Commit Graph

58 Commits

Author SHA1 Message Date
joerg
41a3b9d2d6 Request always_inline for rumpclient__dofork, it won't work correctly
for vfork otherwise. Also give it the returns twice attribute to ensure
that the stack tainting is done recursively.
2011-12-16 23:19:28 +00:00
joerg
a5a75c0cc8 Mark rumphijack_dlsym explicitly as weak to prevent optimisations based
on pointer (non-)identity of it and rumpclient__dlsym.
2011-12-12 16:53:53 +00:00
joerg
c7d626a65f Don't use K&R syntax 2011-12-12 15:21:32 +00:00
alnsn
df45d61f55 Save/restore errno in error path in dupgood. Check that n>0 before
accessing banner[n-1].

Approved a while ago by pooka@
2011-04-30 12:25:05 +00:00
pooka
754d118ee3 don't spam connection errors to stderr by default 2011-03-15 09:35:05 +00:00
pooka
a7f297977b * use _exit() instead of exit() in retryconn=die: atexit() handlers
may hang if the server is dead
* consistent use of data
2011-03-09 15:09:21 +00:00
pooka
57a486416f need -I${.OBJDIR} now 2011-03-08 19:11:27 +00:00
pooka
c057875f13 create srcsys symlink 2011-03-08 18:30:24 +00:00
pooka
d06a7e799a and for my next trick, i'm going to spell ARGSUSED correctly 2011-03-08 18:28:01 +00:00
pooka
e48cccc4df lint love 2011-03-08 18:25:16 +00:00
pooka
7905447e1d Since we ~never have a frame waiting on the initial call to waitresp,
call kevent before readframe.  Doesn't really affect performance,
but makes ktraces shorter ;)
2011-03-08 15:55:12 +00:00
pooka
00e34b229c Use sendmsg() instead multiple calls to sendto(). It behaves
slightly better in the multithreaded exec case in terms of partial
frames sent.  Plus, it's theoretically a little cheaper.

There's still a gray area with partial transfer from sendmsg(),
but I'm not sure I care enough about some academic scenario to
start fixing it (it basically needs an OOB exec signaller).
2011-03-08 15:34:37 +00:00
pooka
ee6e286c6f Take reasonable precautions against init in a parent process
which did a rump-transparent host-only fork().
2011-02-27 12:58:29 +00:00
pooka
9e33d7d6e2 fix __RCSID 2011-02-25 15:12:06 +00:00
pooka
8c15d641b0 Fix static fallback path. 2011-02-24 14:22:04 +00:00
pooka
b8eb9b59e8 Make the rumphijack dlsym trampoline call from rumpclient a "real"
function call instead of a call through a function pointer.
Apparently powerpc ld.elf_so gets __hackish_return_address() wrong
if the call is done through a function pointer (digging deeper into
that stuff is beyond my interest).

Thanks to riz for providing access to a macppc for debugging.
Unthanks to the broken toolchain in the default installation which
wasted approximately 4 hours of time last night.
2011-02-24 12:25:44 +00:00
pooka
e1463ae3cd Die with a sensible error message if a symbol cannot be found. 2011-02-24 09:52:34 +00:00
tron
fb1591b100 Remove "NOLINT" setting that was apparently committed by accident and
breaks the build.
2011-02-22 17:32:49 +00:00
pooka
97c20c765b Disable string aliasing for rump_syscalls.c. I can't figure out
how to otherwise make the kernel's register_t coreography to work
with the return value here in a MI fashion.
2011-02-22 14:02:54 +00:00
pooka
4674f09289 I think I skipped the class where they taught that multiplication
is done before addition...
2011-02-18 16:22:10 +00:00
wiz
cd90032d22 Use more appropriate markup. Fix a typo. 2011-02-17 17:03:17 +00:00
pooka
2e866e7646 add some excuse of a manpage for librumpclient 2011-02-16 23:45:40 +00:00
tron
aa934b7969 Include "sys/null.h" to get the definition of NULL. 2011-02-16 22:35:41 +00:00
pooka
f8af939582 fix signature of rumpclient_fork() 2011-02-16 19:58:01 +00:00
pooka
2e5776377c * set default server connection retry to 0 (no reconnection attempts).
while for some cases attempting retry after server restart works
  brilliantly (e.g. firefox), in other cases it's quite disasterous
  (sshd doesn't like its file descriptors going missing and does not
  attempt to reopen them, leading to a quite catastophic loop of
  EBADF once the server does come back)
* rename RUMPHIJACK_RETRY to the slightly more sensible
  RUMPHIJACK_RETRYCONNECT
2011-02-16 19:26:58 +00:00
pooka
36f6818061 Support vfork. Add rumpclient wrapper for daemon(3). 2011-02-16 17:56:46 +00:00
pooka
f4ba3dcd9e Push the fiddly tasks for exec and fork from rumphijack to rumpclient.
This makes it possible easily execute those operations also from
non-hijacked rump clients (plus fixes one memory leak in an error
branch).
2011-02-16 15:33:46 +00:00
pooka
5e301bc45b support HANDSHAKE_EXEC 2011-02-15 10:37:07 +00:00
pooka
2ba7fe5525 A bunch of changes which essentially make sshd work with a hijacked
rump tcp/ip stack:

* sshd likes to fork and then re-exec itself
  ==> trap execve() and augment the env with the current parameters
      essential to a rump kernel (kernel communication fd, information
      about dup2'd file descriptors)

* sshd likes to play lots of games with pipes, socketpairs and dup{,2}()
  ==> make sure we do not close essential rump client descriptors:
      dup() them to a safe place, except for F_CLOSEM where we
      simply leave them alone.  also, partially solved by the above,
      make sure the process's set of rump kernel descriptors persists
      over exec()

* sshd likes to chdir() before exec
  ==> for unix-style rump_sp(7) sockets save the full path on the
      initial exec and use it afterwards.  thread the path through
      the environment in execve()
2011-02-14 14:56:23 +00:00
pooka
82aa883702 The following happens when sending mail with mutt via a rump
TCP/IP stack:

* mutt prepares to exec the smtp client: it forks and closes all
  file descriptors
* when the next networking syscall is done, rumpclient detects that
  the communication fd returned EBADF and does a reconnect,
  gets descriptor 0 for the socket and descriptor 1 for kqueue
* mutt opens the mail file and implicitly assumes it'll get 0-2,
  but in fact gets 2-4
* mutt execs the smtp agent which tries to read the mail from
  stdin (rumpclient communication socket) and fails

Even if mutt correctly did dup2() things would go south when trying
to communicate with the kernel server the next time, since rumpclient
would actually be talking with some mail body instead (well, it
could work, but in that case you'd need to write *really* weird
mails ;).

Hence, prevent rumpclient from using the special fd's 0-2 for its
purposes.

Should fix mutt problem reported by Alexander Nasonov.
2011-02-09 14:29:58 +00:00
pooka
8235557106 malloc/free aren't async-signal-safe, so avoid calling them when
signals aren't blocked.

this bug made tests/rump/rumpkern/t_sp:sigsafe rarely deadlock
2011-02-07 15:25:41 +00:00
pooka
58bfec3ee0 make sure we don't use "fullset" before we init it 2011-02-07 14:49:53 +00:00
pooka
be04c94c6d types.h for time_t 2011-02-07 14:49:32 +00:00
pooka
065ac12ba8 Add another connection retry model which simply does exit(1) if
the connection is severed.
(mostly for tests so that everything can be hooked to rump_server's exit)
2011-02-06 15:43:20 +00:00
pooka
9f3861f636 Make sure to close parent's server communication socket after fork. 2011-02-06 15:41:37 +00:00
pooka
fe247b6f0a Fix some snafus to allow rumphijack to work on -current.
reported by Alexander Nasonov
2011-02-05 12:38:19 +00:00
pooka
dac4423feb Pass the value of getprogname() from the client to the server and
record it in p_comm.  This is nice for things like sockstat, since
they now display the client command name:

pain-rustique:43:~> rump.sockstat
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
root     xulrunner- 16     0 tcp    192.168.2.114.65507   204.152.190.12.80
root     xulrunner- 16     1 tcp    192.168.2.114.65501   204.152.190.12.80
root     xulrunner- 16     2 tcp    192.168.2.114.65500   204.152.190.12.80
root     xulrunner- 16     3 tcp    192.168.2.114.65499   204.152.190.12.80
root     xulrunner- 16     5 tcp    192.168.2.114.65498   204.152.190.12.80
root     xulrunner- 16     6 tcp    192.168.2.114.65497   204.152.190.12.80
root     socket     62     0 tcp6   *.http                *.*
root     socket     62     1 tcp    *.http                *.*
root     socket     63     0 tcp6   *.81                  *.*
root     socket     63     1 tcp    *.81                  *.*
2011-01-28 19:21:28 +00:00
pooka
41434db318 Allow to set a timeout for how long the client will attempt to
reconnect in case the connection to the server is lost.  Default
to exactly one reattempt.  This makes sense and additionally fixes
the dev/raidframe/smalldisk test which currently causes a server
panic when a certain raidctl command is run (without this fix the
test would timeout since the client kept attempting to reconnect).
2011-01-27 18:04:05 +00:00
pooka
e6450adeb5 plug fd leak in reconnect code 2011-01-26 14:42:41 +00:00
pooka
19a57922d0 Add reconnect code to librumpclient. In case the connection to
the kernel server is lost, the client will now automatically attempt
to reconnect.

Among other things, this makes it possible to "reboot" and restart
the TCP/IP stack from under firefox without any perceivable less
of service.  If pages were loading at the time the TCP/IP server
was killed, there may be some broken links, but nothing a ctrl-r
cannot fix.
2011-01-24 17:47:51 +00:00
pooka
7d6e6b815c Forgot to commit this a few days ago: need to make sure we get the
right kqueue/kevent now that rumphijack hijacks them.
2011-01-21 10:43:33 +00:00
pooka
9fba158b8b Add RUMPSP_RAISE: the kernel sends a signal to the client. 2011-01-14 13:12:14 +00:00
pooka
5064fa59e6 A bunch of improvements:
* don't hold spc mutex while sending data
* use send() for the banner to avoid SIGPIPE in case a client
  connects and immediately goes away
* fix error path locking
* use kevent() instead of pollts() in the client.  Apparently that
  is the only sensible way for a library to support both multithreading
  and signal-reentrancy in a race-free manner.
  (can I catch all signals with one kevent instead of installing
  NSIG different ones??)
* mark client comm descriptor non-blocking so that clients have
  better signal-interruptibility (we now sleep in signal-accepting
  kevent() instead of signal-masked recvfrom())
2011-01-10 19:49:43 +00:00
pooka
55d21df89f Separate rw_data and rw_done. Otherwise we don't get wakeups for
requests which have a 0-length response (such as copyin 0/0).

This change makes links(1) work against a rump kernel which contains
rumpnet_local.  The presence of unix domain sockets caused links
to select() with 0 fds and a timeout, and because copyin never woke
up in the kernel the application blocked indefinitely.
2011-01-09 14:10:03 +00:00
pooka
91aad9bd60 Make rumpclient impervious to LD_PRELOAD syscall hijacking by using
dlsym(RTLD_NEXT) to lookup a host_syscall() function pointer which
is used instead of syscall() to communicate with the kernel server.

WARNING: popular opinion classifies this as "ugly code".  if you
have a weak heart/mind/soul/sole meuniere, read max. 1 line of the
diff per day, preferably with food.
2011-01-07 19:37:51 +00:00
pooka
c45d9404c0 Make rumpclient syscalls safe to call from signal handlers. 2011-01-06 06:57:14 +00:00
pooka
fd993ea3d0 Support fork() for rumpclient users. 2011-01-05 17:14:50 +00:00
pooka
393eecc12a Have the client and server perform some sort of handshake first.
It's pretty much a placeholder for now.  One plan for the future
is to require some sort of authentication for superuser clients.
The code will need a little massage then, though, to prevent DoS
attacks.
2010-12-16 17:05:44 +00:00
pooka
3c4a27f7cd Print a banner a connecting client. The banner contains rump sp
protocol version, os name, os revision and machine.
2010-12-16 12:38:20 +00:00
pooka
cc95cda0d4 lintsquelch 2010-11-30 22:30:43 +00:00