diff --git a/libc/calls/struct/utsname-netbsd.internal.h b/libc/calls/struct/utsname-netbsd.internal.h new file mode 100644 index 000000000..811f79c18 --- /dev/null +++ b/libc/calls/struct/utsname-netbsd.internal.h @@ -0,0 +1,16 @@ +#ifndef COSMOPOLITAN_LIBC_CALLS_STRUCT_UTSNAME_NETBSD_INTERNAL_H_ +#define COSMOPOLITAN_LIBC_CALLS_STRUCT_UTSNAME_NETBSD_INTERNAL_H_ +#if !(__ASSEMBLER__ + __LINKER__ + 0) +COSMOPOLITAN_C_START_ + +struct utsname_netbsd { + char sysname[256]; /* name of os */ + char nodename[256]; /* name of network node */ + char release[256]; /* release level */ + char version[256]; /* version level */ + char machine[256]; /* hardware type */ +}; + +COSMOPOLITAN_C_END_ +#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */ +#endif /* COSMOPOLITAN_LIBC_CALLS_STRUCT_UTSNAME_NETBSD_INTERNAL_H_ */ diff --git a/libc/calls/syscall-sysv.internal.h b/libc/calls/syscall-sysv.internal.h index 962a38d6b..516346add 100644 --- a/libc/calls/syscall-sysv.internal.h +++ b/libc/calls/syscall-sysv.internal.h @@ -96,7 +96,7 @@ i32 sys_sync_file_range(i32, i64, i64, u32) hidden; i32 sys_tgkill(i32, i32, i32) hidden; i32 sys_tkill(i32, i32, void *) hidden; i32 sys_truncate(const char *, u64, u64) hidden; -i32 sys_uname(char *) hidden; +i32 sys_uname(void *) hidden; i32 sys_unlinkat(i32, const char *, i32) hidden; i32 sys_unveil(const char *, const char *) hidden; i64 sys_copy_file_range(i32, long *, i32, long *, u64, u32) hidden; diff --git a/libc/calls/touch.c b/libc/calls/touch.c index ba27bff31..1106b6321 100644 --- a/libc/calls/touch.c +++ b/libc/calls/touch.c @@ -32,7 +32,7 @@ int touch(const char *file, uint32_t mode) { int rc, fd, olderr; olderr = errno; - if ((rc = utimes(file, NULL)) == -1 && errno == ENOENT) { + if ((rc = utimes(file, 0)) == -1 && errno == ENOENT) { errno = olderr; if ((fd = open(file, O_CREAT | O_WRONLY, mode)) == -1) return -1; return close(fd); diff --git a/libc/calls/uname.c b/libc/calls/uname.c index 24f88ff51..416ae3878 100644 --- a/libc/calls/uname.c +++ b/libc/calls/uname.c @@ -19,6 +19,7 @@ #include "libc/bits/weaken.h" #include "libc/calls/calls.h" #include "libc/calls/strace.internal.h" +#include "libc/calls/struct/utsname-netbsd.internal.h" #include "libc/calls/struct/utsname.h" #include "libc/calls/syscall-sysv.internal.h" #include "libc/calls/syscall_support-sysv.internal.h" @@ -52,14 +53,14 @@ int uname(struct utsname *lool) { int rc; char *out, *p; size_t i, j, len; - char tmp[sizeof(struct utsname)]; if (!lool) return efault(); if (!lool || (IsAsan() && !__asan_is_valid(lool, sizeof(*lool)))) { rc = efault(); } else { - bzero(tmp, sizeof(tmp)); if (!IsWindows()) { if (IsLinux() || IsFreebsd()) { + char tmp[sizeof(struct utsname)]; + bzero(tmp, sizeof(tmp)); if ((rc = sys_uname(tmp)) != -1) { out = (char *)lool; for (i = j = 0;;) { diff --git a/libc/intrin/promises.internal.h b/libc/intrin/promises.internal.h index ccb0584f2..94ca50f29 100644 --- a/libc/intrin/promises.internal.h +++ b/libc/intrin/promises.internal.h @@ -21,6 +21,7 @@ #define PROMISE_SETTIME 17 #define PROMISE_PROT_EXEC 18 #define PROMISE_VMINFO 19 +#define PROMISE_TMPPATH 20 #define PLEDGED(x) ((~__promises >> PROMISE_##x) & 1) diff --git a/libc/mem/pledge.c b/libc/mem/pledge.c index 60e5d4ed0..83f04750e 100644 --- a/libc/mem/pledge.c +++ b/libc/mem/pledge.c @@ -44,15 +44,16 @@ #include "libc/sysv/consts/prot.h" #include "libc/sysv/errfuns.h" -#define READONLY 0x8000 -#define WRITEONLY 0x4000 -#define INET 0x8000 -#define UNIX 0x4000 #define ADDRLESS 0x2000 +#define INET 0x8000 #define LOCK 0x8000 -#define TTY 0x8000 #define NOEXEC 0x8000 +#define READONLY 0x8000 +#define STDIO 0x8000 #define THREAD 0x8000 +#define TTY 0x8000 +#define UNIX 0x4000 +#define WRITEONLY 0x4000 // TODO(jart): fix chibicc #ifdef __chibicc__ @@ -137,6 +138,7 @@ static const uint16_t