Commit Graph

138 Commits

Author SHA1 Message Date
Jim Warner
50ae55ef10 library: avoid problems involving 'supgid' mishandling
Following that patch referenced below, the top SUPGRPS
field would produce a segmentation fault and ps SUPGRP
would often show "(null)". Such problems resulted from
some faulty logic in the status2proc() routine dealing
with 'Groups' (supgid) which served as a source field.

For many processes the original code produced an empty
string which prevented conversion to the expected "-".
Moreover, prior to release 3.3.15 such an empty string
will become 0 after strtol() which pwcache_get_group()
translates to 'root' yielding very misleading results.

So, now we'll check for empty '/proc/#/status/Groups:'
fields & consistently provide a "-" value for callers.

[ we'll also protect against future problems in that ]
[ new qualys logic by always ensuring valid 'supgrp' ]
[ pointers - logic which revealed our original flaw! ]

Reference(s):
. original qualys patch
0071-proc-readproc.c-Harden-supgrps_from_supgids.patch

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:20 +10:00
Jim Warner
80e210d38e library: refactor #define FALSE_THREADS dependent code
This refactor was done in response to the Qualys patch
referenced below, which deals with some 'readeither()'
flaws under the master branch. Under our newlib branch
those flaws mostly disappear since the function is now
private. But without a redesign the #define is broken.

When the #define FALSE_THREADS is active, some special
strings showing "[ duplicate ENUM ]" will appear under
each child thread. Note that the real reason for those
appearing isn't being exercised, only their mechanics.

In reality, they only show when a user duplicates such
enums in a results stack & only 1 instance can own it.

Reference(s):
. original qualys patch
0084-proc-readproc.c-Work-around-a-design-flaw-in-readeit.patch
. QUICK_THREADS became FALSE_THREADS
commit c546d9dd44

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:20 +10:00
Jim Warner
e051535686 library: adapt for increased (cmd) program name length
In the new library 'cmd' is dynamically allocated just
like 'cmdline'. This will align us with the ref below.

Reference(s):
. master branch increase to 64
commit 2cfdbbe897

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:20 +10:00
Qualys Security Advisory
48d118b81b 0084-proc/readproc.c: Work around a design flaw in readeither().
readeither() caches (in new_p) a pointer to the proc_t of a task-group
leader, but readeither()'s callers can do pretty much anything with the
proc_t structure passed to and/or returned by this function. For
example, they can 1/ free it or 2/ recycle it (by passing it to
readeither() as x).

1/ leads to a use-after-free, and 2/ leads to unexpected behavior when
taskreader()/simple_readtask() is called with new_p equal to x (this is
not a theoretical flaw: 2/ happens in readproctab3() when want_task()
returns false and p is a group leader).

As a workaround, we keep a copy of new_p's first member (tid) in static
storage, and the next times we enter readeither() we check this "canary"
against the tid in new_p: if they differ, we reset new_p to NULL, which
forces the allocation of a new proc_t (the new "leader", or reference).

This always detects 2/ (because free_acquired(x,1) memsets x and hence
new_p); always detects 1/ if freed via free_acquired() and/or freeproc()
(very likely, otherwise memory may be leaked); probably detects 1/ even
if freed directly via free() (because the canary is the first member of
proc_t, likely to be overwritten by free()); but can not detect 1/ if
free() does not write to new_p's chunk at all.

Moreover, accessing new_p->tid to check the canary in case 1/ is itself
a use-after-free, so a better long-term solution should be implemented
at some point (we wanted to avoid intrusive and backward-incompatible
changes in this library function, hence this imperfect workaround).

---------------------------- adapted for newlib branch
. adapted via 'patch' (rejected due to 'xcalloc' ref)
. with loss of both readproctab functions, most no longer true

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
b9a9fd4c74 0082-proc/readproc.c: Fix double-free()s in readtask().
If QUICK_THREADS is not defined (it is not by default, but most
distributions enable it) and task_dir_missing is true (only on very old
kernels), then readtask() forgets to reset some of the struct proc_t t's
members, which later results in double-free()s in free_acquired().

For now, we simply synchronized the list of members to be reset with the
list of members freed in free_acquired().

---------------------------- adapted for newlib branch
. now 'cmd' is also dynamic
. just synchronized with those freed in free_acquired
. QUICK_THREADS is now FALSE_THREADS, serving different purpose
. entire patch will be effectively reverted with upcoming refactor

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
990ea89ae9 0080-proc/readproc.c: Harden openproc().
Replace xmalloc() with xcalloc().

