| Age | Commit message (Collapse) | Author |
|---|
|
Worked for trivial cases, but spuriously closed fd 0 and had
other issues. Separated implementations out.
|
|
Some years back, there was a historical reason (lost to the mists of
time) for which we had problems if we allowed actual creation of fifos,
but so far as we know we don't expect any problems with them now,
and there's a bitbake change which would like to be able to use fifos
for logging, so let's try enabling them and see what happens.
|
|
Trying to track down problems which sometimes result in files showing
up as nameless files, producing clashes later. Looks like there were two
issues; one is we were creating links for files that we'd already
found by inode. The other is that rename was sending bogus LINK messages
in some cases. Also simplified the find_file_dev path to extract the
path as part of the initial operation, since there wasn't any case where
that wasn't being done immediately afterwards.
|
|
Also for lstat, but that probably never matters because in Linux
you will never actually call lstat without working really hard at
it, because you end up calling __lxstat anyway. (Was already
doing the right thing for Darwin.)
|
|
So it turns out that if you fix a bug inside an #ifdef that hasn't
applied to anything in years, it doesn't actually fix the bug.
|
|
We used to rely on filesystem operations to apply the umask when
appropriate, but when we started masking out 022, that stopped working.
Start watching umask.
|
|
Various wrappers checked for a non-null pseudo_get_value("PSEUDO_UNLOAD") to
determine whether the environment should include the pseudo variables. None
of those checks freed the returned value when it was not null. The new
check function does.
The new check function also sees whether PSEUDO_UNLOAD was defined in the
environment that should be used in the wrapped system call. This allows
pkg_postinst scripts to strip out the LD_PRELOAD setting, for example before
invoking qemu to execute commands in an environment that does not have
libpseudo.so.
[YOCTO #4843]
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Change the handling of fchmodat(AT_SYMLINK_NOFOLLOW) to reject it
if the host system does, so we preserve host system behavior.
Mask out group/other write bits when actually creating files to
reduce risks to filesystem integrity.
|
|
underlying fchmodat() will just fail, but GNU tar calls it that way
anyway, figuring it'll just retry on failure, but we don't report
the failure. Nor do we want to, because that's expensive and slow
and will result in additional database round trips. But I don't want
to fail out right away, so for now, just strip the flag.
|
|
|
|
|
|
This is a moderately intrusive change. The basic overall effect:
Debugging messages are now controlled, not by a numeric "level",
but by a series of flags, which are expressed as a string of
letters. Each flag has a single-letter form used for string
specifications, a name, a description, a numeric value (1 through N),
and a flag value (which is 1 << the numeric value). (This does mean
that no flag has the value 1, so we only have 31 bits available.
Tiny violins play.)
The other significant change is that the pseudo_debug calls
are now implemented with a do/while macro containing a conditional,
so that computationally-expensive arguments are never evaluated
if the corresponding debug flags weren't set. The assumption is
that in the vast majority of cases (specifically, all of them
so far) the debug flags for a given call are a compile-time constant,
so the nested conditional will never actually show up in code
when compiled with optimization; we'll just see the appropriate
conditional test.
The VERBOSE flag is magical, in that if the VERBOSE flag is
used in a message, the debug flags have to have both VERBOSE and
at least one other flag for the call to be made.
This should dramatically improve performance for a lot of cases
without as much need for PSEUDO_NDEBUG, and improve the ability of
users to get coherent debugging output that means something and is
relevant to a given case.
It's also intended to set the stage for future development work
involving improving the clarity and legibility of pseudo's diagnostic
messages in general.
Old things which used numeric values for PSEUDO_DEBUG will sort
of continue to work, though they will almost always be less verbose
than they used to. There should probably be a pass through adding
"| PDBGF_CONSISTENCY" to a lot of the messages that are specific
to some other type.
|
|
Darwin's off_t is a 64-bit type, so there's no off64_t. Also,
there's an uninitialized variable usage in unlinkat which LLVM
catches.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Most pseudo operations don't actually USE the server's response. So
why wait for a response?
This patch introduces a new message type, PSEUDO_MSG_FASTOP. It
also tags pseudo operation types with whether or not they need to
give a response. This requires updates to maketables to allow non-string
types for additional columns, and the addition of some quotes to the
SQL query enums/query_type.in table.
A few routines are altered to change their behavior and whether or not
they perform a stat operation. The only operations that do wait are
OP_FSTAT and OP_STAT, OP_MKNOD, and OP_MAY_UNLINK. Rationale:
You can't query the server for replacement information and not wait for
it. Makes no sense.
There's extra checking in mknod, because we really do want to fail out
if we couldn't do that -- that implies that we haven't created a thing
that will look like a node.
The result from OP_MAY_UNLINK is checked because it's used to determine
whether we need to send a DID_UNLINK or CANCEL_UNLINK. It might be cheaper
to send two messages without waiting than to send one, wait, and maybe
send another, but I don't want to send invalid messages.
This is highly experimental.
|
|
The openembedded build, at least with RPM or SMART, is heavily affected
by the cost of calling fsync or fdatasync on package databases all the
time. Gosh, wouldn't it be nice if we could suppress that without making
dozens of highly intrusive and risky changes into RPM, various database
packages, and so on?
