Commit Graph

505 Commits

Author SHA1 Message Date
Sergey Bugaev
226f1f8a94 hurd: Swap around two function calls
...to keep `sigexc' port initialization in one place, and match what the
comments say.

No functional change.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-7-bugaevc@gmail.com>
2023-04-03 00:54:35 +02:00
Sergey Bugaev
71232da3b3 hurd: Remove __hurd_threadvar_stack_{offset,mask}
Noone is or should be using __hurd_threadvar_stack_{offset,mask}, we
have proper TLS now. These two remaining variables are never set to
anything other than zero, so any code that would try to use them as
described would just dereference a zero pointer and crash. So remove
them entirely.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-6-bugaevc@gmail.com>
2023-04-03 00:53:25 +02:00
Sergey Bugaev
d8ee5d614b hurd: Make exception subcode a long
On EXC_BAD_ACCESS, exception subcode is used to pass the faulting memory
address, so it needs to be (at least) pointer-sized. Thus, make it into
a long. This matches the corresponding change in GNU Mach.
Message-Id: <20230319151017.531737-5-bugaevc@gmail.com>
2023-04-03 00:51:42 +02:00
Adhemerval Zanella Netto
743963cad7 Remove set-hooks.h from generic includes
The hooks mechanism uses symbol sets for running lists of functions,
which requires either extra linker directives to provide any hardening
(such as RELRO) or additional code (such as pointer obfuscation via
mangling with random value).

Currently only hurd uses set-hooks.h so we remove it from the generic
includes.  The generic implementation uses direct function calls which
provide hardening and good code generation, observability and debugging
without the need for extra linking options or special code handling.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-03-27 13:57:55 -03:00
Sergey Bugaev
0d41182e0e hurd: Fix some broken indentation
Also, fix a couple of typos. No functional change.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230301162355.426887-2-bugaevc@gmail.com>
2023-03-02 00:32:55 +01:00
Sergey Bugaev
60b21327b1 hurd: Remove the ecx kludge
"We don't need it any more"

The INTR_MSG_TRAP macro in intr-msg.h used to play little trick with
the stack pointer: it would temporarily save the "real" stack pointer
into ecx, while setting esp to point to just before the message buffer,
and then invoke the mach_msg trap. This way, INTR_MSG_TRAP reused the
on-stack arguments laid out for the containing call of
_hurd_intr_rpc_mach_msg (), passing them to the mach_msg trap directly.

This, however, required special support in hurdsig.c and trampoline.c,
since they now had to recognize when a thread is inside the piece of
code where esp doesn't point to the real tip of the stack, and handle
this situation specially.

Commit 1d20f33ff4 has removed the actual
temporary change of esp by actually re-pushing mach_msg arguments onto
the stack, and popping them back at end. It did not, however, deal with
the rest of "the ecx kludge" code in other files, resulting in potential
crashes if a signal arrives in the middle of pushing arguments onto the
stack.

Fix that by removing "the ecx kludge". Instead, when we want a thread
to skip the RPC, but cannot make just make it jump to after the trap
since it's not done adjusting the stack yet, set the SYSRETURN register
to MACH_SEND_INTERRUPTED (as we do anyway), and rely on the thread
itself for detecting this case and skipping the RPC.

This simplifies things somewhat and paves the way for a future x86_64
port of this code.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230301162355.426887-1-bugaevc@gmail.com>
2023-03-02 00:32:55 +01:00
Sergey Bugaev
32fff41bde hurd: Use proper integer types
Fix a few more cases of build errors caused by mismatched types. This is a
continuation of f4315054b4.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230218203717.373211-3-bugaevc@gmail.com>
2023-02-20 00:33:47 +01:00
Samuel Thibault
bf33bf5948 hurd: Fix unwinding over INTR_MSG_TRAP in shared too
This follows 63550530d9 ("hurd: Fix unwinding over INTR_MSG_TRAP"),
for the shared library case.
2023-02-14 19:32:15 +00:00
Sergey Bugaev
48941024ba hurd: Fix xattr error value
This does not seem like it is supposed to return negative error codes.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230212111044.610942-5-bugaevc@gmail.com>
2023-02-12 15:56:21 +01:00
Sergey Bugaev
62d6c33030 mach, hurd: Cast through uintptr_t
When casting between a pointer and an integer of a different size, GCC
emits a warning (which is escalated to a build failure by -Werror).
Indeed, if what you start with is a pointer, which you then cast to a
shorter integer and then back again, you're going to cut off some bits
of the pointer.

