Home | History | Annotate | Download | only in librumphijack
History log of /src/lib/librumphijack/hijack.c
RevisionDateAuthorComments
 1.141  12-Nov-2024  kre dup2() must (except when there's an error) return the new fd. Not 0
unless that happens to be the new fd.

Fixes tests/lib/librumphijack/t_sh/redirect
 1.140  16-Aug-2024  ozaki-r librumphijack: support flock

The original author is k-goda@IIJ.
 1.139  01-Aug-2023  mrg fix simple mis-matched function prototype and definitions.

most of these are like, eg

void foo(int[2]);

with either of these

void foo(int*) { ... }
void foo(int[]) { ... }

in some cases (such as stat or utimes* calls found in our header files),
we now match standard definition from opengroup.

found by GCC 12.
 1.138  31-Jul-2023  rin librump*: Require 10.99.7 or higher for __kevent100
 1.137  28-Jul-2023  christos Add epoll(2) from Theodore Preduta as part of GSoC 2023
 1.136  16-Apr-2022  andvar branches: 1.136.2;
fix various typos in comments and log messages.
 1.135  11-Sep-2021  christos remove fake closefrom()
 1.134  11-Sep-2021  rillig librumphijack: fix typo for NetBSD < 5.99.7
 1.133  10-Sep-2021  christos Ignore closefrom(3) for now; too complicated to descern between regular
and rump fds.
 1.132  10-Sep-2021  christos - implement pselect so that the ssh test has a chance to work
- 1 -> EXIT_FAILURE
- more info about fds
 1.131  27-May-2020  christos Add pathconf and lpathconf (fixes lib/librumphijack/nfs test which uses ls
which now uses lpathconf)
 1.130  10-Feb-2020  kamil Change types of DUP2ALIAS and DUP2FDMASK bit masks to unsigned

This is for consistency with the DUP2BIT change.
 1.129  10-Feb-2020  kamil Avoid unportable bit shift semantics

hijack.c:451:52, left shift of 1 by 31 places cannot be represented in type 'int
 1.128  25-Sep-2019  christos teach hijack about the new vfs syscalls
 1.127  17-Feb-2019  bad Linux doesn't have paccept().
 1.126  16-Dec-2018  hannken Add an option "modctl" to capture modctl().
 1.125  28-Jun-2018  ozaki-r branches: 1.125.2;
rumphijack: don't modify a cmsg on just validating it

Pointed out by k-goda@IIJ
 1.124  23-Oct-2017  ozaki-r branches: 1.124.2;
Provide better debug messages for ioctl
 1.123  06-Jun-2017  christos since ln(1) now uses linkat(2) provide a dumb wrapper.
 1.122  16-Feb-2017  ozaki-r branches: 1.122.4;
Support paccept for nc
 1.121  02-Dec-2016  christos branches: 1.121.2;
fix test lib/librumphijack/t_sh/runscript
(handle F_DUPFD_CLOEXEC that the shell is now using)
 1.120  11-Aug-2016  kre Object to dup2() if target fd is in the range of fd's that
librumphijack reserves for rump to use.

This is not normally a problem, as most applications don't attempt
to use very high fds - but /bin/sh does.

This fix is something of a kludge - really the apparent fd resource limit
ought to be lowered as well, but this is sufficient to allow the shell
to work (when its dup2() gets rejected, it just tries again with a smaller
target fd until it eventually succeeds.) This fixes the librumphijack
shell ATF tests.

A better, more comprehensive, fix would be good...
 1.119  25-Aug-2015  pooka branches: 1.119.2;
Remember that dlsym() tends to fail on PowerPC during init (or at least
tended), so call rumphijack_dlsym() instead to be safe.
 1.118  25-Aug-2015  pooka allow mmap() to be called before init runs
 1.117  11-Apr-2015  riastradh Define the expansion of the VFORK macro, not the symbol `VFORK'.

Fixes hijacking processes that vfork and exec. Symptom was the child
would spin with read/EAGAIN <-> kevent/EBADF because the inheritance
mechanism relied on setting the holyfd to -1 on fork...which didn't
happen if we didn't hijack vfork.

ok pooka@
 1.116  05-Mar-2015  pooka Wrap utimensat() only if present on host

fixes buildrump.sh on NetBSD 6.1.5
 1.115  04-Mar-2015  pooka Make ATCALL() behave for absolute paths too.
 1.114  04-Mar-2015  pooka Define a generic ATCALL() and use it to implement utimensat()
 1.113  03-Mar-2015  enami Also hijack futimens(2) so that t_sh test passes.
 1.112  03-Mar-2015  enami Hijack utimensat(2) so that t_vfs test passes after cp(1)/mv(1) are
changed to use the system call. Linux also has this system call, but
not tested this on linux.
 1.111  04-Nov-2014  pooka Use autoconf for rump kernel posix hypercall layer.

