[ANNOUNCEMENT] TEST RELEASE: Cygwin 2.3.0-0.7

[ANNOUNCEMENT] TEST RELEASE: Cygwin 2.3.0-0.7

[Corinna Vinschen]

Hi Cygwin friends and users,


I released a new TEST version of Cygwin, 2.3.0-0.7.

=========================================================================

IMPORTANT NOTE:

  The upcoming official 2.3.0 release, which I'm planning for next
  Monday, will not yet contain the below described ACL changes.  I got
  not enough feedback from testers to be confident enough to put this
  into a release.

  When I release 2.3.0-1, I also immediately release a 2.4.0-0.1
  test release to allow undisruptive testing of the new ACL code.

  Please guys, I really need feedback for this stuff.

=========================================================================

This (hopefully last) 2.3.0 test release now comes with:

- working support for the Parallels Desktop filesystem "PrlSF",
  called "prlfs" in Cygwin.
  
- Yet another fix in the cleanup code for pending signals.

- A fix for a potential deadlock situation in flock(2).


Other than that...


This is the "new POSIX ACL handling reloaded" release.

In local testing I successfully integrated AuthZ into the current Cygwin
code to generate more correct user permissions by being able to generate
effective permissions for arbitrary users.

This success convinced me that it might be possible to pick up the POSIX
permission rewrite originally targeted for the 2.0.0 release and try to
update it using AuthZ and generally revamp it to reflect effective
permissions better.

My local testing looks good, but this is a major change, so this code
really needs a lot more testing in various scenarios.  Especially
some Windows ACLs created in corporate environments are often a hard
nut to crack, and the example from

https://cygwin.com/ml/cygwin/2015-04/msg00513.html

which was the ultimate downfall of the original implementation is
the stuff which needs some good testing.

There's, as usual, a downside: AuthZ leans a bit to the slow side.
Cygwin caches information already gathered once on a per-process basis,
but in locally crafted worst case scenarios (`ls' on lots of file owned
by lots of different users and groups) the slowdown may be up to 25%.
But that's really just a worst case, in the usual scenarios the slowdown
should be mostly unnoticable.

To alleviate the problem, the AuthZ code is fortunately only called for
non-Cygwin ACLs and Cygwin ACLs created before this release.  Within a
pure Cygwin environment (e.g., some build directory only used with
Cygwin tools) AuthZ should be practically unused.

Apart from the aforementioned code changes to "just do it right", there
are two additional changes I implemented for this new POSIX ACL revamp
release:

- I reverted the questionable change I added to 2.0.0-0.7 in terms of
  chmod group permission handling.  The original description of this
  change was:

    If you have a non-trivial ACL with secondary accounts and thus a
    mask value, chmod is supposed to change only the mask, not the
    permissions of the primary group.  However, if the primary group has
    few permissions to begin with, the result is really surprising.  ls
    -l would, e.g., show read/write perms for the group, but the group
    might still have only read perms.

    Personally I find this chmod behaviour really, really bad, so I took
    the liberty to change it in a way which gives a much less surprising
    result:  If you call chmod on a non-trivial ACL, the group
    permissions will be used for the primary group and the mask.

- setfacl(1) now accepts the combination of the -b and -k options, just as
  on Linux.

As for the description what this implementation strives for, please see
http://linux.die.net/man/5/acl

All changes in this release so far:

============================================================================

What's new:
-----------

- strftime(3) supports %s (seconds since Epoch) now.

- posix_madvise(POSIX_MADV_WILLNEED) now utilizes OS functionality available
  starting with Windows 8/Server 2012.  Still a no-op on older systems.

- posix_madvise(POSIX_MADV_DONTNEED) now utilizes OS functionality available
  starting with Windows 8.1/Server 2012R2.  Still a no-op on older systems.

- sysconf() now supports returning CPU cache information:
  _SC_LEVEL1_ICACHE_SIZE, _SC_LEVEL1_ICACHE_ASSOC, _SC_LEVEL1_ICACHE_LINESIZE,
  _SC_LEVEL1_DCACHE_SIZE, _SC_LEVEL1_DCACHE_ASSOC, _SC_LEVEL1_DCACHE_LINESIZE,
  _SC_LEVEL2_CACHE_SIZE, _SC_LEVEL2_CACHE_ASSOC, _SC_LEVEL2_CACHE_LINESIZE,
  _SC_LEVEL3_CACHE_SIZE, _SC_LEVEL3_CACHE_ASSOC, _SC_LEVEL3_CACHE_LINESIZE,
  _SC_LEVEL4_CACHE_SIZE, _SC_LEVEL4_CACHE_ASSOC, _SC_LEVEL4_CACHE_LINESIZE

- New API: aligned_alloc, at_quick_exit, quick_exit.


What changed:
-------------

- Add support for Parallels Desktop FS (prlfs).


