mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-05-23 05:42:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add seccomp bpf sandboxing to redbean

Browse source 
It's now possible to pass the `-S` or `-SS` flags to sandbox redbean
worker proecsses after they've been forked. The first `-S` flag is
intended to be a permissive builtin policy that limits system calls to
only that which the various parts of redbean serving need. The second
`-SS` flag is intended to be more restrictive, preventing things like
the Lua extensions you download off the web from using the HTTP client
or sockets APIs. In upcoming changes you'll be able to implement your
own Berkeley Packet Filter sandbox programs and load them via Lua.
This commit is contained in:
Justine Tunney 2022-04-18 08:54:42 -07:00
parent 7166679620
commit 5a132f9652
79 changed files with 2271 additions and 651 deletions
Download patch file Download diff file Expand all files Collapse all files

10
libc/calls/issandboxed.h
View file

@ -1,10 +0,0 @@
#ifndef COSMOPOLITAN_LIBC_CALLS_ISSANDBOXED_INTERNAL_H_
#define COSMOPOLITAN_LIBC_CALLS_ISSANDBOXED_INTERNAL_H_
#if !(__ASSEMBLER__ + __LINKER__ + 0)
COSMOPOLITAN_C_START_
extern bool __issandboxed;
COSMOPOLITAN_C_END_
#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
#endif /* COSMOPOLITAN_LIBC_CALLS_ISSANDBOXED_INTERNAL_H_ */

17
libc/calls/prctl.c
View file

@ -19,8 +19,22 @@
#include "libc/calls/calls.h"
#include "libc/calls/strace.internal.h"
#include "libc/errno.h"
#include "libc/sysv/consts/pr.h"
#include "libc/sysv/errfuns.h"
static const char *DescribePrctlOperation(int x) {
switch (x) {
case PR_SET_NO_NEW_PRIVS:
return "PR_SET_NO_NEW_PRIVS";
case PR_SET_SECCOMP:
return "PR_SET_SECCOMP";
case PR_GET_SECCOMP:
return "PR_GET_SECCOMP";
default:
return "PRCTL_???";
}
}
/**
* Tunes process on Linux.
*
@ -47,6 +61,7 @@ int prctl(int operation, ...) {
} else {
rc = enosys();
}
STRACE("seccomp(%d, %p, %p, %p, %p) → %d% m", operation, a, b, c, d, rc);
STRACE("prctl(%s, %p, %p, %p, %p) → %d% m", DescribePrctlOperation(operation),
a, b, c, d, rc);
return rc;
}

20
libc/calls/readv.c
View file

@ -42,8 +42,7 @@
*/
ssize_t readv(int fd, const struct iovec *iov, int iovlen) {
int i;
ssize_t rc, rem;
ssize_t rc;
if (fd >= 0 && iovlen >= 0) {
if (IsAsan() && !__asan_is_valid_iov(iov, iovlen)) {
rc = efault();
@ -66,27 +65,16 @@ ssize_t readv(int fd, const struct iovec *iov, int iovlen) {
} else {
rc = einval();
}
#if defined(SYSDEBUG) && _DATATRACE
if (__strace > 0) {
if (rc == -1 && errno == EFAULT) {
STRACE("readv(%d, %p, %d) → %'zd% m", fd, iov, iovlen, rc);
} else {
rem = rc != -1 ? rc : 0;
kprintf(STRACE_PROLOGUE "readv(%d, [{", fd);
for (i = 0; i < MIN(5, iovlen); ++i) {
kprintf("%s{%#.*hhs%s, %'zu}", i ? ", " : "",
MAX(0, MIN(40, MIN(rem, iov[i].iov_len))), iov[i].iov_base,
MAX(0, MIN(40, MIN(rem, iov[i].iov_len))) < iov[i].iov_len
? "..."
: "",
iov[i].iov_len);
rem -= iov[i].iov_len;
}
kprintf("%s}], %d) → %'ld% m%n", iovlen > 5 ? "..." : "", iovlen, rc);
kprintf(STRACE_PROLOGUE "readv(%d, [", fd);
__strace_iov(iov, iovlen, rc != -1 ? rc : 0);
kprintf("], %d) → %'ld% m%n", iovlen, rc);
}
}
#endif
return rc;
}

22
libc/calls/seccomp.c
View file

@ -17,15 +17,29 @@
PERFORMANCE OF THIS SOFTWARE.
*/
#include "libc/calls/calls.h"
#include "libc/calls/issandboxed.h"
#include "libc/calls/strace.internal.h"
#include "libc/calls/struct/seccomp.h"
#include "libc/dce.h"
#include "libc/errno.h"
#include "libc/intrin/describeflags.internal.h"
#include "libc/sysv/consts/pr.h"
#include "libc/sysv/consts/seccomp.h"
#include "libc/sysv/errfuns.h"
static const char *DescribeSeccompOperation(int x) {
switch (x) {
case SECCOMP_SET_MODE_STRICT:
return "SECCOMP_SET_MODE_STRICT";
case SECCOMP_SET_MODE_FILTER:
return "SECCOMP_SET_MODE_FILTER";
case SECCOMP_GET_ACTION_AVAIL:
return "SECCOMP_GET_ACTION_AVAIL";
case SECCOMP_GET_NOTIF_SIZES:
return "SECCOMP_GET_NOTIF_SIZES";
default:
return "SECCOMP_???";
}
}
/**
* Tunes Linux security policy.
*
@ -63,7 +77,7 @@ int seccomp(unsigned operation, unsigned flags, void *args) {
} else {
rc = enosys();
}
STRACE("seccomp(%s, %#x, %p) → %d% m",
DescribeSeccompOperationFlags(operation), flags, args, rc);
STRACE("seccomp(%s, %#x, %p) → %d% m", DescribeSeccompOperation(operation),
flags, args, rc);
return rc;
}

2
libc/calls/strace.internal.h
View file

@ -1,5 +1,6 @@
#ifndef COSMOPOLITAN_LIBC_CALLS_STRACE_INTERNAL_H_
#define COSMOPOLITAN_LIBC_CALLS_STRACE_INTERNAL_H_
#include "libc/calls/struct/iovec.h"
#include "libc/calls/struct/rlimit.h"
#include "libc/calls/struct/sigaction.h"
#include "libc/calls/struct/stat.h"
@ -53,6 +54,7 @@ COSMOPOLITAN_C_START_
extern int __strace;
void __stracef(const char *, ...);
void __strace_iov(const struct iovec *, int, ssize_t);
const char *__strace_stat(int, const struct stat *);
const char *__strace_sigaction(char *, size_t, int, const struct sigaction *);
const char *__strace_sigset(char[41], size_t, int, const sigset_t *);

28
libc/intrin/describeseccompoperationflags.greg.c → libc/calls/strace_iov.greg.c
View file

@ -16,20 +16,20 @@
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
*/
#include "libc/intrin/describeflags.internal.h"
#include "libc/calls/strace.internal.h"
#include "libc/intrin/kprintf.h"
#include "libc/macros.internal.h"
#include "libc/sysv/consts/seccomp.h"
const struct DescribeFlags kSeccompOperationFlags[] = {
{SECCOMP_GET_NOTIF_SIZES, "GET_NOTIF_SIZES"}, // order matters
{SECCOMP_GET_ACTION_AVAIL, "GET_ACTION_AVAIL"}, //
{SECCOMP_SET_MODE_FILTER, "SET_MODE_FILTER"}, //
{SECCOMP_SET_MODE_STRICT, "SET_MODE_STRICT"}, //
};
const char *DescribeSeccompOperationFlags(int x) {
static char seccompflags[128];
return DescribeFlags(seccompflags, sizeof(seccompflags),
kSeccompOperationFlags, ARRAYLEN(kSeccompOperationFlags),
"SECCOMP_", x);
void __strace_iov(const struct iovec *iov, int iovlen, ssize_t rem) {
int i;
kprintf("{");
for (i = 0; rem && i < MIN(5, iovlen); ++i) {
kprintf(
"%s{%#.*hhs%s, %'zu}", i ? ", " : "",
MAX(0, MIN(40, MIN(rem, iov[i].iov_len))), iov[i].iov_base,
MAX(0, MIN(40, MIN(rem, iov[i].iov_len))) < iov[i].iov_len ? "..." : "",
iov[i].iov_len);
rem -= iov[i].iov_len;
}
kprintf("%s}", iovlen > 5 ? "..." : "");
}