---------------------------- adapted for newlib branch
. trade xcalloc() for calloc()
. thus we must account for potential ENOMEM

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
c03e52786d 0078-proc/readproc.c: Harden simple_nextpid().
Replace memcpy+strcpy with snprintf.

---------------------------- adapted for newlib branch
. adapted via 'patch' (without rejections)

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
ed463c7d88 0077-proc/readproc.c: Harden fill_cgroup_cvt().
Check the return value of snprintf(), otherwise dst may point
out-of-bounds when it reaches the end of the dst_buffer (the snprintf()
always returns 1 in that case, even if there is not enough space left),
and vMAX becomes negative and is passed to snprintf() as a size_t.

---------------------------- adapted for newlib branch
. adapted via 'patch (without rejections)

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
d9c0a3e36f 0075-proc/readproc.c: Harden read_unvectored().
1/ Prevent an out-of-bounds write if sz is 0.

2/ Limit sz to INT_MAX, because the return value is an int, not an
unsigned int (and because if INT_MAX is equal to SSIZE_MAX, man 2 read
says "If count is greater than SSIZE_MAX, the result is unspecified.")

3/ Always null-terminate dst (unless sz is 0), because a return value of
0 because of an open() error (for example) is indistinguishable from a
return value of 0 because of an empty file.

4/ Use an unsigned int for i (just like n), not an int.

5/ Check for snprintf() truncation.

---------------------------- adapted for newlib branch
. adapted via 'patch (without rejections)

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
86d3d37406 0074-proc/readproc.c: Fix bugs and overflows in file2strvec().
Note: this is by far the most important and complex patch of the whole
series, please review it carefully; thank you very much!

For this patch, we decided to keep the original function's design and
skeleton, to avoid regressions and behavior changes, while fixing the
various bugs and overflows. And like the "Harden file2str()" patch, this
patch does not fail when about to overflow, but truncates instead: there
is information available about this process, so return it to the caller;
also, we used INT_MAX as a limit, but a lower limit could be used.

The easy changes:

- Replace sprintf() with snprintf() (and check for truncation).

- Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and
  do break instead of return: it simplifies the code (only one place to
  handle errors), and also guarantees that in the while loop either n or
  tot is > 0 (or both), even if n is reset to 0 when about to overflow.

- Remove the "if (n < 0)" block in the while loop: it is (and was) dead
  code, since we enter the while loop only if n >= 0.

- Rewrite the missing-null-terminator detection: in the original
  function, if the size of the file is a multiple of 2047, a null-
  terminator is appended even if the file is already null-terminated.

- Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)":
  originally, it was equivalent to "if (n < 0)", but we added "tot <= 0"
  to handle the first break of the while loop, and to guarantee that in
  the rest of the function tot is > 0.

- Double-force ("belt and suspenders") the null-termination of rbuf:
  this is (and was) essential to the correctness of the function.

- Replace the final "while" loop with a "for" loop that behaves just
  like the preceding "for" loop: in the original function, this would
  lead to unexpected results (for example, if rbuf is |\0|A|\0|, this
  would return the array {"",NULL} but should return {"","A",NULL}; and
  if rbuf is |A|\0|B| (should never happen because rbuf should be null-
  terminated), this would make room for two pointers in ret, but would
  write three pointers to ret).

The hard changes:

- Prevent the integer overflow of tot in the while loop, but unlike
  file2str(), file2strvec() cannot let tot grow until it almost reaches
  INT_MAX, because it needs more space for the pointers: this is why we
  introduced ARG_LEN, which also guarantees that we can add "align" and
  a few sizeof(char*)s to tot without overflowing.

- Prevent the integer overflow of "tot + c + align": when INT_MAX is
  (almost) reached, we write the maximal safe amount of pointers to ret
  (ARG_LEN guarantees that there is always space for *ret = rbuf and the
  NULL terminator).

---------------------------- adapted for newlib branch
. there were many formatting differences
. i introduced several myself (especially comments)
. stdlib 'realloc' used, not that home grown xrealloc
. stdlib 'realloc' required extra 'return NULL' statement

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
0bc48f7af7 0073-proc/readproc.c: Harden file2str().
1/ Replace sprintf() with snprintf() (and check for truncation).

2/ Prevent an integer overflow of ub->siz. The "tot_read--" is needed to
avoid an off-by-one overflow in "ub->buf[tot_read] = '\0'". It is safe
to decrement tot_read here, because we know that tot_read is equal to
ub->siz (and ub->siz is very large).

