mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-07-02 17:28:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Validate privileged code relationships

Browse source 
- Work towards improving non-optimized build support
- Introduce MODE=zero which is -O0 without ASAN/UBSAN
- Use system GCC when ~/.cosmo.mk has USE_SYSTEM_TOOLCHAIN=1
- Have package.com check .privileged code doesn't call non-privileged
This commit is contained in:
Justine Tunney 2023-06-08 04:37:05 -07:00
parent 01fd655097
commit daf4454a06
No known key found for this signature in database
GPG key ID: BE714B4575D6E328
82 changed files with 808 additions and 850 deletions
Download patch file Download diff file Expand all files Collapse all files

4
libc/intrin/formatint32.c
View file

@ -24,7 +24,7 @@
* @param p needs at least 12 bytes
* @return pointer to nul byte
*/
dontinline char *FormatUint32(char p[hasatleast 12], uint32_t x) {
privileged dontinline char *FormatUint32(char p[hasatleast 12], uint32_t x) {
char t;
size_t i, a, b;
i = 0;
@ -49,7 +49,7 @@ dontinline char *FormatUint32(char p[hasatleast 12], uint32_t x) {
* @param p needs at least 12 bytes
* @return pointer to nul byte
*/
char *FormatInt32(char p[hasatleast 12], int32_t x) {
privileged char *FormatInt32(char p[hasatleast 12], int32_t x) {
if (x < 0) *p++ = '-', x = -(uint32_t)x;
return FormatUint32(p, x);
}

2
libc/intrin/getmagnumstr.c
View file

@ -18,7 +18,7 @@
*/
#include "libc/fmt/magnumstrs.internal.h"
char *GetMagnumStr(const struct MagnumStr *ms, int x) {
privileged char *GetMagnumStr(const struct MagnumStr *ms, int x) {
int i;
for (i = 0; ms[i].x != MAGNUM_TERMINATOR; ++i) {
if (x == MAGNUM_NUMBER(ms, i)) {

15
libc/intrin/intrin.mk
View file

@ -72,6 +72,7 @@ o/$(MODE)/libc/intrin/mman.greg.o: private \
o/$(MODE)/libc/intrin/asan.o \
o/$(MODE)/libc/intrin/ubsan.o: private \
CFLAGS += \
-ffreestanding \
-fno-sanitize=all \
-fno-stack-protector
@ -84,7 +85,6 @@ o/$(MODE)/libc/intrin/asan.o: private \
o/$(MODE)/libc/intrin/asanthunk.o: private \
CFLAGS += \
-x-no-pg \
$(MNO_FENTRY) \
-ffreestanding \
-fno-sanitize=all \
-fno-stack-protector
@ -100,7 +100,6 @@ o/$(MODE)/libc/intrin/kprintf.greg.o: private \
-fpie \
-fwrapv \
-x-no-pg \
$(MNO_FENTRY) \
-ffreestanding \
-fno-sanitize=all \
-fno-stack-protector
@ -115,7 +114,6 @@ o/$(MODE)/libc/intrin/_spinlock_debug_4.o: private \
CFLAGS += \
-fwrapv \
-x-no-pg \
$(MNO_FENTRY) \
-ffreestanding \
-fno-sanitize=all \
-mgeneral-regs-only \
@ -187,6 +185,17 @@ o/$(MODE)/libc/intrin/wsawaitformultipleevents.o: private\
-fno-stack-protector \
-fno-sanitize=all
# privileged functions
o/$(MODE)/libc/intrin/dos2errno.o \
o/$(MODE)/libc/intrin/have_fsgsbase.o \
o/$(MODE)/libc/intrin/getmagnumstr.o \
o/$(MODE)/libc/intrin/formatint32.o \
o/$(MODE)/libc/intrin/strsignal_r.o \
o/$(MODE)/libc/intrin/strerror_wr.o: private \
CFLAGS += \
-ffreestanding \
-fno-sanitize=all
o//libc/intrin/memmove.o: private \
CFLAGS += \
-fno-toplevel-reorder

