| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
While GNU Mach on AArch64 still exports VM_MIN_ADDRESS / VM_MAX_ADDRESS
for compatibility, we should try to rely on it less when possible; in
the future we might be able to stop exporting them from Mach. The code
here really just wants to wire everything in its address space, and the
wire_segment_internal () routine already queries for actually present
memory regions dynamically.
Message-ID: <20240323115322.69075-5-bugaevc@gmail.com>
|
| | |
|
| |
|
|
| |
Message-Id: <20230508213136.608575-2-bugaevc@gmail.com>
|
| |
|
|
|
|
|
| |
There was an implicit dependency on -lmachuser. Adding a dependency to
generated stubs from hurd so that we can stop providing the stubs in
machuser from glibc.
Message-Id: <ZC+nsGvhsOwt6XyB@jupiter.tail36e24.ts.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
function declarations.
Most of the changes land in one of these buckets:
* Removed unused declarations.
* Used (void) to represent no parameters instead of () which means an
undeterminate number of parameters.
* Included missing header files whenever necessary (stdlib.h,
sys/mman.h, etc)
* Typedefed function pointers to be able to fully declare the parameter
types.
* Added declarations of library functions that are used elsewhere
(example is libps/ps.h).
* Made functions static whenever they are only used in that file.
* Forwarded declarations of some methods that were made static.
Message-Id: <ZDD1o7/tVYeZew+G@jupiter.tail36e24.ts.net>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Hurd code relies on gnumach default_pager.defs headers when making calls
using the default pager RPC. Those stubs were checked in back in the 90s
and are essentially unused because gnumach does not implement or use
that interface. Instead use the Hurd interface directly.
This is safe since the Hurd stubs are a super set of the gnumach stubs.
Later, we won't need to install the gnumach stubs anymore through glibc.
Message-Id: <ZC5WqPKfCCiE8D29@jupiter.tail36e24.ts.net>
|
| |
|
|
|
| |
Also add -Werror=old-style-definition to enforce new code.
Message-Id: <ZBZ+8xf7GHy2RT/h@jupiter.tail36e24.ts.net>
|
| | |
|
| | |
|
| |
|
|
|
| |
mach_port_t are mach_port_name_t and thus require %u instead of %lu.
Message-Id: <Y42RELMbulK4xaKM@reue>
|
| |
|
|
| |
For coherency with the existing RPCs
|
| |
|
|
| |
And add proc_complete_reauthentication ()
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
exec_reauth () is supposed to reauthenticate the given ports and file
descriptors with a new authentication. If the secure flag is set, this
reauthentication is happening for a future exec with the EXEC_SECURE
flag.
Now that the exec server uses proc_reauthenticate_reassign (), the process
reauthentication is done atomically with task reassignment by the exec
server. So stop doing it inside exec_reauth ().
This fixes a vulnerability where a process was able to use its
reauthenticated proc port before it got exec'ed over.
|
| |
|
|
|
| |
Otherwise it would successfully compare to any port that happens to be
MACH_PORT_DEAD, e.g. the bootstrap port.
|
| |
|
|
|
|
|
|
| |
Most servers have at least one RPC which is benign enough to be used to
identify whether a port supports the server and provides some useful
information to identify what the port is about. This adds support for
most of these, allowing to identify auth ports, file descriptors,
sockets, etc.
|
| |
|
|
|
|
|
|
|
|
|
| |
We need to be extremely careful with auth ports since leaking them into
subprocesses may expose a root-auth port to non-root processes.
Notably, get_nonsugid_ids was caching it, thus preventing glibc's exec
implementation from dropping it. Login is also reimplementing hurdexec
but without all the cloexec logic.
This commit fixes various auth leaks.
|
| |
|
|
|
|
|
|
| |
In the dynamic case, loaded() doesn't actually manage to get maps, and
in the static case the _start, _etext, __data_start, _edata symbols
are not actually precise, and miss some pages. So let's just call
wire_segment_internal on the whole addressing space, vm_region tells us
which parts are actually mapped to make it efficient enough.
|
| |
|
|
| |
as convenience for printing a backtrace without erroring out.
|
| | |
|
| |
|
|
|
| |
* libshouldbeinlibc/assert-backtrace.c (__assert_fail_base_backtrace):
If returned backtrace is smaller than skip we cannot print anything.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Newer gcc toolchains tend to enable as-needed by default, so runtime
detection of libcrypt will fail. We can just explicitly link against
libcrypt anyway.