1341
libc/calls/struct/bpf.h Normal file
View file

File diff suppressed because it is too large Load diff

59
libc/calls/struct/filter.h Normal file
View file

@ -0,0 +1,59 @@
#ifndef COSMOPOLITAN_LIBC_CALLS_STRUCT_FILTER_H_
#define COSMOPOLITAN_LIBC_CALLS_STRUCT_FILTER_H_
#if !(__ASSEMBLER__ + __LINKER__ + 0)
COSMOPOLITAN_C_START_
#define BPF_MAJOR_VERSION 1
#define BPF_MINOR_VERSION 1
struct sock_filter {
uint16_t code;
uint8_t jt;
uint8_t jf;
uint32_t k;
};
struct sock_fprog {
unsigned short len;
struct sock_filter *filter;
};
#define BPF_RVAL(code) ((code)&0x18)
#define BPF_A 0x10
#define BPF_MISCOP(code) ((code)&0xf8)
#define BPF_TAX 0x00
#define BPF_TXA 0x80
#define BPF_STMT(code, k) \
{ (unsigned short)(code), 0, 0, k }
#define BPF_JUMP(code, k, jt, jf) \
{ (unsigned short)(code), jt, jf, k }
#define BPF_MEMWORDS 16
#define SKF_AD_OFF (-0x1000)
#define SKF_AD_PROTOCOL 0
#define SKF_AD_PKTTYPE 4
#define SKF_AD_IFINDEX 8
#define SKF_AD_NLATTR 12
#define SKF_AD_NLATTR_NEST 16
#define SKF_AD_MARK 20
#define SKF_AD_QUEUE 24
#define SKF_AD_HATYPE 28
#define SKF_AD_RXHASH 32
#define SKF_AD_CPU 36
#define SKF_AD_ALU_XOR_X 40
#define SKF_AD_VLAN_TAG 44
#define SKF_AD_VLAN_TAG_PRESENT 48
#define SKF_AD_PAY_OFFSET 52
#define SKF_AD_RANDOM 56
#define SKF_AD_VLAN_TPID 60
#define SKF_AD_MAX 64
#define SKF_NET_OFF (-0x100000)
#define SKF_LL_OFF (-0x200000)
#define BPF_NET_OFF SKF_NET_OFF
#define BPF_LL_OFF SKF_LL_OFF
COSMOPOLITAN_C_END_
#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
#endif /* COSMOPOLITAN_LIBC_CALLS_STRUCT_FILTER_H_ */

23
libc/calls/struct/hog.py Normal file
View file

@ -0,0 +1,23 @@
s="""
BPF_SOCK_OPS_VOID,
BPF_SOCK_OPS_TIMEOUT_INIT,
BPF_SOCK_OPS_RWND_INIT,
BPF_SOCK_OPS_TCP_CONNECT_CB,
BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB,
BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB,
BPF_SOCK_OPS_NEEDS_ECN,
BPF_SOCK_OPS_BASE_RTT,
BPF_SOCK_OPS_RTO_CB,
BPF_SOCK_OPS_RETRANS_CB,
BPF_SOCK_OPS_STATE_CB,
BPF_SOCK_OPS_TCP_LISTEN_CB,
BPF_SOCK_OPS_RTT_CB,
BPF_SOCK_OPS_PARSE_HDR_OPT_CB,
BPF_SOCK_OPS_HDR_OPT_LEN_CB,
BPF_SOCK_OPS_WRITE_HDR_OPT_CB,
"""
i = 0
for x in s.replace(',','').split():
print("#define %s %d" % (x, i))
i += 1

48
libc/calls/struct/seccomp.h
View file

@ -1,8 +1,45 @@
#ifndef COSMOPOLITAN_LIBC_CALLS_STRUCT_SECCOMP_H_
#define COSMOPOLITAN_LIBC_CALLS_STRUCT_SECCOMP_H_
#define SECCOMP_SET_MODE_STRICT 0
#define SECCOMP_SET_MODE_FILTER 1
#define SECCOMP_GET_ACTION_AVAIL 2
#define SECCOMP_GET_NOTIF_SIZES 3
#define SECCOMP_FILTER_FLAG_TSYNC (1UL << 0)
#define SECCOMP_FILTER_FLAG_LOG (1UL << 1)
#define SECCOMP_FILTER_FLAG_SPEC_ALLOW (1UL << 2)
#define SECCOMP_FILTER_FLAG_NEW_LISTENER (1UL << 3)
#define SECCOMP_FILTER_FLAG_TSYNC_ESRCH (1UL << 4)
#define SECCOMP_RET_KILL_PROCESS 0x80000000U
#define SECCOMP_RET_KILL_THREAD 0x00000000U
#define SECCOMP_RET_KILL SECCOMP_RET_KILL_THREAD
#define SECCOMP_RET_TRAP 0x00030000U
#define SECCOMP_RET_ERRNO 0x00050000U
#define SECCOMP_RET_USER_NOTIF 0x7fc00000U
#define SECCOMP_RET_TRACE 0x7ff00000U
#define SECCOMP_RET_LOG 0x7ffc0000U
#define SECCOMP_RET_ALLOW 0x7fff0000U
#define SECCOMP_RET_ACTION_FULL 0xffff0000U
#define SECCOMP_RET_ACTION 0x7fff0000U
#define SECCOMP_RET_DATA 0x0000ffffU
#define SECCOMP_USER_NOTIF_FLAG_CONTINUE (1UL << 0)
#define SECCOMP_ADDFD_FLAG_SETFD (1UL << 0)
#define SECCOMP_ADDFD_FLAG_SEND (1UL << 1)
#if !(__ASSEMBLER__ + __LINKER__ + 0)
COSMOPOLITAN_C_START_
#define SECCOMP_IOC_MAGIC '!'
#define SECCOMP_IO(nr) _IO(SECCOMP_IOC_MAGIC, nr)
#define SECCOMP_IOR(nr, type) _IOR(SECCOMP_IOC_MAGIC, nr, type)
#define SECCOMP_IOW(nr, type) _IOW(SECCOMP_IOC_MAGIC, nr, type)
#define SECCOMP_IOWR(nr, type) _IOWR(SECCOMP_IOC_MAGIC, nr, type)
#define SECCOMP_IOCTL_NOTIF_RECV SECCOMP_IOWR(0, struct seccomp_notif)
#define SECCOMP_IOCTL_NOTIF_SEND SECCOMP_IOWR(1, struct seccomp_notif_resp)
#define SECCOMP_IOCTL_NOTIF_ID_VALID SECCOMP_IOW(2, __u64)
#define SECCOMP_IOCTL_NOTIF_ADDFD SECCOMP_IOW(3, struct seccomp_notif_addfd)
struct seccomp_data {
int32_t nr;
uint32_t arch;
@ -38,17 +75,6 @@ struct seccomp_notif_addfd {
uint32_t newfd_flags;
};
#define SECCOMP_IOC_MAGIC '!'
#define SECCOMP_IO(nr) _IO(SECCOMP_IOC_MAGIC, nr)
#define SECCOMP_IOR(nr, type) _IOR(SECCOMP_IOC_MAGIC, nr, type)
#define SECCOMP_IOW(nr, type) _IOW(SECCOMP_IOC_MAGIC, nr, type)
#define SECCOMP_IOWR(nr, type) _IOWR(SECCOMP_IOC_MAGIC, nr, type)
#define SECCOMP_IOCTL_NOTIF_RECV SECCOMP_IOWR(0, struct seccomp_notif)
#define SECCOMP_IOCTL_NOTIF_SEND SECCOMP_IOWR(1, struct seccomp_notif_resp)
#define SECCOMP_IOCTL_NOTIF_ID_VALID SECCOMP_IOW(2, __u64)
#define SECCOMP_IOCTL_NOTIF_ADDFD SECCOMP_IOW(3, struct seccomp_notif_addfd)
COSMOPOLITAN_C_END_
#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
#endif /* COSMOPOLITAN_LIBC_CALLS_STRUCT_SECCOMP_H_ */

