Only required for Windows 7.
This in turn allows to drop the helper_pid and related
methods from fhandler_pty_common.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Only required for Windows 7.
This allows to remove fhandler_pipe::get_query_hdl_per_system(),
too.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
fetch_account_from_windows shortcuts the current user in that
it takes the user's domain SID and just adds the matching RID
from the token's primary group to create a group SID.
How wrong this is can be very simply reproduced:
Assuming you run a native process, like cmd, with primary group
set to the Administrators builtin group. Run Cygwin's id(1) as
child process. id(1) will print a non-existent group as primary
group and also add it to the group list.
This can only be avoided by not special casing the current user
and thus not creating a group SID from partial information.
Fixes: 6cc7c925ce ("(pwdgrp::fetch_account_from_windows): Default primary group for the
current user to primary group from user token.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
internal_getlogin overwrites the process token primary group if it
differs from the primary group as stored in the passwd DB.
However, this also overwrites the primary group of the process if
it has been deliberately changed by a former process (e. g., newgrp),
and the current process has a non-Cygwin process as parent.
Our docs claim we restrict overwriting the primary group to local,
non-domain user accounts anyway, and it was actually meant this way.
So check for exactly that before overwriting the primary group
in the token: It's only allowed if the user is a local account
and the primary group in the token is still the default group
"None".
Fixes: 6cc7c925ce ("(internal_getlogin): Give primary group
from user token more weight.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Originally the code was written to allow three ways of prefixing
accounts and to freely define a domain/account separator. This code
has been disabled even before being officially released, and it was
never re-enabled. Given there has been no complaints for eight years
now, drop this code eventually. Just add a macro to define the
domain/account separator statically.
Fixes: cc332c9e27 ("(cygheap_pwdgrp::nss_init_line): Disable db_prefix
and db_separator settings. Add comment")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This is a long-standing thinko.
When you exec a process, dll_crt0_0 in the child process calls
child_info_spawn::handle_spawn(). handle_spawn() initialises the
cygheap.
Now consider calling strace. Strace is a non-Cygwin process dynamically
loading cygwin1.dll via LoadLibrary. This in turn initializes the DLL:
- dll_crt0_0 finds that the process it attaches to has been exec'd, so
child_info_spawn::handle_spawn() is called.
- If the DLL is being dynamically loaded, handle_spawn() calls
child_info_spawn::get_parent_handle(). This in turn tries to set
the moreinfo->myself_pinfo value inside the cygheap to NULL.
- However, at this time, the cygheap has not yet been initialized. This
only occurs in the cygheap_fixup_in_child() call after get_parent_handle()
returns.
--> SEGV
This thinko never had a negative side effect, because the cygheap was
pre-allocated at DLL load time until commit 2f9b8ff00c ("Cygwin:
decouple cygheap from Cygwin DLL"). With 2f9b8ff00c, the cygheap
actually doesn't exist until after the call to cygheap_fixup_in_child().
Fix this problem by moving the assignment after the call to
cygheap_fixup_in_child().
Fixes: 3de7be4c1d ("* DevNotes: Add entry cgf-000007. [...]")
Fixes: 2f9b8ff00c ("Cygwin: decouple cygheap from Cygwin DLL")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
After decoupling cygheap from the DLL loading address, the check
for a different _cygheap_start has gone. So the matching string
check in multiple_cygwin_problem is obsolete now.
Fixes: 2f9b8ff00c ("Cygwin: decouple cygheap from Cygwin DLL")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
In commit 2dab880c96 I did a mistake when
I copied the new fhandler_serial::switch_modem_lines() from my modified
3.3.6 branch to the current master and I left a copy paste error. This
patch fixes that error.
Fixes: 2dab880c96 ("Cygwin: fix TIOCMBIS/TIOCMBIC not working when using usbser.sys")
- Previously, we have two tty.cc, one is winsup/cygwin/tty.cc and
the other is winsup/cygwin/fhandler/tty.cc. This is somewhat
confusing. This patch renames fhandler/tty.cc to fhandler/pty.cc.
When creating regular Cygwin test releases we need a way to
automate unambiguous version information based on the output
of `git describe'. Allow to inject a release string via a
preprocessor macro CYGPORT__RELEASE_INFO. Change the default
release info to recognize a local, non-distro build.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
We're going to switch to regular test releases, rather than the
old, handcrafted snapshots method.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- The codes related to pty and console in spawn.cc have been moved
into the new class fhandler_termios::spawn_worker, and make spawn.cc
call them. The functionality has not been changed at all.
