Fixes out of bounds issues when running Darling on a device/virutal machine that reports more then 64 cores. Fixes#7
Co-Authored-By: Janrupf <business.janrupf@gmail.com>
This new tool (`dserverdbg`) runs on the host but connects to
darlingserver and makes unmanaged calls to retrieve debugging
information.
The initial set of subcommands available in this tool are `ps`,
`lsport`, `lspset`, and `lsmsg`:
* `ps` lists processes currently registered with the server and how
many Mach ports they have
* `lsport` lists the ports of a given process (via PID) and their
rights and messages counts (for receive rights)
* `lspset` lists the members of a given portset (via PID and port
name) and provides the same information about each port as `lsport`
* `lsmsg` lists the messages of a given port (via PID and port name),
providing sender PID (if available) and size
This tool may be expanded later to allow e.g. modifying logging settings
while darlingserver is running or perhaps searching through and
filtering the logs.
Make sure to pass a file mode argument to `open` (this is required with `O_CREAT`. Also, make sure to check for success (i.e. non-negative FD) before trying to using the log file.
This commit does not enable any categories with this new behavior, but
it allows for critical categories to always be logged, regardless of
log level. The main use case for this is for `kprintf` messages.
Code was copied over from xnu/osfmk/vm/vm_user.c. I'll admit that I'm not sure if this is the right approach, but it seems to allow me to progress with debugging notifyd.
If `valid_fd_count` is 0, we can simply not set a control buffer. This
is necessary because empty control buffers with no content are invalid.
It seems that, due to some coincidence with struct sizes, this went
undetected on x86_64. However, the issue is present on i386.
This commit disallows non-fixed-width types in private types and also
adds explicit alignment for 8-byte-wide types. This ensures that RPC
structure definitions are the same across different architectures.
In particular, this is necessary to fix 32-bit support.
As the comment I added says, sometimes a process is killed while
user-suspended (e.g. when LLDB sends the kill signal while debugging).
In such cases, trying to save the state back to the process will fail
(since it no longer exists). We can safely ignore such errors, but let's
also log a warning just-in-case.
Do not mount /dev/shm with MS_NOEXEC flag on WSL1. A bug on WSL1
(https://github.com/microsoft/WSL/issues/8777) prevents files from
being mapped using mmap if the underlying filesystem is mounted
with MS_NOEXEC.
Darling now be used without overlayfs by enabling
the environment "DARLING_NOOVERLAYFS". Darling also
disables overlayfs when it detects itself running in a WSL1
environment.
Without overlayfs, Darling will have to recursively copy all files
and folders from LIBEXEC_PATH to DPREFIX.
- Implemented an alternative to pidfd_open for kernels older than 5.3.
mldr should send a "lifetime pipe" to darlingserver during process start.
When the process dies, darlingserver should receive a POLLHUP event.
- Set increased_limit.rlim_cur to default_limit.rlim_max on systems without
/proc/sys/fs/nr_open. On WSL1, this greatly increases the number of open file
descriptors available.
- For systems without NSpid in /proc/self/status, implemented a way to manage
thread IDs in darlingserver during checkin. darlingserver should receive a hint
address on the thread's stack, and then compare it with a stack pointer retrieved using
PTRACE_GETREGS
- Avoided sending socket messages when msg_hdr.msg_name->sun_path is an empty string.
A null msg_name is used instead, otherwise, on some systems, this would fail with EINVAL.
Debug logging produces *lots* of output *very* quickly, so that's
disabled by default now. The log level can be controlled with the new
`DSERVER_LOG_LEVEL` env var. Just set it to the minimum level
you want to see in the output. It defaults to "error" so that only
error messages are logged.
One significant change made here is that lck_mtx structures now directly
contain the internals of dtape_mutex structures. This was changed
because the old way of storing in a malloc'ed object led to memory leaks.
The problem is that there's a lot of XNU code that uses simple locks and
does not destroy them (because it doesn't need to in the XNU
implementation). Since the only structure that really cares about the
lock size is the waitq structure, we just patch that up. Besides, we
had modified the waitq structure in the LKM before and nothing blew up,
so this should be fine.
This is used to avoid the server reading incorrect/corrupted reply
contents for pushed replies. This was happening because clients were
sending the push-reply call with the pointer to the message contents,
but they were immediately returning after sending it. This led to a race
condition in which the server would sometimes read the data after the
client had already overwritten/discarded said data.
The thread might have died after sending the message, so
it might not exist by the time the server gets the message.
In that case, just ignore/drop the message.
