2020-06-15 14:18:57 +00:00
|
|
|
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
|
|
|
|
|
│ vi: set et ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi │
|
|
|
|
|
╞══════════════════════════════════════════════════════════════════════════════╡
|
|
|
|
|
│ Copyright 2020 Justine Alexandra Roberts Tunney │
|
|
|
|
|
│ │
|
2020-12-28 01:18:44 +00:00
|
|
|
│ Permission to use, copy, modify, and/or distribute this software for │
|
|
|
|
|
│ any purpose with or without fee is hereby granted, provided that the │
|
|
|
|
|
│ above copyright notice and this permission notice appear in all copies. │
|
2020-06-15 14:18:57 +00:00
|
|
|
│ │
|
2020-12-28 01:18:44 +00:00
|
|
|
│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │
|
|
|
|
|
│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │
|
|
|
|
|
│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │
|
|
|
|
|
│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │
|
|
|
|
|
│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │
|
|
|
|
|
│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │
|
|
|
|
|
│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │
|
|
|
|
|
│ PERFORMANCE OF THIS SOFTWARE. │
|
2020-06-15 14:18:57 +00:00
|
|
|
╚─────────────────────────────────────────────────────────────────────────────*/
|
|
|
|
|
#include "libc/calls/calls.h"
|
2022-11-06 02:49:41 +00:00
|
|
|
#include "libc/calls/cp.internal.h"
|
2020-06-15 14:18:57 +00:00
|
|
|
#include "libc/calls/internal.h"
|
2022-10-13 20:44:41 +00:00
|
|
|
#include "libc/calls/struct/flock.h"
|
|
|
|
|
#include "libc/calls/struct/flock.internal.h"
|
2022-05-23 22:06:11 +00:00
|
|
|
#include "libc/calls/syscall-nt.internal.h"
|
|
|
|
|
#include "libc/calls/syscall-sysv.internal.h"
|
2020-06-15 14:18:57 +00:00
|
|
|
#include "libc/dce.h"
|
2022-10-13 20:44:41 +00:00
|
|
|
#include "libc/intrin/describeflags.h"
|
2022-09-13 06:10:38 +00:00
|
|
|
#include "libc/intrin/strace.h"
|
2022-08-13 20:11:56 +00:00
|
|
|
#include "libc/intrin/weaken.h"
|
2023-08-21 09:28:24 +00:00
|
|
|
#include "libc/runtime/zipos.internal.h"
|
2023-12-01 08:51:01 +00:00
|
|
|
#include "libc/str/str.h"
|
2022-10-13 20:44:41 +00:00
|
|
|
#include "libc/sysv/consts/f.h"
|
Improve ZIP filesystem and change its prefix
The ZIP filesystem has a breaking change. You now need to use /zip/ to
open() / opendir() / etc. assets within the ZIP structure of your APE
binary, instead of the previous convention of using zip: or zip! URIs.
This is needed because Python likes to use absolute paths, and having
ZIP paths encoded like URIs simply broke too many things.
Many more system calls have been updated to be able to operate on ZIP
files and file descriptors. In particular fcntl() and ioctl() since
Python would do things like ask if a ZIP file is a terminal and get
confused when the old implementation mistakenly said yes, because the
fastest way to guarantee native file descriptors is to dup(2). This
change also improves the async signal safety of zipos and ensures it
doesn't maintain any open file descriptors beyond that which the user
has opened.
This change makes a lot of progress towards adding magic numbers that
are specific to platforms other than Linux. The philosophy here is that,
if you use an operating system like FreeBSD, then you should be able to
take advantage of FreeBSD exclusive features, even if we don't polyfill
them on other platforms. For example, you can now open() a file with the
O_VERIFY flag. If your program runs on other platforms, then Cosmo will
automatically set O_VERIFY to zero. This lets you safely use it without
the need for #ifdef or ifstatements which detract from readability.