In winsup/cygwin/fhandler/serial.cc, the function
fhandler_serial::switch_modem_lines() is called when TIOCMBIS/TIOCMBIC
are used in an ioctl() call.
This function uses EscapeCommFunction() for setting and resetting RTS
and DTR signals of a serial port. Unfortunately, this function does not
work on USB CDC devices.
This is not a true bug of CYGWIN but an issue of the usbser.sys driver,
from Windows 2000 to the latest Windows 11. Both 32bit and 64bit
versions of the operating system are affected. Actually, I tested
EscapeCommFunction() also when using a real UART, based on the
traditional 16550 driver and it works fine. Using thirdy party CDC
drivers, like the one provided by FTDI for their USB bridge chips,
probably also works.
However, it is also possible to drive the RTS/DTR signals by writing
their state with SetCommState(), which proved to be working fine all
types of connection. This is also a better solution for handling these
signals since RTS/DTR can be set at the same time rather than having two
separate calls with a visible delay between them.
Report 0 instead of 268435455 (i.e. 0xFFFFFFF) in the tty field of
/proc/*/stat for processes without a controlling terminal. This is what
the procps utility expects when selecting or excluding such processes.
This adds an extra section to the stackdump, which lists the loaded
modules and their base address. This is perhaps useful as it makes it
immediately clear if RandomCrashInjectedDll.dll is loaded...
Future work: It seems like the 'InMemoryOrder' part of
'InMemoryOrderModuleList' is a lie?
> Loaded modules
> 000100400000 segv-test.exe
> 7FFF2AC30000 ntdll.dll
> 7FFF29050000 KERNEL32.DLL
> 7FFF28800000 KERNELBASE.dll
> 000180040000 cygwin1.dll
> 7FFF28FA0000 advapi32.dll
> 7FFF29F20000 msvcrt.dll
> 7FFF299E0000 sechost.dll
> 7FFF29B30000 RPCRT4.dll
> 7FFF27C10000 CRYPTBASE.DLL
> 7FFF28770000 bcryptPrimitives.dll
This adds an additional column to the stack trace in a .stackdump file,
which gives the stack frame return address as a module name+offset. This
makes it a possible to convert the address to a function name without
having to guess what module the address belongs to.
> Stack trace:
> Frame Function Args
> 0007FFFFCC30 0001004010E9 (000180048055, 000180046FA0, 000000000002, 00018031E160) segv-test.exe+0x10E9
> 0007FFFFCD30 0001800480C1 (000000000000, 000000000000, 000000000000, 000000000000) cygwin1.dll+0x80C1
> 0007FFFFFFF0 000180045C86 (000000000000, 000000000000, 000000000000, 000000000000) cygwin1.dll+0x5C86
> 0007FFFFFFF0 000180045D34 (000000000000, 000000000000, 000000000000, 000000000000) cygwin1.dll+0x5D34
> End of stack trace
Loosely based on this patch [1] by Brian Dessent.
[1] https://cygwin.com/pipermail/cygwin-patches/2008q1/006306.html
Every time the cygheap is initialized, that is, on each fork
or exec, cygheap_init() *again* computes the bucket size values
and stores them in the cgyheap, albeit they are always the
same values anyway.
Make bucket_val a local const array, statically initialized
instead.
Fixes: 61522196c7 ("* Merge in cygwin-64bit-branch.)"
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Now that the cygheap isn't part of the CYgwin DLL anymore, we have a
known memory location which is not known in maps output. Fix that by
checking for cygheap address (same in all processes) and add to output.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Prior to 591fec858d01 ("Cygwin: decouple cygheap from Cygwin DLL")
the .cygheap section was required to stay the last section in the
final binary. That required some juggling with objcopy to make
sure the .gnu_debuglink section is prior to the .cygheap section
in the final DLL.
This isn't required anymore, so just drop it.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Another reason ASLR may fail is the coupling of the standard shared
mem regions (global, userinfo, process info, shared console) to the
address of the Cygwin DLL. They are always placed in fixed addresses
preceeding the Cygwin DLL's address. With ASLR this is bound to fail.
Use a fixed, unused memory area to place the shared mem regions.
This also allows to simplify the shared memory creation. There's
no reason anymore to rebase the regions and rather than offsets,
just use the addresses directly.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
One reason that ASLR is tricky is the fact that the cygheap
is placed at the end of the DLL and especially that it's expected
to be growable. To support ASLR, this construct must go.
Define dedicated cygheap memory region and reserve entire region.
Commit 3 Megs, as was the default size of the cygheap before.