* configure.ac: Check for `crypt()' in libcrypt.
* config.make.in: Substitute HAVE_LIBCRYPT.
* libshouldbeinlibc/idvec-verify.c: Include <crypt.h> only when libcrypt
is available. Replace weak reference with explicit call and fallback
macro.
* utils/x.c: Likewise.
* libshouldbeinlibc/Makefile (LDLIBS): Add -lcrypt when libcrypt is
available.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* libdiskfs/boot-start.c (diskfs_start_bootstrap): Fix printf format.
* libfshelp/delegate.c: Include <alloca.h> and <stdlib.h>.
* libfshelp/start-translator-long.c: Include <stdlib.h>.
* libshouldbeinlibc/ugids-verify-auth.c (server_verify_make_auth): Fix
prototypes for password_check_group and password_check_user.
* libstore/argp.c: Include <stdlib.h>.
* libstore/task.c: Include <stdlib.h>.
* exec/exec.c: Include <mach/vm_param.h>.
* libbpf/bpf_impl.c: Include <stdlib.h>.
* proc/info.c (S_proc_getloginpids): Remove local variables leader_task
and leader_sub.
* proc/main.c (main): Remove local variable original_argv.
* boot/boot.c (task_died, S_mach_notify_new_task): Fix printf format.
* exec/elfcore.c: Include <alloca.h> and <mach/vm_param.h>.
* trans/crash.c: Include <hurd/msg.h>.
* trans/random.c: Include <signal.h>.
* utils/login.c: Include <signal.h>.
* utils/id.c: Include <hurd/msg.h>.
* utils/devprobe.c: Include <stdlib.h>.
* utils/addauth.c: Include <hurd/msg.h>.
* utils/frobauth-mod.c: Include <hurd/msg.h>.
* utils/storeread.c: Include <stdlib.h>.
* utils/msgport.c: Include <hurd/msg.h>.
* sutils/clookup.c (file_name_lookup_carefully): Fix lookup function
prototype, make head and tail const.
* utils/rpcscan.c: Include <stdlib.h>.
* sutils/bless.c: Include <stdlib.h>.
* fstests/fstests.c: Include <stdlib.h>.
* startup/startup.c (argz_task_insert_right): Fix printf format.
* init/init.c: Include <stdlib.h>.
|
| |
|
|
| |
* libshouldbeinlibc/wire.c: Include <mach/vm_param.h>.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* libshouldbeinlibc/wire.c (statically_linked): New function.
(loaded): Remove check.
(wire_segment_internal): Fix error handling. Be smarter about the
wiring, inspired by the mach-defpager code.
(wire_segment): Fix error handling.
(wire_task_self): Fix error handling. Distinguish between static
binaries and dynamic binaries without DT_DEBUG or link map. When we
don't have a map, fall back to wiring the whole space. Wire future
allocations.
* libshouldbeinlibc/wire.h (wire_task_self): Return error_t.
(wire_segment): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
| |
* boot/boot.c: Replace bcopy with memcpy or memmove as appropriate.
* exec/hashexec.c: Likewise.
* libps/proclist.c: Likewise, but also fix the amount of data copied.
* libps/procstat.c: Likewise.
* libps/spec.c: Likewise.
* libshouldbeinlibc/cacheq.c: Likewise.
* libshouldbeinlibc/idvec.c: Likewise.
* libshouldbeinlibc/timefmt.c: Likewise.
|
| |
|
|
|
| |
Our variants print stack traces on failures. This will make locating
errors much easier.
|
| |
|
|
|
| |
* libshouldbeinlibc/assert-backtrace.h: Include 'sys/cdefs.h' for
'__STRING'.
|
| |
|
|
|
| |
* libshouldbeinlibc/assert-backtrace.h (assert_perror_backtrace): Fix
variant for NDEBUG.
|
| |
|
|
|
|
|
|
|
|
| |
g++ still doens't support non-trivial named initializers (sigh)
* libshouldbeinlibc/refcount.h (REFCOUNT_REFERENCES): New macro.
