| Age | Commit message (Collapse) | Author |
|---|
|
|
|
This reverts commit 33c30b4ff76ca22bdedce4aa41d05736a546d86b.
|
|
Message-ID: <20231124213041.952886-3-flaviocruz@gmail.com>
|
|
works on x86_64.
Message-ID: <ZVlHm2xuVaS8SItY@jupiter.tail36e24.ts.net>
|
|
This makes netfs_[gs]et_translator use mach_msg_type_number_t like
the RPC and diskfs. This also makes the fshelp_fetch_root_callback1_t
for fshelp_fetch_root use mach_msg_type_number_t.
This also makes procfs_get_translator and the get_translator proc method
use mach_msg_type_number_t.
This makes diskfs_get_directs use mach_msg_type_number_t like the
dir_readdir RPC
Also get rid of u_int.
This notably fixes _diskfs_translator_callback1_fn's bogus cast of
size_t *argz_len into (u_int *).
|
|
Message-Id: <20230508213136.608575-5-bugaevc@gmail.com>
|
|
Message-Id: <ZFLcIs0iwiC9kQDf@jupiter.tail36e24.ts.net>
|
|
function declarations.
Most of the changes land in one of these buckets:
* Removed unused declarations.
* Used (void) to represent no parameters instead of () which means an
undeterminate number of parameters.
* Included missing header files whenever necessary (stdlib.h,
sys/mman.h, etc)
* Typedefed function pointers to be able to fully declare the parameter
types.
* Added declarations of library functions that are used elsewhere
(example is libps/ps.h).
* Made functions static whenever they are only used in that file.
* Forwarded declarations of some methods that were made static.
Message-Id: <ZDD1o7/tVYeZew+G@jupiter.tail36e24.ts.net>
|
|
Also add -Werror=old-style-definition to enforce new code.
Message-Id: <ZBZ+8xf7GHy2RT/h@jupiter.tail36e24.ts.net>
|
|
For coherency with the existing RPCs
|
|
And add proc_complete_reauthentication ()
|
|
Now that it's completely unused.
procinfo.owner is now simply set to the first UID that a process has.
proc_setowner () is kept for compatibility, but now does nothing.
The clients still try to call it, though, for compatibility with older
proc server versions.
|
|
exec_reauth () is supposed to reauthenticate the given ports and file
descriptors with a new authentication. If the secure flag is set, this
reauthentication is happening for a future exec with the EXEC_SECURE
flag.
Now that the exec server uses proc_reauthenticate_reassign (), the process
reauthentication is done atomically with task reassignment by the exec
server. So stop doing it inside exec_reauth ().
This fixes a vulnerability where a process was able to use its
reauthenticated proc port before it got exec'ed over.
|
|
While fshelp_start_translator_long () has been calling proc_setowner () on the
task it creates, it has never reauthenticated its process. This meant that the
translator, once started, could access processes authenticated same as the
process that called fshelp_start_translator_long (). In particular, this means
that any unprivileged translator started by a privileged parent translator had
in fact had a privileged proc port, and could access other processes through
it.
With this change, fshelp_start_translator_long () will now reauthenticate the
process it creates. Moreover, it will now respect a custom proc server port
passed in the given ports.
|
|
|
|
It only really supports ports_len > INIT_PORT_BOOTSTRAP,
ports_type == MACH_MSG_TYPE_COPY_SEND, fds_type == MACH_MSG_TYPE_COPY_SEND.
Make that explicit, and remove the branches that tried to handle the other
cases.
|
|
|
|
We need to be extremely careful with auth ports since leaking them into
subprocesses may expose a root-auth port to non-root processes.
Notably, get_nonsugid_ids was caching it, thus preventing glibc's exec
implementation from dropping it. Login is also reimplementing hurdexec
but without all the cloexec logic.
This commit fixes various auth leaks.
|
|
This reverts commit 7b9011628ec0dea3e01b19b75013ce5cf5b9c841.
We do want to release dead names, and not report the KERN_INVALID_RIGHT
error, just return that there is no translator any more.
As suggested by Sergey Bugaev
|
|
The commit [1] updated rlock.h and fshelp.h to use
FSHELP_DEFINE_EXTERN_INLINE but it's never defined
because FSHELP_EXTERN_INLINE is used in
libfshelp/extern-inline.c.
