Per https://cygwin.com/pipermail/cygwin-developers/2021-October/012429.html,
we may encounter a crash when starting multiple threads during process
startup (here: fhandler_fifo::fixup_after_{fork,exec}) which in turn
allocate memory via malloc.
The problem is concurrent usage of malloc before the malloc muto has
been initialized.
To fix this issue, convert the muto to a SRWLOCK and make sure it is
statically initalized. Thus, malloc can be called as early as necessary
and malloc_init is only required to check for user space provided malloc.
Note that this requires to implement a __malloc_trylock macro to be
called from fork.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This patch unifies the layout of the clipboard descriptor cygcb_t for
32- and 64-bit Cygwin. It allows correct copy/paste between the two
environments without corruption of user's copied data and without access
violations due to interpreting that data as a size field.
The definitions of CYGWIN_NATIVE and cygcb_t are moved to a new include
file, sys/clipboard.h. The include file is used by fhandler_clipboard.cc
as well as getclip.c and putclip.c in the Cygwin cygutils package.
When copy/pasting between 32- and 64-bit Cygwin environments, both must
be running version 3.3.0 or later for successful operation.
- The commit b531d6b0 introduced temporary_query_hdl() which uses
SystemHandleInformation. With this patch, ProcessHandleInformation
rather than SystemHandleInformation is used if it is available.
This request is faster, however, is only available since Windows 8,
therefore, SystemHandleInformation is used for Windows Vista and 7
as before.
- The commit f79a4611 introduced query_hdl, which is the read pipe
handle kept in the write pipe instance in order to determine if
the pipe is ready to write in select(). This implementation has
a potential risk that the write side fails to detect the closure
of the read side if more than one writer exists and one of them
is a non-cygwin process.
With this patch, the strategy of commit f79a4611 is used only if
the process is running as a service. For a normal process,
instead of keeping query_hdl in the write pipe instance, it is
retrieved temporarily when select() is called. Actually, we
want to use tenporary query_hdl for all processes, however, it
does not work for service processes due to OpenProcess()
failure.
open_setup is called by dtable::init_std_file_from_handle and
fhandler_base::open_with_arch. In both cases, failure of open_setup
is now a fatal error.
Currently this can only happen in the following situation: A Cygwin
process is started by a non-Cygwin process, one of the standard IO
handles is a pipe handle, and Cygwin is unable to create a required
mutex (read_mtx or hdl_cnt_mtx).
- query_hdl and hdl_cnt_mtx are moved from fhandler_pipe_fifo to
fhandler_pipe. Then reader_closed() is changed to virtual and
overridden in fhandler_pipe.
- This patch fixes the race issue in the handle counting to detect
closure of read pipe, which is introduced by commit f79a4611.
A mutex hdl_cnt_mtx is introduced for this issue.
- Currently, the stderr handle is duplicated in close_all_files().
This interferes the handle counting for detecting closure of read
pipe, which is introduced by commit f79a4611. This patch stops
duplicating stderr handle if it is write pipe.
NtQueryInformationFile hangs if it's called on the read side handle of
a pipe while another thread or process is performing a blocking read.
Avoid select potentially hanging by calling NtQueryInformationFile
only on the write side of the pipe and using PeekNamedPipe otherwise.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- In pipe_data_available() in select.cc, PeekNamedPipe() call is
not needed if WriteQuotaAvailable is non-zero because we already
know the write pipe has a space. Therefore, with this patch,
PeekNamedPipe() is called only when WriteQuotaAvailable is zero.
This makes select() on pipe faster a bit.
- Currently, raw_read(), raw_write() and close() release select_sem
unconditionally even if no waiter for select_sem exists. With this
patch, only the minimum number of semaphores required is released.
- Usually WriteQuotaAvailable retrieved by NtQueryInformationFile()
on the write side reflects the space available in the inbound buffer
on the read side. However, if a pipe read is currently pending,
WriteQuotaAvailable on the write side is decremented by the number
of bytes the read side is requesting. So it's possible (even likely)
that WriteQuotaAvailable is 0, even if the inbound buffer on the
read side is not full. This can lead to a deadlock situation:
The reader is waiting for data, but select on the writer side
assumes that no space is available in the read side inbound buffer.
