From c175e47cfee0215ad7386e7c1d9a4865280ba76f Mon Sep 17 00:00:00 2001
From: Andrew Clayton <a.clayton@nginx.com>
Date: Fri, 2 Dec 2022 17:20:37 +0000
Subject: Autodetect endianness.

In configure we set NXT_HAVE_LITTLE_ENDIAN for i386, amd64 and x86_64.
However that misses at least AArch64 (arm64) where it's usually run in
little endian mode.

However none of that really matters as NXT_HAVE_LITTLE_ENDIAN isn't used
anywhere.  So why this patch?

The only place we need to explicitly know about endianness is the
nxt_websocket_header_t structure where we lay it out differently
depending on endianness.

This is currently done using BYTE_ORDER, LITTLE_ENDIAN and BIG_ENDIAN
macros.

However on at least illumos (OpenSolaris / OpenIndiana) those macros are
not defined and we get compiler errors due to duplicate structure
members.

So let's use our own NXT_HAVE_{BIG,LITTLE}_ENDIAN macros.  However it
would be better to detect endianness programmatically as some
architectures can run in either mode, e.g Linux used to run in big
endian on PowerPC but has since switched to little endian (to match
x86).

This commit adds an auto/endian script (using a slightly modified
version of the test program from nginx's auto script), that checks for
the endianness of the platform being built on.  E.g

  checking for endianness ... little endian

The next commit will switch the nxt_websocket_header_t structure over to
these new macros.

Link: <https://github.com/nginx/unit/pull/298>
Link: <https://developer.ibm.com/articles/l-power-little-endian-faq-trs/>
Tested-by: Alejandro Colomar <alx@nginx.com>
Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
---
 auto/endian | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 auto/endian

(limited to 'auto')

diff --git a/auto/endian b/auto/endian
new file mode 100644
index 00000000..cb23639b
--- /dev/null
+++ b/auto/endian
@@ -0,0 +1,31 @@
+# Copyright (C) Igor Sysoev
+# Copyright (C) Andrew Clayton
+# Copyright (C) Nginx, Inc.
+
+
+nxt_feature="endianness"
+nxt_feature_name=
+nxt_feature_run=value
+nxt_feature_incs=
+nxt_feature_libs=
+nxt_feature_test="#include <stdint.h>
+                  #include <stdio.h>
+
+                  int main(void) {
+                      int i = 0x11223344;
+                      uint8_t *p;
+
+                      p = (uint8_t *)&i;
+                      if (*p == 0x44)
+                          printf(\"little endian\");
+                      else
+                          printf(\"big endian\");
+                      return 0;
+                  }"
+. auto/feature
+
+if [ "$nxt_feature_value" = "little endian" ]; then
+    nxt_have=NXT_HAVE_LITTLE_ENDIAN . auto/have
+else
+    nxt_have=NXT_HAVE_BIG_ENDIAN . auto/have
+fi
-- 
cgit 


From 0277d8f1034f6f3dcdb5fd88dc3a9a3f04c1de89 Mon Sep 17 00:00:00 2001
From: Andrew Clayton <a.clayton@nginx.com>
Date: Fri, 25 Nov 2022 10:32:20 +0000
Subject: Isolation: Fix the enablement of PR_SET_NO_NEW_PRIVS.

This prctl(2) option is checked for in auto/isolation, unfortunately due
to a typo this feature has never been enabled.

In the auto/isolation script the feature name was down as
NXT_HAVE_PR_SET_NO_NEW_PRIVS0, which means we end up with the following
in build/nxt_auto_config.h

  #ifndef NXT_HAVE_PR_SET_NO_NEW_PRIVS0
  #define NXT_HAVE_PR_SET_NO_NEW_PRIVS0  1
  #endif

Whereas everywhere else is checking for NXT_HAVE_PR_SET_NO_NEW_PRIVS.

This also guards the inclusion of sys/prctl.h in src/nxt_process.c which
is required by a subsequent commit.

Fixes: e2b53e1 ("Added "rootfs" feature.")
Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
---
 auto/isolation | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'auto')

diff --git a/auto/isolation b/auto/isolation
index cbf42d9d..b706c94d 100644
--- a/auto/isolation
+++ b/auto/isolation
@@ -90,7 +90,7 @@ nxt_feature_test="#include <mntent.h>
 
 
 nxt_feature="prctl(PR_SET_NO_NEW_PRIVS)"
-nxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS0
+nxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS
 nxt_feature_run=no
 nxt_feature_incs=
 nxt_feature_libs=
-- 
cgit 


From b7f1d7253a8f44f31c2e1a8d9c8962ef30be83e9 Mon Sep 17 00:00:00 2001
From: Andrew Clayton <a.clayton@nginx.com>
Date: Fri, 18 Nov 2022 23:42:44 +0000
Subject: Isolation: Rename NXT_HAVE_CLONE -> NXT_HAVE_LINUX_NS.