But if you start with an integer (such as mach_port_t), then cast it to
a longer pointer (void *), and then back to a shorter integer, you are
fine. To keep GCC happy, cast through an intermediary uintptr_t, which
is always the same size as a pointer.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230212111044.610942-4-bugaevc@gmail.com>
2023-02-12 15:55:04 +01:00
Sergey Bugaev
f4315054b4 hurd: Use mach_msg_type_number_t where appropriate
It has been decided that on x86_64, mach_msg_type_number_t stays 32-bit.
Therefore, it's not possible to use mach_msg_type_number_t
interchangeably with size_t, in particular this breaks when a pointer to
a variable is passed to a MIG routine.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230212111044.610942-3-bugaevc@gmail.com>
2023-02-12 15:52:07 +01:00
Samuel Thibault
63550530d9 hurd: Fix unwinding over INTR_MSG_TRAP
We used to use .cfi_adjust_cfa_offset around %esp manipulation
asm instructions to fix unwinding, but when building glibc with
-fno-omit-frame-pointer this is bogus since in that case %ebp is the CFA and
does not move.

Instead, let's force -fno-omit-frame-pointer when building intr-msg.c so
that %ebp can always be used and no .cfi_adjust_cfa_offset is needed.
2023-02-09 19:58:43 +01:00
Flavio Cruz
fa93858a88 Remove support setting custom demuxers during signal handling.
We seem to call only into the exception and message server routines.
Message-Id: <Y9dpRZs3QYk2oZm+@jupiter.tail36e24.ts.net>
2023-02-01 23:37:40 +01:00
Sergey Bugaev
65392c8478 hurd: Implement O_TMPFILE
This is a flag that causes open () to create a new, unnamed file in the
same filesystem as the given directory. The file descriptor can be
simply used in the creating process as a temporary file, or shared with
children processes via fork (), or sent over a Unix socket. The file can
be left anonymous, in which case it will be deleted from the backing
file system once all copies of the file descriptor are closed, or given
a permanent name with a linkat () call, such as the following:

int fd = open ("/tmp", O_TMPFILE | O_RDWR, 0700);
/* Do something with the file... */
linkat (fd, "", AT_FDCWD, "/tmp/filename", AT_EMPTY_PATH);

In between creating the file and linking it to the file system, it is
possible to set the file content, mode, ownership, author, and other
attributes, so that the file visibly appears in the file system (perhaps
replacing another file) atomically, with all of its attributes already
set up.

The Hurd support for O_TMPFILE directly exposes the dir_mkfile RPC to
user programs. Previously, dir_mkfile was used by glibc internally, in
particular for implementing tmpfile (), but not exposed to user programs
through a Unix-level API.

O_TMPFILE was initially introduced by Linux. This implementation is
intended to be compatible with the Linux implementation, except that the
O_EXCL flag is not given the special meaning when used together with
O_TMPFILE, unlike on Linux.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230130125216.6254-3-bugaevc@gmail.com>
2023-02-01 23:32:21 +01:00
Sergey Bugaev
d011ab5708 hurd: Consolidate file_name_lookup implementation
Instead of __file_name_lookup_at delegating to __file_name_lookup
in simple cases, make __file_name_lookup_at deal with both cases, and
have __file_name_lookup simply wrap __file_name_lookup_at.

This factorizes handling the empy name case.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230130125216.6254-2-bugaevc@gmail.com>
2023-02-01 20:05:20 +01:00
Joseph Myers
6d7e8eda9b Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
Samuel Thibault
f77bd0ee9a hurd hurdstartup: Initialize remaining fields of hurd_startup_data
In case we don't have a bootstrap port or __exec_startup_get_info
failed, we should avoid leaking uninitialized fields of data.
2023-01-02 11:36:11 +01:00
Samuel Thibault
6514b2d595 hurd _S_msg_add_auth: Initialize new arrays to 0
If make_list fails, they would be undefined, and freeup with free
uninitialized pointers.
2023-01-02 11:36:11 +01:00
Florian Weimer
58548b9d68 Use PTR_MANGLE and PTR_DEMANGLE unconditionally in C sources
In the future, this will result in a compilation failure if the
macros are unexpectedly undefined (due to header inclusion ordering
or header inclusion missing altogether).

Assembler sources are more difficult to convert.  In many cases,
they are hand-optimized for the mangling and no-mangling variants,
which is why they are not converted.

sysdeps/s390/s390-32/__longjmp.c and sysdeps/s390/s390-64/__longjmp.c
are special: These are C sources, but most of the implementation is
in assembler, so the PTR_DEMANGLE macro has to be undefined in some
cases, to match the assembler style.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-10-18 17:04:10 +02:00
Florian Weimer
88f4b6929c Introduce <pointer_guard.h>, extracted from <sysdep.h>
This allows us to define a generic no-op version of PTR_MANGLE and
PTR_DEMANGLE.  In the future, we can use PTR_MANGLE and PTR_DEMANGLE
unconditionally in C sources, avoiding an unintended loss of hardening
due to missing include files or unlucky header inclusion ordering.

