Commit Graph

532 Commits

Author SHA1 Message Date
Paul Pluzhnikov
7f0d9e61f4 Fix all the remaining misspellings -- BZ 25337 2023-06-02 01:39:48 +00:00
Flavio Cruz
9cc27336c9 Fix build for hurd/thread-self.c for i386.
We need to include hurd.h for libc_hidden_proto (__hurd_thread_self),
introduced in b44c1e1252 ("hurd: Fix using interposable
hurd_thread_self")

This the error log:

In file included from <command-line>:
./../include/libc-symbols.h:472:33: error: '__EI___hurd_thread_self' aliased to undefined symbol '__GI___hurd_thread_self'
  472 |   extern thread __typeof (name) __EI_##name \
      |                                 ^~~~~
./../include/libc-symbols.h:468:3: note: in expansion of macro '__hidden_ver2'
  468 |   __hidden_ver2 (, local, internal, name)
      |   ^~~~~~~~~~~~~
./../include/libc-symbols.h:476:41: note: in expansion of macro '__hidden_ver1'
  476 | #  define hidden_def(name)              __hidden_ver1(__GI_##name, name, name);
      |                                         ^~~~~~~~~~~~~
./../include/libc-symbols.h:557:32: note: in expansion of macro 'hidden_def'
  557 | # define libc_hidden_def(name) hidden_def (name)
      |                                ^~~~~~~~~~
thread-self.c:27:1: note: in expansion of macro 'libc_hidden_def'
   27 | libc_hidden_def (__hurd_thread_self)
      | ^~~~~~~~~~~~~~~
Message-Id: <ZGr6wj2UOxg3F0qH@jupiter.tail36e24.ts.net>
2023-05-22 09:38:09 +02:00
Sergey Bugaev
9ec31e5727 hurd: Use __hurd_fail () instead of assigning errno
The __hurd_fail () inline function is the dedicated, idiomatic way of
reporting errors in the Hurd part of glibc. Not only is it more concise
than '{ errno = err; return -1; }', it is since commit
6639cc1002
"hurd: Mark error functions as __COLD" marked with the cold attribute,
telling the compiler that this codepath is unlikely to be executed.

In one case, use __hurd_dfail () over the plain __hurd_fail ().

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230520115531.3911877-1-bugaevc@gmail.com>
2023-05-20 18:14:01 +02:00
Sergey Bugaev
b44c1e1252 hurd: Fix using interposable hurd_thread_self
Create a private hidden __hurd_thread_self alias, and use that one.

Fixes 2f8ecb58a5
"hurd: Fix x86_64 _hurd_tls_fork" and
c7fcce38c8
"hurd: Make sure to not use tcb->self"

Reported-by: Joseph Myers <joseph@codesourcery.com>
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-05-19 20:45:51 +02:00
Sergey Bugaev
aa19c68d2b hurd: Use __mach_setup_thread_call ()
...instead of mach_setup_thread (), which is unsuitable for setting up
function calls.

Checked on x86_64-gnu: the signal thread no longer crashes upon trying
to process a message.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230517191436.73636-6-bugaevc@gmail.com>
2023-05-17 22:57:06 +02:00
Sergey Bugaev
be9c1b9cf4 hurd: Use MACHINE_THREAD_STATE_SETUP_CALL
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230517191436.73636-4-bugaevc@gmail.com>
2023-05-17 22:52:46 +02:00
Flavio Cruz
84b4a81aeb Update hurd/hurdselect.c to be more portable.
Summary of changes:
- Use BAD_TYPECHECK to perform type checking in a cleaner way.
  BAD_TYPECHECK is moved into sysdeps/mach/rpc.h to avoid duplication.
- Remove assertions for mach_msg_type_t since those won't work for
  x86_64.
- Update message structs to use mach_msg_type_t directly.
- Use designated initializers.
Message-Id: <ZFa+roan3ioo0ONM@jupiter.tail36e24.ts.net>
2023-05-06 23:10:55 +02:00
Flavio Cruz
4571fb8fe6 Update hurd/intr-msg.c to be more portable
Summary of the changes:
- Introduce BAD_TYPECHECK from MiG to make it simpler to do type
  checking.
- Replace int type with mach_msg_type_t. This assumes that
  mach_msg_type_t is always the same size as int which is not true for
  x86_64.
- Calculate the size and align using PTR_ALIGN_UP, which is a bit
  cleaner and similar to what we do elsewhere.
- Define mach_msg_type_t to check using designated initializers.
Message-Id: <ZFMvrIkvoCSxqB/C@jupiter.tail36e24.ts.net>
2023-05-05 02:24:38 +02:00
Sergey Bugaev
4e506f67cb hurd: Replace reply port with a dead name on failed interruption
If we're trying to interrupt an interruptible RPC, but the server fails
to respond to our __interrupt_operation () call, we instead destroy the
reply port we were expecting the reply to the RPC on.

