Before commit 44f73c5a62 ("Cygwin: Fix segfalt when too many command
line args are specified.") we had no actual argument size limit, except
for the fact that the child process created another copy of the argv
array on the stack, which could result in a stack overflow and a
subsequent SEGV. Commit 44f73c5a62 changed that by allocating the
additional argv array via malloc, and it introduced a new SC_ARG_MAX
limit along the lines of the typical Linux limit.
However, this new limit is artificial. Cygwin allocates all argument
and environment data on the cygheap. We only run out of ARG_MAX space
if we're out of memory resources.
Change argument size handling accordingly:
- Drop the args size check from child_info_spawn::worker.
- Return -1 from sysconf (SC_ARG_MAX), i. e., the argument size limit
is undefined.
- Change argv handling in class av, so that a failing cmalloc is not
fatal. This allows the parent process to return E2BIG if it's out
of cygheap resources.
- In the child, add a check around the new malloc call, so that it
doesn't result in a SEGV if the child process gets unexpectedly into
an ENOMEM situation at this point. In this (unlikely) case, proceed
with the original __argv array instead. Add comment to explain why.
Fixes: 44f73c5a62 ("Cygwin: Fix segfalt when too many command line args are specified.")
Tested-by: Takashi Yano <takashi.yano@nifty.ne.jp>
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Previously, the number of command line args was not checked for
cygwin process. Due to this, segmentation fault was caused if too
many command line args are specified.
https://cygwin.com/pipermail/cygwin/2023-August/254333.html
Since char *argv[argc + 1] is placed on the stack in dll_crt0_1(),
STATUS_STACK_OVERFLOW occurs if the stack does not have enough
space.
With this patch, char *argv[] is placed in heap instead of stack
and ARG_MAX is increased from 32000 to 2097152 which is default
value of Linux. The argument length is also compared with ARG_MAX
and spawnve() returns E2BIG if it is too long.
Reported-by: Ed Morton
Reviewed-by: Corinna Vinschen <corinna@vinschen.de>
Signed-off-by: Takashi Yano <takashi.yano@nifty.ne.jp>
After the commit 30add3e6b3, the problem:
https://cygwin.com/pipermail/cygwin/2022-December/252759.html
occurs rarely. It seems that myself_pinfo should be initialized
where the timing before child_copy() and after cygheap allocation.
This patch moves the initialization there.
Fixes: 30add3e6b3 ("Cygwin: exec: don't access cygheap before it's
initialized")
Reported-by: Brian Inglis <Brian.Inglis@Shaw.ca>
Reviewed-by: Corinna Vinschen <corinna@vinschen.de>
Signed-off-by: Takashi Yano <takashi.yano@nifty.ne.jp>
This is a long-standing thinko.
When you exec a process, dll_crt0_0 in the child process calls
child_info_spawn::handle_spawn(). handle_spawn() initialises the
cygheap.
Now consider calling strace. Strace is a non-Cygwin process dynamically
loading cygwin1.dll via LoadLibrary. This in turn initializes the DLL:
- dll_crt0_0 finds that the process it attaches to has been exec'd, so
child_info_spawn::handle_spawn() is called.
- If the DLL is being dynamically loaded, handle_spawn() calls
child_info_spawn::get_parent_handle(). This in turn tries to set
the moreinfo->myself_pinfo value inside the cygheap to NULL.
- However, at this time, the cygheap has not yet been initialized. This
only occurs in the cygheap_fixup_in_child() call after get_parent_handle()
returns.
--> SEGV
This thinko never had a negative side effect, because the cygheap was
pre-allocated at DLL load time until commit 2f9b8ff00c ("Cygwin:
decouple cygheap from Cygwin DLL"). With 2f9b8ff00c, the cygheap
actually doesn't exist until after the call to cygheap_fixup_in_child().
Fix this problem by moving the assignment after the call to
cygheap_fixup_in_child().
Fixes: 3de7be4c1d ("* DevNotes: Add entry cgf-000007. [...]")
