/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ │vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ ╞══════════════════════════════════════════════════════════════════════════════╡ │ Copyright 2020 Justine Alexandra Roberts Tunney │ │ │ │ Permission to use, copy, modify, and/or distribute this software for │ │ any purpose with or without fee is hereby granted, provided that the │ │ above copyright notice and this permission notice appear in all copies. │ │ │ │ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ │ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ │ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ │ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ │ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ │ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ │ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ │ PERFORMANCE OF THIS SOFTWARE. │ ╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/calls/calls.h" #include "libc/calls/internal.h" #include "libc/calls/ntspawn.h" #include "libc/calls/struct/sigaction.internal.h" #include "libc/calls/syscall-nt.internal.h" #include "libc/dce.h" #include "libc/fmt/itoa.h" #include "libc/intrin/atomic.h" #include "libc/intrin/dll.h" #include "libc/intrin/strace.internal.h" #include "libc/intrin/weaken.h" #include "libc/limits.h" #include "libc/macros.internal.h" #include "libc/mem/alloca.h" #include "libc/nt/accounting.h" #include "libc/nt/console.h" #include "libc/nt/enum/startf.h" #include "libc/nt/enum/status.h" #include "libc/nt/enum/threadaccess.h" #include "libc/nt/enum/wait.h" #include "libc/nt/errors.h" #include "libc/nt/memory.h" #include "libc/nt/process.h" #include "libc/nt/runtime.h" #include "libc/nt/struct/processinformation.h" #include "libc/nt/struct/startupinfo.h" #include "libc/nt/synchronization.h" #include "libc/nt/thread.h" #include "libc/nt/thunk/msabi.h" #include "libc/runtime/internal.h" #include "libc/runtime/memtrack.internal.h" #include "libc/runtime/runtime.h" #include "libc/runtime/stack.h" #include "libc/sock/sock.h" #include "libc/str/str.h" #include "libc/sysv/consts/at.h" #include "libc/sysv/consts/map.h" #include "libc/sysv/consts/o.h" #include "libc/sysv/consts/ok.h" #include "libc/sysv/consts/sig.h" #include "libc/sysv/errfuns.h" #include "libc/thread/posixthread.internal.h" #include "libc/thread/thread.h" #define keywords textwindows dontasan dontubsan dontinstrument // clang-format off __msabi extern typeof(CloseHandle) *const __imp_CloseHandle; __msabi extern typeof(ExitProcess) *const __imp_ExitProcess; __msabi extern typeof(GenerateConsoleCtrlEvent) *const __imp_GenerateConsoleCtrlEvent; __msabi extern typeof(GetCurrentThreadId) *const __imp_GetCurrentThreadId; __msabi extern typeof(GetExitCodeProcess) *const __imp_GetExitCodeProcess; __msabi extern typeof(GetLastError) *const __imp_GetLastError; __msabi extern typeof(OpenThread) *const __imp_OpenThread; __msabi extern typeof(SetConsoleCtrlHandler) *const __imp_SetConsoleCtrlHandler; __msabi extern typeof(TerminateThread) *const __imp_TerminateThread; __msabi extern typeof(UnmapViewOfFile) *const __imp_UnmapViewOfFile; __msabi extern typeof(WaitForSingleObject) *const __imp_WaitForSingleObject; // clang-format on extern long __klog_handle; static void sys_execve_nt_relay(intptr_t, long, long, long); wontreturn void __switch_stacks(intptr_t, long, long, long, void (*)(intptr_t, intptr_t, long, long), intptr_t); static keywords void PurgeHandle(intptr_t h) { if (!h) return; if (h == -1) return; __imp_CloseHandle(h); } static keywords void PurgeThread(intptr_t h) { if (h && h != -1) { __imp_TerminateThread(h, SIGKILL); __imp_CloseHandle(h); } } static keywords void sys_execve_killer(void) { struct Dll *e; pthread_spin_lock(&_pthread_lock); for (e = dll_first(_pthread_list); e; e = dll_next(_pthread_list, e)) { enum PosixThreadStatus status; struct PosixThread *pt = POSIXTHREAD_CONTAINER(e); int tid = atomic_load_explicit(&pt->tib->tib_tid, memory_order_acquire); if (tid <= 0 || tid == __imp_GetCurrentThreadId()) continue; status = atomic_load_explicit(&pt->status, memory_order_acquire); if (status >= kPosixThreadTerminated) continue; int64_t hand; if ((hand = __imp_OpenThread(kNtThreadTerminate, false, tid))) { __imp_TerminateThread(hand, SIGKILL); __imp_CloseHandle(hand); } } pthread_spin_unlock(&_pthread_lock); } keywords int sys_execve_nt(const char *program, char *const argv[], char *const envp[]) { size_t i; // validate api usage if (strlen(program) + 4 < PATH_MAX) { char progbuf[PATH_MAX]; char *end = stpcpy(progbuf, program); char suffixes[][5] = {"", ".com", ".exe"}; for (i = 0; i < ARRAYLEN(suffixes); ++i) { stpcpy(end, suffixes[i]); if (sys_faccessat_nt(AT_FDCWD, progbuf, X_OK, 0) != -1) { break; } else if (__imp_GetLastError() == kNtErrorSharingViolation) { return etxtbsy(); // TODO(jart): does this work } else { return eacces(); } } } else { return enametoolong(); } // // POINT OF NO RETURN // // // NO! MNO! // MNO!! [NBK] MNNOO! // MMNO! MNNOO!! // MNOONNOO! MMMMMMMMMMPPPOII! MNNO!!!! // !O! NNO! MMMMMMMMMMMMMPPPOOOII!! NO! // ! MMMMMMMMMMMMMPPPPOOOOIII! ! // MMMMMMMMMMMMPPPPPOOOOOOII!! // MMMMMOOOOOOPPPPPPPPOOOOMII! // MMMMM.. OPPMMP .,OMI! // MMMM:: o.,OPMP,.o ::I!! // NNM:::.,,OOPM!P,.::::!! // MMNNNNNOOOOPMO!!IIPPO!!O! // MMMMMNNNNOO:!!:!!IPPPPOO! // MMMMMNNOOMMNNIIIPPPOO!! // MMMONNMMNNNIIIOO! // MN MOMMMNNNIIIIIO! OO // MNO! IiiiiiiiiiiiI OOOO // NNN.MNO! O!!!!!!!!!O OONO NO! // MNNNNNO! OOOOOOOOOOO MMNNON! // MNNNNO! PPPPPPPPP MMNON! // OO! ON! // // // kill siblings sys_execve_killer(); PurgeThread(*_weaken(__sigchld_thread)); PurgeThread(*_weaken(__sigwinch_thread)); // close win32 handles for memory mappings // unlike fork calling execve destroys all memory // closing a map handle won't impact the mapping itself for (i = 0; i < _mmi.i; ++i) { PurgeHandle(_mmi.p[i].h); } // close o_cloexec fds and anything that isn't stdio for (i = 0; i < g_fds.n; ++i) { if (g_fds.p[i].kind == kFdEmpty) { g_fds.p[i].handle = -1; } else if (i > 2 || (g_fds.p[i].flags & O_CLOEXEC)) { PurgeHandle(g_fds.p[i].handle); g_fds.p[i].handle = -1; } } // pass bitmask telling child which fds are sockets int bits; char buf[32], *v = 0; if (_weaken(socket)) { for (bits = i = 0; i < 3; ++i) { if (g_fds.p[i].kind == kFdSocket) { bits |= 1 << i; } } FormatInt32(stpcpy(buf, "__STDIO_SOCKETS="), bits); v = buf; } // define stdio handles for the spawned subprocess struct NtStartupInfo si = { .cb = sizeof(struct NtStartupInfo), .dwFlags = kNtStartfUsestdhandles, .hStdInput = g_fds.p[0].handle, .hStdOutput = g_fds.p[1].handle, .hStdError = g_fds.p[2].handle, }; // launch the process struct NtProcessInformation pi; int rc = ntspawn(program, argv, envp, v, 0, 0, true, 0, 0, &si, &pi); if (rc == -1) { STRACE("panic: unrecoverable ntspawn(%#s) error: %m", program); if (__imp_GetLastError() == kNtErrorSharingViolation) { __imp_ExitProcess(SIGVTALRM); // is ETXTBSY } else { __imp_ExitProcess(127 << 8); } } PurgeHandle(pi.hThread); // retreat to original win32-provided stack memory __switch_stacks(pi.hProcess, 0, 0, 0, sys_execve_nt_relay, __oldstack); } // child is in same process group so wait for it to get killed by this __msabi static keywords bool32 sys_execve_nt_event(uint32_t dwCtrlType) { return true; // tell win32 we handled signal } // this function runs on the original tiny stack that windows gave us // we need to keep the original process alive simply to pass an int32 // so we unmap all memory to avoid getting a double whammy after fork static keywords void sys_execve_nt_relay(intptr_t h, long b, long c, long d) { uint32_t i, dwExitCode; // close more handles __imp_SetConsoleCtrlHandler((void *)sys_execve_nt_event, 1); PurgeThread(g_fds.stdin.thread); // wasn't inherited by ntspawn PurgeHandle(g_fds.stdin.reader); // wasn't inherited by ntspawn PurgeHandle(g_fds.stdin.writer); // wasn't inherited by ntspawn PurgeHandle(g_fds.p[0].handle); // was inherited via startinfo PurgeHandle(g_fds.p[1].handle); // was inherited via startinfo PurgeHandle(g_fds.p[2].handle); // was inherited via startinfo if (_weaken(__klog_handle)) { PurgeHandle(*_weaken(__klog_handle)); // wasn't inherited by ntspawn } // free all the memory mmap created for (i = 0; i < _mmi.i; ++i) { __imp_UnmapViewOfFile((void *)((uintptr_t)_mmi.p[i].x << 16)); } // wait for process to terminate // // WaitForSingleObject can return kNtWaitAbandoned which MSDN // describes as a "sort of" successful status which indicates // someone else didn't free a mutex and you should check that // persistent resources haven't been left corrupted. not sure // what those resources would be for process objects, however // this status has actually been observed when waiting on 'em do { if (__imp_WaitForSingleObject(h, -1) == kNtWaitFailed) { notpossible; } if (!__imp_GetExitCodeProcess(h, &dwExitCode)) { notpossible; } } while (dwExitCode == kNtStillActive); // propagate child exit status to parent __imp_ExitProcess(dwExitCode); __builtin_unreachable(); }