vi(1) broken as unprivileged user

jrtc27 commented 4 years ago

<username>@cheri-fett:~ $ vi
ex/vi: Error: /tmp/vi.MAaMb12thM: Permission denied

Reading/writing to /tmp (and unlinking), even with that file name, does work (though it's not a tmpfs), so I don't know why vi(1) is unhappy. If I edit an existing file then vi(1) opens but when I come to quit it gives a similar error message about a similar file in /tmp, and even :q! isn't enough to suppress that, I had to ^Z and kill it.

jrtc27 commented 4 years ago

Relevant parts of the truss log (full output at the end):

openat(AT_FDCWD,"/tmp/vi.KY5zN91Uvg",O_RDWR|O_CREAT|O_EXCL,010020527140) = 3 (0x3)
fstat(3,{ mode=---sr----- ,inode=20133,size=0,blksize=32768 }) = 0 (0x0)
close(3)                     = 0 (0x0)
...
openat(AT_FDCWD,"/tmp/vi.KY5zN91Uvg",O_RDONLY|O_NONBLOCK|O_CLOEXEC,00) ERR#13 'Permission denied'
...
unlink("/tmp/vi.KY5zN91Uvg")             = 0 (0x0)

Somehow we've ended up with garbage in our mode. I assume we're getting varargs wrong somewhere along the way. Does SYS_open get de-vararg'ed in userspace or are we supposed to be doing that in the kernel? (The latter would surprise me given we only handle SYS_syscall and SYS___syscall for MIPS just like RISC-V...)

Full log:

<username>@cheri-fett:~ $ truss vi
mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_ANON,-1,0x0) = 1075335168 (0x40185000)
mmap(0x0,36864,PROT_READ|PROT_WRITE,MAP_ANON,-1,0x0) = 1075339264 (0x40186000)
issetugid()                  = 0 (0x0)
open("/etc/libmap.conf",O_RDONLY|O_CLOEXEC,00)   = 3 (0x3)
fstat(3,{ mode=-rw-r--r-- ,inode=167,size=47,blksize=32768 }) = 0 (0x0)
read(3,"# $FreeBSD$\nincludedir /usr/loc"...,47) = 47 (0x2f)
close(3)                     = 0 (0x0)
open("/usr/local/etc/libmap.d",O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC,00) ERR#2 'No such file or directory'
open("/var/run/ld-elf.so.hints",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
read(3,"Ehnt\^A\0\0\0\M^@\0\0\0-\0\0\0\0"...,128) = 128 (0x80)
fstat(3,{ mode=-r--r--r-- ,inode=20099,size=173,blksize=32768 }) = 0 (0x0)
pread(3,"/lib:/usr/lib:/usr/lib/compat:/u"...,45,0x80) = 45 (0x2d)
close(3)                     = 0 (0x0)
open("/lib/libutil.so.9",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=948,size=354632,blksize=32768 }) = 0 (0x0)
mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 1075376128 (0x4018f000)
mmap(0x0,114688,PROT_MAX(PROT_READ|PROT_WRITE|PROT_EXEC)|PROT_READ|PROT_WRITE|PROT_EXEC,MAP_GUARD,-1,0x0) = 1075380224 (0x40190000)
mmap(0x40190000,40960,PROT_READ,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x0) = 1075380224 (0x40190000)
mmap(0x4019a000,49152,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x9000) = 1075421184 (0x4019a000)
mmap(0x401a6000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x14000) = 1075470336 (0x401a6000)
mmap(0x401a8000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x15000) = 1075478528 (0x401a8000)
mmap(0x401aa000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON|MAP_CHERI_NOSETBOUNDS,-1,0x0) = 1075486720 (0x401aa000)
munmap(0x4018f000,4096)              = 0 (0x0)
close(3)                     = 0 (0x0)
open("/lib/libncursesw.so.9",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=937,size=2183312,blksize=32768 }) = 0 (0x0)
mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 1075376128 (0x4018f000)
mmap(0x0,540672,PROT_MAX(PROT_READ|PROT_WRITE|PROT_EXEC)|PROT_READ|PROT_WRITE|PROT_EXEC,MAP_GUARD,-1,0x0) = 1075494912 (0x401ac000)
mmap(0x401ac000,225280,PROT_READ,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x0) = 1075494912 (0x401ac000)
mmap(0x401e3000,262144,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x36000) = 1075720192 (0x401e3000)
mmap(0x40223000,28672,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x75000) = 1075982336 (0x40223000)
mmap(0x4022a000,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x7b000) = 1076011008 (0x4022a000)
mmap(0x4022f000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON|MAP_CHERI_NOSETBOUNDS,-1,0x0) = 1076031488 (0x4022f000)
munmap(0x4018f000,4096)              = 0 (0x0)
close(3)                     = 0 (0x0)
open("/lib/libc.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=919,size=12246952,blksize=32768 }) = 0 (0x0)
mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 1075376128 (0x4018f000)
mmap(0x0,6725632,PROT_MAX(PROT_READ|PROT_WRITE|PROT_EXEC)|PROT_READ|PROT_WRITE|PROT_EXEC,MAP_GUARD,-1,0x0) = 1076035584 (0x40230000)
mmap(0x40230000,647168,PROT_READ,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x0) = 1076035584 (0x40230000)
mmap(0x402ce000,1458176,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x9d000) = 1076682752 (0x402ce000)
mmap(0x40433000,61440,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x201000) = 1078145024 (0x40433000)
mmap(0x40442000,114688,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x210000) = 1078206464 (0x40442000)
mmap(0x4045e000,4440064,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON|MAP_CHERI_NOSETBOUNDS,-1,0x0) = 1078321152 (0x4045e000)
munmap(0x4018f000,4096)              = 0 (0x0)
close(3)                     = 0 (0x0)
mmap(0x0,49152,PROT_READ|PROT_WRITE,MAP_ANON,-1,0x0) = 1082761216 (0x4089a000)
mprotect(0x401a6000,8192,PROT_READ)      = 0 (0x0)
mprotect(0x40223000,28672,PROT_READ)         = 0 (0x0)
mmap(0x0,163840,PROT_READ|PROT_WRITE,MAP_ANON,-1,0x0) = 1082810368 (0x408a6000)
mprotect(0x40433000,61440,PROT_READ)         = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2|SIGTHR|SIGLIBRT|34 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0)         = 0 (0x0)
readlink("/etc/malloc.conf",0x3fffcfd70f,1024)   ERR#22 'Invalid argument'
