mirror of
https://github.com/jart/cosmopolitan.git
synced 2025-10-16 14:46:11 +00:00
ae5d06dc53
- 10.5% reduction of o//depend dependency graph
- 8.8% reduction in latency of make command
- Fix issue with temporary file cleanup
There's a new -w option in compile.com that turns off the recent
Landlock output path workaround for "good commands" which do not
unlink() the output file like GNU tooling does.
Our new GNU Make unveil sandboxing appears to have zero overhead
in the grand scheme of things. Full builds are pretty fast since
the only thing that's actually slowed us down is probably libcxx
make -j16 MODE=rel
RL: took 85,732,063µs wall time
RL: ballooned to 323,612kb in size
RL: needed 828,560,521µs cpu (11% kernel)
RL: caused 39,080,670 page faults (99% memcpy)
RL: 350,073 context switches (72% consensual)
RL: performed 0 reads and 11,494,960 write i/o operations
pledge() and unveil() no longer consider ENOSYS to be an error.
These functions have also been added to Python's cosmo module.
This change also removes some WIN32 APIs and System Five magnums
which we're not using and it's doubtful anyone else would be too
215 lines
8 KiB
C
215 lines
8 KiB
C
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
|
|
│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│
|
|
╞══════════════════════════════════════════════════════════════════════════════╡
|
|
│ Copyright 2021 Justine Alexandra Roberts Tunney │
|
|
│ │
|
|
│ Permission to use, copy, modify, and/or distribute this software for │
|
|
│ any purpose with or without fee is hereby granted, provided that the │
|
|
│ above copyright notice and this permission notice appear in all copies. │
|
|
│ │
|
|
│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │
|
|
│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │
|
|
│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │
|
|
│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │
|
|
│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │
|
|
│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │
|
|
│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │
|
|
│ PERFORMANCE OF THIS SOFTWARE. │
|
|
╚─────────────────────────────────────────────────────────────────────────────*/
|
|
#include "libc/calls/calls.h"
|
|
#include "libc/calls/struct/sigaction.h"
|
|
#include "libc/dce.h"
|
|
#include "libc/errno.h"
|
|
#include "libc/fmt/fmt.h"
|
|
#include "libc/intrin/kprintf.h"
|
|
#include "libc/log/log.h"
|
|
#include "libc/mem/mem.h"
|
|
#include "libc/runtime/gc.internal.h"
|
|
#include "libc/runtime/runtime.h"
|
|
#include "libc/stdio/stdio.h"
|
|
#include "libc/str/str.h"
|
|
#include "libc/sysv/consts/map.h"
|
|
#include "libc/sysv/consts/o.h"
|
|
#include "libc/sysv/consts/prot.h"
|
|
#include "libc/sysv/consts/sa.h"
|
|
#include "libc/testlib/testlib.h"
|
|
#include "libc/x/x.h"
|
|
#include "third_party/xed/x86.h"
|
|
|
|
volatile bool gotsegv;
|
|
volatile bool gotbusted;
|
|
struct sigaction old[2];
|
|
char testlib_enable_tmp_setup_teardown;
|
|
|
|
void SkipOverFaultingInstruction(struct ucontext *ctx) {
