Mercurial > hg > icedtea6

--- a/ChangeLog	Tue Mar 18 12:32:37 2014 +0000
+++ b/ChangeLog	Wed Mar 19 17:33:09 2014 +0000
@@ -1,3 +1,45 @@
+2014-02-19  Andrew John Hughes  <gnu.andrew@member.fsf.org>
+
+	PR1714: Update PaX support to detect running PaX
+	kernel and use newer tools
+	* Makefile.am:
+	(clean-local): Remove clean-icedtea, clean-icedtea-debug
+	and clean-icedtea-ecj; pulled in by dependents.
+	(.PHONY): Add clean-runnable-icedtea, clean-runnable-icedtea-debug
+	and clean-runnable-icedtea-ecj.
+	(runnable-icedtea): Depend on icedtea and pax-mark-vm.
+	(clean-runnable-icedtea): Clean stamp.
+	(icedtea-against-icedtea): Depend on runnable-icedtea rather
+	than icedtea and pax-mark-vm.
+	(clean-icedtea-against-icedtea): Depend on clean-runnable-icedtea rather
+	than clean-pax-mark-vm.
+	(runnable-icedtea-debug): Depend on icedtea-debug and pax-mark-vm-debug.
+	(clean-runnable-icedtea-debug): Clean stamp.
+	(icedtea-debug-against-icedtea): Depend on runnable-icedtea-debug rather
+	than icedtea-debug and pax-mark-vm-debug.
+	(clean-icedtea-debug-against-icedtea): Depend on clean-runnable-icedtea-debug
+	rather than clean-pax-mark-vm.
+	(add-archive): Depend on runnable-icedtea as the target executes java.
+	(add-archive-debug): Likewise with runnable-icedtea-debug.
+	(check-crypto): Depend on runnable-icedtea as the target executes java.
+	(check-crypto-debug): Likewise with runnable-icedtea-debug.
+	(runnable-icedtea-ecj): Depend on icedtea-ecj and pax-mark-vm-ecj.
+	(clean-runnable-icedtea-ecj): Clean stamp.
+	(icedtea-against-ecj): Depend on runnable-icedtea-ecj rather
+	than icedtea-ecj and pax-mark-vm-ecj.
+	(clean-icedtea-against-ecj): Depend on clean-runnable-icedtea-ecj
+	rather than clean-pax-mark-vm.
+	(add-archive-ecj): Depend on runnable-icedtea-ecj as the target executes java.
+	(check-crypto-boot): Depend on runnable-icedtea-ecj as the target executes java.
+	* NEWS: Updated.
+	* acinclude.m4:
+	(IT_HAS_PAX): New macro to detect whether the running
+	kernel uses PaX.
+	(IT_WITH_PAX): Rewritten to search for PaX tools -
+	currently paxmark.sh, paxctl-ng, chpax and paxctl -
+	and fail if a tool isn't found and a PaX kernel is
+	being used.
+
 2014-03-17  Andrew John Hughes  <gnu.andrew@redhat.com>

 	* Makefile.am:
--- a/Makefile.am	Tue Mar 18 12:32:37 2014 +0000
+++ b/Makefile.am	Wed Mar 19 17:33:09 2014 +0000
@@ -969,8 +969,8 @@
 	fi

 clean-local: clean-tests $(PULSE_JAVA_CLEAN_TARGET) \
- clean-icedtea clean-icedtea-debug clean-icedtea-ecj clean-extract clean-ports \
- clean-overlay clean-native-ecj clean-icedtea-against-icedtea clean-icedtea-debug-against-icedtea \
+ clean-extract clean-ports clean-overlay clean-native-ecj \
+ clean-icedtea-against-icedtea clean-icedtea-debug-against-icedtea \
  clean-icedtea-against-ecj clean-extract-ecj clean-generated clean-replace-hotspot \
  clean-rewriter clean-rewrite-rhino clean-rt clean-bootstrap-directory \
  clean-bootstrap-directory-ecj clean-bootstrap-directory-symlink \
@@ -1014,7 +1014,8 @@
 	clean-add-pulseaudio-ecj clean-add-nss-ecj clean-add-tzdata-support-ecj clean-fonts \
 	clean-download-hotspot clean-tests clean-tapset-report jtregcheck clean-pax-mark-vm \
 	clean-pax-mark-vm-debug clean-pax-mark-vm-ecj clean-check-crypto clean-check-crypto-debug \
-	clean-check-crypto-boot clean-cryptocheck
+	clean-check-crypto-boot clean-cryptocheck clean-runnable-icedtea clean-runnable-icedtea-debug \
+	clean-runnable-icedtea-ecj

 env:
 	@echo 'unset JAVA_HOME'
@@ -1723,31 +1724,44 @@
 	rm -rf $(DEBUG_BUILD_OUTPUT_DIR)
 	rm -f stamps/icedtea-debug.stamp

-stamps/icedtea-against-icedtea.stamp: stamps/icedtea.stamp \
+stamps/runnable-icedtea.stamp: stamps/icedtea.stamp stamps/pax-mark-vm.stamp
+	mkdir -p stamps
+	touch $@
+
+clean-runnable-icedtea: clean-icedtea clean-pax-mark-vm
+	rm -f stamps/runnable-icedtea.stamp
+
+stamps/icedtea-against-icedtea.stamp:  stamps/runnable-icedtea.stamp \
  stamps/add-jamvm.stamp stamps/add-cacao.stamp stamps/add-zero.stamp \
  stamps/add-systemtap.stamp stamps/add-pulseaudio.stamp stamps/add-nss.stamp \
- stamps/add-tzdata-support.stamp stamps/add-archive.stamp stamps/pax-mark-vm.stamp \
- stamps/check-crypto.stamp
+ stamps/add-tzdata-support.stamp stamps/add-archive.stamp stamps/check-crypto.stamp
 	mkdir -p stamps
 	touch $@

 clean-icedtea-against-icedtea: clean-add-jamvm clean-add-zero clean-add-cacao \
  clean-add-systemtap clean-add-pulseaudio clean-add-nss clean-add-tzdata-support \
- clean-add-archive clean-pax-mark-vm clean-check-crypto
+ clean-add-archive clean-check-crypto clean-runnable-icedtea
 	rm -f stamps/icedtea-against-icedtea.stamp

