forkables: Create forkable hardlinks, yet unused.

In preparation to protect fork() against dll- and exe-updates, create
hardlinks to the main executable and each loaded dll in subdirectories
of /var/run/cygfork/, if that one exists on the NTFS file system.

The directory names consist of the user sid, the main executable's NTFS
IndexNumber, and the most recent LastWriteTime of all involved binaries
(dlls and main executable).  Next to the main.exe hardlink we create the
empty file main.exe.local to enable dll redirection.

The name of the mutex to synchronize hardlink creation/cleanup also is
assembled from these directory names, to allow for synchronized cleanup
of even orphaned hardlink directories.

The hardlink to each dynamically loaded dll goes into another directory,
named using the NTFS IndexNumber of the dll's original directory.

	* Makefile.in (DLL_OFILES): Add forkable.o.
	* dll_init.h (struct dll): Declare member variables fbi, fii,
	forkable_ntname.  Declare methods nominate_forkable,
	create_forkable.
	(struct dll_list): Declare enum forkables_needs.  Declare member
	variables forkables_dirx_size, forkables_dirx_ntname,
	forkables_mutex_name, forkables_mutex.  Declare private methods
	forkable_ntnamesize, prepare_forkables_nomination,
	update_forkables_needs, update_forkables, create_forkables,
	denominate_forkables, close_mutex, try_remove_forkables,
	set_forkables_inheritance, request_forkables.  Declare public
	static methods ntopenfile, read_fii, read_fbi.  Declare public
	methods release_forkables, cleanup_forkables.  Define public
	inline method setup_forkables.
	* dll_init.cc (dll_list::alloc): Allocate memory to hold the
	name of the hardlink in struct dll member forkable_ntname.
	Initialize struct dll members fbi, fii.
	(dll_list::load_after_fork): Call release_forkables method.
	* fork.cc: Rename public fork function to static dofork, add
	with_forkables as bool pointer parameter.  Add new fork function
	calling dofork.  (struct frok): Add bool pointer member
	with_forkables, add as constructor parameter.
	(frok::parent): Call dlls.setup_forkables before CreateProcessW,
	dlls.release_forkables afterwards.
	* pinfo.cc (pinfo::exit): Call dlls.cleanup_forkables.
	* syscalls.cc (_unlink_nt): Rename public unlink_nt function to
	static _unlink_nt, with 'shareable' as additional argument.
	(unlink_nt): New, wrap _unlink_nt for original behaviour.
	(unlink_nt_shareable): New, wrap _unlink_nt to keep a binary
	file still loadable while removing one of its hardlinks.
	* forkable.cc: New file.
	Implement static functions mkdirs, rmdirs, rmdirs_synchronized,
	stat_real_file_once, format_IndexNumber, rootname, sidname,
	exename, lwtimename.  Define static array forkable_nameparts.
	(struct dll): Implement nominate_forkable, create_forkable.
	(struct dll_list): Implement static methods ntopenfile,
	read_fii, read_fbi.  Implement forkable_ntnamesize,

winsup/cygwin/Makefile.in

@@ -313,6 +313,7 @@ DLL_OFILES:= \
 	flock.o \
 	fnmatch.o \
 	fork.o \
+	forkable.o \
 	fts.o \
 	ftw.o \
 	getentropy.o \

winsup/cygwin/dll_init.cc

@@ -300,6 +300,7 @@ dll_list::alloc (HINSTANCE h, per_process *p, dll_type type)
   PWCHAR ntname = nt_max_path_buf ();
   GetModuleFileNameW (h, ntname, NT_MAX_PATH);
   PWCHAR modname = form_ntname (ntname, NT_MAX_PATH, ntname);
+  DWORD ntnamelen = modname - ntname;
   while (modname > ntname && *(modname - 1) != L'\\')
     --modname;
 