|
|
struct XedDecodedInst xedd;
|
|
xed_decoded_inst_zero_set_mode(&xedd, XED_MACHINE_MODE_LONG_64);
|
|
xed_instruction_length_decode(&xedd, (void *)ctx->uc_mcontext.rip, 15);
|
|
ctx->uc_mcontext.rip += xedd.length;
|
|
}
|
|
|
|
void OnSigSegv(int sig, struct siginfo *si, struct ucontext *ctx) {
|
|
gotsegv = true;
|
|
SkipOverFaultingInstruction(ctx);
|
|
}
|
|
|
|
void OnSigBus(int sig, struct siginfo *si, struct ucontext *ctx) {
|
|
gotbusted = true;
|
|
SkipOverFaultingInstruction(ctx);
|
|
#if 0
|
|
kprintf("SIGBUS%n");
|
|
kprintf("si->si_signo = %G%n", si->si_signo);
|
|
kprintf("si->si_errno = %s (%d)%n", strerrno(si->si_errno),
|
|
si->si_errno);
|
|
kprintf("si->si_code = %s (%d)%n", GetSiCodeName(sig, si->si_code),
|
|
si->si_code);
|
|
kprintf("┌si->si_addr = %p%n", si->si_addr);
|
|
kprintf("┼─────────────────%n");
|
|
kprintf("│si->si_pid = %d (note: getpid() is %d)%n", si->si_pid, getpid());
|
|
kprintf("│si->si_uid = %d%n", si->si_uid);
|
|
kprintf("┼─────────────────%n");
|
|
kprintf("│si->si_timerid = %d%n", si->si_timerid);
|
|
kprintf("└si->si_overrun = %d%n", si->si_overrun);
|
|
kprintf("si->si_value.sival_int = %d%n", si->si_value.sival_int);
|
|
kprintf("si->si_value.sival_ptr = %p%n", si->si_value.sival_ptr);
|
|
system(xasprintf("cat /proc/%d/map", getpid()));
|
|
#endif
|
|
}
|
|
|
|
void SetUp(void) {
|
|
struct sigaction sabus = {.sa_sigaction = OnSigBus,
|
|
.sa_flags = SA_SIGINFO | SA_RESETHAND};
|
|
struct sigaction sasegv = {.sa_sigaction = OnSigSegv,
|
|
.sa_flags = SA_SIGINFO | SA_RESETHAND};
|
|
sigaction(SIGBUS, &sabus, old + 0);
|
|
sigaction(SIGSEGV, &sasegv, old + 1);
|
|
gotbusted = false;
|
|
gotsegv = false;
|
|
}
|
|
|
|
void TearDown(void) {
|
|
sigaction(SIGBUS, old + 0, 0);
|
|
sigaction(SIGSEGV, old + 1, 0);
|
|
}
|
|
|
|
TEST(mprotect, testOkMemory) {
|
|
char *p = gc(memalign(PAGESIZE, PAGESIZE));
|
|
p[0] = 0;
|
|
ASSERT_NE(-1, mprotect(p, PAGESIZE, PROT_READ | PROT_WRITE));
|
|
p[0] = 1;
|
|
EXPECT_EQ(1, p[0]);
|
|
EXPECT_FALSE(gotsegv);
|
|
EXPECT_FALSE(gotbusted);
|
|
}
|
|
|
|
TEST(mprotect, testSegfault_writeToReadOnlyAnonymous) {
|
|
volatile char *p;
|
|
p = gc(memalign(PAGESIZE, PAGESIZE));
|
|
EXPECT_FALSE(gotsegv);
|
|
p[0] = 1;
|
|
EXPECT_FALSE(gotsegv);
|
|
EXPECT_FALSE(gotbusted);
|
|
EXPECT_NE(-1, mprotect(p, PAGESIZE, PROT_READ));
|
|
missingno(p[0]);
|
|
EXPECT_FALSE(gotsegv);
|
|
EXPECT_FALSE(gotbusted);
|
|
p[0] = 2;
|
|
EXPECT_TRUE(gotsegv | gotbusted);
|
|
EXPECT_EQ(1, p[0]);
|
|
EXPECT_NE(-1, mprotect(p, PAGESIZE, PROT_READ | PROT_WRITE));
|
|
}
|
|
|
|
TEST(mprotect, testExecOnly_canExecute) {
|
|
char *p = _mapanon(FRAMESIZE);
|
|
void (*f)(void) = (void *)p;
|
|
p[0] = 0xC3; // RET
|
|
ASSERT_SYS(0, 0, mprotect(p, FRAMESIZE, PROT_EXEC | PROT_READ));
|
|
f();
|
|
// On all supported platforms, PROT_EXEC implies PROT_READ. There is
|
|
// one exception to this rule: Chromebook's fork of the Linux kernel
|
|
// which has been reported, to have the ability to prevent a program
|
|
// from reading its own code.