17
libc/calls/writev.c
View file

@ -47,7 +47,7 @@
*/
ssize_t writev(int fd, const struct iovec *iov, int iovlen) {
int i;
ssize_t rc, rem;
ssize_t rc;
if (fd >= 0 && iovlen >= 0) {
if (IsAsan() && !__asan_is_valid_iov(iov, iovlen)) {
@ -77,18 +77,9 @@ ssize_t writev(int fd, const struct iovec *iov, int iovlen) {
if (rc == -1 && errno == EFAULT) {
STRACE("writev(%d, %p, %d) → %'zd% m", fd, iov, iovlen, rc);
} else {
rem = rc != -1 ? rc : 0;
kprintf(STRACE_PROLOGUE "writev(%d, {", fd);
for (i = 0; i < MIN(5, iovlen); ++i) {
kprintf("%s{%#.*hhs%s, %'zu}", i ? ", " : "",
MAX(0, MIN(40, MIN(rem, iov[i].iov_len))), iov[i].iov_base,
MAX(0, MIN(40, MIN(rem, iov[i].iov_len))) < iov[i].iov_len
? "..."
: "",
iov[i].iov_len);
rem -= iov[i].iov_len;
}
kprintf("%s}, %d) → %'ld% m%n", iovlen > 5 ? "..." : "", iovlen, rc);
kprintf(STRACE_PROLOGUE "readv(%d, ", fd);
__strace_iov(iov, iovlen, rc != -1 ? rc : 0);
kprintf(", %d) → %'ld% m%n", iovlen, rc);
}
}
#endif

3
libc/intrin/isdebuggerpresent.greg.c
View file

@ -16,7 +16,6 @@
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
*/
#include "libc/calls/issandboxed.h"
#include "libc/dce.h"
#include "libc/log/libfatal.internal.h"
#include "libc/log/log.h"
@ -39,7 +38,7 @@ noasan noubsan int IsDebuggerPresent(bool force) {
if (!force && IsGenuineCosmo()) return 0;
if (!force && getenv("HEISENDEBUG")) return 0;
if (IsWindows()) return NtGetPeb()->BeingDebugged; /* needs noasan */
if (__issandboxed) return false;
if (__isworker) return false;
res = 0;
if ((fd = __sysv_open("/proc/self/status", O_RDONLY, 0)) >= 0) {
if ((got = __sysv_read(fd, buf, sizeof(buf) - 1)) > 0) {

10
libc/intrin/issandboxed.c → libc/intrin/isworker.c
View file

@ -18,5 +18,11 @@
*/
#include "libc/calls/calls.h"
// SECCOMP_SET_MODE_STRICT
bool __issandboxed;
/**
* Indicates if current execution context is a worker task.
*
* Setting this to true on things like the forked process of a web
* server is a good idea since it'll ask the C runtime to not pull
* magical stunts like attaching GDB to the process on crash.
*/
bool __isworker;

33
libc/intrin/kprintf.greg.c
View file

@ -246,7 +246,7 @@ privileged static size_t kformat(char *b, size_t n, const char *fmt, va_list va,
const char *s, *f;
unsigned long long x;
unsigned i, j, m, rem, sign, hash, cols, prec;
char c, *p, *e, pdot, zero, flip, dang, base, quot, z[128];
char c, *p, *e, pdot, zero, flip, dang, base, quot, uppr, z[128];
if (kistextpointer(b) || kisdangerous(b)) n = 0;
if (!kistextpointer(fmt)) fmt = "!!WONTFMT";
p = b;
@ -270,6 +270,7 @@ privileged static size_t kformat(char *b, size_t n, const char *fmt, va_list va,
type = 0;
cols = 0;
zero = 0;
uppr = 0;
abet = "0123456789abcdef";
for (;;) {
switch ((c = *f++)) {
@ -302,6 +303,10 @@ privileged static size_t kformat(char *b, size_t n, const char *fmt, va_list va,
sign = c;
continue;
case '^':
uppr = c;
continue;
case 'h':
--type;
continue;
@ -507,6 +512,12 @@ privileged static size_t kformat(char *b, size_t n, const char *fmt, va_list va,
type = 0;
goto FormatString;
} else {
if (p + 4 <= e) {
*p++ = 'e';
*p++ = 'r';
*p++ = 'r';
*p++ = '=';
}
type = 0;
x = unixerr;
goto FormatDecimal;
@ -558,10 +569,6 @@ privileged static size_t kformat(char *b, size_t n, const char *fmt, va_list va,
goto FormatString;
}
case 'S':
c = 's';
type = 1;
// fallthrough
case 's':
if (!(s = va_arg(va, const void *))) {
s = sign != ' ' ? "NULL" : "";
@ -598,6 +605,9 @@ privileged static size_t kformat(char *b, size_t n, const char *fmt, va_list va,
if ((t & 0300) == 0200) goto ActuallyEmitByte;
++i;
EmitByte:
if (uppr && 'a' <= t && t <= 'z') {
t -= 'a' - 'A';
}
if (UNLIKELY(quot) && (t == '\\' || ((t == '"' && c == 's') ||
(t == '\'' && c == 'c')))) {
if (p + 2 <= e) {
@ -671,9 +681,15 @@ privileged static size_t kformat(char *b, size_t n, const char *fmt, va_list va,
if (!t) break;
++i;
EmitChar:
if (t <= 0x7f) {
goto EmitByte;
} else if (t <= 0x7ff) {
if (t <= 0x7f) goto EmitByte;
if (uppr) {
if (weaken(towupper)) {
t = weaken(towupper)(t);
} else if (uppr && 'a' <= t && t <= 'z') {
t -= 'a' - 'A';
}
}
if (t <= 0x7ff) {
if (p + 2 <= e) {
p[0] = 0300 | (t >> 6);
p[1] = 0200 | (t & 077);
@ -886,6 +902,7 @@ privileged void kvprintf(const char *fmt, va_list v) {
* - `+` plus leftpad if positive (aligns w/ negatives)
* - ` ` space leftpad if positive (aligns w/ negatives)
* - `#` represent value with literal syntax, e.g. 0x, 0b, quotes
* - `^` uppercasing w/ towupper() if linked, otherwise toupper()
*
* Error numbers:
*

3
libc/log/backtrace2.c
View file

@ -21,7 +21,6 @@
#include "libc/bits/safemacros.internal.h"
#include "libc/bits/weaken.h"
#include "libc/calls/calls.h"
#include "libc/calls/issandboxed.h"
#include "libc/calls/sigbits.h"
#include "libc/calls/strace.internal.h"
#include "libc/dce.h"
@ -160,7 +159,7 @@ static int PrintBacktraceUsingAddr2line(int fd, const struct StackFrame *bp) {
}
static int PrintBacktrace(int fd, const struct StackFrame *bp) {
if (!IsTiny() && !__issandboxed) {
if (!IsTiny() && !__isworker) {
if (PrintBacktraceUsingAddr2line(fd, bp) != -1) {
return 0;
}

