Implement I_SUID/I_SGID feature for binfs in the POSIX compliant way.
If set-user-ID bit is set in the file permissions, then the effective
user ID of process shall be set to UID of the new process image file.
test case:
hello example emulates to set uid and file set-user-ID bit, and call
geteuid and getegid API.
UID = 2000
GID = 3000
MODE = 06555
nsh> ls -l /bin/hello
-r-sr-sr-x 2000 3000 0 hello
nsh> hello
geteuid:2000
getegid:3000
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
From posix spec, if set-user-ID bit is set in the file permissions,
then the effective user ID of the new process shall be set to the
user ID of the new process image file.
Let's ignore whether ST_NOSUID is set on the mounted file system.
https://pubs.opengroup.org/onlinepubs/007904875/functions/exec.html
test step:
hello example build as a module and call geteuid and getegid API.
then set file binary set-user-ID bit on the host.
$ chmod +s apps/bin/hello
nsh> mount -t hostfs -o fs=. /data
nsh> ls -l /data/apps/bin/hello
-rwsrwsr-x 1000 1000 9264 /data/apps/bin/hello
nsh> /data/apps/bin/hello
geteuid:1000
getegid:1000
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
1. Update all CMakeLists.txt to adapt to new layout
2. Fix cmake build break
3. Update all new file license
4. Fully compatible with current compilation environment(use configure.sh or cmake as you choose)
------------------
How to test
From within nuttx/. Configure:
cmake -B build -DBOARD_CONFIG=sim/nsh -GNinja
cmake -B build -DBOARD_CONFIG=sim:nsh -GNinja
cmake -B build -DBOARD_CONFIG=sabre-6quad/smp -GNinja
cmake -B build -DBOARD_CONFIG=lm3s6965-ek/qemu-flat -GNinja
(or full path in custom board) :
cmake -B build -DBOARD_CONFIG=$PWD/boards/sim/sim/sim/configs/nsh -GNinja
This uses ninja generator (install with sudo apt install ninja-build). To build:
$ cmake --build build
menuconfig:
$ cmake --build build -t menuconfig
--------------------------
2. cmake/build: reformat the cmake style by cmake-format
https://github.com/cheshirekow/cmake_format
$ pip install cmakelang
$ for i in `find -name CMakeLists.txt`;do cmake-format $i -o $i;done
$ for i in `find -name *\.cmake`;do cmake-format $i -o $i;done
Co-authored-by: Matias N <matias@protobits.dev>
Signed-off-by: chao an <anchao@xiaomi.com>
This change allows boards to define an additional kconfig option, which specifies the final link format of application executables.
By selecting `CONFIG_BINFMT_ELF_RELOCATABLE`, and providing an appropriate linker script, applications can be fully linked, removing the need to process relocations.
This is preparation to use kernel stack for everything when the user
process enters the kernel. Now the user stack is in use when the user
process runs a system call, which might not be the safest option.
The following changes make it possible for Nuttx to load binaries in ELF format which are fully linked.
The change does not include the necessary modifications to produce such binaries. In order to build an applicable binary:
- The userspace applications linker script (`gnu-elf.ld`) needs to modified so the data and text section origin's match those setup by the address environment.
- The makefile used, in `apps/import/Make.defs` needs to remove the `-r` LDELFFLAG.
The spawn proxy thread is a special existence in NuttX, usually some developers
spend a lot of time on stack overflow of spawn proxy thread:
https://github.com/apache/nuttx/issues/9046https://github.com/apache/nuttx/pull/9081
In order to avoid similar issues, this PR will remove spawn proxy thread to simplify
the process of task/posix_spawn().
1. Postpone the related processing of spawn file actions until after task_init()
2. Delete the temporary thread of spawn proxy and related global variables
Signed-off-by: chao an <anchao@xiaomi.com>
1. stack_alloc_ptr should be freed in kernel mode
2. replace nxsched_release_tcb() to nxtask_uninit() to remove tcb from inactive list
Signed-off-by: chao an <anchao@xiaomi.com>
Store the old environment in a local context so another temporary address
environment can be selected. This can happen especially when a process
is being loaded (the new process's mappings are temporarily instantiated)
and and interrupt occurs.
Instead of using a volatile storage for the address environment in the
binfmt / loadinfo structures, always allocate the address environment
from kheap.
This serves two purposes:
- If the task creation fails, any kernel thread that depends on the
address environment created during task creation will not lose their
mappings (because they hold a reference to it)
- The current address environment variable (g_addrenv) will NEVER contain
a stale / incorrect value
- Releasing the address environment is simplified as any pointer given
to addrenv_drop() can be assumed to be heap memory
- Makes the kludge function addrenv_clear_current irrelevant, as the
system will NEVER have invalid mappings any more
- Remove the temporary "saved" variable when temporarily changing MMU
mappings to access another process's memory. The fact that it has an
address environment is enough to make the choice
- Restore nxflat_addrenv_restore-macro. It was accidentally lost when
the address environment handling was re-factored.
The function is not relevant any longer, remove it. Also remove
save_addrenv_t, the parameter taken by up_addrenv_restore.
Implement addrenv_select() / addrenv_restore() to handle the temporary
instantiation of address environments, e.g. when a process is being
created.
Detach the address environment handling from the group structure to the
tcb. This is preparation to fix rare cases where the system (MMU) is left
without a valid page directory, e.g. when a process exits.
Same as with group_free(), there is no need to instantiate the address
environment to destroy it.
The only problem was the ARM implementation modified the L1 mappings
in up_addrenv_destroy(), which it no longer does.
- Also remove the nuttx private shm.h file nuttx/mm/shm.h, which became redundant
- Also remove the gran allocator initialization/release in binfmt since common
vpage allocator is initialized in group_create/group_leave
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
The dependency should be vice versa; the MM_SHM should depend on the
existence of the virtual memory range allocator.
Create a new CONFIG flag CONFIG_ARCH_VMA_MAPPING, which will define that
there is a virtual memory range allocator. Make MM_SHM select that flag
Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
In the past, header file paths were generated by the incdir command
Now they are generated by concatenating environment variables
In this way, when executing makefile, no shell command will be executed,
it will improve the speed of executing makfile
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
1.Don't check the return value of nxsem_init or nxmutex_init
2.Fix some style issue
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Fixes minor issue with a trace (build failure with -Werror):
libelf/libelf_symbols.c:310:41: error: pointer of type 'void *' used in arithmetic [-Werror=pointer-arith]
310 | (uintptr_t)(sym->st_value + symbol->sym_value));