Don't use global variables. This allows to call loadlocale from
the yet to be created newlocale().
Rename _thr_locale_t to __locale_t (these locales are not restricted
to threads so the name is misleading).
Along these lines, fix _set_ctype to take a __locale_t as parameter.
Signed-off by: Corinna Vinschen <corinna@vinschen.de>
- Remove charset parameter from low level __foo_wctomb/__foo_mbtowc calls.
- Instead, create array of function for ISO and Windows codepages to point
to function which does not require to evaluate the charset string on
each call. Create matching helper functions. I.e., __iso_wctomb,
__iso_mbtowc, __cp_wctomb and __cp_mbtowc are functions returning the
right function pointer now.
- Create __WCTOMB/__MBTOWC macros utilizing per-reent locale and replace
calls to __wctomb/__mbtowc with calls to __WCTOMB/__MBTOWC.
- Drop global __wctomb/__mbtowc vars.
- Utilize aforementioned changes in Cygwin to get rid of charset in other,
calling functions and simplify the code.
- In Cygwin restrict global cygheap locale info to the job performed
by internal_setlocale. Use UTF-8 instead of ASCII on the fly in
internal conversion functions.
- In Cygwin dll_entry, make sure to initialize a TLS area with a NULL
_REENT->_locale pointer. Add comment to explain why.
Signed-off by: Corinna Vinschen <corinna@vinschen.de>
Move all locale category structure definitions into setlocale.h and remove
other headers in locale subdir. Create inline accessor functions for
current category struct pointers and use throughout. Use pointers to
"C" locale category structs by default in __global_locale.
Signed-off by: Corinna Vinschen <corinna@vinschen.de>
Introduce first cut of struct _thr_locale_t used for the locale_t definition.
Introduce global instance called __global_locale used by default.
Introduce internal inline functions __get_global_locale, __get_locale_r,
__get_current_locale.
Remove usage of global variables in favor of accessor functions pointing to
__global_locale for now. Include all local headers in locale subdir from
setlocale.h to get single include for internal locale access.
Introduce __CTYPE_PTR macro to replace direct access to __ctype_ptr__
and use throughout in isxxx functions.
Signed-off by: Corinna Vinschen <corinna@vinschen.de>
This is a followup to a report back in 2011 about essentially the same issue:
https://cygwin.com/ml/cygwin/2011-04/msg00031.html
The same test program in that report demonstrates the issue, but with
kill sending any non-zero signal. To reiterate, the problem here is
POSIX compliance with respect to sending signals to zombie processes.
http://pubs.opengroup.org/onlinepubs/9699919799/functions/kill.html
claims:
Existing implementations vary on the result of a kill() with pid
indicating an inactive process (a terminated process that has not been
waited for by its parent). Some indicate success on such a call
(subject to permission checking), while others give an error of
[ESRCH]. Since the definition of process lifetime in this volume of
POSIX.1-2008 covers inactive processes, the [ESRCH] error as described
is inappropriate in this case. In particular, this means that an
application cannot have a parent process check for termination of a
particular child with kill(). (Usually this is done with the null
signal; this can be done reliably with waitpid().)
In response to the originally issue, this was fixed *specifically* for
the case of kill(pid, 0). But my reading of the above is that kill()
should return 0 in this case regardless of the signal (modulo
permissions, etc.). On Linux, for example, when calling kill with pid
of a zombie process the kernel will happily deliver the signal to the
relevant task_struct; it will just never be acted on since the task
will never run again.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Commit d7586cb incorrectly checked only for the new cursor position
beyond the old cursor position to decide if we have to correct for user
scrolling. Since this situation is handled just fine if the cursor is
still visible, only perform the subsequent correction if the cursor is
not in the visible console window.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Commit ba58e5f lowered permission requirements when opening threads
and processes to {PROCESS,THREAD}_QUERY_LIMITED_INFORMATION. However,
when creating the /proc/<PID>/maps file, the call to VirtualQueryEx
requires PROCESS_QUERY_INFORMATION access
Note: It seems PROCESS_QUERY_LIMITED_INFORMATION is sufficient starting
with Windows 8.1, but this is neither documented on MSDN, nor is it a
safe bet. It may have to do with a fixed implementation of the UAC
trust levels. Let's better follow the docs for now.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
We must call SetConsoleCursorPosition prior to SetConsoleWindowInfo,
otherwise the scroll bars will not be updated by the OS. Make sure
to scroll the console window by just the right amount to have the
new cursor position one line after the used console buffer area at
the top of the console window, no matter the scroll state.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
SIGTTIN should be raised when read() is made on a tty in a backgrounded
process, but not when it's tested with poll()/select().
