Even after fork, we might need the parent sigmask without having
access to the real _main_tls. There's a short time at process startup,
when _main_tls points to the system-allocated stack, but wait_sig is
already running. If we can't lock _main_tls, because find_tls can't
find it yet, we now access the parent's sigmask via child_info.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- As mentioned in commit message of the commit b531d6b0, if multiple
writers including non-cygwin app exist, the non-cygwin app cannot
detect pipe closure on the read side when the pipe is created by
system account or the the pipe creator is running as service.
This is because query_hdl which is held in write side also is a
read end of the pipe, so the pipe is still alive for the non-cygwin
app even after the reader is closed.
To avoid this problem, this patch lets all processes in the same
process group close query_hdl using newly introduced internal signal
__SIGNONCYGCHLD when non-cygwin app is started.
Addresses: https://cygwin.com/pipermail/cygwin/2022-March/251097.html
So far the values of SigPnd and SigBlk were always 0 and SigIgn
was incorrectly set to the block mask of the current thread of
the calling process.
Fix that by adding a _pinfo::siginfo method and a PICOM_SIGINFO
message to allow to request actual signal info of any running process.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- When Ctrl-C terminates a non-cygwin process on a pseudo console,
pty master attaches to the pseudo console first, and send
CTRL_C_EVENT. If the non-cygwin process closes the pseudo console
before the pty master calls FreeConsole(), the pty master process
will crash. With this patch, pty master process takes over the
ownership of the pseudo console, and closes it by myself.
- The recent change by the commit "Cygwin: console: Redesign handling
of special keys." breaks the handling of CTRL_BREAK_EVENT. The login
shell in console exits on Ctrl-Break key. This patch fixes the issue.
- This patch rearranges the cooperation between cons_master_thread,
line_edit, and ctrl_c_handler so that only one of them operates
at the same time. Since these handle Ctrl-C individually, so the
signal may be sent multiple times to the process. This patch fixes
the issue.
- This patch fixes the issue that process sometimes hangs for 60
seconds with the following scenario.
1) Open command prompt.
2) Run "c:\cygwin64\bin\bash -l"
3) Compipe the following source with mingw compiler.
/*--- Begin ---*/
#include <stdio.h>
int main() {return getchar();}
/*---- End ----*/
4) Run "tcsh -c ./a.exe"
5) Hit Ctrl-C.
- Currently, bash occasionally exits by Ctrl-C with the following
scenario.
1) Start bash in the command prompt.
2) Run 'exec bash'.
3) Press Ctrl-C several times.
This patch fixes the issue.
We need one more entry than max children in the arrays.
There's no reason to do this for the static array, though.
One more entry in the overflow array is sufficient.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
On PROC_EXEC_CLEANUP, the pinfo's in chld_procs are removed.
This is done in a loop always removing the child with index 0.
This, however, results in copying the last child's pinfo in
chld_procs to position 0. Do this for 100 children and you
get 99 entirely useless copy operations.
Fix this by calling remove_proc in reverse order.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
256 children per process is a bit tight in some scenarios.
Fix this by revamping the `procs' array. Convert it to an
extensible class child_procs and rename procs to chld_procs.
Fix code throughout to use matching class methods rather than
direct access.
To allow a lot more child processes while trying to avoid
allocations at DLL startup, maintain two arrays within class
child_procs, one using a default size for 255 (i686) or 1023
(x86_64) children, the other, dynamically allocated on overflowing
the first array, giving room for another 1023 (i686) or 4095
(x86_64) processes.
On testing with a simple reproducer on a x86_64 machine with
4 Gigs RAM, a system memory overflow occured after forking
about 1450 child processes, so this simple dynamic should
suffice for a while.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
pinfo::remember with the detach parameter set to true is
the only way to call proc_subproc with PROC_DETACHED_CHILD.
This call is exclusively used in spawn to set up a pinfo for
a detached child, and that pinfo goes out of scope right
afterwards without any further action.