Fixes: 2f9b8ff00c ("Cygwin: decouple cygheap from Cygwin DLL")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
After decoupling cygheap from the DLL loading address, the check
for a different _cygheap_start has gone. So the matching string
check in multiple_cygwin_problem is obsolete now.
Fixes: 2f9b8ff00c ("Cygwin: decouple cygheap from Cygwin DLL")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
One reason that ASLR is tricky is the fact that the cygheap
is placed at the end of the DLL and especially that it's expected
to be growable. To support ASLR, this construct must go.
Define dedicated cygheap memory region and reserve entire region.
Commit 3 Megs, as was the default size of the cygheap before.
Fix linker script accordingly, drop a now useless version check
in get_cygwin_startup_info().
Rename CygwinCreateThread to create_posix_thread and move
from miscfuncs.cc to create_posix_thread.cc, inbcluding all
related functions. Analogue for the prototypes.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Back in early Cygwin development a function based access to the
environment was exported, the internal environ in Cygwin was called
__cygwin_environ and cur_environ() was used to access the environment
indirectly . The history of that necessity is not documented,
but kept in i686 for backward compatibility.
The x86_64 port eventually used __cygwin_environ directly and exported
it as DATA under the usual name environ.
We don't need the i686 workaround anymore, so just rename
__cygwin_environ to environ, drop the cur_environ() macro and
simply export environ under its own name.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Only the assembler snippet is really x86_64-specific, so minimize the
conditional code block to this snippet.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Add a _REENT_CLEANUP() macro to encapsulate access to the
__cleanup member of struct reent. This will help to replace the
struct member with a thread-local storage object in a follow up
patch.
In the previous commit, __stdcall was removed from _dll_crt0 in
winsup.h and dcrt0.cc but not in lib/cygwin_crt0.c. For consistency,
restore the first two occurrences of __stdcall. We could instead
remove it from the declaration in lib/cygwin_crt0.c, but this might
appear to affect binary compatibility, even though it really doesn't.
These have no effect on x86_64. Retain a few occurrences of __cdecl
in files imported from other sources.
Also retain all occurrences of WINAPI, even though the latter is
simply a macro that expands to __stdcall. Most of these occurrences
are associated with Windows API functions, and removing them might
make the code confusing instead of simpler.
This was a hack to begin with. Clean this mess up:
- Move definition of CYGTLS_PADSIZE to cygwin/config.h and drop
local cygtls_padsize.h
- Rename CYGTLS_PADSIZE to __CYGTLS_PADSIZE__ to keep namespace
clean. Redefine as macro, rather than as const.
- Move struct _reent first in struct _cygtls to allow using
__CYGTLS_PADSIZE__ as offset in __getreent().
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Remove the pointer indirection through the read-only _global_impure_ptr and
directly use a externally visible _impure_data object of type struct _reent.
This enables the static initialization of global data structures in a follow up
patch. In addition, we get rid of a machine-specific file.
Even after fork, we might need the parent sigmask without having
access to the real _main_tls. There's a short time at process startup,
when _main_tls points to the system-allocated stack, but wait_sig is
already running. If we can't lock _main_tls, because find_tls can't
find it yet, we now access the parent's sigmask via child_info.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Originally the function was designed to be used in forked
processes as well, but it has never been used this way. Drop
the parameter only required for forkees.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Remove dependency on __sdidinit member of struct _reent to check
object initialization. Like __sdidinit, the __cleanup member of
struct _reent is initialized in the __sinit() function. Checking
initialization against __cleanup serves the same purpose and will
reduce overhead in the __sfp() function in a follow up patch.
Per https://cygwin.com/pipermail/cygwin-developers/2021-October/012429.html,
we may encounter a crash when starting multiple threads during process
startup (here: fhandler_fifo::fixup_after_{fork,exec}) which in turn
allocate memory via malloc.
The problem is concurrent usage of malloc before the malloc muto has
been initialized.
To fix this issue, convert the muto to a SRWLOCK and make sure it is
statically initalized. Thus, malloc can be called as early as necessary
and malloc_init is only required to check for user space provided malloc.
