After creating a pthread, the stack gets moved to the desired memory
location. While the 32 bit thread wrapper copies the exception handler
information to the new stack (so we have at least *some* exception
handler present), the x86_64 code didn't perform any exception handler
magic. Fix that.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
VirtualQueryEx, called by fixup_mmaps_after_fork, requires
PROCESS_QUERY_INFORMATION permissions per MSDN. However, testing
shows that PROCESS_QUERY_LIMITED_INFORMATION is sufficient when
running the same code on Windows 8.1 or Windows 10. Fix the code
to give the forked child always PROCESS_QUERY_INFORMATION perms
on Windows Vista/7 and respective server releases.
Revert now unneeded patch to check_token_membership as well.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
POSIX requires that raise(3) is equivalent to
pthread_kill(pthread_self(), sig);
in multi-threaded applications. Our raise just called kill(sig).
Fix that.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Keeping an inheritable handle open results in that handle being
spilled over into grandchild processes, which is not desired.
Duplicate original parent handle into a non-inheritable one with
minimal SYNCHRONIZE permissions and close the original handle.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- Exec'ed/spawned processes don't need PROCESS_DUP_HANDLE. Remove that
permission from the parent handle.
- PROCESS_QUERY_LIMITED_INFORMATION doesn't work for Windows 7 if the
process is started as a service. Add PROCESS_QUERY_INFORMATION for
pre-Windows 8 in that case.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The version info only depends on the object files. This results
in the version info not being rebuild immediately if a source
file is changed. Rather, the version info is only rebuilt on the
next make run.
Fix that by making the version info build rule dependent on the
source files.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- This simple and official method replaces cyglsa and "create token"
methods. No network share access, same as before.
- lsaauth and create_token are disabled now. If problems crop up,
they can be easily reactivated. If no problems crop up, they
can be removed in a while, together with the lsaauth subdir.
- Bump Cygwin version to 3.0.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The previous patch failed with password-less auth because in
that case the return code from get_server_groups wasn't tested.
Fix that. Also make sure that get_server_groups does not
check if the account is disabled or locked out when just fetching
the group list for initgroups or getgrouplist.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
So far seteuid could change uid to any existing account, given
sufficient permissions of the caller. This is kind of bad since
it disallows admins to refuse login to disabled or locked out
accounts.
Add check for the account's UF_ACCOUNTDISABLE or UF_LOCKOUT flags
and don't let the user in, if one of the flags is set.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Use info from same source (GetNetworkParams).
Also move getdomainname near gethostname in source.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
If gethostname() fails we call GetComputerNameEx with
ComputerNameDnsFullyQualified. This is wrong, gethostname should return
the hostname only, not the FQDN. Fix this by calling GetComputerNameEx
with ComputerNameDnsHostname.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
When reusing a cygthread, the stub method fails to set the thread name
to the new name. The name is only set when actually creating the
thread. Fix that by moving the SetThreadName call right in front of the
thread function call.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Combine with a bit of cleanup:
- Drop overrun_event_running in favor of overrun_count being -1.
- Fix include guard in posix_timer.h.
- Drop ununsed function timespec_to_us.
- Don't use Interlocked functions without need.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Allocating on the cygheap would copy information of the tracker into
the child process. A forked child knows the timer id and could simply
still access the (free'd but still valid) timer_tracker on the heap,
which is dangerous and very certainly doesn't reflect POSIX semantics.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- Rename files timer.* to posix_timer.*.
- Reimplement using an OS timer rather than a handcrafted wait loop.
- Use a Slim R/W Lock for synchronization.
- Drop timer chaining. It doesn't server a purpose since all timers
are local only.
- Rename ttstart to itimer_tracker to better reflect its purpose.
It's not the anchor for a timer chain anymore anyway.
- Drop fixup_timers_after_fork. Everything is process-local, nothing
gets inherited.
- Rename timer_tracker::disarm_event to disarm_overrun_event for
better readability.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- When correcting the next expiration timestamp, the number of
expirations gets computed correctly, just the expiration timestamp
itself is then only incremented by a single interval, rather than
the just computed expired intervals. Fix that.
- drop the local clock variable in timerfd_tracker::create. It doesn't
serve any purpose.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- split into to __try/__except blocks to make sure
leave_critical_section is always called when required.
- Actually fill time_spec in settime so it_interval is returned
correctly.
- Return all 0 if timer is disarmed.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The value returned by reading from a timerfd is not an overrun
count in the same sense as for posix timers, it's an expiry counter.