(refcounts_init, refcounts_unsafe_ref, refcounts_deref,
refcounts_promote, refcounts_demote, refcounts_unsafe_ref_weak,
refcounts_deref_weak): Use REFCOUNT_REFERENCES instead of explicit
initializer.
|
| |
|
|
| |
* libshouldbeinlibc/refcount.h: Use 'assert_backtrace'.
|
| |
|
|
|
| |
* libshouldbeinlibc/Makefile: Add new files
* libshouldbeinlibc/assert-backtrace.{c,h}: New files.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The getpwnam_r and similar functions only return non-zero on error, but not
finding the given name/UID/GID does not count as an error. When they return 0,
the value of the result (*result when looking at the arguments in the man pages)
still needs to be checked for null.
* libshouldbeinlibc/idvec-rep.c (lookup_uid): Check result for null.
(lookup_gid): Likewise.
* libshouldbeinlibc/idvec-verify.c (verify_passwd): Likewise.
(verify_id): Likewise.
|
| |
|
|
| |
* libshouldbeinlibc/maptime.h (maptime_read): Use memory fences.
|
| |
|
|
| |
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
| |
|
|
| |
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For reference, this patch was created using the following semantic
patch, and then manually applying the change in all functions
containing nested functions, as those are not supported by Coccinelle.
@@
expression A, B;
@@
- bzero (A, B)
+ memset (A, 0, B)
* auth/auth.c: Replace `bzero' with `memset'.
* boot/boot.c: Likewise.
* defpager/defpager.c: Likewise.
* exec/exec.c: Likewise. Also, drop `safe_bzero' and just use
`hurd_safe_memset' directly.
* ext2fs/ext2fs.c: Likewise.
* ext2fs/getblk.c: Likewise.
* ext2fs/pager.c: Likewise.
* fatfs/pager.c: Likewise.
* ftpfs/dir.c: Likewise.
* ftpfs/netfs.c: Likewise.
* isofs/inode.c: Likewise.
* isofs/pager.c: Likewise.
* libdiskfs/file-getfh.c: Likewise.
* libdiskfs/file-statfs.c: Likewise.
* libfshelp/fetch-root.c: Likewise.
* libfshelp/start-translator.c: Likewise.
* libftpconn/create.c: Likewise.
* libftpconn/open.c: Likewise.
* libftpconn/unix.c: Likewise.
* libpipe/pipe.c: Likewise.
* libps/procstat.c: Likewise.
* libps/spec.c: Likewise.
* libshouldbeinlibc/cacheq.c: Likewise.
* libshouldbeinlibc/idvec.c: Likewise.
* libshouldbeinlibc/ugids.c: Likewise.
* libstore/argp.c: Likewise.
* libstore/enc.c: Likewise.
* libstore/kids.c: Likewise.
* libthreads/alpha/thread.c: Likewise.
* libtreefs/fsys.c: Likewise.
* libtrivfs/file-statfs.c: Likewise.
* mach-defpager/default_pager.c: Likewise.
* pfinet/glue-include/asm/uaccess.h: Likewise.
* pfinet/io-ops.c: Likewise.
* pfinet/options.c: Likewise.
* pfinet/socket.c: Likewise.
* pfinet/timer-emul.c: Likewise.
* pflocal/io.c: Likewise.
* startup/startup.c: Likewise.
* storeio/storeio.c: Likewise.
* sutils/fstab.c: Likewise.
* usermux/usermux.c: Likewise.
* utils/fakeauth.c: Likewise.
* utils/frobauth.c: Likewise.
* utils/login.c: Likewise.
* utils/x.c: Likewise.
|
| |
|
|
|
|
|
|
|
|
| |
Declare all functions `extern inline' instead of `static inline'.
This allows us to use them in functions declared as `extern inline'.
* libshouldbeinlibc/refcount.h: Move here, and declare all functions
`extern inline'.
* libshouldbeinlibc/refcount.c: And define the functions here.
* libshouldbeinlibc/Makefile: Add `refcount.{c,h}'.
|
| |
|
|
|
|
|
| |
Found using the Clang Static Analyzer.
* libshouldbeinlibc/timefmt.c (fmt_named_interval): Fix dead
initialization.
|
| |
|
|
|
|
|
|
|
|
| |
GNU libc has had them for a long time.
* configure.ac: Remove checks for 'getgrouplist' and 'uselocale'.