57
libc/log/checkfail.c
View file

@ -21,6 +21,7 @@
#include "libc/calls/strace.internal.h"
#include "libc/errno.h"
#include "libc/fmt/fmt.h"
#include "libc/intrin/kprintf.h"
#include "libc/log/check.h"
#include "libc/log/color.internal.h"
#include "libc/log/internal.h"
@ -28,6 +29,9 @@
#include "libc/log/log.h"
#include "libc/runtime/memtrack.internal.h"
#include "libc/runtime/runtime.h"
#include "libc/stdio/stdio.h"
STATIC_YOINK("strerror_wr");
/**
* Handles failure of CHECK_xx() macros.
@ -44,59 +48,26 @@ relegated void __check_fail(const char *suffix, const char *opstr,
__strace = 0;
g_ftrace = 0;
e = errno;
p = __fatalbuf;
__start_fatal(file, line);
__stpcpy(hostname, "unknown");
gethostname(hostname, sizeof(hostname));
p = __stpcpy(p, "check failed on ");
p = __stpcpy(p, hostname);
p = __stpcpy(p, " pid ");
p = __intcpy(p, __getpid());
p = __stpcpy(p, "\n");
p = __stpcpy(p, "\tCHECK_");
for (; *suffix; ++suffix) {
*p++ = *suffix - ('a' <= *suffix && *suffix <= 'z') * 32;
}
p = __stpcpy(p, "(");
p = __stpcpy(p, wantstr);
p = __stpcpy(p, ", ");
p = __stpcpy(p, gotstr);
p = __stpcpy(p, ");\n\t\t → 0x");
p = __hexcpy(p, want);
p = __stpcpy(p, " (");
p = __stpcpy(p, wantstr);
p = __stpcpy(p, ")\n\t\t");
p = __stpcpy(p, opstr);
p = __stpcpy(p, " 0x");
p = __hexcpy(p, got);
p = __stpcpy(p, " (");
p = __stpcpy(p, gotstr);
p = __stpcpy(p, ")\n");
kprintf("check failed on %s pid %d%n", hostname, getpid());
kprintf("\tCHECK_%^s(%s, %s);%n", suffix, wantstr, gotstr);
kprintf("\t\t → %p (%s)%n", want, wantstr);
kprintf("\t\t%s %p (%s)%n", opstr, got, gotstr);
if (!isempty(fmt)) {
*p++ = '\t';
kprintf("\t");
va_start(va, fmt);
p += (vsprintf)(p, fmt, va);
kvprintf(fmt, va);
va_end(va);
*p++ = '\n';
kprintf("%n");
}
p = __stpcpy(p, "\t");
p = __stpcpy(p, strerror(e));
p = __stpcpy(p, "\n\t");
p = __stpcpy(p, SUBTLE);
p = __stpcpy(p, program_invocation_name);
if (__argc > 1) p = __stpcpy(p, " \\");
p = __stpcpy(p, RESET);
p = __stpcpy(p, "\n");
__write(__fatalbuf, p - __fatalbuf);
kprintf("\t%m%n\t%s%s", SUBTLE, program_invocation_name);
for (i = 1; i < __argc; ++i) {
p = __fatalbuf;
p = __stpcpy(p, "\t\t");
p = __stpcpy(p, __argv[i]);
if (i < __argc - 1) p = __stpcpy(p, " \\");
p = __stpcpy(p, "\n");
kprintf(" %s", __argv[i]);
}
kprintf("%s%n", RESET);
if (!IsTiny() && e == ENOMEM) {
__write("\n", 1);
PrintMemoryIntervals(2, &_mmi);
}
__die();

10
libc/log/oncrash.c
View file

@ -19,7 +19,6 @@
#include "libc/bits/weaken.h"
#include "libc/calls/calls.h"
#include "libc/calls/internal.h"
#include "libc/calls/issandboxed.h"
#include "libc/calls/sigbits.h"
#include "libc/calls/strace.internal.h"
#include "libc/calls/struct/sigaction.h"
@ -200,10 +199,8 @@ relegated void ShowCrashReport(int err, int sig, struct siginfo *si,
names.version[0] = 0;
names.nodename[0] = 0;
__stpcpy(host, "unknown");
if (!__issandboxed) {
gethostname(host, sizeof(host));
uname(&names);
}
gethostname(host, sizeof(host));
uname(&names);
p = buf;
errno = err;
kprintf("%n%serror%s: Uncaught %G (%s) on %s pid %d%n"
@ -292,8 +289,7 @@ relegated noinstrument void __oncrash(int sig, struct siginfo *si,
DebugBreak();
} else if (__nocolor || g_isrunningundermake) {
gdbpid = -1;
} else if (!IsTiny() && IsLinux() && FindDebugBinary() &&
!__issandboxed) {
} else if (!IsTiny() && IsLinux() && FindDebugBinary() && !__isworker) {
RestoreDefaultCrashSignalHandlers();
gdbpid = AttachDebugger(
((sig == SIGTRAP || sig == SIGQUIT) &&

3
libc/log/restoretty.c
View file

@ -17,7 +17,6 @@
PERFORMANCE OF THIS SOFTWARE.
*/
#include "libc/calls/calls.h"
#include "libc/calls/issandboxed.h"
#include "libc/calls/struct/termios.h"
#include "libc/calls/termios.h"
#include "libc/errno.h"
@ -52,7 +51,7 @@ const void *const g_oldtermios_ctor[] initarray = {
void __restore_tty(int fd) {
int e;
if (!__issandboxed) {
if (!__isworker) {
e = errno;
if (g_oldtermios.c_lflag && !__nocolor && isatty(fd)) {
write(fd, ANSI_RESTORE, strlen(ANSI_RESTORE));

2
libc/log/startfatal.c
View file

@ -28,7 +28,7 @@
*/
relegated void __start_fatal(const char *file, int line) {
__restore_tty(1);
kprintf("\r%serror%s:%s:%d:%s%s: ", !__nocolor ? "\e[J\e[30;101m" : "",
kprintf("%r%serror%s:%s:%d:%s%s: ", !__nocolor ? "\e[J\e[30;101m" : "",
!__nocolor ? "\e[94;49m" : "", file, line,
program_invocation_short_name, !__nocolor ? "\e[0m" : "");
}

3
libc/runtime/getsymboltable.c
View file

@ -19,7 +19,6 @@
#include "libc/assert.h"
#include "libc/bits/bits.h"
#include "libc/bits/weaken.h"
#include "libc/calls/issandboxed.h"
#include "libc/calls/strace.internal.h"
#include "libc/macros.internal.h"
#include "libc/runtime/runtime.h"
@ -118,7 +117,7 @@ static struct SymbolTable *GetSymbolTableFromElf(void) {
struct SymbolTable *GetSymbolTable(void) {
int ft, st;
struct Zipos *z;
if (!g_symtab && !__issandboxed) {
if (!g_symtab && !__isworker) {
ft = g_ftrace, g_ftrace = 0;
st = __strace, __strace = 0;
if (weaken(__zipos_get) && (z = weaken(__zipos_get)())) {