Update this file to use define FSHELP_DEFINE_EXTERN_INLINE.
[1] ca3d36201329f0e21b995d831ce9f6f03b6b985e
* libfshelp/extern-inline.c: define FSHELP_DEFINE_EXTERN_INLINE.
* libfshelp/fshelp.h: define FSHELP_EXTERN_INLINE __extern_inline
if FSHELP_DEFINE_EXTERN_INLINE is not defined.
* libfshelp/rlock.h: Likewise
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Samuel Thibault <samuel.thibault@gnu.org>
Message-Id: <20201120230347.2432672-1-romain.naour@gmail.com>
|
|
C99 extern inline semantic is different from GNU semantic, so we cannot
blindly write "extern inline".
* libfshelp/rlock.h (FSHELP_EXTERN_INLINE): Define to __extern_inline if
not already.
(rlock_list_init): Mark FSHELP_EXTERN_INLINE instead of extern inline.
* libfshelp/fshelp.h (FSHELP_EXTERN_INLINE): Define to __extern_inline
instead of extern inline.
* libfshelp/extern-inline.c: Include "rlock.h"
|
|
* libfshelp/fshelp.h (fshelp_rlock_init, fshelp_rlock_po_init,
fshelp_rlock_po_fini): Define when FSHELP_DEFINE_EXTERN_INLINE is
defined, not DISKFS_DEFINE_EXTERN_INLINE.
|
|
To make sure that threads have really woken up.
Spotted by Richard Braun.
* libfshelp/rlock-drop-peropen.c (fshelp_rlock_drop_peropen): Call
pthread_cond_destroy before freeing the condition variable.
* libfshelp/rlock-tweak.c (fshelp_rlock_tweak): Likewise.
|
|
fshelp_rlock_drop_peropen actually needs the node to be locked for
proper waiting atomicity.
|
|
When the last translator box contains a port to a died translator, we do
not want to consider this as a whole failure.
* libfshelp/translator-list.c (fshelp_get_active_translators): On
mach_port_mod_refs failure, reset err to 0.
|
|
* libfshelp/fshelp.h (fshelp_rlock_po_fini): New inline function.
* libdiskfs/peropen-rele.c (diskfs_release_peropen): Call fshelp_rlock_po_fini.
* libnetfs/release-peropen.c (netfs_release_peropen): Likewise.
|
|
* libfshelp/fshelp.h (fshelp_rlock_init, fshelp_rlock_po_init)
[!__USE_EXTERN_INLINES || DISKFS_DEFINE_EXTERN_INLINE]: Add prototypes.
|
|
* libfshelp/fshelp.h (fshelp_rlock_init, fshelp_rlock_po_init)
[!__USE_EXTERN_INLINES && !DISKFS_DEFINE_EXTERN_INLINE]: Do not define.
|
|
When len=0 and start is completely before an existing lock, there is no
interference.
* libfshelp/rlock-tweak.c (fshelp_rlock_tweak): Fix test when len=0.
|
|
2019-03-03 Svante Signell <svante.signell@gmail.com>
* rlock-tweak.c: Require write access for F_SETLK64 and
F_SETLKW64 according to POSIX-1003.1.
2019-02-12 Svante Signell <svante.signell@gmail.com>
* rlock-tweak.c: Comment out check of lock->l_type and open_mode
2019-02-01 Svante Signell <svante.signell@gmail.com>
* Update copyright years.
* 2018-12-07:
- Fix typo in fshelp_rlock_tweak.
- Move description of rendezvous to fshelp.h.
- Removed 64bit versions
2018-12-07 Svante Signell <svante.signell@gmail.com>
* Update copyright years.
* rlock-tweak.c (fshelp_rlock_tweak): Add new argument:
mach_port_t rendezvous.
2017-01-05 Svante Signell <svante.signell@gmail.com>
* Update copyright years and headers.
* rlock_tweak.c: l_pid is set to 0 when a conflicting lock
is taken by another process. Will be fixed by new proc RPCs.
2016-05-23 Svante Signell <svante.signell@gmail.com>
* rlock-drop-peropen.c: Port from cthreads to libpthread.
* rlock-tweak.c: Likewise
* fshelp.h: Likewise
* rlock.h: Likewise
2001-04-12 Neal H Walfield <neal@cs.uml.edu>
* fshelp.h (struct rlock_box): New structure.
