add G_GNUC_PRINTF to gstring_printf
  - From: Daniel P. Berrangé
- [PATCH 4/6] util/error: add G_GNUC_PRINTF for various functions
  - From: Daniel P. Berrangé
- [PATCH 6/6] enforce use of G_GNUC_PRINTF attributes
  - From: Daniel P. Berrangé
- [PATCH 2/6] hw/xen: use G_GNUC_PRINTF/SCANF for various functions
  - From: Daniel P. Berrangé

Prev by Date: Re: [PATCH RFC 04/10] domain: update GADDR based runstate guest area
Next by Date: [PATCH 2/6] hw/xen: use G_GNUC_PRINTF/SCANF for various functions
Previous by thread: [PATCH v2] NUMA: replace phys_to_nid()
Next by thread: [PATCH 2/6] hw/xen: use G_GNUC_PRINTF/SCANF for various functions
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.