I guess poll()/select() does need to call bg_check(), in order to detect the
error conditions that notices (that is, if bg_check() returns bg_eof or
bg_error, then fd is ready as an error condition exists) so add an optional
parameter to fhandler_base::bg_select() to indicate that signals aren't
desired.
See https://cygwin.com/ml/cygwin-developers/2016-07/msg00004.html
Mingw-w64, which is the source of this code, uses different
definitions of the rounding bits FE_TONEAREST and friends.
They immediately reflect the bit values in the FPU control word,
while on Cygwin they are shifted down to become the values 0-3.
Fix the bit computing expression to account for the difference.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
get_nt_native_path handles the transposition of chars not allowed
in Windows pathnames. However, it never starts transposition at
the start of the string, which is wrong for relative paths. Fix it.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
POSIX requires that SSIZE_MAX have the same type as ssize_t, but
on 32-bit, we were defining it as a long even though ssize_t
resolves to an int. It also requires that SSIZE_MAX be usable
via preprocessor #if, so we can't cheat and use a cast.
If this were newlib, I'd have had to hack _intsup.h to probe the
qualities of size_t (via gcc's __SIZE_TYPE__), similar to how we
already probe the qualities of int8_t and friends, then cross our
fingers that ssize_t happens to have the same rank (most systems
do, but POSIX permits a system where they differ such as size_t
being long while ssize_t is int). Unfortunately gcc gives us
neither __SSIZE_TYPE__ nor __SSIZE_MAX__. On the other hand, our
limits.h is specific to cygwin, so we can just shortcut to the
correct results rather than being generic to all possible ABI.
Signed-off-by: Eric Blake <eblake@redhat.com>
Improve the description of Cygwin ldd utility to give a bit more detail
about how it does what it does
Also add a security warning (modelled after the one in the Linux manpage)
that it may end up executing the file it is applied to.
Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
Fix an instance of the invalid <pathname> tag in Cygwin utils documentation,
by using the valid <filename> tag instead.
Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
In Cygwin utils documentation, use the <example> tag at same level as
<para>, not inside it.
This improves the generated manpages.
Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
At fork time the .data and .bss segments of the Cygwin DLL are copied
over to the child process. This also copies the strace timer since
it's in the .bss segment so far. Fix that by moving the strace timer
out into the .data_cygwin_nocopy segment.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The _reent members _current_category and _current_locale are not
used at all. _current_locale is set to "C" in various points of
the code but its value is just as unused as _current_category.
This patch redefines these members without changing the size of the
structure to allow for an implementation of per-thread locales per
POSIX-1.2008 (i.e. uselocale and usage of the per-thread locale in
subsequent function calls).
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
set_entry_point_break() uses GetModuleInformation to fetch the
address of the exe's entry point. However, just as with
lpStartAddress from the CREATE_PROCESS_DEBUG_EVENT event, the
returned address is only computed from the PE file header. It's
not actually the entry point in memory, if the executable is
relocated (ASLR). See
https://msdn.microsoft.com/en-us/library/windows/desktop/ms684229(v=vs.85).aspx
Convert this to using the info from CREATE_PROCESS_DEBUG_EVENT
combined with the offset from the PE file header's AddressOfEntryPoint
to deal with relocation.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
So far ldd terminates the inferior process as soon as some thread
is started. Apparently threads are started from even ntdll.dll
before the main thread of the application is started. As a result
the dll list is cut short since ldd terminates prematurely.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Commit b1b46d45 introduced a regression. After redefining FIONREAD
as part of restructuring newlib/Cygwin headers, the call to ioctlsocket
in the FIONREAD branch of fhandler_socket::ioctl should have been
changed to use the Winsock definition of FIONREAD, which I neglected.