Drop the flag and drop the detach parameter from pinfo::remember.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The return value is used in a numerical context and remove_proc
already returned inconsistently "true" vs. 0.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
After patch 23a779bf3d
"Cygwin: pinfo: stop remember doing reattach",
PROC_ADDCHILD actually just sets up a new child, mirroring
PROC_DETACHED_CHILD. The actual attaching of the child is
performed by action PROC_REATTACH_CHILD or pinfo::reattach
respectively.
To better reflect what's going on, rename PROC_REATTACH_CHILD
to PROC_ATTACH_CHILD and rename pinfo::reattach to pinfo::attach.
For better readability change PROC_ADDCHILD to PROC_ADD_CHILD.
Fix comments accordingly.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This patch has been inspired by the Linux kernel patch
294f69e662d1 compiler_attributes.h: Add 'fallthrough' pseudo keyword for switch/case use
written by Joe Perches <joe AT perches DOT com> based on an idea from
Dan Carpenter <dan DOT carpenter AT oracle DOT com>. The following text
is from the original log message:
Reserve the pseudo keyword 'fallthrough' for the ability to convert the
various case block /* fallthrough */ style comments to appear to be an
actual reserved word with the same gcc case block missing fallthrough
warning capability.
All switch/case blocks now should end in one of:
break;
fallthrough;
goto <label>;
return [expression];
continue;
In C mode, GCC supports the __fallthrough__ attribute since 7.1,
the same time the warning and the comment parsing were introduced.
Cygwin-only: add an explicit -Wimplicit-fallthrough=5 to the build
flags.
NSIG is a deprecated symbol only visible under MISC visibility.
_NSIG is used widely instead, and on most systems NSIG is
defined in terms of _NSIG.
Follow suit: Change NSIG to _NSIG throughout and change visiblity
of NSIG to be defined only in __MISC_VISIBLE case.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Commit 5a0f2c00aa "Cygwin: fork/exec: fix child process permissions"
removed the PROCESS_DUP_HANDLE handle permission of the parent process
handle in the child to avoid a security problem.
It turned out that this broke the following scenario: If a process forks
and then the parent execs, the child loses the ability to register the
parent's death. To wit, after the parent died the child process does
not set its own PPID to 1 anymore.
The current exec mechanism copies required handle values (handles to
keep contact to the child processes) into the child_info for the
about-to-be-exec'ed process. The exec'ed process is supposed to
duplicate these handles. This fails, given that we don't allow the
exec'ed process PROCESS_DUP_HANDLE access to the exec'ing process since
commit 5a0f2c00aa.
The fix is to avoid the DuplicateHandle calls in the exec'ed process.
This patch sets the affected handles to "inheritable" in the exec'ing
process at exec time. The exec'ed process just copies the handle values
and resets handle inheritance to "non-inheritable". The exec'ing
process doesn't have to reset handle inheritance, it exits after setting
up the exec'ed process anyway.
Testcase: $ ssh-agent /bin/sleep 3
ssh-agent forks and the parent exec's sleep. After sleep exits, `ps'
should show ssh-agent to have PPID 1, and eventually ssh-agent exits.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Rather than waiting for signalfd_select_wait in a thread, which is racy,
create a global event "my_pendingsigs_evt" which is set and reset by
wait_sig depending only on the fact if blocked signals are pending or not.
This in turn allows to WFMO on this event in select as soon as signalfds
are present in the read descriptor set. Select's peek and verify
will then check if one of the present signalfds is affected.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
During fork, the child process requires the process table to be
initialized for fixup_shms_after_fork, while still allowing subsequent
dlls.load_after_fork to fail silently (for when the "forkable" hardlinks
are not created yet).
pinfo::remember not performing reattach anymore requires explicit
pinfo::reattach now where appropriate.