Instead of deallocating the name completely, replace it with a dead
name, so the name won't get reused for some other right, and deallocate
it in _hurd_intr_rpc_mach_msg once we return from the signal handler.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230429201822.2605207-4-bugaevc@gmail.com>
2023-05-01 03:18:48 +02:00
Sergey Bugaev
6639cc1002 hurd: Mark error functions as __COLD
This should hopefully hint the compiler that they are unlikely
to be called.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230429131223.2507236-2-bugaevc@gmail.com>
2023-04-29 17:03:59 +02:00
Sergey Bugaev
f56ad6174c hurd: Fix FS_RETRY_MAGICAL "machtype" handling
We need to set file_name, not update retryname. This is what the other
branches do.

Before this change, any attempt to access such a file would segfault due
to file_name being unset:

$ settrans -ac /tmp/my-machtype /hurd/magic machtype
$ cat /tmp/my-machtype
Segmentation fault

Checked on i686-gnu.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230429131354.2507443-7-bugaevc@gmail.com>
2023-04-29 16:58:10 +02:00
Sergey Bugaev
89f1e04174 hurd: Respect existing FD_CLOEXEC in S_msg_set_fd
If the process has set the close-on-exec flag for the file descriptor,
it expects the file descriptor to get closed on exec, even if we replace
what the file descriptor refers to.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230429131354.2507443-6-bugaevc@gmail.com>
2023-04-29 16:57:04 +02:00
Sergey Bugaev
0e12519fe0 hurd: Don't leak the auth port in msg* RPCs
The leak can be easily reproduced (and observed) using the portinfo
tool:

$ portinfo -v $$ | grep task
    36: send task(1577)(self) (refs: 127)
$ portinfo -v $$ | grep task
    36: send task(1577)(self) (refs: 253)
$ portinfo -v $$ | grep task
    36: send task(1577)(self) (refs: 379)
$ portinfo -v $$ | grep task
    36: send task(1577)(self) (refs: 505)
$ portinfo -v $$ | grep task
    36: send task(1577)(self) (refs: 631)

Checked on i686-gnu.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230429131354.2507443-5-bugaevc@gmail.com>
2023-04-29 16:55:38 +02:00
Sergey Bugaev
a9fb57105e hurd: Mark various conditions as unlikely
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230429131354.2507443-3-bugaevc@gmail.com>
2023-04-29 16:52:45 +02:00
Sergey Bugaev
3fd996d32c hurd: Move libc_hidden_def's around
Each libc_hidden_def should be placed immediately next to its function,
not in some random unrelated place.

No functional change.

Fixes: 653d74f12a
"hurd: Global signal disposition"

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230429131354.2507443-2-bugaevc@gmail.com>
2023-04-29 16:52:05 +02:00
Sergey Bugaev
c287ecd991 hurd: Simplify _hurd_critical_section_lock a bit
This block of code was doing exactly what _hurd_self_sigstate does; so
just call that and let it do its job.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230429131354.2507443-1-bugaevc@gmail.com>
2023-04-29 16:50:14 +02:00
Sergey Bugaev
cb9cae962c hurd: Avoid leaking task & thread ports
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-04-18 01:20:46 +02:00
Sergey Bugaev
45000f1231 hurd: Simplify _S_catch_exception_raise
_hurd_thread_sigstate () already handles finding an existing sigstate
before allocating a new one, so just use that. Bonus: this will only
lock the _hurd_siglock once.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-04-18 01:20:46 +02:00
Sergey Bugaev
346b6eab3c hurd: Run init_pids () before init_dtable ()
Much as the comment says, things on _hurd_subinit assume that _hurd_pid
is already initialized by the time _hurd_subinit is run, so
_hurd_proc_subinit has to run before it. Specifically, init_dtable ()
calls _hurd_port2fd (), which uses _hurd_pid and _hurd_pgrp to set up
ctty handling. With _hurd_subinit running before _hurd_proc_subinit,
ctty setup was broken:

  13<--33(pid1255)->term_getctty () = 0    4<--39(pid1255)
task16(pid1255)->mach_port_deallocate (pn{ 10}) = 0
  13<--33(pid1255)->term_open_ctty (0 0) = 0x40000016 (Invalid argument)

Fix this by running the _hurd_proc_subinit hook in the correct place --
just after _hurd_portarray is set up (so the proc server port is
available in its usual place) and just before running _hurd_subinit.

Fixes 1ccbb9258e
("hurd: Notify the proc server later during initialization").

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-04-17 23:04:41 +02:00
Sergey Bugaev
e55a55acb1 hurd: Avoid extra ctty RPCs in init_dtable ()
It is common to have (some of) stdin, stdout and stderr point to the
very same port. We were making the ctty RPCs that _hurd_port2fd () does
for each one of them separately:

1. term_getctty ()
2. mach_port_deallocate ()
3. term_open_ctty ()

Instead, let's detect this case and duplicate the ctty port we already
have. This means we do 1 RPC instead of 3 (and create a single protid
on the server side) if the file is our ctty, and no RPCs instead of 1
if it's not. A clear win!

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-04-17 14:08:12 +02:00
Sergey Bugaev
ba00d787f3 hurd: Remove __hurd_local_reply_port
Now that the signal code no longer accesses it, the only real user of it
was mig-reply.c, so move the logic for managing the port there.

If we're in SHARED and outside of rtld, we know that __LIBC_NO_TLS ()
always evaluates to 0, and a TLS reply port will always be used, not
__hurd_reply_port0. Still, the compiler does not see that
__hurd_reply_port0 is never used due to its address being taken. To deal
with this, explicitly compile out __hurd_reply_port0 when we know we
won't use it.

Also, instead of accessing the port via THREAD_SELF->reply_port, this
uses THREAD_GETMEM and THREAD_SETMEM directly, avoiding possible
miscompilations.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
2023-04-14 10:31:22 +00:00
Sergey Bugaev
747812349d hurd: Improve reply port handling when exiting signal handlers
If we're doing signals, that means we've already got the signal thread
running, and that implies TLS having been set up. So we know that
__hurd_local_reply_port will resolve to THREAD_SELF->reply_port, and can
access that directly using the THREAD_GETMEM and THREAD_SETMEM macros.
This avoids potential miscompilations, and should also be a tiny bit
faster.

Also, use mach_port_mod_refs () and not mach_port_destroy () to destroy
the receive right. mach_port_destroy () should *never* be used on
mach_task_self (); this can easily lead to port use-after-free
vulnerabilities if the task has any other references to the same port.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-26-bugaevc@gmail.com>
2023-04-10 23:54:28 +02:00
Sergey Bugaev
645da826bb hurd: Do not declare local variables volatile
These are just regular local variables that are not accessed in any
funny ways, not even though a pointer. There's absolutely no reason to
declare them volatile. It only ends up hurting the quality of the
generated machine code.