This gets rid of homegrown hacks and puts all probes in one place.

Tested for NetBSD (build.sh + anita) and Linux (buildrump.sh)
 1.110  12-Aug-2014  pooka In case of no dup2'd fd's, make sure that F_CLOSEM for the
rump kernel starts from 0.

Fixes rumphijack fdoff test (notably, this bug had nothing to do with
fdoff, and was exposed >3 years after writing the test when rump kernels
started providing fd's 0/1/2)
 1.109  21-Jul-2014  gson branches: 1.109.2;
Ignore the contents of revents when poll() returns failure.
This is one more part to the fix for PR kern/46464. Patch
from pooka.
 1.108  19-Jul-2014  gson Do not assert that the two threads do not simultanously notify each
other, because sometimes they do. Should fix PR kern/46464. OK pooka.
 1.107  02-Apr-2014  justin branches: 1.107.2;
Add Android support for rump kernel.

Reviewed by pooka@
 1.106  10-Sep-2013  pooka use <rump/rumpuser_port.h>
 1.105  31-Jul-2013  pooka remove unnecessary <sys/poll.h> -- musl whines when it's included
 1.104  27-Jul-2013  pooka Extend #undef _FORTIFY_SOURCE to both files to avoid compiler
warning for -O0 and fortify combination.

from Alessio Sergi via github
 1.103  22-Jul-2013  pooka Support Linuxen where libc ioctl has cmd as int unstead of unsigned long.
 1.102  20-Jul-2013  pooka Fixes when compiling against musl libc.

from Justin Cormack via private email
 1.101  18-Jul-2013  pooka sys/cdefs.h should come from rumpuser_port.h

Noticed by Justin Cormack while building against musl libc.
 1.100  16-Oct-2012  pooka branches: 1.100.2;
* avoid problems if the platform calls readlink() from dlsym()
* alias __read_chk() to read() on Linux (technically, though,
it should call host __read_chk() instead of read())
 1.99  12-Sep-2012  martin When emulating poll/select better tell the events of the host kernel
apart from those received from the rump kernel. Also handle timeout.
Patch from pooka.
 1.98  03-Sep-2012  pooka branches: 1.98.2;
one more patch for supporting linux-based networking clients
 1.97  03-Sep-2012  pooka More fixes for Linux (or glibc, really).
 1.96  25-Aug-2012  pooka Make librumphijack compile and work on Linux. Do not try to hijack
calls which are not supported on Linux and therefore cannot be
handled by the rump kernel side syscall emulation (not that they'd
be present in the calling binaries anyway).
 1.95  04-Aug-2012  riastradh Implement link(2) in rumphijack. Add a couple trivial test cases.
 1.94  29-Jun-2012  yamt implement descriptor passing.
 1.93  25-Jun-2012  abs Update old-style definitions to ANSI, remove a couple of register
definitions along the way. Fixed gcc 4.1 build (thank you vax)
 1.92  18-Apr-2012  martin poll(), pollts() and select() all return int values, but in the hijack
emulation of them these get passed as exit values from a pthread as
a void* (c.f. pthread_join(), pthread_exit()).
Do not use the address of an int variable for these, but provide the address
of a void* and assign the value afterwards.
Fixes hijacking of pollts/select on 64bit big endian hosts.
Spotted by and fix from pooka.
 1.91  01-Feb-2012  dholland branches: 1.91.2;
Change the syscall API for quotas over to the new non-proplib one.

- struct vfs_quotactl_args -> struct quotactl_args
- add sys/stdint.h to sys/quotactl.h for clean userland build
- install sys/quotactl.h in /usr/include
- update set lists for same
- add new marshalling code in libquota
- add new unmarshalling code in vfs_syscalls.c
- discard proplib interpreter code in vfs_quotactl.c
- add dispatching code for the 14 quotactl ops in vfs_quotactl.c
- mark the proplib quotactl syscall obsolete
- add a new syscall number for the new quotactl syscall
- change the name of the syscall to __quotactl()
- remove the decl of the old quotactl from quota/quotaprop.h
- add a decl of the new quotactl to sys/quotactl.h
- update the libc build
- update ktruss
- remove proplib marshalling code from libquota
- update copy of syscall table in gdb ppc sources
- hack rumphijack to accomodate new quotactl name (as I recall,
pooka wanted such a name change to simplify something, but I
don't really see what/how)