Fix linker script accordingly, drop a now useless version check
in get_cygwin_startup_info().
Collect all info about memory layout in one header file, so
the mem layout is documented in one logical place and not
in heap.cc arbitrarily.
Use info from this file throughout.
This is to prepare for ASLR support.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Exception handling was *still* printing addresses as 44 bit values,
but Windows supports a 48 bit virtual address space since Windows
8.1. Fix that.
Fixes: e1254add73 ("Cygwin: Allow accessing 48 bit address space in Windows 8.1 or later")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
.com is a remnant from the past. There are only five executables
left:
chcp.com
format.com
mode.com
more.com
tree.com
Calling them on the command line already requires to use the
suffix anyway. So drop useless .com test from the execve test
for scripts (they are handled earlier in the same function
as executables) and do not handle them like .exe suffixes in
other functions.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This reverts commit 7589034cc3.
The previous commit 14816de9af69 ("Cygwin: spawn: drop special handling
for cmd.exe and command.com") make this patch unnecessary. The filename
argument (i. e., run_path in the caller) is now always non-NULL.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Apparently at one point handling cmd.exe and command.com special
made sense, but what that should be has never been documented.
There's also no clear reason why cmd.exe is different from any
other native executable. Additionaly, checking for command.com
is entirely useless on 64 bit Windows anyway.
Just drop this code.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- If the command executed is 'cmd.exe /c [...]', runpath in spawn.cc
will be NULL. In this case, is_console_app(runpath) check causes
access violation. This case also the command executed is obviously
console app., therefore, treat it as console app to fix this issue.
Addresses: https://github.com/msys2/msys2-runtime/issues/108
According to POSIX and the Linux man page, select(2) is supposed to
report read ready if a file is at EOF. In the case of a FIFO, this
means that the pipe is empty and there are no writers. But there
seems to be an undocumented exception, observed on Linux and other
platforms: If no writer has ever been opened, then select(2) does not
report read ready. This can happen if a reader is opened with
O_NONBLOCK before any writers have opened.
This commit makes Cygwin consistent with those other platforms by
introducing a special EOF test, fhandler_fifo::select_hit_eof, which
returns false if there's never been a writer opened.
To implement this we use a new variable '_writer_opened' in the FIFO's
shared memory, which is set to 1 the first time a writer opens. New
methods writer_opened() and set_writer_opened() are used to test and
set this variable.
Addresses: https://cygwin.com/pipermail/cygwin/2022-September/252223.html
The patch fixing the alignment of _cygtls::context accidentally
pushed the desperate attempt to automate the alignment by using
another, non-working variation of attribute((aligned)). Drop it.
Fixes: dcab768cb9 ("Cygwin: cygtls: fix context alignment")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
A hang was encountered, apparently triggered by commit 63b503916d,
changing tls_pathbufs from malloc'ed to HeapAlloc'ed memory. After
lengthy debugging it transpired that adding the heap handle to the
tls_pathbuf struct added 8 bytes to the cygtls area, thus moving
the "context" member by 8 bytes, too, so it was suddently unaligned.
Fix this for now by changing the alignment.
Fix this once and for all, by adding code to the gentls_offsets script
to check if the alignment of the "context" member is 16 bytes. If not,
print a matching error message, remove the just generated file, and exit
with error.
FIXME: It would be really nice to find a way to auomate the correct
alignment of the "context" member, but I don't see any way to use
alignment attributes to get what we need here.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
while debugging a problem introduced in commit
63b503916d ("Cygwin: tls_pathbuf: Use Windows heap")
a hang in fork was encountered using the original implementation
of tls_pathbuf:
Using tmp_pathbuf inside the code block guarded by __malloc_trylock
may call malloc from tmp_pathbuf::w_get and thus trying to lock an
exclusive SRW lock recursively, which results in a deadlock.
Allocate a small SECURITY_ATTRIBUTES block on the stack rather than
allocating a 64K tmp_pathbuf. This avoids the potential malloc call.
Drop the __malloc_trylock call entirely. There must not be a malloc
call inside the frok::parent block guarded by __malloc_lock, and
just trying to lock is too dangerous inside fork while other threads
might actually chage the content of the heap. Additionally, add a
comment frowning on malloc usage inside tis code block.
Fixes: 44a79a6eca ("Cygwin: convert malloc lock to SRWLOCK")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Rather than using malloc/free for the buffers, we're now using
HeapAlloc/HeapFree on a HEAP_NO_SERIALIZE heap created for this
thread.