Reflect that in the name.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- Drop erroneous initial computation of overrun count in settime
for absolute non-realtime clocks. It's repeated in thread_func
and thus counted twice.
- Fix overrun computation for timestamp offsets being a multiple of
the timer interval. The timestamp has to be corrected after the
first offset, otherwise the correction loop counts the intervals
again.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Non-CLOCK_REALTIME counters always use a relative DueTime in NtSetTimer.
However, relative DueTime has to be negative, but the code
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- On systems with inexact realtime clock, the current timestamp may
be fractionally smaller than the desired timestamp. This breaks the
computation for incrementing overrun_count so overrun_count may end
up as 0. Expiring the timer with an overrun_count of 0 is a no-go.
Make sure we always increment overrun_count by at least one after
timer expiry.
- Do not expire the timer when another process deletes its timer_tracker.
This, too, may result in a 0 overrun_count.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Using posix timers "timer_tracker" as base class for timerfd was flawed.
Posix timers are not inherited by child processes and don't survive
execve. The method used by posix timers didn't allow to share timers
between processes. The timers were still per-process timers and worked
entirely separate from each other. Reading from these timers via
different descriptors was only synchronized within the same process.
This does not reflect the timerfd semantics in Linux: The per-file
timers can be dup'ed and survive fork and execve. They are still just
descriptors pointing to the same timer object originally created by
timerfd_create. Synchronization is performed between all descriptor
instances of the same timer, system-wide.
Thus, reimplement timerfd using a timer instance in shared memory,
a kernel timer, and a handful of sync objects.
Every process maintains a per-process timerfd struct on the cygheap
maintaining a per-process thread. Every process sharing the same
timerfd will run this thread checking the state of the timer, similar
to the posix timer thread, just working on the shared objects and
synchronizing its job with each other thread.
Drop the timerfd implementation in the posix timer code and move the
public API to fhandler_timerfd.c. Keep the ttstart timer_tracker
anchor out of "NO_COPY" since the fixup_after_fork code should run to
avoid memory leakage.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Linux returns EINVAL, "fd is attached to an object which is unsuitable
for writing". If we don't handle write locally, write returns EBADF.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- Puzzeling: Commit ec98d19a08
changed ttstart to NO_COPY but kept all the code to handle
fixup after fork. Revert to not-NO_COPY and make timerfd
fork work.
- On fixup_after_fork, keep timerfd timers and restart thread
if they were armed in the parent.
- Move timerfd timer_trackers to cygheap. Overload timer_tracker
new and delete methods to handle timers accordingly. This is not
exactly required for fork, but exec will be grateful.
- Give up on TFD_TIMER_CANCEL_ON_SET for now. There's no easy way
to recognize a discontinuous change in a clock.
- Be paranoid when cleaning out ttstart.
- Fix some minor issues.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- Drop initial overrun computation from timer_tracker::settimer.
It's performed in timer_tracker::thread_func anyway.
- Fix regression in returning correct overrun count narrowed down to
int from timer_getoverrun. This has been introduced by changing
overrun_count_curr to LONG64.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
First cut of a timerfd implementation.
Still TODO:
- fork/exec semantics
- timerfd_settime TFD_TIMER_CANCEL_ON_SET flag
- ioctl(TFD_IOC_SET_TICKS)
- bug fixes
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
In case sigwait_common returns EINTR, read wrongly ignores it,
so read can't be interrupt by a signal. Fix that.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
While FileRenameInformationEx is defined starting with Windows
10 1709 per MSDN, it only starts working in W10 1809, apparently.
Users of 1803 report "Function not implemented".
Introduce wincap_10_1809 and change the version check in
wincapc::init accordingly. Split has_posix_file_info into
has_posix_unlink_semantics and has_posix_rename_semantics.
Enable the latter only starting with W10 1809.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Allow the signal thread to recognize we're called in consequence of
select on a signalfd. If the signal is part of the wait mask, don't
call any signal handler and don't remove the signal from the queue,
so a subsequent read (or sigwaitinfo/sigtimedwait) still gets the
signal. Instead, just signal the event object at
_cygtls::signalfd_select_wait for the thread running select.
The addition of signalfd_select_wait to _cygtls unearthed the alignment
problem of the context member again. To make sure this doesn't get lost,
improve the related comment in the header file so that this (hopefully)
doesn't get lost (again).
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
First cut of a signalfd implementation.
Still TODO: Non-polling select.
This should mostly work as on Linux except for missing support
for some members of struct signalfd_siginfo, namely ssi_fd,
ssi_band (both SIGIO/SIGPOLL, not fully implemented) and ssi_trapno
(HW exception, required HW support).