@@ -334,6 +335,12 @@ dll_list::alloc (HINSTANCE h, per_process *p, dll_type type)
     }
   else
     {
+      size_t forkntsize = forkable_ntnamesize (type, ntname, modname);
+
+      /* FIXME: Change this to new at some point. */
+      d = (dll *) cmalloc (HEAP_2_DLL, sizeof (*d)
+			   + ((ntnamelen + forkntsize) * sizeof (*ntname)));
+
       /* Now we've allocated a block of information.  Fill it in with the
 	 supplied info about this DLL. */
       wcscpy (d->ntname, ntname);
@@ -348,6 +355,15 @@ dll_list::alloc (HINSTANCE h, per_process *p, dll_type type)
       d->image_size = ((pefile*)h)->optional_hdr ()->SizeOfImage;
       d->preferred_base = (void*) ((pefile*)h)->optional_hdr()->ImageBase;
       d->type = type;
+      d->fbi.FileAttributes = INVALID_FILE_ATTRIBUTES;
+      d->fii.IndexNumber.QuadPart = -1LL;
+      if (!forkntsize)
+	d->forkable_ntname = NULL;
+      else
+	{
+	  d->forkable_ntname = d->ntname + ntnamelen + 1;
+	  *d->forkable_ntname = L'\0';
+	}
       append (d);
       if (type == DLL_LOAD)
 	loaded_dlls++;
@@ -654,6 +670,8 @@ dll_list::reserve_space ()
 void
 dll_list::load_after_fork (HANDLE parent)
 {
+  release_forkables ();
+
   // moved to frok::child for performance reasons:
   // dll_list::reserve_space();
 

winsup/cygwin/dll_init.h

@@ -59,9 +59,15 @@ struct dll
   DWORD image_size;
   void* preferred_base;
   PWCHAR modname;
+  FILE_BASIC_INFORMATION fbi;
+  FILE_INTERNAL_INFORMATION fii;
+  PWCHAR forkable_ntname;
   WCHAR ntname[1]; /* must be the last data member */
+
   void detach ();
   int init ();
+  void nominate_forkable (PCWCHAR);
+  bool create_forkable ();
   void run_dtors ()
   {
     if (has_dtors)
@@ -76,7 +82,32 @@ struct dll
 
 class dll_list
 {
+  /* forkables */
+  enum
+    {
+      forkables_unknown,
+      forkables_impossible,
+      forkables_disabled,
+      forkables_needless,
+      forkables_needed,
+      forkables_created,
+    }
+    forkables_needs;
+  DWORD forkables_dirx_size;
+  PWCHAR forkables_dirx_ntname;
+  PWCHAR forkables_mutex_name;
+  HANDLE forkables_mutex;
   void track_self ();
+  size_t forkable_ntnamesize (dll_type, PCWCHAR fullntname, PCWCHAR modname);
+  void prepare_forkables_nomination ();
+  void update_forkables_needs ();
+  bool update_forkables ();
+  bool create_forkables ();
+  void denominate_forkables ();
+  bool close_mutex ();
+  void try_remove_forkables (PWCHAR dirbuf, size_t dirlen, size_t dirbufsize);
+  void set_forkables_inheritance (bool);
+  void request_forkables ();
 
   dll *end;
   dll *hold;
@@ -85,6 +116,11 @@ class dll_list
   /* Use this buffer under loader lock conditions only. */
   static WCHAR NO_COPY nt_max_path_buffer[NT_MAX_PATH];
 public:
+  static HANDLE ntopenfile (PCWCHAR ntname, NTSTATUS *pstatus = NULL,
+			    ULONG openopts = 0, ACCESS_MASK access = 0,
+			    HANDLE rootDir = NULL);
+  static bool read_fii (HANDLE fh, PFILE_INTERNAL_INFORMATION pfii);
+  static bool read_fbi (HANDLE fh, PFILE_BASIC_INFORMATION pfbi);
   static PWCHAR form_ntname (PWCHAR ntbuf, size_t bufsize, PCWCHAR name);
   static PWCHAR form_shortname (PWCHAR shortbuf, size_t bufsize, PCWCHAR name);
   static PWCHAR nt_max_path_buf ()
@@ -115,6 +151,20 @@ public:
   void topsort_visit (dll* d, bool goto_tail);
   void append (dll* d);
 
+  void release_forkables ();
+  void cleanup_forkables ();
+  bool setup_forkables (bool with_forkables)
+  {
+    if (forkables_needs == forkables_impossible)
+      return true; /* short cut to not retry fork */
+    /* Once used, always use forkables in current process chain. */
+    if (forkables_needs != forkables_unknown)
+      with_forkables = true;
+    if (with_forkables)
+      request_forkables ();
+    return with_forkables;
+  }
+
   dll *inext ()
   {
     while ((hold = hold->next))

winsup/cygwin/fork.cc

@@ -30,8 +30,13 @@ details. */
 /* FIXME: Once things stabilize, bump up to a few minutes.  */
 #define FORK_WAIT_TIMEOUT (300 * 1000)     /* 300 seconds */
 