One of the blindspots of the ASAN memory hardening we use to offer Rust
like assurances has always been that memory passed to the kernel via
system calls (e.g. writev) can't be checked automatically since the
kernel wasn't built with MODE=asan. This change makes more progress
ensuring that each system call will verify the soundness of memory
before it's passed to the kernel. The code for doing these checks is
fast, particularly for buffers, where it can verify 64 bytes a cycle.
- Correct O_LOOP definition on NT
- Introduce program_executable_name
- Add ASAN guards to more system calls
- Improve termios compatibility with BSDs
- Fix bug in Windows auxiliary value encoding
- Add BSD and XNU specific errnos and open flags
- Add check to ensure build doesn't talk to internet
2021-08-22 08:04:18 +00:00
|
|
|
#include "libc/sysv/errfuns.h"
|
2020-06-15 14:18:57 +00:00
|
|
|
|
|
|
|
|
/**
|
2022-10-17 18:02:04 +00:00
|
|
|
* Does things with file descriptor, e.g.
|
2020-06-15 14:18:57 +00:00
|
|
|
*
|
2020-12-26 10:09:07 +00:00
|
|
|
* CHECK_NE(-1, fcntl(fd, F_SETFD, FD_CLOEXEC));
|
2020-06-15 14:18:57 +00:00
|
|
|
*
|
Introduce --strace flag for system call tracing
This is similar to the --ftrace (c function call trace) flag, except
it's less noisy since it only logs system calls to stderr. Having this
flag is valuable because (1) system call tracing tells us a lot about
the behavior of complex programs and (2) it's usually very hard to get
system call tracing on various operating systems, e.g. strace, ktrace,
dtruss, truss, nttrace, etc. Especially on Apple platforms where even
with the special boot trick, debuggers still aren't guaranteed to work.
make -j8 o//examples
o//examples/hello.com --strace
This is enabled by default in MODE=, MODE=opt, and MODE=dbg. In MODE=dbg
extra information will be printed.
make -j8 MODE=dbg o/dbg/examples
o/dbg/examples/hello.com --strace |& less
This change also changes:
- Rename IsText() → _istext()
- Rename IsUtf8() → _isutf8()
- Fix madvise() on Windows NT
- Fix empty string case of inet_ntop()
- vfork() wrapper now saves and restores errno
- Update xsigaction() to yoink syscall support
2022-03-19 01:07:28 +00:00
|
|
|
* This function lets you duplicate file descriptors without running
|
|
|
|
|
* into an edge case where they take over stdio handles:
|
|
|
|
|
*
|
|
|
|
|
* CHECK_GE((newfd = fcntl(oldfd, F_DUPFD, 3)), 3);
|
|
|
|
|
* CHECK_GE((newfd = fcntl(oldfd, F_DUPFD_CLOEXEC, 3)), 3);
|
|
|
|
|
*
|
2022-10-17 18:02:04 +00:00
|
|
|
* This function implements file record locking, which lets independent
|
|
|
|
|
* processes (and on Linux 3.15+, threads too!) lock arbitrary ranges
|
|
|
|
|
* associated with a file. See `test/libc/calls/lock_test.c` and other
|
|
|
|
|
* locking related tests in that folder.
|
2021-05-14 12:36:58 +00:00
|
|
|
*
|
2022-10-17 18:02:04 +00:00
|
|
|
* On Windows, the Cosmopolitan Libc polyfill for POSIX advisory locks
|
|
|
|
|
* only implements enough of its nuances to support SQLite's needs. Some
|
|
|
|
|
* possibilities, e.g. punching holes in lock, will raise `ENOTSUP`.
