[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[hurd] 66/70: exec: remove support for transparently unbzip2ing executab
From: |
Samuel Thibault |
Subject: |
[hurd] 66/70: exec: remove support for transparently unbzip2ing executables |
Date: |
Mon, 16 Sep 2013 07:41:47 +0000 |
This is an automated email from the git hooks/post-receive script.
sthibault pushed a commit to branch upstream
in repository hurd.
commit 23ca8f5f942f831ec5be3667fd0a29873fae2912
Author: Justus Winter <address@hidden>
Date: Thu Aug 15 18:41:50 2013 +0200
exec: remove support for transparently unbzip2ing executables
Remove support for transparently unbzip2ing executables from the exec
server. The code in question makes the exec server unnecessarily
complex and since the exec server is an essential process, crashing it
makes /hurd/init crash the whole system.
Since the bzip2 code is not thread-safe, all access to it is
serialized, so there is a trivial way for one user to delay another
users bzip2ed executables for some unspecified time.
This can be accomplished by padding any program with easily compressed
data, zipping it and executing it. Using such a program as an passive
translator and then triggering its execution by the filesystem
translator also stalls any requests to that filesystem (observed using
the libdiskfs-based ext2fs).
Since compressed executables cannot be mapped into the memory, they
have to be uncompressed into allocated memory first. This is slower
and any user with access to the exec server can make it allocate
arbitrary amounts of memory. If the Hurd had proper memory accounting,
this would probably be a way around it.
So the compression support in exec seemingly creates various issues
for little value, at least with the abundance of nonvolatile memory
available today.
* exec/Makefile: Remove bzip2 related files.
* exec/exec.c: Remove anything #ifdef BZIP2ed.
* exec/do-bunzip2.c: Move to libstore.
---
exec/Makefile | 8 +--
exec/exec.c | 124 ---------------------------------------
{exec => libstore}/do-bunzip2.c | 0
3 files changed, 3 insertions(+), 129 deletions(-)
diff --git a/exec/Makefile b/exec/Makefile
index eb88361..11d2875 100644
--- a/exec/Makefile
+++ b/exec/Makefile
@@ -21,14 +21,12 @@ dir := exec
makemode := server
SRCS = exec.c main.c hashexec.c hostarch.c
-# $(gzip-sources) $(bzip2-sources)
+# $(gzip-sources)
OBJS = main.o hostarch.o exec.o hashexec.o \
execServer.o exec_startupServer.o
-# $(gzip-objects) $(bzip2-objects)
+# $(gzip-objects)
gzip-sources = unzip.c util.c inflate.c
gzip-objects = $(gzip-sources:%.c=%.o)
-bzip2-sources = do-bunzip2.c
-bzip2-objects = $(bzip2-sources:%.c=%.o)
target = exec
#targets = exec exec.static
@@ -40,6 +38,6 @@ exec-MIGSFLAGS = -imacros $(srcdir)/execmutations.h
include ../Makeconf
-CPPFLAGS += # -DGZIP -DBZIP2 -DBFD
+CPPFLAGS += # -DGZIP -DBFD
exec.static exec: $(OBJS) $(library_deps)
diff --git a/exec/exec.c b/exec/exec.c
index 6eb81c8..201e629 100644
--- a/exec/exec.c
+++ b/exec/exec.c
@@ -7,9 +7,6 @@
#ifdef GZIP
Can gunzip executables into core on the fly.
#endif
- #ifdef BZIP2
- Can bunzip2 executables into core on the fly.
- #endif
This file is part of the GNU Hurd.
@@ -52,10 +49,6 @@ pthread_rwlock_t std_lock = PTHREAD_RWLOCK_INITIALIZER;
static void check_gzip (struct execdata *);
#endif
-#ifdef BZIP2
-static void check_bzip2 (struct execdata *);
-#endif
-
/* Zero the specified region but don't crash the server if it faults. */
#include <hurd/sigpreempt.h>
@@ -838,105 +831,6 @@ check_gzip (struct execdata *earg)
prepare_in_memory (e);
}
#endif
-
-#ifdef BZIP2
-/* Check the file for being a bzip2'd image. Return with ENOEXEC means not
- a valid bzip2 file; return with another error means lossage in decoding;
- return with zero means the file was uncompressed into memory which E now
- points to, and `check' can be run again. */
-
-static void
-check_bzip2 (struct execdata *earg)
-{
- struct execdata *e = earg;
- /* Entry points to bunzip2 engine. */
- void do_bunzip2 (void);
- /* Callbacks from unzip for I/O and error interface. */
- extern int (*unzip_read) (char *buf, size_t maxread);
- extern void (*unzip_write) (const char *buf, size_t nwrite);
- extern void (*unzip_read_error) (void);
- extern void (*unzip_error) (const char *msg);
-
- char *zipdata = NULL;
- size_t zipdatasz = 0;
- FILE *zipout = NULL;
- jmp_buf ziperr;
- off_t zipread_pos = 0;
- int zipread (char *buf, size_t maxread)
- {
- char *contents = map (e, zipread_pos, 1);
- size_t n;
- if (contents == NULL)
- {
- errno = e->error;
- return -1;
- }
- n = MIN (maxread, map_buffer (e) + map_fsize (e) - contents);
- errno = hurd_safe_copyin (buf, contents, n); /* XXX/fault */
- if (errno)
- longjmp (ziperr, 2);
-
- zipread_pos += n;
- return n;
- }
- void zipwrite (const char *buf, size_t nwrite)
- {
- if (fwrite (buf, nwrite, 1, zipout) != 1)
- longjmp (ziperr, 1);
- }
- void ziprderr (void)
- {
- errno = ENOEXEC;
- longjmp (ziperr, 2);
- }
- void ziperror (const char *msg)
- {
- errno = ENOEXEC;
- longjmp (ziperr, 2);
- }
-
- unzip_read = zipread;
- unzip_write = zipwrite;
- unzip_read_error = ziprderr;
- unzip_error = ziperror;
-
- if (setjmp (ziperr))
- {
- /* Error in unzipping jumped out. */
- if (zipout)
- {
- fclose (zipout);
- free (zipdata);
- }
- e->error = errno;
- return;
- }
-
- zipout = open_memstream (&zipdata, &zipdatasz);
- if (! zipout)
- {
- e->error = errno;
- return;
- }
-
- /* Call the bunzip2 engine. */
- do_bunzip2 ();
-
- /* The output is complete. Clean up the stream and store its resultant
- buffer and size in the execdata as the file contents. */
- fclose (zipout);
-
- /* Clean up the old exec file stream's state.
