Commit Graph

551 Commits

Author SHA1 Message Date
Sergey Bugaev
4648bfbbde hurd: Stop relying on VM_MAX_ADDRESS
We'd like to avoid committing to a specific size of virtual address
space (i.e. the value of VM_AARCH64_T0SZ) on AArch64.  While the current
version of GNU Mach still exports VM_MAX_ADDRESS for compatibility, we
should try to avoid relying on it when we can.  This piece of logic in
_hurdsig_getenv () doesn't actually care about the size of user-
accessible virtual address space, it just wants to preempt faults on any
addresses starting from the value of the P pointer and above.  So, use
(unsigned long int) -1 instead of VM_MAX_ADDRESS.

While at it, change the casts to (unsigned long int) and not just
(long int), since the type of struct hurd_signal_preemptor.{first,last}
is unsigned long int.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-ID: <20240323173301.151066-3-bugaevc@gmail.com>
2024-03-23 22:44:02 +01:00
Sergey Bugaev
7f02511e5b hurd: Move internal functions to internal header
Move _hurd_self_sigstate (), _hurd_critical_section_lock (), and
_hurd_critical_section_unlock () inline implementations (that were
already guarded by #if defined _LIBC) to the internal version of the
header.  While at it, add <tls.h> to the includes, and use
__LIBC_NO_TLS () unconditionally.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-ID: <20240323173301.151066-2-bugaevc@gmail.com>
2024-03-23 22:43:07 +01:00
Carlos O'Donell
f31d677fd6 hurd: Reformat Makefile.
Reflow and sort Makefile.

Code generation changes present due to link order changes.

No regressions on x86_64 and i686.

Tested with build-many-glibcs.py for x86_64-gnu.
2024-02-25 13:38:16 -05:00
Sergey Bugaev
b6931d6d14 hurd: Declare _hurd_intr_rpc_msg* with protected visibility
These symbols are internal and never exported; make sure the compiler
realizes that when compiling hurdsig.c and does not try to emit GOT
reads.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2024-01-03 21:59:54 +01:00
Sergey Bugaev
dac7c64065 hurd: Add some missing includes
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2024-01-03 21:59:54 +01:00
Paul Eggert
dff8da6b3e Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
Flavio Cruz
ad26c25137 Update code to handle the new ABI for sending inlined port rights.
For i686, this change is no op but for x86_64 it forces all inlined port
rights to be 8 bytes long.
2023-12-17 23:48:37 +01:00
Samuel Thibault
d776a59723 Revert "Update code to handle the new ABI for sending inlined port rights."
This reverts commit 7e23b3c2c0.
2023-12-03 02:06:29 +01:00
Samuel Thibault
3e85650423 Revert "hurd: Fix build"
This reverts commit 7096914dd8.
2023-12-03 02:06:19 +01:00
Samuel Thibault
7096914dd8 hurd: Fix build
7e23b3c2c0 ("Update code to handle the new ABI for sending inlined
port rights.") was missing a cast.

Fixes 7e23b3c2c0
2023-12-03 01:52:58 +01:00
Flavio Cruz
7e23b3c2c0 Update code to handle the new ABI for sending inlined port rights.
For i686, this change is no op but for x86_64 it forces all inlined port
rights to be 8 bytes long.
Message-ID: <20231124213041.952886-2-flaviocruz@gmail.com>
2023-12-03 01:03:41 +01:00
Samuel Thibault
dd858522bf hurd: fix restarting reauth_dtable on signal
While inside the critical section, RPCs would not be restarted, so we
have to handle EINTR errors.
2023-11-21 00:55:54 +01:00
Samuel Thibault
49b308a26e hurd: Prevent the final file_exec_paths call from signals
Otherwise if the exec server started thrashing the old task,
we won't be able to restart the exec.

This notably fixes building ghc.
2023-11-20 23:28:16 +01:00
Flavio Cruz
6ae7b5f43d Remove untyped mach RPC code.
Existing MiG does not support untyped messages and the Hurd will
continue to use typed messages for the foreseeable future.
Message-ID: <ZVmYX6j4pYNUfqn4@jupiter.tail36e24.ts.net>
2023-11-19 10:21:28 +01:00
Flavio Cruz
f11a92993c _hurd_intr_rpc_mach_msg: handle message iteration correctly.
The `ty` pointer is only set at the end of the loop so that
`msgtl_header.msgt_inline` and `msgtl_header.msgt_deallocate` remain
valid. Also, when deallocating memory, we use the length from the
message directly rather than hard coding mach_port_t since we want to
deallocate any kind of OOL data.
Message-ID: <ZVlGVD6eEN-dXsOr@jupiter.tail36e24.ts.net>
2023-11-19 00:37:20 +01:00
Samuel Thibault
8f22e36238 hurd: Make _hurd_intr_rpc_mach_msg avoid returning MACH_SEND_INTERRUPTED
When the given options do not include MACH_SEND_INTERRUPT,
_hurd_intr_rpc_mach_msg (aka mach_msg) is not supposed to return
MACH_SEND_INTERRUPTED.  In such a case we thus have to retry sending the
message.

