aboutsummaryrefslogtreecommitdiff
path: root/hurd
AgeCommit message (Collapse)AuthorFilesLines
2023-03-27Remove set-hooks.h from generic includesAdhemerval Zanella Netto1-0/+96
The hooks mechanism uses symbol sets for running lists of functions, which requires either extra linker directives to provide any hardening (such as RELRO) or additional code (such as pointer obfuscation via mangling with random value). Currently only hurd uses set-hooks.h so we remove it from the generic includes. The generic implementation uses direct function calls which provide hardening and good code generation, observability and debugging without the need for extra linking options or special code handling. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-03-02hurd: Fix some broken indentationSergey Bugaev1-50/+51
Also, fix a couple of typos. No functional change. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230301162355.426887-2-bugaevc@gmail.com>
2023-03-02hurd: Remove the ecx kludgeSergey Bugaev1-5/+13
"We don't need it any more" The INTR_MSG_TRAP macro in intr-msg.h used to play little trick with the stack pointer: it would temporarily save the "real" stack pointer into ecx, while setting esp to point to just before the message buffer, and then invoke the mach_msg trap. This way, INTR_MSG_TRAP reused the on-stack arguments laid out for the containing call of _hurd_intr_rpc_mach_msg (), passing them to the mach_msg trap directly. This, however, required special support in hurdsig.c and trampoline.c, since they now had to recognize when a thread is inside the piece of code where esp doesn't point to the real tip of the stack, and handle this situation specially. Commit 1d20f33ff4fb634310f27493b7b87d0b20f4a0b0 has removed the actual temporary change of esp by actually re-pushing mach_msg arguments onto the stack, and popping them back at end. It did not, however, deal with the rest of "the ecx kludge" code in other files, resulting in potential crashes if a signal arrives in the middle of pushing arguments onto the stack. Fix that by removing "the ecx kludge". Instead, when we want a thread to skip the RPC, but cannot make just make it jump to after the trap since it's not done adjusting the stack yet, set the SYSRETURN register to MACH_SEND_INTERRUPTED (as we do anyway), and rely on the thread itself for detecting this case and skipping the RPC. This simplifies things somewhat and paves the way for a future x86_64 port of this code. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230301162355.426887-1-bugaevc@gmail.com>
2023-02-20hurd: Use proper integer typesSergey Bugaev1-3/+3
Fix a few more cases of build errors caused by mismatched types. This is a continuation of f4315054b46d5e58b44a709a51943fb73f846afb. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230218203717.373211-3-bugaevc@gmail.com>
2023-02-14hurd: Fix unwinding over INTR_MSG_TRAP in shared tooSamuel Thibault1-0/+1
This follows 63550530d98d ("hurd: Fix unwinding over INTR_MSG_TRAP"), for the shared library case.
2023-02-12hurd: Fix xattr error valueSergey Bugaev1-1/+1
This does not seem like it is supposed to return negative error codes. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230212111044.610942-5-bugaevc@gmail.com>
2023-02-12mach, hurd: Cast through uintptr_tSergey Bugaev4-9/+17
When casting between a pointer and an integer of a different size, GCC emits a warning (which is escalated to a build failure by -Werror). Indeed, if what you start with is a pointer, which you then cast to a shorter integer and then back again, you're going to cut off some bits of the pointer. But if you start with an integer (such as mach_port_t), then cast it to a longer pointer (void *), and then back to a shorter integer, you are fine. To keep GCC happy, cast through an intermediary uintptr_t, which is always the same size as a pointer. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230212111044.610942-4-bugaevc@gmail.com>
2023-02-12hurd: Use mach_msg_type_number_t where appropriateSergey Bugaev4-5/+5
It has been decided that on x86_64, mach_msg_type_number_t stays 32-bit. Therefore, it's not possible to use mach_msg_type_number_t interchangeably with size_t, in particular this breaks when a pointer to a variable is passed to a MIG routine. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230212111044.610942-3-bugaevc@gmail.com>
2023-02-09hurd: Fix unwinding over INTR_MSG_TRAPSamuel Thibault1-0/+3
We used to use .cfi_adjust_cfa_offset around %esp manipulation asm instructions to fix unwinding, but when building glibc with -fno-omit-frame-pointer this is bogus since in that case %ebp is the CFA and does not move. Instead, let's force -fno-omit-frame-pointer when building intr-msg.c so that %ebp can always be used and no .cfi_adjust_cfa_offset is needed.