We believe that truncation is a better option than failure (implementing
failure instead should be as easy as replacing the "tot_read--" with
"tot_read = 0").

---------------------------- adapted for newlib branch
. no real changes, patch refused due to mem alloc & failure return

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
7c09d76e9b 0072-proc/readproc.c: Harden stat2proc().
1/ Use a "size_t num" instead of an "unsigned num" (also, do not store
the return value of sscanf() into num, it was unused anyway).

2/ Check the return value of strchr() and strrchr().

3/ Never jump over the terminating null byte with "S = tmp + 2".

---------------------------- adapted for newlib branch
. newlib doesn't use that 'unlikely' crap
. the cmd field is now also dynamic (like cmdline)
. thus we must account for potential ENOMEM

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
ec0cb25af6 0071-proc/readproc.c: Harden supgrps_from_supgids().
1/ Prevent an integer overflow of t.

2/ Avoid an infinite loop if s contains characters other than comma,
spaces, +, -, and digits.

3/ Handle all possible return values of snprintf().

---------------------------- adapted for newlib branch
. we can't use xrealloc(), so we use realloc() instead
. and must account for a mem failure via a return of 1

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
807498f899 0070-proc/readproc.c: Harden status2proc().
1/ Do not read past the terminating null byte when hashing the name.

2/ S[x] is used as an index, but S is "char *S" (signed) and hence may
index the array out-of-bounds. Bit-mask S[x] with 127 (the array has 128
entries).

3/ Use a size_t for j, not an int (strlen() returns a size_t).

Notes:

- These are (mostly) theoretical problems, because the contents of
  /proc/PID/status are (mostly) trusted.

- The "name" member of the status_table_struct has 8 bytes, and
  "RssShmem" occupies exactly 8 bytes, which means that "name" is not
  null-terminated. This is fine right now, because status2proc() uses
  memcmp(), not strcmp(), but it is worth mentioning.

---------------------------- adapted for newlib branch
. newlib doesn't use that 'unlikely' crap
. newlib also had a '#ifdef FALSE_THREADS'

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
0753b86931 0069-proc/readproc.c: Fix the unhex() function.
This function is unused (SIGNAL_STRING is defined by default, and if it
is not, procps does not compile -- for example, there is no "outbuf" in
help_pr_sig()) but fix it anyway. There are two bugs:

- it accepts non-hexadecimal characters (anything >= 0x30);

- "(c - (c>0x57) ? 0x57 : 0x30)" is always equal to 0x57.

---------------------------- adapted for newlib branch
. newlib doesn't use that 'unlikely' crap

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Jim Warner
f341bd4632 library: expanded to provide for the UID used at login
This patch represents the newlib implementation of Jan
Rybar's merge request referenced below. It essentially
moves that code out of the ps program and into our new
library where it's available via the <pids> interface.

Reference(s):
https://gitlab.com/procps-ng/procps/merge_requests/57
https://bugzilla.redhat.com/show_bug.cgi?id=1518986

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-02-19 20:33:59 +11:00
Craig Small
a935a65b77 library: Explicit about task ID string length
This removes the following error by stating the task ID can only be 10
characters wide, as it is an integer.

proc/readproc.c: In function ‘simple_nexttid’:
proc/readproc.c:1185:46: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 41 and 51 [-Wformat-truncation=]
   snprintf(path, PROCPATHLEN, "/proc/%d/task/%s", p->tgid, ent->d_name);
                                              ^~
proc/readproc.c:1185:3: note: ‘snprintf’ output between 14 and 279 bytes into a destination of size 64
   snprintf(path, PROCPATHLEN, "/proc/%d/task/%s", p->tgid, ent->d_name);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2017-12-20 21:37:01 +11:00
Jim Warner
18e684d65d library: eliminate all dependencies on alloc.h/alloc.c
While that old master branch library may utilize those
memory allocation functions found in the alloc module,
it was inappropriate for this newlib branch to subject
callers to a stderr message followed by an early exit.

Of course, the old libprocps offered a message handler
override provision (xalloc_err_handler) but that, too,
would seem to be inappropriate for our modern library.

[ remember the battles fought with that damn libnuma ]

So, this commit will tweak those old inherited sources
setting the stage for standardized return values/errno
settings in connection with a memory allocation error.

------------------------------------------------------
Along the way, we'll address the following miscellany:

. Completely eliminate usage of anything from alloc.h.
This, of course, entails our own error checking of the
alternative allocation calls from stdlib.h & string.h.

. Eliminate use of the strdup function where possible,
as with 'procps_uptime' and 'procps_loadavg' routines.