kPledgeLinuxStdio[] = { __NR_linux_brk, // __NR_linux_msync, // __NR_linux_mmap | NOEXEC, // + __NR_linux_mremap, // __NR_linux_munmap, // __NR_linux_mincore, // __NR_linux_madvise, // @@ -186,6 +188,7 @@ static const uint16_t kPledgeLinuxStdio[] = { __NR_linux_futex, // __NR_linux_set_robust_list, // __NR_linux_get_robust_list, // + __NR_linux_prlimit | STDIO, // }; static const uint16_t kPledgeLinuxFlock[] = { @@ -373,9 +376,21 @@ static const uint16_t kPledgeLinuxUnveil[] = { }; // placeholder group +// // pledge.com checks this to do auto-unveiling static const uint16_t kPledgeLinuxVminfo[] = { - __NR_linux_openat | READONLY, // + __NR_linux_sched_yield, // +}; + +// placeholder group +// +// pledge.com uses this to auto-unveil /tmp and $TMPPATH with rwc +// permissions. pledge() alone (without unveil() too) offers very +// little security here. consider using them together. +static const uint16_t kPledgeLinuxTmppath[] = { + __NR_linux_lstat, // + __NR_linux_unlink, // + __NR_linux_unlinkat, // }; static const struct Pledges { @@ -403,6 +418,7 @@ static const struct Pledges { [PROMISE_SETTIME] = {"settime", PLEDGE(kPledgeLinuxSettime)}, // [PROMISE_PROT_EXEC] = {"prot_exec", PLEDGE(kPledgeLinuxProtExec)}, // [PROMISE_VMINFO] = {"vminfo", PLEDGE(kPledgeLinuxVminfo)}, // + [PROMISE_TMPPATH] = {"tmppath", PLEDGE(kPledgeLinuxTmppath)}, // }; static const struct sock_filter kFilterStart[] = { @@ -548,26 +564,30 @@ static bool AllowIoctl(struct Filter *f) { // - TIOCSPGRP (0x5410) // - TIOCGPGRP (0x540f) // - TIOCSWINSZ (0x5414) -// - TIOCSBRK (0x5427) // - TCFLSH (0x540b) +// - TCXONC (0x540a) +// - TCSBRK (0x5409) +// - TIOCSBRK (0x5427) // static bool AllowIoctlTty(struct Filter *f) { static const struct sock_filter fragment[] = { - /* L0*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_linux_ioctl, 0, 14 - 1), + /* L0*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_linux_ioctl, 0, 16 - 1), /* L1*/ BPF_STMT(BPF_LD | BPF_W | BPF_ABS, OFF(args[1])), - /* L2*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5401, 12 - 3, 0), - /* L3*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5402, 12 - 4, 0), - /* L4*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5403, 12 - 5, 0), - /* L5*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5404, 12 - 6, 0), - /* L6*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5413, 12 - 7, 0), - /* L7*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5410, 12 - 8, 0), - /* L8*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x540f, 12 - 9, 0), - /* L9*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5414, 12 - 10, 0), - /*L10*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x540b, 12 - 11, 0), - /*L11*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5427, 0, 13 - 12), - /*L12*/ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW), - /*L13*/ BPF_STMT(BPF_LD | BPF_W | BPF_ABS, OFF(nr)), - /*L14*/ /* next filter */ + /* L2*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5401, 14 - 3, 0), + /* L3*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5402, 14 - 4, 0), + /* L4*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5403, 14 - 5, 0), + /* L5*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5404, 14 - 6, 0), + /* L6*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5413, 14 - 7, 0), + /* L7*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5410, 14 - 8, 0), + /* L8*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x540f, 14 - 9, 0), + /* L9*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5414, 14 - 10, 0), + /*L10*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x540b, 14 - 11, 0), + /*L11*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x540a, 14 - 12, 0), + /*L12*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5409, 14 - 13, 0), + /*L13*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x5427, 0, 