8
libc/runtime/mmap.c
View file

@ -228,8 +228,12 @@ static textwindows dontinline noasan void *MapMemories(char *addr, size_t size,
*/
noasan void *mmap(void *addr, size_t size, int prot, int flags, int fd,
int64_t off) {
STRACE("mmap(%p, %'zu, %s, %s, %d, %'ld) → ...", addr, size,
DescribeProtFlags(prot), DescribeMapFlags(flags), fd, off);
#if defined(SYSDEBUG) && (_KERNTRACE || _NTTRACE)
if (IsWindows()) {
STRACE("mmap(%p, %'zu, %s, %s, %d, %'ld) → ...", addr, size,
DescribeProtFlags(prot), DescribeMapFlags(flags), fd, off);
}
#endif
void *res;
char *p = addr;
struct DirectMap dm;

1
libc/runtime/runtime.h
View file

@ -39,6 +39,7 @@ extern uint8_t __zip_start[]; /* αpε */
extern uint8_t __zip_end[]; /* αpε */
extern bool ftrace_enabled;
extern size_t __virtualmax;
extern bool __isworker;
void mcount(void);
unsigned long getauxval(unsigned long);

31
libc/sock/asanmsghdr.c Normal file
View file

@ -0,0 +1,31 @@
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi
Copyright 2022 Justine Alexandra Roberts Tunney
Permission to use, copy, modify, and/or distribute this software for
any purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
*/
#include "libc/intrin/asan.internal.h"
#include "libc/sock/sock.h"
bool __asan_is_valid_msghdr(const struct msghdr *msg) {
if (!__asan_is_valid(msg, sizeof(struct msghdr))) return false;
if (msg->msg_name) {
if (!__asan_is_valid(msg->msg_name, msg->msg_namelen)) return false;
}
if (msg->msg_control) {
if (!__asan_is_valid(msg->msg_control, msg->msg_controllen)) return false;
}
return __asan_is_valid_iov(msg->msg_iov, msg->msg_iovlen);
}

1
libc/sock/internal.h
View file

@ -132,6 +132,7 @@ int sys_select_nt(int, fd_set *, fd_set *, fd_set *, struct timeval *) hidden;
int sys_shutdown_nt(struct Fd *, int) hidden;
int sys_setsockopt_nt(struct Fd *, int, int, const void *, uint32_t) hidden;
bool __asan_is_valid_msghdr(const struct msghdr *);
ssize_t sys_send_nt(int, const struct iovec *, size_t, uint32_t) hidden;
ssize_t sys_recv_nt(struct Fd *, const struct iovec *, size_t, uint32_t) hidden;
size_t __iovec2nt(struct NtIovec[hasatleast 16], const struct iovec *,

58
libc/sock/recvmsg.c
View file

@ -39,34 +39,58 @@
* @restartable (unless SO_RCVTIMEO)
*/
ssize_t recvmsg(int fd, struct msghdr *msg, int flags) {
ssize_t got;
if (!IsWindows()) {
ssize_t rc, got;
if (IsAsan() && !__asan_is_valid_msghdr(msg)) {
rc = efault();
} else if (!IsWindows()) {
got = sys_recvmsg(fd, msg, flags);
/* An address was provided, convert from BSD form */
// An address was provided, convert from BSD form
if (msg->msg_name && IsBsd() && got != -1) {
sockaddr2linux(msg->msg_name);
}
return got;
} else {
if (__isfdopen(fd)) {
if (msg->msg_control) return einval(); /* control msg not supported */
rc = got;
} else if (__isfdopen(fd)) {
if (!msg->msg_control) {
if (__isfdkind(fd, kFdSocket)) {
return sys_recvfrom_nt(&g_fds.p[fd], msg->msg_iov, msg->msg_iovlen,
flags, msg->msg_name, &msg->msg_namelen);
rc = sys_recvfrom_nt(&g_fds.p[fd], msg->msg_iov, msg->msg_iovlen, flags,
msg->msg_name, &msg->msg_namelen);
} else if (__isfdkind(fd, kFdFile) && !msg->msg_name) { /* socketpair */
if (flags) return einval();
if ((got = sys_read_nt(&g_fds.p[fd], msg->msg_iov, msg->msg_iovlen,
-1)) != -1) {
msg->msg_flags = 0;
return got;
if (!flags) {
if ((got = sys_read_nt(&g_fds.p[fd], msg->msg_iov, msg->msg_iovlen,
-1)) != -1) {
msg->msg_flags = 0;
rc = got;
} else {
rc = -1;
}
} else {
return -1;
rc = einval(); // flags not supported on nt
}
} else {
return enotsock();
rc = enotsock();
}
} else {
return ebadf();
rc = einval(); // control msg not supported on nt
}
} else {
rc = ebadf();
}
#if defined(SYSDEBUG) && _DATATRACE
if (__strace > 0) {
if (!msg || (rc == -1 && errno == EFAULT)) {
DATATRACE("recvmsg(%d, %p, %#x) → %'ld% m", fd, msg, flags, rc);
} else {
kprintf(STRACE_PROLOGUE "recvmsg(%d, [{");
if (msg->msg_namelen)
kprintf(".name=%#.*hhs, ", msg->msg_namelen, msg->msg_name);
if (msg->msg_controllen)
kprintf(".control=%#.*hhs, ", msg->msg_controllen, msg->msg_control);
if (msg->msg_flags) kprintf(".flags=%#x, ", msg->msg_flags);
kprintf(".iov=", fd);
__strace_iov(msg->msg_iov, msg->msg_iovlen, rc != -1 ? rc : 0);
kprintf("}], %#x) → %'ld% m%n", flags, rc);
}
}
#endif
return rc;
}

73
libc/sock/sendmsg.c
View file

@ -18,8 +18,11 @@
*/
#include "libc/assert.h"
#include "libc/calls/internal.h"
#include "libc/calls/strace.internal.h"
#include "libc/calls/struct/iovec.h"
#include "libc/dce.h"
#include "libc/intrin/asan.internal.h"
#include "libc/intrin/kprintf.h"
#include "libc/sock/internal.h"
#include "libc/sock/sock.h"
#include "libc/str/str.h"
@ -39,35 +42,57 @@
* @restartable (unless SO_RCVTIMEO)
*/
ssize_t sendmsg(int fd, const struct msghdr *msg, int flags) {
if (!IsWindows()) {
int64_t rc;
char addr2[128];
struct msghdr msg2;
if (IsAsan() && !__asan_is_valid_msghdr(msg)) {
rc = efault();
} else if (!IsWindows()) {
if (IsBsd() && msg->msg_name) {
/* An optional address is provided, convert it to the BSD form */
char addr2[128];
struct msghdr msg2;
if (msg->msg_namelen > sizeof(addr2)) return einval();
memcpy(&addr2[0], msg->msg_name, msg->msg_namelen);
sockaddr2bsd(&addr2[0]);
/* Copy all of msg (except for msg_name) into the new ephemeral local */
memcpy(&msg2, msg, sizeof(msg2));
msg2.msg_name = &addr2[0];
return sys_sendmsg(fd, &msg2, flags);
if (msg->msg_namelen <= sizeof(addr2)) {
memcpy(&addr2[0], msg->msg_name, msg->msg_namelen);
sockaddr2bsd(&addr2[0]);
/* Copy all of msg (except for msg_name) into the new ephemeral local */
memcpy(&msg2, msg, sizeof(msg2));
msg2.msg_name = &addr2[0];
rc = sys_sendmsg(fd, &msg2, flags);
} else {
rc = einval();
}
}
/* else do the syscall */
return sys_sendmsg(fd, msg, flags);
} else {
if (__isfdopen(fd)) {
if (msg->msg_control) return einval(); /* control msg not supported */
if (__isfdkind(fd, kFdSocket)) {
return sys_sendto_nt(fd, msg->msg_iov, msg->msg_iovlen, flags,
msg->msg_name, msg->msg_namelen);
} else if (__isfdkind(fd, kFdFile)) {
return sys_write_nt(fd, msg->msg_iov, msg->msg_iovlen, -1);
} else {
return enotsock();
}
rc = sys_sendmsg(fd, msg, flags);
} else if (__isfdopen(fd)) {
if (msg->msg_control) {
rc = einval(); /* control msg not supported */
} else if (__isfdkind(fd, kFdSocket)) {
rc = sys_sendto_nt(fd, msg->msg_iov, msg->msg_iovlen, flags,
msg->msg_name, msg->msg_namelen);
} else if (__isfdkind(fd, kFdFile)) {
rc = sys_write_nt(fd, msg->msg_iov, msg->msg_iovlen, -1);
} else {
return ebadf();
rc = enotsock();
}
} else {
rc = ebadf();
}
#if defined(SYSDEBUG) && _DATATRACE
if (__strace > 0) {
if (!msg || (rc == -1 && errno == EFAULT)) {
DATATRACE("sendmsg(%d, %p, %#x) → %'ld% m", fd, msg, flags, rc);
} else {
kprintf(STRACE_PROLOGUE "sendmsg(%d, {");
if (msg->msg_namelen)
kprintf(".name=%#.*hhs, ", msg->msg_namelen, msg->msg_name);
if (msg->msg_controllen)
kprintf(".control=%#.*hhs, ", msg->msg_controllen, msg->msg_control);
if (msg->msg_flags) kprintf(".flags=%#x, ", msg->msg_flags);
kprintf(".iov=", fd);
__strace_iov(msg->msg_iov, msg->msg_iovlen, rc != -1 ? rc : 0);
kprintf("}, %#x) → %'ld% m%n", flags, rc);
}
}
#endif
return rc;
}