|
2021-06-12 07:01:55 +00:00
|
|
|
*
|
2022-10-13 20:44:41 +00:00
|
|
|
* @param fd is the file descriptor
|
|
|
|
|
* @param cmd can be one of:
|
|
|
|
|
* - `F_GETFD` gets `FD_CLOEXEC` status of `fd
|
|
|
|
|
* - `F_SETFD` sets `FD_CLOEXEC` status of `arg` file descriptor
|
|
|
|
|
* - `F_GETFL` returns file descriptor status flags
|
|
|
|
|
* - `F_SETFL` sets file descriptor status flags
|
2023-08-21 09:28:24 +00:00
|
|
|
* - `O_NONBLOCK` may be changed
|
|
|
|
|
* - `O_APPEND` may be changed
|
|
|
|
|
* - `O_DIRECT` may be changed
|
|
|
|
|
* - `O_SEQUENTIAL` may be changed (no-op on non-Windows)
|
|
|
|
|
* - `O_RANDOM` may be changed (no-op on non-Windows)
|
|
|
|
|
* - Other bits (`O_ACCMODE`, `O_CREAT`, etc.) are ignored
|
2022-10-13 20:44:41 +00:00
|
|
|
* - `F_DUPFD` is like dup() but `arg` is a minimum result, e.g. 3
|
|
|
|
|
* - `F_DUPFD_CLOEXEC` ditto but sets `O_CLOEXEC` on returned fd
|
2022-10-17 18:02:04 +00:00
|
|
|
* - `F_SETLK` for record locking where `arg` is `struct flock *`
|
|
|
|
|
* - `F_SETLKW` ditto but waits for lock (SQLite avoids this)
|
2022-10-13 20:44:41 +00:00
|
|
|
* - `F_GETLK` to retrieve information about a record lock
|
2022-10-17 18:02:04 +00:00
|
|
|
* - `F_OFD_SETLK` for better non-blocking lock (Linux 3.15+ only)
|
|
|
|
|
* - `F_OFD_SETLKW` for better blocking lock (Linux 3.15+ only)
|
|
|
|
|
* - `F_OFD_GETLK` for better lock querying (Linux 3.15+ only)
|
2022-10-13 20:44:41 +00:00
|
|
|
* - `F_FULLFSYNC` on MacOS for fsync() with release barrier
|
|
|
|
|
* - `F_BARRIERFSYNC` on MacOS for fsync() with even more barriers
|
|
|
|
|
* - `F_SETNOSIGPIPE` on MacOS and NetBSD to control `SIGPIPE`
|
|
|
|
|
* - `F_GETNOSIGPIPE` on MacOS and NetBSD to control `SIGPIPE`
|
|
|
|
|
* - `F_GETPATH` on MacOS and NetBSD where arg is `char[PATH_MAX]`
|
|
|
|
|
* - `F_MAXFD` on NetBSD to get max open file descriptor
|
|
|
|
|
* - `F_NOCACHE` on MacOS to toggle data caching
|
|
|
|
|
* - `F_GETPIPE_SZ` on Linux to get pipe size
|
|
|
|
|
* - `F_SETPIPE_SZ` on Linux to set pipe size
|
2022-10-17 18:02:04 +00:00
|
|
|
* - `F_NOTIFY` raise `SIGIO` upon `fd` events in `arg` (Linux only)
|
2022-10-13 20:44:41 +00:00
|
|
|
* - `DN_ACCESS` for file access
|
|
|
|
|
* - `DN_MODIFY` for file modifications
|
|
|
|
|
* - `DN_CREATE` for file creations
|
|
|
|
|
* - `DN_DELETE` for file deletions
|
|
|
|
|
* - `DN_RENAME` for file renames
|
|
|
|
|
* - `DN_ATTRIB` for file attribute changes
|
|
|
|
|
* - `DN_MULTISHOT` bitwise or for realtime signals (non-coalesced)
|
2020-06-15 14:18:57 +00:00
|
|
|
* @param arg can be FD_CLOEXEC, etc. depending
|
|
|
|
|
* @return 0 on success, or -1 w/ errno
|
2022-10-13 20:44:41 +00:00
|
|
|
* @raise EBADF if `fd` isn't a valid open file descriptor
|
|
|
|
|
* @raise EINVAL if `cmd` is unknown or unsupported by os
|
|
|
|
|
* @raise EINVAL if `cmd` is invalid or unsupported by os
|
|
|
|
|
* @raise EPERM if pledge() is in play w/o `stdio` or `flock` promise
|
|
|
|
|
* @raise ENOLCK if `F_SETLKW` would have exceeded `RLIMIT_LOCKS`
|
|
|
|
|
* @raise EPERM if `cmd` is `F_SETOWN` and we weren't authorized
|
|
|
|
|
* @raise ESRCH if `cmd` is `F_SETOWN` and process group not found
|
2022-10-17 18:02:04 +00:00
|
|
|
* @raise ENOTSUP on Windows if locking operation isn't supported yet
|
2022-10-13 20:44:41 +00:00
|
|
|
* @raise EDEADLK if `cmd` was `F_SETLKW` and waiting would deadlock