Note that this requires to implement a __malloc_trylock macro to be
called from fork.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Rather than fetching the system Windows directory at dll init time
only on 32 bit, fetch it on all platforms. Store as WCHAR and
UNICODE_STRING. Use where appropriate to simplify code.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Commit 456c3a4638 added a workaround when handling paths with native
symlinks as inner path components. This patch introduced a problem for
paths handled by the WOW64 File System Redirector (FSR).
Fix this problem by not performing the new code from commit 456c3a4638
for paths under the Windows directory. Only do this in WOW64.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Use the more official fesetenv(FE_DFL_ENV) from _dll_crt0, thus
allowing to drop the _feinitialise declaration from fenv.h.
Provide a no-op _feinitialise in Cygwin as exportable symbol for really
old applications when _feinitialise was called from mainCRTStartup in
crt0.o.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This patch has been inspired by the Linux kernel patch
294f69e662d1 compiler_attributes.h: Add 'fallthrough' pseudo keyword for switch/case use
written by Joe Perches <joe AT perches DOT com> based on an idea from
Dan Carpenter <dan DOT carpenter AT oracle DOT com>. The following text
is from the original log message:
Reserve the pseudo keyword 'fallthrough' for the ability to convert the
various case block /* fallthrough */ style comments to appear to be an
actual reserved word with the same gcc case block missing fallthrough
warning capability.
All switch/case blocks now should end in one of:
break;
fallthrough;
goto <label>;
return [expression];
continue;
In C mode, GCC supports the __fallthrough__ attribute since 7.1,
the same time the warning and the comment parsing were introduced.
Cygwin-only: add an explicit -Wimplicit-fallthrough=5 to the build
flags.
Introducing an independent Cygwin PID introduced a regression:
The expectation is that the myself pinfo pointer always points to a
specific address right in front of the loaded Cygwin DLL.
However, the independent Cygwin PID changes broke this. To create
myself at the right address requires to call init with h0 set to
INVALID_HANDLE_VALUE or an existing address:
void
pinfo::init (pid_t n, DWORD flag, HANDLE h0)
{
[...]
if (!h0 || myself.h)
[...]
else
{
shloc = SH_MYSELF;
if (h0 == INVALID_HANDLE_VALUE) <-- !!!
h0 = NULL;
}
The aforementioned commits changed that so h0 was always NULL, this way
creating myself at an arbitrary address.
This patch makes sure to set the handle to INVALID_HANDLE_VALUE again
when creating a new process, so init knows that myself has to be created
in the right spot. While at it, fix a potential uninitialized handle
value in child_info_spawn::handle_spawn.
Fixes: b5e1003722 ("Cygwin: processes: use dedicated Cygwin PID rather than Windows PID")
Fixes: 88605243a1 ("Cygwin: fix child getting another pid after spawnve")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
In dll_crt0_0, both threadinterface->Init and sigproc_init allocate
windows object handles using unpredictable memory regions, which may
collide with dynamically loaded dlls when they were relocated.
When calling spawnve, in contrast to execve, the parent has
to create the pid for the child. With the old technique
this was simply the Windows pid, but now we have to inform
the child about its new pid.
Add a cygpid member to class child_info_spawn. Set it in
child_info_spawn::worker, just prior to calling CreateProcess
rather than afterwards. Overwrite cygheap->pid in
child_info_spawn::handle_spawn before calling pinfo::thisproc.
Make sure pinfo::thisproc knows the pid is already set by
setting the handle argument to INVALID_HANDLE_VALUE.
Also set procinfo->dwProcessId to myself_initial.dwProcessId
instead of to myself_initial.pid for clarity.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
To support in-cygwin package managers, the fork() implementation must
not rely on .exe and .dll files to stay in their original location, as
the package manager's job is to replace these files. Instead, when the
first fork try fails, and we have NTFS, we use hardlinks to the original
binaries in /var/run/cygfork/ to create the child process during the
second fork try, along the main.exe.local file to enable the "DotLocal
Dll Redirection" feature for the dlls.
The (probably few) users that need an update-safe fork manually have to
create the /var/run/cygfork/ directory for now, using:
mkdir --mode=a=rwxt /var/run/cygfork
* child_info.h: Bump CURR_CHILD_INFO_MAGIC.
