Now that the cygheap isn't part of the CYgwin DLL anymore, we have a
known memory location which is not known in maps output. Fix that by
checking for cygheap address (same in all processes) and add to output.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Prior to 591fec858d01 ("Cygwin: decouple cygheap from Cygwin DLL")
the .cygheap section was required to stay the last section in the
final binary. That required some juggling with objcopy to make
sure the .gnu_debuglink section is prior to the .cygheap section
in the final DLL.
This isn't required anymore, so just drop it.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Another reason ASLR may fail is the coupling of the standard shared
mem regions (global, userinfo, process info, shared console) to the
address of the Cygwin DLL. They are always placed in fixed addresses
preceeding the Cygwin DLL's address. With ASLR this is bound to fail.
Use a fixed, unused memory area to place the shared mem regions.
This also allows to simplify the shared memory creation. There's
no reason anymore to rebase the regions and rather than offsets,
just use the addresses directly.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
One reason that ASLR is tricky is the fact that the cygheap
is placed at the end of the DLL and especially that it's expected
to be growable. To support ASLR, this construct must go.
Define dedicated cygheap memory region and reserve entire region.
Commit 3 Megs, as was the default size of the cygheap before.
Fix linker script accordingly, drop a now useless version check
in get_cygwin_startup_info().
Collect all info about memory layout in one header file, so
the mem layout is documented in one logical place and not
in heap.cc arbitrarily.
Use info from this file throughout.
This is to prepare for ASLR support.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Exception handling was *still* printing addresses as 44 bit values,
but Windows supports a 48 bit virtual address space since Windows
8.1. Fix that.
Fixes: e1254add73 ("Cygwin: Allow accessing 48 bit address space in Windows 8.1 or later")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The first attempt to support the 64-bit mode had two bugs:
1. The saved general-purpose register 31 value was overwritten with the saved
link register value.
2. The link register was saved and restored using 32-bit instructions.
Use 64-bit store/load instructions to save/restore the link register. Make
sure that the general-purpose register 31 and the link register storage areas
do not overlap.
.com is a remnant from the past. There are only five executables
left:
chcp.com
format.com
mode.com
more.com
tree.com
Calling them on the command line already requires to use the
suffix anyway. So drop useless .com test from the execve test
for scripts (they are handled earlier in the same function
as executables) and do not handle them like .exe suffixes in
other functions.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This reverts commit 7589034cc3.
The previous commit 14816de9af69 ("Cygwin: spawn: drop special handling
for cmd.exe and command.com") make this patch unnecessary. The filename
argument (i. e., run_path in the caller) is now always non-NULL.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Apparently at one point handling cmd.exe and command.com special
made sense, but what that should be has never been documented.
There's also no clear reason why cmd.exe is different from any
other native executable. Additionaly, checking for command.com
is entirely useless on 64 bit Windows anyway.
Just drop this code.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
> ERROR: xref linking to Stubs has no generated link text.
> Error: no ID for constraint linkend: Stubs.
(Despite saying "ERROR", this is actually a warning, and manpages are
still generated)
Improve chapter-texi2docbook so it generates elements for texinfo
sections as well, so that a cross-reference to the "Stubs" section
contains a valid element ID.
- If the command executed is 'cmd.exe /c [...]', runpath in spawn.cc
will be NULL. In this case, is_console_app(runpath) check causes
access violation. This case also the command executed is obviously
console app., therefore, treat it as console app to fix this issue.
Addresses: https://github.com/msys2/msys2-runtime/issues/108
A recent change to the Makefile.in for riscv resulted in the
machine/syscall.h header not being installed. This updates the file
to install this file again.
Signed-off-by: Simon Cook <simon.cook@embecosm.com>
According to POSIX and the Linux man page, select(2) is supposed to
report read ready if a file is at EOF. In the case of a FIFO, this
means that the pipe is empty and there are no writers. But there
seems to be an undocumented exception, observed on Linux and other
platforms: If no writer has ever been opened, then select(2) does not
report read ready. This can happen if a reader is opened with
O_NONBLOCK before any writers have opened.
This commit makes Cygwin consistent with those other platforms by
introducing a special EOF test, fhandler_fifo::select_hit_eof, which
returns false if there's never been a writer opened.
To implement this we use a new variable '_writer_opened' in the FIFO's
shared memory, which is set to 1 the first time a writer opens. New
methods writer_opened() and set_writer_opened() are used to test and
set this variable.
Addresses: https://cygwin.com/pipermail/cygwin/2022-September/252223.html
newlib/libc/sys/arm/Makefile.inc was modified but automake was not rerun in
commit 5230eb7f8c
Implement sysconf for Arm
on arm-none-eabi target this caused
ld: B/arm-none-eabi/lib/libg.a(libc_a-mallocr.o): in function `malloc_extend_top':
S/newlib-cygwin/newlib/libc/stdlib/_mallocr.c:2161: undefined reference to `sysconf'
- add support for using sysconf to get page size in _mallocr.c via
HAVE_SYSCONF_PAGESIZE flag set in configure.host
- set flag in configure.host for arm and add a default sysconf implementation
in libc/sys/arm that returns the page size
- the default implementation can be overridden outside newlib to allow a
different page size to improve malloc on devices with a small footprint
without needing to rebuild newlib
- this patch is based on a contribution from Torbjorn Svensson and
Niklas Dahlquist (https://ecos.sourceware.org/ml/newlib/current/017616.html)
Previously, the chacha20 instance would be rekeyed every 1.6MB. This
makes it happen at a random point somewhere in the 1-2MB range.