This only affects 64 bit Cygwin.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
In get_mem_values we open the process without PROCESS_VM_READ access
and are *still* able to request working set information, despite
MSDN claiming we need it for this purpose. Instead of adding this
access right, just add an comment to point this out for now.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Using PROCESS/THREAD_QUERY_INFORMATION may limit the number of
processes/threads we can inspect depending on their integrity level.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Always create child user window station and desktop, unless only
spawning with restricted token. Also fix formatting of a few comments
in child_info_spawn::worker.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Convert sys_privs to const struct with TOKEN_PRIVILEGES layout.
Drop function get_system_priv_list. Just use pointer to sys_privs.
Dropping max_sys_priv from wincaps requires to make sure that the
bitfield is 8 byte aligned on x86_64, otherwise gcc (5.3 only?)
apparently breaks access to the bitfield (off by 4 bytes).
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The change introduced in commit b2867a6 contains a faulty check for
the major device number in fhandler_dev_floppy::lock_partition.
Fix this. Also fix comments.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Revamp device parsing code. Introducing support for more partitions
into the shilka-generated parser has the unfortunate side-effect of
raising the size of the DLL by almost 2 Megs. Therefore we split out
the handling for /dev/sdXY devices into a tiny bit of hand-written
code.
While at it, remove some unused cruft from devices.* and generally
clean up the device class to provide access methods instead of direct
access to members.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Bump GPLv2+ to GPLv3+ for some files, clarify BSD 2-clause.
Everything else stays under GPLv3+.
New Linking Exception exempts resulting executables from LGPLv3 section 4.
Add CONTRIBUTORS file to keep track of licensing.
Remove 'Copyright Red Hat Inc' comments.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
fhandler_base::open_fs has two problems:
- When newly creating a file, the file info in the path_conv is
incorrect. It points to info for the parent dir, not to info
for the file itself (which, naturally, wasn't available before).
- Fetching the file's inode number only worked for non-NFS.
Both problems should be fixed now by reloading file info if the file
has just been created, as well as using the new FS-agnostic
path_conv::get_ino method.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This avoids having to call nfs_fetch_fattr3/file_get_fai depending
on FS type as well as having to extract the info FS dependent.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Rather than having to check for the FS type in the caller and having
to call different functions whether FS is NFS or not, encapsulate the
info in path_conv_handle/path_conv methods to allow FS type agnostic
calling from upper level functions.
This patch only implements the methods.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Commit a23e6a35d8 introduced a timer
object to the WFMO handling in select_stuff::wait to allow sub-tickcount
timeout values in select.
Problems with this patch: The timer was created and destroyed on every
invocation of select_stuff::wait, thus potentially multiple times per
select. Also, since the timer was prepended to the WFMO hande list,
the timer handle could shadow actual events on other objects, given that
WFMO checks the objects in the order they have been specified in the
HANDLE array. The timer was also created/destroyed and added to the
HANDLE array even if it was not required.
This patch drops the local timer HANDLE and recycles the cw_timer HANDLE
in the cygtls area instead. Thus we typically don't need to create the
timer in select at all, and we never have to destroy it.
The timer HANDLE is now also appended as last object to the HANDLE array,
and it's only added if actually needed.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The check for current timestamp > start timestamp has an unwelcome
side effect: The loop is not left as long as the current timestamp
hasn't been incremented. This leads to busy loops of about one tick
(10 to 16 ms per MSDN).
This fixes https://cygwin.com/ml/cygwin/2016-05/msg00327.html
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
'man termios' says:
"A read(2) returns at most one line of input" in canonical mode.
On cygwin 2.5.1, read(2) returns all data in buffer if the buffer
size specified is large enough. This behaviour is correct in
noncanonical mode, but is not correct in canonical mode.