(enum child_status): Add _CI_SILENTFAIL flag.
(struct child_info): Add silentfail setter and getter.
* winsup.h (child_copy): Add bool silentfail parameter.
* cygheap.cc: Pass silentfail parameter to child_copy.
* dcrt0.cc: Ditto.
* dll_init.h (struct dll): Define public inline method forkedntname.
(struct dll_list): Declare private method find_by_forkedntname.
* dll_init.cc (struct dll_list): Implement find_by_forkedntname.
(dll_list::alloc): Use find_by_forkedntname when in load after fork.
(dll_list::load_after_fork_impl): Load dlls using dll::forkedntname.
* fork.cc (frok::parent): Set silentfail child info flag. Pass
silentfail parameter to child_copy. Use forkedntname of
dlls.main_executable.
(fork): When first dofork run failed and did not use forkables,
run dofork again with_forkables set to true.
(child_copy): Use debug_printf if silentfail is true,
system_printf otherwise.
Using the Windows PID as Cygwin PID has a few drawbacks:
- the PIDs on Windows get reused quickly. Some POSIX applications choke
on that, so we need extra code to avoid too quick PID reuse.
- The code to avoid PID reuse keeps parent process handles and
(depending on a build option) child processes open unnecessarily.
- After an execve, the process has a split personality: Its Windows PID
is a new PID, while its Cygwin PID is the PID of the execve caller
process. This requires to keep two procinfo shared sections open, the
second just to redirect process info requests to the first, correct
one.
This patch changes the way Cygwin PIDs are generated:
- Cygwin PIDs are generated independently of the Windows PID, in a way
expected by POSIX processes. The PIDs are created incrementally in
the range between 2 and 65535, round-robin.
- On startup of the first Cygwin process, choose a semi-random start PID
for the first process in the lower PID range to make the PIDs slightly
unpredictable. This may not be necessary but it seems kind of inviting
to know that the first Cygwin process always starts with PID 2.
- Every process not only creates the shared procinfo section, but also a
symlink in the NT namespace, symlinking the Windows PID to the Cygwin
PID. This drops the need for the extra procinfo section after execve.
- Don't keep other process handles around unnecessarily.
- Simplify the code creating/opening the shared procinfo section and
make a clear distinction between interfaces getting a Cygwin PID and
interfaces getting a Windows PID.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Keeping an inheritable handle open results in that handle being
spilled over into grandchild processes, which is not desired.
Duplicate original parent handle into a non-inheritable one with
minimal SYNCHRONIZE permissions and close the original handle.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This test was broken from the start. It leads to creating a completely
new stack for the main thread of the child process when started from
the main thread of the parent. However, the main thread of a process
can easily running on a completely different stack, if the parent's main
thread was created by calling fork() from a pthread. For an example,
see https://cygwin.com/ml/cygwin/2017-03/msg00113.html
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
GDB since commit 24cdb46e [1] can report and use these names.
Add utility function SetThreadName(), which sends a thread name to the
debugger.
Use that:
- to set the default thread name for main thread and newly created pthreads.
- in pthread_setname_np() for user thread names.
- for helper thread names in cygthread::create()
- for helper threads which are created directly with CreateThread.
Note that there can still be anonymous threads, created by system or
injected DLLs.
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=24cdb46e9f0a694b4fbc11085e094857f08c0419
The _reent members _current_category and _current_locale are not
used at all. _current_locale is set to "C" in various points of
the code but its value is just as unused as _current_category.
This patch redefines these members without changing the size of the
structure to allow for an implementation of per-thread locales per
POSIX-1.2008 (i.e. uselocale and usage of the per-thread locale in
subsequent function calls).
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Bump GPLv2+ to GPLv3+ for some files, clarify BSD 2-clause.
Everything else stays under GPLv3+.
New Linking Exception exempts resulting executables from LGPLv3 section 4.
Add CONTRIBUTORS file to keep track of licensing.
Remove 'Copyright Red Hat Inc' comments.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>