(struct rlock_peropen): Likewise.
(fshelp_rlock_init): New function.
(fshelp_rlock_po_init): Likewise.
(fshelp_rlock_drop_peropen): Likewise.
(fshelp_rlock_tweak): Likewise.
(fshelp_rlock_peropen_status): Likewise.
(fshelp_rlock_node_status): Likewise.
* rlock-drop-peropen.c: New file. Implement
fshelp_rlock_drop_peropen.
* rlock-status.c: New file. Implement
fshelp_rlock_peropen_status and fshelp_rlock_node_status.
* rlock-tweak.c: New file. Implement fshelp_rlock_tweak.
* rlock.h: New file.
* extern-inline.c: New file.
* Makefile (installhdrs): Add rlock.h.
(SRCS): Add extern-inline.c, rlock-drop-peropen.c, rlock-tweak.c
and rlock-status.c.
|
|
* isofs/rr.c: Include <sys/sysmacros.h>.
* libdiskfs/file-set-trans.c: Likewise.
* libfshelp/fetch-root.c: Likewise.
* libnetfs/file-get-translator.c: Likewise.
* libnetfs/file-set-translator.c: Likewise.
* nfs/nfs.c: Likewise.
* nfs/ops.c: Likewise.
* storeio/storeio.c: Likewise.
* trans/fakeroot.c: Likewise.
|
|
* isofs/rr.c (rrip_work): Use gnu_dev_makedev instead of makedev.
* libdiskfs/file-set-trans.c (diskfs_S_file_set_translator): Likewise.
* libnetfs/file-set-translator.c (netfs_S_file_set_translator):
Likeiwse.
* nfs/nfs.c (xdr_decode_fattr): Likewise.
* storeio/storeio.c (parse_opt): Likewise.
* libfshelp/fetch-root.c (fshelp_short_circuited_callback1): Use
gnu_dev_major and gnu_dev_minor instead of major and minor.
* libnetfs/file-get-translator.c (netfs_S_file_get_translator):
Likewise.
* nfs/ops.c (netfs_attempt_link): Likewise.
* storeio/storeio.c (trivfs_append_args): Likewise.
* trans/fakeroot.c (netfs_attempt_mkdev): Likewise.
* pfinet/glue-include/linux/mm.h: Include <mach/vm_param.h>.
* term/users.c: Include <signal.h>
|
|
* libdiskfs/boot-start.c (diskfs_start_bootstrap): Fix printf format.
* libfshelp/delegate.c: Include <alloca.h> and <stdlib.h>.
* libfshelp/start-translator-long.c: Include <stdlib.h>.
* libshouldbeinlibc/ugids-verify-auth.c (server_verify_make_auth): Fix
prototypes for password_check_group and password_check_user.
* libstore/argp.c: Include <stdlib.h>.
* libstore/task.c: Include <stdlib.h>.
* exec/exec.c: Include <mach/vm_param.h>.
* libbpf/bpf_impl.c: Include <stdlib.h>.
* proc/info.c (S_proc_getloginpids): Remove local variables leader_task
and leader_sub.
* proc/main.c (main): Remove local variable original_argv.
* boot/boot.c (task_died, S_mach_notify_new_task): Fix printf format.
* exec/elfcore.c: Include <alloca.h> and <mach/vm_param.h>.
* trans/crash.c: Include <hurd/msg.h>.
* trans/random.c: Include <signal.h>.
* utils/login.c: Include <signal.h>.
* utils/id.c: Include <hurd/msg.h>.
* utils/devprobe.c: Include <stdlib.h>.
* utils/addauth.c: Include <hurd/msg.h>.
* utils/frobauth-mod.c: Include <hurd/msg.h>.
* utils/storeread.c: Include <stdlib.h>.
* utils/msgport.c: Include <hurd/msg.h>.
* sutils/clookup.c (file_name_lookup_carefully): Fix lookup function
prototype, make head and tail const.
* utils/rpcscan.c: Include <stdlib.h>.
* sutils/bless.c: Include <stdlib.h>.
* fstests/fstests.c: Include <stdlib.h>.
* startup/startup.c (argz_task_insert_right): Fix printf format.
* init/init.c: Include <stdlib.h>.
|
|
* hurd/fs.defs (file_exec): Deprecate in favor of...
(file_exec_paths): ...this new RPC.