Bug Fixes
---------

- Fix a hang when stracing a forking or spawning process without activating
  stracing of child processes.
  Addresses: https://cygwin.com/ml/cygwin/2015-08/msg00390.html

- Fix long-standing potential SEGV on 32 bit Cygwin when the dynamic loader
  for OS functions fails to load a function on Windows 7 or later.
  Addresses: No actual bug report known.

- sysconf _SC_NPROCESSORS_CONF and _SC_NPROCESSORS_ONLN now handle more than
  64 CPUs on Windows 7 and later.

- Fix a potential crash in advisory file locking due to usage of stack space
  out of scope.
  Addresses: https://cygwin.com/ml/cygwin/2015-09/msg00079.html

- Fix EIO error accessing certain (OS X SMB?) drives
  Addresses: https://cygwin.com/ml/cygwin/2015-09/msg00229.html

- Fix memory leak in calls to pthread_getattr_np.

- Fix output of /proc/<PID>/winexename.

- Avoid SEGV when handling SIDs with 0 subauthorities.
  Addresses: https://cygwin.com/ml/cygwin/2015-10/msg00141.html

- Fix a potential SEGV on (at least) Wine.
  Addresses: https://cygwin.com/ml/cygwin/2015-10/msg00018.html

- Fix sigwait(3) to return errno instead of -1 and never to return with EINTR.

- Fix pthread_kill(3) to return errno instead of -1.

- Remove lingering pending signals after a thread exited.
  Addresses: https://cygwin.com/ml/cygwin/2015-09/msg00197.html

- Workaround a bug in Windows 10 NLS handling.
  Addresses: https://cygwin.com/ml/cygwin/2015-10/msg00547.html

- Avoid unnecessry locking and thus a potential deadlock in flock(2).
  Addresses: https://cygwin.com/ml/cygwin/2015-11/msg00095.html

============================================================================


Have fun,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.3.0-0.7

[Marco Atzeri]

On 06/11/2015 10:26, Corinna Vinschen wrote:
> Hi Cygwin friends and users,
>
>
> I released a new TEST version of Cygwin, 2.3.0-0.7.
>
> =========================================================================
>
> IMPORTANT NOTE:
>
>    The upcoming official 2.3.0 release, which I'm planning for next
>    Monday, will not yet contain the below described ACL changes.  I got
>    not enough feedback from testers to be confident enough to put this
>    into a release.
>
>    When I release 2.3.0-1, I also immediately release a 2.4.0-0.1
>    test release to allow undisruptive testing of the new ACL code.
>
>    Please guys, I really need feedback for this stuff.
>
> =========================================================================

Hi Corinna,
I have not seen anything strange until now;
however as a single user in a not domain environment
I doubt my task case is particularly meaningful.


> Have fun,
> Corinna


Regards
Marco


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.3.0-0.7

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 1363 bytes --]

On Nov  6 12:12, Marco Atzeri wrote:
> On 06/11/2015 10:26, Corinna Vinschen wrote:
> >Hi Cygwin friends and users,
> >
> >
> >I released a new TEST version of Cygwin, 2.3.0-0.7.
> >
> >=========================================================================
> >
> >IMPORTANT NOTE:
> >
> >   The upcoming official 2.3.0 release, which I'm planning for next
> >   Monday, will not yet contain the below described ACL changes.  I got
> >   not enough feedback from testers to be confident enough to put this
> >   into a release.
> >
> >   When I release 2.3.0-1, I also immediately release a 2.4.0-0.1
> >   test release to allow undisruptive testing of the new ACL code.
> >
> >   Please guys, I really need feedback for this stuff.
> >
> >=========================================================================
> 
> Hi Corinna,
> I have not seen anything strange until now;
> however as a single user in a not domain environment
> I doubt my task case is particularly meaningful.

Thanks all the same!  One of the sore points is performance hit when
using AuthZ to fetch the effective user permissions.  How's your
impression?  Is it noticable in your environment?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]

Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.3.0-0.7

[Ken Brown]

On 11/6/2015 7:50 AM, Corinna Vinschen wrote:
> On Nov  6 12:12, Marco Atzeri wrote:
>> On 06/11/2015 10:26, Corinna Vinschen wrote:
>>> Hi Cygwin friends and users,
>>>
>>>
>>> I released a new TEST version of Cygwin, 2.3.0-0.7.
>>>
>>> =========================================================================
>>>
>>> IMPORTANT NOTE:
>>>
>>>    The upcoming official 2.3.0 release, which I'm planning for next
>>>    Monday, will not yet contain the below described ACL changes.  I got
>>>    not enough feedback from testers to be confident enough to put this
>>>    into a release.
>>>
>>>    When I release 2.3.0-1, I also immediately release a 2.4.0-0.1
>>>    test release to allow undisruptive testing of the new ACL code.
>>>
>>>    Please guys, I really need feedback for this stuff.
>>>
>>> =========================================================================
>>
>> Hi Corinna,
>> I have not seen anything strange until now;
>> however as a single user in a not domain environment
>> I doubt my task case is particularly meaningful.
>
> Thanks all the same!  One of the sore points is performance hit when
> using AuthZ to fetch the effective user permissions.  How's your
> impression?  Is it noticable in your environment?