Feedback deraadt@ visa@, ok tb@ visa@
newlib port: Make REKEY_BASE depend on SIZE_MAX
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
In the incredibly unbelievable circumstance where _rs_init() fails to
allocate pages, don't call abort() because of corefile data leakage
concerns, but simply _exit(). The reasoning is _rs_init() will only fail
if someone finds a way to apply specific pressure against this failure
point, for the purpose of leaking information into a core which they can
read. We don't need a corefile in this instance to debug that. So take
this "lever" away from whoever in the future wants to do that.
The patch fixing the alignment of _cygtls::context accidentally
pushed the desperate attempt to automate the alignment by using
another, non-working variation of attribute((aligned)). Drop it.
Fixes: dcab768cb9 ("Cygwin: cygtls: fix context alignment")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
In the nano version of malloc, when the last chunk is to be extended,
there is no need to acount for the header again as it's already taken
into account in the overall "alloc_size" at the beginning of the
function.
Contributed by STMicroelectronics
Signed-off-by: Torbjörn SVENSSON <torbjorn.svensson@foss.st.com>
When using nano malloc and the remaning heap space is not big enough to
fullfill the allocation, malloc will attempt to merge the last chunk in
the free list with a new allocation in order to create a bigger chunk.
This is successful, but the chunk still remains in the free_list, so
any later call to malloc can give out the same region without it first
being freed.
Possible sequence to verify:
void *p1 = malloc(3000);
void *p2 = malloc(4000);
void *p3 = malloc(5000);
void *p4 = malloc(6000);
void *p5 = malloc(7000);
free(p2);
free(p4);
void *p6 = malloc(35000);
free(p6);
void *p7 = malloc(42000);
void *p8 = malloc(32000);
Without the change, p7 and p8 points to the same address.
Requirement, after malloc(35000), there is less than 42000 bytes
available on the heap.
Contributed by STMicroelectronics
Signed-off-by: Torbjörn SVENSSON <torbjorn.svensson@foss.st.com>
When __SINGLE_THREAD__ is not defined, stdin, stdout and stderr needs
to have their _lock instance initialized. The __sfp() method is not
invoked for the 3 mentioned fds thus, the std() method needs to handle
the initialization of the lock.
This is more or less a revert of 382550072b
Contributed by STMicroelectronics
Signed-off-by: Torbjörn SVENSSON <torbjorn.svensson@foss.st.com>
A hang was encountered, apparently triggered by commit 63b503916d,
changing tls_pathbufs from malloc'ed to HeapAlloc'ed memory. After
lengthy debugging it transpired that adding the heap handle to the
tls_pathbuf struct added 8 bytes to the cygtls area, thus moving
the "context" member by 8 bytes, too, so it was suddently unaligned.
Fix this for now by changing the alignment.
Fix this once and for all, by adding code to the gentls_offsets script
to check if the alignment of the "context" member is 16 bytes. If not,
print a matching error message, remove the just generated file, and exit
with error.
FIXME: It would be really nice to find a way to auomate the correct
alignment of the "context" member, but I don't see any way to use
alignment attributes to get what we need here.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
while debugging a problem introduced in commit
63b503916d ("Cygwin: tls_pathbuf: Use Windows heap")
a hang in fork was encountered using the original implementation
of tls_pathbuf:
Using tmp_pathbuf inside the code block guarded by __malloc_trylock
may call malloc from tmp_pathbuf::w_get and thus trying to lock an
exclusive SRW lock recursively, which results in a deadlock.
Allocate a small SECURITY_ATTRIBUTES block on the stack rather than
allocating a 64K tmp_pathbuf. This avoids the potential malloc call.
Drop the __malloc_trylock call entirely. There must not be a malloc
call inside the frok::parent block guarded by __malloc_lock, and
just trying to lock is too dangerous inside fork while other threads
might actually chage the content of the heap. Additionally, add a
comment frowning on malloc usage inside tis code block.
Fixes: 44a79a6eca ("Cygwin: convert malloc lock to SRWLOCK")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
PR 29515 points out our documentation builds are broken, let's just move
over to the new non-recursive builds.
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Corinna Vinschen
Sebastian Huber
Jon Turney
Hamish McIntyre-Bhatty
Brian Inglis
Takashi Yano
Simon Cook
Ken Brown
Szabolcs Nagy
Markus B. Moessner
Jeff Johnston
tb
djm
dtucker
deraadt
bcook
Torbjörn SVENSSON
Palmer Dabbelt