* TODO: Update.
* doc/hurd.texi: Update RPC name.
* hurd/hurd_types.h: Update RPC name.
* libdiskfs/boot-start.c: Update RPC name.
* configure.ac: Check for presence of RPC stubs file_exec_paths exec_exec_paths.
* exec/hashexec.c (check_hashbang): When file_exec_paths is available, use it
instead of file_exec.
* startup/startup.c (run, run_for_real, start_child): Likewise.
* utils/login.c (main): Likewise.
* libfshelp/start-translator-long.c (fshelp_start_translator_long): Likewise.
* libdiskfs/file-exec.c (diskfs_S_file_exec): Move code to
new function diskfs_S_file_exec_paths and call it.
(diskfs_S_file_exec_paths): New function, use exec_exec_paths when available
instead of exec_exec
* libnetfs/file-exec.c (netfs_S_file_exec, netfs_S_file_exec_paths): Likewise.
* trans/fakeroot.c (netfs_S_file_exec, netfs_S_file_exec_paths): Likewise.
* libtrivfs/file-exec.c (trivfs_S_file_exec_paths): New function.
|
|
* libfshelp/get-identity.c (id_clean): Test whether i is still in the
hash table instead of counting weak references.
|
|
Reported by Brent W. Baccala.
While some thread has converted a hardref to a weakref and tries to release
the hash weakref, another thread might reacquire a hardref, and then convert
it to a weakref and try to release it. We thus have to make sure that we
really have the last weakref before removing from the hash.
* libfshelp/get-identity.c (id_clean): Also check that there are only
two weak refs left.
|
|
Reported by Brent W. Baccala.
hurd_ihash_key_t is 32bit only on 32bit platforms, so we need the same
hashing functions as in libdiskfs/node-cache.c.
* libfshelp/get-identity.c (mix_fasthash): New macro.
(hash, compare): New functions.
(idhash): Use HURD_IHASH_INITIALIZER_GKI instead of HURD_IHASH_INITIALIZER
to pass hash and compare.
(fshelp_get_identity): Pass address of fileno to hurd_ihash_find and
hurd_ihash_add instead of fileno itself.
|
|
* libfshelp/get-identity.c (fshelp_get_identity): Add FIXME for FS with
inode numbers bigger than 4 billion.
|
|
Fixes reference w/o send right crash.
* libfshelp/get-identity.c (fshelp_get_identity): Get weak reference for
the hash table reference.
(id_initialize): Pass id_clean as dropweak_routine instead of
clean_routine to ports_create_class.
(id_clean): Remove from hash table only if there are no hard references
left, i.e. we didn't reacquired a port right in between.
|
|
* libfshelp/fetch-control.c (fshelp_fetch_control): When a port is
stale, do not try to deallocate it.
|
|
Previously, we used the fs protocol to traverse the translator
hierarchies. This, however, is conceptually flawed, because
translators are bound to nodes, and a node can have zero or more links
in the file system. Therefore, the previous method of returning a
list of paths to the client and expecting them to be able to follow
these to reach the child translators was always unreliable.
Fix this by using the fsys protocol to traverse the hierarchy, and
returning the control ports of all children. This is more robust, and
also conceptually cleaner, because the fsys protocol is about
translator linkage, hence this is the point to implement traversal.
Also move the get source routine over. A per-node source really
does not fit the reality of most translators, while a per-translator
source makes sense in many cases.
* hurd/fs.defs (file_get_children): Drop routine.
(file_get_source): Likewise.
* hurd/fsys.defs (fsys_get_children): New routine.
(fsys_get_source): Likewise.
* libdiskfs/Makefile (FSYSSRCS): Remove files, add files.
* libdiskfs/file-get-children.c: Remove file.
* libdiskfs/fsys-get-children.c: New file.
* libdiskfs/file-get-source.c: Remove file.
* libdiskfs/fsys-get-source.c: New file.
* libfshelp/fshelp.h (fshelp_filter): Remove type.
(fshelp_get_active_translators): Remove filter and prefix argument,
return list of control ports.
* libfshelp/translator-list.c (fshelp_get_active_translators):
Likewise.
* libnetfs/Makefile (FSSRCS): Move 'get-source.c' too OTHERSRCS.
(FSYSSRCS): Remove files, add files.
* libnetfs/file-get-children.c: Remove file.
