mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-02-24 14:59:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
cosmopolitan/test/libc/calls/stackoverflow1_test.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

137 lines
5.1 KiB
C
Raw Normal View History

Fix some todos
2023-10-09 23:12:32 -07:00
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
vi: set et ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi
Copyright 2023 Justine Alexandra Roberts Tunney
Permission to use, copy, modify, and/or distribute this software for
any purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
*/
Improve memory manager and signal handling On Windows, mmap() now chooses addresses transactionally. It reduces the risk of badness when interacting with the WIN32 memory manager. We don't throw darts anymore. There is also no more retry limit, since we recover from mystery maps more gracefully. The subroutine for combining adjacent maps has been rewritten for clarity. The print maps subroutine is better This change goes to great lengths to perfect the stack overflow code. On Windows you can now longjmp() out of a crash signal handler. Guard pages previously weren't being restored properly by the signal handler. That's fixed, so on Windows you can now handle a stack overflow multiple times. Great thought has been put into selecting the perfect SIGSTKSZ constants so you can save sigaltstack() memory. You can now use kprintf() with 512 bytes of stack available. The guard pages beneath the main stack are now recorded in the memory manager. This change fixes getcontext() so it works right with the %rax register.
2024-12-27 01:03:11 -08:00
#include "libc/assert.h"
#include "libc/atomic.h"
Fix some todos
2023-10-09 23:12:32 -07:00
#include "libc/calls/struct/rlimit.h"
#include "libc/calls/struct/sigaction.h"
#include "libc/calls/struct/sigaltstack.h"
#include "libc/calls/struct/siginfo.h"
Improve memory manager and signal handling On Windows, mmap() now chooses addresses transactionally. It reduces the risk of badness when interacting with the WIN32 memory manager. We don't throw darts anymore. There is also no more retry limit, since we recover from mystery maps more gracefully. The subroutine for combining adjacent maps has been rewritten for clarity. The print maps subroutine is better This change goes to great lengths to perfect the stack overflow code. On Windows you can now longjmp() out of a crash signal handler. Guard pages previously weren't being restored properly by the signal handler. That's fixed, so on Windows you can now handle a stack overflow multiple times. Great thought has been put into selecting the perfect SIGSTKSZ constants so you can save sigaltstack() memory. You can now use kprintf() with 512 bytes of stack available. The guard pages beneath the main stack are now recorded in the memory manager. This change fixes getcontext() so it works right with the %rax register.
2024-12-27 01:03:11 -08:00
#include "libc/calls/struct/ucontext.internal.h"
#include "libc/calls/ucontext.h"
Fix some todos
2023-10-09 23:12:32 -07:00
#include "libc/dce.h"
#include "libc/intrin/kprintf.h"
#include "libc/limits.h"
Bring back gc() function Renaming gc() to _gc() was a mistake since the better thing to do is put it behind the _COSMO_SOURCE macro. We need this change because I haven't wanted to use my amazing garbage collector ever since we renamed it. You now need to define _COSMO_SOURCE yourself when using amalgamation header and cosmocc users need to pass the -mcosmo flag to get the gc() function Some other issues relating to cancelation have been fixed along the way. We're also now putting cosmocc in a folder named `.cosmocc` so it can be more safely excluded by grep --exclude-dir=.cosmocc --exclude-dir=o etc.
2024-01-08 10:07:35 -08:00
#include "libc/mem/gc.h"
Fix some todos
2023-10-09 23:12:32 -07:00
#include "libc/mem/mem.h"
#include "libc/runtime/runtime.h"
#include "libc/runtime/sysconf.h"
Improve memory manager and signal handling On Windows, mmap() now chooses addresses transactionally. It reduces the risk of badness when interacting with the WIN32 memory manager. We don't throw darts anymore. There is also no more retry limit, since we recover from mystery maps more gracefully. The subroutine for combining adjacent maps has been rewritten for clarity. The print maps subroutine is better This change goes to great lengths to perfect the stack overflow code. On Windows you can now longjmp() out of a crash signal handler. Guard pages previously weren't being restored properly by the signal handler. That's fixed, so on Windows you can now handle a stack overflow multiple times. Great thought has been put into selecting the perfect SIGSTKSZ constants so you can save sigaltstack() memory. You can now use kprintf() with 512 bytes of stack available. The guard pages beneath the main stack are now recorded in the memory manager. This change fixes getcontext() so it works right with the %rax register.