* libshouldbeinlibc/idvec-impgids.c (_merge_implied_gids): Remove #ifdef
HAVE_GETGROUPLIST and remove #else arm.
* libthreads/cthreads.c: Remove #ifdef HAVE_USELOCALE, keeping its
bodies.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The canonical name for variables of the type error_t is err. There
are, however, places where the variable is called error instead. This
is unfortunate, as this shadows the error function. Rename such
variables to err.
For reference, this is accomplished using the following semantic
patch:
@@
expression E;
@@
-error_t error = E;
+error_t err = E;
<...
-error
+err
...>
@@
@@
-error_t error;
+error_t err;
<...
-error
+err
...>
* libdiskfs/dir-link.c: Rename error to err.
* libdiskfs/dir-unlink.c: Likewise.
* libdiskfs/file-get-trans.c: Likewise.
* libdiskfs/file-get-transcntl.c: Likewise.
* libdiskfs/file-set-trans.c: Likewise.
* libdiskfs/fsys-getroot.c: Likewise.
* libshouldbeinlibc/wire.c: Likewise.
|
| |
|
|
|
|
|
| |
Deallocate the device port after creating the mapping. The mapping is
independent of the device port.
* libshouldbeinlibc/maptime.c (maptime_map): Deallocate device port.
|
| |
|
|
|
|
| |
Found using the Clang Static Analyzer.
* libshouldbeinlibc/maptime.c (maptime_map): Fix error handling.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* libihash/ihash.c: Clean up the included header files.
* libshouldbeinlibc/cacheq.c: Likewise.
* libshouldbeinlibc/canon-host.c: Likewise.
* libshouldbeinlibc/fsysops.c: Likewise.
* libshouldbeinlibc/idvec-auth.c: Likewise.
* libshouldbeinlibc/idvec.c: Likewise.
* libshouldbeinlibc/idvec.h: Likewise.
* libshouldbeinlibc/localhost.c: Likewise.
* libshouldbeinlibc/maptime.c: Likewise.
* libshouldbeinlibc/nullauth.c: Likewise.
* libshouldbeinlibc/portxlate.c: Likewise.
* libshouldbeinlibc/shared-dom.c: Likewise.
* libshouldbeinlibc/ugids-argp.c: Likewise.
* libshouldbeinlibc/ugids-auth.c: Likewise.
* libshouldbeinlibc/ugids-imply.c: Likewise.
* libshouldbeinlibc/ugids-merge.c: Likewise.
* libshouldbeinlibc/ugids-subtract.c: Likewise.
* libshouldbeinlibc/ugids-verify-auth.c: Likewise.
* libshouldbeinlibc/ugids-verify.c: Likewise.
* libshouldbeinlibc/ugids.c: Likewise.
* libshouldbeinlibc/ugids.h: Likewise.
* libshouldbeinlibc/wire.c: Likewise.
|
| |
|
|
|
|
|
| |
Found using the Clang Static Analyzer.
* libshouldbeinlibc/timefmt.c (fmt_past_time): Fix dead assignment,
normalize adjacent white space.
|
| |
|
|
|
|
|
|
| |
Both task ports are deallocated in the destructor, so they must be
referenced in the constructor.
* libshouldbeinlibc/portxlate.c (port_name_xlator_create): Fix
reference counting.
|
| |
|
|
|
| |
Some files were not normalized. In console/motd.UTF8 the additional
newline is intentional. Empty files were excluded as well.
|
| |
|
|
|
|
| |
Found using the Clang Static Analyzer.
* libshouldbeinlibc/maptime.c (maptime_map): Fix error handling.
|
| |
|
|
|
|
|
|
|
|
| |
setnullauth () obtains an empty authentication handle and uses it for
further authentication purposes. This effectively drops all Unix
privileges.
* libshouldbeinlibc/nullauth.c: New file.
* libshouldbeinlibc/nullauth.h: Likewise.
* libshouldbeinlibc/Makefile: Add nullauth.{c,h}.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In that case we have two receive right references, which we should consume
one per one, instead of destroying them all at once (and thus fail on second
destroy)
http://lists.gnu.org/archive/html/bug-hurd/2011-03/msg00045.html
* libfshelp/fetch-root.c (fshelp_fetch_root): Unreference rendez-vous port
receive right instead of destroying the port.
* libshouldbeinlibc/exec-reauth.c (exec_reauth): Likewise.
|