This change appears to require a kernel version bump for rumpish
reasons.
 1.90  21-Apr-2011  joerg branches: 1.90.4;
Disable Fortification for pthread and rump stubs.
 1.89  21-Apr-2011  martin Backout previous, it breaks lots of tests (tests/lib/librumphijack for
example).
 1.88  13-Apr-2011  he Move the forward declaration of _sys_readlink() outside of the #if,
so that the build succeeds even if _FORTIFY_SOURCE isn't > 0.
 1.87  12-Apr-2011  christos Fix SSP builds (Vladimir Kirillov)
 1.86  14-Mar-2011  pooka fdoff is descriptive enough
 1.85  14-Mar-2011  pooka Make fdoffset configurable. Also, enforce that host descriptors
are smaller than the offset.
 1.84  10-Mar-2011  pooka Use rumphijack_dlsym() to figure out where __sysctl() is during
init. Otherwise powerpc dlsym() DTWT and returns NULL.
(now i have no idea why dlsym() it works from rcinit(), but i'll
opt to not care)

Hah, only took 15min to debug that crap this time around. I'm
quickly approaching zero-time with it.
 1.83  10-Mar-2011  pooka Revert 1.81 and do it in a saner way with an ifdef. Later, when
the naming crisis is resolved, we can probably support rump kernel
quotas from nb5 also.
 1.82  09-Mar-2011  pooka Make getfh() a pathcall instead of a fhcall. while it does pertain
to file handles, it still gets passed a path and we can DTRT based
on that.
 1.81  09-Mar-2011  pooka Make this compile/work on NetBSD 5 once again.
 1.80  09-Mar-2011  bouyer Add quotactl(2)
 1.79  09-Mar-2011  bouyer Fix last entries, make it work again.
 1.78  09-Mar-2011  pooka Add a bunch of process-wide hijack calls. Among other things, it's
now possible to use unmodified userspace binaries (rpcbind, mountd,
nfsd) to start a rump nfs service and mount file systems from it.

pain-rustique:42:~> mount
rumpfs on / type rumpfs (local)
10.1.1.1:/export on /mnt type nfs
 1.77  09-Mar-2011  pooka g/c unused global
 1.76  08-Mar-2011  pooka Enforce that the path=/rump specifier specifies and actual path
prefix and doesn't accept e.g. /rumpdev (only /rump/dev).
 1.75  08-Mar-2011  pooka Add ``blanket''. It acts like path, except that the prefix does
_not_ get removed if the call goes to the rump namespace.

So, now it's possible to use e.g. tcpdump (and most other utilities
which hardcore a /dev pathname) on a rump kernel:

golem> setenv RUMPHIJACK blanket=/dev/bpf
golem> tcpdump -n -i virt0
tcpdump: WARNING: SIOCGIFADDR: virt0: Device not configured
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on virt0, link-type EN10MB (Ethernet), capture size 96 bytes
21:55:38.925596 IP 192.168.2.101 > 204.152.190.12: ICMP echo request, id 47811, seq 0, length 64
21:55:39.095596 IP 204.152.190.12 > 192.168.2.101: ICMP echo reply, id 47811, seq 0, length 64

(if you additionally set socket=all in RUMPHIJACK, tcpdump doesn't
whine about the "not configured" interface)
 1.74  01-Mar-2011  pooka another comment
 1.73  01-Mar-2011  pooka comment
 1.72  28-Feb-2011  pooka make compiler sign-happy
 1.71  28-Feb-2011  pooka A simple dup2-enforced affine transformation isn't enough when
dealing with dup2() from a rump kernel fd to a host kernel fd.
Consider:

s1 = socket();
s2 = socket();
dup2(s2, 0);

Instead, maintain a real mapping table (and get on my knees and
pray i don't have to touch this hair-splitting code ever again).

Apparently bourne shell scripts from a rump kernel fs work now
(sh script.sh; ./script.sh doesn't work for obvious "IT'S THE WRONG
FS NAMESPACE" reasons). No test regressions either, so I'm a
happy camper.
 1.70  27-Feb-2011  pooka make error messages sensible. from uwe
 1.69  25-Feb-2011  pooka whoops, didn't mean to delete futimes in previous. also from riz
 1.68  25-Feb-2011  pooka support mknod. from riz
 1.67  24-Feb-2011  pooka Make the rumphijack dlsym trampoline call from rumpclient a "real"
function call instead of a call through a function pointer.
Apparently powerpc ld.elf_so gets __hackish_return_address() wrong
if the call is done through a function pointer (digging deeper into
that stuff is beyond my interest).