|
|
|
|
|
* @raise EMFILE if `cmd` is `F_DUPFD` or `F_DUPFD_CLOEXEC` and
|
|
|
|
|
* `RLIMIT_NOFILE` would be exceeded
|
Make improvements
- We now serialize the file descriptor table when spawning / executing
processes on Windows. This means you can now inherit more stuff than
just standard i/o. It's needed by bash, which duplicates the console
to file descriptor #255. We also now do a better job serializing the
environment variables, so you're less likely to encounter E2BIG when
using your bash shell. We also no longer coerce environ to uppercase
- execve() on Windows now remotely controls its parent process to make
them spawn a replacement for itself. Then it'll be able to terminate
immediately once the spawn succeeds, without having to linger around
for the lifetime as a shell process for proxying the exit code. When
process worker thread running in the parent sees the child die, it's
given a handle to the new child, to replace it in the process table.
- execve() and posix_spawn() on Windows will now provide CreateProcess
an explicit handle list. This allows us to remove handle locks which
enables better fork/spawn concurrency, with seriously correct thread
safety. Other codebases like Go use the same technique. On the other
hand fork() still favors the conventional WIN32 inheritence approach
which can be a little bit messy, but is *controlled* by guaranteeing
perfectly clean slates at both the spawning and execution boundaries
- sigset_t is now 64 bits. Having it be 128 bits was a mistake because
there's no reason to use that and it's only supported by FreeBSD. By
using the system word size, signal mask manipulation on Windows goes
very fast. Furthermore @asyncsignalsafe funcs have been rewritten on
Windows to take advantage of signal masking, now that it's much more
pleasant to use.
- All the overlapped i/o code on Windows has been rewritten for pretty
good signal and cancelation safety. We're now able to ensure overlap
data structures are cleaned up so long as you don't longjmp() out of
out of a signal handler that interrupted an i/o operation. Latencies
are also improved thanks to the removal of lots of "busy wait" code.
Waits should be optimal for everything except poll(), which shall be
the last and final demon we slay in the win32 i/o horror show.
- getrusage() on Windows is now able to report RUSAGE_CHILDREN as well
as RUSAGE_SELF, thanks to aggregation in the process manager thread.
2023-10-08 12:36:18 +00:00
|
|
|
* @cancelationpoint when `cmd` is `F_SETLKW` or `F_OFD_SETLKW`
|
2020-06-15 14:18:57 +00:00
|
|
|
* @asyncsignalsafe
|
2022-03-25 14:11:44 +00:00
|
|
|
* @restartable
|
2020-06-15 14:18:57 +00:00
|
|
|
*/
|
2020-10-27 10:39:46 +00:00
|
|
|
int fcntl(int fd, int cmd, ...) {
|
2022-03-25 14:11:44 +00:00
|
|
|
int rc;
|
2020-10-27 10:39:46 +00:00
|
|
|
va_list va;
|
2021-05-14 12:36:58 +00:00
|
|
|
uintptr_t arg;
|
2022-10-13 20:44:41 +00:00
|
|
|
|
2020-10-27 10:39:46 +00:00
|
|
|
va_start(va, cmd);
|
2021-05-14 12:36:58 +00:00
|
|
|
arg = va_arg(va, uintptr_t);
|
2020-10-27 10:39:46 +00:00
|
|
|
va_end(va);
|
2022-10-13 20:44:41 +00:00
|
|
|
|
Improve ZIP filesystem and change its prefix
The ZIP filesystem has a breaking change. You now need to use /zip/ to
open() / opendir() / etc. assets within the ZIP structure of your APE
binary, instead of the previous convention of using zip: or zip! URIs.
