Age | Commit message (Collapse) | Author |
|
|
|
We never had an implementation for linkat() because no one used it;
now someone uses it. link() is now implemented on top of linkat().
Note the abnormal AT_SYMLINK_FOLLOW (as opposed to _NOFOLLOW) flag.
|
|
The PSEUDO_STATBUF change (allowing operations on files over
2GB even on 32-bit systems) introduced a subtle bug; by calling
stat64() rather than real_stat(), pseudo stopped handling
chrooted paths well. In most cases, this was fine, but in the
specific case of a rename, where the stat buffers for the various
parts were actually used, it wasn't. Of particular note, pseudo
could end up creating links which had stack garbage for their
stat buffs, because it assumed that if the rename operation
succeeded, the stat operations must have succeeded.
Of course, there is no real_stat64 in the Linux port, because
there's no need for it; most code is calling __xstat64 or some
relative thereof, and even if you did really call stat64, it'd
end up routed there anyway. So we add that so that it can be
used for calls and we don't have to encode Linux-specific
magic about __xstat into the generic header.
|
|
The _plain thing was added because of clashes between Linux
("struct stat64 for 64-bit file sizes") and Darwin ("struct stat
is already 64 bits"). But it turns out not to be enough,
because stat will *fail* if it cannot represent a file size,
so when something like unlinkat() calls a non-64-bit stat in
order to determine whether a file exists, it gets the wrong
answer if the file is over 2GB in size.
Solution: Continue using PSEUDO_STATBUF, and also provide
defines for base_stat() which can be either real_stat() or
real_stat64(), etcetera.
This eliminates any reason to need the _plain functions. It
also suggests that the other real___fxstatat() calls should
someday go away because that is an ugly, ugly, implementation
detail.
As part of testing this, fix up some bitrot which affected
Darwin (such as the continue outside of a loop, but inside
an #ifdef; that was left over from the conversion of
init_one_wrapper to a separate function).
|
|
Instead of using .tgz, use .tar.bz2 (and change czf to cjf). This makes
life easier for Yocto.
|
|
Clean up a couple of (harmless, but unsightly) bits of cruft
left from a failed attempt at implementing the ARCH_FLAGS support.
|
|
|
|
Pseudo should never have been the one picking -m32/-m64. That should be
coming from the build system in some way. Deprecate --arch, add --cflags.
|
|
Enough changes to justify a tag.
|
|
The logic for whether to allocate space for the "base" path
in pseudo_fix_path recognized that you don't need it when the
path you're evaluating starts with a slash.
This is great, except:
1. It's not actually true, if rootlen isn't 0.
2. The decision of whether or not to copy over the base
path didn't check for this, so it would happen anyway.
The net result is, if you had a path in excess of 256 characters as
a base (say, a chroot directory), and you tried to evaluate a path
starting with a slash (say, /etc/shadow), pseudo would allocate enough
space for the path, but not for the base path, and then copy the
base path into it anyway. The rounding up to multiples of 256 isn't
enough to save us in this case.
Solution:
1. Make the logic for the base path copy match the allocation logic.
2. Use (path[0] != '/' || rootlen) as the second part of the test,
because if there's a non-zero rootlen, we're in a chroot and MUST
preserve at least some of the path.
This could maybe be smarter (what if we only allocated space for
rootlen in that case?) except that in reality, it's very very
often the case that baselen == rootlen, and it's not as though we
want MORE complexity.
|
|
|
|
Long story short: ARM doesn't use -m32 and -m64, so make those
a little more dependent. We'll probably rework this completely "soon"
as we mess with more targets and x32 becomes an issue.
|
|
The existing behavior was to set rpath to whatever was specified
explicitly with --with-rpath, or to set a default if the opt_rpath
variable was unset and we reached a --with-sqlite.
This turns out to be incorrect in the case where a static sqlite is
being used. You can force the issue with --without-rpath, but it's
probably better to make the inference smarter. This also allows the
slight cleanup of setting opt_rpath to '' to begin with, because we're
no longer depending on the distinction between empty and unset.
|
|
Spotted a couple of things during the last batch of fixes; fixing these
up so things are more consistent or clearer.
|
|
|
|
Some systems prefer to avoid messing with LD_LIBRARY_PATH as much,
and instead link sqlite statically.
|
|
In OE-Core we need to be able to configure for both 32-bit and 64-bit
libpseudo libraries. In order to avoid some complex manipulations,
we adjust the configure and Makefile to facilitate this.
Upstream-Status: Submitted
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
We weren't trapping popen(), so if environment variables were in an
inconsistent state when popen() was called, Bad Things Happened. Add
a popen() wrapper. Like a couple of other special cases, is applied
even when pseudo is theoretically disabled, and that includes the antimagic
case. (But we never use popen() so that's fine.)
|
|
ignored) rather than flags (where it was needed), meaning that the
open64 type functions didn't work as intended on 32-bit hosts.
|
|
1. Fix *at() where dirfd is obtained through dirfd(DIR *).
The dirfd(DIR *) interface allows you to get the fd for a DIR *,
meaning you can use it with openat(), meaning you can need its
path. This causes a segfault. Also fixed the base_path
code not to segfault in that case, but first fix the
underlying problem.