19
libc/sock/syslog.c
View file

@ -50,7 +50,12 @@ static int log_mask;
static uint16_t log_id; /* Used for Windows EvtID */
static int64_t log_fd = -1;
static const struct sockaddr_un log_addr = {AF_UNIX, "/dev/log"};
static const char *const kLogPaths[] = {
"/dev/log",
// "/var/run/log", // TODO: Help with XNU and FreeBSD.
};
static struct sockaddr_un log_addr = {AF_UNIX, "/dev/log"};
static int64_t Time(int64_t *tp) {
struct timespec ts;
@ -73,16 +78,20 @@ forceinline int is_lost_conn(int e) {
}
static void __openlog() {
int i;
if (IsWindows()) {
log_fd = RegisterEventSource(NULL, log_ident);
} else {
log_fd = socket(AF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (log_fd >= 0) {
int rc = connect(log_fd, (void *)&log_addr, sizeof(log_addr));
if (rc < 0) {
printf("ERR: connect(openlog) failed: %s (errno=%d)\n", strerror(errno),
errno);
for (i = 0; i < ARRAYLEN(kLogPaths); ++i) {
strcpy(log_addr.sun_path, kLogPaths[i]);
if (!connect(log_fd, (void *)&log_addr, sizeof(log_addr))) {
return;
}
}
printf("ERR: connect(openlog) failed: %s (errno=%d)\n", strerror(errno),
errno);
}
}
}

4
libc/sock/syslog.h
View file

@ -1,11 +1,9 @@
#ifndef COSMOPOLITAN_LIBC_SOCK_SYSLOG_H_
#define COSMOPOLITAN_LIBC_SOCK_SYSLOG_H_
#if !(__ASSEMBLER__ + __LINKER__ + 0)
COSMOPOLITAN_C_START_
#define LOG_PRI(p) ((p) & LOG_PRIMASK)
#define LOG_PRI(p) (LOG_PRIMASK & (p))
int setlogmask(int);
void openlog(const char *, int, int);

38
libc/sysv/consts.sh
View file

@ -3308,42 +3308,4 @@ syscon misc ETH_P_RARP 0x8035 0 0 0 0 0
syscon misc ETH_P_SCA 0x6007 0 0 0 0 0
syscon misc ETH_P_WAN_PPP 7 0 0 0 0 0
syscon log LOG_EMERG 0 0 0 0 0 0 # consensus
syscon log LOG_KERN 0 0 0 0 0 0 # consensus
syscon log LOG_ALERT 1 1 1 1 1 1 # unix consensus
syscon log LOG_PID 1 1 1 1 1 1 # unix consensus
syscon log LOG_CONS 2 2 2 2 2 2 # unix consensus
syscon log LOG_CRIT 2 2 2 2 2 2 # unix consensus
syscon log LOG_ERR 3 3 3 3 3 3 # unix consensus
syscon log LOG_ODELAY 4 4 4 4 4 4 # unix consensus
syscon log LOG_WARNING 4 4 4 4 4 4 # unix consensus
syscon log LOG_NOTICE 5 5 5 5 5 5 # unix consensus
syscon log LOG_INFO 6 6 6 6 6 6 # unix consensus
syscon log LOG_DEBUG 7 7 7 7 7 7 # unix consensus
syscon log LOG_PRIMASK 7 7 7 7 7 7 # unix consensus
syscon log LOG_NDELAY 8 8 8 8 8 8 # unix consensus
syscon log LOG_USER 8 8 8 8 8 8 # unix consensus
syscon log LOG_MAIL 0x10 0x10 0x10 0x10 0x10 0x10 # unix consensus
syscon log LOG_NOWAIT 0x10 0x10 0x10 0x10 0x10 0x10 # unix consensus
syscon log LOG_DAEMON 24 24 24 24 24 24 # unix consensus
syscon log LOG_NFACILITIES 24 25 24 24 24 24
syscon log LOG_AUTH 0x20 0x20 0x20 0x20 0x20 0x20 # unix consensus
syscon log LOG_PERROR 0x20 0x20 0x20 0x20 0x20 0x20 # unix consensus
syscon log LOG_SYSLOG 40 40 40 40 40 40 # unix consensus
syscon log LOG_LPR 48 48 48 48 48 48 # unix consensus
syscon log LOG_NEWS 56 56 56 56 56 56 # unix consensus
syscon log LOG_UUCP 0x40 0x40 0x40 0x40 0x40 40 # unix consensus
syscon log LOG_CRON 72 72 72 72 72 72 # unix consensus
syscon log LOG_SELECT 76 0 0 0 0 0
syscon log LOG_SENSE 77 0 0 0 0 0
syscon log LOG_LOCAL0 0x80 0x80 0x80 0x80 0x80 0x80 # unix consensus
syscon log LOG_LOCAL1 136 136 136 136 136 136 # unix consensus
syscon log LOG_LOCAL2 144 144 144 144 144 144 # unix consensus
syscon log LOG_LOCAL3 152 152 152 152 152 152 # unix consensus
syscon log LOG_LOCAL4 160 160 160 160 160 160 # unix consensus
syscon log LOG_LOCAL5 168 168 168 168 168 168 # unix consensus
syscon log LOG_LOCAL6 176 176 176 176 176 176 # unix consensus
syscon log LOG_LOCAL7 184 184 184 184 184 184 # unix consensus
syscon log LOG_FACMASK 0x03f8 0x03f8 0x03f8 0x03f8 0x03f8 0x03f8 # unix consensus
# https://youtu.be/GUQUD3IMbb4?t=85

2
libc/sysv/consts/LOG_ALERT.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_ALERT,1,1,1,1,1,1

2
libc/sysv/consts/LOG_AUTH.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_AUTH,0x20,0x20,0x20,0x20,0x20,0x20

2
libc/sysv/consts/LOG_CONS.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_CONS,2,2,2,2,2,2

2
libc/sysv/consts/LOG_CRIT.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_CRIT,2,2,2,2,2,2

2
libc/sysv/consts/LOG_CRON.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_CRON,72,72,72,72,72,72

2
libc/sysv/consts/LOG_DAEMON.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_DAEMON,24,24,24,24,24,24