Thanks to riz for providing access to a macppc for debugging.
Unthanks to the broken toolchain in the default installation which
wasted approximately 4 hours of time last night.
 1.66  23-Feb-2011  pooka Return value audit: properly set errno and return -1.
Fixes at least cross-kernel mv(1).
 1.65  23-Feb-2011  pooka +access(2)
 1.64  23-Feb-2011  pooka Put the dlsym-from-this-object trampoline into a separate source
module which is compiled -fno-optimize-sibling-calls instead of
trying to fool the optimizer in various ways in the trampoline.

thanks to yamt for the tip
 1.63  21-Feb-2011  pooka If minfd for F_DUPFD is >= hijackoff, assume it means a minimum
value in the rump kernel and adjust accordingly.
 1.62  21-Feb-2011  pooka disallow mmap(MAP_FILE) from a rump kernel fd
 1.61  21-Feb-2011  pooka Actually, we need both lseek and _lseek so that out-of-libc references
go to the right place instead of directly to __lseek. Seeking in
mplayer works now.
 1.60  21-Feb-2011  pooka hijack:
1) {,f,l}chflags (used e.g. by cp(1))
2) p{read,write}{,v} (used by many)
 1.59  20-Feb-2011  pooka fix tests/lib/librumphijack/t_asyncio:invafd -- dual poll on invalid fd
 1.58  19-Feb-2011  pooka fix symlink pathname examination (rationale-to-joerg: so that it works)
 1.57  19-Feb-2011  pooka hijack __getcwd()
 1.56  19-Feb-2011  pooka and now with less crazy whitespace
 1.55  19-Feb-2011  pooka support PF_OROUTE and PF_MPLS where available
 1.54  18-Feb-2011  pooka hijack libc-internal name for lseek so that libc-internal callers
go to the right kernel too.
 1.53  18-Feb-2011  pooka block cross-kernel rename in the other direction also
 1.52  18-Feb-2011  pooka fix rename
 1.51  18-Feb-2011  pooka uhm, put PF_LOCAL on the socketlist
 1.50  18-Feb-2011  pooka give the signmonkey a banana
 1.49  18-Feb-2011  pooka Use the env variable RUMPHIJACK to specify what facilities should
be hijacked. If it's not specified, the default is
"path=/rump,socket=all:nolocal".

So, if you're moof and want to relive your domain/os days (??),
you can do this:

pain-rustique:51:~> setenv RUMPHIJACK 'path=//'
pain-rustique:52:~> df //dev
Filesystem 1K-blocks Used Avail %Cap Mounted on
rumpfs 1 1 0 100% /
pain-rustique:53:~> df /dev
Filesystem 1K-blocks Used Avail %Cap Mounted on
/dev/wd0a 1019864 280640 688232 28% /
 1.48  17-Feb-2011  pooka Support mount/unmount too. So, things are now generally at a stage
where you can mount a file system with a userspace server *without*
it having to go through puffs.

Say, you first start a server with ffs capability and map a host
ffs image into it:

rump_server -lrumpvfs -lrumpfs_ffs \
-d key=/ffsimg,hostpath=ffs2.img,size=e unix:///tmp/ffsserv

Then, configure your shell to talk to the rump server:

setenv RUMP_SERVER unix:///tmp/ffsserv
setenv LD_PRELOAD /usr/lib/librumphijack.so

Create a mountpoint and mount the file system:

pain-rustique:60:~> sh
$ cd /rump
$ ls
dev
$ ls -l
total 1
drwxr-xr-x 2 root wheel 512 Feb 17 18:00 dev
$ mkdir mnt
$ mount_ffs /ffsimg /rump/mnt
mount_ffs: Warning: realpath /ffsimg: No such file or directory
$ df -h mnt
Filesystem Size Used Avail %Cap Mounted on
/ffsimg 496M 380M 91M 80% /mnt
$ du -sckh *
192K dev
380M mnt
381M total
$ umount -R mnt
$ df -h mnt
Filesystem Size Used Avail %Cap Mounted on
rumpfs 1.0K 1.0K 0B 100% /
$

(note, you need -R to umount due to various degrees of unsuccesful
magic it attempts to perform without it)
 1.47  17-Feb-2011  pooka In case dup2(n, n+FDOFF) is done, the caller thinks there are two
distinct file descriptors, but the rump kernel thinks they are both
the same. Now, if either one is closed by the application, "both"
will be closed in the rump kernel. To fix this, maintain an
alias-mask. It's not a perfect solution, though (consider e.g.
F_SETFL). Maybe we should actually dup the fd and maintain a
mapping table?