. Whack some obsolete code (getslabinfo) in sysinfo.c.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2017-12-20 21:18:53 +11:00
Jim Warner
876aff8584 library: correct the #define FALSE_THREADS, <PIDS> api
Awhile back, that former QUICK_THREADS #define evolved
into the development (only) FALSE_THREADS which can be
used to ensure a 'duplicate ENUM' convention is output
when certain string fields can't be easily duplicated.

Unfortunately, that original implementation was marred
with zeros being displayed for /proc/$$/meminfo fields
in all the child threads for a multi-threaded process.

So this commit corrects that zero memory field buglet.

Reference(s):
. QUICK_THREADS becomes FALSE_THREADS
commit c546d9dd44

Signed-off-by: Jim Warner <james.warner@comcast.net>
2017-07-04 20:40:53 +10:00
Jim Warner
618a813baa misc: eliminate all those remaining gcc -Wall warnings
Reference(s):
proc/readproc.c: In function 'statm2proc'
proc/readproc.c:600:9: warning: variable 'num' set but not used [-Wunused-but-set-variable]

proc/stat.c: In function 'stat_derive_unique':
proc/stat.c:429:1: warning: no return statement in function returning non-void [-Wreturn-type]

ps/parser.c: In function 'arg_type':
ps/parser.c:1098:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
ps/parser.c:1099:34: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'

lib/signals.c: In function 'strtosig':
lib/signals.c:243:9: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
lib/signals.c:245:13: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'

slabtop.c: In function 'print_summary':
slabtop.c:223:29: warning: unused variable 'stats' [-Wunused-variable]

watch.c: In function 'process_ansi':
watch.c:232:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
watch.c:235:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'

Signed-off-by: Jim Warner <james.warner@comcast.net>
2017-05-22 21:38:10 +10:00
Jim Warner
c4aa6c0ab4 library: normalize & minimize result types, <PIDS> api
This commit attempts to minimize the variety of types
currently used. Plus, the following were also changed:

. the MEM fields were switched to parallel the VM guys
. PIDS_MEM_VIRT -> PIDS_MEM_VIRT_PGS
. PIDS_MEM_VIRT_KIB -> PIDS_MEM_VIRT

. made NICE 's_int' so that it then parallels PRIORITY

. change RTPRIO & SCHED_CLASS from 'ul_int' to 's_int'

. removed Item_table 'oldflags' for an obsoleted field
. PIDS_WCHAN_ADDR

. added calculations like TICS_ALL_C for the following
. PIDS_TICS_USER_C
. PIDS_TICS_SYSTEM_C

. these three new 'TICS' fields have been incorporated
. PIDS_TICS_BLKIO - jiffies spent in block i/o
. PIDS_TICS_GUEST - jiffies spent as a guest
. PIDS_TICS_GUEST_C - as above, includes dead children

. that PIDS_TICS_DELTA was renamed PIDS_TICS_ALL_DELTA
( so it did not hide between TICS_BLKIO & TICS_GUEST )
( and to make clearer what's included: utime + stime )

. eliminated 'sl_int' entirely from that result struct

[ often, the <pids> module changes necessitated that ]
[ readproc header and source files had to change too ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-08-01 20:09:18 +10:00
Jim Warner
01beb85f7d misc: replace any remaining tab characters in readproc 2016-08-01 20:09:18 +10:00
Jim Warner
c546d9dd44 library: recycle the QUICK_THREADS #define, <PIDS> api
That #define QUICK_THREADS was impossible to implement
under the new <pids> interface. Plus it was also found
to distort some thread information (referenced below).

So, it's always been inactive under the newlib branch.

However, it will (with small changes) still serve some
useful purpose in our library. Now, when the redefined
FALSE_THREADS is active, those special strings showing
"[ duplicate ENUM ]" will appear for any child thread.

Note: the real reason for such strings appearing isn't
being exercised, only their mechanics. In actual usage
they are substituted when a user duplicates such items
in a results stack & only the 1st instance can own it.

With this patch, we are simply fooling the <pids> code
into thinking an item was duplicated via a NULL value.

Reference(s):
. from master branch
commit 25a6ecdbfb

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-07-17 08:49:48 +10:00
Jim Warner
8cd1214aac library: stop treating lxcname differently, <PIDS> api
Unlike other cached string fields (such as USER name),
that lxcname field was defined as 'const char *'. This
required a custom 'set' function using a cast in order
to avoid a compiler warning regarding that assignment.

