Commit Graph

38 Commits

Author SHA1 Message Date
pooka
f67143f64b OpenBSD support
from Justin Cormack via github
2014-01-08 01:45:29 +00:00
pooka
55ffc8641a Do not export symbols which don't need to be exported.
via Justin Cormack
2013-12-31 00:25:17 +00:00
pooka
e0f5e00388 Support Cygwin as a hypervisor. 2013-01-14 21:00:16 +00:00
pooka
2f56710909 Since SA_SETLEN() is used only for sockaddr_in, convert it to SIN_SETLEN()
to avoid compiler whining on breaking strict aliasing rules.
2012-11-26 16:30:14 +00:00
pooka
6530621714 Fixes for Solarisa. 2012-11-18 19:29:40 +00:00
pooka
bf01f875b4 For the rumpsp protocol, don't assume that the bit representation of
errnos match on the client and server platforms (the syscall subprotocol
errnos are handled by the server compat code).
2012-09-21 14:33:03 +00:00
pooka
3b3ffd7039 Once again, make the rump kernel hypercall layer work on Linux. 2012-07-27 09:09:05 +00:00
pooka
00e34b229c Use sendmsg() instead multiple calls to sendto(). It behaves
slightly better in the multithreaded exec case in terms of partial
frames sent.  Plus, it's theoretically a little cheaper.

There's still a gray area with partial transfer from sendmsg(),
but I'm not sure I care enough about some academic scenario to
start fixing it (it basically needs an OOB exec signaller).
2011-03-08 15:34:37 +00:00
pooka
91240244df Nuke all threads belonging to a process calling exec before allowing
the exec handshake to return.

In addition to being The Right Thing To Do, fixes some nasty
conditions for CLOEXEC fd's (or at least does so in theory, I
couldn't create any problems although I tried).
2011-03-08 12:39:28 +00:00
pooka
20446f99b9 return correct value when reading a short frame 2011-03-08 10:02:01 +00:00
pooka
5e301bc45b support HANDSHAKE_EXEC 2011-02-15 10:37:07 +00:00
pooka
2ba7fe5525 A bunch of changes which essentially make sshd work with a hijacked
rump tcp/ip stack:

* sshd likes to fork and then re-exec itself
  ==> trap execve() and augment the env with the current parameters
      essential to a rump kernel (kernel communication fd, information
      about dup2'd file descriptors)

* sshd likes to play lots of games with pipes, socketpairs and dup{,2}()
  ==> make sure we do not close essential rump client descriptors:
      dup() them to a safe place, except for F_CLOSEM where we
      simply leave them alone.  also, partially solved by the above,
      make sure the process's set of rump kernel descriptors persists
      over exec()

* sshd likes to chdir() before exec
  ==> for unix-style rump_sp(7) sockets save the full path on the
      initial exec and use it afterwards.  thread the path through
      the environment in execve()
2011-02-14 14:56:23 +00:00
pooka
19a57922d0 Add reconnect code to librumpclient. In case the connection to
the kernel server is lost, the client will now automatically attempt
to reconnect.

Among other things, this makes it possible to "reboot" and restart
the TCP/IP stack from under firefox without any perceivable less
of service.  If pages were loading at the time the TCP/IP server
was killed, there may be some broken links, but nothing a ctrl-r
cannot fix.
2011-01-24 17:47:51 +00:00
pooka
1d9f8678bd In case sys_reboot() was called by a remote client, put the response
in the socket before we shut down.  This way the response to the
syscall travels to the caller and they know things worked correctly
instead of having to just assume.
2011-01-22 13:41:22 +00:00
pooka
9fba158b8b Add RUMPSP_RAISE: the kernel sends a signal to the client. 2011-01-14 13:12:14 +00:00
pooka
5064fa59e6 A bunch of improvements:
* don't hold spc mutex while sending data
* use send() for the banner to avoid SIGPIPE in case a client
  connects and immediately goes away
* fix error path locking
* use kevent() instead of pollts() in the client.  Apparently that
  is the only sensible way for a library to support both multithreading
  and signal-reentrancy in a race-free manner.
  (can I catch all signals with one kevent instead of installing
  NSIG different ones??)
* mark client comm descriptor non-blocking so that clients have
  better signal-interruptibility (we now sleep in signal-accepting
  kevent() instead of signal-masked recvfrom())
2011-01-10 19:49:43 +00:00
pooka
52fffe2163 g/c code which is unused in the server 2011-01-10 11:57:53 +00:00
pooka
55d21df89f Separate rw_data and rw_done. Otherwise we don't get wakeups for
requests which have a 0-length response (such as copyin 0/0).