2024-12-27 01:03:11 -08:00
#include "libc/stdio/rand.h"
#include "libc/stdio/stdio.h"
Put more thought into i/o polyfills wait4() is now solid enough to run `make -j100` on Windows. You can now use MSG_DONTWAIT on Windows. There was a handle leak in accept() that's been fixed. Our WIN32 overlapped i/o code has been simplified. Priority class now inherits into subprocesses, so the verynice command will work and the signal mask will now be inherited by execve() and posix_spawn()
2023-11-06 16:38:44 -08:00
#include "libc/stdio/sysparam.h"
Improve memory manager and signal handling On Windows, mmap() now chooses addresses transactionally. It reduces the risk of badness when interacting with the WIN32 memory manager. We don't throw darts anymore. There is also no more retry limit, since we recover from mystery maps more gracefully. The subroutine for combining adjacent maps has been rewritten for clarity. The print maps subroutine is better This change goes to great lengths to perfect the stack overflow code. On Windows you can now longjmp() out of a crash signal handler. Guard pages previously weren't being restored properly by the signal handler. That's fixed, so on Windows you can now handle a stack overflow multiple times. Great thought has been put into selecting the perfect SIGSTKSZ constants so you can save sigaltstack() memory. You can now use kprintf() with 512 bytes of stack available. The guard pages beneath the main stack are now recorded in the memory manager. This change fixes getcontext() so it works right with the %rax register.
2024-12-27 01:03:11 -08:00
#include "libc/sysv/consts/map.h"
#include "libc/sysv/consts/prot.h"
Fix some todos
2023-10-09 23:12:32 -07:00
#include "libc/sysv/consts/rlimit.h"
#include "libc/sysv/consts/sa.h"
#include "libc/sysv/consts/sig.h"
#include "libc/sysv/consts/ss.h"
#include "libc/thread/thread.h"
/**
* stack overflow recovery technique #1
* overflow the gigantic main process stack
* simple but it can upset kernels / libraries
*/
jmp_buf recover;
Improve memory manager and signal handling On Windows, mmap() now chooses addresses transactionally. It reduces the risk of badness when interacting with the WIN32 memory manager. We don't throw darts anymore. There is also no more retry limit, since we recover from mystery maps more gracefully. The subroutine for combining adjacent maps has been rewritten for clarity. The print maps subroutine is better This change goes to great lengths to perfect the stack overflow code. On Windows you can now longjmp() out of a crash signal handler. Guard pages previously weren't being restored properly by the signal handler. That's fixed, so on Windows you can now handle a stack overflow multiple times. Great thought has been put into selecting the perfect SIGSTKSZ constants so you can save sigaltstack() memory. You can now use kprintf() with 512 bytes of stack available. The guard pages beneath the main stack are now recorded in the memory manager. This change fixes getcontext() so it works right with the %rax register.
2024-12-27 01:03:11 -08:00
atomic_bool g_isdone;
atomic_bool smashed_stack;
Fix some todos
2023-10-09 23:12:32 -07:00
void CrashHandler(int sig, siginfo_t *si, void *ctx) {
struct sigaltstack ss;
Improve memory manager and signal handling On Windows, mmap() now chooses addresses transactionally. It reduces the risk of badness when interacting with the WIN32 memory manager. We don't throw darts anymore. There is also no more retry limit, since we recover from mystery maps more gracefully. The subroutine for combining adjacent maps has been rewritten for clarity. The print maps subroutine is better This change goes to great lengths to perfect the stack overflow code. On Windows you can now longjmp() out of a crash signal handler. Guard pages previously weren't being restored properly by the signal handler. That's fixed, so on Windows you can now handle a stack overflow multiple times. Great thought has been put into selecting the perfect SIGSTKSZ constants so you can save sigaltstack() memory. You can now use kprintf() with 512 bytes of stack available. The guard pages beneath the main stack are now recorded in the memory manager. This change fixes getcontext() so it works right with the %rax register.
