[modules][Patch][BugzillaID#20467] Diagnose if -fmodules-cache-path is not writeable

Aaron Ballman aaron at aaronballman.com
Thu Sep 18 06:45:17 PDT 2014 

On Thu, Sep 18, 2014 at 7:50 AM, Vassil Vassilev
<vasil.georgiev.vasilev at cern.ch> wrote:
> On 09/17/2014 09:58 PM, Aaron Ballman wrote:
>
> On Wed, Sep 17, 2014 at 4:04 AM, Vassil Vassilev
> <vasil.georgiev.vasilev at cern.ch> wrote:
>
> Hi,
>   I am attaching a patch addressing llvm.org/bugs/show_bug.cgi?id=20467
> Vassil
>
> Index: lib/Frontend/CompilerInstance.cpp
> ===================================================================
> --- lib/Frontend/CompilerInstance.cpp (revision 217432)
> +++ lib/Frontend/CompilerInstance.cpp (working copy)
> @@ -339,6 +339,15 @@
>    if (!getHeaderSearchOpts().DisableModuleHash)
>      llvm::sys::path::append(SpecificModuleCache,
>                              getInvocation().getModuleHash());
> +
> +  // If the path is not writable we can't do anything but diagnose.
> +  if (llvm::sys::fs::exists(SpecificModuleCache.str()) &&
> +       !llvm::sys::fs::can_write(SpecificModuleCache.str())) {
> +    SourceLocation NoLoc;
> +    PP->getDiagnostics().Report(NoLoc,
> diag::err_module_cache_path_not_writable)
> +      << SpecificModuleCache;
> +  }
> +
>
> This has TOCTOU bugs -- the path could be writable at the point of
> your check, but at the point which actually attempts to create a file
> on that path can still fail. I think the correct way to handle this is
> to handle the failure at the point of using the path, not attempting
> to fail early.
>
> Thanks! IIUC a good place to do this would be
> clang::HeaderSearch::getModuleCachePath ? Would that be acceptable?

Not quite, because that would still suffer from the same TOCTOU bug. I
was thinking more along the lines of in GlobalModuleIndex::writeIndex
and GlobalModuleIndex::readIndex (or somewhere around there). When we
go to open the file for reading/writing (create directories, etc),
that action will fail. We should be diagnosing that once the failure
occurs instead of preemptively.

Basically, we shouldn't be doing:

if (!can_write(blah))
  report(why);

fopen(blah);

instead, we should be doing:

fopen(blah);
if (that_failed())
  report(why);

~Aaron

More information about the cfe-commits mailing list