1), + /*L14*/ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW), + /*L15*/ BPF_STMT(BPF_LD | BPF_W | BPF_ABS, OFF(nr)), + /*L16*/ /* next filter */ }; return AppendFilter(f, PLEDGE(fragment)); } @@ -1099,6 +1119,24 @@ static bool AllowFchmodat(struct Filter *f) { return AppendFilter(f, PLEDGE(fragment)); } +// The new_limit parameter of prlimit() must be +// +// - NULL (0) +// +static bool AllowPrlimitStdio(struct Filter *f) { + static const struct sock_filter fragment[] = { + /*L0*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_linux_prlimit, 0, 7 - 1), + /*L1*/ BPF_STMT(BPF_LD | BPF_W | BPF_ABS, OFF(args[2])), + /*L2*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, 0, 6 - 3), + /*L3*/ BPF_STMT(BPF_LD | BPF_W | BPF_ABS, OFF(args[2]) + 4), + /*L4*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, 0, 6 - 5), + /*L5*/ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW), + /*L6*/ BPF_STMT(BPF_LD | BPF_W | BPF_ABS, OFF(nr)), + /*L7*/ /* next filter */ + }; + return AppendFilter(f, PLEDGE(fragment)); +} + static bool AppendPledge(struct Filter *f, const uint16_t *p, size_t len) { int i; for (i = 0; i < len; ++i) { @@ -1178,6 +1216,9 @@ static bool AppendPledge(struct Filter *f, const uint16_t *p, size_t len) { case __NR_linux_clone | THREAD: if (!AllowCloneThread(f)) return false; break; + case __NR_linux_prlimit | STDIO: + if (!AllowPrlimitStdio(f)) return false; + break; default: assert(~p[i] & ~0xfff); if (!AllowSyscall(f, p[i])) return false; @@ -1314,11 +1355,11 @@ int ParsePromises(const char *promises, unsigned long *out) { * getgid, getgroups, times, getrusage, getitimer, getpgid, getpgrp, * getpid, getppid, getresgid, getresuid, getrlimit, getsid, wait4, * gettimeofday, getuid, lseek, madvise, brk, arch_prctl, uname, - * set_tid_address, clock_getres, clock_gettime, clock_nanosleep, mmap - * (PROT_EXEC and weird flags aren't allowed), mprotect (PROT_EXEC - * isn't allowed), msync, sync_file_range, migrate_pages, munmap, - * nanosleep, pipe, pipe2, read, readv, pread, recv, poll, recvfrom, - * preadv, write, writev, pwrite, pwritev, select, pselect6, + * set_tid_address, clock_getres, clock_gettime, clock_nanosleep, + * mremap, mmap, (PROT_EXEC and weird flags aren't allowed), mprotect + * (PROT_EXEC isn't allowed), msync, sync_file_range, migrate_pages, + * munmap, nanosleep, pipe, pipe2, read, readv, pread, recv, poll, + * recvfrom, preadv, write, writev, pwrite, pwritev, select, pselect6, * copy_file_range, sendfile, tee, splice, vmsplice, alarm, pause, * send, sendto (only if addr is null), setitimer, shutdown, sigaction * (but SIGSYS is forbidden), sigaltstack, sigprocmask, sigreturn, @@ -1393,6 +1434,10 @@ int ParsePromises(const char *promises, unsigned long *out) { * `__promises` and automatically unveil() a subset of files top would * need, e.g. /proc/stat, /proc/meminfo. * + * - "tmppath" allows unlink, unlinkat, and lstat. This is mostly a + * placeholder group for pledge.com, which reads the `__promises` + * global to determine if /tmp and $TMPPATH should be unveiled. + * * `execpromises` only matters if "exec" or "execnative" are specified * in `promises`. In that case, this specifies the promises that'll * apply once execve() happens. If this is NULL then the default is diff --git a/libc/sysv/calls/clock_nanosleep.s b/libc/sysv/calls/clock_nanosleep.s index a876e3944..949c0b959 100644 --- a/libc/sysv/calls/clock_nanosleep.s +++ b/libc/sysv/calls/clock_nanosleep.s @@ -1,2 +1,2 @@ .include "o/libc/sysv/macros.internal.inc" -.scall clock_nanosleep,0xffffff0f4ffff0e6,globl +.scall clock_nanosleep,0x1ddfff0f4ffff0e6,globl diff --git a/libc/sysv/calls/get_robust_list.s b/libc/sysv/calls/get_robust_list.s index 6e74e986a..0ccb0d64e 100644 --- a/libc/sysv/calls/get_robust_list.s +++ b/libc/sysv/calls/get_robust_list.s @@ -1,2 +1,2 @@ .include "o/libc/sysv/macros.internal.inc" -.scall