Also, prevent the host from opening file descriptors onto the places
in the fd namespace that have been dupped.

These together fix "cat < /rump/foo" in a hijacked /bin/sh.
(the first one makes sure stdin is open in cat and the second one
makes sure it doesn't try to cat something from /usr/share/locale
instead of stdin)
 1.46  17-Feb-2011  pooka fix signature. from pgoyette
 1.45  17-Feb-2011  pooka Hijack pathname-based system calls. Now all paths starting with
/rump are hijacked to go to the rump server. So you can e.g. start
a hijacked shell and cd to /rump:

$ cd /rump
$ pwd
/rump
$ ls -l dev/null
crwxr-xr-x 1 root wheel 2, 2 Feb 17 12:35 dev/null
$ ls -l /dev/null
crw-rw-rw- 1 root wheel 2, 2 Dec 22 2009 /dev/null
$ chmod 0 /dev/null
chmod: /dev/null: Operation not permitted
$ chmod 0 dev/null
$ ls -l /rump/dev/null
c--------- 1 root wheel 2, 2 Feb 17 12:35 /rump/dev/null

(of course the rump server must have vfs loaded for that to work)
 1.44  16-Feb-2011  pooka * set default server connection retry to 0 (no reconnection attempts).
while for some cases attempting retry after server restart works
brilliantly (e.g. firefox), in other cases it's quite disasterous
(sshd doesn't like its file descriptors going missing and does not
attempt to reopen them, leading to a quite catastophic loop of
EBADF once the server does come back)
* rename RUMPHIJACK_RETRY to the slightly more sensible
RUMPHIJACK_RETRYCONNECT
 1.43  16-Feb-2011  pooka Support vfork. Add rumpclient wrapper for daemon(3).
 1.42  16-Feb-2011  pooka Push the fiddly tasks for exec and fork from rumphijack to rumpclient.
This makes it possible easily execute those operations also from
non-hijacked rump clients (plus fixes one memory leak in an error
branch).
 1.41  15-Feb-2011  pooka dup() is now implemented using fcntl()
 1.40  15-Feb-2011  pooka Properly implement fcntl commands: F_DUPFD, F_CLOSEM, F_MAXFD
 1.39  14-Feb-2011  pooka A bunch of changes which essentially make sshd work with a hijacked
rump tcp/ip stack:

* sshd likes to fork and then re-exec itself
==> trap execve() and augment the env with the current parameters
essential to a rump kernel (kernel communication fd, information
about dup2'd file descriptors)

* sshd likes to play lots of games with pipes, socketpairs and dup{,2}()
==> make sure we do not close essential rump client descriptors:
dup() them to a safe place, except for F_CLOSEM where we
simply leave them alone. also, partially solved by the above,
make sure the process's set of rump kernel descriptors persists
over exec()

* sshd likes to chdir() before exec
==> for unix-style rump_sp(7) sockets save the full path on the
initial exec and use it afterwards. thread the path through
the environment in execve()
 1.38  12-Feb-2011  pooka Fix select() if no fds are set.

patch from Alexander Nasonov, PR lib/44552
 1.37  11-Feb-2011  pooka play the important typecast game
 1.36  11-Feb-2011  pooka ssh mostly ignores the return value of select(), so if the timeout
expired it would assume that all input set descriptors had activity.

In case we get rv == 0 from the poll backend, zero out the fd sets
to signal that in fact no descriptors have activity.

Before this commit ssh was "jittery" when run through a rump tcp/ip
stack (interactive sessions kept blocking on stdin and you had to
"peddle" the connection). Now it works smoothly ... or at least
smoothly enough so that this commit could be done through a rump
tcp/ip stack:
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root ssh 125 0 tcp localhost.65517 cvs.netbsd.org.22
 1.35  08-Feb-2011  pooka Fix pasto, use GETSYSCALLS() where possible
 1.34  08-Feb-2011  pooka Make sure we can do host kevent since the -current (and recent nb5)
libc resolver uses it. Error out in case of rump fd kevent (TODO).
Fixes one more problem pointed out by Alexander Nasonov.

