commit-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[hurd] 66/70: exec: remove support for transparently unbzip2ing executab

From: Samuel Thibault
Subject: [hurd] 66/70: exec: remove support for transparently unbzip2ing executables
Date: Mon, 16 Sep 2013 07:41:47 +0000 
This is an automated email from the git hooks/post-receive script.

sthibault pushed a commit to branch upstream
in repository hurd.

commit 23ca8f5f942f831ec5be3667fd0a29873fae2912
Author: Justus Winter <address@hidden>
Date:   Thu Aug 15 18:41:50 2013 +0200

    exec: remove support for transparently unbzip2ing executables
    
    Remove support for transparently unbzip2ing executables from the exec
    server. The code in question makes the exec server unnecessarily
    complex and since the exec server is an essential process, crashing it
    makes /hurd/init crash the whole system.
    
    Since the bzip2 code is not thread-safe, all access to it is
    serialized, so there is a trivial way for one user to delay another
    users bzip2ed executables for some unspecified time.
    
    This can be accomplished by padding any program with easily compressed
    data, zipping it and executing it. Using such a program as an passive
    translator and then triggering its execution by the filesystem
    translator also stalls any requests to that filesystem (observed using
    the libdiskfs-based ext2fs).
    
    Since compressed executables cannot be mapped into the memory, they
    have to be uncompressed into allocated memory first. This is slower
    and any user with access to the exec server can make it allocate
    arbitrary amounts of memory. If the Hurd had proper memory accounting,
    this would probably be a way around it.
    
    So the compression support in exec seemingly creates various issues
    for little value, at least with the abundance of nonvolatile memory
    available today.
    
    * exec/Makefile: Remove bzip2 related files.
    * exec/exec.c: Remove anything #ifdef BZIP2ed.
    * exec/do-bunzip2.c: Move to libstore.
---
 exec/Makefile                   |    8 +--
 exec/exec.c                     |  124 ---------------------------------------
 {exec => libstore}/do-bunzip2.c |    0
 3 files changed, 3 insertions(+), 129 deletions(-)

diff --git a/exec/Makefile b/exec/Makefile
index eb88361..11d2875 100644
--- a/exec/Makefile
+++ b/exec/Makefile
@@ -21,14 +21,12 @@ dir := exec
 makemode := server
 
 SRCS = exec.c main.c hashexec.c hostarch.c
-#       $(gzip-sources) $(bzip2-sources)
+#       $(gzip-sources)
 OBJS = main.o hostarch.o exec.o hashexec.o \
        execServer.o exec_startupServer.o
-#       $(gzip-objects) $(bzip2-objects)
+#       $(gzip-objects)
 gzip-sources = unzip.c util.c inflate.c
 gzip-objects = $(gzip-sources:%.c=%.o)
-bzip2-sources = do-bunzip2.c
-bzip2-objects = $(bzip2-sources:%.c=%.o)
 
 target = exec
 #targets = exec exec.static
@@ -40,6 +38,6 @@ exec-MIGSFLAGS = -imacros $(srcdir)/execmutations.h
 
 include ../Makeconf
 
-CPPFLAGS += # -DGZIP -DBZIP2 -DBFD
+CPPFLAGS += # -DGZIP -DBFD
 
 exec.static exec: $(OBJS) $(library_deps)
diff --git a/exec/exec.c b/exec/exec.c
index 6eb81c8..201e629 100644
--- a/exec/exec.c
+++ b/exec/exec.c
@@ -7,9 +7,6 @@
    #ifdef GZIP
    Can gunzip executables into core on the fly.
    #endif
-   #ifdef BZIP2
-   Can bunzip2 executables into core on the fly.
-   #endif
 
 This file is part of the GNU Hurd.
 