Prepares to improve "Cygwin: fork: Remember child not before success."
commit f03ea8e1c5, which leads to fork
problems if cygserver is running:
https://cygwin.com/ml/cygwin-patches/2019-q2/msg00155.html
The sigpending mechanism failed to check if the pending signal was a
process-wide signal, or a signal for the curent thread. Fix that by
adding a matching conditional to wait_sig's __SIGPENDING code.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
So far sig_send's return type is int. The problem with this is
that sig_send returns a sigset_t on __SIGPENDING, and sigset_t
is defined as long type. So the function only returns the lower
32 bit of sigset_t, which is fine on 32 bit, but casts away the
pending RT signals on 64 bit.
Fix this by changing the return type of sig_send to sigset_t, so
as not to narrow down the sigset when returning from handling
__SIGPENDING. Make sure to cast correctly in all invocations
of sig_send.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
To support in-cygwin package managers, the fork() implementation must
not rely on .exe and .dll files to stay in their original location, as
the package manager's job is to replace these files. Instead, when the
first fork try fails, and we have NTFS, we use hardlinks to the original
binaries in /var/run/cygfork/ to create the child process during the
second fork try, along the main.exe.local file to enable the "DotLocal
Dll Redirection" feature for the dlls.
The (probably few) users that need an update-safe fork manually have to
create the /var/run/cygfork/ directory for now, using:
mkdir --mode=a=rwxt /var/run/cygfork
* child_info.h: Bump CURR_CHILD_INFO_MAGIC.
(enum child_status): Add _CI_SILENTFAIL flag.
(struct child_info): Add silentfail setter and getter.
* winsup.h (child_copy): Add bool silentfail parameter.
* cygheap.cc: Pass silentfail parameter to child_copy.
* dcrt0.cc: Ditto.
* dll_init.h (struct dll): Define public inline method forkedntname.
(struct dll_list): Declare private method find_by_forkedntname.
* dll_init.cc (struct dll_list): Implement find_by_forkedntname.
(dll_list::alloc): Use find_by_forkedntname when in load after fork.
(dll_list::load_after_fork_impl): Load dlls using dll::forkedntname.
* fork.cc (frok::parent): Set silentfail child info flag. Pass
silentfail parameter to child_copy. Use forkedntname of
dlls.main_executable.
(fork): When first dofork run failed and did not use forkables,
run dofork again with_forkables set to true.
(child_copy): Use debug_printf if silentfail is true,
system_printf otherwise.
VirtualQueryEx, called by fixup_mmaps_after_fork, requires
PROCESS_QUERY_INFORMATION permissions per MSDN. However, testing
shows that PROCESS_QUERY_LIMITED_INFORMATION is sufficient when
running the same code on Windows 8.1 or Windows 10. Fix the code
to give the forked child always PROCESS_QUERY_INFORMATION perms
on Windows Vista/7 and respective server releases.
Revert now unneeded patch to check_token_membership as well.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Keeping an inheritable handle open results in that handle being
spilled over into grandchild processes, which is not desired.
Duplicate original parent handle into a non-inheritable one with
minimal SYNCHRONIZE permissions and close the original handle.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- Exec'ed/spawned processes don't need PROCESS_DUP_HANDLE. Remove that
permission from the parent handle.
- PROCESS_QUERY_LIMITED_INFORMATION doesn't work for Windows 7 if the
process is started as a service. Add PROCESS_QUERY_INFORMATION for
pre-Windows 8 in that case.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Bump GPLv2+ to GPLv3+ for some files, clarify BSD 2-clause.
Everything else stays under GPLv3+.
New Linking Exception exempts resulting executables from LGPLv3 section 4.
Add CONTRIBUTORS file to keep track of licensing.
Remove 'Copyright Red Hat Inc' comments.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This reverts commit 0008bdea02.
This patch introduced a regression. Calling FOO=$(...) in zsh hangs
indefinitely and has to be killed forcefully.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
G++ 6.0 asserts that the "this" pointer is non-null for member
functions.