Advantages:
- Less contention. Our malloc/free doesn't scale well in
multithreaded scenarios
- Even faster heap allocation by using a non serialized heap.
- Internal, local, temporary data not cluttering the user heap.
- Internal, local, temporary data not copied over to child process
at fork().
Disadvantage:
- A forked process has to start allocating temporary buffers from
scratch. However, this should be alleviated by the fact that
buffer allocation usually reaches its peak very early in process
runtime, so the longer the proceess runs, the less buffers have
to allocated, and, only few processes don't exec after fork
anyway.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
shmat may call shmget. shmget locks by itself as necessary,
so there's no reason to keep the lock active and recurse into
the lock. Use SRWLOCK and only lock as required.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
So far we use a single muto to guard three different datastructures
inside class authz_ctx: the authz HANDLE, the user context HANDLE
and the context cache list. Split the single muto into three
independent SRWLOCKs and guard all datastrcutures as necessary to
avoid thread contention.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The old technique was from a time when we had to reduce stack pressure
by moving 64K buffers elsewhere. It was implemented using a static
global buffer, guarded by a muto. However, that adds a lock which may
unnecessarily serialize threads.
Use Windows heap buffers per invocation instead. HeapAlloc/HeapFree are
pretty fast, scale nicely in multithreaded scenarios and don't serialize
threads unnecessarily.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This simple testcase:
locale_t st = newlocale(LC_ALL_MASK, "C", (locale_t)0);
locale_t st2 = newlocale(LC_CTYPE_MASK, "en_US.UTF-8", st);
is sufficient to reproduce a crash in _newlocale_r. After the first call
to newlocale, `st' points to __C_locale, which is const. When using `st'
as locale base in the second call, _newlocale_r tries to set pointers
inside base to NULL. This is bad if base is __C_locale, obviously.
Add a test to avoid trying to overwrite pointer values inside base if
base is __C_locale.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This way, the sem API is all in the same place, even if the
underlying semaphore class is still in thread.cc.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Rename CygwinCreateThread to create_posix_thread and move
from miscfuncs.cc to create_posix_thread.cc, inbcluding all
related functions. Analogue for the prototypes.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Currently it is possible for symlink_info::check to return -1 in case
we're searching for foo and find foo.lnk that is not a Cygwin symlink.
This contradicts the new meaning attached to a negative return value
in commit 19d59ce75d. Fix this by setting "res" to 0 at the beginning
of the main loop and not seting it to -1 later.
Also fix the commentary preceding the function definition to reflect
the current behavior.
Addresses: https://cygwin.com/pipermail/cygwin/2022-August/252030.html
provide entire internal and external pthread API from inside the
same file.
While I dislike to have another even larger file, this is basically
cleaning up the source and grouping the external API into useful
chunks. Splitting the file cleanly is tricky due to usage of inline
methods is_good_object and verifyable_object_isvalid.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
So far, wmemset used the C implemantation from newlib. Let's use
the optimized assembler code instead.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This function is just bad. It really only works for ASCII
chars, everything else is broken after the conversion.
Introduce new helper function sys_mbstouni to replace
RtlCreateUnicodeStringFromAsciiz in hash_path_name.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
mount_info::get_mounts_here used RtlCreateUnicodeStringFromAsciiz
which translates bytes into wide chars verbatim.
Create a new function sys_mbstouni_alloc which can be used from
mount_info::get_mounts_here to convert multibyte mount point
strings to UNICODE_STRINGS in a locale-aware way.
For symmetry, create a function mount_info::free_mounts_here,
so the knwoledge how to free the UNICODE_STRING buffers is
encapsulated in the same class.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This reverts commit d9e9c7b5a7. The latter added ".dll" to the
blessed_executable_suffixes array because on 32-bit Windows, the
GetBinaryType function would report that a 64-bit DLL is an
executable, contrary to the documentation of that function.
That anomaly does not exist on 64-bit Windows, so we can remove ".dll"
from the list. Reverting the commit does, however, change the
behavior of the rename(2) syscall in the following unlikely situation:
Suppose we have an executable foo.exe and we make the call
rename ("foo", "bar.dll");
Previously, foo.exe would be renamed to bar.dll. So bar.dll would
then be an executable without the .exe extension. The new behavior is
that foo.exe will be renamed to bar.dll.exe. [Exception: If there
already existed an executable (not a DLL!) with the name bar.dll, then
.exe will not be appended.]
Corinna Vinschen
Carlo Bramini
Takashi Yano
Andy Koppe
Jon Turney
Brian Inglis
Ken Brown