In i386 and x86_64, we can avoid a <tls.h> dependency in the C
code by using the computed constant from <tcb-offsets.h>.  <sysdep.h>
no longer includes these definitions, so there is no cyclic dependency
anymore when computing the <tcb-offsets.h> constants.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-10-18 17:03:55 +02:00
Wilco Dijkstra
22f4ab2d20 Use atomic_exchange_release/acquire
Rename atomic_exchange_rel/acq to use atomic_exchange_release/acquire
since these map to the standard C11 atomic builtins.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-09-26 16:58:08 +01:00
Samuel Thibault
063f7462da hurd: Fix vm_size_t incoherencies
In gnumach, 3e1702a65fb3 ("add rpc_versions for vm types") changed the type
of vm_size_t, making it always a unsigned long. This made it incompatible on
x86 with size_t. Even if we may want to revert it to unsigned int, it's
better to fix the types of parameters according to the .defs files.
2022-08-29 01:42:47 +02:00
Noah Goldstein
535e935a28 Replace {u}int_fast{16|32} with {u}int32_t
On 32-bit machines this has no affect. On 64-bit machines
{u}int_fast{16|32} are set as {u}int64_t which is often not
ideal. Particularly x86_64 this change both saves code size and
may save instruction cost.

Full xcheck passes on x86_64.
2022-04-13 21:23:04 -05:00
Samuel Thibault
0eb230ccce hurd: Make RPC input array parameters const
This follows mig's cf4bcc3f1435 ("Also add const qualifiers on server
side")
2022-01-16 18:48:08 +00:00
Samuel Thibault
41a11a5e83 hurd: optimize exec cleanup
When ports are nul we do not need to request their deallocation. It is
also useless to look for them in portnames.
2022-01-16 00:02:16 +01:00
Samuel Thibault
84a9d5835a hurd: Fix exec() leak on proc_task2proc failure
env is allocated after args, so should be freed before it.
2022-01-15 21:58:39 +01:00
Samuel Thibault
5d8eb435a8 hurd: nuke all unknown ports on exec
Ports which are not in the ports table or dtable will not make sense for the
new program, so we can nuke them.  Actually we shall, otherwise we would
be leaking various ports, for instance the file_t of the executed program
itself.
2022-01-04 01:14:41 +01:00
Samuel Thibault
0e298448aa hurd: Fix auth port leak
If access() was used before exec, _hurd_id.rid_auth would cache an
"effective" auth port.  We do not want this to leak into the executed
program.
2022-01-04 01:14:41 +01:00
Samuel Thibault
a51faeee6a hurd: Implement _S_msg_get_dtable
This will be needed for implementing lsof.
2022-01-02 02:24:00 +01:00
Paul Eggert
581c785bf3 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.

I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah.  I don't
know why I run into these diagnostics whereas others evidently do not.

remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
2022-01-01 11:40:24 -08:00
Samuel Thibault
ae49f218da hurd: Fix static-PIE startup
hurd initialization stages use RUN_HOOK to run various initialization
functions.  That is however using absolute addresses which need to be
relocated, which is done later by csu.  We can however easily make the
linker compute relative addresses which thus don't need a relocation.
The new SET_RELHOOK and RUN_RELHOOK macros implement this.
2021-12-28 10:28:22 +01:00
Samuel Thibault
2ce0481d26 hurd: let csu initialize tls
Since 9cec82de71 ("htl: Initialize later"), we let csu initialize
pthreads. We can thus let it initialize tls later too, to better align
with the generic order.  Initialization however accesses ports which
links/unlinks into the sigstate for unwinding.  We can however easily
skip that during initialization.
2021-12-28 10:15:52 +01:00
Samuel Thibault
e49c3c5d7a hurd: Let report-wait use a weak reference to _hurd_itimer_thread
libc.so.0.3 does not seem to need this defined any more.
2021-11-28 21:26:25 +01:00
Siddhesh Poyarekar
30891f35fa Remove "Contributed by" lines
We stopped adding "Contributed by" or similar lines in sources in 2012
in favour of git logs and keeping the Contributors section of the
glibc manual up to date.  Removing these lines makes the license
header a bit more consistent across files and also removes the
possibility of error in attribution when license blocks or files are
copied across since the contributed-by lines don't actually reflect
reality in those cases.

Move all "Contributed by" and similar lines (Written by, Test by,
etc.) into a new file CONTRIBUTED-BY to retain record of these
contributions.  These contributors are also mentioned in
manual/contrib.texi, so we just maintain this additional record as a
courtesy to the earlier developers.