issetugid()                  = 0 (0x0)
__sysctl("vm.overcommit",2,0x3fffcfbc7c,0x3fffcfbc70,0x0,0) = 0 (0x0)
mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(29),-1,0x0) = 1610612736 (0x60000000)
clock_gettime(4,{ 3114.985376121 })      = 0 (0x0)
clock_gettime(4,{ 3115.044230891 })      = 0 (0x0)
clock_gettime(4,{ 3115.061469221 })      = 0 (0x0)
mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) = 1082974208 (0x408ce000)
mmap(0x0,6291456,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(29),-1,0x0) = 2147483648 (0x80000000)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2|SIGTHR|SIGLIBRT|34 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0)         = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2|SIGTHR|SIGLIBRT|34 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0)         = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2|SIGTHR|SIGLIBRT|34 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0)         = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2|SIGTHR|SIGLIBRT|34 },{ }) = 0 (0x0)
mprotect(0x17d000,32768,PROT_READ)       = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0)         = 0 (0x0)
ioctl(0,TIOCGETA,0x3fffcffea0)           = 0 (0x0)
ioctl(0,TIOCGETA,0x408fa134)             = 0 (0x0)
ioctl(1,TIOCGETA,0x3fffcffa10)           = 0 (0x0)
issetugid()                  = 0 (0x0)
openat(AT_FDCWD,"/home/<username>/.termcap.db",O_RDONLY|O_CLOEXEC,00) ERR#2 'No such file or directory'
openat(AT_FDCWD,"/home/<username>/.termcap",O_RDONLY|O_CLOEXEC,00) ERR#2 'No such file or directory'
openat(AT_FDCWD,"/usr/share/misc/termcap.db",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=13011,size=1343488,blksize=32768 }) = 0 (0x0)
read(3,"\0\^F\^Ua\0\0\0\^B\0\0\^D\M-R\0"...,260) = 260 (0x104)
pread(3,"\^\\0\M^_\^Ox\^N%\^N\M-r\v\M-n\v"...,4096,0x75000) = 4096 (0x1000)
pread(3,"*\0\M-{\^O\M-_\^O\M-D\^O\M^N\^O"...,4096,0x31000) = 4096 (0x1000)
close(3)                     = 0 (0x0)
ioctl(1,TIOCGETA,0x3fffcffa10)           = 0 (0x0)
ioctl(1,TIOCGETA,0x40902084)             = 0 (0x0)
ioctl(1,TIOCGETA,0x409020b0)             = 0 (0x0)
ioctl(1,TIOCGETA,0x3fffcff950)           = 0 (0x0)
ioctl(1,TIOCGWINSZ,0x3fffcff9c8)         = 0 (0x0)
ioctl(2,TIOCGWINSZ,0x3fffcffe78)         = 0 (0x0)
fstat(1,{ mode=crw--w---- ,inode=46,size=0,blksize=4096 }) = 0 (0x0)
sigaction(SIGHUP,{ 0x12a386 0x0 ss_t },{ SIG_DFL 0x0 ss_t }) = 0 (0x0)
sigaction(SIGINT,{ 0x12a3ac 0x0 ss_t },{ SIG_DFL 0x0 ss_t }) = 0 (0x0)
sigaction(SIGTERM,{ 0x12a3cc 0x0 ss_t },{ SIG_DFL 0x0 ss_t }) = 0 (0x0)
sigaction(SIGWINCH,{ 0x12a3f2 0x0 ss_t },{ SIG_DFL SA_RESTART ss_t }) = 0 (0x0)
issetugid()                  = 0 (0x0)
openat(AT_FDCWD,"/usr/lib/i18n",O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC,00) = 3 (0x3)
fcntl(3,F_ISUNIONSTACK,0x0)          = 0 (0x0)
getdirentries(3,"\f\^N\0\0\0\0\0\0\f\0\0\0\0\0\0"...,4096,{ 0x0 }) = 2032 (0x7f0)
getdirentries(3,0x4090b000,4096,{ 0x600 })   = 0 (0x0)
close(3)                     = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2|SIGTHR|SIGLIBRT|34 },{ }) = 0 (0x0)
__sysctl("kern.ostype",2,0x4102fc31,0x3fffcfc6a0,0x0,0) = 0 (0x0)
__sysctl("kern.hostname",2,0x4102fd31,0x3fffcfc6a0,0x0,0) = 0 (0x0)
__sysctl("kern.osrelease",2,0x4102fe31,0x3fffcfc6a0,0x0,0) = 0 (0x0)
__sysctl("kern.version",2,0x4102ff31,0x3fffcfc6a0,0x0,0) = 0 (0x0)
__sysctl("hw.machine",2,0x41030031,0x3fffcfc6a0,0x0,0) = 0 (0x0)
open("/usr/lib/i18n/libiconv_std.so.4",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=4855,size=49088,blksize=32768 }) = 0 (0x0)
mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 1075376128 (0x4018f000)
mmap(0x0,20480,PROT_MAX(PROT_READ|PROT_WRITE|PROT_EXEC)|PROT_READ|PROT_WRITE|PROT_EXEC,MAP_GUARD,-1,0x0) = 1085071360 (0x40ace000)
mmap(0x40ace000,4096,PROT_READ,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x0) = 1085071360 (0x40ace000)
mmap(0x40acf000,8192,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x0) = 1085075456 (0x40acf000)
mmap(0x40ad1000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x1000) = 1085083648 (0x40ad1000)
mmap(0x40ad2000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x1000) = 1085087744 (0x40ad2000)
munmap(0x4018f000,4096)              = 0 (0x0)
close(3)                     = 0 (0x0)
mprotect(0x40ad1000,4096,PROT_READ)      = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0)         = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2|SIGTHR|SIGLIBRT|34 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0)         = 0 (0x0)