This was observed to fix various occurrences of spurious
"(ipc/send) interrupted" errors when running haskell programs.
2023-11-14 02:05:52 +01:00
Samuel Thibault
4be913652c hurd: Avoid including thread_state.h in installed header
thread_state.h is not actually installed. It was only needed for
struct machine_thread_all_state, which we can just declare, actually.
2023-09-05 11:58:26 +02:00
Samuel Thibault
9736920963 hurd: Add prototype for and thus fix _hurdsig_abort_rpcs call
This was actually not a problem since NULL was getting passed.
2023-08-15 22:48:44 +02:00
Florian Weimer
d97a12704b hurd: Do not include full <stdarg.h> in <hurd.h>
This fixes a hurd/check-installed-headers-c failure with
-std=c89 #define _FORTIFY_SOURCE 1:

In file included from ../hurd/hurd.h:354,
                 from ../sysdeps/hurd/include/hurd.h:2,
                 from /tmp/cih_test_9IaUwa.c:10:
/home/bmg/install/compilers/i686-gnu/lib/gcc/i686-glibc-gnu/13.2.1/include/stdarg.h:54:34: error: "__STDC_VERSION__" is not defined, evaluates to 0 [-Werror=undef]
   54 | #if !defined(__STRICT_ANSI__) || __STDC_VERSION__ + 0 >= 199900L \
      |                                  ^~~~~~~~~~~~~~~~
/home/bmg/install/compilers/i686-gnu/lib/gcc/i686-glibc-gnu/13.2.1/include/stdarg.h:55:8: error: "__cplusplus" is not defined, evaluates to 0 [-Werror=undef]
   55 |     || __cplusplus + 0 >= 201103L
      |        ^~~~~~~~~~~
cc1: all warnings being treated as errors

Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2023-08-03 10:25:52 +02:00
Paul Pluzhnikov
7f0d9e61f4 Fix all the remaining misspellings -- BZ 25337 2023-06-02 01:39:48 +00:00
Flavio Cruz
9cc27336c9 Fix build for hurd/thread-self.c for i386.
We need to include hurd.h for libc_hidden_proto (__hurd_thread_self),
introduced in b44c1e1252 ("hurd: Fix using interposable
hurd_thread_self")

This the error log:

In file included from <command-line>:
./../include/libc-symbols.h:472:33: error: '__EI___hurd_thread_self' aliased to undefined symbol '__GI___hurd_thread_self'
  472 |   extern thread __typeof (name) __EI_##name \
      |                                 ^~~~~
./../include/libc-symbols.h:468:3: note: in expansion of macro '__hidden_ver2'
  468 |   __hidden_ver2 (, local, internal, name)
      |   ^~~~~~~~~~~~~
./../include/libc-symbols.h:476:41: note: in expansion of macro '__hidden_ver1'
  476 | #  define hidden_def(name)              __hidden_ver1(__GI_##name, name, name);
      |                                         ^~~~~~~~~~~~~
./../include/libc-symbols.h:557:32: note: in expansion of macro 'hidden_def'
  557 | # define libc_hidden_def(name) hidden_def (name)
      |                                ^~~~~~~~~~
thread-self.c:27:1: note: in expansion of macro 'libc_hidden_def'
   27 | libc_hidden_def (__hurd_thread_self)
      | ^~~~~~~~~~~~~~~
Message-Id: <ZGr6wj2UOxg3F0qH@jupiter.tail36e24.ts.net>
2023-05-22 09:38:09 +02:00
Sergey Bugaev
9ec31e5727 hurd: Use __hurd_fail () instead of assigning errno
The __hurd_fail () inline function is the dedicated, idiomatic way of
reporting errors in the Hurd part of glibc. Not only is it more concise
than '{ errno = err; return -1; }', it is since commit
6639cc1002
"hurd: Mark error functions as __COLD" marked with the cold attribute,
telling the compiler that this codepath is unlikely to be executed.