Also, implement dup().
(TODO: implement it along the fcntl path too)
 1.33  08-Feb-2011  pooka add std dprint to fdcall
 1.32  07-Feb-2011  pooka Force gcc to generate a stack frame for the call to dlsym(RTLD_NEXT).
Without this hack at least amd64 -O2 just used jmp and The Wrong
Thing happened.
 1.31  07-Feb-2011  pooka duh, _sys_read, not read. STAY FIXED, DAMNIT!
 1.30  07-Feb-2011  pooka Unbreak the ssp lossage from the default -current build by removing
it. I still don't have any idea what the ssp stuff is supposed to
do and how it's supposed to even begin to work. If someone wants
to change this now, run tests/lib/librumphijack before commit so
that I can avoid another multihour debugging session!
 1.29  07-Feb-2011  pooka call the non-compat pollts() from inside the library
 1.28  06-Feb-2011  pooka make it possible to specify client connection retry model in
RUMPHIJACK_RETRY
 1.27  06-Feb-2011  pooka be kinder about kqueue()
(but paradoxically omit the surprise)
 1.26  05-Feb-2011  pooka uncommit part of previous which wasn't supposed to change
 1.25  05-Feb-2011  pooka Wrap daemon() since it forks. Otherwise we lose the rumpclient kq
descriptor and have multiple processes using the commfd.
 1.24  05-Feb-2011  pooka Fix some snafus to allow rumphijack to work on -current.

reported by Alexander Nasonov
 1.23  27-Jan-2011  pooka Use NEEDED for librumpclient instead of loading it manually.
 1.22  27-Jan-2011  pooka Set server reconnection timeout to infinite. There probably need
to be some toggle eventually, but for now I'm optimizing the default
for my firefox use ;)
 1.21  26-Jan-2011  christos make SSP friendly
 1.20  25-Jan-2011  pooka fix compilation on -current
 1.19  25-Jan-2011  pooka the usual fun for WARNS=4

signed,
unsigned
 1.18  25-Jan-2011  pooka dramatic whitespace fix
 1.17  25-Jan-2011  pooka Rewrite to declare most dual-kernel calls with macros. This helps
with adding new calls and makes all existing fd-accepting hijacked
calls dual-kernel. It would be better to autogenerate the code
from syscalls.master, but this is easier for now.
 1.16  19-Jan-2011  pooka branches: 1.16.2;
Do the standard dance for sendto/recvfrom since nspluginwrapper
wants to use them. XXX: need to fold the dance sequence into a
common routine.
 1.15  18-Jan-2011  pooka fix lp64 snafu (hopefully)

from pgoyette
 1.14  18-Jan-2011  pooka * attempt to match libc non-compat names (XXX: needs work)
* make shutdown() a dual-stack call
* flip the default to use host for PF_UNIX, since that's generally
the desired case (because of X)
 1.13  18-Jan-2011  pooka pollts:
Since fds[] does not go to both kernels, set revents to 0 when
splitting the vector. Now any stale revents passed by the caller
do not get counted as results for the kernel which did not "win"
the poll.

This fixes a situation where a firefox transfer would occasionally
stall. Now firefox works full speed with a rump networking stack.
 1.12  18-Jan-2011  pooka Don't count sparse elements in the poll vector for host fds.
 1.11  18-Jan-2011  pooka Fix conversion: there are 1000*1000 nanoseconds in a millisecond, not 1000.
 1.10  18-Jan-2011  pooka Fix dup2 mask so that dup2'ing a rump kernel fd to 1 does not cause
stderr to be treated as a rump kernel fd as well. Makes e.g.
bozohttpd work better with stderr logging.

Also, add aborty stubs for kqueue.
(implementing kqueue is even trickier than implementing select/poll
since we need to keep state for two kqueue fd's)
 1.9  17-Jan-2011  pooka Use host_close() instead of close() where we know it to be the
right interface.
 1.8  17-Jan-2011  pooka Adapt to rump syscall changes. The correct rump compat syscall is
now automatically picked based on the ABI of the target the library
is compiled for.

(the host libc symbolname to override still needs a little attention
based on the system version)
 1.7  09-Jan-2011  pooka Networked X11 clients have the annoying property that they need to
contact the X server. Since most of the useful cases these days
are local, add a toggle which forwards PF_LOCAL sockets to the host
and all other protocol families to the rump kernel.

This makes an unmodified firefox work with a rump TCP/IP stack.
I'm sure someone will find applications for being able to run
multiple web browser profiles on one OS with each browser having
a different IP address in the same subnet ...
 1.6  09-Jan-2011  pooka Don't depend on malloc(0) returning non-NULL.
 1.5  09-Jan-2011  pooka dprintf to stderr. stop doing it if stderr_fileno gets dup2()'d
 1.4  08-Jan-2011  pooka Support dual kernel select() by emulating it with pollts(). It
would have been much easier if up to and including 5.0 we wouldn't
silently cap the nfds argument to poll(!!!).