This is needed because Python likes to use absolute paths, and having
ZIP paths encoded like URIs simply broke too many things.
Many more system calls have been updated to be able to operate on ZIP
files and file descriptors. In particular fcntl() and ioctl() since
Python would do things like ask if a ZIP file is a terminal and get
confused when the old implementation mistakenly said yes, because the
fastest way to guarantee native file descriptors is to dup(2). This
change also improves the async signal safety of zipos and ensures it
doesn't maintain any open file descriptors beyond that which the user
has opened.
This change makes a lot of progress towards adding magic numbers that
are specific to platforms other than Linux. The philosophy here is that,
if you use an operating system like FreeBSD, then you should be able to
take advantage of FreeBSD exclusive features, even if we don't polyfill
them on other platforms. For example, you can now open() a file with the
O_VERIFY flag. If your program runs on other platforms, then Cosmo will
automatically set O_VERIFY to zero. This lets you safely use it without
the need for #ifdef or ifstatements which detract from readability.
One of the blindspots of the ASAN memory hardening we use to offer Rust
like assurances has always been that memory passed to the kernel via
system calls (e.g. writev) can't be checked automatically since the
kernel wasn't built with MODE=asan. This change makes more progress
ensuring that each system call will verify the soundness of memory
before it's passed to the kernel. The code for doing these checks is
fast, particularly for buffers, where it can verify 64 bytes a cycle.
- Correct O_LOOP definition on NT
- Introduce program_executable_name
- Add ASAN guards to more system calls
- Improve termios compatibility with BSDs
- Fix bug in Windows auxiliary value encoding
- Add BSD and XNU specific errnos and open flags
- Add check to ensure build doesn't talk to internet
2021-08-22 08:04:18 +00:00
|
|
|
if (fd >= 0) {
|
2022-10-13 20:44:41 +00:00
|
|
|
if (cmd >= 0) {
|
|
|
|
|
if (fd < g_fds.n && g_fds.p[fd].kind == kFdZip) {
|
|
|
|
|
rc = _weaken(__zipos_fcntl)(fd, cmd, arg);
|
|
|
|
|
} else if (!IsWindows()) {
|
2022-11-05 01:19:05 +00:00
|
|
|
if (cmd == F_SETLKW || cmd == F_OFD_SETLKW) {
|
Make improvements
- We now serialize the file descriptor table when spawning / executing
processes on Windows. This means you can now inherit more stuff than
just standard i/o. It's needed by bash, which duplicates the console
to file descriptor #255. We also now do a better job serializing the
environment variables, so you're less likely to encounter E2BIG when
using your bash shell. We also no longer coerce environ to uppercase
- execve() on Windows now remotely controls its parent process to make
them spawn a replacement for itself. Then it'll be able to terminate
immediately once the spawn succeeds, without having to linger around
for the lifetime as a shell process for proxying the exit code. When
process worker thread running in the parent sees the child die, it's
given a handle to the new child, to replace it in the process table.