In one case, use __hurd_dfail () over the plain __hurd_fail ().

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230520115531.3911877-1-bugaevc@gmail.com>
2023-05-20 18:14:01 +02:00
Sergey Bugaev
b44c1e1252 hurd: Fix using interposable hurd_thread_self
Create a private hidden __hurd_thread_self alias, and use that one.

Fixes 2f8ecb58a5
"hurd: Fix x86_64 _hurd_tls_fork" and
c7fcce38c8
"hurd: Make sure to not use tcb->self"

Reported-by: Joseph Myers <joseph@codesourcery.com>
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-05-19 20:45:51 +02:00
Sergey Bugaev
aa19c68d2b hurd: Use __mach_setup_thread_call ()
...instead of mach_setup_thread (), which is unsuitable for setting up
function calls.

Checked on x86_64-gnu: the signal thread no longer crashes upon trying
to process a message.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230517191436.73636-6-bugaevc@gmail.com>
2023-05-17 22:57:06 +02:00
Sergey Bugaev
be9c1b9cf4 hurd: Use MACHINE_THREAD_STATE_SETUP_CALL
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230517191436.73636-4-bugaevc@gmail.com>
2023-05-17 22:52:46 +02:00
Flavio Cruz
84b4a81aeb Update hurd/hurdselect.c to be more portable.
Summary of changes:
- Use BAD_TYPECHECK to perform type checking in a cleaner way.
  BAD_TYPECHECK is moved into sysdeps/mach/rpc.h to avoid duplication.
- Remove assertions for mach_msg_type_t since those won't work for
  x86_64.
- Update message structs to use mach_msg_type_t directly.
- Use designated initializers.
Message-Id: <ZFa+roan3ioo0ONM@jupiter.tail36e24.ts.net>
2023-05-06 23:10:55 +02:00
Flavio Cruz
4571fb8fe6 Update hurd/intr-msg.c to be more portable
Summary of the changes:
- Introduce BAD_TYPECHECK from MiG to make it simpler to do type
  checking.
- Replace int type with mach_msg_type_t. This assumes that
  mach_msg_type_t is always the same size as int which is not true for
  x86_64.
- Calculate the size and align using PTR_ALIGN_UP, which is a bit
  cleaner and similar to what we do elsewhere.
- Define mach_msg_type_t to check using designated initializers.
Message-Id: <ZFMvrIkvoCSxqB/C@jupiter.tail36e24.ts.net>
2023-05-05 02:24:38 +02:00
Sergey Bugaev
4e506f67cb hurd: Replace reply port with a dead name on failed interruption
If we're trying to interrupt an interruptible RPC, but the server fails
to respond to our __interrupt_operation () call, we instead destroy the
reply port we were expecting the reply to the RPC on.

Instead of deallocating the name completely, replace it with a dead
name, so the name won't get reused for some other right, and deallocate
it in _hurd_intr_rpc_mach_msg once we return from the signal handler.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230429201822.2605207-4-bugaevc@gmail.com>
2023-05-01 03:18:48 +02:00
Sergey Bugaev
6639cc1002 hurd: Mark error functions as __COLD
This should hopefully hint the compiler that they are unlikely
to be called.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230429131223.2507236-2-bugaevc@gmail.com>
2023-04-29 17:03:59 +02:00
Sergey Bugaev
f56ad6174c hurd: Fix FS_RETRY_MAGICAL "machtype" handling
We need to set file_name, not update retryname. This is what the other
branches do.

Before this change, any attempt to access such a file would segfault due
to file_name being unset:

$ settrans -ac /tmp/my-machtype /hurd/magic machtype
$ cat /tmp/my-machtype
Segmentation fault

Checked on i686-gnu.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230429131354.2507443-7-bugaevc@gmail.com>
2023-04-29 16:58:10 +02:00
Sergey Bugaev
89f1e04174 hurd: Respect existing FD_CLOEXEC in S_msg_set_fd
If the process has set the close-on-exec flag for the file descriptor,
it expects the file descriptor to get closed on exec, even if we replace
what the file descriptor refers to.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230429131354.2507443-6-bugaevc@gmail.com>
2023-04-29 16:57:04 +02:00
Sergey Bugaev
0e12519fe0 hurd: Don't leak the auth port in msg* RPCs
The leak can be easily reproduced (and observed) using the portinfo
tool:

$ portinfo -v $$ | grep task
    36: send task(1577)(self) (refs: 127)
$ portinfo -v $$ | grep task
    36: send task(1577)(self) (refs: 253)
$ portinfo -v $$ | grep task
    36: send task(1577)(self) (refs: 379)
$ portinfo -v $$ | grep task
    36: send task(1577)(self) (refs: 505)
$ portinfo -v $$ | grep task
    36: send task(1577)(self) (refs: 631)

Checked on i686-gnu.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230429131354.2507443-5-bugaevc@gmail.com>
2023-04-29 16:55:38 +02:00
Sergey Bugaev
a9fb57105e hurd: Mark various conditions as unlikely
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230429131354.2507443-3-bugaevc@gmail.com>
2023-04-29 16:52:45 +02:00
Sergey Bugaev
3fd996d32c hurd: Move libc_hidden_def's around
Each libc_hidden_def should be placed immediately next to its function,
not in some random unrelated place.

No functional change.

Fixes: 653d74f12a
"hurd: Global signal disposition"

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230429131354.2507443-2-bugaevc@gmail.com>
2023-04-29 16:52:05 +02:00
Sergey Bugaev
c287ecd991 hurd: Simplify _hurd_critical_section_lock a bit
This block of code was doing exactly what _hurd_self_sigstate does; so
just call that and let it do its job.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230429131354.2507443-1-bugaevc@gmail.com>
2023-04-29 16:50:14 +02:00
Sergey Bugaev
cb9cae962c hurd: Avoid leaking task & thread ports
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-04-18 01:20:46 +02:00
Sergey Bugaev
45000f1231 hurd: Simplify _S_catch_exception_raise
_hurd_thread_sigstate () already handles finding an existing sigstate
before allocating a new one, so just use that. Bonus: this will only
lock the _hurd_siglock once.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-04-18 01:20:46 +02:00
Sergey Bugaev
346b6eab3c hurd: Run init_pids () before init_dtable ()
Much as the comment says, things on _hurd_subinit assume that _hurd_pid
is already initialized by the time _hurd_subinit is run, so
_hurd_proc_subinit has to run before it. Specifically, init_dtable ()
calls _hurd_port2fd (), which uses _hurd_pid and _hurd_pgrp to set up
ctty handling. With _hurd_subinit running before _hurd_proc_subinit,
ctty setup was broken:

  13<--33(pid1255)->term_getctty () = 0    4<--39(pid1255)
task16(pid1255)->mach_port_deallocate (pn{ 10}) = 0
  13<--33(pid1255)->term_open_ctty (0 0) = 0x40000016 (Invalid argument)

Fix this by running the _hurd_proc_subinit hook in the correct place --
just after _hurd_portarray is set up (so the proc server port is
available in its usual place) and just before running _hurd_subinit.

Fixes 1ccbb9258e
("hurd: Notify the proc server later during initialization").

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-04-17 23:04:41 +02:00
Sergey Bugaev
e55a55acb1 hurd: Avoid extra ctty RPCs in init_dtable ()
It is common to have (some of) stdin, stdout and stderr point to the
very same port. We were making the ctty RPCs that _hurd_port2fd () does
for each one of them separately:

1. term_getctty ()
2. mach_port_deallocate ()
3. term_open_ctty ()

Instead, let's detect this case and duplicate the ctty port we already
have. This means we do 1 RPC instead of 3 (and create a single protid
on the server side) if the file is our ctty, and no RPCs instead of 1
if it's not. A clear win!

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-04-17 14:08:12 +02:00
Sergey Bugaev
ba00d787f3 hurd: Remove __hurd_local_reply_port
Now that the signal code no longer accesses it, the only real user of it
was mig-reply.c, so move the logic for managing the port there.

If we're in SHARED and outside of rtld, we know that __LIBC_NO_TLS ()
always evaluates to 0, and a TLS reply port will always be used, not
__hurd_reply_port0. Still, the compiler does not see that
__hurd_reply_port0 is never used due to its address being taken. To deal
with this, explicitly compile out __hurd_reply_port0 when we know we
won't use it.

Also, instead of accessing the port via THREAD_SELF->reply_port, this
uses THREAD_GETMEM and THREAD_SETMEM directly, avoiding possible
miscompilations.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-04-14 10:31:22 +00:00
Sergey Bugaev
747812349d hurd: Improve reply port handling when exiting signal handlers
If we're doing signals, that means we've already got the signal thread
running, and that implies TLS having been set up. So we know that
__hurd_local_reply_port will resolve to THREAD_SELF->reply_port, and can
access that directly using the THREAD_GETMEM and THREAD_SETMEM macros.
This avoids potential miscompilations, and should also be a tiny bit
faster.