If anything, it would make sense to decalre sigsp as *pointing* to
volatile memory (volatile void *sigsp), but evidently that's not needed
either.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230403115621.258636-2-bugaevc@gmail.com>
2023-04-10 20:42:28 +02:00
Sergey Bugaev
7b3d8558d9 hurd: Microoptimize _hurd_self_sigstate ()
When THREAD_GETMEM is defined with inline assembly, the compiler may not
optimize away the two reads of _hurd_sigstate. Help it out a little bit
by only reading it once. This also makes for a slightly cleaner code.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-32-bugaevc@gmail.com>
2023-04-03 01:25:57 +02:00
Sergey Bugaev
05024b52a4 hurd: Fix _hurd_setup_sighandler () signature
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-10-bugaevc@gmail.com>
2023-04-03 00:58:00 +02:00
Sergey Bugaev
543f0cfc9a hurd: Disable O_TRUNC and FS_RETRY_MAGICAL in rtld
hurd/lookup-retry.c is compiled into rtld, the dynamic linker/loader. To
avoid pulling in file_set_size, file_utimens, tty/ctty stuff, more
string/memory code (memmove, strncpy, strcpy), and more strtoul/itoa
code, compile out support for O_TRUNC and FS_RETRY_MAGICAL when building
hurd/lookup-retry.c for rtld. None of that functionality is useful to
rtld during startup anyway. Keep support for FS_RETRY_MAGICAL("/"),
since that does not pull in much, and is required for following absolute
symlinks.

The large number of extra code being pulled into rtld was noticed by
reviewing librtld.map & elf/librtld.os.map in the build tree.

It is worth noting that once libc.so is loaded, the real __open, __stat,
etc. replace the minimal versions used initially by rtld -- this is
especially important in the Hurd port, where the minimal rtld versions
do not use the dtable and just pass real Mach port names as fds. Thus,
once libc.so is loaded, rtld will gain access to the full
__hurd_file_name_lookup_retry () version, complete with FS_RETRY_MAGICAL
support, which is important in case the program decides to
dlopen ("/proc/self/fd/...") or some such.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-9-bugaevc@gmail.com>
2023-04-03 00:56:34 +02:00
Sergey Bugaev
6a73ea505b hurd: Fix file name in #error
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-8-bugaevc@gmail.com>
2023-04-03 00:55:12 +02:00
Sergey Bugaev
226f1f8a94 hurd: Swap around two function calls
...to keep `sigexc' port initialization in one place, and match what the
comments say.

No functional change.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-7-bugaevc@gmail.com>
2023-04-03 00:54:35 +02:00
Sergey Bugaev
71232da3b3 hurd: Remove __hurd_threadvar_stack_{offset,mask}
Noone is or should be using __hurd_threadvar_stack_{offset,mask}, we
have proper TLS now. These two remaining variables are never set to
anything other than zero, so any code that would try to use them as
described would just dereference a zero pointer and crash. So remove
them entirely.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230319151017.531737-6-bugaevc@gmail.com>
2023-04-03 00:53:25 +02:00
Sergey Bugaev
d8ee5d614b hurd: Make exception subcode a long
On EXC_BAD_ACCESS, exception subcode is used to pass the faulting memory
address, so it needs to be (at least) pointer-sized. Thus, make it into
a long. This matches the corresponding change in GNU Mach.
Message-Id: <20230319151017.531737-5-bugaevc@gmail.com>
2023-04-03 00:51:42 +02:00
Adhemerval Zanella Netto
743963cad7 Remove set-hooks.h from generic includes
The hooks mechanism uses symbol sets for running lists of functions,
which requires either extra linker directives to provide any hardening
(such as RELRO) or additional code (such as pointer obfuscation via
mangling with random value).

Currently only hurd uses set-hooks.h so we remove it from the generic
includes.  The generic implementation uses direct function calls which
provide hardening and good code generation, observability and debugging
without the need for extra linking options or special code handling.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2023-03-27 13:57:55 -03:00
Sergey Bugaev
0d41182e0e hurd: Fix some broken indentation
Also, fix a couple of typos. No functional change.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230301162355.426887-2-bugaevc@gmail.com>
2023-03-02 00:32:55 +01:00
Sergey Bugaev
60b21327b1 hurd: Remove the ecx kludge
"We don't need it any more"

The INTR_MSG_TRAP macro in intr-msg.h used to play little trick with
the stack pointer: it would temporarily save the "real" stack pointer
into ecx, while setting esp to point to just before the message buffer,
and then invoke the mach_msg trap. This way, INTR_MSG_TRAP reused the
on-stack arguments laid out for the containing call of
_hurd_intr_rpc_mach_msg (), passing them to the mach_msg trap directly.

This, however, required special support in hurdsig.c and trampoline.c,
since they now had to recognize when a thread is inside the piece of
code where esp doesn't point to the real tip of the stack, and handle
this situation specially.

