Mercurial > hg > icedtea6
changeset 3131:975cb4907b2e
PR1714: Update PaX support to detect running PaX kernel and use newer tools
2014-02-19 Andrew John Hughes <gnu.andrew@member.fsf.org>
PR1714: Update PaX support to detect running PaX
kernel and use newer tools
* Makefile.am:
(clean-local): Remove clean-icedtea, clean-icedtea-debug
and clean-icedtea-ecj; pulled in by dependents.
(.PHONY): Add clean-runnable-icedtea, clean-runnable-icedtea-debug
and clean-runnable-icedtea-ecj.
(runnable-icedtea): Depend on icedtea and pax-mark-vm.
(clean-runnable-icedtea): Clean stamp.
(icedtea-against-icedtea): Depend on runnable-icedtea rather
than icedtea and pax-mark-vm.
(clean-icedtea-against-icedtea): Depend on clean-runnable-icedtea rather
than clean-pax-mark-vm.
(runnable-icedtea-debug): Depend on icedtea-debug and pax-mark-vm-debug.
(clean-runnable-icedtea-debug): Clean stamp.
(icedtea-debug-against-icedtea): Depend on runnable-icedtea-debug rather
than icedtea-debug and pax-mark-vm-debug.
(clean-icedtea-debug-against-icedtea): Depend on clean-runnable-icedtea-debug
rather than clean-pax-mark-vm.
(add-archive): Depend on runnable-icedtea as the target executes java.
(add-archive-debug): Likewise with runnable-icedtea-debug.
(check-crypto): Depend on runnable-icedtea as the target executes java.
(check-crypto-debug): Likewise with runnable-icedtea-debug.
(runnable-icedtea-ecj): Depend on icedtea-ecj and pax-mark-vm-ecj.
(clean-runnable-icedtea-ecj): Clean stamp.
(icedtea-against-ecj): Depend on runnable-icedtea-ecj rather
than icedtea-ecj and pax-mark-vm-ecj.
(clean-icedtea-against-ecj): Depend on clean-runnable-icedtea-ecj
rather than clean-pax-mark-vm.
(add-archive-ecj): Depend on runnable-icedtea-ecj as the target executes java.
(check-crypto-boot): Depend on runnable-icedtea-ecj as the target executes java.
* NEWS: Updated.
* acinclude.m4:
(IT_HAS_PAX): New macro to detect whether the running
kernel uses PaX.
(IT_WITH_PAX): Rewritten to search for PaX tools -
currently paxmark.sh, paxctl-ng, chpax and paxctl -
and fail if a tool isn't found and a PaX kernel is
being used.
author | Andrew John Hughes <gnu.andrew@redhat.com> |
---|---|
date | Wed, 19 Mar 2014 17:33:09 +0000 |
parents | 7d844153dc95 |
children | 9ace699eb46a |
files | ChangeLog Makefile.am NEWS acinclude.m4 |
diffstat | 4 files changed, 147 insertions(+), 51 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Tue Mar 18 12:32:37 2014 +0000 +++ b/ChangeLog Wed Mar 19 17:33:09 2014 +0000 @@ -1,3 +1,45 @@ +2014-02-19 Andrew John Hughes <gnu.andrew@member.fsf.org> + + PR1714: Update PaX support to detect running PaX + kernel and use newer tools + * Makefile.am: + (clean-local): Remove clean-icedtea, clean-icedtea-debug + and clean-icedtea-ecj; pulled in by dependents. + (.PHONY): Add clean-runnable-icedtea, clean-runnable-icedtea-debug + and clean-runnable-icedtea-ecj. + (runnable-icedtea): Depend on icedtea and