2
libc/intrin/isatleastwindows10.greg.c
View file

@ -16,7 +16,6 @@
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
*/
#include "libc/assert.h"
#include "libc/dce.h"
#include "libc/nt/version.h"
@ -26,6 +25,5 @@
* This function may only be called if IsWindows() is true.
*/
privileged bool(IsAtLeastWindows10)(void) {
_unassert(IsWindows());
return IsAtLeastWindows10();
}

13
libc/intrin/kprintf.greg.c
View file

@ -287,6 +287,7 @@ privileged static size_t kformat(char *b, size_t n, const char *fmt,
cols = 0;
zero = 0;
uppr = 0;
ansi = 0;
abet = "0123456789abcdef";
for (;;) {
switch ((c = *f++)) {
@ -392,7 +393,7 @@ privileged static size_t kformat(char *b, size_t n, const char *fmt,
*p++ = '3';
*p++ = '0' + x % 8;
*p++ = 'm';
ansi = true;
ansi = 1;
}
} else {
x = 666;
@ -527,10 +528,10 @@ privileged static size_t kformat(char *b, size_t n, const char *fmt,
unixerr = errno;
winerr = 0;
if (IsWindows()) {
if (type == 1 && _weaken(WSAGetLastError)) {
winerr = _weaken(WSAGetLastError)();
} else if (_weaken(GetLastError)) {
winerr = _weaken(GetLastError)();
if (type == 1 && _weaken(__imp_WSAGetLastError)) {
winerr = (*_weaken(__imp_WSAGetLastError))();
} else if (_weaken(__imp_GetLastError)) {
winerr = (*_weaken(__imp_GetLastError))();
}
}
if (!unixerr && sign == ' ') {
@ -777,7 +778,7 @@ privileged static size_t kformat(char *b, size_t n, const char *fmt,
*p++ = '0';
*p++ = 'm';
}
ansi = false;
ansi = 0;
}
break;
}

23
libc/intrin/nopl.internal.h
View file

@ -2,7 +2,7 @@
#define COSMOPOLITAN_LIBC_INTRIN_NOPL_H_
#if !(__ASSEMBLER__ + __LINKER__ + 0) && defined(__x86_64__) && \
defined(__GNUC__) && !defined(__llvm__) && !defined(__chibicc__) && \
!defined(__STRICT_ANSI__)
defined(__MNO_RED_ZONE__) && !defined(__STRICT_ANSI__)
/**
* @fileoverview Turns CALLs into NOPs that are fixupable at runtime.
@ -35,34 +35,39 @@
".equ\t\"" SECTION "_end\",.\n\t" \
".previous\n\t"
#define _NOPL0(SECTION, FUNC) \
#define _NOPL0(SECTION, FUNC) __NOPL0(SECTION, FUNC, IMAGE_BASE_VIRTUAL)
#define __NOPL0(SECTION, FUNC, GARDEN) ___NOPL0(SECTION, FUNC, GARDEN)
#define ___NOPL0(SECTION, FUNC, GARDEN) \
({ \
asm volatile(_NOPL_PROLOGUE(SECTION) /* */ \
_NOPL_EPILOGUE(SECTION) /* */ \
".section \".sort.rodata." SECTION ".2\",\"a\",@progbits\n\t" \
".balign\t4\n\t" \
".long\t353f-%a1\n\t" \
".long\t353f-" #GARDEN "\n\t" \
".previous\n353:\t" \
"nopl\t%a0" \
"nopl\t" #FUNC "(%%rip)" \
: /* no inputs */ \
: "X"(FUNC), "X"(IMAGE_BASE_VIRTUAL) \
: /* no outputs */ \
: "rax", "rdi", "rsi", "rdx", "rcx", "r8", "r9", "r10", \
"r11", "memory", "cc"); \
(void)0; \
})
#define _NOPL1(SECTION, FUNC, ARG) \
#define _NOPL1(SECTION, FUNC, ARG) \
__NOPL1(SECTION, FUNC, ARG, IMAGE_BASE_VIRTUAL)
#define __NOPL1(SECTION, FUNC, ARG, GARDEN) ___NOPL1(SECTION, FUNC, ARG, GARDEN)
#define ___NOPL1(SECTION, FUNC, ARG, GARDEN) \
({ \
register autotype(ARG) __arg asm("rdi") = ARG; \
asm volatile(_NOPL_PROLOGUE(SECTION) /* */ \
_NOPL_EPILOGUE(SECTION) /* */ \
".section \".sort.rodata." SECTION ".2\",\"a\",@progbits\n\t" \
".balign\t4\n\t" \
".long\t353f-%a2\n\t" \
".long\t353f-" #GARDEN "\n\t" \
".previous\n353:\t" \
"nopl\t%a1" \
"nopl\t" #FUNC "(%%rip)" \
: "+D"(__arg) \
: "X"(FUNC), "X"(IMAGE_BASE_VIRTUAL) \
: /* no inputs */ \
: "rax", "rsi", "rdx", "rcx", "r8", "r9", "r10", "r11", \
"memory", "cc"); \
(void)0; \

