Fixes: 8ee1d61d "Revert "Detect hang of McKernel in mcexec""
Fixes: b87ac8b8 "reproductible builds: remove most install paths in c code"
Change-Id: I8ef9ab81cd0a41ccd0e227ebc3e45c0745c150e9
- Specify AT_SYMLINK_NOFOLLOW in faccessat only when
the symbolic-link is analyzed by overlay_path().
Change-Id: Ie3b1f7fedef7441fd4b39c5c8b2ef0f73cba770e
Refs: #1370
Note: the original fujitsu implementation didn't rename the various
save_fs function/desc to save_tls for some reason, might as well go all
the way though...
Change-Id: Ic362c15c8b320c4d258d2ead8c5fd4eafd9d0ae9
Fujitsu: POSTK_DEBUG_ARCH_DEP_91
arm64 performs context-switch in kernel space instead of user space as in
x86_64.
Change-Id: Ib119b9ff014effb970183ee86cfac67fab773cba
Futjitsu: POSTK_DEBUG_ARCH_DEP_99
Some old commit before -Werror was enabled got merged,
blocking other builds. Quickly fix before anyone notices
Change-Id: I5a034cef6f79e3e99b381bb1a5d97088e33a6718
mcoverlayfs code is now unused (technically should work on top of the
soft emulation but not well tested, and untested unused code is bad).
Remove it.
Left the unshare/bind_mount_recursive code in mcexec in a new
MCEXEC_BIND_MOUNT ifdef (only in config.h.in directly to discourage use.
it disables the ioctl as well, but the main code is still compiled to
keep up to date with linux api changes... although it's using kallsyms
lookup so it does not validate much more than "the symbol still exists")
I honestly think this should go as well (people who would want to use it
are root and could do it manually), but will give up for now.
Change-Id: I832b6a8ab19e24ed67a1a5044b1c6c32381ae0aa
In order to speed up test bot work it would be helpful to check for
identical build outputs and skip tests if required.
This removes most use of the install path in c code:
- ql_mpi uses /proc/self/exe and looks for talker/server in same
directory as itself
- mcexec looks for libihk.so in /proc/self/maps and use that path for
LD_PRELOAD prefix path
- rootfsdir is not used right now but until a better fix happens just
hardcode it, someone who wants to change it can set it through cmake
There is one last occurence of the install directory, MCEXEC_PATH in
mcctrl's binfmt code, for which the build system will just overwrite it
to a constant string at build time instead of trying to remove it too
hard. It would be possible to pass it as a kernel parameter or look for
mcexec in PATH but this is too much work for now.
Change-Id: I5d1352bc5748a1ea10dcae4be630f30a07609296
use generic struct zero initializer instead.
Older gcc used on arm also seem to have trouble with '{}',
so use '{ 0 }' instead
Change-Id: I83d43b05f8d1d44e1dd86502b48e28fe242e1db2
Fujitsu added this ifdef together with ifndef __arch64__ and thus disabled
the option for both archs in practice; it probably does not hurt to restore...
I'm not sure I see the point of disabling the option at mcexec level though,
but who am I to care.
Change-Id: I0d4bffb6ed325edac8ae577773e19c0fff6ca2ed
Fujitsu: POSTK_DEBUG_ARCH_DEP_53
This fix is rejected because it only makes the setfsuid test in ostest
pass and doesn't fix the other issues including the one in which file
I/O could be done with the old fsuid because an mcexec thread with an
arbitrary tid could handle the system-call offload request.
Explanation of the rejected fix:
setfsuid() proceeds as follows:
1. McKernel asks mcexec for __NR_setfsuid (set)
2. mcexec calls setfsuid, reports the id to McKernel
3. McKernel asks mcexec for __NR_setfsuid (get)
4. mcexec calls mcexec_getcred(), reports the id to Mckernel
5. McKernel sets proc->fsuid to the obtained value
tid of mcexec on the 2nd and 4th step could be different. So this
fix lets mcexec report its tid on the 2nd step and McKernel specify
it in the 3rd step.
Change-Id: Id5cfeed18c64430d576a56e961bbca1ecb2e39ad
Fujitsu: POSTK_DEBUG_TEMP_FIX_45
Fix that process will remain even if signal is received between PPD
registration and release_handler registration.
Refs: #1201
Fujitsu: POSTK_DEBUG_TEMP_FIX_64
Change-Id: I571781963578df8cedb327f19298f595cfb137a3
mcoverlayfs has a high maintenance burden and does not work on rhel8's 4.18
kernel (while it works on vanilla 4.18...); instead of debugging this further
time is better spent making it independent from overlayfs.
Change-Id: I7454ae95b0fbb3373c256aa2fd83cdfec466c009
Separate copyright bumps in a different commit.
A lot of files only had the copyright change at this point; these
were probably changes I added separatly in other patches but just
split these in a different commit instead to simplify git stats
Change-Id: I93cf3fc1c0fa04ee743a79c3fe9768933e6bd0d2
Check we mapped the correct region with a magic header in the struct
Original commit: d246b93a3bced92d0ac2a4a337118091b010658a
Fujitsu: POSTK_DEBUG_TEMP_FIX_76
Change-Id: If848be64af5d76844ba65b48493021637c8114f4
While we are here:
- fix uname -r (single quote?!)
- add compat for rhel8 (el kernel and version is 4.18)
- also remove linux version check in mcreboot.sh, trust configure check
Change-Id: I14726d4374b0dfd941640096044ea1d5d88bfcb8
envs are stuck after args which are now possibly unaligned, and used
from a non-aligned pointer in prepare_process_ranges_args_envs (env)
The memory immediately after args/envs is copied anyway with memcpy_long,
so make sure the bits are initialized and realign env correctly
Fixes: 70e52faf36 ("flatten_strings: do not return unused trailing bits")
Change-Id: Ic747e947d151c0eea65dec36bc9c888cf6e0c394
the libc takes care of trying execve as many times as needed for
execvp, it's not a kernel call.
Also, sneak a double-free fix (desc was not reset properly in case
load_elf_desc_shebang failed)
Fixes: b1681f4a3affff ("mcexec/execve: fix shebangs handling")
Change-Id: If8e3d7ae53acdeffc0331ae8621e0832fcfa406f
Running "mcexec dfsafds" did not print any message in normal use.
Rather than looking for which message shows in debug and turn in into
eprintf, add a single coherent message (more shell-like) at the end and
turn other messages off.
There is a small loss of information but this is equivalent to what
shells give (a single errno value with no details), and it is now easy
to add --debug to mcexec to see more information if required
Change-Id: Id2c3a47880b7d1d7467883351e6e7af561f91bbf
strncat must not look at the appendee's length, but at how much
is left where we're appending.
This API is stupid anyway, where is strlcat when we need it...
Change-Id: Icdf418083146420a06f8ba5ffdf882982610d39b