Commit 1d20f33ff4 has removed the actual
temporary change of esp by actually re-pushing mach_msg arguments onto
the stack, and popping them back at end. It did not, however, deal with
the rest of "the ecx kludge" code in other files, resulting in potential
crashes if a signal arrives in the middle of pushing arguments onto the
stack.

Fix that by removing "the ecx kludge". Instead, when we want a thread
to skip the RPC, but cannot make just make it jump to after the trap
since it's not done adjusting the stack yet, set the SYSRETURN register
to MACH_SEND_INTERRUPTED (as we do anyway), and rely on the thread
itself for detecting this case and skipping the RPC.

This simplifies things somewhat and paves the way for a future x86_64
port of this code.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230301162355.426887-1-bugaevc@gmail.com>
2023-03-02 00:32:55 +01:00
Sergey Bugaev
32fff41bde hurd: Use proper integer types
Fix a few more cases of build errors caused by mismatched types. This is a
continuation of f4315054b4.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230218203717.373211-3-bugaevc@gmail.com>
2023-02-20 00:33:47 +01:00
Samuel Thibault
bf33bf5948 hurd: Fix unwinding over INTR_MSG_TRAP in shared too
This follows 63550530d9 ("hurd: Fix unwinding over INTR_MSG_TRAP"),
for the shared library case.
2023-02-14 19:32:15 +00:00
Sergey Bugaev
48941024ba hurd: Fix xattr error value
This does not seem like it is supposed to return negative error codes.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230212111044.610942-5-bugaevc@gmail.com>
2023-02-12 15:56:21 +01:00
Sergey Bugaev
62d6c33030 mach, hurd: Cast through uintptr_t
When casting between a pointer and an integer of a different size, GCC
emits a warning (which is escalated to a build failure by -Werror).
Indeed, if what you start with is a pointer, which you then cast to a
shorter integer and then back again, you're going to cut off some bits
of the pointer.

But if you start with an integer (such as mach_port_t), then cast it to
a longer pointer (void *), and then back to a shorter integer, you are
fine. To keep GCC happy, cast through an intermediary uintptr_t, which
is always the same size as a pointer.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230212111044.610942-4-bugaevc@gmail.com>
2023-02-12 15:55:04 +01:00
Sergey Bugaev
f4315054b4 hurd: Use mach_msg_type_number_t where appropriate
It has been decided that on x86_64, mach_msg_type_number_t stays 32-bit.
Therefore, it's not possible to use mach_msg_type_number_t
interchangeably with size_t, in particular this breaks when a pointer to
a variable is passed to a MIG routine.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230212111044.610942-3-bugaevc@gmail.com>
2023-02-12 15:52:07 +01:00
Samuel Thibault
63550530d9 hurd: Fix unwinding over INTR_MSG_TRAP
We used to use .cfi_adjust_cfa_offset around %esp manipulation
asm instructions to fix unwinding, but when building glibc with
-fno-omit-frame-pointer this is bogus since in that case %ebp is the CFA and
does not move.

Instead, let's force -fno-omit-frame-pointer when building intr-msg.c so
that %ebp can always be used and no .cfi_adjust_cfa_offset is needed.
2023-02-09 19:58:43 +01:00
Flavio Cruz
fa93858a88 Remove support setting custom demuxers during signal handling.
We seem to call only into the exception and message server routines.
Message-Id: <Y9dpRZs3QYk2oZm+@jupiter.tail36e24.ts.net>
2023-02-01 23:37:40 +01:00
Sergey Bugaev
65392c8478 hurd: Implement O_TMPFILE
This is a flag that causes open () to create a new, unnamed file in the
same filesystem as the given directory. The file descriptor can be
simply used in the creating process as a temporary file, or shared with
children processes via fork (), or sent over a Unix socket. The file can
be left anonymous, in which case it will be deleted from the backing
file system once all copies of the file descriptor are closed, or given
a permanent name with a linkat () call, such as the following:

int fd = open ("/tmp", O_TMPFILE | O_RDWR, 0700);
/* Do something with the file... */
linkat (fd, "", AT_FDCWD, "/tmp/filename", AT_EMPTY_PATH);

In between creating the file and linking it to the file system, it is
possible to set the file content, mode, ownership, author, and other
attributes, so that the file visibly appears in the file system (perhaps
replacing another file) atomically, with all of its attributes already
set up.