get_robust_list,0xfffffffffffff112,globl +.scall get_robust_list,0x0a8ffffffffff112,globl diff --git a/libc/sysv/calls/posix_fallocate.s b/libc/sysv/calls/posix_fallocate.s index f2d39da22..41815859a 100644 --- a/libc/sysv/calls/posix_fallocate.s +++ b/libc/sysv/calls/posix_fallocate.s @@ -1,2 +1,2 @@ .include "o/libc/sysv/macros.internal.inc" -.scall posix_fallocate,0xffffff212fffffff,globl,hidden +.scall posix_fallocate,0x1dffff212fffffff,globl,hidden diff --git a/libc/sysv/calls/set_robust_list.s b/libc/sysv/calls/set_robust_list.s index e7d3b36a2..58eb8ecee 100644 --- a/libc/sysv/calls/set_robust_list.s +++ b/libc/sysv/calls/set_robust_list.s @@ -1,2 +1,2 @@ .include "o/libc/sysv/macros.internal.inc" -.scall set_robust_list,0xfffffffffffff111,globl +.scall set_robust_list,0x0a7ffffffffff111,globl diff --git a/libc/sysv/calls/sys_creat.s b/libc/sysv/calls/sys_creat.s index 98cc9a51b..612c9abf5 100644 --- a/libc/sysv/calls/sys_creat.s +++ b/libc/sysv/calls/sys_creat.s @@ -1,2 +1,2 @@ .include "o/libc/sysv/macros.internal.inc" -.scall sys_creat,0xffffff008ffff055,globl,hidden +.scall sys_creat,0x008fff008ffff055,globl,hidden diff --git a/libc/sysv/calls/sys_futex.s b/libc/sysv/calls/sys_futex.s index 50ac38801..db56b252d 100644 --- a/libc/sysv/calls/sys_futex.s +++ b/libc/sysv/calls/sys_futex.s @@ -1,2 +1,2 @@ .include "o/libc/sysv/macros.internal.inc" -.scall sys_futex,0xfff053fffffff0ca,globl,hidden +.scall sys_futex,0x0a6053fffffff0ca,globl,hidden diff --git a/libc/sysv/calls/sys_killpg.s b/libc/sysv/calls/sys_killpg.s index 4d83de318..529c85a36 100644 --- a/libc/sysv/calls/sys_killpg.s +++ b/libc/sysv/calls/sys_killpg.s @@ -1,2 +1,2 @@ .include "o/libc/sysv/macros.internal.inc" -.scall sys_killpg,0xffffff092fffffff,globl,hidden +.scall sys_killpg,0x092fff092fffffff,globl,hidden diff --git a/libc/sysv/calls/sys_posix_spawn.s b/libc/sysv/calls/sys_posix_spawn.s index d9cdaeed9..3b6d84557 100644 --- a/libc/sysv/calls/sys_posix_spawn.s +++ b/libc/sysv/calls/sys_posix_spawn.s @@ -1,2 +1,2 @@ .include "o/libc/sysv/macros.internal.inc" -.scall sys_posix_spawn,0xfffffffff20f4fff,globl,hidden +.scall sys_posix_spawn,0x1daffffff20f4fff,globl,hidden diff --git a/libc/sysv/calls/sys_sync.s b/libc/sysv/calls/sys_sync.s index 75bd0f59b..060bfec46 100644 --- a/libc/sysv/calls/sys_sync.s +++ b/libc/sysv/calls/sys_sync.s @@ -1,2 +1,2 @@ .include "o/libc/sysv/macros.internal.inc" -.scall sys_sync,0xfff02402420240a2,globl,hidden +.scall sys_sync,0x02402402420240a2,globl,hidden diff --git a/libc/sysv/calls/sys_uname.s b/libc/sysv/calls/sys_uname.s index b442f3594..2f0e2f413 100644 --- a/libc/sysv/calls/sys_uname.s +++ b/libc/sysv/calls/sys_uname.s @@ -1,2 +1,2 @@ .include "o/libc/sysv/macros.internal.inc" -.scall sys_uname,0xffffff0a4ffff03f,globl,hidden +.scall sys_uname,0x0a4fff0a4ffff03f,globl,hidden diff --git a/libc/sysv/consts.sh b/libc/sysv/consts.sh index 3d24dfe05..f7a1913ff 100755 --- a/libc/sysv/consts.sh +++ b/libc/sysv/consts.sh @@ -1313,9 +1313,9 @@ syscon rusage RUSAGE_BOTH -2 99 99 99 99 99 # woop # # group name GNU/Systemd XNU's Not UNIX! FreeBSD OpenBSD NetBSD The New Technology Commentary syscon futex FUTEX_WAIT 0 0 0 1 0 0 -syscon futex FUTEX_WAKE 1 0 0 2 0 0 -syscon futex FUTEX_REQUEUE 3 0 0 3 0 0 -syscon futex FUTEX_PRIVATE_FLAG 128 0 0 128 0 0 +syscon futex FUTEX_WAKE 1 0 0 2 1 0 +syscon futex FUTEX_REQUEUE 3 0 0 3 3 0 +syscon futex FUTEX_PRIVATE_FLAG 128 0 0 128 128 0 # lio_listio() magnums # @@ -1871,9 +1871,9 @@ syscon nr __NR_kill 0x003e 0x2000025 0x0025 0x007a 0x025 0xfff syscon nr __NR_killpg 0xfff 0xfff 0x0092 0xfff 0xfff 0xfff syscon nr __NR_clone 0x0038 0xfff 0xfff 0xfff 0x11f 0xfff syscon nr __NR_tkill 0x00c8 0xfff 0xfff 0xfff 0xfff 0xfff -syscon nr __NR_futex 0x00ca 0xfff 0xfff 0x0053 0xfff 0xfff -syscon nr __NR_set_robust_list 0x0111 0xfff 0xfff 0xfff 0xfff 0xfff -syscon nr __NR_get_robust_list 0x0112 0xfff 0xfff 0xfff 0xfff 0xfff +syscon nr __NR_futex 0x00ca 0xfff 0xfff 0x0053 0x0a6 0xfff +syscon nr __NR_set_robust_list 0x0111 0xfff 0xfff 0xfff 0x0a7 0xfff +syscon nr __NR_get_robust_list 0x0112 0xfff 0xfff 0xfff 0x0a8 0xfff syscon nr __NR_uname 0x003f 0xfff 0x00a4 0xfff 0xfff 0xfff syscon nr __NR_semget 0x0040 0x20000ff 0x00dd 0x00dd 0x0dd 0xfff syscon nr __NR_semop 0x0041 0x2000100 0x00de 0x0122 0x0de 0xfff @@ -1895,7 +1895,7 @@ syscon nr __NR_fchdir 0x0051 0x200000d 0x000d 0x000d 0x00d 0xfff syscon nr __NR_rename 0x0052 0x2000080 0x0080 0x0080 0x080 0xfff syscon nr __NR_mkdir 0x0053 0x2000088 0x0088 0x0088 0x088 0xfff syscon nr __NR_rmdir 0x0054 0x2000089 0x0089 0x0089 0x089 0xfff -syscon nr __NR_creat 0x0055 0xfff 0x0008 0xfff 0xfff 0xfff +syscon nr __NR_creat 0x0055 0xfff 0x0008 0xfff 0x008 0xfff syscon nr __NR_link 0x0056 0x2000009 0x0009 0x0009 0x009 0xfff syscon nr __NR_unlink 0x0057 0x200000a 0x000a 0x000a 0x00a 0xfff syscon nr __NR_symlink 0x0058 0x2000039 0x0039 0x0039 0x039 0xfff @@ -1950,7 +1950,7 @@ syscon nr __NR_mlockall 0x0097 0x2000144 0x0144 0x010f 0x0f2 0xfff syscon nr __NR_munlockall 0x0098 0x2000145 0x0145 0x0110 0x0f3 0xfff syscon nr __NR_setrlimit 0x00a0 0x20000c3 0x00c3 0x00c3 0x0c3 0xfff syscon nr __NR_chroot 0x00a1 0x200003d 0x003d 0x003d 0x03d 0xfff -syscon nr __NR_sync 0x00a2 0x2000024 0x0024 0x0024 0xfff 0xfff +syscon nr __NR_sync 0x00a2 0x2000024 0x0024 0x0024 0x024 0xfff syscon nr __NR_acct 0x00a3 0x2000033 0x0033 0x0033 0x033 0xfff syscon nr __NR_settimeofday 0x00a4 0x200007a 0x007a 0x0044 0x1a3 0xfff syscon nr __NR_mount 0x00a5 0x20000a7 0x0015 0x0015 0x19a 0xfff @@ -2028,7 +2028,7 @@ syscon nr __NR_timer_delete 0x00e2 0xfff 0xfff 0xfff 0x0ec 0xfff syscon nr __NR_clock_settime 0x00e3 0xfff 0x00e9 0x0058 0x1ac 0xfff syscon nr __NR_clock_gettime 0x00e4 0xfff 0x00e8 0x0057 0x1ab 0xfff syscon nr __NR_clock_getres 0x00e5 0xfff 0x00ea 0x0059 0x1ad 0xfff -syscon nr __NR_clock_nanosleep 0x00e6 0xfff 0x00f4 0xfff 0xfff 0xfff +syscon nr __NR_clock_nanosleep 0x00e6 0xfff 0x00f4 0xfff 0x1dd 0xfff syscon nr __NR_tgkill 0x00ea 0xfff 0xfff 0xfff 0xfff 0xfff syscon nr __NR_mbind 0x00ed 0xfff 0xfff 0xfff 0xfff 0xfff syscon nr __NR_set_mempolicy 0x00ee 0xfff 0xfff 0xfff 0xfff 0xfff @@ -2076,7 +2076,7 @@ syscon nr __NR_preadv 0x0127 0xfff 0x0121 0x010b 0x121 0xfff syscon nr __NR_pwritev 0x0128 0xfff 0x0122 0x010c 0x122 0xfff syscon nr __NR_utimensat 0x0118 0xfff 0x0223 0x0054 0x1d3 0xfff syscon nr __NR_fallocate 0x011d 0xfff 0xfff 0xfff 0xfff 0xfff -syscon nr __NR_posix_fallocate 0xfff 0xfff 0x0212 0xfff 0xfff 0xfff +syscon nr __NR_posix_fallocate 0xfff 0xfff 0x0212 0xfff 0x1df 0xfff syscon nr __NR_accept4 0x0120 0xfff 0x021d 0x005d 0xfff 0xfff syscon nr __NR_dup3 0x0124 0xfff 0xfff 0x0066 0x1c6 0xfff syscon nr __NR_pipe2 0x0125 0xfff 0x021e 0x0065 0x1c5 0xfff diff --git a/libc/sysv/consts/CLOSE_RANGE_CLOEXEC.S b/libc/sysv/consts/CLOSE_RANGE_CLOEXEC.S new file mode 100644 index 000000000..b474fd385 --- /dev/null +++ b/libc/sysv/consts/CLOSE_RANGE_CLOEXEC.S @@ -0,0 +1,2 @@ +#include "libc/sysv/consts/syscon.internal.h" +.syscon close,CLOSE_RANGE_CLOEXEC,4,-1,-1,-1,-1,-1 diff --git a/libc/sysv/consts/CLOSE_RANGE_UNSHARE.S b/libc/sysv/consts/CLOSE_RANGE_UNSHARE.S new file mode 100644 index 000000000..ecb86e410 --- /dev/null +++ b/libc/sysv/consts/CLOSE_RANGE_UNSHARE.S @@ -0,0 +1,2 @@ +#include "libc/sysv/consts/syscon.internal.h" +.syscon close,CLOSE_RANGE_UNSHARE,2,-1,-1,-1,-1,-1 diff --git a/libc/sysv/consts/EBADFD.S b/libc/sysv/consts/EBADFD.S index 451998577..ffeca98d9 100644 --- a/libc/sysv/consts/EBADFD.S +++ b/libc/sysv/consts/EBADFD.S @@ -1,2 +1,2 @@ #include "libc/sysv/consts/syscon.internal.h" -.syscon junkerr,EBADFD,77,9,0,0,0,0 +.syscon errno,EBADFD,77,9,0,0,0,0 diff --git a/libc/sysv/consts/FUTEX_PRIVATE_FLAG.S