While checking this problem, I found a bug of tcflush(). tcflush()
flushes only partial data in the buffer. The patch also fixes this bug.
The patch has also been tested against the problem reported in
https://cygwin.com/ml/cygwin/2016-05/msg00318.html.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The rule to make tlsoffset{64}.h has a flaw. If cygtls.h can't be
built for whatever reason, it *still* regenerates tlsoffsets{64}.h,
just with size 0. If the bug is not in cygtls.h itself, this behaviour
breaks further building, because fixing the problem won't result in
regenerating tlsoffset{64}.h. Manual intervention is required.
Fix that by removing tlsoffsets{64}.h if gentls_offsets fails.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Using libattr's <xattr/xattr.h> requires consumers to explicitly include
<sys/types.h> first, but glibc's header in sys/ already contains the include.
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
Temporarily revert to use PROCESS_QUERY_INFORMATION instead of
PROCESS_QUERY_LIMITED_INFORMATION to make sure every aspect of the
next release is still XP/2003 compatible.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
We're appending a dot to the filename before calling LoadLibrary to
override ".dll" automagic. This only worked for paths, not for simple
filenames since it required a slash in the pathname. Fix that.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
So far drive letter paths have been handled special since path_conv
leaves the incoming path untouched except for converting backslashes
to forward slashes. However, if the incoming path starts with a
long path prefix, the same problem occurs. Therefore handle all
paths starting with a backslahs the same way.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
In case the TZ variable is empty, Cygwin fetches timezone info from
Windows. Extracting the timezone short name uses isupper on wide chars.
Replace with explicit check for A <= character <= Z to be independent
of undefined behaviour.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Throughout mmap, size-related variables and parameters are still using
DWORD as type, which disallows mapping ranges > 4Gigs. Fix this by
using SIZE_T throughout for those vars and parameters.
Also, drop unused off parameter from 1st variant of mmap_record::map_pages.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
So far pthread::postcreate() only sets the thread priority at all, only
if the inherit-scheduler attribute is PTHREAD_EXPLICIT_SCHED. This
completely ignores the PTHREAD_INHERIT_SCHED case, since in contrast
to POSIX, a thread does not inherit its priority from the creating
thread, but always starts with THREAD_PRIORITY_NORMAL.
pthread_getschedparam() only returns what's stored in the thread attributes,
not the actual thread priority.
This patch fixes both problems.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
So far the scheduler priority handling is not POSIX compatible.
The priorities use a range of -14 up to +15, which means it's not clear
if the POSIX-required return value of -1 in case of an error is *really*
an error or just the valid priority value -1. Even more confusing, -14
is the *max* value and 15 is the *min* value. Last but not least this
range doesn't match the POSIX requirement of at least 32 priority values.
This patch cleans up scheduler priority handling and moves the valid
priority range to 1 (min) - 32 (max). It also adds a function
sched_get_thread_priority() which will help to make thread priority
more POSIX-like.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
* select.h: Eliminate redundant select_stuff::select_loop state.
* select.cc (select): Eliminate redundant
select_stuff::select_loop state. Eliminate redundant code for
zero timeout. Do not return early on early timer return.
(select_stuff::wait): Eliminate redundant
select_stuff::select_loop state.
* select.h: Change prototype for select_stuff::wait() for larger
microsecond timeouts.
* select.cc (pselect): Convert from old cygwin_select().
Implement microsecond timeouts.
(cygwin_select): Rewrite as a wrapper on pselect().
(select): Implement microsecond timeouts.
(select_stuff::wait): Implement microsecond timeouts with a timer
object.
Always provide register_t via <sys/types.h> for glibc and BSD
compatibility. Define __BIT_TYPES_DEFINED__ to 1 like glibc for legacy
header files.
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
Resurrect <machine/_user_types.h> for use in <sys/types.h>. Newlib
targets may provide an own version of <machine/types.h> in their machine
directory to add custom user types for <sys/types.h>. Check the
_SYS_TYPES_H header guard to prevent a direct include of
<machine/types.h>, since the <machine/types.h> file is a Newlib
speciality.