The following scripts were used to filter a list of files to edit in
place and to clean up the CONTRIBUTED-BY file respectively.  These
were not added to the glibc sources because they're not expected to be
of any use in future given that this is a one time task:

https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dc
https://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-09-03 22:06:44 +05:30
Samuel Thibault
13710e7e6a hurd: Add support for AT_NO_AUTOMOUNT 2021-08-10 17:16:54 +02:00
Samuel Thibault
df183287ff hurd: Avoid spurious warning
Compilers missing some flow analysis may think ss may be used
uninitialized.
2021-08-03 19:38:45 +02:00
Samuel Thibault
0385d5fff8 hurd: Export _hurd_libc_proc_init
hurd's libdiskfs needs to be able to call _hurd_init + _hurd_libc_proc_init
for bootstrap initialization.
2021-04-12 00:23:36 +02:00
Samuel Thibault
c3b287be74 hurd: handle EINTR during critical sections
During critical sections, signal handling is deferred and thus RPCs return
EINTR, even if SA_RESTART is set. We thus have to restart the whole critical
section in that case.

This also adds HURD_CRITICAL_UNLOCK in the cases where one wants to
break the section in the middle.
2021-03-23 22:40:10 +00:00
Paul Eggert
2b778ceb40 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
2021-01-02 12:17:34 -08:00
Samuel Thibault
e42efa01c9 hurd: set sigaction for signal preemptors in arch-independent file
Instead of having the arch-specific trampoline setup code detect whether
preemption happened or not, we'd rather pass it the sigaction. In the
future, this may also allow to change sa_flags from post_signal().
2020-12-26 18:03:31 +01:00
Richard Braun
5c06743c8a Hurd: make sigstates hold a reference on thread ports
This change is required in order to correctly release per-thread
resources. Directly reusing the threading library reference isn't
possible since the sigstate is also used early in the main thread,
before threading is initialized.

* hurd/hurd/signal.h (_hurd_self_sigstate): Drop thread reference after
calling _hurd_thread_sigstate.
(_hurd_critical_section_lock): Likewise.
* hurd/hurdsig.c (_hurd_thread_sigstate): Add a reference on the thread.
(_hurd_sigstate_delete): Drop thread reference.
2020-12-21 02:10:16 +01:00
Jeremie Koenig
d865ff74ba hurd: implement SA_SIGINFO signal handlers.
SA_SIGINFO is actually just another way of expressing what we were
already passing over with struct sigcontext. This just introduces the
SIGINFO interface and fixes the posix values when that interface is
requested by the application.
2020-12-21 01:44:20 +01:00
Samuel Thibault
b74233d009 hurd: Also turn KERN_INVALID_ADDRESS to EINVAL
When e.g. mmap is passed an invalid address we would return
KERN_INVALID_ADDRESS, while POSIX applications would expect EINVAL.
2020-12-19 18:57:47 +01:00
Samuel Thibault
f26f0d766b hurd: Add __libc_open and __libc_close
Needed by libpthread for sem_open and sem_close
2020-12-16 01:58:33 +01:00
Samuel Thibault
59bb023c83 hurd: Add __lll_abstimed_wait_intr
For semaphores, we need an interruptible version of low-level locks.
2020-12-16 01:58:33 +01:00
Samuel Thibault
bec412424e hurd: make lll_* take a variable instead of a ptr
To be coherent with other ports, let's make lll_* take a variable, and
rename those that keep taking a ptr into __lll_*.
2020-12-16 01:58:33 +01:00
Samuel Thibault
18c2ab9a09 hurd: Rename LLL_INITIALIZER to LLL_LOCK_INITIALIZER
To get coherent with other ports.
2020-12-16 01:58:33 +01:00
Samuel Thibault
f9ba73d056 htl: Add missing symbols
hurd/hurdsig.c needs to detect whether __pthread_detach and
__pthread_create are available, so they need to be exposed.
2020-12-03 10:48:27 +01:00
Samuel Thibault
76ea70c613 hurd report-wait: Fix stpcpy usage
We shall not overflow the size of the description parameter. This makes
describe_number and describe_port behave like strpcpy (except for not filling
all the end of buffer with zeroes) and _S_msg_report_wait use series of
stpncpy-like call. If we were to overflow, we can now detect it and
return ENOMEM.
2020-11-23 00:31:41 +00:00
Samuel Thibault
dba88fb3ed hurd S_msg_report_wait: Fix detecting fd ports
_hurd_init_dtable stays set to non-NULL, so we have to run through both
_hurd_init_dtable and _hurd_dtable.
2020-11-23 00:25:26 +00:00