Makes things like socket(1) work out-of-the-box, and pretty much
every other decidedly prehistoric select() user.
(netcat is a slight exception since it sets FD_SETSIZE, a.k.a.
interface-of-the-year, to 16)
 1.3  08-Jan-2011  pooka support pollts and rewrite poll in terms of pollts
 1.2  08-Jan-2011  pooka Support fork() and dup2().

This is sufficient to make an unmodified httpd(8) be able to serve
pages via a rump networking stack.
 1.1  07-Jan-2011  pooka Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?

There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().

Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.

(not hooking this up the build for now)
 1.16.2.4  05-Mar-2011  bouyer Sync with HEAD
 1.16.2.3  17-Feb-2011  bouyer Sync with HEAD
 1.16.2.2  08-Feb-2011  bouyer Sync with HEAD
 1.16.2.1  20-Jan-2011  bouyer Snapshot of work in progress on a modernised disk quota system:
- new quotactl syscall (versionned for backward compat), which takes
as parameter a path to a mount point, and a prop_dictionary
(in plistref format) describing commands and arguments.
For each command, status and data are returned as a prop_dictionary.
quota commands features will be added to take advantage of this,
exporting quota data or getting quota commands as plists.

- new on disk-format storage (all 64bit wide), integrated to metadata for
ffs (and playing nicely with wapbl).
Quotas are enabled on a ffs filesystem via superblock flags.
tunefs(8) can enable or disable quotas.
On a quota-enabled filesystem, fsck_ffs(8) will track per-uid/gid
block and inode usages, and will check and update quotas in Pass 6.
quota usage and limits are stored in unliked files (one for users,
one for groups)l fsck_ffs(8) will create the files if needed, or
free them if needed. This means that after enabling or disabling
quotas on a filesystem; a fsck_ffs(8) run is required.
quotacheck(8) is not needed any more, on a unclean shutdown
fsck or journal replay will take care of fixing quotas.
newfs(8) can create a ready-to-mount quota-enabled filesystem
(superblock flags are set and quota inodes are created).
Other new features or semantic changes:
- default quota datas, applied to users or groups which don't already
have a quota entry
- per-user/group grace time (instead of a filesystem global one)
- 0 really means "nothing allowed at all", not "no limit".
If you want "no limit", set the limit to UQUAD_MAX (tools will
understand "unlimited" and "-")

A quota file is structured as follow:
it starts with a header, containing a few per-filesystem values,
and the default quota limits.
Quota entries are linked together as a simple list, each entry has a
pointer (as an offset withing the file) to the next.
The header has a pointer to a list of free quota entries, and
a hash table of in-use entries. The size of the hash table depends
on the filesystem block size (header+hash table should fit in the
first block). The file is not sparse and is a multiple of
filesystem block size (when the free quota entry list is empty a new
filesystem block is allocated). quota entries to not cross
filesystem block boundaries.

In memory, the kernel keeps a cache of recently used quota entries
as a reference to the block number, and offset withing the block.
The quota entry itself is keept in the buf cache.

fsck_ffs(8), tunefs(8) and newfs(8) supports are completed (with
related atf tests :)
The kernel can update disk usage and report it via quotactl(2).

Todo: enforce quotas limits (limits are not checked by kernel yet)
update repquota, edquota and rpc.rquotad to the new world
implement compat_50_quotactl ioctl.
update quotactl(2) man page

fsck_ffs required fixes so that allocating new blocks or inodes will
properly update the superblock and cg sumaries. This was not an issue up
to now because superblock and cg sumaries check happened last, but now
allocations or frees can happen in pass 6.
 1.90.4.4  22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.90.4.3  30-Oct-2012  yamt sync with head
 1.90.4.2  23-May-2012  yamt sync with head.
 1.90.4.1  17-Apr-2012  yamt sync with head
 1.91.2.1  19-Apr-2012  riz Pull up following revision(s) (requested by martin in ticket #188):
lib/librumphijack/hijack.c: revision 1.92
poll(), pollts() and select() all return int values, but in the hijack
emulation of them these get passed as exit values from a pthread as
a void* (c.f. pthread_join(), pthread_exit()).
Do not use the address of an int variable for these, but provide the address
of a void* and assign the value afterwards.
Fixes hijacking of pollts/select on 64bit big endian hosts.
Spotted by and fix from pooka.
 1.98.2.2  20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.98.2.1  20-Nov-2012  tls Resync to 2012-11-19 00:00:00 UTC
 1.100.2.1  23-Jul-2013  riastradh sync with HEAD
 1.107.2.1  10-Aug-2014  tls Rebase.
 1.109.2.2  03-Mar-2016  martin Pull up following revision(s) (requested by nakayama in ticket #1096):
bin/mv/mv.c: revision 1.44
bin/cp/utils.c: revision 1.43-1.44
lib/librumphijack/hijack.c: revision 1.112-1.115
usr.bin/touch/touch.c: revision 1.33
sbin/restore/tape.c: revision 1.68
sbin/restore/dirs.c: revision 1.51
Don't truncate at sub-microsecond while preserving timestamps.