I'm in the same situation as Marco.  I've been using the test releases, 
but only with local users, so it doesn't really test the main issues 
you're concerned about.  I haven't noticed any performance hit.

Ken


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

RE: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.3.0-0.7

[Lemke, Michael ST/HZA-ZIC2]

On Friday, November 06, 2015 10:27 AM Corinna Vinschen wrote:
>
>Hi Cygwin friends and users,
>
>
>I released a new TEST version of Cygwin, 2.3.0-0.7.
>
>=========================================================================
>
>IMPORTANT NOTE:

...>
>
>  Please guys, I really need feedback for this stuff.
>

Ok, here's some: On a network share connected as some domain user different
from local one:

$ mkdir test
$ cygstart test

Then opening the security tab in an explorer window results in a popup with
this text:

---------------------------
Windows Security
---------------------------
The permissions on test are incorrectly ordered, which may cause some entries to be ineffective.
---------------------------
OK   
---------------------------


Expected?

Michael

Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.3.0-0.7

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 1917 bytes --]

On Nov  6 16:30, Lemke, Michael  ST/HZA-ZIC2 wrote:
> On Friday, November 06, 2015 10:27 AM Corinna Vinschen wrote:
> >
> >Hi Cygwin friends and users,
> >
> >
> >I released a new TEST version of Cygwin, 2.3.0-0.7.
> >
> >=========================================================================
> >
> >IMPORTANT NOTE:
> 
> ...>
> >
> >  Please guys, I really need feedback for this stuff.
> >
> 
> Ok, here's some: On a network share connected as some domain user different
> from local one:
> 
> $ mkdir test
> $ cygstart test
> 
> Then opening the security tab in an explorer window results in a popup with
> this text:
> 
> ---------------------------
> Windows Security
> ---------------------------
> The permissions on test are incorrectly ordered, which may cause some entries to be ineffective.
> ---------------------------
> OK   
> ---------------------------
> 
> 
> Expected?

Thanks for looking into this, but, yes, that's expected.  There's just
no way to express POSIX ACLs using Windows ACLs and following the
canonical order.  This is even a problem already when only taking the
plain POSIX permission bits for owner, group and other into account.

Note that the canonical order is not required, it's merily a suggestion
and only the Windows GUI is not up to the task to allow working with
arbitrarily ordered ACLs.  The operating system
evaluates non-canoncial ACLs just fine and even the SFU/Interix POSIX
environment created non-canoical ACLs.

There's an old writeup of this stuff in the user docs at
https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files.  I guess this
part of documentation needs some extension at one point but I'm not
exactly feeling up to the task yet. :}


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]

Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.3.0-0.7

[Achim Gratz]

Corinna Vinschen writes:
> One of the sore points is performance hit when
> using AuthZ to fetch the effective user permissions.  How's your
> impression?  Is it noticable in your environment?

Aside from the somewhat contrived example I already gave, the normal
day-to-day operation with the snapshot so far was uneventful.  Other
users besides me have the snapshot installed since about a week, so if
there were any catastrophic degradation I should know by now (I did ask
them to report back if they see something that's different as before).


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

SD adaptations for KORG EX-800 and Poly-800MkII V0.9:
http://Synth.Stromeko.net/Downloads.html#KorgSDada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.3.0-0.7

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 1525 bytes --]

On Nov  6 20:35, Achim Gratz wrote:
> Corinna Vinschen writes:
> > One of the sore points is performance hit when
> > using AuthZ to fetch the effective user permissions.  How's your
> > impression?  Is it noticable in your environment?
> 
> Aside from the somewhat contrived example I already gave, the normal
> day-to-day operation with the snapshot so far was uneventful.  Other
> users besides me have the snapshot installed since about a week, so if
> there were any catastrophic degradation I should know by now (I did ask
> them to report back if they see something that's different as before).

Sounds good.  Nevertheless, I'll release 2.3.0-1 and an 2.4.0-0.1 test
release today.

It occured to me that there's a potential way to tweak the code to
reduce the number of AuthZ calls.  Consider:

If the user has its own ACE, and if user_perms | all_group_perms |
other_perms == user_perms, or if user_perms are already RWX, then there
are no groups which could have more permissions than the user already
owns all by itself.

Good examples of this scenario are typical default POSIX perms 644 or
755 or even 775, used a lot throughout existing Cygwin trees.  None of
them require to check with AuthZ, but the AuthZ test is performed
indiscriminately if it's a not one of the "new" Cygwin ACLs.

I'll look into that this week.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]