Also, use mach_port_mod_refs () and not mach_port_destroy () to destroy
the receive right. mach_port_destroy () should *never* be used on
mach_task_self (); this can easily lead to port use-after-free
vulnerabilities if the task has any other references to the same port.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-26-bugaevc@gmail.com>
2023-04-10 23:54:28 +02:00
Sergey Bugaev
645da826bb hurd: Do not declare local variables volatile
These are just regular local variables that are not accessed in any
funny ways, not even though a pointer. There's absolutely no reason to
declare them volatile. It only ends up hurting the quality of the
generated machine code.

If anything, it would make sense to decalre sigsp as *pointing* to
volatile memory (volatile void *sigsp), but evidently that's not needed
either.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230403115621.258636-2-bugaevc@gmail.com>
2023-04-10 20:42:28 +02:00
Sergey Bugaev
7b3d8558d9 hurd: Microoptimize _hurd_self_sigstate ()
When THREAD_GETMEM is defined with inline assembly, the compiler may not
optimize away the two reads of _hurd_sigstate. Help it out a little bit
by only reading it once. This also makes for a slightly cleaner code.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-32-bugaevc@gmail.com>
2023-04-03 01:25:57 +02:00
Sergey Bugaev
05024b52a4 hurd: Fix _hurd_setup_sighandler () signature
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-10-bugaevc@gmail.com>
2023-04-03 00:58:00 +02:00
Sergey Bugaev
543f0cfc9a hurd: Disable O_TRUNC and FS_RETRY_MAGICAL in rtld
hurd/lookup-retry.c is compiled into rtld, the dynamic linker/loader. To
avoid pulling in file_set_size, file_utimens, tty/ctty stuff, more
string/memory code (memmove, strncpy, strcpy), and more strtoul/itoa
code, compile out support for O_TRUNC and FS_RETRY_MAGICAL when building
hurd/lookup-retry.c for rtld. None of that functionality is useful to
rtld during startup anyway. Keep support for FS_RETRY_MAGICAL("/"),
since that does not pull in much, and is required for following absolute
symlinks.

The large number of extra code being pulled into rtld was noticed by
reviewing librtld.map & elf/librtld.os.map in the build tree.

It is worth noting that once libc.so is loaded, the real __open, __stat,
etc. replace the minimal versions used initially by rtld -- this is
especially important in the Hurd port, where the minimal rtld versions
do not use the dtable and just pass real Mach port names as fds. Thus,
once libc.so is loaded, rtld will gain access to the full
__hurd_file_name_lookup_retry () version, complete with FS_RETRY_MAGICAL
support, which is important in case the program decides to
dlopen ("/proc/self/fd/...") or some such.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-9-bugaevc@gmail.com>
2023-04-03 00:56:34 +02:00
Sergey Bugaev
6a73ea505b hurd: Fix file name in #error
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-8-bugaevc@gmail.com>
2023-04-03 00:55:12 +02:00
Sergey Bugaev
226f1f8a94 hurd: Swap around two function calls
...to keep `sigexc' port initialization in one place, and match what the
comments say.

No functional change.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-7-bugaevc@gmail.com>
2023-04-03 00:54:35 +02:00
Sergey Bugaev
71232da3b3 hurd: Remove __hurd_threadvar_stack_{offset,mask}
Noone is or should be using __hurd_threadvar_stack_{offset,mask}, we
have proper TLS now. These two remaining variables are never set to
anything other than zero, so any code that would try to use them as
described would just dereference a zero pointer and crash. So remove
them entirely.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-6-bugaevc@gmail.com>
2023-04-03 00:53:25 +02:00
Sergey Bugaev
d8ee5d614b hurd: Make exception subcode a long
On EXC_BAD_ACCESS, exception subcode is used to pass the faulting memory
address, so it needs to be (at least) pointer-sized. Thus, make it into
a long. This matches the corresponding change in GNU Mach.
Message-Id: <20230319151017.531737-5-bugaevc@gmail.com>
2023-04-03 00:51:42 +02:00
Adhemerval Zanella Netto
743963cad7 Remove set-hooks.h from generic includes
The hooks mechanism uses symbol sets for running lists of functions,
which requires either extra linker directives to provide any hardening
(such as RELRO) or additional code (such as pointer obfuscation via
mangling with random value).

Currently only hurd uses set-hooks.h so we remove it from the generic
includes.  The generic implementation uses direct function calls which
provide hardening and good code generation, observability and debugging
without the need for extra linking options or special code handling.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-03-27 13:57:55 -03:00