2024-12-27 01:03:11 -08:00
unassert(!sigaltstack(0, &ss));
unassert(SS_ONSTACK == ss.ss_flags);
kprintf("kprintf avoids overflowing %G si_addr=%lx sp=%lx\n", si->si_signo,
si->si_addr, ((ucontext_t *)ctx)->uc_mcontext.SP);
Fix some todos
2023-10-09 23:12:32 -07:00
smashed_stack = true;
Make execve() linger when it can't spoof parent It's now possible to use execve() when the parent process isn't built by cosmo. In such cases, the current process will kill all threads and then linger around, waiting for the newly created process to die, and then we propagate its exit code to the parent. This should help bazel and others Allocating private anonymous memory is now 5x faster on Windows. This is thanks to VirtualAlloc() which is faster than the file mapping APIs. The fork() function also now goes 30% faster, since we are able to avoid the VirtualProtect() calls on mappings in most cases now. Fixes #1253
2025-01-04 21:11:53 -08:00
// unassert(__is_stack_overflow(si, ctx)); // fuzzy with main thread
Fix some todos
2023-10-09 23:12:32 -07:00
longjmp(recover, 123);
}
void SetUp(void) {
// tune down the main process's stack size to a reasonable amount
// some operating systems, e.g. freebsd, will do things like have
// 500mb RLIMIT_STACK by default, even on machines with 400mb RAM
if (!IsWindows() && !IsXnu()) {
Put more thought into i/o polyfills wait4() is now solid enough to run `make -j100` on Windows. You can now use MSG_DONTWAIT on Windows. There was a handle leak in accept() that's been fixed. Our WIN32 overlapped i/o code has been simplified. Priority class now inherits into subprocesses, so the verynice command will work and the signal mask will now be inherited by execve() and posix_spawn()
2023-11-06 16:38:44 -08:00
struct rlimit rl;
getrlimit(RLIMIT_STACK, &rl);
rl.rlim_cur = MIN(rl.rlim_cur, 2 * 1024 * 1024);
Improve memory manager and signal handling On Windows, mmap() now chooses addresses transactionally. It reduces the risk of badness when interacting with the WIN32 memory manager. We don't throw darts anymore. There is also no more retry limit, since we recover from mystery maps more gracefully. The subroutine for combining adjacent maps has been rewritten for clarity. The print maps subroutine is better This change goes to great lengths to perfect the stack overflow code. On Windows you can now longjmp() out of a crash signal handler. Guard pages previously weren't being restored properly by the signal handler. That's fixed, so on Windows you can now handle a stack overflow multiple times. Great thought has been put into selecting the perfect SIGSTKSZ constants so you can save sigaltstack() memory. You can now use kprintf() with 512 bytes of stack available. The guard pages beneath the main stack are now recorded in the memory manager. This change fixes getcontext() so it works right with the %rax register.
2024-12-27 01:03:11 -08:00
unassert(!setrlimit(RLIMIT_STACK, &rl));
Fix some todos
2023-10-09 23:12:32 -07:00
}
// set up the signal handler and alternative stack
struct sigaction sa;
struct sigaltstack ss;
ss.ss_flags = 0;
ss.ss_size = sysconf(_SC_MINSIGSTKSZ) + 8192;
ss.ss_sp = _mapanon(ss.ss_size);
Improve memory manager and signal handling On Windows, mmap() now chooses addresses transactionally. It reduces the risk of badness when interacting with the WIN32 memory manager. We don't throw darts anymore. There is also no more retry limit, since we recover from mystery maps more gracefully. The subroutine for combining adjacent maps has been rewritten for clarity. The print maps subroutine is better This change goes to great lengths to perfect the stack overflow code. On Windows you can now longjmp() out of a crash signal handler. Guard pages previously weren't being restored properly by the signal handler. That's fixed, so on Windows you can now handle a stack overflow multiple times. Great thought has been put into selecting the perfect SIGSTKSZ constants so you can save sigaltstack() memory. You can now use kprintf() with 512 bytes of stack available. The guard pages beneath the main stack are now recorded in the memory manager. This change fixes getcontext() so it works right with the %rax register.
2024-12-27 01:03:11 -08:00
unassert(!sigaltstack(&ss, 0));
Fix some todos
2023-10-09 23:12:32 -07:00
sa.sa_flags = SA_SIGINFO | SA_ONSTACK; // <-- important
sigemptyset(&sa.sa_mask);
sa.sa_sigaction = CrashHandler;
sigaction(SIGBUS, &sa, 0);
sigaction(SIGSEGV, &sa, 0);
}
Fix MODE=optlinux and MODE=tiny builds
2024-07-23 04:04:19 -07:00
int StackOverflow(int d) {
char A[8];
for (int i = 0; i < sizeof(A); i++)
A[i] = d + i;
if (__veil("r", d))
return StackOverflow(d + 1) + A[d % sizeof(A)];
return 0;
Fix some todos
2023-10-09 23:12:32 -07:00
}
Improve memory manager and signal handling On Windows, mmap() now chooses addresses transactionally. It reduces the risk of badness when interacting with the WIN32 memory manager. We don't throw darts anymore. There is also no more retry limit, since we recover from mystery maps more gracefully. The subroutine for combining adjacent maps has been rewritten for clarity. The print maps subroutine is better This change goes to great lengths to perfect the stack overflow code. On Windows you can now longjmp() out of a crash signal handler. Guard pages previously weren't being restored properly by the signal handler. That's fixed, so on Windows you can now handle a stack overflow multiple times. Great thought has been put into selecting the perfect SIGSTKSZ constants so you can save sigaltstack() memory. You can now use kprintf() with 512 bytes of stack available. The guard pages beneath the main stack are now recorded in the memory manager. This change fixes getcontext() so it works right with the %rax register.