So this commit brings lxcname into line with all those
other cached string fields. And while we're at it, the
reason some string fields have no 'freefunc' will also
be explained with some new comments in the Item_table.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-07-02 16:33:01 +10:00
Craig Small
5a244c1095 library: rename clashing pwcache functions
On MacOS the system already has user_from_uid and group_from_gid.
These are renamed pwcache_get_user and pwcache_get_group.

They were also exported but did not appear in the symbol file
or used by any of the procps binaries. They are no longer exported.

References:
 https://gitlab.com/procps-ng/procps/issues/34

Signed-off-by: Craig Small <csmall@enc.com.au>
2016-06-18 08:17:45 +10:00
Jim Warner
09503dc597 library: eliminated a final potential NULL, <PIDS> api
In that reference below a specific systemd problem was
fixed in the commit shown. However lurking deep within
the <pids> interface was yet one final case where NULL
could be returned, involving 'strv' and the following:

. a user requested both a single string vector (always
returned as a normal string) & the vectorized version,
as with PROCPS_PIDS_CMDLINE and PROCPS_PIDS_CMDLINE_V.

. a user simply duplicated some vectorized enum items.

The root of that NULL problem is the fact those single
string vectors shared the same proc_t field with their
true vectorized version. So while multiple occurrences
for most strings could be satisfied with strdup versus
the normal ownership usurpation, those true vectorized
fields could not be quite so easily copied/duplicated.

Thus newlib chose to return a NULL result.strv pointer
under either of the above scenarios (which perhaps was
just a user boo-boo in the first place). In any event,
the NULL was a potential for true string vectors only.

Now, since newlib is the sole caller into the readproc
module, separate fields have been created for what are
just normal strings (never vectorized) and those which
remain the true vectorized versions. And, former flags
which only worked if combined, now act as stand alone.

Thus, both PROCPS_PIDS_CMDLINE & PROCPS_PIDS_CMDLINE_V
can be used simultaneously (as they should have been).

Also with this patch, items which a user duplicates in
the stack (beyond the first such item) will return the
the string "[ duplicate ENUM_ID ]". This practice will
apply to both single strings and true vectorized ones.
In addition to informing users of their error, it will
also mean potential NULLs need now never be a concern.

Reference(s);
http://www.freelists.org/post/procps/systemd-binary-vs-library
commit 0580a7b4c6

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-05-22 21:59:18 +10:00
Craig Small
8d7945fd0c library: move QUICK_THREADS hack before return
Minor complaint where a line to stop GCC from complaining occured
after the return.
2016-05-17 21:56:21 +10:00
Jim Warner
0580a7b4c6 library: avoid any --with-systemd conflict, <PIDS> api
A potential conflict arises should should some program
attempt to access systemd data using our library built
without that support (--disable-systemd). And while we
could argue that all callers should check against NULL
string pointers, it's not expected of libprocps users.

So we'll guarantee 'em valid string consisting of "?".

Reference(s):
http://www.freelists.org/post/procps/systemd-binary-vs-library

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-05-16 21:36:54 +10:00
Jim Warner
540342620b library: try to minimize the results types, <PIDS> api
This is just beginning an effort to minimize/normalize
the sheer variety of results types in use for our API.

In taking these first baby steps, a few anomalies were
found. There'll no doubt be many more yet to discover.

. the _FLT_ (fault) fields were already signed long in
the proc_t (even though their sscanf format used %lu).

. although strtoul will alway return an unsigned long,
all of the _VM_ fields were made signed long just like
other memory fields (& signed sorts more efficiently).

Reference(s):
http://www.freelists.org/post/procps/newlib-drip-drip,4

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-05-16 19:58:20 +10:00
Craig Small
f85d9a2b95 library: Remove dead branch in file2strvec
A while loop used n >=0
A branch inside the loop had a test for n<0
That's never going to happen!
So the branch must go. There is similiar code outside
the branch. Yes, I miss pythons while else here.

Also cleaned up the ***-awful indentation this function had.
No wonder that branch lived for so long there.

References:
 Coverity #99119

Signed-off-by: Craig Small <csmall@dropbear.xyz>
2016-05-14 22:43:19 +10:00
Jim Warner
81e0f15ac3 library: remove remaining 'likely' & 'unlikely' macros
Say goodbye to the 'makes it hard to read' macro shit.