b/libc/sysv/consts/FUTEX_PRIVATE_FLAG.S index 7bce21bc4..06ec99a90 100644 --- a/libc/sysv/consts/FUTEX_PRIVATE_FLAG.S +++ b/libc/sysv/consts/FUTEX_PRIVATE_FLAG.S @@ -1,2 +1,2 @@ #include "libc/sysv/consts/syscon.internal.h" -.syscon futex,FUTEX_PRIVATE_FLAG,128,0,0,128,0,0 +.syscon futex,FUTEX_PRIVATE_FLAG,128,0,0,128,128,0 diff --git a/libc/sysv/consts/FUTEX_REQUEUE.S b/libc/sysv/consts/FUTEX_REQUEUE.S index bd5951023..02f722784 100644 --- a/libc/sysv/consts/FUTEX_REQUEUE.S +++ b/libc/sysv/consts/FUTEX_REQUEUE.S @@ -1,2 +1,2 @@ #include "libc/sysv/consts/syscon.internal.h" -.syscon futex,FUTEX_REQUEUE,3,0,0,3,0,0 +.syscon futex,FUTEX_REQUEUE,3,0,0,3,3,0 diff --git a/libc/sysv/consts/FUTEX_WAKE.S b/libc/sysv/consts/FUTEX_WAKE.S index db8ae328c..9f4044bdf 100644 --- a/libc/sysv/consts/FUTEX_WAKE.S +++ b/libc/sysv/consts/FUTEX_WAKE.S @@ -1,2 +1,2 @@ #include "libc/sysv/consts/syscon.internal.h" -.syscon futex,FUTEX_WAKE,1,0,0,2,0,0 +.syscon futex,FUTEX_WAKE,1,0,0,2,1,0 diff --git a/libc/sysv/consts/__NR_clock_nanosleep.S b/libc/sysv/consts/__NR_clock_nanosleep.S index acc6517f4..f5be9d951 100644 --- a/libc/sysv/consts/__NR_clock_nanosleep.S +++ b/libc/sysv/consts/__NR_clock_nanosleep.S @@ -1,2 +1,2 @@ #include "libc/sysv/consts/syscon.internal.h" -.syscon nr,__NR_clock_nanosleep,0x00e6,0xfff,0x00f4,0xfff,0xfff,0xfff +.syscon nr,__NR_clock_nanosleep,0x00e6,0xfff,0x00f4,0xfff,0x1dd,0xfff diff --git a/libc/sysv/consts/__NR_creat.S b/libc/sysv/consts/__NR_creat.S index 5b87155a6..1286d7929 100644 --- a/libc/sysv/consts/__NR_creat.S +++ b/libc/sysv/consts/__NR_creat.S @@ -1,2 +1,2 @@ #include "libc/sysv/consts/syscon.internal.h" -.syscon nr,__NR_creat,0x0055,0xfff,0x0008,0xfff,0xfff,0xfff +.syscon nr,__NR_creat,0x0055,0xfff,0x0008,0xfff,0x008,0xfff diff --git a/libc/sysv/consts/__NR_futex.S b/libc/sysv/consts/__NR_futex.S index 42e14e819..4e5a6613e 100644 --- a/libc/sysv/consts/__NR_futex.S +++ b/libc/sysv/consts/__NR_futex.S @@ -1,2 +1,2 @@ #include "libc/sysv/consts/syscon.internal.h" -.syscon nr,__NR_futex,0x00ca,0xfff,0xfff,0x0053,0xfff,0xfff +.syscon nr,__NR_futex,0x00ca,0xfff,0xfff,0x0053,0x0a6,0xfff diff --git a/libc/sysv/consts/__NR_get_robust_list.S b/libc/sysv/consts/__NR_get_robust_list.S index 6ca74edb8..7ec5b07dc 100644 --- a/libc/sysv/consts/__NR_get_robust_list.S +++ b/libc/sysv/consts/__NR_get_robust_list.S @@ -1,2 +1,2 @@ #include "libc/sysv/consts/syscon.internal.h" -.syscon nr,__NR_get_robust_list,0x0112,0xfff,0xfff,0xfff,0xfff,0xfff +.syscon nr,__NR_get_robust_list,0x0112,0xfff,0xfff,0xfff,0x0a8,0xfff diff --git a/libc/sysv/consts/__NR_posix_fallocate.S b/libc/sysv/consts/__NR_posix_fallocate.S index f805e60a8..3ef4ebf94 100644 --- a/libc/sysv/consts/__NR_posix_fallocate.S +++ b/libc/sysv/consts/__NR_posix_fallocate.S @@ -1,2 +1,2 @@ #include "libc/sysv/consts/syscon.internal.h" -.syscon nr,__NR_posix_fallocate,0xfff,0xfff,0x0212,0xfff,0xfff,0xfff +.syscon nr,__NR_posix_fallocate,0xfff,0xfff,0x0212,0xfff,0x1df,0xfff diff --git a/libc/sysv/consts/__NR_set_robust_list.S b/libc/sysv/consts/__NR_set_robust_list.S index 039210c57..f60b8c7e7 100644 --- a/libc/sysv/consts/__NR_set_robust_list.S +++ b/libc/sysv/consts/__NR_set_robust_list.S @@ -1,2 +1,2 @@ #include "libc/sysv/consts/syscon.internal.h" -.syscon nr,__NR_set_robust_list,0x0111,0xfff,0xfff,0xfff,0xfff,0xfff +.syscon nr,__NR_set_robust_list,0x0111,0xfff,0xfff,0xfff,0x0a7,0xfff diff --git a/libc/sysv/consts/__NR_sync.S b/libc/sysv/consts/__NR_sync.S index a8d872eae..78ee50ed5 100644 --- a/libc/sysv/consts/__NR_sync.S +++ b/libc/sysv/consts/__NR_sync.S @@ -1,2 +1,2 @@ #include "libc/sysv/consts/syscon.internal.h" -.syscon nr,__NR_sync,0x00a2,0x2000024,0x0024,0x0024,0xfff,0xfff +.syscon nr,__NR_sync,0x00a2,0x2000024,0x0024,0x0024,0x024,0xfff diff --git a/libc/sysv/syscalls.sh b/libc/sysv/syscalls.sh index 779f34298..1bd182c30 100755 --- a/libc/sysv/syscalls.sh +++ b/libc/sysv/syscalls.sh @@ -92,17 +92,17 @@ scall sys_setsockopt 0x0690690692069036 globl hidden scall sys_getsockopt 0x0760760762076037 globl hidden scall sys_fork 0x0020020022002039 globl hidden # xnu needs eax&=~-edx bc eax always holds pid and edx is 0 for parent and 1 for child #scall vfork 0x042042042204203a globl # this syscall is from the moon so we implement it by hand in libc/runtime/vfork.S; probably removed from XNU in 12.5 -scall sys_posix_spawn 0xfffffffff20f4fff globl hidden # good luck figuring out how xnu defines this +scall sys_posix_spawn 0x1daffffff20f4fff globl hidden # good luck figuring out how xnu defines this scall __sys_execve 0x03b03b03b203b03b globl hidden scall __sys_wait4 0x1c100b007200703d globl hidden scall sys_kill 0x02507a025202503e globl hidden # kill(pid, sig, 1) b/c xnu -scall sys_killpg 0xffffff092fffffff globl hidden +scall sys_killpg 0x092fff092fffffff globl hidden scall sys_clone 0x11fffffffffff038 globl hidden scall sys_tkill 0x13e0771b121690c8 globl hidden # thr_kill() on freebsd; _lwp_kill() on netbsd; thrkill() on openbsd where arg3 should be 0; bsdthread_terminate() on XNU which only has 1 arg -scall sys_futex 0xfff053fffffff0ca globl hidden -scall set_robust_list 0xfffffffffffff111 globl -scall get_robust_list 0xfffffffffffff112 globl -scall sys_uname 0xffffff0a4ffff03f globl hidden +scall sys_futex 0x0a6053fffffff0ca globl hidden # raises SIGSYS on NetBSD +scall set_robust_list 0x0a7ffffffffff111 globl +scall get_robust_list 0x0a8ffffffffff112 globl +scall sys_uname 0x0a4fff0a4ffff03f globl hidden scall semget 0x0dd0dd0dd20ff040 globl # won't polyfill for windows scall semop 0x0de1220de2100041 globl # won't polyfill for windows scall semctl 0xfff1271fe20fe042 globl # won't polyfill for windows @@ -123,7 +123,7 @@ scall sys_fchdir 0x00d00d00d200d051 globl hidden scall sys_rename 0x0800800802080052 globl hidden scall sys_mkdir 0x0880880882088053 globl hidden scall sys_rmdir 0x0890890892089054 globl hidden -scall sys_creat 0xffffff008ffff055 globl hidden +scall sys_creat 0x008fff008ffff055 globl hidden scall sys_link 0x0090090092009056 globl hidden scall sys_unlink 0x00a00a00a200a057 globl hidden scall sys_symlink 0x0390390392039058 globl hidden @@ -178,7 +178,7 @@ scall mlockall 0x0f210f1442144097 globl scall munlockall 0x0f31101452145098 globl scall sys_setrlimit 0x0c30c30c320c30a0 globl hidden scall sys_chroot 0x03d03d03d203d0a1 globl hidden -scall sys_sync 0xfff02402420240a2 globl hidden +scall sys_sync 0x02402402420240a2 globl hidden scall acct 0x03303303320330a3 globl scall settimeofday 0x1a304407a207a0a4 globl scall sys_mount 0x19a01501520a70a5 globl hidden @@ -263,9 +263,9 @@ scall ktimer_settime 0xffffff0edfffffff globl scall clock_settime 0x1ac0580e9ffff0e3 globl scall sys_clock_gettime 0x1ab0570e8ffff0e4 globl hidden # Linux 2.6+ (c. 2003); XNU uses magic address scall sys_clock_getres 0x1ad0590eaffff0e5 globl hidden -scall clock_nanosleep 0xffffff0f4ffff0e6 globl +scall clock_nanosleep 0x1ddfff0f4ffff0e6 globl scall sys_tgkill 0xfffffffffffff0ea globl hidden -scall mbind 0xfffffffffffff0ed globl +scall mbind 0xfffffffffffff0ed globl # numa numa yeah scall set_mempolicy 0xfffffffffffff0ee globl scall get_mempolicy 0xfffffffffffff0ef globl scall mq_open 0x101ffffffffff0f0 globl # won't polyfill @@ -312,7 +312,7 @@ scall sys_preadv 0x12110b121221c127 globl hidden # ├─ last distro with sys scall sys_pwritev 0x12210c122221d128 globl hidden # ├─ rob landley unleashes busybox gpl lawsuits scall __sys_utimensat 0x1d3054223ffff118 globl hidden # ├─ python modules need this due to pep513 scall fallocate 0xfffffffffffff11d globl hidden # ├─ end of life 2020-11-30 (extended) -scall posix_fallocate 0xffffff212fffffff globl hidden # └─ cosmopolitan supports rhel5+ +scall posix_fallocate 0x1dffff212fffffff globl hidden # └─ cosmopolitan