Currently, to avoid this stuation, read() does not request larger
block than pipe size - 1. However, this mechanism does not take
effect if the reader side is non-cygwin app.
The only reliable information is available on the read side, so
fetch info from the read side via the pipe-specific query handle
(query_hdl) introduced.
If the query_hdl (read handle) is kept in write side, writer can
not detect closure of read pipe. Therefore, raw_write() counts
write handle and query_hdl. If they are equal, only the pairs of
write handle and query_hdl are alive. In this case, raw_write()
returns EPIPE and raises SIGPIPE.
- Nonblocking pipes (PIPE_NOWAIT) are not well handled by non-Cygwin
tools, so convert pipe handles to PIPE_WAIT handles when spawning
a non-Cygwin process.
We already fetched the correct SECURITY_ATTRIBUTES at the start of
fhandler_pipe::create, so using another SECURITY_ATTRIBUTES object for
the mutex and semaphore objects doesn't make much sense.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
select_sem gets created on the read side with inheritence settings
depending on the O_CLOEXEC flag. Then it gets duplicated to the write
side with unconditional inheritence. Fix that.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Fold all code branches potentially having read or written data into
a single if branch, so signalling select_sem catches all cases.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Rename fhandler_pipe_and_fifo::max_atomic_write to pipe_buf_size.
This reflect its actual meaning better. The fhandler_pipe_and_fifo
constructor initializes it to DEFAULT_PIPEBUFSIZE (== 64K), which is
the buffer size for the windows pipes created by fhandler_pipe and
fhandler_fifo. But if we inherit a stdio pipe handle from a
non-Cygwin process, the buffer size could be different.
To remedy this, add a method fhandler_pipe::set_pipe_buf_size that
queries the OS for the pipe buffer size, and use it in
dtable::init_std_file_from_handle.
Given we return 1 already if WriteQuotaAvailable is > 0, the condition
for tiny pipes is never true. Fix the comments.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
In blocking mode, the underlying IO must always be terminated,
one way or the other, to make sure the application knows the exact
state after returning from the IO function. Therefore, always call
CancelIo in blocking mode.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Just cancelling a thread doesn't cancel async IO started by this thread.
Fix this by returning from cygwait and calling CancelIo before canceling
self.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- By guarding read with read_mtx, no more than one ReadFile can
be called simultaneously. So couting read handles is no longer
necessary.
- Make raw_read code as similar as possible to raw_write code.
This is a parent of fhandler_pipe and fhandler_fifo for code that is
common between the two classes. Currently it just contains
max_atomic_write and raw_write(). The latter is identical to what
used to be fhandler_pipe::raw_write().
FILE_PIPE_LOCAL_INFORMATION::WriteQuotaAvailable is unreliable.
Usually WriteQuotaAvailable on the write side reflects the space
available in the inbound buffer on the read side. However, if a
pipe read is currently pending, WriteQuotaAvailable on the write side
is decremented by the number of bytes the read side is requesting.
So it's possible (even likely) that WriteQuotaAvailable is 0, even
if the inbound buffer on the read side is not full. This can lead to
a deadlock situation: The reader is waiting for data, but select
on the writer side assumes that no space is available in the read
side inbound buffer.
This patch implements a workaround by never trying to read more than
half the buffer size blocking if the read buffer is empty. This first
cut tries to take the number of open readers into account by reducing
the amount of requested bytes accordingly.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
POSIX requires atomicity for non-blocking writes <= PIPE_BUF bytes
and writing of at least 1 byte if any buffer space is left.
Windows NtWriteFile returns STATUS_SUCCESS and "0 bytes written"
if the write doesn't match buffer space. Fix this discrepancy.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The buffer pointer is incremented by "chunk", which is what we
typically try to write, but this isn't what actually got written.