Reference(s):
http://www.freelists.org/post/procps/me-too-newlib,4

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-04-18 19:29:41 +10:00
Craig Small
887bb51016 library: cleanup of readproc functions
readproc still had some of the old API hanging around that
was good while we were trying it out, but its time to say
goodbye:

readproc.h removed from public procps.h header file
enum ns_type - not used - removed
get_ns_name() - not defined - removed
get_ns_id() - not defined - removed
PROCTAB proc_t only used internal to library
readproctab() and 2,3 friends not used - removed
proc_data_t was used by readproctab23() - removed
readtask() - not used - removed
read_cmdline() - copy,renamed and made generic - remove original
freeproc() - not used - removed
get_proc_status - not used - removed, however there should be
a new function created that does this. Given a PID return data
about it instead of scanning the entire procfs. Maybe it already does.

Left as internal-to-library only functions:
 readproc(), readeither(), look_up_our_self(), openproc(), closeproc()

Updated libprocps.sym to export only what we use.
2016-04-17 14:14:27 +10:00
Jim Warner
67bf272f5d library: trade a deprecated oomem field for proper one
Now that the conditional OOMEM_ENABLE has been removed
and, after reviewing current library support, it turns
out we've been using a deprecated /proc/<pid>/oom_adj.

What we should use instead is that more recent tunable
/proc/<pid>/oom_score_adj. This new field will provide
a range of -1000 thru +1000 (former was -17 thru +15).

Reference(s):
. removal of misguided OOMEM_ENABLE
commit 64238730fa
. linux, partial oom_adj revert (Nov, 2012)
commit fa0cbbf145aabbf29c6f28f8a11935c0b0fd86fc
. linux, removal oom_adj (Oct, 2012)
commit 01dc52ebdf472f77cca623ca693ca24cfc0f1bbe

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-04-17 09:12:02 +10:00
Craig Small
ccb6ae8de1 library: cleanup of library includes
The includes used to define a lot of things a library include
should not. It was also a bit messy what was exposed in the library
and what was not.

get_pid_digits -> procps_pid_length and exported correctly

MALLOC attribute move into relevant .c files
NORETURN attribute moved to relevant .c, not used in library
PURE attribute removed, it wasn't used
KLONG/KLF/STRTOUKL were fixed for long, so now just use long

HIDDEN attribute removed. It was for 3 functions. The PROCPS_EXPORT
seems to do the same (opposite) thing.

likely/unlikely removed from most places, its highly debateable
this does anything useful as CPUs have gotten smarter about branches.

Re-arranged the includes, ALL external programs should just #include
<proc/procps.h> then proc/procps.h includes headers for files that
have exported functions. procps.h and the headers it includes should
not use items that are not exportable (e.g. hidden functions or
macros) they go in procps-private.h
2016-04-16 17:03:57 +10:00
Craig Small
bf97da3059 Replace %Lu with standard %llu
Multiple scanf()s use the GNU-permitted %Lu. This is not supported in
other libraries and isn't to the POSIX specification. The L modifier
is only used for floats in POSIX.

Replacing %Lu with %llu is the same for GNU libc (scanf(3) says as much)
but means other libraries will work fine.

From master commit da715e3

References:
 http://pubs.opengroup.org/onlinepubs/009695399/functions/fscanf.html
2016-04-14 21:21:27 +10:00
Jim Warner
8dc378f6a8 library: exploit linux-4.5 resident memory enhancement
Beginning with linux-4.5, the following new fields are
being added under that /proc/<pid>/status pseudo file:
 . RssAnon - size of resident anonymous memory
 . RssFile - size of resident file mappings
 . RssShmem - size of resident shared memory

This patch just represents the initial library and top
support, sharing a commit message with 2 more patches.

p.s. locked resident memory support was also added but
isn't directly related to the kernel 4.5 enhancements.

Reference(s):
commit 1f8e41d019
Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-04-14 21:03:03 +10:00
Jim Warner
88daa89883 miscellaneous: silence a whole bunch of clang warnings
[ but most definitely not all of them by a long shot ]