2023-02-01Remove support setting custom demuxers during signal handling.Flavio Cruz1-17/+0
We seem to call only into the exception and message server routines. Message-Id: <Y9dpRZs3QYk2oZm+@jupiter.tail36e24.ts.net>
2023-02-01hurd: Implement O_TMPFILESergey Bugaev1-0/+21
This is a flag that causes open () to create a new, unnamed file in the same filesystem as the given directory. The file descriptor can be simply used in the creating process as a temporary file, or shared with children processes via fork (), or sent over a Unix socket. The file can be left anonymous, in which case it will be deleted from the backing file system once all copies of the file descriptor are closed, or given a permanent name with a linkat () call, such as the following: int fd = open ("/tmp", O_TMPFILE | O_RDWR, 0700); /* Do something with the file... */ linkat (fd, "", AT_FDCWD, "/tmp/filename", AT_EMPTY_PATH); In between creating the file and linking it to the file system, it is possible to set the file content, mode, ownership, author, and other attributes, so that the file visibly appears in the file system (perhaps replacing another file) atomically, with all of its attributes already set up. The Hurd support for O_TMPFILE directly exposes the dir_mkfile RPC to user programs. Previously, dir_mkfile was used by glibc internally, in particular for implementing tmpfile (), but not exposed to user programs through a Unix-level API. O_TMPFILE was initially introduced by Linux. This implementation is intended to be compatible with the Linux implementation, except that the O_EXCL flag is not given the special meaning when used together with O_TMPFILE, unlike on Linux. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230130125216.6254-3-bugaevc@gmail.com>
2023-02-01hurd: Consolidate file_name_lookup implementationSergey Bugaev2-24/+37
Instead of __file_name_lookup_at delegating to __file_name_lookup in simple cases, make __file_name_lookup_at deal with both cases, and have __file_name_lookup simply wrap __file_name_lookup_at. This factorizes handling the empy name case. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230130125216.6254-2-bugaevc@gmail.com>
2023-01-06Update copyright dates with scripts/update-copyrightsJoseph Myers88-88/+88
2023-01-02hurd hurdstartup: Initialize remaining fields of hurd_startup_dataSamuel Thibault1-0/+5
In case we don't have a bootstrap port or __exec_startup_get_info failed, we should avoid leaking uninitialized fields of data.
2023-01-02hurd _S_msg_add_auth: Initialize new arrays to 0Samuel Thibault1-6/+9
If make_list fails, they would be undefined, and freeup with free uninitialized pointers.
2022-10-18Use PTR_MANGLE and PTR_DEMANGLE unconditionally in C sourcesFlorian Weimer1-2/+0
In the future, this will result in a compilation failure if the macros are unexpectedly undefined (due to header inclusion ordering or header inclusion missing altogether). Assembler sources are more difficult to convert. In many cases, they are hand-optimized for the mangling and no-mangling variants, which is why they are not converted. sysdeps/s390/s390-32/__longjmp.c and sysdeps/s390/s390-64/__longjmp.c are special: These are C sources, but most of the implementation is in assembler, so the PTR_DEMANGLE macro has to be undefined in some cases, to match the assembler style. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2022-10-18Introduce <pointer_guard.h>, extracted from <sysdep.h>Florian Weimer1-1/+1
This allows us to define a generic no-op version of PTR_MANGLE and PTR_DEMANGLE. In the future, we can use PTR_MANGLE and PTR_DEMANGLE unconditionally in C sources, avoiding an unintended loss of hardening due to missing include files or unlucky header inclusion ordering. In i386 and x86_64, we can avoid a <tls.h> dependency in the C code by using the computed constant from <tcb-offsets.h>. <sysdep.h> no longer includes these definitions, so there is no cyclic dependency anymore when computing the <tcb-offsets.h> constants. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2022-09-26Use atomic_exchange_release/acquireWilco Dijkstra1-1/+1
Rename atomic_exchange_rel/acq to use atomic_exchange_release/acquire since these map to the standard C11 atomic builtins. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2022-08-29hurd: Fix vm_size_t incoherenciesSamuel Thibault6-7/+8
In gnumach, 3e1702a65fb3 ("add rpc_versions for vm types") changed the type of vm_size_t, making it always a unsigned long. This made it incompatible on x86 with size_t. Even if we may want to revert it to unsigned int, it's better to fix the types of parameters according to the .defs files.