2
libc/sysv/consts/LOG_DEBUG.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_DEBUG,7,7,7,7,7,7

2
libc/sysv/consts/LOG_EMERG.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_EMERG,0,0,0,0,0,0

2
libc/sysv/consts/LOG_ERR.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_ERR,3,3,3,3,3,3

2
libc/sysv/consts/LOG_FACMASK.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_FACMASK,0x03f8,0x03f8,0x03f8,0x03f8,0x03f8,0x03f8

2
libc/sysv/consts/LOG_INFO.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_INFO,6,6,6,6,6,6

2
libc/sysv/consts/LOG_KERN.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_KERN,0,0,0,0,0,0

2
libc/sysv/consts/LOG_LOCAL0.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_LOCAL0,0x80,0x80,0x80,0x80,0x80,0x80

2
libc/sysv/consts/LOG_LOCAL1.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_LOCAL1,136,136,136,136,136,136

2
libc/sysv/consts/LOG_LOCAL2.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_LOCAL2,144,144,144,144,144,144

2
libc/sysv/consts/LOG_LOCAL3.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_LOCAL3,152,152,152,152,152,152

2
libc/sysv/consts/LOG_LOCAL4.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_LOCAL4,160,160,160,160,160,160

2
libc/sysv/consts/LOG_LOCAL5.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_LOCAL5,168,168,168,168,168,168

2
libc/sysv/consts/LOG_LOCAL6.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_LOCAL6,176,176,176,176,176,176

2
libc/sysv/consts/LOG_LOCAL7.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_LOCAL7,184,184,184,184,184,184

2
libc/sysv/consts/LOG_LPR.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_LPR,48,48,48,48,48,48

2
libc/sysv/consts/LOG_MAIL.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_MAIL,0x10,0x10,0x10,0x10,0x10,0x10

2
libc/sysv/consts/LOG_NDELAY.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_NDELAY,8,8,8,8,8,8

2
libc/sysv/consts/LOG_NEWS.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_NEWS,56,56,56,56,56,56

2
libc/sysv/consts/LOG_NFACILITIES.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_NFACILITIES,24,25,24,24,24,24

2
libc/sysv/consts/LOG_NOTICE.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_NOTICE,5,5,5,5,5,5

2
libc/sysv/consts/LOG_NOWAIT.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_NOWAIT,0x10,0x10,0x10,0x10,0x10,0x10

2
libc/sysv/consts/LOG_ODELAY.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_ODELAY,4,4,4,4,4,4

2
libc/sysv/consts/LOG_PERROR.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_PERROR,0x20,0x20,0x20,0x20,0x20,0x20

2
libc/sysv/consts/LOG_PID.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_PID,1,1,1,1,1,1

2
libc/sysv/consts/LOG_PRIMASK.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_PRIMASK,7,7,7,7,7,7

2
libc/sysv/consts/LOG_SELECT.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_SELECT,76,0,0,0,0,0

2
libc/sysv/consts/LOG_SENSE.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_SENSE,77,0,0,0,0,0

2
libc/sysv/consts/LOG_SYSLOG.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_SYSLOG,40,40,40,40,40,40

2
libc/sysv/consts/LOG_USER.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_USER,8,8,8,8,8,8

2
libc/sysv/consts/LOG_UUCP.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_UUCP,0x40,0x40,0x40,0x40,0x40,40

2
libc/sysv/consts/LOG_WARNING.S
View file

@ -1,2 +0,0 @@
#include "libc/sysv/consts/syscon.internal.h"
.syscon log,LOG_WARNING,4,4,4,4,4,4

13
libc/sysv/consts/audit.h Normal file
View file

@ -0,0 +1,13 @@
#ifndef COSMOPOLITAN_LIBC_SYSV_CONSTS_AUDIT_H_
#define COSMOPOLITAN_LIBC_SYSV_CONSTS_AUDIT_H_
#include "libc/elf/def.h"
#define __AUDIT_ARCH_64BIT 0x80000000
#define __AUDIT_ARCH_LE 0x40000000
#define __AUDIT_ARCH_CONVENTION_MASK 0x30000000
#define __AUDIT_ARCH_CONVENTION_MIPS64_N32 0x20000000
#define AUDIT_ARCH_X86_64 (EM_X86_64 | __AUDIT_ARCH_64BIT | __AUDIT_ARCH_LE)
#define AUDIT_ARCH_I386 (EM_386 | __AUDIT_ARCH_LE)
#endif /* COSMOPOLITAN_LIBC_SYSV_CONSTS_AUDIT_H_ */