2. Implement renameat()
After three long years, someone tried to use this. This was impossibly
hard back when pseudo was written, because there was only one dirfd
provided for. Thing is, now, the canonicalization happens in wrapfuncs,
so a small tweak to makewrappers to recognize that oldpath should use
olddirfd if it exists is enough to get us fully canonicalized paths
when needed.
|
|
|
|
2011-11-01:
* (mhatle) Stop valgrind from reporting use of uninitialized
memory from pseudo_client:client_ping()
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Previously the clone(2) wrapper unconditionallity restored the system
environment. It also invokes the checks to see if the user has requested
pseudo to be disabled or unloaded. Due to the semantics of clone, this caused
both the parent and child processes to be disabled or unloaded.
The new code adds an intermediate function, wrap_clone_child, that only
runs within the child context. This way we can be sure to only disable/unload
pseudo from within the child process. In addition, we avoid mucking with
the environment if CLONE_VM is set, since this will affect both parent and
child.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Change from internal PSEUDO_RELOADED to external PSEUDO_UNLOAD environment
variable. Enable external programs to have a safe and reliable way to unload
pseudo on the next exec*. PSEUDO_UNLOAD also will disable pseudo if we're in a
fork/clone situation in the same way PSEUDO_DISABLED=1 would.
Rename the PSEUDO_DISABLED tests, and create a similar set for the new
PSEUDO_UNLOAD.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
You might be wondering why this wasn't caught. Answer: gcc's too smart.
Consider:
int x;
if (condition)
x = 23;
return x;
This function will just return 23. Since gcc knows that it doesn't
matter what happens if x is used uninitialized (it's an indeterminate
value, thus a possible trap representation, thus undefined behavior
to use it), it simplifies the initial part of this away. Thus there's
no use of an uninitialized value.
Something similar seems to be at issue with the use of the uninitialized
f in pseudo_init_one_wrapper.
The variable wasn't initialized in the pre-realpath-fix version either,
but in that version, the assignment from dlsym was completely unconditional.
|
|
On some Linux systems, dlsym("realpath", RTLD_NEXT) prefers
for reasons of its own to give a symbol that is also known
as old_realpath, which fails and yields EINVAL when called
with a null pointer as the second argument. This can be
avoided, on some systems, by using dlvsym() to request
the GLIBC_2.3 version of the symbol.
The wrapper logic is enhanced to allow for specifying
versions, although this currently only works for Linux
(Darwin has no dlvsym, apparently?). The test case is
a trivial program which calls realpath(name, NULL) run
with PSEUDO_DISABLED=1.
|
|
|
|
|
|
|
|
that we add an extra fork() so we can do the setup in a child process,
but still just pass the command string to the standard system()
call.
|
|
the 0100 bit for directories. The reason is that otherwise we create
plain files which are 0700 on disk, which means they're non-zero &0111,
which breaks euidaccess(X_OK).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
debugger messages from going to the wrong place. No longer fclose(stderr)
after grabbing log file, because stderr is likely still using fd 2.
|
|
|
|
This is a spiffied-up rebase of a bunch of intermediate changes, presented
as a whole because it is, surprisingly, less confusing that way. The basic
idea is to separate the guts code into categories ranging from generic
stuff that can be the same everywhere and specific variants. The big scary
one is the Darwin support, which actually seems to run okay on 64-bit OS X
10.6. (No other variants were tested.) The other example given is support
for the old clone() syscall on RHEL 4, which affects some wrlinux use cases.
There's a few minor cleanup bits here, such as a function with inconsistent
calling conventions, but nothing really exciting.
|
|
|
|
directly rather than via an on-demand spawn from the client, the
directory is never created.
|
|
|
|
This is fussy, because we have to actually do the path search ourselves
as best we can to handle unqualified paths. The result, though, is
more meaningful logs.
Along the way, fix some bitrot in the comments in pseudo_fix_path and
friends.
|
|
This reverts commit 49d4d35918d457b0e9206679ecad3b9c84f11e66.
|
|
The cached data values were being collected when an OP_EXEC call was made.
This is incorrect as the values are only for logging purposes. It's believed
this caused an occasional crash in certain instances.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
It'd be handy for the WR build system if new state directories could
be created as needed. It is made so. And to answer the first
question everyone, including me, has on reading this: You can't
do system("mkdir -p ...") because the invoked shell would need to
run under pseudo, so it'd have to check for a server, and...
|
|
|
|
When pseudo is disabled, we skip a bunch of the prefix, localstate, etc
processing. This allows pseudo to run with a directory that does not yet
exist.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
before pseudo_tables.h existed. Fixed.
|