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
For all pthread init functions, POSIX says
Results are undefined if pthread_FOO_init() is called specifying an
already initialized pthread_FOO object.
So far our pthread init functions tested the incoming object if it's
already an initialized object and, if so, returned EBUSY. That's ok
*iff* the object was already initialized. However, as the example in
https://cygwin.com/ml/cygwin/2016-04/msg00473.html shows, an uninitialized
pthread object could also accidentally look like an initialized object
and then returning EBUSY is not ok.
Consequentially, all those tests are dangerous. Per POSIX, an application
has to know what its doing when calling any of the pthread init functions
anyway, and re-initializing the object is just as well as undefined
behaviour as is returning EBUSY on already initialized objects.
* thread.cc (pthread_attr_init): Drop check for already initialized
object.
(pthread_condattr_init): Ditto.
(pthread_rwlockattr_init): Ditto.
(pthread_mutexattr_init): Ditto.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Introduce <machine/_endian.h> to let target based customization of
<machine/endian.h> via
* _LITTLE_ENDIAN,
* _BIG_ENDIAN,
* _PDP_ENDIAN, and
* _BYTE_ORDER.
defines. Add definitions expected by FreeBSD to
<machine/endian.h> like
* _QUAD_HIGHWORD,
* _QUAD_LOWWORD,
* __bswap16(),
* __bswap32(),
* __bswap64(),
* __htonl(),
* __htons(),
* __ntohl(), and
* __ntohs().
Also, if __BSD_VISIBLE
* LITTLE_ENDIAN,
* BIG_ENDIAN,
* PDP_ENDIAN, and
* BYTE_ORDER.
Targets that define __machine_host_to_from_network_defined in
<machine/_endian.h> must provide their own implementation of
* __htonl(),
* __htons(),
* __ntohl(), and
* __ntohs(),
otherwise a default implementation is provided by <machine/endian.h>.
In case of GCC defines to builtins are used.
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
We can't handle the S_ISGID bit if the child didn't inherit a NULL SID
ACE with the S_ISGID bit set. On directories without default ACL
entries we would have to add an inheritable NULL SID ACE and nothing else.
This in turn results in permission problems when calling set_file_sd
from set_created_file_access. That's fixable, but it would only work
for files created from Cygwin while files created from native Windows
tools end up with really ugly permissions.
This patch only makes sure that the S_ISGID bit is reset for a directory
if it has no inheritable ACEs. Still having the 's' bit shown in ls or
getfacl output would be misleading. So, calling `setfacl -k' on a dir
also removes the S_ISGID bit now.
* sec_acl.cc (set_posix_access): Drop S_ISGID bit on directories
without inheritable ACEs. Explain why.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
So far we tweaked ACL_GROUP_OBJ and ACL_MASK values the same way when
creating a file. We now do what POSIX requires, namely just change
ACL_MASK if it's present, otherwise ACL_GROUP_OBJ. Note that we only
do this at creation time. Chmod still tweaks both to create less
surprising results for the unsuspecting user.
Additionally make sure to take umask only into account if no ACL_MASK
value is present. That has been missed so far.
* sec_acl.cc (set_posix_access): Perform check for non-existant
default ACEs earlier. Ignore umask also if ACL_MASK is present.
Only set owner_eq_group if we're actually handling a user entry.
Mention chmod in a comment.
* security.cc (set_created_file_access): Perform group/mask
permission setting as required by POSIX 1003.1e.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Commit e2ea143 forgot to take special POSIX bits into account.
* sec_acl.cc (set_posix_access): Make sure to create NULL SID
ACE if any special POSIX permission bits are set.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Commit f75114fc was supposed to drop NULL SIDs in case the permissions
are simple enough not to require mask values or special POSIX bits
(S_ISVTX, etc). The check was incorrect. This patch is supposed to
fix the problem.
* sec_acl.cc (set_posix_access): Fix condition under which we
write a NULL SID.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>