Increment the buffer pointer by what we actually wrote, as returned
by NtWriteFile.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
get_obj_handle_count() is used in flock only so far, but pipe
handling might have a usage, too, soon. Given that this function
might be generally useful and isn't restricted to flock usage,
move it to miscfuncs.cc and make it non-static. Add a prototype
in miscfuncs.h.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
I wasted valuable minutes of my life just to find out why we export
this weird version of pipe. In the pre-2000 era the idea was Cygwin
could be used as drop-in replacement for msvcrt.dll, apparently.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The read handles of pipes created by CreateNamedPipe don't have
FILE_WRITE_ATTRIBUTES access unless the pipe is created with
PIPE_ACCESS_DUPLEX. This causes set_pipe_non_blocking to fail on such
handles. To fix this, add a helper function nt_create, which uses
NtCreateNamedPipeFile instead of CreateNamedPipe and gives us more
flexibility in setting access rights.
Use this helper function in fhandler_pipe::create (fhandler_pipe *[2],
unsigned, int), which is the version of fhandler_pipe::create used by
the pipe and pipe2 system calls.
For convenience, also add a static member function
fhandler_pipe::npfs_handle similar to those used by fhandler_fifo and
fhandler_socket_unix.
Add methods 'set_pipe_non_blocking' and 'fcntl' to keep the blocking
mode of the Windows pipe in sync with that of the fhandler_pipe
object. This applies to pipes created with the 'pipe' and 'pipe2'
system calls.
Previously fhandler_pipe was derived from fhandler_base_overlapped,
which we are going to remove in a future commit. Make minimal changes
so that the build still succeeds.
In https://cygwin.com/pipermail/cygwin/2021-September/249361.html
Brian pointed out that initializing the structure would be more
future proof, should the developers at Microsoft ever decide to
split the Reserved field and use some bits of the struct for
other purposes.
Fixes: 3d322ac930 ("Cygwin: fix initializing MEM_EXTENDED_PARAMETER")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
MEM_EXTENDED_PARAMETER consists of a 64 bit bitfield which contains
the Type and the Reserved members. The former usage of designated
initializer lists initialized Type, but not Reserved. Since that's
not possible anymore due to a g++ 11.2 bug, Cygwin initializes the
MEM_EXTENDED_PARAMETER structs explicitely. This results in a
random value in Reserved, which at least VirtualAlloc2 chokes on
(ERROR_INVALID_PARAMETER).
Set Reserved explicitely to 0 for a fix.
Fixes: bdb7991db3 ("Cygwin: workaround a g++ 11.2 initialization bug")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The handle is created non-inheritable but gets inheritable when
dup'ing the file descriptor. Fix that.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Modern gcc's generate additional DWARF 5 debug sections, which were
still missing in our Cygwin loader script. With ld from binutils 2.37,
this results in diagnostic output when linking the Cygwin DLL...
ld: cygwin0.dll:/4: section below image base
ld: cygwin0.dll:/20: section below image base
ld: cygwin0.dll:/36: section below image base
...and the section addresses given to these sections (.debug_loclists,
.debug_rnglists, debug_line_str) will be wrong.
Fix this by adding the missing DWARF 5 sections to our linker script
template cygwin.sc.in. Add a comment in terms of the deprecated
DWARF 4 section .debug_types.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Signed-off-by: Jon Turney <jon.turney@dronecode.org.uk>
This was used before switching to automake to allow easy tweaking
of optimization and debugging settings from the command line during
testing. Reenable.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
trying to use aggregate initialization syntax on a member of a
nameless union member failes in g++ 11.2.
Workaround this by using explicit initialization.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The GCC diagnostic ignored "-Wstringop-overflow" pragma doesn't work
as expected anymore. Use the still working expression.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The register keyword was already deprecated with C++11, but
with C++17 it has been entirely removed.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Revert mx parameter and mutex lock while operating the list.
Mutex was removed with 94d24160 informing that:
'Use InterlockedCompareExchangePointer to ensure race safeness
without using a mutex.'