One of motivation of this change is to make the behavior of test(1)
-nt/ot with preserved copy (like cp -p) closer to the NetBSD 6.
Of course whether full timestamps are kept or not depends also on
underlying file system.

The ifdef added in mv(1) since existing ifdefs was our local change
to compile it on solaris (though I couldn't test it):
http://mail-index.netbsd.org/tech-userlevel/2014/11/28/msg008831.html

Fix the name of failed function in warning message.

Hijack utimensat(2) so that t_vfs test passes after cp(1)/mv(1) are
changed to use the system call. Linux also has this system call, but
not tested this on linux.

Also hijack futimens(2) so that t_sh test passes.

Define a generic ATCALL() and use it to implement utimensat()
Make ATCALL() behave for absolute paths too.
 1.109.2.1  09-Dec-2014  martin branches: 1.109.2.1.2;
Pull up following revision(s) (requested by gson in ticket #303):
lib/librumphijack/hijack.c: revision 1.110
In case of no dup2'd fd's, make sure that F_CLOSEM for the
rump kernel starts from 0.
Fixes rumphijack fdoff test (notably, this bug had nothing to do with
fdoff, and was exposed >3 years after writing the test when rump kernels
started providing fd's 0/1/2)
 1.109.2.1.2.1  03-Mar-2016  martin Pull up following revision(s) (requested by nakayama in ticket #1096):
bin/mv/mv.c: revision 1.44
bin/cp/utils.c: revision 1.43-1.44
lib/librumphijack/hijack.c: revision 1.112-1.115
usr.bin/touch/touch.c: revision 1.33
sbin/restore/tape.c: revision 1.68
sbin/restore/dirs.c: revision 1.51
Don't truncate at sub-microsecond while preserving timestamps.

One of motivation of this change is to make the behavior of test(1)
-nt/ot with preserved copy (like cp -p) closer to the NetBSD 6.
Of course whether full timestamps are kept or not depends also on
underlying file system.

The ifdef added in mv(1) since existing ifdefs was our local change
to compile it on solaris (though I couldn't test it):
http://mail-index.netbsd.org/tech-userlevel/2014/11/28/msg008831.html

Fix the name of failed function in warning message.

Hijack utimensat(2) so that t_vfs test passes after cp(1)/mv(1) are
changed to use the system call. Linux also has this system call, but
not tested this on linux.

Also hijack futimens(2) so that t_sh test passes.

Define a generic ATCALL() and use it to implement utimensat()
Make ATCALL() behave for absolute paths too.
 1.119.2.2  20-Mar-2017  pgoyette Sync with HEAD
 1.119.2.1  07-Jan-2017  pgoyette Sync with HEAD. (Note that most of these changes are simply $NetBSD$
tag issues.)
 1.121.2.1  21-Apr-2017  bouyer Sync with HEAD
 1.122.4.1  28-Feb-2018  martin Pull up following revision(s) (requested by maya in ticket #594):
lib/librumphijack/hijack.c: revision 1.123
since ln(1) now uses linkat(2) provide a dumb wrapper.
 1.124.2.2  26-Dec-2018  pgoyette Sync with HEAD, resolve a few conflicts
 1.124.2.1  28-Jul-2018  pgoyette Sync with HEAD
 1.125.2.3  13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.125.2.2  08-Apr-2020  martin Merge changes from current as of 20200406
 1.125.2.1  10-Jun-2019  christos Sync with HEAD
 1.136.2.1  22-Aug-2024  martin Pull up following revision(s) (requested by ozaki-r in ticket #786):

lib/librumphijack/hijack.c: revision 1.140

librumphijack: support flock

The original author is k-goda@IIJ.

RSS XML Feed