2022-04-13Replace {u}int_fast{16|32} with {u}int32_tNoah Goldstein1-1/+1
On 32-bit machines this has no affect. On 64-bit machines {u}int_fast{16|32} are set as {u}int64_t which is often not ideal. Particularly x86_64 this change both saves code size and may save instruction cost. Full xcheck passes on x86_64.
2022-01-16hurd: Make RPC input array parameters constSamuel Thibault3-10/+10
This follows mig's cf4bcc3f1435 ("Also add const qualifiers on server side")
2022-01-16hurd: optimize exec cleanupSamuel Thibault1-12/+14
When ports are nul we do not need to request their deallocation. It is also useless to look for them in portnames.
2022-01-15hurd: Fix exec() leak on proc_task2proc failureSamuel Thibault1-2/+2
env is allocated after args, so should be freed before it.
2022-01-04hurd: nuke all unknown ports on execSamuel Thibault1-7/+39
Ports which are not in the ports table or dtable will not make sense for the new program, so we can nuke them. Actually we shall, otherwise we would be leaking various ports, for instance the file_t of the executed program itself.
2022-01-04hurd: Fix auth port leakSamuel Thibault1-5/+8
If access() was used before exec, _hurd_id.rid_auth would cache an "effective" auth port. We do not want this to leak into the executed program.
2022-01-02hurd: Implement _S_msg_get_dtableSamuel Thibault1-4/+47
This will be needed for implementing lsof.
2022-01-01Update copyright dates with scripts/update-copyrightsPaul Eggert88-88/+88
I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 7061 files FOO. I then removed trailing white space from math/tgmath.h, support/tst-support-open-dev-null-range.c, and sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following obscure pre-commit check failure diagnostics from Savannah. I don't know why I run into these diagnostics whereas others evidently do not. remote: *** 912-#endif remote: *** 913: remote: *** 914- remote: *** error: lines with trailing whitespace found ... remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
2021-12-28hurd: Fix static-PIE startupSamuel Thibault7-31/+21
hurd initialization stages use RUN_HOOK to run various initialization functions. That is however using absolute addresses which need to be relocated, which is done later by csu. We can however easily make the linker compute relative addresses which thus don't need a relocation. The new SET_RELHOOK and RUN_RELHOOK macros implement this.
2021-12-28hurd: let csu initialize tlsSamuel Thibault1-15/+24
Since 9cec82de715b ("htl: Initialize later"), we let csu initialize pthreads. We can thus let it initialize tls later too, to better align with the generic order. Initialization however accesses ports which links/unlinks into the sigstate for unwinding. We can however easily skip that during initialization.
2021-11-28hurd: Let report-wait use a weak reference to _hurd_itimer_threadSamuel Thibault1-5/+0
libc.so.0.3 does not seem to need this defined any more.
2021-09-03Remove "Contributed by" linesSiddhesh Poyarekar1-1/+0
We stopped adding "Contributed by" or similar lines in sources in 2012 in favour of git logs and keeping the Contributors section of the glibc manual up to date. Removing these lines makes the license header a bit more consistent across files and also removes the possibility of error in attribution when license blocks or files are copied across since the contributed-by lines don't actually reflect reality in those cases. Move all "Contributed by" and similar lines (Written by, Test by, etc.) into a new file CONTRIBUTED-BY to retain record of these contributions. These contributors are also mentioned in manual/contrib.texi, so we just maintain this additional record as a courtesy to the earlier developers. The following scripts were used to filter a list of files to edit in place and to clean up the CONTRIBUTED-BY file respectively. These were not added to the glibc sources because they're not expected to be of any use in future given that this is a one time task: https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dc https://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02 Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-08-10hurd: Add support for AT_NO_AUTOMOUNTSamuel Thibault1-0/+6
2021-08-03hurd: Avoid spurious warningSamuel Thibault1-1/+1
Compilers missing some flow analysis may think ss may be used uninitialized.
2021-04-12hurd: Export _hurd_libc_proc_initSamuel Thibault2-0/+8
hurd's libdiskfs needs to be able to call _hurd_init + _hurd_libc_proc_init for bootstrap initialization.