Reference(s):
proc/diskstat.c:186:17: warning: unused variable 'is_disk' [-Wunused-variable]
    int retval, is_disk;
                ^
proc/namespace.c:110:1: warning: control may reach end of non-void function [-Wreturn-type]
}
^
proc/readproc.c:1131:50: warning: address of array 'ent->d_name' will always evaluate to 'true' [-Wpointer-bo
    if(unlikely(unlikely(!ent) || unlikely(!ent->d_name))) return 0;
                                           ~~~~~~^~~~~~
proc/readproc.c:1158:50: warning: address of array 'ent->d_name' will always evaluate to 'true' [-Wpointer-bo
    if(unlikely(unlikely(!ent) || unlikely(!ent->d_name))) return 0;
                                           ~~~~~~^~~~~~
proc/sysinfo.c:45:12: warning: unused variable 'stat_fd' [-Wunused-variable]
static int stat_fd = -1;
           ^
proc/sysinfo.c:49:12: warning: unused variable 'meminfo_fd' [-Wunused-variable]
static int meminfo_fd = -1;
           ^
proc/sysinfo.c:51:12: warning: unused variable 'vminfo_fd' [-Wunused-variable]
static int vminfo_fd = -1;
           ^
proc/sysinfo.c:53:12: warning: unused variable 'vm_min_free_fd' [-Wunused-variable]
static int vm_min_free_fd = -1;
           ^
proc/uptime.c:157:12: warning: unused variable 'realseconds' [-Wunused-variable]
    time_t realseconds;
           ^
proc/uptime.c:158:16: warning: unused variable 'realtime' [-Wunused-variable]
    struct tm *realtime;
               ^
vmstat.c:574:20: warning: format specifies type 'unsigned int' but the argument has type 'unsigned long' [-Wformat]
                   DSTAT(PROCPS_DISKSTAT_READ_TIME),
                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
vmstat.c:578:20: warning: format specifies type 'unsigned int' but the argument has type 'unsigned long' [-Wformat]
                   DSTAT(PROCPS_DISKSTAT_WRITE_TIME),
                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
watch.c:230:7: warning: variable 'endptr' is uninitialized when used here [-Wuninitialized]
        if (*endptr == '\0') set_ansi_attribute(0); /* [m treated as [0m */
             ^~~~~~

Signed-off-by: Jim Warner <james.warner@comcast.net>
2015-09-21 22:34:27 +10:00
Jim Warner
5e46a145ba library: ensure any 'flags' is consistently 'unsigned'
This commit is an outgrowth of the research into a bug
that recently surfaced with the 'w' program. And while
that program was just a victim several inconsistencies
were found in the handling of library flags during the
research. This patch just address such irregularities.

Reference(s):
http://www.freelists.org/post/procps/newlib-at-the-precipice,4

Signed-off-by: Jim Warner <james.warner@comcast.net>
2015-09-07 18:11:48 +10:00
Craig Small
a61f78d6e0 library: rework namespace calls
Functions related to namespaces were half-in half-out of the
procps library and didn't fit the standard naming scheme.

While struct { long ns[x]} is a bit clunky, its the only way
to "lock in" x. The alternative is to use ns_* variables.

This work was needed before pgrep could be converted.
2015-09-03 22:32:19 +10:00
Jim Warner
e949b78c30 library: revert changes to 'look_up_our_self' function
The patch below is where most proc_t fixed size arrays
became simple pointers to char. In that commit changes
to the above function were made so that dynamic memory
was freed which included the program name (cmd) field.

That change was prompted by a valgrind reported memory
leak during development that no longer seems to exist.
However, by keeping the look_up_our_self() changes the
ps command without args then fails to report anything.

So this patch just restores the expected old behavior.

Reference(s):
commit 3881a0844a

Signed-off-by: Jim Warner <james.warner@comcast.net>
2015-08-26 22:42:02 +10:00
Jim Warner
64238730fa build, library & top: make OOMEM options unconditional
It was probably always wrong to have a variable length
proc_t structure. This patch takes all remaining oomem
former suse only options and makes them unconditional.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2015-08-23 21:08:18 +10:00
Jim Warner
3881a0844a old library: just some tweaks for transition to newlib
A few minor changes are being made to position the old
readproc logic for a transition to the newlib pid api.

These changes will not impact current users beyond the
the need to recompile such code. Hopefully this should
be very last version change to the deprecated library.

. most char arrays were replaced via char * to dynamic
memory. this was done so that newlib could just assume
ownership of such strings without using a strdup call.

. former user and group name arrays also became char *
but here the reason was because pwcache already cached
those names. so, copying to an array never made sense.

. the concept of QUICK_THREADS used to avoid duplicate
overhead for string data was disabled. it could not be
integrated with the newlib design, at least initially.

. any #define which influenced the size of that proc_t
was disable in the header. it was probably a poor idea
to approach optional features in such a manner anyway.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2015-08-23 21:05:06 +10:00
Jim Warner
0557504f9c library: add support for displaying LXC container name
This commit adds a lxc container name to every proc_t.
If a process is not running in a container, then a '-'
will be provided, making such a field always sortable.