Refactor methods that check if "this" is non-null to resolve this.
winsup/cygwin/ChangeLog:
external.cc (cygwin_internal): Check for a null pinfo before calling
cmdline.
fhandler_dsp.cc (Audio::blockSize): Make static.
fhandler_dsp.cc (Audio_in): add default_buf_info.
fhandler_dsp.cc (Audio_out): Ditto.
fhandler_dsp.cc (Audio_out::buf_info): Refactor method to call
default_buf_info if dev_ is null.
fhandler_dsp.cc (Audio_in::buf_info): Ditto.
fhandler_dsp.cc (fhandler_dev_dsp::_ioctl): Call Audio_out::default_buf_info if audio_out_ is null.
fhandler_dsp.cc (fhandler_dev_dsp::_ioctl): Call Audio_in::default_buf_info if audio_in_ is null.
fhandler_process.cc (format_process_fd): Check if pinfo is null.
fhandler_process.cc (format_process_root): Ditto.
fhandler_process.cc (format_process_cwd): Ditto.
fhandler_process.cc (format_process_cmdline): Ditto.
signal.cc (tty_min::kill_pgrp): Ditto.
signal.cc (_pinfo::kill0): Ditto.
sigproc.cc (pid_exists): Ditto.
sigproc.cc (remove_proc): Ditto.
times.cc (clock_gettime): Ditto.
times.cc (clock_getcpuclockid): Ditto.
path.cc (cwdstuff::override_win32_cwd): Check if old_cwd is null.
path.cc (fcwd_access_t::Free): Factor null check of "this" out to
caller(s).
pinfo.cc (_pinfo::exists): Ditto.
pinfo.cc (_pinfo::fd): Ditto.
pinfo.cc (_pinfo::fds): Ditto.
pinfo.cc (_pinfo::root): Ditto.
pinfo.cc (_pinfo::cwd): Ditto.
pinfo.cc (_pinfo::cmdline): Ditto.
signal.cc (_pinfo::kill): Ditto.
pinfo.cc (_pinfo::commune_request): remove non-null check on "this", as
this method is only called from pinfo.cc after null checks
pinfo.cc (_pinfo::pipe_fhandler): remove non-null check on "this", as
this method is only called from pipe.cc (fhandler_pipe::open) after a null check.
Signed-off-by: Peter Foley <pefoley2@pefoley.com>
* sigproc.cc (pending_signals::clear): Yet another fix to fix the fix.
Actually iterate over the list of pending signals even if there's a
signal which doesn't have to be cleared. Other than that, revert loop
to it's former self as a while loop.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
having a new type threadlist_t *. Convert commented out code into an
#if 0. Create thread mutex. Explain why.
(init_cygheap::remove_tls): Drop timeout value. Always wait infinitely
for tls_sentry. Return mutex HANDLE of just deleted threadlist entry.
(init_cygheap::find_tls): New implementation taking tls pointer as
search parameter. Return threadlist_t *.
(init_cygheap::find_tls): Return threadlist_t *. Define ix as auto
variable. Drop exception handling since crash must be made impossible
due to correct synchronization. Return with locked mutex.
* cygheap.h (struct threadlist_t): Define.
(struct init_cygheap): Convert threadlist to threadlist_t type.
(init_cygheap::remove_tls): Align declaration to above change.
(init_cygheap::find_tls): Ditto.
(init_cygheap::unlock_tls): Define.
* cygtls.cc (_cygtls::remove): Unlock and close mutex when finishing.
* exceptions.cc (sigpacket::process): Lock _cygtls area of thread before
accessing it.
* fhandler_termios.cc (fhandler_termios::bg_check): Ditto.
* sigproc.cc (sig_send): Ditto.
* thread.cc (pthread::exit): Ditto. Add comment.
(pthread::cancel): Ditto.
solution.
* miscfuncs.cc (thread_wrapper): Ditto.
* sigproc.cc (exit_thread): Disable sending a signal for synchronization
with process exit. Explain why. Keep code in for later inspection,
should the problem show up again.
(sig_send): Use "tls", rather than "tid" as name for _cygtls arg.
Ken Brown
Takashi Yano
Corinna Vinschen
Michael Haubenwallner
Peter Foley