@@ -52,10 +49,6 @@ pthread_rwlock_t std_lock = PTHREAD_RWLOCK_INITIALIZER;
 static void check_gzip (struct execdata *);
 #endif
 
-#ifdef BZIP2
-static void check_bzip2 (struct execdata *);
-#endif
-
 /* Zero the specified region but don't crash the server if it faults.  */
 
 #include <hurd/sigpreempt.h>
@@ -838,105 +831,6 @@ check_gzip (struct execdata *earg)
   prepare_in_memory (e);
 }
 #endif
-
-#ifdef BZIP2
-/* Check the file for being a bzip2'd image.  Return with ENOEXEC means not
-   a valid bzip2 file; return with another error means lossage in decoding;
-   return with zero means the file was uncompressed into memory which E now
-   points to, and `check' can be run again.  */
-
-static void
-check_bzip2 (struct execdata *earg)
-{
-  struct execdata *e = earg;
-  /* Entry points to bunzip2 engine.  */
-  void do_bunzip2 (void);
-  /* Callbacks from unzip for I/O and error interface.  */
-  extern int (*unzip_read) (char *buf, size_t maxread);
-  extern void (*unzip_write) (const char *buf, size_t nwrite);
-  extern void (*unzip_read_error) (void);
-  extern void (*unzip_error) (const char *msg);
-
-  char *zipdata = NULL;
-  size_t zipdatasz = 0;
-  FILE *zipout = NULL;
-  jmp_buf ziperr;
-  off_t zipread_pos = 0;
-  int zipread (char *buf, size_t maxread)
-    {
-      char *contents = map (e, zipread_pos, 1);
-      size_t n;
-      if (contents == NULL)
-       {
-         errno = e->error;
-         return -1;
-       }
-      n = MIN (maxread, map_buffer (e) + map_fsize (e) - contents);
-      errno = hurd_safe_copyin (buf, contents, n); /* XXX/fault */
-      if (errno)
-        longjmp (ziperr, 2);
-
-      zipread_pos += n;
-      return n;
-    }
-  void zipwrite (const char *buf, size_t nwrite)
-    {
-      if (fwrite (buf, nwrite, 1, zipout) != 1)
-       longjmp (ziperr, 1);
-    }
-  void ziprderr (void)
-    {
-      errno = ENOEXEC;
-      longjmp (ziperr, 2);
-    }
-  void ziperror (const char *msg)
-    {
-      errno = ENOEXEC;
-      longjmp (ziperr, 2);
-    }
-
-  unzip_read = zipread;
-  unzip_write = zipwrite;
-  unzip_read_error = ziprderr;
-  unzip_error = ziperror;
-
-  if (setjmp (ziperr))
-    {
-      /* Error in unzipping jumped out.  */
-      if (zipout)
-       {
-         fclose (zipout);
-         free (zipdata);
-       }
-      e->error = errno;
-      return;
-    }
-
-  zipout = open_memstream (&zipdata, &zipdatasz);
-  if (! zipout)
-    {
-      e->error = errno;
-      return;
-    }
-
-  /* Call the bunzip2 engine.  */
-  do_bunzip2 ();
-
-  /* The output is complete.  Clean up the stream and store its resultant
-     buffer and size in the execdata as the file contents.  */
-  fclose (zipout);
-
-  /* Clean up the old exec file stream's state.
-     Now that we have the contents all in memory (in E->file_data),
-     nothing will in fact ever try to use E->stream again.  */
-  finish (e, 0);
-
-  /* Prepare the stream state to use the file contents already in memory.  */
-  e->file_data = zipdata;
-  e->file_size = zipdatasz;
-  prepare_in_memory (e);
-}
-#endif
 
 
 static inline void *
@@ -1014,24 +908,6 @@ do_exec (file_t file,
            check (e);
        }
 #endif
-#ifdef BZIP2
-      if (e->error == ENOEXEC)
-       {
-         /* See if it is a compressed image.  */
-         static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
-         /* The bzip2 code is really cheesy, not even close to thread-safe.
-            So we serialize all uses of it.  */
-         pthread_mutex_lock (&lock);
-         e->error = 0;
-         check_bzip2 (e);
-         pthread_mutex_unlock (&lock);
-         if (e->error == 0)
-           /* The file was uncompressed into memory, and now E describes the
-              uncompressed image rather than the actual file.  Check it again
-              for a valid magic number.  */
-           check (e);
-       }
-#endif
     }
 
 
diff --git a/exec/do-bunzip2.c b/libstore/do-bunzip2.c
similarity index 100%
rename from exec/do-bunzip2.c
rename to libstore/do-bunzip2.c

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-hurd/hurd.git
reply via email to
[Prev in Thread] Current Thread [Next in Thread]