- Now that we have the contents all in memory (in E->file_data),
- nothing will in fact ever try to use E->stream again. */
- finish (e, 0);
-
- /* Prepare the stream state to use the file contents already in memory. */
- e->file_data = zipdata;
- e->file_size = zipdatasz;
- prepare_in_memory (e);
-}
-#endif
static inline void *
@@ -1014,24 +908,6 @@ do_exec (file_t file,
check (e);
}
#endif
-#ifdef BZIP2
- if (e->error == ENOEXEC)
- {
- /* See if it is a compressed image. */
- static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
- /* The bzip2 code is really cheesy, not even close to thread-safe.
- So we serialize all uses of it. */
- pthread_mutex_lock (&lock);
- e->error = 0;
- check_bzip2 (e);
- pthread_mutex_unlock (&lock);
- if (e->error == 0)
- /* The file was uncompressed into memory, and now E describes the
- uncompressed image rather than the actual file. Check it again
- for a valid magic number. */
- check (e);
- }
-#endif
}
diff --git a/exec/do-bunzip2.c b/libstore/do-bunzip2.c
similarity index 100%
rename from exec/do-bunzip2.c
rename to libstore/do-bunzip2.c
--
Alioth's /usr/local/bin/git-commit-notice on
/srv/git.debian.org/git/pkg-hurd/hurd.git
- [hurd] 43/70: Fix build, (continued)
- [hurd] 43/70: Fix build, Samuel Thibault, 2013/09/16
- [hurd] 46/70: proc: keep track of {start,end}_code, Samuel Thibault, 2013/09/16
- [hurd] 45/70: Fix variable names, Samuel Thibault, 2013/09/16
- [hurd] 25/70: exec: remove the BFD code, Samuel Thibault, 2013/09/16
- [hurd] 26/70: hurd: add missing routines in process_reply.defs, Samuel Thibault, 2013/09/16
- [hurd] 63/70: trans/symlink.c: add fsys_get_source, Samuel Thibault, 2013/09/16
- [hurd] 60/70: libdiskfs: add fsys_get_source, Samuel Thibault, 2013/09/16
- [hurd] 56/70: libnetfs: add fsys_get_children, Samuel Thibault, 2013/09/16
- [hurd] 41/70: mach-defpager: register mach-defpager translators as important, Samuel Thibault, 2013/09/16
- [hurd] 62/70: libtrivfs: add fsys_get_source, Samuel Thibault, 2013/09/16
- [hurd] 66/70: exec: remove support for transparently unbzip2ing executables,
Samuel Thibault <=
- [hurd] 58/70: trans/symlink.c: add fsys_get_children, Samuel Thibault, 2013/09/16
- [hurd] 67/70: exec: remove support for transparently ungziping executables, Samuel Thibault, 2013/09/16
- [hurd] 54/70: libfshelp: add translator-list.c, Samuel Thibault, 2013/09/16
- [hurd] 70/70: Merge remote-tracking branch 'upstream/master' into upstream, Samuel Thibault, 2013/09/16
- [hurd] 53/70: libnetfs: track file name in struct peropen, Samuel Thibault, 2013/09/16
- [hurd] 48/70: exec: keep track of the range where executable segments are mapped, Samuel Thibault, 2013/09/16
- [hurd] 64/70: hurd: add fsys_get_source, Samuel Thibault, 2013/09/16
- [hurd] 59/70: hurd: add fsys_get_children, Samuel Thibault, 2013/09/16
- [hurd] 68/70: Handle notification on page eviction, Samuel Thibault, 2013/09/16
- [hurd] 65/70: trans: add mtab translator, Samuel Thibault, 2013/09/16