supports rhel5+ scall __sys_accept4 0xfff05d21dffff120 globl hidden # Linux 2.6.28+ scall __sys_dup3 0x1c6066fffffff124 globl hidden # Linux 2.6.27+ scall __sys_pipe2 0x1c506521effff125 globl hidden # Linux 2.6.27+ diff --git a/test/libc/runtime/clone_test.c b/test/libc/runtime/clone_test.c index 54566650d..e0ea8146d 100644 --- a/test/libc/runtime/clone_test.c +++ b/test/libc/runtime/clone_test.c @@ -20,6 +20,7 @@ #include "libc/calls/struct/timespec.h" #include "libc/dce.h" #include "libc/errno.h" +#include "libc/intrin/futex.internal.h" #include "libc/intrin/kprintf.h" #include "libc/intrin/spinlock.h" #include "libc/intrin/wait0.internal.h" @@ -36,6 +37,7 @@ #include "libc/sysv/consts/clock.h" #include "libc/sysv/consts/clone.h" #include "libc/sysv/consts/map.h" +#include "libc/sysv/consts/nr.h" #include "libc/sysv/consts/o.h" #include "libc/sysv/consts/prot.h" #include "libc/sysv/consts/sig.h" @@ -62,6 +64,10 @@ void *__initialize_tls(char tib[64]) { return tib; } +int Hog(void *arg, int tid) { + return 0; +} + void SetUp(void) { x = 0; me = gettid(); diff --git a/third_party/lua/lunix.c b/third_party/lua/lunix.c index ae25f8c95..aa63eca9c 100644 --- a/third_party/lua/lunix.c +++ b/third_party/lua/lunix.c @@ -480,25 +480,19 @@ static int LuaUnixChmod(lua_State *L) { // ├─→ content:str // └─→ nil, unix.Errno static int LuaUnixReadlink(lua_State *L) { - char *buf; + size_t got; ssize_t rc; - const char *path; - int dirfd, olderr = errno; - size_t got, bufsiz = 8192; - path = luaL_checkstring(L, 1); - dirfd = luaL_optinteger(L, 2, AT_FDCWD); - buf = LuaAllocOrDie(L, bufsiz); - if ((rc = readlinkat(dirfd, path, buf, bufsiz)) != -1) { - got = rc; - if (got < bufsiz) { - lua_pushlstring(L, buf, got); - free(buf); + luaL_Buffer lb; + int olderr = errno; + if ((rc = readlinkat(luaL_optinteger(L, 2, AT_FDCWD), luaL_checkstring(L, 1), + luaL_buffinitsize(L, &lb, BUFSIZ), BUFSIZ)) != -1) { + if ((got = rc) < BUFSIZ) { + luaL_pushresultsize(&lb, got); return 1; } else { enametoolong(); } } - free(buf); return LuaUnixSysretErrno(L, "readlink", olderr); } diff --git a/tool/build/pledge.c b/tool/build/pledge.c index 7d092aeb9..77e7f0d11 100644 --- a/tool/build/pledge.c +++ b/tool/build/pledge.c @@ -90,6 +90,7 @@ usage: pledge.com [-hnN] PROG ARGS...\n\ - exec: implied by default\n\ - prot_exec: allow creating executable memory\n\ - vminfo: allows /proc/stat, /proc/self/maps, etc.\n\ + - tmppath: allows /tmp, $TMPPATH, lstat, unlink\n\ \n\ pledge.com v1.1\n\ copyright 2022 justine alexandra roberts tunney\n\ @@ -413,7 +414,7 @@ void ApplyFilesystemPolicy(unsigned long ipromises) { UnveilIfExists("/dev/stdout", "rw"); UnveilIfExists("/dev/stderr", "rw"); UnveilIfExists("/dev/urandom", "r"); - UnveilIfExists("/dev/localtime", "r"); + UnveilIfExists("/etc/localtime", "r"); UnveilIfExists("/proc/self/fd", "rw"); UnveilIfExists("/proc/self/stat", "r"); UnveilIfExists("/proc/self/status", "r"); @@ -445,8 +446,10 @@ void ApplyFilesystemPolicy(unsigned long ipromises) { if (~ipromises & (1ul << PROMISE_TTY)) { UnveilIfExists(ttyname(0), "rw"); - UnveilIfExists("/etc/tty", "rw"); - UnveilIfExists("/etc/console", "rw"); + UnveilIfExists("/dev/tty", "rw"); + UnveilIfExists("/dev/console", "rw"); + UnveilIfExists("/etc/terminfo", "r"); + UnveilIfExists("/usr/lib/terminfo", "r"); UnveilIfExists("/usr/share/terminfo", "r"); } @@ -463,6 +466,11 @@ void ApplyFilesystemPolicy(unsigned long ipromises) { UnveilIfExists("/sys/devices/system/cpu", "r"); } + if (~ipromises & (1ul << PROMISE_TMPPATH)) { + UnveilIfExists("/tmp", "rwc"); + UnveilIfExists(getenv("TMPPATH"), "rwc"); + } + for (int i = 0; i < unveils.n; ++i) { char *s, *t; const char *path; @@ -476,7 +484,7 @@ void ApplyFilesystemPolicy(unsigned long ipromises) { perm = "r"; path = s; } - Unveil(path, perm); + UnveilIfExists(path, perm); } if (unveil(0, 0) == -1) {