The Hurd support for O_TMPFILE directly exposes the dir_mkfile RPC to
user programs. Previously, dir_mkfile was used by glibc internally, in
particular for implementing tmpfile (), but not exposed to user programs
through a Unix-level API.

O_TMPFILE was initially introduced by Linux. This implementation is
intended to be compatible with the Linux implementation, except that the
O_EXCL flag is not given the special meaning when used together with
O_TMPFILE, unlike on Linux.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230130125216.6254-3-bugaevc@gmail.com>
2023-02-01 23:32:21 +01:00
Sergey Bugaev
d011ab5708 hurd: Consolidate file_name_lookup implementation
Instead of __file_name_lookup_at delegating to __file_name_lookup
in simple cases, make __file_name_lookup_at deal with both cases, and
have __file_name_lookup simply wrap __file_name_lookup_at.

This factorizes handling the empy name case.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230130125216.6254-2-bugaevc@gmail.com>
2023-02-01 20:05:20 +01:00
Joseph Myers
6d7e8eda9b Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
Samuel Thibault
f77bd0ee9a hurd hurdstartup: Initialize remaining fields of hurd_startup_data
In case we don't have a bootstrap port or __exec_startup_get_info
failed, we should avoid leaking uninitialized fields of data.
2023-01-02 11:36:11 +01:00
Samuel Thibault
6514b2d595 hurd _S_msg_add_auth: Initialize new arrays to 0
If make_list fails, they would be undefined, and freeup with free
uninitialized pointers.
2023-01-02 11:36:11 +01:00
Florian Weimer
58548b9d68 Use PTR_MANGLE and PTR_DEMANGLE unconditionally in C sources
In the future, this will result in a compilation failure if the
macros are unexpectedly undefined (due to header inclusion ordering
or header inclusion missing altogether).

Assembler sources are more difficult to convert.  In many cases,
they are hand-optimized for the mangling and no-mangling variants,
which is why they are not converted.

sysdeps/s390/s390-32/__longjmp.c and sysdeps/s390/s390-64/__longjmp.c
are special: These are C sources, but most of the implementation is
in assembler, so the PTR_DEMANGLE macro has to be undefined in some
cases, to match the assembler style.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-10-18 17:04:10 +02:00
Florian Weimer
88f4b6929c Introduce <pointer_guard.h>, extracted from <sysdep.h>
This allows us to define a generic no-op version of PTR_MANGLE and
PTR_DEMANGLE.  In the future, we can use PTR_MANGLE and PTR_DEMANGLE
unconditionally in C sources, avoiding an unintended loss of hardening
due to missing include files or unlucky header inclusion ordering.

In i386 and x86_64, we can avoid a <tls.h> dependency in the C
code by using the computed constant from <tcb-offsets.h>.  <sysdep.h>
no longer includes these definitions, so there is no cyclic dependency
anymore when computing the <tcb-offsets.h> constants.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-10-18 17:03:55 +02:00
Wilco Dijkstra
22f4ab2d20 Use atomic_exchange_release/acquire
Rename atomic_exchange_rel/acq to use atomic_exchange_release/acquire
since these map to the standard C11 atomic builtins.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2022-09-26 16:58:08 +01:00
Samuel Thibault
063f7462da hurd: Fix vm_size_t incoherencies
In gnumach, 3e1702a65fb3 ("add rpc_versions for vm types") changed the type
of vm_size_t, making it always a unsigned long. This made it incompatible on
x86 with size_t. Even if we may want to revert it to unsigned int, it's
better to fix the types of parameters according to the .defs files.
2022-08-29 01:42:47 +02:00
Noah Goldstein
535e935a28 Replace {u}int_fast{16|32} with {u}int32_t
On 32-bit machines this has no affect. On 64-bit machines
{u}int_fast{16|32} are set as {u}int64_t which is often not
ideal. Particularly x86_64 this change both saves code size and
may save instruction cost.

Full xcheck passes on x86_64.
2022-04-13 21:23:04 -05:00