2024-12-27 01:03:11 -08:00
void *innocent_thread(void *arg) {
atomic_long dont_clobber_me_bro = 0;
while (!g_isdone)
unassert(!dont_clobber_me_bro);
return 0;
}
int main() {
// libc/intrin/stack.c is designed so that this thread's stack should
// be allocated right beneath the main thread's stack. our goal is to
// make sure overflowing the main stack won't clobber our poor thread
pthread_t th;
unassert(!pthread_create(&th, 0, innocent_thread, 0));
SetUp();
Fix some todos
2023-10-09 23:12:32 -07:00
int jumpcode;
Improve memory manager and signal handling On Windows, mmap() now chooses addresses transactionally. It reduces the risk of badness when interacting with the WIN32 memory manager. We don't throw darts anymore. There is also no more retry limit, since we recover from mystery maps more gracefully. The subroutine for combining adjacent maps has been rewritten for clarity. The print maps subroutine is better This change goes to great lengths to perfect the stack overflow code. On Windows you can now longjmp() out of a crash signal handler. Guard pages previously weren't being restored properly by the signal handler. That's fixed, so on Windows you can now handle a stack overflow multiple times. Great thought has been put into selecting the perfect SIGSTKSZ constants so you can save sigaltstack() memory. You can now use kprintf() with 512 bytes of stack available. The guard pages beneath the main stack are now recorded in the memory manager. This change fixes getcontext() so it works right with the %rax register.
2024-12-27 01:03:11 -08:00
if (!(jumpcode = setjmp(recover)))
exit(StackOverflow(1));
unassert(123 == jumpcode);
unassert(smashed_stack);
// join the thread
g_isdone = true;
unassert(!pthread_join(th, 0));
Fix some todos
2023-10-09 23:12:32 -07:00
// here's where longjmp() gets us into trouble
struct sigaltstack ss;
Improve memory manager and signal handling On Windows, mmap() now chooses addresses transactionally. It reduces the risk of badness when interacting with the WIN32 memory manager. We don't throw darts anymore. There is also no more retry limit, since we recover from mystery maps more gracefully. The subroutine for combining adjacent maps has been rewritten for clarity. The print maps subroutine is better This change goes to great lengths to perfect the stack overflow code. On Windows you can now longjmp() out of a crash signal handler. Guard pages previously weren't being restored properly by the signal handler. That's fixed, so on Windows you can now handle a stack overflow multiple times. Great thought has been put into selecting the perfect SIGSTKSZ constants so you can save sigaltstack() memory. You can now use kprintf() with 512 bytes of stack available. The guard pages beneath the main stack are now recorded in the memory manager. This change fixes getcontext() so it works right with the %rax register.
2024-12-27 01:03:11 -08:00
unassert(!sigaltstack(0, &ss));
Fix some todos
2023-10-09 23:12:32 -07:00
if (IsXnu() || IsNetbsd()) {
Improve memory manager and signal handling On Windows, mmap() now chooses addresses transactionally. It reduces the risk of badness when interacting with the WIN32 memory manager. We don't throw darts anymore. There is also no more retry limit, since we recover from mystery maps more gracefully. The subroutine for combining adjacent maps has been rewritten for clarity. The print maps subroutine is better This change goes to great lengths to perfect the stack overflow code. On Windows you can now longjmp() out of a crash signal handler. Guard pages previously weren't being restored properly by the signal handler. That's fixed, so on Windows you can now handle a stack overflow multiple times. Great thought has been put into selecting the perfect SIGSTKSZ constants so you can save sigaltstack() memory. You can now use kprintf() with 512 bytes of stack available. The guard pages beneath the main stack are now recorded in the memory manager. This change fixes getcontext() so it works right with the %rax register.
2024-12-27 01:03:11 -08:00
unassert(SS_ONSTACK == ss.ss_flags); // wut
Fix some todos
2023-10-09 23:12:32 -07:00
} else {
Improve memory manager and signal handling On Windows, mmap() now chooses addresses transactionally. It reduces the risk of badness when interacting with the WIN32 memory manager. We don't throw darts anymore. There is also no more retry limit, since we recover from mystery maps more gracefully. The subroutine for combining adjacent maps has been rewritten for clarity. The print maps subroutine is better This change goes to great lengths to perfect the stack overflow code. On Windows you can now longjmp() out of a crash signal handler. Guard pages previously weren't being restored properly by the signal handler. That's fixed, so on Windows you can now handle a stack overflow multiple times. Great thought has been put into selecting the perfect SIGSTKSZ constants so you can save sigaltstack() memory. You can now use kprintf() with 512 bytes of stack available. The guard pages beneath the main stack are now recorded in the memory manager. This change fixes getcontext() so it works right with the %rax register.
2024-12-27 01:03:11 -08:00
unassert(0 == ss.ss_flags);
Fix some todos
2023-10-09 23:12:32 -07:00
}
}
Reference in a new issue Copy permalink