openat(AT_FDCWD,"/usr/share/i18n/esdb/esdb.alias.db",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=7728,size=30048,blksize=32768 }) = 0 (0x0)
mmap(0x0,30048,PROT_READ,MAP_PRIVATE,3,0x0)  = 1085091840 (0x40ad3000)
close(3)                     = 0 (0x0)
munmap(0x40ad3000,30048)             = 0 (0x0)
openat(AT_FDCWD,"/usr/share/i18n/esdb/esdb.dir.db",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=7730,size=13440,blksize=32768 }) = 0 (0x0)
mmap(0x0,13440,PROT_READ,MAP_PRIVATE,3,0x0)  = 1085091840 (0x40ad3000)
close(3)                     = 0 (0x0)
munmap(0x40ad3000,13440)             = 0 (0x0)
openat(AT_FDCWD,"/usr/share/i18n/esdb/ISO646/ISO646-US.esdb",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=7922,size=304,blksize=32768 }) = 0 (0x0)
mmap(0x0,304,PROT_READ,MAP_PRIVATE,3,0x0)    = 1075376128 (0x4018f000)
close(3)                     = 0 (0x0)
munmap(0x4018f000,304)               = 0 (0x0)
openat(AT_FDCWD,"/usr/share/i18n/esdb/esdb.alias.db",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=7728,size=30048,blksize=32768 }) = 0 (0x0)
mmap(0x0,30048,PROT_READ,MAP_PRIVATE,3,0x0)  = 1085091840 (0x40ad3000)
close(3)                     = 0 (0x0)
munmap(0x40ad3000,30048)             = 0 (0x0)
openat(AT_FDCWD,"/usr/share/i18n/esdb/esdb.dir.db",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=7730,size=13440,blksize=32768 }) = 0 (0x0)
mmap(0x0,13440,PROT_READ,MAP_PRIVATE,3,0x0)  = 1085091840 (0x40ad3000)
close(3)                     = 0 (0x0)
munmap(0x40ad3000,13440)             = 0 (0x0)
openat(AT_FDCWD,"/usr/share/i18n/esdb/UTF/UTF-16BE.esdb",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=7959,size=368,blksize=32768 }) = 0 (0x0)
mmap(0x0,368,PROT_READ,MAP_PRIVATE,3,0x0)    = 1075376128 (0x4018f000)
close(3)                     = 0 (0x0)
munmap(0x4018f000,368)               = 0 (0x0)
openat(AT_FDCWD,"/usr/lib/i18n",O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC,00) = 3 (0x3)
fcntl(3,F_ISUNIONSTACK,0x0)          = 0 (0x0)
getdirentries(3,"\f\^N\0\0\0\0\0\0\f\0\0\0\0\0\0"...,4096,{ 0x0 }) = 2032 (0x7f0)
getdirentries(3,0x4090b000,4096,{ 0x600 })   = 0 (0x0)
close(3)                     = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2|SIGTHR|SIGLIBRT|34 },{ }) = 0 (0x0)
open("/usr/lib/i18n/libUTF1632.so.4",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=4843,size=32608,blksize=32768 }) = 0 (0x0)
mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 1075376128 (0x4018f000)
mmap(0x0,20480,PROT_MAX(PROT_READ|PROT_WRITE|PROT_EXEC)|PROT_READ|PROT_WRITE|PROT_EXEC,MAP_GUARD,-1,0x0) = 1085091840 (0x40ad3000)
mmap(0x40ad3000,4096,PROT_READ,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x0) = 1085091840 (0x40ad3000)
mmap(0x40ad4000,8192,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x0) = 1085095936 (0x40ad4000)
mmap(0x40ad6000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x1000) = 1085104128 (0x40ad6000)
mmap(0x40ad7000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x1000) = 1085108224 (0x40ad7000)
munmap(0x4018f000,4096)              = 0 (0x0)
close(3)                     = 0 (0x0)
mprotect(0x40ad6000,4096,PROT_READ)      = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0)         = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2|SIGTHR|SIGLIBRT|34 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0)         = 0 (0x0)
fstatat(AT_FDCWD,"/usr/share/i18n/csmapper/mapper.dir",{ mode=-r--r--r-- ,inode=7266,size=45300,blksize=32768 },0x0) = 0 (0x0)
openat(AT_FDCWD,"/usr/share/i18n/csmapper/charset.alias.db",O_RDONLY|O_CLOEXEC,00) ERR#2 'No such file or directory'
openat(AT_FDCWD,"/usr/share/i18n/csmapper/charset.alias",O_RDONLY|O_CLOEXEC,00) ERR#2 'No such file or directory'
openat(AT_FDCWD,"/usr/share/i18n/csmapper/charset.alias.db",O_RDONLY|O_CLOEXEC,00) ERR#2 'No such file or directory'
openat(AT_FDCWD,"/usr/share/i18n/csmapper/charset.alias",O_RDONLY|O_CLOEXEC,00) ERR#2 'No such file or directory'
openat(AT_FDCWD,"/usr/share/i18n/csmapper/mapper.dir",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=7266,size=45300,blksize=32768 }) = 0 (0x0)
mmap(0x0,45300,PROT_READ,MAP_PRIVATE,3,0x0)  = 1085112320 (0x40ad8000)
close(3)                     = 0 (0x0)
munmap(0x40ad8000,45300)             = 0 (0x0)
openat(AT_FDCWD,"/usr/lib/i18n",O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC,00) = 3 (0x3)