This change makes links(1) work against a rump kernel which contains
rumpnet_local.  The presence of unix domain sockets caused links
to select() with 0 fds and a timeout, and because copyin never woke
up in the kernel the application blocked indefinitely.
2011-01-09 14:10:03 +00:00
pooka
91aad9bd60 Make rumpclient impervious to LD_PRELOAD syscall hijacking by using
dlsym(RTLD_NEXT) to lookup a host_syscall() function pointer which
is used instead of syscall() to communicate with the kernel server.

WARNING: popular opinion classifies this as "ugly code".  if you
have a weak heart/mind/soul/sole meuniere, read max. 1 line of the
diff per day, preferably with food.
2011-01-07 19:37:51 +00:00
pooka
c45d9404c0 Make rumpclient syscalls safe to call from signal handlers. 2011-01-06 06:57:14 +00:00
pooka
fd993ea3d0 Support fork() for rumpclient users. 2011-01-05 17:14:50 +00:00
pooka
393eecc12a Have the client and server perform some sort of handshake first.
It's pretty much a placeholder for now.  One plan for the future
is to require some sort of authentication for superuser clients.
The code will need a little massage then, though, to prevent DoS
attacks.
2010-12-16 17:05:44 +00:00
pooka
3c4a27f7cd Print a banner a connecting client. The banner contains rump sp
protocol version, os name, os revision and machine.
2010-12-16 12:38:20 +00:00
pooka
34c8240044 Unlink unix socket as part of server exit.
(whatever happened to the code that was supposed to do it automatically
when the binding process exits?)
2010-12-12 17:58:28 +00:00
pooka
ff46270ebc Hands off of stuff we need to keep hands off of. 2010-11-30 20:33:43 +00:00
pooka
d402686fe2 Remove remaining panic()s from server-side code. Also, allow to
send an out-of-band error.  Make the client retry syscall requests
if this error is EAGAIN, fail them otherwise.
2010-11-29 16:08:03 +00:00
pooka
f0d58f7830 Fix a few locking problems with multithreaded clients.
TODO: make server deal graciously with out-of-resources conditions
2010-11-26 18:51:03 +00:00
pooka
6e0e64ab1b Improve reliability in cases where client disconnects mid-operation. 2010-11-26 14:37:08 +00:00
pooka
6b71288c49 *facepalm*, adjust remote copyinstr to work in cases where the end
of the max copyin extends to an unmapped page.

Noticed, as usual, by tests.
2010-11-25 17:59:02 +00:00
pooka
d693e691bf unsnafu previous 2010-11-24 17:20:24 +00:00
pooka
0f9bd961a2 Unschedule from CPU for out-of-kernel blocking ops. Otherwise we
might even deadlock if the thread that wakes us up wants a CPU.
2010-11-24 17:00:10 +00:00
pooka
adabf68496 missed part of earlier commit 2010-11-24 14:32:42 +00:00
pooka
a2b42bab81 Support multithreaded clients and fix a few bugs. 2010-11-19 17:09:44 +00:00
pooka
b82590c0a3 delint 2010-11-19 15:40:55 +00:00
pooka
52f22b2c6a Start working on making the syscall proxy code threadsafe. The
basics are there, but a few more tweaks are needed.  The reason
I'm committing it now is that the code was mindnumbingly boring to
write (no wonder it took me almost 3 years to get it done), and I
might burn it if it's not in a safe place.
2010-11-19 15:25:49 +00:00
pooka
ac0efea1ab Don't puff sigpipe if the connection has been severed. May happen
e.g. when a client executes a blocking call such a poll() and
decides to exit before the result is ready.
2010-11-10 16:12:15 +00:00
pooka
01eecd68eb Implement support for unix domain sockets (important especially
for testing since we don't want to depend on global resources such
as tcp ports).
2010-11-05 14:23:45 +00:00
pooka
13e503f148 Refactor the sysproxy code so that rumpuser contains only the server side. 2010-11-04 20:54:07 +00:00