2021-03-23hurd: handle EINTR during critical sectionsSamuel Thibault7-2/+37
During critical sections, signal handling is deferred and thus RPCs return EINTR, even if SA_RESTART is set. We thus have to restart the whole critical section in that case. This also adds HURD_CRITICAL_UNLOCK in the cases where one wants to break the section in the middle.
2021-01-02Update copyright dates with scripts/update-copyrightsPaul Eggert88-88/+88
I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 6694 files FOO. I then removed trailing white space from benchtests/bench-pthread-locks.c and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this diagnostic from Savannah: remote: *** pre-commit check failed ... remote: *** error: lines with trailing whitespace found remote: error: hook declined to update refs/heads/master
2020-12-26hurd: set sigaction for signal preemptors in arch-independent fileSamuel Thibault2-7/+18
Instead of having the arch-specific trampoline setup code detect whether preemption happened or not, we'd rather pass it the sigaction. In the future, this may also allow to change sa_flags from post_signal().
2020-12-21Hurd: make sigstates hold a reference on thread portsRichard Braun2-7/+29
This change is required in order to correctly release per-thread resources. Directly reusing the threading library reference isn't possible since the sigstate is also used early in the main thread, before threading is initialized. * hurd/hurd/signal.h (_hurd_self_sigstate): Drop thread reference after calling _hurd_thread_sigstate. (_hurd_critical_section_lock): Likewise. * hurd/hurdsig.c (_hurd_thread_sigstate): Add a reference on the thread. (_hurd_sigstate_delete): Drop thread reference.
2020-12-21hurd: implement SA_SIGINFO signal handlers.Jeremie Koenig4-5/+10
SA_SIGINFO is actually just another way of expressing what we were already passing over with struct sigcontext. This just introduces the SIGINFO interface and fixes the posix values when that interface is requested by the application.
2020-12-19hurd: Also turn KERN_INVALID_ADDRESS to EINVALSamuel Thibault1-0/+1
When e.g. mmap is passed an invalid address we would return KERN_INVALID_ADDRESS, while POSIX applications would expect EINVAL.
2020-12-16hurd: Add __libc_open and __libc_closeSamuel Thibault1-0/+1
Needed by libpthread for sem_open and sem_close
2020-12-16hurd: Add __lll_abstimed_wait_intrSamuel Thibault5-1/+33
For semaphores, we need an interruptible version of low-level locks.
2020-12-16hurd: make lll_* take a variable instead of a ptrSamuel Thibault3-24/+30
To be coherent with other ports, let's make lll_* take a variable, and rename those that keep taking a ptr into __lll_*.
2020-12-16hurd: Rename LLL_INITIALIZER to LLL_LOCK_INITIALIZERSamuel Thibault1-1/+1
To get coherent with other ports.
2020-12-03htl: Add missing symbolsSamuel Thibault1-1/+1
hurd/hurdsig.c needs to detect whether __pthread_detach and __pthread_create are available, so they need to be exposed.
2020-11-23hurd report-wait: Fix stpcpy usageSamuel Thibault1-29/+49
We shall not overflow the size of the description parameter. This makes describe_number and describe_port behave like strpcpy (except for not filling all the end of buffer with zeroes) and _S_msg_report_wait use series of stpncpy-like call. If we were to overflow, we can now detect it and return ENOMEM.
2020-11-23hurd S_msg_report_wait: Fix detecting fd portsSamuel Thibault1-1/+1
_hurd_init_dtable stays set to non-NULL, so we have to run through both _hurd_init_dtable and _hurd_dtable.
2020-11-23hurd S_msg_report_wait: Fix reporting portsSamuel Thibault1-1/+1
This fixes the parameter order of MSG_EXAMINE, thus fixing the detection of e.g. fd ports for nicer output in ps WAIT output.
2020-11-22hurd: Fix strcpy callsSamuel Thibault1-3/+4
strcpy cannot be used with overlapping buffer, we have to use memmove instead. strcpy also cannot be safely used when the destination buffer is smaller that the source, we need to use strncpy to truncate the source if needed.
2020-11-22hurd: Fix _S_msg_get/set_env_variable prototypeSamuel Thibault1-3/+3
_S_msg_get_env_variable and _S_msg_set_env_variable are taking string_t, not char *. Fixes a warning with gcc 11.