fcntl(3,F_ISUNIONSTACK,0x0)          = 0 (0x0)
getdirentries(3,"\f\^N\0\0\0\0\0\0\f\0\0\0\0\0\0"...,4096,{ 0x0 }) = 2032 (0x7f0)
getdirentries(3,0x4090b000,4096,{ 0x600 })   = 0 (0x0)
close(3)                     = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2|SIGTHR|SIGLIBRT|34 },{ }) = 0 (0x0)
open("/usr/lib/i18n/libmapper_646.so.4",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=4857,size=28808,blksize=32768 }) = 0 (0x0)
mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 1075376128 (0x4018f000)
mmap(0x0,20480,PROT_MAX(PROT_READ|PROT_WRITE|PROT_EXEC)|PROT_READ|PROT_WRITE|PROT_EXEC,MAP_GUARD,-1,0x0) = 1085112320 (0x40ad8000)
mmap(0x40ad8000,4096,PROT_READ,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x0) = 1085112320 (0x40ad8000)
mmap(0x40ad9000,8192,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x0) = 1085116416 (0x40ad9000)
mmap(0x40adb000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x1000) = 1085124608 (0x40adb000)
mmap(0x40adc000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ|MAP_CHERI_NOSETBOUNDS,3,0x1000) = 1085128704 (0x40adc000)
munmap(0x4018f000,4096)              = 0 (0x0)
close(3)                     = 0 (0x0)
mprotect(0x40adb000,4096,PROT_READ)      = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0)         = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2|SIGTHR|SIGLIBRT|34 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0)         = 0 (0x0)
openat(AT_FDCWD,"/usr/share/i18n/csmapper/ISO646/ISO646-US%UCS.646",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=7630,size=299,blksize=32768 }) = 0 (0x0)
mmap(0x0,299,PROT_READ,MAP_PRIVATE,3,0x0)    = 1075376128 (0x4018f000)
close(3)                     = 0 (0x0)
munmap(0x4018f000,299)               = 0 (0x0)
openat(AT_FDCWD,"/usr/share/vi/catalog/C",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=14334,size=13168,blksize=32768 }) = 0 (0x0)
mmap(0x0,13168,PROT_READ,MAP_SHARED,3,0x0)   = 1085132800 (0x40add000)
close(3)                     = 0 (0x0)
fstatat(AT_FDCWD,"/etc/vi.exrc",0x3fffcff1f0,0x0) ERR#2 'No such file or directory'
fstatat(AT_FDCWD,"/home/<username>/.nexrc",0x3fffcff1f0,0x0) ERR#2 'No such file or directory'
fstatat(AT_FDCWD,"/home/<username>/.exrc",0x3fffcff1f0,0x0) ERR#2 'No such file or directory'
getrandom("b%\M-+\M-.\M-Us\M->'+`>R\M-5\M-i"...,40,0) = 40 (0x28)
mmap(0x0,1104,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 1075376128 (0x4018f000)
minherit(0x4018f000,1104,INHERIT_ZERO)       = 0 (0x0)
fstatat(AT_FDCWD,"/tmp",{ mode=drwxrwxrwt ,inode=21,size=512,blksize=32768 },0x0) = 0 (0x0)
openat(AT_FDCWD,"/tmp/vi.KY5zN91Uvg",O_RDWR|O_CREAT|O_EXCL,010020527140) = 3 (0x3)
fstat(3,{ mode=---sr----- ,inode=20133,size=0,blksize=32768 }) = 0 (0x0)
close(3)                     = 0 (0x0)
fstatat(AT_FDCWD,"/var/tmp/vi.recover/",{ mode=drwxrwxrwt ,inode=20089,size=512,blksize=32768 },0x0) = 0 (0x0)
fstatat(AT_FDCWD,"/var/tmp/vi.recover",{ mode=drwxrwxrwt ,inode=20089,size=512,blksize=32768 },0x0) = 0 (0x0)
openat(AT_FDCWD,"/var/tmp/vi.recover/vi.Wnlhw4",O_RDWR|O_CREAT|O_EXCL,010020527140) = 3 (0x3)
fchmod(3,0700)                   = 0 (0x0)
close(3)                     = 0 (0x0)
openat(AT_FDCWD,"/tmp/vi.KY5zN91Uvg",O_RDONLY|O_NONBLOCK|O_CLOEXEC,00) ERR#13 'Permission denied'
fstatat(AT_FDCWD,"/usr/share/nls/C/libc.cat",0x3fffcff340,0x0) ERR#2 'No such file or directory'
fstatat(AT_FDCWD,"/usr/share/nls/libc/C",0x3fffcff340,0x0) ERR#2 'No such file or directory'
fstatat(AT_FDCWD,"/usr/local/share/nls/C/libc.cat",0x3fffcff340,0x0) ERR#2 'No such file or directory'
fstatat(AT_FDCWD,"/usr/local/share/nls/libc/C",0x3fffcff340,0x0) ERR#2 'No such file or directory'
unlink("/tmp/vi.KY5zN91Uvg")             = 0 (0x0)
unlink("/var/tmp/vi.recover/vi.Wnlhw4")      = 0 (0x0)
ex/vi: Error: /tmp/vi.KY5zN91Uvg: Permission denied
write(2,"ex/vi: Error: /tmp/vi.KY5zN91Uvg"...,52) = 52 (0x34)
sigaction(SIGHUP,0x0,{ 0x12a386 0x0 ss_t })  = 0 (0x0)
sigaction(SIGINT,0x0,{ 0x12a3ac 0x0 ss_t })  = 0 (0x0)
sigaction(SIGTERM,0x0,{ 0x12a3cc 0x0 ss_t })     = 0 (0x0)
sigaction(SIGWINCH,0x0,{ 0x12a3f2 0x0 ss_t })    = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2|SIGTHR|SIGLIBRT|34 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0)         = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2|SIGTHR|SIGLIBRT|34 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0)         = 0 (0x0)
exit(0x1)                   
process exit, rval = 1