2
libc/intrin/printsystemmappings.greg.c
View file

@ -22,7 +22,7 @@
#include "libc/sysv/consts/at.h"
#include "libc/sysv/consts/o.h"
privileged void PrintSystemMappings(int outfd) {
void PrintSystemMappings(int outfd) {
int infd;
ssize_t rc;
char buf[64];

2
libc/intrin/restorewintty.c
View file

@ -35,7 +35,7 @@ const unsigned char kConsoleHandles[3] = {
};
// Puts cmd.exe gui back the way it was.
noinstrument void _restorewintty(void) {
privileged noinstrument void _restorewintty(void) {
if (!IsWindows()) return;
if (__imp_GetCurrentProcessId() != __pid_exec) return;
for (int i = 0; i < 3; ++i) {

14
libc/intrin/strerror_wr.greg.c
View file

@ -16,10 +16,10 @@
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
*/
#define ShouldUseMsabiAttribute() 1
#include "libc/dce.h"
#include "libc/fmt/fmt.h"
#include "libc/intrin/kprintf.h"
#include "libc/intrin/safemacros.internal.h"
#include "libc/macros.internal.h"
#include "libc/nt/enum/formatmessageflags.h"
#include "libc/nt/enum/lang.h"
@ -39,8 +39,14 @@ privileged int strerror_wr(int err, uint32_t winerr, char *buf, size_t size) {
char16_t winmsg[256];
const char *sym, *msg;
wanting = false;
sym = firstnonnull(_strerrno(err), (wanting = true, "EUNKNOWN"));
msg = firstnonnull(_strerdoc(err), (wanting = true, "No error information"));
if (!(sym = _strerrno(err))) {
sym = "EUNKNOWN";
wanting = true;
}
if (!(msg = _strerdoc(err))) {
msg = "No error information";
wanting = true;
}
if (IsTiny()) {
if (!sym) sym = "EUNKNOWN";
for (; (c = *sym++); --size)
@ -49,7 +55,7 @@ privileged int strerror_wr(int err, uint32_t winerr, char *buf, size_t size) {
} else if (!IsWindows() || ((err == winerr || !winerr) && !wanting)) {
ksnprintf(buf, size, "%s/%d/%s", sym, err, msg);
} else {
if ((n = FormatMessage(
if ((n = __imp_FormatMessageW(
kNtFormatMessageFromSystem | kNtFormatMessageIgnoreInserts, 0,
winerr, MAKELANGID(kNtLangNeutral, kNtSublangDefault), winmsg,
ARRAYLEN(winmsg), 0))) {

2
libc/intrin/strsignal_r.c
View file

@ -36,7 +36,7 @@
* @asyncsignalsafe
* @threadsafe
*/
char *strsignal_r(int sig, char buf[hasatleast 15]) {
privileged char *strsignal_r(int sig, char buf[hasatleast 15]) {
int i;
char *p;
const char *s;

1
libc/intrin/winerr.greg.c
View file

@ -35,7 +35,6 @@ privileged int64_t __winerr(void) {
errno_t e;
if (IsWindows()) {
e = __dos2errno(__imp_GetLastError());
_npassert(e > 0);
} else {
e = ENOSYS;
}