But it does not.
Calling pthread_mutex_init and pthread_mutex_destroy from two or
more threads occasionally leads to hang in pthread_mutex_destroy.
To not change the behaviour of other cases where List_insert was called,
List_insert_nolock is added.
As outlined in the previous patch, the non-atomicity of iterating
over a directory in the NT namespace via NtQueryDirectoryObject
one entry each, results in potential duplication of directory entries.
Fix this for fhandler_procsys::readdir as well by fetching the entire
dir inside fhandler_procsys::opendir, storing it in a buffer, and just
return buffer content from fhandler_procsys::readdir.
Fixes: 43f65cdd7d ("fhandler_procsys.cc: New file.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Due to reports on the Cygwin mailing list[1][2], it was uncovered
that a NtOpenDirectoryObject/NtQueryDirectoryObject/NtClose sequence
with NtQueryDirectoryObject iterating over the directory entries,
one entry per invocation, is not running atomically. If new entries
are inserted into the queried directory, other entries may be moved
around and then accidentally show up twice while iterating.
Change (almost) all NtQueryDirectoryObject invocations so that it gets
a really big buffer (64K) and ideally fetches all entries at once.
This appears to work atomically.
"Almost" all, because fhandler_procsys::readdir can't be easily changed.
[1] https://cygwin.com/pipermail/cygwin/2021-July/248998.html
[2] https://cygwin.com/pipermail/cygwin/2021-August/249124.html
Fixes: e9c8cb3193 ("(format_proc_partitions): Revamp loop over existing harddisks by scanning the NT native \Device object directory and looking for Harddisk entries.")
Fixes: a998dd7055 ("Implement advisory file locking.")
Fixes: 3b7cd74bfd ("(winpids::enum_processes): Fetch Cygwin processes from listing of shared cygwin object dir in the native NT namespace.")
Fixes: 0d6f2b0117 ("syscalls.cc (sync_worker): Rewrite using native NT functions.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Commit 3434d35a64 fixed a problem when
accessing block devices via their /proc/sys/Device entries. This
changed the way stat info is generated for these devices, resulting
in identical inode numbers for all block devices under /proc/sys/Device.
This patch fixes that by faking a device number for these devices, just as
before.
Fixes: 3434d35a64 ("Cygwin: Fix access to block devices below /proc/sys.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Make sure to cast to ulong all DWORD values displayed with format "%lu".
More instances are fixed here than in either my earlier unused patch or
Corinna's patch. I decided to use typedef..ulong for more compact code.
Address jturney's reported small issues:
- Remove explicit external ref for cygwin_internal() as it is already
provided by <sys/cygwin.h>.
- Leave intact ref for cygwin_dll_path[] as it is required by function(s)
in path.cc that profiler uses. Added comment to that effect.
- Delete existing main() wrapper. Rename main2() to main(). This because
profiler is now a Cygwin program and doesn't need to dynamically load
cygwin1.dll.
- Documentation issues will be addressed in a separate xml patch.
(I would have linked message-ids of Corinna's and Jon's messages for
proper theading but I no longer have their original emails and the mail
archives don't show msgids any more.)
The doc for gmondump says 1 or more FILENAME are expected, but 0 is
handled. That's an oversight. Make invocation with 0 FILENAMEs print a
one-line help message.
Reword the beginning of profiler's description doc to clarify target's
child processes are run but only optionally profiled.
If a service is supported as TCP and UDP service, GetAddrInfo does not
return two entries, one for TCP, one for UDP, as on Linux. Rather, it
just returns a single entry with ai_socktype and ai_protocol set to 0.
If the service only exists as TCP or UDP service, then ai->ai_socktype
is set, but ai_protocol isn't.
Fortunately we copy over the result from Windows into local storage
anyway, so this patch adds code to fix up the fields neglected by
Windows. In case ai_socktype as well as ai_protocol are 0, duplicate
the entry with valid values for ai_socktype and ai_protocol.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>