From aa34340f3d677c4dbf714ef1b33b3d894cb4de66 Mon Sep 17 00:00:00 2001 From: Justine Tunney Date: Fri, 15 Jul 2022 20:47:20 -0700 Subject: [PATCH] Add pipelining to cocmd --- libc/mem/pledge.c | 10 ++- libc/runtime/mapstack.c | 11 +-- test/libc/mem/pledge_test.c | 5 +- tool/build/cocmd.c | 132 +++++++++++++++++++++--------------- 4 files changed, 90 insertions(+), 68 deletions(-) diff --git a/libc/mem/pledge.c b/libc/mem/pledge.c index d0ecddb11..4e82a4998 100644 --- a/libc/mem/pledge.c +++ b/libc/mem/pledge.c @@ -1124,9 +1124,13 @@ static void SetPromises(const char *promises) { * OpenBSD just kills the process while logging a helpful message to * /var/log/messages explaining which promise category you needed. * - * By default exit and exit_group are always allowed. This is useful - * for processes that perform pure computation and interface with the - * parent via shared memory. + * By default exit() is allowed. This is useful for processes that + * perform pure computation and interface with the parent via shared + * memory. On Linux we mean sys_exit (_Exit1), not sys_exit_group + * (_Exit). The difference is effectively meaningless, since _Exit() + * will attempt both. All it means is that, if you're using threads, + * then a `pledge("", 0)` thread can't kill all your threads unless you + * `pledge("stdio", 0)`. * * Once pledge is in effect, the chmod functions (if allowed) will not * permit the sticky/setuid/setgid bits to change. Linux will EPERM here diff --git a/libc/runtime/mapstack.c b/libc/runtime/mapstack.c index e1c67c442..e421f5bfb 100644 --- a/libc/runtime/mapstack.c +++ b/libc/runtime/mapstack.c @@ -26,12 +26,6 @@ #include "libc/sysv/consts/map.h" #include "libc/sysv/consts/prot.h" -static char *_stkbase; - -__attribute__((__constructor__)) static void init(void) { - _stkbase = (char *)kFixedmapStart; -} - /** * Allocates stack. * @@ -47,13 +41,12 @@ __attribute__((__constructor__)) static void init(void) { */ void *_mapstack(void) { char *p; - if ((p = mmap(_stkbase, GetStackSize(), PROT_READ | PROT_WRITE, - MAP_STACK | MAP_ANONYMOUS | MAP_FIXED, -1, 0)) != MAP_FAILED) { + if ((p = mmap(0, GetStackSize(), PROT_READ | PROT_WRITE, + MAP_STACK | MAP_ANONYMOUS, -1, 0)) != MAP_FAILED) { if (IsAsan()) { __asan_poison(p + GetStackSize() - 16, 16, kAsanStackOverflow); __asan_poison(p, 4096, kAsanStackOverflow); } - _stkbase += GetStackSize() * 4; return p; } else { return 0; diff --git a/test/libc/mem/pledge_test.c b/test/libc/mem/pledge_test.c index 6675ac226..67b4ec27e 100644 --- a/test/libc/mem/pledge_test.c +++ b/test/libc/mem/pledge_test.c @@ -328,7 +328,6 @@ TEST(pledge, msyscall) { TEST(pledge, chmod_ignoresDangerBits) { if (IsOpenbsd()) return; // b/c testing linux bpf int ws, pid; - struct stat st; ASSERT_SYS(0, 3, creat("foo", 0644)); ASSERT_NE(-1, (pid = fork())); if (!pid) { @@ -390,6 +389,10 @@ TEST(pledge, open_cpath) { if (!pid) { ASSERT_SYS(0, 0, pledge("stdio cpath", 0)); ASSERT_SYS(0, 3, open("foo", O_WRONLY | O_TRUNC | O_CREAT, 0644)); + ASSERT_SYS(0, 0, fstat(3, &st)); + ASSERT_EQ(0100644, st.st_mode); + // make sure open() can't apply the setuid bit + ASSERT_SYS(EPERM, -1, open("bar", O_WRONLY | O_TRUNC | O_CREAT, 04644)); _Exit(0); } EXPECT_NE(-1, wait(&ws)); diff --git a/tool/build/cocmd.c b/tool/build/cocmd.c index b0be5285a..64da03cd1 100644 --- a/tool/build/cocmd.c +++ b/tool/build/cocmd.c @@ -38,41 +38,79 @@ char *p; char *q; +size_t n; char *cmd; char *args[8192]; const char *prog; char argbuf[ARG_MAX]; bool unsupported[256]; +void Write(const char *s, ...) { + va_list va; + va_start(va, s); + do { + write(2, s, strlen(s)); + } while ((s = va_arg(va, const char *))); + va_end(va); +} + wontreturn void UnsupportedSyntax(unsigned char