Due to the need to replace our use of clone/__NR_clone on Linux with
fork(2)/unshare(2) for enabling Linux namespaces(7) to keep the
pthreads(7) API working.  Let's rename NXT_HAVE_CLONE to
NXT_HAVE_LINUX_NS, i.e name it after the feature, not how it's
implemented, then in future if we change how we do namespaces again we
don't have to rename this.

Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
---
 auto/isolation | 14 +++++++-------
 auto/sources   |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

(limited to 'auto')

diff --git a/auto/isolation b/auto/isolation
index b706c94d..27f44624 100644
--- a/auto/isolation
+++ b/auto/isolation
@@ -4,7 +4,7 @@
 # Linux clone syscall.
 
 NXT_ISOLATION=NO
-NXT_HAVE_CLONE=NO
+NXT_HAVE_LINUX_NS=NO
 NXT_HAVE_CLONE_NEWUSER=NO
 NXT_HAVE_MOUNT=NO
 NXT_HAVE_UNMOUNT=NO
@@ -12,21 +12,21 @@ NXT_HAVE_ROOTFS=NO
 
 nsflags="USER NS PID NET UTS CGROUP"
 
-nxt_feature="clone(2)"
-nxt_feature_name=NXT_HAVE_CLONE
+nxt_feature="Linux unshare()"
+nxt_feature_name=NXT_HAVE_LINUX_NS
 nxt_feature_run=no
 nxt_feature_incs=
 nxt_feature_libs=
-nxt_feature_test="#include <sys/wait.h>
-                  #include <sys/syscall.h>
+nxt_feature_test="#define _GNU_SOURCE
+                  #include <sched.h>
 
                   int main(void) {
-                      return SYS_clone | SIGCHLD;
+                      return unshare(0);
                   }"
 . auto/feature
 
 if [ $nxt_found = yes ]; then
-    NXT_HAVE_CLONE=YES
+    NXT_HAVE_LINUX_NS=YES
 
     # Test all isolation flags
     for flag in $nsflags; do
diff --git a/auto/sources b/auto/sources
index 29f3c7b5..2ca78844 100644
--- a/auto/sources
+++ b/auto/sources
@@ -299,7 +299,7 @@ if [ "$NXT_HAVE_HPUX_SENDFILE" = "YES" \
 fi
 
 
-if [ "$NXT_HAVE_CLONE" = "YES" ]; then
+if [ "$NXT_HAVE_LINUX_NS" = "YES" ]; then
     NXT_LIB_SRCS="$NXT_LIB_SRCS $NXT_LIB_CLONE_SRCS"
 fi
 
-- 
cgit 


From a83354f47331db1214cba4dd8899f2a002295b2f Mon Sep 17 00:00:00 2001
From: Andrew Clayton <a.clayton@nginx.com>
Date: Wed, 30 Nov 2022 00:13:22 +0000
Subject: Enable the PR_SET_CHILD_SUBREAPER prctl(2) option on Linux.

This prctl(2) option can be used to set the "child subreaper" attribute
of the calling process.  This allows a process to take on the role of
'init', which means the process will inherit descendant processes when
their immediate parent terminates.

This will be used in an upcoming commit that uses a double fork(2) +
unshare(2) to create a new PID namespace.  The parent from the second
fork will terminate leaving the child process to be inherited by 'init'.
Aside from it being better to maintain the parent/child relationships
between the various unit processes, without setting this you need to ^C
twice to fully quit unit when running in the foreground after the double
fork.

Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
---
 auto/isolation | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'auto')

diff --git a/auto/isolation b/auto/isolation
index 27f44624..c535e80a 100644
--- a/auto/isolation
+++ b/auto/isolation
@@ -102,6 +102,19 @@ nxt_feature_test="#include <sys/prctl.h>
 . auto/feature
 
 
+nxt_feature="prctl(PR_SET_CHILD_SUBREAPER)"
+nxt_feature_name=NXT_HAVE_PR_SET_CHILD_SUBREAPER
+nxt_feature_run=no
+nxt_feature_incs=
+nxt_feature_libs=
+nxt_feature_test="#include <sys/prctl.h>
+
+                  int main(void) {
+                      return PR_SET_CHILD_SUBREAPER;
+                  }"
+. auto/feature
+
+
 nxt_feature="Linux mount()"
 nxt_feature_name=NXT_HAVE_LINUX_MOUNT
 nxt_feature_run=no
-- 
cgit