- execve() and posix_spawn() on Windows will now provide CreateProcess
an explicit handle list. This allows us to remove handle locks which
enables better fork/spawn concurrency, with seriously correct thread
safety. Other codebases like Go use the same technique. On the other
hand fork() still favors the conventional WIN32 inheritence approach
which can be a little bit messy, but is *controlled* by guaranteeing
perfectly clean slates at both the spawning and execution boundaries
- sigset_t is now 64 bits. Having it be 128 bits was a mistake because
there's no reason to use that and it's only supported by FreeBSD. By
using the system word size, signal mask manipulation on Windows goes
very fast. Furthermore @asyncsignalsafe funcs have been rewritten on
Windows to take advantage of signal masking, now that it's much more
pleasant to use.
- All the overlapped i/o code on Windows has been rewritten for pretty
good signal and cancelation safety. We're now able to ensure overlap
data structures are cleaned up so long as you don't longjmp() out of
out of a signal handler that interrupted an i/o operation. Latencies
are also improved thanks to the removal of lots of "busy wait" code.
Waits should be optimal for everything except poll(), which shall be
the last and final demon we slay in the win32 i/o horror show.
- getrusage() on Windows is now able to report RUSAGE_CHILDREN as well
as RUSAGE_SELF, thanks to aggregation in the process manager thread.
2023-10-08 12:36:18 +00:00
|
|
|
BEGIN_CANCELATION_POINT;
|
2022-11-04 08:04:43 +00:00
|
|
|
rc = sys_fcntl(fd, cmd, arg, __sys_fcntl_cp);
|
Make improvements
- We now serialize the file descriptor table when spawning / executing
processes on Windows. This means you can now inherit more stuff than
just standard i/o. It's needed by bash, which duplicates the console
to file descriptor #255. We also now do a better job serializing the
environment variables, so you're less likely to encounter E2BIG when
using your bash shell. We also no longer coerce environ to uppercase
- execve() on Windows now remotely controls its parent process to make
them spawn a replacement for itself. Then it'll be able to terminate
immediately once the spawn succeeds, without having to linger around
for the lifetime as a shell process for proxying the exit code. When
process worker thread running in the parent sees the child die, it's
given a handle to the new child, to replace it in the process table.
- execve() and posix_spawn() on Windows will now provide CreateProcess
an explicit handle list. This allows us to remove handle locks which
enables better fork/spawn concurrency, with seriously correct thread
safety. Other codebases like Go use the same technique. On the other
hand fork() still favors the conventional WIN32 inheritence approach
which can be a little bit messy, but is *controlled* by guaranteeing
perfectly clean slates at both the spawning and execution boundaries
- sigset_t is now 64 bits. Having it be 128 bits was a mistake because
there's no reason to use that and it's only supported by FreeBSD. By
using the system word size, signal mask manipulation on Windows goes
very fast. Furthermore @asyncsignalsafe funcs have been rewritten on
Windows to take advantage of signal masking, now that it's much more
pleasant to use.
- All the overlapped i/o code on Windows has been rewritten for pretty
good signal and cancelation safety. We're now able to ensure overlap
data structures are cleaned up so long as you don't longjmp() out of
out of a signal handler that interrupted an i/o operation. Latencies
are also improved thanks to the removal of lots of "busy wait" code.
Waits should be optimal for everything except poll(), which shall be
the last and final demon we slay in the win32 i/o horror show.
- getrusage() on Windows is now able to report RUSAGE_CHILDREN as well
as RUSAGE_SELF, thanks to aggregation in the process manager thread.
2023-10-08 12:36:18 +00:00
|
|
|
END_CANCELATION_POINT;
|
2022-11-04 08:04:43 +00:00
|
|
|
} else {
|
|
|
|
|
rc = sys_fcntl(fd, cmd, arg, __sys_fcntl);
|
2023-12-01 08:51:01 +00:00
|
|
|
if (rc != -1 && (cmd == F_DUPFD || cmd == F_DUPFD_CLOEXEC) &&
|
|
|
|
|
__isfdkind(rc, kFdZip)) {
|
|
|
|
|
_weaken(__zipos_postdup)(fd, rc);
|
|
|
|
|
}
|
2022-11-04 08:04:43 +00:00
|
|
|
}
|
2022-10-13 20:44:41 +00:00
|
|
|
} else {
|
|
|
|
|
rc = sys_fcntl_nt(fd, cmd, arg);
|
|
|
|
|
}
|
Improve ZIP filesystem and change its prefix
The ZIP filesystem has a breaking change. You now need to use /zip/ to
open() / opendir() / etc. assets within the ZIP structure of your APE
binary, instead of the previous convention of using zip: or zip! URIs.
