The new proc fd code accidentally allowed to linkat an O_TMPFILE
even if the file has been opened with O_EXCL. This patch fixes it.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
move special fd symlink code into own fhandler_process_fd class
to simplify further additions to /proc/PID/fd/DESCRIPTOR symlink
handling.
Add a method to handle stat(2) on such a proc fd symlink by handle.
This allows correct reply from stat(2) if the target file has been
deleted. This eventually fixes `awk -f /dev/fd/3 3<<eof'.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
path_conv now sets the PATH_RESOLVE_PROCFD flag in path_flags if
the PC_SYM_NOFOLLOW_PROCFD pathconv_arg flag has been set on input
*and* the file is actually a proc fd symlink.
Add matching path_conv::follow_fd_symlink method for checking and
use it in open(2).
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- Remove another unfortunate amalgamation: Mount flags (MOUNT_xxx)
are converted to path_types (PATH_xxx) and mixed with non-mount
path_types flags in the same storage, leading to a tangled,
pell-mell usage of mount flags and path flags in path_conv and
symlink_info.
- There's also the case of PC_NONULLEMPTY. It's used in exactly
one place with a path_conv constructor only used in this single
place, just to override the automatic PC_NULLEMPTY addition
when calling the other path_conv constructors. Crazily,
PC_NONULLEMPTY is a define, no path_types flag, despite its
name.
- It doesn't help that the binary flag exists as mount and path
flag, while the text flag only exists as path flag. This leads
to mount code using path flags to set text/binary. Very confusing
is the fact that a text mount/path flag is not actually required;
the mount code sets the text flag on non binary mounts anyway, so
there are only two states. However, to puzzle people a bit more,
path_conv::binary wrongly implies there's a third, non-binary/non-text
state.
Clean up this mess:
- Store path flags separately from mount flags in path_conv and
symlink_info classes and change all checks and testing inline
methods accordingly.
- Make PC_NONULLEMPTY a simple path_types flag and drop the
redundant path_check constructor.
- Clean up the definition of pathconv_arg, path_types, and mount flags.
Use _BIT expression, newly define in cygwin/bits.h.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
There's an unfortunate amalgamation of caller-provided pathconv_arg
flags with path_types flags which in turn are mostly mount flags.
This leads to a confusion of flag values in sylink_info::pflags and,
in turn, in path_conv::path_flags.
This patch decouples pathconv_flags from the other flags by making
sure that a pathconv_flag is never copied into a variable used for
path_types flags. Also, remove PATH_NO_ACCESS_CHECK since it's
not necessary.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Along the same lines as the previous patch: By reopening an
O_TMPFILE by handle, we can now move the file to the bin at
open time and thus free'ing up the parent dir and *still*
open the file as /proc/PID/fd/DESCRIPTOR by linkat(2).
Allows expressions along the lines of `cat /proc/self/fd/0 <<EOF'.
The problem here is that the temporary file used for the here script
has already been deleted by the shell. Opening by filename, as
implemented so far, doesn't work because the file has been moved
to the bin.
Allow reopening files by handle the same way from another process
as long as we have sufficient permissions on the foreign process.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
To allow reopening a file open in another process by HANDLE, introduce
a matching file_pathconv method, taking a file descriptor as parameter.
The result is a serialized path_conv and a HANDLE value. The HANDLE is
valid in the foreign process and MUST be duplicated into the target
process before usage.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
So far io_handle is NULL when calling fhandler_base::open to
open or create a file. Add a check for io_handle to allow
priming the fhandler with a HANDLE value so we can reopen a
file from a HANDLE on file systems supporting it. This allows
to open already deleted files for further action. This will
be used by open("/proc/PID/fd/DESCRIPTOR") scenarios.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The commit message of commit 07e0a9584f
and the expectation set therein, are wrong.
There's no POSIX semantics allowing to link a file with a link
count of 0 and making it available in the file system again.
In fact, the Linux linkat extension AT_EMPTY_PATH explicitely
disallows to link a file descriptor to a file with a link count
of 0, except for O_TMPFILE without O_EXCL.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This patch significantly improves performance of memmem using a novel
modified Horspool algorithm. Needles up to size 256 use a bad-character
table indexed by hashed pairs of characters to quickly skip past mismatches.
Long needles use a self-adapting filtering step to avoid comparing the whole
needle repeatedly.
By limiting the needle length to 256, the shift table only requires 8 bits
per entry, lowering preprocessing overhead and minimizing cache effects.
This limit also implies worst-case performance is linear.
Small needles up to size 2 use a dedicated linear search. Very long needles
use the Two-Way algorithm (to avoid increasing stack size inlining is now disabled).
The performance gain is 6.6 times on English text on AArch64 using random
needles with average size 8 (this is even faster than the recently improved strstr
algorithm, so I'll update that in the near future).
The size-optimized memmem has also been rewritten from scratch to get a
2.7x performance gain.
Tested against GLIBC testsuite and randomized tests.