c) { + char cbuf[2]; char ibuf[13]; + cbuf[0] = c; + cbuf[1] = 0; FormatOctal32(ibuf, c, true); - fputs(prog, stderr); - fputs(": unsupported shell syntax '", stderr); - fputc(c, stderr); - fputs("' (", stderr); - fputs(ibuf, stderr); - fputs("): ", stderr); - fputs(cmd, stderr); - fputs("\n", stderr); - exit(1); + Write(prog, ": unsupported shell syntax '", cbuf, "' (", ibuf, "): ", cmd, + "\n", 0); + exit(4); +} + +wontreturn void SysExit(int rc, const char *call, const char *thing) { + int err; + char ibuf[12]; + const char *estr; + err = errno; + FormatInt32(ibuf, err); + estr = strerdoc(err); + if (!estr) estr = "EUNKNOWN"; + Write(thing, ": ", call, "() failed: ", estr, " (", ibuf, ")\n", 0); + exit(rc); } void Open(const char *path, int fd, int flags) { const char *err; close(fd); if (open(path, flags, 0644) == -1) { - err = strerdoc(errno); - fputs(prog, stderr); - fputs(": failed to open '", stderr); - fputs(path, stderr); - fputs("': ", stderr); - fputs(err, stderr); - fputs("\n", stderr); - exit(1); + SysExit(7, "open", path); } } +wontreturn void Exec(void) { + const char *s; + if (!n) { + Write(prog, ": error: too few args\n", 0); + exit(5); + } + execv(args[0], args); + SysExit(127, "execve", args[0]); +} + +void Pipe(void) { + int pid, pfds[2]; + if (pipe2(pfds, O_CLOEXEC)) { + SysExit(8, "pipe2", prog); + } + if ((pid = vfork()) == -1) { + SysExit(9, "vfork", prog); + } + if (!pid) { + dup2(pfds[1], 1); + Exec(); + } + dup2(pfds[0], 0); + n = 0; +} + char *Tokenize(void) { int t; char *r; @@ -97,6 +135,14 @@ char *Tokenize(void) { } else if (*p == '\\') { if (!p[1]) UnsupportedSyntax(*p); *q++ = *++p; + } else if (*p == '|') { + if (q > r) { + *q = 0; + return r; + } else { + Pipe(); + ++p; + } } else { *q++ = *p; } @@ -104,8 +150,8 @@ char *Tokenize(void) { case STATE_STR: if (!*p) { - fputs("cmd: error: unterminated string\n", stderr); - exit(1); + Write("cmd: error: unterminated string\n", 0); + exit(6); } if (*p == '\'') { t = STATE_SHELL; @@ -121,8 +167,8 @@ char *Tokenize(void) { } int main(int argc, char *argv[]) { - char *s, *arg; - size_t i, j, n; + char *arg; + size_t i, j; prog = argc > 0 ? argv[0] : "cocmd.com"; for (i = 1; i < 32; ++i) { @@ -136,7 +182,6 @@ int main(int argc, char *argv[]) { unsupported['*'] = true; unsupported['('] = true; unsupported[')'] = true; - unsupported['|'] = true; unsupported['['] = true; unsupported[']'] = true; unsupported['{'] = true; @@ -147,24 +192,19 @@ int main(int argc, char *argv[]) { unsupported['!'] = true; if (argc != 3) { - fputs(prog, stderr); - fputs(": error: wrong number of args\n", stderr); - return 1; + Write(prog, ": error: wrong number of args\n", 0); + exit(10); } if (strcmp(argv[1], "-c")) { - fputs(prog, stderr); - fputs(": error: argv[1] should -c\n", stderr); - return 1; + Write(prog, ": error: argv[1] should -c\n", 0); + exit(11); } p = cmd = argv[2]; if (strlen(cmd) >= ARG_MAX) { - fputs(prog, stderr); - fputs(": error: cmd too long: ", stderr); - fputs(cmd, stderr); - fputs("\n", stderr); - return 1; + Write(prog, ": error: cmd too long: ", cmd, "\n", 0); + exit(12); } n = 0; @@ -188,31 +228,13 @@ int main(int argc, char *argv[]) { Open(arg + 1, 0, O_RDONLY); } else { args[n++] = arg; + args[n] = 0; } } else { - fputs(prog, stderr); - fputs(": error: too many args\n", stderr); - return 1; + Write(prog, ": error: too many args\n", 0); + exit(13); } } - if (!n) { - fputs(prog, stderr); - fputs(": error: too few args\n", stderr); - return 1; - } - - execv(args[0], args); - if (!n) { - s = strerdoc(errno); - fputs(prog, stderr); - fputs(": execve '", stderr); - fputs(args[0], stderr); - fputs("' failed: ", stderr); - fputs(s, stderr); - fputs("\n", stderr); - return 1; - } - - return 127; + Exec(); }