|
|
ASSERT_SYS(0, 0, mprotect(p, FRAMESIZE, PROT_EXEC));
|
|
f();
|
|
munmap(p, FRAMESIZE);
|
|
}
|
|
|
|
TEST(mprotect, testProtNone_cantEvenRead) {
|
|
volatile char *p;
|
|
p = gc(memalign(PAGESIZE, PAGESIZE));
|
|
EXPECT_NE(-1, mprotect(p, PAGESIZE, PROT_NONE));
|
|
missingno(p[0]);
|
|
EXPECT_TRUE(gotsegv | gotbusted);
|
|
EXPECT_NE(-1, mprotect(p, PAGESIZE, PROT_READ | PROT_WRITE));
|
|
}
|
|
|
|
static const char kRet31337[] = {
|
|
0xb8, 0x69, 0x7a, 0x00, 0x00, // mov $31337,%eax
|
|
0xc3, // ret
|
|
};
|
|
|
|
TEST(mprotect, testExecJit_actuallyWorks) {
|
|
int (*p)(void) = gc(memalign(PAGESIZE, PAGESIZE));
|
|
memcpy(p, kRet31337, sizeof(kRet31337));
|
|
EXPECT_NE(-1, mprotect(p, PAGESIZE, PROT_EXEC));
|
|
EXPECT_EQ(31337, p());
|
|
EXPECT_FALSE(gotsegv);
|
|
EXPECT_FALSE(gotbusted);
|
|
EXPECT_NE(-1, mprotect(p, PAGESIZE, PROT_READ | PROT_WRITE));
|
|
}
|
|
|
|
TEST(mprotect, testRwxMap_vonNeumannRules) {
|
|
if (IsOpenbsd()) return; // boo
|
|
int (*p)(void) = gc(memalign(PAGESIZE, PAGESIZE));
|
|
memcpy(p, kRet31337, sizeof(kRet31337));
|
|
EXPECT_NE(-1, mprotect(p, PAGESIZE, PROT_READ | PROT_WRITE | PROT_EXEC));
|
|
EXPECT_EQ(31337, p());
|
|
EXPECT_FALSE(gotsegv);
|
|
EXPECT_FALSE(gotbusted);
|
|
EXPECT_NE(-1, mprotect(p, PAGESIZE, PROT_READ | PROT_WRITE));
|
|
}
|
|
|
|
TEST(mprotect, testExecuteFlatFileMapOpenedAsReadonly) {
|
|
int (*p)(void);
|
|
size_t n = sizeof(kRet31337);
|
|
ASSERT_SYS(0, 3, creat("return31337", 0755));
|
|
ASSERT_SYS(0, n, write(3, kRet31337, n));
|
|
ASSERT_SYS(0, 0, close(3));
|
|
ASSERT_SYS(0, 3, open("return31337", O_RDONLY));
|
|
EXPECT_NE(MAP_FAILED,
|
|
(p = mmap(NULL, n, PROT_READ | PROT_EXEC, MAP_PRIVATE, 3, 0)));
|
|
EXPECT_EQ(31337, p());
|
|
EXPECT_FALSE(gotsegv);
|
|
EXPECT_FALSE(gotbusted);
|
|
ASSERT_SYS(0, 0, close(3));
|
|
ASSERT_SYS(0, 0, munmap(p, n));
|
|
}
|
|
|
|
TEST(mprotect, testFileMap_canChangeToExecWhileOpenInRdwrMode) {
|
|
int (*p)(void);
|
|
size_t n = sizeof(kRet31337);
|
|
ASSERT_SYS(0, 3, open("return31337", O_CREAT | O_TRUNC | O_RDWR, 0755));
|
|
ASSERT_SYS(0, n, write(3, kRet31337, n));
|
|
EXPECT_NE(MAP_FAILED,
|
|
(p = mmap(NULL, n, PROT_READ | PROT_WRITE, MAP_PRIVATE, 3, 0)));
|
|
EXPECT_NE(-1, mprotect(p, n, PROT_READ | PROT_EXEC));
|
|
EXPECT_EQ(31337, p());
|
|
EXPECT_FALSE(gotsegv);
|
|
EXPECT_FALSE(gotbusted);
|
|
ASSERT_SYS(0, 0, close(3));
|
|
ASSERT_SYS(0, 0, munmap(p, n));
|
|
}
|
|
|
|
TEST(mprotect, testBadProt_failsEinval) {
|
|
volatile char *p = gc(memalign(PAGESIZE, PAGESIZE));
|
|
EXPECT_EQ(-1, mprotect(p, 9999, -1));
|
|
EXPECT_EQ(EINVAL, errno);
|
|
}
|
|
|
|
TEST(mprotect, testZeroSize_doesNothing) {
|
|
volatile char *p = gc(memalign(PAGESIZE, PAGESIZE));
|
|
EXPECT_NE(-1, mprotect(p, 0, PROT_READ));
|
|
p[0] = 1;
|
|
EXPECT_FALSE(gotsegv);
|
|
EXPECT_FALSE(gotbusted);
|
|
}
|