+static int dofork (bool *with_forkables);
 class frok
 {
+  frok (bool *forkables)
+    : with_forkables (forkables)
+  {}
+  bool *with_forkables;
   bool load_dlls;
   child_info_fork ch;
   const char *errmsg;
@@ -41,7 +46,7 @@ class frok
   int __stdcall parent (volatile char * volatile here);
   int __stdcall child (volatile char * volatile here);
   bool error (const char *fmt, ...);
-  friend int fork ();
+  friend int dofork (bool *with_forkables);
 };
 
 static void
@@ -308,6 +313,8 @@ frok::parent (volatile char * volatile stack_here)
   ch.refresh_cygheap ();
   ch.prefork ();	/* set up process tracking pipes. */
 
+  *with_forkables = dlls.setup_forkables (*with_forkables);
+
   while (1)
     {
       PCWCHAR forking_progname = NULL;
@@ -344,6 +351,7 @@ frok::parent (volatile char * volatile stack_here)
 	{
 	  this_errno = geterrno_from_win_error ();
 	  error ("CreateProcessW failed for '%W'", myself->progname);
+	  dlls.release_forkables ();
 	  memset (&pi, 0, sizeof (pi));
 	  goto cleanup;
 	}
@@ -357,6 +365,8 @@ frok::parent (volatile char * volatile stack_here)
       CloseHandle (pi.hThread);
       hchild = pi.hProcess;
 
+      dlls.release_forkables ();
+
       /* Protect the handle but name it similarly to the way it will
 	 be called in subproc handling. */
       ProtectHandle1 (hchild, childhProc);
@@ -529,7 +539,14 @@ cleanup:
 extern "C" int
 fork ()
 {
-  frok grouped;
+  bool with_forkables = true;
+  return dofork (&with_forkables);
+}
+
+static int
+dofork (bool *with_forkables)
+{
+  frok grouped (with_forkables);
 
   debug_printf ("entering");
   grouped.load_dlls = 0;

winsup/cygwin/pinfo.cc

@@ -25,6 +25,7 @@ details. */
 #include "cygtls.h"
 #include "tls_pbuf.h"
 #include "child_info.h"
+#include "dll_init.h"
 
 class pinfo_basic: public _pinfo
 {
@@ -216,6 +217,8 @@ pinfo::exit (DWORD n)
   int exitcode = self->exitcode & 0xffff;
   if (!self->cygstarted)
     exitcode = ((exitcode & 0xff) << 8) | ((exitcode >> 8) & 0xff);
+  sigproc_printf ("Calling dlls.cleanup_forkables n %y, exitcode %y", n, exitcode);
+  dlls.cleanup_forkables ();
   sigproc_printf ("Calling ExitProcess n %y, exitcode %y", n, exitcode);
   if (!TerminateProcess (GetCurrentProcess (), exitcode))
     system_printf ("TerminateProcess failed, %E");

winsup/cygwin/syscalls.cc

@@ -670,8 +670,8 @@ check_dir_not_empty (HANDLE dir, path_conv &pc)
   return STATUS_SUCCESS;
 }
 
-NTSTATUS
+static NTSTATUS
-unlink_nt (path_conv &pc)
+_unlink_nt (path_conv &pc, bool shareable)
 {
   NTSTATUS status;
   HANDLE fh, fh_ro = NULL;
@@ -797,6 +797,9 @@ retry_open:
      bin so that it actually disappears from its directory even though its
      in use.  Otherwise, if opening doesn't fail, the file is not in use and
      we can go straight to setting the delete disposition flag.
+     However, while we have the file open with FILE_SHARE_DELETE, using
+     this file via another hardlink for anything other than DELETE by
+     concurrent processes fails. The 'shareable' argument is to prevent this.
 
      NOTE: The missing sharing modes FILE_SHARE_READ and FILE_SHARE_WRITE do
 	   NOT result in a STATUS_SHARING_VIOLATION, if another handle is
@@ -806,6 +809,9 @@ retry_open:
 	   will succeed.  So, apparently there is no reliable way to find out
 	   if a file is already open elsewhere for other purposes than
 	   reading and writing data.  */
+  if (shareable)
+    status = STATUS_SHARING_VIOLATION;
+  else
     status = NtOpenFile (&fh, access, &attr, &io, FILE_SHARE_DELETE, flags);
   /* STATUS_SHARING_VIOLATION is what we expect. STATUS_LOCK_NOT_GRANTED can
      be generated under not quite clear circumstances when trying to open a
@@ -1056,6 +1062,18 @@ out:
   return status;
 }
 
+NTSTATUS
+unlink_nt (path_conv &pc)
+{
+  return _unlink_nt (pc, false);
+}
+
+NTSTATUS
+unlink_nt_shareable (path_conv &pc)
+{
+  return _unlink_nt (pc, true);
+}
+
 extern "C" int
 unlink (const char *ourname)
 {