This is needed because Python likes to use absolute paths, and having
ZIP paths encoded like URIs simply broke too many things.
Many more system calls have been updated to be able to operate on ZIP
files and file descriptors. In particular fcntl() and ioctl() since
Python would do things like ask if a ZIP file is a terminal and get
confused when the old implementation mistakenly said yes, because the
fastest way to guarantee native file descriptors is to dup(2). This
change also improves the async signal safety of zipos and ensures it
doesn't maintain any open file descriptors beyond that which the user
has opened.
This change makes a lot of progress towards adding magic numbers that
are specific to platforms other than Linux. The philosophy here is that,
if you use an operating system like FreeBSD, then you should be able to
take advantage of FreeBSD exclusive features, even if we don't polyfill
them on other platforms. For example, you can now open() a file with the
O_VERIFY flag. If your program runs on other platforms, then Cosmo will
automatically set O_VERIFY to zero. This lets you safely use it without
the need for #ifdef or ifstatements which detract from readability.
One of the blindspots of the ASAN memory hardening we use to offer Rust
like assurances has always been that memory passed to the kernel via
system calls (e.g. writev) can't be checked automatically since the
kernel wasn't built with MODE=asan. This change makes more progress
ensuring that each system call will verify the soundness of memory
before it's passed to the kernel. The code for doing these checks is
fast, particularly for buffers, where it can verify 64 bytes a cycle.
- Correct O_LOOP definition on NT
- Introduce program_executable_name
- Add ASAN guards to more system calls
- Improve termios compatibility with BSDs
- Fix bug in Windows auxiliary value encoding
- Add BSD and XNU specific errnos and open flags
- Add check to ensure build doesn't talk to internet
2021-08-22 08:04:18 +00:00
|
|
|
} else {
|
2022-10-13 20:44:41 +00:00
|
|
|
rc = einval();
|
Improve ZIP filesystem and change its prefix
The ZIP filesystem has a breaking change. You now need to use /zip/ to
open() / opendir() / etc. assets within the ZIP structure of your APE
binary, instead of the previous convention of using zip: or zip! URIs.
This is needed because Python likes to use absolute paths, and having
ZIP paths encoded like URIs simply broke too many things.
Many more system calls have been updated to be able to operate on ZIP
files and file descriptors. In particular fcntl() and ioctl() since
Python would do things like ask if a ZIP file is a terminal and get
confused when the old implementation mistakenly said yes, because the
fastest way to guarantee native file descriptors is to dup(2). This
change also improves the async signal safety of zipos and ensures it
doesn't maintain any open file descriptors beyond that which the user
has opened.
This change makes a lot of progress towards adding magic numbers that
are specific to platforms other than Linux. The philosophy here is that,
if you use an operating system like FreeBSD, then you should be able to
take advantage of FreeBSD exclusive features, even if we don't polyfill
them on other platforms. For example, you can now open() a file with the
O_VERIFY flag. If your program runs on other platforms, then Cosmo will
automatically set O_VERIFY to zero. This lets you safely use it without
the need for #ifdef or ifstatements which detract from readability.
One of the blindspots of the ASAN memory hardening we use to offer Rust
like assurances has always been that memory passed to the kernel via
system calls (e.g. writev) can't be checked automatically since the
kernel wasn't built with MODE=asan. This change makes more progress
ensuring that each system call will verify the soundness of memory
before it's passed to the kernel. The code for doing these checks is
fast, particularly for buffers, where it can verify 64 bytes a cycle.