Yes, yes it would. If only there were a program which could intercept
system calls and change their behavior!
Enter --enable-force-async. There are now wrappers for fsync, fdatasync,
and a few related functions. If --enable-force-async is set, these wrappers
instantly return 0, even if PSEUDO_DISABLED is set. And with any luck,
bitbake will now perform a bit better.
Credit for this insight goes to Richard Purdie. I've reimplemented
this to add the configure option, and make the fsync suppression work
even when PSEUDO_DISABLED is set.
|
|
wrap_linkat() was trying to avoid "redundantly" expanding paths before
calling real_linkat(). Which is fine when you're not using an absolute
path in a chroot environment, but if you are, it ends up calling the
real syscall with the absolute path and no chroot prefix.
General observation: All the *at() implementations are expanding paths
into absolute paths, then dutifully calling real_*at() functions with
them anyway. This is silly. Added a note to Futures.txt to fix it some
day. In the mean time, linkat() is fixed correctly; it always expands
paths, does so exactly once, and then uses the underlying link()
call because it doesn't need special processing of directory fds
anymore. Also fixed errno stashing to reduce the risk that link()
will change errno in a circumstance where it doesn't actually fail.
|
|
The automatic path fixups invoked for names which end in the string
"path" was still applying to link(), which then called linkat(),
which would do the same path fixups; if you were chrooted, this would
produce bogus paths. On systems which actually have linkat(), this
would produce the even more mysterious behavior that the link would
succeed, but the following stat would fail.
Solution: Change the wrapfuncs prototypes for link() so it doesn't
invoke automatic path name fixups.
|
|
We never had an implementation for linkat() because no one used it;
now someone uses it. link() is now implemented on top of linkat().
Note the abnormal AT_SYMLINK_FOLLOW (as opposed to _NOFOLLOW) flag.
|
|
The _plain thing was added because of clashes between Linux
("struct stat64 for 64-bit file sizes") and Darwin ("struct stat
is already 64 bits"). But it turns out not to be enough,
because stat will *fail* if it cannot represent a file size,
so when something like unlinkat() calls a non-64-bit stat in
order to determine whether a file exists, it gets the wrong
answer if the file is over 2GB in size.
Solution: Continue using PSEUDO_STATBUF, and also provide
defines for base_stat() which can be either real_stat() or
real_stat64(), etcetera.
This eliminates any reason to need the _plain functions. It
also suggests that the other real___fxstatat() calls should
someday go away because that is an ugly, ugly, implementation
detail.
As part of testing this, fix up some bitrot which affected
Darwin (such as the continue outside of a loop, but inside
an #ifdef; that was left over from the conversion of
init_one_wrapper to a separate function).
|
|
Spotted a couple of things during the last batch of fixes; fixing these
up so things are more consistent or clearer.
|
|
We weren't trapping popen(), so if environment variables were in an
inconsistent state when popen() was called, Bad Things Happened. Add
a popen() wrapper. Like a couple of other special cases, is applied
even when pseudo is theoretically disabled, and that includes the antimagic
case. (But we never use popen() so that's fine.)
|
|
1. Fix *at() where dirfd is obtained through dirfd(DIR *).
The dirfd(DIR *) interface allows you to get the fd for a DIR *,
meaning you can use it with openat(), meaning you can need its
path. This causes a segfault. Also fixed the base_path
code not to segfault in that case, but first fix the
underlying problem.
2. Implement renameat()
After three long years, someone tried to use this. This was impossibly
hard back when pseudo was written, because there was only one dirfd
provided for. Thing is, now, the canonicalization happens in wrapfuncs,
so a small tweak to makewrappers to recognize that oldpath should use
olddirfd if it exists is enough to get us fully canonicalized paths
when needed.
|
|
On some Linux systems, dlsym("realpath", RTLD_NEXT) prefers
for reasons of its own to give a symbol that is also known
as old_realpath, which fails and yields EINVAL when called
with a null pointer as the second argument. This can be
avoided, on some systems, by using dlvsym() to request
the GLIBC_2.3 version of the symbol.
The wrapper logic is enhanced to allow for specifying
versions, although this currently only works for Linux
(Darwin has no dlvsym, apparently?). The test case is
a trivial program which calls realpath(name, NULL) run
with PSEUDO_DISABLED=1.
|
|
|
|
that we add an extra fork() so we can do the setup in a child process,
but still just pass the command string to the standard system()
call.
|
|
the 0100 bit for directories. The reason is that otherwise we create
plain files which are 0700 on disk, which means they're non-zero &0111,
which breaks euidaccess(X_OK).
|
|
This is a spiffied-up rebase of a bunch of intermediate changes, presented
as a whole because it is, surprisingly, less confusing that way. The basic
idea is to separate the guts code into categories ranging from generic
stuff that can be the same everywhere and specific variants. The big scary
one is the Darwin support, which actually seems to run okay on 64-bit OS X
10.6. (No other variants were tested.) The other example given is support
for the old clone() syscall on RHEL 4, which affects some wrlinux use cases.
There's a few minor cleanup bits here, such as a function with inconsistent
calling conventions, but nothing really exciting.
|
Peter Seebach