Unlike other proc_t character pointers, lxc containers
will find many duplicate shared values. So rather than
strdup 'em (with a later free required upon reuse), we
try to keep track of those already seen and share that
address among all tasks running within each container.

We rely on the lines in the task's cgroup subdirectory
which may initially seem somewhat unsophisticated. But
the lxc library itself uses a similar approach when it
is called to list active containers. In that case, the
/proc/net/unix directory is parsed for the '/lxc' eye-
catcher, with potential complications from hashed path
and names that are too long (something we don't face).

[ too bad docker abandoned lxc - our commit won't do ]
[ anything for the users of those kind of containers ]

Reference(s):
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1424253
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/1424253

Signed-off-by: Jim Warner <james.warner@comcast.net>
2015-06-14 15:36:05 +10:00
Fredrik Fornwall
00279d692a Use <dirent.h> instead of <sys/dir.h>
Using <dirent.h> and struct dirent instead of <sys/dir.h> and struct direct
is preferred and works on Android which lacks sys/dir.h.

See:
http://pubs.opengroup.org/onlinepubs/009695399/basedefs/dirent.h.html
2014-08-26 16:01:57 +02:00
Jim Warner
9d8ad6419f library: generalize then add former 'ps' systemd logic
Signed-off-by: Jim Warner <james.warner@comcast.net>
2014-07-17 13:31:06 +02:00
Jaromir Capik
ae9676a337 library: skip replacement of trailing '\0' in read_unvectored()
Under some circumstances the ksh shell doesn't fork new processes
when executing scripts and the script is interpreted by the
parent process. That makes the execution faster, but it means
ksh needs to reuse the /proc/PID/cmdline for the new script name
and arguments while the file length needs to stay untouched.
The fork is skipped only when the new cmdline is shorter than
the parent's cmdline and the rest of the file is filled
with '\0'. This is perfectly ok until we try to read the cmdline
of such process. As the read_unvectored() function replaces
all zeros with chosen separator, these trailing zeros are replaced
with spaces in case of the ps tool. Consequently it appends
multiple spaces at the end of the arguments string even when these
zeros do not represent any separators and therefore shouldn't
be replaced.
With this commit the read_unvectored() function skips the
replacement of trailing zeros and separates valid content only.

Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1057600
2014-01-24 18:32:20 +01:00
Jim Warner
583cdaca1a library: normalize recently added namespaces interface
While 'invisible' thread subdirectories are accessible
under /proc/ with stat/opendir calls, they have always
been treated as non-existent, as is true with readdir.

This patch trades the /proc/#/ns access convention for
the more proper /proc/#/task/#/ns approach when thread
access is desired. In addition some namespace code has
been simplified and made slightly more efficient given
the calloc nature of proc_t acquisition and its reuse.

Reference(s):
commit a01ee3c0b3

Signed-off-by: Jim Warner <james.warner@comcast.net>
2013-11-25 20:57:32 +11:00
Craig Small
dd6f24dbed Merge commit 'refs/merge-requests/13' of git://gitorious.org/procps/procps into merge-requests/13
Conflicts:
	pgrep.c
	ps/output.c
	ps/ps.1
2013-09-11 21:34:05 +10:00
Jim Warner
95d0136281 library: dynamic buffer management even more efficient
One recent patch to dynamic buffer management involved
over-allocating the buffer increase to lessen calls to
xrealloc. That was successful, but the actual increase
amount did not attempt to optimize size or alignments.

With this commit, we'll copy an approach recently used
by the top program and round up buffer sizes to 1 KiB.
More importantly, while buffers are quickly reaching a
KiB optimum multiple, no memcpy will ever be employed!

To illustrate just how effective top's algorithm would
be, just change the initial and subsequent allocations
from the current 1024 bytes to just a single byte then
add an fprintf.  Those one byte reallocations while on
the way to optimum buffer size will be a one-time cost
and won't represent any recurring performance penalty.

( gosh, that top program *must be* one fart smeller, )
( or was that a smart feller, i can't remember which )

Reference)s):
commit 6d605f521c
commit a45dace4b8

Signed-off-by: Jim Warner <james.warner@comcast.net>
2013-04-24 08:29:22 +10:00
Aristeu Rozanski
a01ee3c0b3 procps: add support for linux namespaces
Each process in Linux has a /proc/<pid>/ns directory which contains
symbolic links to pipes that identify which namespaces that process
belongs to. This patch adds support for ps to display that information
optionally.

Signed-off-by: Aristeu Rozanski <arozansk@redhat.com>
2013-04-16 15:05:21 -04:00