pax-mark-vm. + (clean-runnable-icedtea): Clean stamp. + (icedtea-against-icedtea): Depend on runnable-icedtea rather + than icedtea and pax-mark-vm. + (clean-icedtea-against-icedtea): Depend on clean-runnable-icedtea rather + than clean-pax-mark-vm. + (runnable-icedtea-debug): Depend on icedtea-debug and pax-mark-vm-debug. + (clean-runnable-icedtea-debug): Clean stamp. + (icedtea-debug-against-icedtea): Depend on runnable-icedtea-debug rather + than icedtea-debug and pax-mark-vm-debug. + (clean-icedtea-debug-against-icedtea): Depend on clean-runnable-icedtea-debug + rather than clean-pax-mark-vm. + (add-archive): Depend on runnable-icedtea as the target executes java. + (add-archive-debug): Likewise with runnable-icedtea-debug. + (check-crypto): Depend on runnable-icedtea as the target executes java. + (check-crypto-debug): Likewise with runnable-icedtea-debug. + (runnable-icedtea-ecj): Depend on icedtea-ecj and pax-mark-vm-ecj. + (clean-runnable-icedtea-ecj): Clean stamp. + (icedtea-against-ecj): Depend on runnable-icedtea-ecj rather + than icedtea-ecj and pax-mark-vm-ecj. + (clean-icedtea-against-ecj): Depend on clean-runnable-icedtea-ecj + rather than clean-pax-mark-vm. + (add-archive-ecj): Depend on runnable-icedtea-ecj as the target executes java. + (check-crypto-boot): Depend on runnable-icedtea-ecj as the target executes java. + * NEWS: Updated. + * acinclude.m4: + (IT_HAS_PAX): New macro to detect whether the running + kernel uses PaX. + (IT_WITH_PAX): Rewritten to search for PaX tools - + currently paxmark.sh, paxctl-ng, chpax and paxctl - + and fail if a tool isn't found and a PaX kernel is + being used. + 2014-03-17 Andrew John Hughes <gnu.andrew@redhat.com> * Makefile.am:
--- a/Makefile.am Tue Mar 18 12:32:37 2014 +0000 +++ b/Makefile.am Wed Mar 19 17:33:09 2014 +0000 @@ -969,8 +969,8 @@ fi clean-local: clean-tests $(PULSE_JAVA_CLEAN_TARGET) \ - clean-icedtea clean-icedtea-debug clean-icedtea-ecj clean-extract clean-ports \ - clean-overlay clean-native-ecj clean-icedtea-against-icedtea clean-icedtea-debug-against-icedtea \ + clean-extract clean-ports clean-overlay clean-native-ecj \ + clean-icedtea-against-icedtea clean-icedtea-debug-against-icedtea \ clean-icedtea-against-ecj clean-extract-ecj clean-generated clean-replace-hotspot \ clean-rewriter clean-rewrite-rhino clean-rt clean-bootstrap-directory \ clean-bootstrap-directory-ecj clean-bootstrap-directory-symlink \ @@ -1014,7 +1014,8 @@ clean-add-pulseaudio-ecj clean-add-nss-ecj clean-add-tzdata-support-ecj clean-fonts \ clean-download-hotspot clean-tests clean-tapset-report jtregcheck clean-pax-mark-vm \ clean-pax-mark-vm-debug clean-pax-mark-vm-ecj clean-check-crypto clean-check-crypto-debug \ - clean-check-crypto-boot clean-cryptocheck + clean-check-crypto-boot clean-cryptocheck clean-runnable-icedtea clean-runnable-icedtea-debug \ + clean-runnable-icedtea-ecj env: @echo 'unset JAVA_HOME' @@ -1723,31 +1724,44 @@ rm -rf $(DEBUG_BUILD_OUTPUT_DIR) rm -f stamps/icedtea-debug.stamp -stamps/icedtea-against-icedtea.stamp: stamps/icedtea.stamp \ +stamps/runnable-icedtea.stamp: stamps/icedtea.stamp stamps/pax-mark-vm.stamp + mkdir -p stamps + touch $@ + +clean-runnable-icedtea: clean-icedtea clean-pax-mark-vm + rm -f stamps/runnable-icedtea.stamp + +stamps/icedtea-against-icedtea.stamp: stamps/runnable-icedtea.stamp \ stamps/add-jamvm.stamp stamps/add-cacao.stamp stamps/add-zero.stamp \ stamps/add-systemtap.stamp stamps/add-pulseaudio.stamp stamps/add-nss.stamp \ - stamps/add-tzdata-support.stamp stamps/add-archive.stamp stamps/pax-mark-vm.stamp \ - stamps/check-crypto.stamp + stamps/add-tzdata-support.stamp stamps/add-archive.stamp stamps/check-crypto.stamp mkdir -p stamps touch $@ clean-icedtea-against-icedtea: clean-add-jamvm clean-add-zero clean-add-cacao \ clean-add-systemtap clean-add-pulseaudio clean-add-nss clean-add-tzdata-support \ - clean-add-archive clean-pax-mark-vm clean-check-crypto + clean-add-archive clean-check-crypto clean-runnable-icedtea rm -f stamps/icedtea-against-icedtea.stamp -stamps/icedtea-debug-against-icedtea.stamp: stamps/icedtea-debug.stamp \ +stamps/runnable-icedtea-debug.stamp: stamps/icedtea-debug.stamp stamps/pax-mark-vm-debug.stamp + mkdir -p stamps + touch $@ + +clean-runnable-icedtea-debug: clean-icedtea-debug clean-pax-mark-vm-debug + rm -f stamps/runnable-icedtea-debug.stamp + +stamps/icedtea-debug-against-icedtea.stamp: stamps/runnable-icedtea-debug.stamp \ stamps/add-jamvm-debug.stamp stamps/add-cacao-debug.stamp \ stamps/add-zero-debug.stamp stamps/add-systemtap-debug.stamp stamps/add-pulseaudio-debug.stamp \ stamps/add-nss-debug.stamp stamps/add-tzdata-support-debug.stamp stamps/add-archive-debug.stamp \ - stamps/pax-mark-vm-debug.stamp stamps/check-crypto-debug.stamp + stamps/check-crypto-debug.stamp mkdir -p stamps touch $@ clean-icedtea-debug-against-icedtea: clean-add-zero-debug \ clean-add-jamvm-debug clean-add-cacao-debug clean-add-systemtap-debug \ clean-add-pulseaudio-debug clean-add-nss-debug clean-add-tzdata-support-debug \ - clean-add-archive-debug clean-pax-mark-vm-debug clean-check-crypto-debug + clean-add-archive-debug clean-runnable-icedtea-debug clean-check-crypto-debug rm -f stamps/icedtea-debug-against-icedtea.stamp stamps/add-systemtap.stamp: stamps/icedtea.stamp @@ -1989,7 +2003,7 @@ fi rm -f stamps/add-tzdata-support-debug.stamp -stamps/add-archive.stamp: stamps/icedtea.stamp +stamps/add-archive.stamp: stamps/runnable-icedtea.stamp if !ENABLE_JAMVM if !ENABLE_CACAO if !ZERO_BUILD @@ -2005,7 +2019,7 @@ rm -vf $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/$(INSTALL_ARCH_DIR)/*/*.jsa rm -f stamps/add-archive.stamp -stamps/add-archive-debug.stamp: stamps/icedtea-debug.stamp +stamps/add-archive-debug.stamp: stamps/runnable-icedtea-debug.stamp if !ENABLE_JAMVM if !ENABLE_CACAO if !ZERO_BUILD @@ -2039,7 +2053,7 @@ clean-pax-mark-vm-debug: rm -f stamps/pax-mark-vm-debug.stamp -stamps/check-crypto.stamp: stamps/cryptocheck.stamp stamps/icedtea.stamp +stamps/check-crypto.stamp: stamps/cryptocheck.stamp stamps/runnable-icedtea.stamp if [ -e $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/java ] ; then \ $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/java -cp $(CRYPTO_CHECK_BUILD_DIR) TestCryptoLevel ; \ fi @@ -2049,7 +2063,7 @@ clean-check-crypto: rm -f stamps/check-crypto.stamp -stamps/check-crypto-debug.stamp: stamps/cryptocheck.stamp stamps/icedtea-debug.stamp +stamps/check-crypto-debug.stamp: stamps/cryptocheck.stamp stamps/runnable-icedtea-debug.stamp if [ -e $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/bin/java ] ; then \ $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/bin/java -cp $(CRYPTO_CHECK_BUILD_DIR) TestCryptoLevel ; \ fi @@ -2078,14 +2092,21 @@ rm -rf $(ECJ_BUILD_OUTPUT_DIR) rm -f stamps/icedtea-ecj.stamp -stamps/icedtea-against-ecj.stamp: stamps/icedtea-ecj.stamp stamps/add-systemtap-ecj.stamp \ +stamps/runnable-icedtea-ecj.stamp: stamps/icedtea-ecj.stamp stamps/pax-mark-vm-ecj.stamp + mkdir -p stamps + touch $@ + +clean-runnable-icedtea-ecj: clean-icedtea-ecj clean-pax-mark-vm-ecj + rm -f stamps/runnable-icedtea-ecj.stamp + +stamps/icedtea-against-ecj.stamp: stamps/runnable-icedtea-ecj.stamp stamps/add-systemtap-ecj.stamp \ stamps/add-pulseaudio-ecj.stamp stamps/add-nss-ecj.stamp stamps/add-tzdata-support-ecj.stamp \ - stamps/add-archive-ecj.stamp stamps/pax-mark-vm-ecj.stamp stamps/check-crypto-boot.stamp + stamps/add-archive-ecj.stamp stamps/check-crypto-boot.stamp mkdir -p stamps touch $@ clean-icedtea-against-ecj: clean-add-systemtap-ecj clean-add-pulseaudio-ecj clean-add-nss-ecj \ - clean-add-tzdata-support-ecj clean-add-archive-ecj clean-pax-mark-vm-ecj clean-check-crypto-boot + clean-add-tzdata-support-ecj clean-add-archive-ecj clean-runnable-icedtea-ecj clean-check-crypto-boot rm -f stamps/icedtea-against-ecj.stamp stamps/add-systemtap-ecj.stamp: stamps/icedtea-ecj.stamp @@ -2208,7 +2229,7 @@ fi rm -f stamps/add-tzdata-support-ecj.stamp -stamps/add-archive-ecj.stamp: stamps/icedtea-ecj.stamp +stamps/add-archive-ecj.stamp: stamps/runnable-icedtea-ecj.stamp if !ENABLE_JAMVM if !ENABLE_CACAO if !ZERO_BUILD @@ -2233,7 +2254,7 @@ clean-pax-mark-vm-ecj: rm -f stamps/pax-mark-vm-ecj.stamp -stamps/check-crypto-boot.stamp: stamps/cryptocheck.stamp stamps/icedtea-ecj.stamp +stamps/check-crypto-boot.stamp: stamps/cryptocheck.stamp stamps/runnable-icedtea-ecj.stamp if [ -e $(ECJ_BUILD_OUTPUT_DIR)/j2sdk-image/bin/java ] ; then \ $(ECJ_BUILD_OUTPUT_DIR)/j2sdk-image/bin/java -cp $(CRYPTO_CHECK_BUILD_DIR) TestCryptoLevel ; \ fi