jrtc27 commented 4 years ago

Looks like a prototype mismatch specific to things that call _openat (and, likely, _open) directly inside libc. Though with all the auto-generated stuff I don't know where that prototype actually lives/comes from:

(gdb) bt
#0  _openat () at _openat.S:4
#1  0x0000000040427f2e in _gettemp (dfd=<optimized out>, path=<optimized out>, doopen=<optimized out>, domkdir=<optimized out>, slen=<optimized out>, oflags=<optimized out>) at /home/bed22/git/cheri/cheribsd/lib/libc/stdio/mktemp.c:182
#2  0x000000004042816a in mkstemp (path=0x40979100 [rwRW,0x40979100-0x40979180] "/tmp/vi.1dCnEKE81V") at /home/bed22/git/cheri/cheribsd/lib/libc/stdio/mktemp.c:94
#3  0x000000000012f3fa in file_init (sp=<optimized out>, frp=<optimized out>, rcv_name=<optimized out>, flags=<optimized out>) at /home/bed22/git/cheri/cheribsd/contrib/nvi/common/exf.c:192
#4  0x00000000001366e0 in editor (gp=<optimized out>, argc=<optimized out>, argv=<optimized out>) at /home/bed22/git/cheri/cheribsd/contrib/nvi/common/main.c:370
#5  0x0000000000129ea0 in main (argc=<optimized out>, argv=<optimized out>) at /home/bed22/git/cheri/cheribsd/contrib/nvi/cl/cl_main.c:119
(gdb) p/x $a3
$1 = 0x4042ae60
(gdb) x/ow $sp
0x3fffcff200:   0600

openat will call va_arg to extract the mode if O_CREAT is passed and then give it to _openat, which has normal non-varargs arguments. It's vital we call the right one in userspace (or, really, make sure we call whichever we call with the correct calling convention).

jrtc27 commented 4 years ago

I think this is just a case of giving openat the same NO_UNDERSCORE treatment as fcntl/ioctl/open? Though I'll note that that treatment does currently change semantics of the underscore functions; previously they'd go directly to the syscall, but now they go via __libc_interposing.

brooksdavis commented 4 years ago

I'm going to give openat the NO_UNDERSCORE treatment. I agree this isn't quite right. This was pretty early code and has mostly worked so hasn't been looked at much. Given that we're handling syscall() in the kernel I wonder if we want to switch to handling these in the kernel as well (thought that's pretty gross in the case of ioctl).

shakes fist at people wanting to save a whole int on the stack in a non-recursive call (at least that's the justification I got from Kirk).

jrtc27 commented 4 years ago

Well, we can just split them and have the underscore version call __sys_openat directly instead of use __libc_interposing. That should give the correct semantics and just turns it into a trampoline.

brooksdavis commented 4 years ago

Should be fixed now.

CTSRD-CHERI / FETT

vi(1) broken as unprivileged user #13