* libnetfs/fsys-get-children.c: New file.
* libnetfs/file-get-source.c: Remove file.
* libnetfs/fsys-get-source.c: New file.
* libtrivfs/Makefile: Move 'get-source.c' too OTHERSRCS.
(FSYSSRCS): Remove files, add files.
* libtrivfs/file-get-children.c: Remove file.
* libtrivfs/fsys-get-children.c: New file.
* libtrivfs/file-get-source.c: Remove file.
* libtrivfs/fsys-get-source.c: Add file.
* trans/Makefile (mtab): Build client stubs until the libc has caught
on.
* trans/mtab.c (target_control): New variable.
(insecure): Drop variable.
(all_translators): Likewise.
(MAX_DEPTH): New macro.
(max_depth): New variable.
(options): Remove '--insecure' and '--all-translators', add '--depth'.
(parse_opt): Adapt accordingly.
(trivsfs_append_args): Likewise.
(main): Get the control port of the target translator, then drop
privileges.
(is_filesystem_translator): Remove function.
(mtab_mark_as_seen): Simplify. Just check if the control port is
known.
(mtab_populate): Limit depth of recursion, adapt to traversing over
the control ports, simplify.
(open_hook): Remove scary comment, it is not applicable anymore
because we no longer dir_lookup child translators.
|
|
Previously, libfshelp used the name of an translator as key in the
hash table. This however is flawed, because a translator is bound to
a node, and a node can have zero or more links in the file system.
Use the nodes address (or rather, the address of the transbox embedded
in the node) as key instead.
* libfshelp/fshelp.h (fshelp_set_active_translator): Instead of the
control port, hand the whole transbox to the function.
* libfshelp/translator-list.c (struct translator): New field 'locp'.
(hash): Hash pointer.
(compare): Compare pointer.
(translator_ihash): Use an location pointer.
(fshelp_set_active_translator): Use the address of the transbox as key.
(fshelp_remove_active_translator): Remove using the location pointer.
* libdiskfs/dir-lookup.c (diskfs_S_dir_lookup): Fix callsite.
* libdiskfs/file-set-trans.c (diskfs_S_file_set_translator): Likewise.
* libnetfs/dir-lookup.c (netfs_S_dir_lookup): Likewise.
* libnetfs/file-set-translator.c (netfs_S_file_set_translator):
Likewise.
|
|
* libfshelp/translator-list.c (fshelp_set_active_translator): Avoid
updating the entry if the control port is still the same.
|
|
* libfshelp/translator-list.c (fshelp_set_active_translator): Free
resources. Assert that an entry is removed.
(fshelp_remove_active_translator): Assert that an entry is removed.
|
|
* libdiskfs/file-syncfs.c (diskfs_S_file_syncfs): Use the new function.
* libdiskfs/fsys-options.c (diskfs_S_fsys_set_options): Likewise.
* libdiskfs/fsys-syncfs.c (diskfs_S_fsys_syncfs): Likewise.
* libdiskfs/shutdown.c (diskfs_shutdown): Likewise.
* libfshelp/fshelp.h (fshelp_map_active_translators): New declaration.
* libfshelp/translator-list.c (fshelp_map_active_translators): New
function.
* libnetfs/file-syncfs.c (netfs_S_file_syncfs): Use the new function.
* libnetfs/fsys-set-options.c (netfs_S_fsys_set_options): Likewise.
* libnetfs/fsys-syncfs.c (netfs_S_fsys_syncfs): Likewise.
* libnetfs/shutdown.c (netfs_shutdown): Likewise.
|
|
* libfshelp/translator-list.c (fshelp_set_active_translator): Always
register dead-name notifications.
|
|
* libfshelp/translator-list.c (fshelp_set_active_translator): Avoid
allocating an entry unless a valid control port is given.
|
|
Use the path names of active translators as keys in the hash table.
* libfshelp/translator-list.c (hash, compare): New functions.
(translator_ihash): Use generalized key interface.
(fshelp_set_active_translator): Update accordingly.
(fshelp_remove_active_translator): Likewise.
|
|
Our variants print stack traces on failures. This will make locating
errors much easier.
|
|
* libfshelp/fetch-control.c (fshelp_fetch_control): Check if the
control port is still alive, or deallocate the dead name, record the
fact in the transbox, and return MACH_PORT_NULL.
|