--- a/NEWS Tue Mar 18 12:32:37 2014 +0000 +++ b/NEWS Wed Mar 19 17:33:09 2014 +0000 @@ -18,6 +18,8 @@ - S7151089: PS NUMA: NUMA allocator should not attempt to free pages when using SHM large pages - S8013057: Detect mmap() commit failures in Linux and Solaris os::commit_memory() impls and call vm_exit_out_of_memory() - S8026887: Make issues due to failed large pages allocations easier to debug +* Bug fixes + - PR1714: Update PaX support to detect running PaX kernel and use newer tools New in release 1.11.15 (2014-01-21):
--- a/acinclude.m4 Tue Mar 18 12:32:37 2014 +0000 +++ b/acinclude.m4 Wed Mar 19 17:33:09 2014 +0000 @@ -2139,48 +2139,79 @@ AM_CONDITIONAL([VM_SUPPORTS_XBOOTCLASSPATH], test x"${it_cv_xbootclasspath_works}" = "xyes") ]) +AC_DEFUN_ONCE([IT_HAS_PAX], +[ + AC_MSG_CHECKING([if a PaX kernel is in use]) + if cat /proc/self/status | grep '^PaX' >&AS_MESSAGE_LOG_FD 2>&1; then + pax_active=yes; + else + pax_active=no; + fi + AC_MSG_RESULT([${pax_active}]) + AM_CONDITIONAL([USING_PAX], test x"${pax_active}" = "xyes") +]) + AC_DEFUN_ONCE([IT_WITH_PAX], [ - AC_MSG_CHECKING([for pax utility to use]) + AC_REQUIRE([IT_HAS_PAX]) + PAX_DEFAULT=/usr/sbin/paxmark.sh + AC_MSG_CHECKING([if a PaX utility was specified]) AC_ARG_WITH([pax], [AS_HELP_STRING(--with-pax=COMMAND,the command used for pax marking)], [ - PAX_COMMAND=${withval} - if test "x${PAX_COMMAND}" = "xno"; then - PAX_COMMAND="not specified" + if test "x${withval}" = "xyes"; then + PAX_COMMAND=no + else + PAX_COMMAND="${withval}" fi ], [ - PAX_COMMAND="not specified" + PAX_COMMAND=no ]) - case "x${PAX_COMMAND}" in - xchpax) - case "${host_cpu}" in - i?86) - PAX_COMMAND_ARGS="-msp" - ;; - *) - PAX_COMMAND_ARGS="-m" - ;; - esac - ;; - xpaxctl) - case "${host_cpu}" in - i?86) - PAX_COMMAND_ARGS="-msp" - ;; - *) - PAX_COMMAND_ARGS="-m" - ;; - esac - ;; - *) - PAX_COMMAND="not specified" - PAX_COMMAND_ARGS="not specified" - ;; - esac + AC_MSG_RESULT(${PAX_COMMAND}) + if test "x${PAX_COMMAND}" == "xno"; then + PAX_COMMAND=${PAX_DEFAULT} + fi + AC_MSG_CHECKING([if $PAX_COMMAND is a valid executable file]) + if test -x "${PAX_COMMAND}" && test -f "${PAX_COMMAND}"; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + PAX_COMMAND="" + AC_PATH_PROG(PAX_COMMAND, "paxmark.sh") + if test -z "${PAX_COMMAND}"; then + AC_PATH_PROG(PAX_COMMAND, "paxctl-ng") + fi + if test -z "${PAX_COMMAND}"; then + AC_PATH_PROG(PAX_COMMAND, "chpax") + fi + if test -z "${PAX_COMMAND}"; then + AC_PATH_PROG(PAX_COMMAND, "paxctl") + fi + if test -z "${PAX_COMMAND}"; then + if test "x${pax_active}" = "xyes"; then + AC_MSG_ERROR("No PaX utility found and running on a PaX kernel.") + else + AC_MSG_WARN("No PaX utility found.") + fi + fi + fi + if test -z "${PAX_COMMAND}"; then + PAX_COMMAND="not specified" + PAX_COMMAND_ARGS="not specified" + else + AC_MSG_CHECKING([which options to pass to ${PAX_COMMAND}]) + case "${host_cpu}" in + i?86) + PAX_COMMAND_ARGS="-msp" + ;; + *) + PAX_COMMAND_ARGS="-m" + ;; + esac + AC_MSG_RESULT(${PAX_COMMAND_ARGS}) + fi AM_CONDITIONAL(WITH_PAX, test "x${PAX_COMMAND}" != "xnot specified") - AC_MSG_RESULT(${PAX_COMMAND}) AC_SUBST(PAX_COMMAND) AC_SUBST(PAX_COMMAND_ARGS) ])