- Correct O_LOOP definition on NT
- Introduce program_executable_name
- Add ASAN guards to more system calls
- Improve termios compatibility with BSDs
- Fix bug in Windows auxiliary value encoding
- Add BSD and XNU specific errnos and open flags
- Add check to ensure build doesn't talk to internet
2021-08-22 08:04:18 +00:00
|
|
|
}
|
2020-06-15 14:18:57 +00:00
|
|
|
} else {
|
2022-10-13 20:44:41 +00:00
|
|
|
rc = ebadf();
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-29 11:45:54 +00:00
|
|
|
#if SYSDEBUG
|
2023-08-21 09:28:24 +00:00
|
|
|
if (rc != -1 && cmd == F_GETFL) {
|
|
|
|
|
STRACE("fcntl(%d, F_GETFL) → %s", fd, DescribeOpenFlags(rc));
|
|
|
|
|
} else if (cmd == F_SETFL) {
|
|
|
|
|
STRACE("fcntl(%d, F_SETFL, %s) → %d% m", fd, DescribeOpenFlags(arg), rc);
|
|
|
|
|
} else if (cmd == F_GETFD || //
|
|
|
|
|
cmd == F_GETOWN || //
|
|
|
|
|
cmd == F_FULLFSYNC || //
|
|
|
|
|
cmd == F_BARRIERFSYNC || //
|
|
|
|
|
cmd == F_MAXFD) {
|
2022-10-13 20:44:41 +00:00
|
|
|
STRACE("fcntl(%d, %s) → %d% m", fd, DescribeFcntlCmd(cmd), rc);
|
|
|
|
|
} else if (cmd == F_GETFL) {
|
|
|
|
|
STRACE("fcntl(%d, %s) → %s% m", fd, DescribeFcntlCmd(cmd),
|
|
|
|
|
DescribeOpenFlags(rc));
|
|
|
|
|
} else if (cmd == F_SETLK || //
|
|
|
|
|
cmd == F_SETLKW || //
|
|
|
|
|
cmd == F_GETLK || //
|
|
|
|
|
((SupportsLinux() || SupportsXnu()) && //
|
|
|
|
|
cmd != -1 && //
|
|
|
|
|
(cmd == F_OFD_SETLK || //
|
|
|
|
|
cmd == F_OFD_SETLKW || //
|
|
|
|
|
cmd == F_OFD_GETLK))) {
|
|
|
|
|
STRACE("fcntl(%d, %s, %s) → %d% m", fd, DescribeFcntlCmd(cmd),
|
|
|
|
|
DescribeFlock(cmd, (struct flock *)arg), rc);
|
|
|
|
|
} else if ((SupportsNetbsd() || SupportsXnu()) && cmd != -1 &&
|
|
|
|
|
cmd == F_GETPATH) {
|
|
|
|
|
STRACE("fcntl(%d, %s, [%s]) → %d% m", fd, DescribeFcntlCmd(cmd),
|
|
|
|
|
!rc ? (const char *)arg : "n/a", rc);
|
|
|
|
|
} else if (SupportsLinux() && cmd != -1 && cmd == F_NOTIFY) {
|
|
|
|
|
STRACE("fcntl(%d, %s, %s) → %d% m", fd, DescribeFcntlCmd(cmd),
|
|
|
|
|
DescribeDnotifyFlags(arg), rc);
|
|
|
|
|
} else {
|
2023-06-15 00:02:57 +00:00
|
|
|
STRACE("fcntl(%d, %s, %ld) → %d% m", fd, DescribeFcntlCmd(cmd), arg, rc);
|
2020-06-15 14:18:57 +00:00
|
|
|
}
|
2022-10-13 20:44:41 +00:00
|
|
|
#endif
|
|
|
|
|
|
2022-03-25 14:11:44 +00:00
|
|
|
return rc;
|
2020-06-15 14:18:57 +00:00
|
|
|
}
|
