Improve upon the new pledge command

libc/calls/calls.h

@@ -111,6 +111,8 @@ int getresuid(uint32_t *, uint32_t *, uint32_t *);
 int getsid(int) nosideeffect libcesque;
 int gettid(void) libcesque;
 int getuid(void) nosideeffect libcesque;
+int ioprio_get(int, int);
+int ioprio_set(int, int, int);
 int kill(int, int);
 int killpg(int, int);
 int link(const char *, const char *) dontthrow;

libc/intrin/exit.c

@@ -43,6 +43,11 @@ privileged wontreturn void _Exit(int exitcode) {
                  : /* no outputs */
                  : "a"(__NR_exit_group), "D"(exitcode)
                  : "rcx", "r11", "memory");
+    // this should only be possible on Linux in a pledge ultra sandbox
+    asm volatile("syscall"
+                 : /* no outputs */
+                 : "a"(__NR_exit), "D"(exitcode)
+                 : "rcx", "r11", "memory");
   } else if (IsWindows()) {
     ExitProcess(exitcode);
   }

libc/mem/pledge.c

@@ -59,11 +59,11 @@ struct Filter {
 };
 
 static const uint16_t kPledgeLinuxDefault[] = {
-    __NR_linux_exit,        //
-    __NR_linux_exit_group,  //
+    __NR_linux_exit,  //
 };
 
 static const uint16_t kPledgeLinuxStdio[] = {
+    __NR_linux_exit_group,         //
     __NR_linux_clock_getres,       //
     __NR_linux_clock_gettime,      //
     __NR_linux_clock_nanosleep,    //
@@ -1132,7 +1132,7 @@ static int sys_pledge_linux(const char *promises, const char *execpromises) {
  * `promises` is a string that may include any of the following groups
  * delimited by spaces.
  *
- * - "stdio" allows close, dup, dup2, dup3, fchdir, fstat, fsync,
+ * - "stdio" allows exit, close, dup, dup2, dup3, fchdir, fstat, fsync,
  *   fdatasync, ftruncate, getdents, getegid, getrandom, geteuid,
  *   getgid, getgroups, getitimer, getpgid, getpgrp, getpid, getppid,
  *   getresgid, getresuid, getrlimit, getsid, wait4, gettimeofday,

libc/runtime/stack.h

@@ -48,6 +48,23 @@
 #define STATIC_STACK_ADDR(ADDR) \
   STATIC_SYMBOL("ape_stack_vaddr", _STACK_STRINGIFY(ADDR))
 
+/**
+ * Makes program stack executable if declared, e.g.
+ *
+ *     STATIC_EXEC_STACK();
+ *     int main() {
+ *       char code[16] = {
+ *           0x55,                          // push %rbp
+ *           0xb8, 0007, 0x00, 0x00, 0x00,  // mov  $7,%eax
+ *           0x5d,                          // push %rbp
+ *           0xc3,                          // ret
+ *       };
+ *       int (*func)(void) = (void *)code;
+ *       printf("result %d should be 7\n", func());
+ *     }
+ */
+#define STATIC_EXEC_STACK() STATIC_SYMBOL("ape_stack_pf", "7")
+
 #define _STACK_STRINGIFY(ADDR) #ADDR
 
 #if IsAsan()

libc/sysv/consts/ioprio.h

@@ -0,0 +1,30 @@
+#ifndef COSMOPOLITAN_LIBC_SYSV_CONSTS_IOPRIO_H_
+#define COSMOPOLITAN_LIBC_SYSV_CONSTS_IOPRIO_H_
+
+#define IOPRIO_WHO_PROCESS 1
+#define IOPRIO_WHO_PGRP    2
+#define IOPRIO_WHO_USER    3
+
+#define IOPRIO_CLASS_SHIFT 13
+#define IOPRIO_CLASS_MASK  0x07
+#define IOPRIO_PRIO_MASK   ((1UL << IOPRIO_CLASS_SHIFT) - 1)
+
+#define IOPRIO_PRIO_CLASS(ioprio) \
+  (((ioprio) >> IOPRIO_CLASS_SHIFT) & IOPRIO_CLASS_MASK)
+#define IOPRIO_PRIO_DATA(ioprio) ((ioprio)&IOPRIO_PRIO_MASK)
+#define IOPRIO_PRIO_VALUE(class, data)                     \
+  ((((class) & IOPRIO_CLASS_MASK) << IOPRIO_CLASS_SHIFT) | \
+   ((data)&IOPRIO_PRIO_MASK))
+
+#define IOPRIO_CLASS_NONE 0
+#define IOPRIO_CLASS_RT   1
+#define IOPRIO_CLASS_BE   2
+#define IOPRIO_CLASS_IDLE 3
+
+#define IOPRIO_NR_LEVELS 8
+#define IOPRIO_BE_NR     IOPRIO_NR_LEVELS
+
+#define IOPRIO_NORM    4
+#define IOPRIO_BE_NORM IOPRIO_NORM
+
+#endif /* COSMOPOLITAN_LIBC_SYSV_CONSTS_IOPRIO_H_ */