126
libc/sysv/consts/log.h
View file

@ -1,93 +1,45 @@
#ifndef COSMOPOLITAN_LIBC_SYSV_CONSTS_LOG_H_
#define COSMOPOLITAN_LIBC_SYSV_CONSTS_LOG_H_
#include "libc/runtime/symbolic.h"
#define LOG_ALERT SYMBOLIC(LOG_ALERT)
#define LOG_AUTH SYMBOLIC(LOG_AUTH)
#define LOG_CONS SYMBOLIC(LOG_CONS)
#define LOG_CRIT SYMBOLIC(LOG_CRIT)
#define LOG_CRON SYMBOLIC(LOG_CRON)
#define LOG_DAEMON SYMBOLIC(LOG_DAEMON)
#define LOG_DEBUG SYMBOLIC(LOG_DEBUG)
#define LOG_EMERG SYMBOLIC(LOG_EMERG)
#define LOG_ERR SYMBOLIC(LOG_ERR)
#define LOG_FACMASK SYMBOLIC(LOG_FACMASK)
#define LOG_INFO SYMBOLIC(LOG_INFO)
#define LOG_KERN SYMBOLIC(LOG_KERN)
#define LOG_LOCAL0 SYMBOLIC(LOG_LOCAL0)
#define LOG_LOCAL1 SYMBOLIC(LOG_LOCAL1)
#define LOG_LOCAL2 SYMBOLIC(LOG_LOCAL2)
#define LOG_LOCAL3 SYMBOLIC(LOG_LOCAL3)
#define LOG_LOCAL4 SYMBOLIC(LOG_LOCAL4)
#define LOG_LOCAL5 SYMBOLIC(LOG_LOCAL5)
#define LOG_LOCAL6 SYMBOLIC(LOG_LOCAL6)
#define LOG_LOCAL7 SYMBOLIC(LOG_LOCAL7)
#define LOG_LPR SYMBOLIC(LOG_LPR)
#define LOG_MAIL SYMBOLIC(LOG_MAIL)
#define LOG_NDELAY SYMBOLIC(LOG_NDELAY)
#define LOG_NEWS SYMBOLIC(LOG_NEWS)
#define LOG_NFACILITIES SYMBOLIC(LOG_NFACILITIES)
#define LOG_NOTICE SYMBOLIC(LOG_NOTICE)
#define LOG_NOWAIT SYMBOLIC(LOG_NOWAIT)
#define LOG_ODELAY SYMBOLIC(LOG_ODELAY)
#define LOG_PERROR SYMBOLIC(LOG_PERROR)
#define LOG_PID SYMBOLIC(LOG_PID)
#define LOG_PRIMASK SYMBOLIC(LOG_PRIMASK)
#define LOG_SELECT SYMBOLIC(LOG_SELECT)
#define LOG_SENSE SYMBOLIC(LOG_SENSE)
#define LOG_SYSLOG SYMBOLIC(LOG_SYSLOG)
#define LOG_USER SYMBOLIC(LOG_USER)
#define LOG_UUCP SYMBOLIC(LOG_UUCP)
#define LOG_WARNING SYMBOLIC(LOG_WARNING)
#define LOG_MASK(pri) (1 << (pri))
#define LOG_UPTO(pri) ((1 << ((pri) + 1)) - 1)
/*
* arguments to setlogmask.
*/
#define LOG_MASK(pri) (1 << (pri)) /* mask for one priority */
#define LOG_UPTO(pri) ((1 << ((pri)+1)) - 1) /* all priorities through pri */
#define LOG_EMERG 0
#define LOG_KERN 0
#define LOG_ALERT 1
#define LOG_PID 1
#define LOG_CONS 2
#define LOG_CRIT 2
#define LOG_ERR 3
#define LOG_ODELAY 4
#define LOG_WARNING 4
#define LOG_NOTICE 5
#define LOG_INFO 6
#define LOG_DEBUG 7
#define LOG_PRIMASK 7
#define LOG_NDELAY 8
#define LOG_USER 8
#define LOG_MAIL 16
#define LOG_NOWAIT 16
#define LOG_DAEMON 24
#define LOG_NFACILITIES 24
#define LOG_AUTH 32
#define LOG_PERROR 32
#define LOG_SYSLOG 40
#define LOG_LPR 48
#define LOG_NEWS 56
#define LOG_UUCP 64
#define LOG_CRON 72
#define LOG_SELECT 76
#define LOG_SENSE 77
#define LOG_LOCAL0 128
#define LOG_LOCAL1 136
#define LOG_LOCAL2 144
#define LOG_LOCAL3 152
#define LOG_LOCAL4 160
#define LOG_LOCAL5 168
#define LOG_LOCAL6 176
#define LOG_LOCAL7 184
#define LOG_FACMASK 0x03f8
#if !(__ASSEMBLER__ + __LINKER__ + 0)
COSMOPOLITAN_C_START_
extern const long LOG_ALERT;
extern const long LOG_AUTH;
extern const long LOG_CONS;
extern const long LOG_CRIT;
extern const long LOG_CRON;
extern const long LOG_DAEMON;
extern const long LOG_DEBUG;
extern const long LOG_EMERG;
extern const long LOG_ERR;
extern const long LOG_FACMASK;
extern const long LOG_INFO;
extern const long LOG_KERN;
extern const long LOG_LOCAL0;
extern const long LOG_LOCAL1;
extern const long LOG_LOCAL2;
extern const long LOG_LOCAL3;
extern const long LOG_LOCAL4;
extern const long LOG_LOCAL5;
extern const long LOG_LOCAL6;
extern const long LOG_LOCAL7;
extern const long LOG_LPR;
extern const long LOG_MAIL;
extern const long LOG_NDELAY;
extern const long LOG_NEWS;
extern const long LOG_NFACILITIES;
extern const long LOG_NOTICE;
extern const long LOG_NOWAIT;
extern const long LOG_ODELAY;
extern const long LOG_PERROR;
extern const long LOG_PID;
extern const long LOG_PRIMASK;
extern const long LOG_SELECT;
extern const long LOG_SENSE;
extern const long LOG_SYSLOG;
extern const long LOG_USER;
extern const long LOG_UUCP;
extern const long LOG_WARNING;
COSMOPOLITAN_C_END_
#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
#endif /* COSMOPOLITAN_LIBC_SYSV_CONSTS_LOG_H_ */

5
libc/sysv/consts/pr.h
View file

@ -7,6 +7,9 @@
#define SECCOMP_MODE_STRICT 1
#define SECCOMP_MODE_FILTER 2
#define PR_SET_NO_NEW_PRIVS 38
#define PR_GET_NO_NEW_PRIVS 39
#define PR_SET_NAME 15
#define PR_GET_NAME 0x10
@ -85,8 +88,6 @@
#define PR_SET_MM 35
#define PR_SET_CHILD_SUBREAPER 36
#define PR_GET_CHILD_SUBREAPER 37
#define PR_SET_NO_NEW_PRIVS 38
#define PR_GET_NO_NEW_PRIVS 39
#define PR_GET_TID_ADDRESS 40
#define PR_SET_THP_DISABLE 41
#define PR_GET_THP_DISABLE 42

29
libc/sysv/consts/seccomp.h
View file

@ -1,29 +0,0 @@
#ifndef COSMOPOLITAN_LIBC_SYSV_CONSTS_SECCOMP_H_
#define COSMOPOLITAN_LIBC_SYSV_CONSTS_SECCOMP_H_
#define SECCOMP_SET_MODE_STRICT 0
#define SECCOMP_SET_MODE_FILTER 1
#define SECCOMP_GET_ACTION_AVAIL 2
#define SECCOMP_GET_NOTIF_SIZES 3
#define SECCOMP_FILTER_FLAG_TSYNC (1UL << 0)
#define SECCOMP_FILTER_FLAG_LOG (1UL << 1)
#define SECCOMP_FILTER_FLAG_SPEC_ALLOW (1UL << 2)
#define SECCOMP_FILTER_FLAG_NEW_LISTENER (1UL << 3)
#define SECCOMP_FILTER_FLAG_TSYNC_ESRCH (1UL << 4)
#define SECCOMP_RET_KILL_PROCESS 0x80000000U
#define SECCOMP_RET_KILL_THREAD 0x00000000U
#define SECCOMP_RET_KILL SECCOMP_RET_KILL_THREAD
#define SECCOMP_RET_TRAP 0x00030000U
#define SECCOMP_RET_ERRNO 0x00050000U
#define SECCOMP_RET_USER_NOTIF 0x7fc00000U
#define SECCOMP_RET_TRACE 0x7ff00000U
#define SECCOMP_RET_LOG 0x7ffc0000U
#define SECCOMP_RET_ALLOW 0x7fff0000U
#define SECCOMP_RET_ACTION_FULL 0xffff0000U
#define SECCOMP_RET_ACTION 0x7fff0000U
#define SECCOMP_RET_DATA 0x0000ffffU
#define SECCOMP_USER_NOTIF_FLAG_CONTINUE (1UL << 0)
#define SECCOMP_ADDFD_FLAG_SETFD (1UL << 0)
#define SECCOMP_ADDFD_FLAG_SEND (1UL << 1)
#endif /* COSMOPOLITAN_LIBC_SYSV_CONSTS_SECCOMP_H_ */

2
libc/sysv/syscalls.sh
View file

@ -47,7 +47,7 @@ scall sys_lseek 0x0c70c71de20c7008 globl hidden # netbsd+openbsd:evilpad
scall __sys_mmap 0x0c50c51dd20c5009 globl hidden # netbsd+openbsd:pad
scall sys_msync 0x115100041204101a globl hidden
scall sys_mprotect 0x04a04a04a204a00a globl hidden
scall __sys_munmap 0x049049049204900b globl hidden
scall __sys_munmap 0x049049049204090b globl hidden
scall sys_sigaction 0x15402e1a0202e00d globl hidden # rt_sigaction on Lunix; it's complicated on NetBSD
scall sys_sigprocmask 0x125030154214900e globl hidden # a.k.a. rt_sigprocmask, openbsd:byvalue, a.k.a. pthread_sigmask
scall sys_ioctl 0x0360360362036010 globl hidden

5
libc/testlib/showerror.c
View file

@ -64,8 +64,9 @@ testonly void testlib_showerror_(int line, const char *wantcode,
e = errno;
if (!IsWindows()) __getpid();
if (!IsWindows()) __getpid();
__stpcpy(hostname, "unknown");
gethostname(hostname, sizeof(hostname));
if (gethostname(hostname, sizeof(hostname))) {
__stpcpy(hostname, "unknown");
}
kprintf("%serror%s:%s%s:%d%s: %s(%s) on %s\n"
"\t%s(%s, %s)\n",
RED2, UNBOLD, BLUE1, testlib_showerror_file, line, RESET,