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
There's a long-standing bug in select. If we have poll-only
descriptors in the fd set, select overwrites the incoming
fd sets with the polling result. If none of the fds is ready,
select has to loop again. But now the fd sets are set to all
zero and select hangs.
Fix this by utilizing the local fd sets r, w, e as storage for
the incoming fd sets and use them to initialize select_stuff.
If we have to loop, overwritung the incoming fd sets doesn't matter.
While at it, rename r, w, e to readfds_in, writefds_in, exceptfds_in.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- use int64_t instead of long long
- make is_timer_tracker const
- improve copyright header comment
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
So far we check the recycler name all the time, and the last interation
also only managed to handle two ways to write the recycler. However,
an adventurous user might change the case of the recycler arbitrarily.
Fix this problem by keeping track of the name in a somewhat relaxed
fashion. Use camel back on drive C by default, all upper case elsewhere.
Only if the rename op fails do we fix the recycler name on the fly
when trying to create it, and it turns out it already existed.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
If the first rename fails, we reopen the rootdir for creating a subdir.
The rootdir handle can change its value at this point, but the code
doesn't take this into account. The subsequent rename then fails with
STATUS_INVALID_HANDLE. Fix this by copying the new rootdir value to
pfri->RootDirectory.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
So far we reopened the file if it was opened case sensitive to
workaround the problem that the recycler could be named in
camel back or all upper case, depending on who created it.
That's a problem for O_TMPFILE on pre-W10. As soon as the
original HANDLE gets closed, delete-on-close is converted to full
delete disposition and all useful operations on the file cease to
work (STATUS_ACCESS_DENIED or STATUS_FILE_DELETED).
To avoid that problem drop the reopen code and check for the exact
recycler filename, either $Recycle.Bin or $RECYCLE.BIN, if the file
has been opened case sensitive.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
On pre-W10 systems there's no way to reopen a file by handle if
the delete disposition is set. We try to get around with
duplicating the handle.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The new proc fd code accidentally allowed to linkat an O_TMPFILE
even if the file has been opened with O_EXCL. This patch fixes it.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
move special fd symlink code into own fhandler_process_fd class
to simplify further additions to /proc/PID/fd/DESCRIPTOR symlink
handling.
Add a method to handle stat(2) on such a proc fd symlink by handle.
This allows correct reply from stat(2) if the target file has been
deleted. This eventually fixes `awk -f /dev/fd/3 3<<eof'.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
path_conv now sets the PATH_RESOLVE_PROCFD flag in path_flags if
the PC_SYM_NOFOLLOW_PROCFD pathconv_arg flag has been set on input
*and* the file is actually a proc fd symlink.
Add matching path_conv::follow_fd_symlink method for checking and
use it in open(2).
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- Remove another unfortunate amalgamation: Mount flags (MOUNT_xxx)
are converted to path_types (PATH_xxx) and mixed with non-mount
path_types flags in the same storage, leading to a tangled,
pell-mell usage of mount flags and path flags in path_conv and
symlink_info.
- There's also the case of PC_NONULLEMPTY. It's used in exactly
one place with a path_conv constructor only used in this single
place, just to override the automatic PC_NULLEMPTY addition
when calling the other path_conv constructors. Crazily,
PC_NONULLEMPTY is a define, no path_types flag, despite its
name.
- It doesn't help that the binary flag exists as mount and path
flag, while the text flag only exists as path flag. This leads
to mount code using path flags to set text/binary. Very confusing
is the fact that a text mount/path flag is not actually required;
the mount code sets the text flag on non binary mounts anyway, so
there are only two states. However, to puzzle people a bit more,
path_conv::binary wrongly implies there's a third, non-binary/non-text
state.
Clean up this mess:
- Store path flags separately from mount flags in path_conv and
symlink_info classes and change all checks and testing inline
methods accordingly.
- Make PC_NONULLEMPTY a simple path_types flag and drop the
redundant path_check constructor.
- Clean up the definition of pathconv_arg, path_types, and mount flags.
Use _BIT expression, newly define in cygwin/bits.h.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
There's an unfortunate amalgamation of caller-provided pathconv_arg
flags with path_types flags which in turn are mostly mount flags.
This leads to a confusion of flag values in sylink_info::pflags and,
in turn, in path_conv::path_flags.
This patch decouples pathconv_flags from the other flags by making
sure that a pathconv_flag is never copied into a variable used for
path_types flags. Also, remove PATH_NO_ACCESS_CHECK since it's
not necessary.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Corinna Vinschen
Jozef Lawrynowicz
Ken Brown