Message-Id: <DB5PR08MB1030649D051FA8532A4512C883B20@DB5PR08MB1030.eurprd08.prod.outlook.com>
- Turns out, the definition of POSIX unlink semantics is half-hearted
so far: It's not possible to link an open file HANDLE if it has
been deleted with POSIX semantics, nor is it possible to remove
the delete disposition. This breaks linkat on an O_TMPFILE.
Tested with W10 1809.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
On Windows 10 1803 and later, create dirs under the Cygwin
installation dir as case sensitive, if WSL is installed.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- short-circuit most code in unlink_nt since it's not necessary
anymore if FILE_DISPOSITION_POSIX_SEMANTICS is supported.
- Immediately remove O_TMPFILE from filesystem after creation.
Disable code for now because we have to implement /proc/self/fd
opening by handle first, lest linkat fails.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Newer FAT32 and exFAT add FILE_SUPPORTS_ENCRYPTION to their
flags which wasn't handled by Cygwin yet.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Various new file info class members adding important POSIX semantics
have been added with W10 1709. We may want to utilize them, so add
a matching wincaps.
Rearrange checking the W10 build number to prefer the latest builds
over the older builds. Rename wincap_10 to wincap_10_1507 for
enhanced clarity.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
- Add missing members added in later OS versions
- Rearrange accompanying FILE_foo_INFORMATION structs
ordered by info class
- Add promising FILE_foo_INFORMATION structs of later
Windows 10 releases plus accompanying enums
- Drop "Checked on 64 bit" comments since that's self-evident
these days
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
FreeBSD uses a 64-bit ino_t since 2017-05-23. We need this for the
pipe() support in libbsd.
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
Various structures exported by sysctl_rtsock() contain padding fields
which were not being zeroed.
Reported by: Thomas Barabosch, Fraunhofer FKIE
Reviewed by: ae
MFC after: 3 days
Security: kernel memory disclosure
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D18333
The check for the TEB being allocated beyond the first 2GB area is not
valid anymore. At least on W10 WOW64, the TEB is allocated in the
lower 2GB even in large-address aware executables. Use VirtualQuery
instead. It fails for invalid addresses so that's a simple enough test.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The threshold value at which powf overflows depends on the rounding mode
and the current check did not take this into account. So when the result
was rounded away from zero it could become infinity without setting
errno to ERANGE.
Example: pow(0x1.7ac7cp+5, 23) is 0x1.fffffep+127 + 0.1633ulp
If the result goes above 0x1.fffffep+127 + 0.5ulp then errno is set,
which is fine in nearest rounding mode, but
powf(0x1.7ac7cp+5, 23) is inf in upward rounding mode
powf(-0x1.7ac7cp+5, 23) is -inf in downward rounding mode
and the previous implementation did not set errno in these cases.
The fix tries to avoid affecting the common code path or calling a
function that may introduce a stack frame, so float arithmetics is used
to check the rounding mode and the threshold is selected accordingly.
for {n,u,m}stosbt
Integer overflows and wrong constants limited the accuracy of these
functions and created situatiosn where sbttoXs(Xstosbt(Y)) != Y. This
was especailly true in the ns case where we had millions of values
that were wrong.
Instead, used fixed constants because there's no way to say ceil(X)
for integer math. Document what these crazy constants are.
Also, use a shift one fewer left to avoid integer overflow causing
incorrect results, and adjust the equasion accordingly. Document this.
Allow times >= 1s to be well defined for these conversion functions
(at least the Xstosbt). There's too many users in the tree that they
work for >= 1s.
This fixes a failure on boot to program firmware on the mlx4
NIC. There was a msleep(1000) in the code. Prior to my recent rounding
changes, msleep(1000) worked, but msleep(1001) did not because the old
code rounded to just below 2^64 and the new code rounds to just above
it (overflowing, causing the msleep(1000) to really sleep 1ms).
A test program to test all cases will be committed shortly. The test
exaustively tries every value (thanks to bde for the test).
Sponsored by: Netflix, Inc
Differential Revision: https://reviews.freebsd.org/D18051
of the result rather than the floor(). Returning the floor means that
sbttoX(Xtosbt(y)) != y for almost all values of y. In practice, this
results in a difference of at most 1 in the lsb of the sbintime_t. This
difference is meaningless for all current users of these functions, but
is important for the newly introduced sysctl conversion routines which
implicitly rely on the transformation being idempotent.
Sponsored by: Netflix, Inc
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
and decimal time units. Use them in some existing code that is
vulnerable to roundoff errors.
The existing constant SBT_1NS is a honeypot, luring unsuspecting folks into
writing code such as long_timeout_ns*SBT_1NS to generate the argument for a
sleep call. The actual value of 1ns in sbt units is ~4.3, leading to a
large roundoff error giving a shorter sleep than expected when multiplying
by the trucated value of 4 in SBT_1NS. (The evil honeypot aspect becomes
clear after you waste a whole day figuring out why your sleeps return early.)
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
While reformatting the script, backticks `` were replaced with
brackets $(). This in turn invalidated the \\( ... \\) expressions in the
sed script because backslash resolution in $() works differently from
backslash resolution in ``. Only a single backslash is valid now.
While at it, fix up the uname(2) date representation when building a
snapshot.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>