-stamps/icedtea-debug-against-icedtea.stamp: stamps/icedtea-debug.stamp \
+stamps/runnable-icedtea-debug.stamp: stamps/icedtea-debug.stamp stamps/pax-mark-vm-debug.stamp
+	mkdir -p stamps
+	touch $@
+
+clean-runnable-icedtea-debug: clean-icedtea-debug clean-pax-mark-vm-debug
+	rm -f stamps/runnable-icedtea-debug.stamp
+
+stamps/icedtea-debug-against-icedtea.stamp: stamps/runnable-icedtea-debug.stamp \
  stamps/add-jamvm-debug.stamp stamps/add-cacao-debug.stamp \
  stamps/add-zero-debug.stamp stamps/add-systemtap-debug.stamp stamps/add-pulseaudio-debug.stamp \
  stamps/add-nss-debug.stamp stamps/add-tzdata-support-debug.stamp stamps/add-archive-debug.stamp \
- stamps/pax-mark-vm-debug.stamp stamps/check-crypto-debug.stamp
+ stamps/check-crypto-debug.stamp
 	mkdir -p stamps
 	touch $@

 clean-icedtea-debug-against-icedtea: clean-add-zero-debug \
  clean-add-jamvm-debug clean-add-cacao-debug clean-add-systemtap-debug \
  clean-add-pulseaudio-debug clean-add-nss-debug clean-add-tzdata-support-debug \
- clean-add-archive-debug clean-pax-mark-vm-debug clean-check-crypto-debug
+ clean-add-archive-debug clean-runnable-icedtea-debug clean-check-crypto-debug
 	rm -f stamps/icedtea-debug-against-icedtea.stamp

 stamps/add-systemtap.stamp: stamps/icedtea.stamp
@@ -1989,7 +2003,7 @@
 	fi
 	rm -f stamps/add-tzdata-support-debug.stamp

-stamps/add-archive.stamp: stamps/icedtea.stamp
+stamps/add-archive.stamp: stamps/runnable-icedtea.stamp
 if !ENABLE_JAMVM
 if !ENABLE_CACAO
 if !ZERO_BUILD
@@ -2005,7 +2019,7 @@
 	rm -vf $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/$(INSTALL_ARCH_DIR)/*/*.jsa
 	rm -f stamps/add-archive.stamp

-stamps/add-archive-debug.stamp: stamps/icedtea-debug.stamp
+stamps/add-archive-debug.stamp: stamps/runnable-icedtea-debug.stamp
 if !ENABLE_JAMVM
 if !ENABLE_CACAO
 if !ZERO_BUILD
@@ -2039,7 +2053,7 @@
 clean-pax-mark-vm-debug:
 	rm -f stamps/pax-mark-vm-debug.stamp

-stamps/check-crypto.stamp: stamps/cryptocheck.stamp stamps/icedtea.stamp
+stamps/check-crypto.stamp: stamps/cryptocheck.stamp stamps/runnable-icedtea.stamp
 	if [ -e $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/java ] ; then \
 	  $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/java -cp $(CRYPTO_CHECK_BUILD_DIR) TestCryptoLevel ; \
 	fi
@@ -2049,7 +2063,7 @@
 clean-check-crypto:
 	rm -f stamps/check-crypto.stamp

-stamps/check-crypto-debug.stamp: stamps/cryptocheck.stamp stamps/icedtea-debug.stamp
+stamps/check-crypto-debug.stamp: stamps/cryptocheck.stamp stamps/runnable-icedtea-debug.stamp
 	if [ -e $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/bin/java ] ; then \
 	  $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/bin/java -cp $(CRYPTO_CHECK_BUILD_DIR) TestCryptoLevel ; \
 	fi
@@ -2078,14 +2092,21 @@
 	rm -rf $(ECJ_BUILD_OUTPUT_DIR)
 	rm -f stamps/icedtea-ecj.stamp

-stamps/icedtea-against-ecj.stamp: stamps/icedtea-ecj.stamp stamps/add-systemtap-ecj.stamp \
+stamps/runnable-icedtea-ecj.stamp: stamps/icedtea-ecj.stamp stamps/pax-mark-vm-ecj.stamp
+	mkdir -p stamps
+	touch $@
+
+clean-runnable-icedtea-ecj: clean-icedtea-ecj clean-pax-mark-vm-ecj
+	rm -f stamps/runnable-icedtea-ecj.stamp
+
+stamps/icedtea-against-ecj.stamp: stamps/runnable-icedtea-ecj.stamp stamps/add-systemtap-ecj.stamp \
  stamps/add-pulseaudio-ecj.stamp stamps/add-nss-ecj.stamp stamps/add-tzdata-support-ecj.stamp \
- stamps/add-archive-ecj.stamp stamps/pax-mark-vm-ecj.stamp stamps/check-crypto-boot.stamp
+ stamps/add-archive-ecj.stamp stamps/check-crypto-boot.stamp
 	mkdir -p stamps
 	touch $@

 clean-icedtea-against-ecj: clean-add-systemtap-ecj clean-add-pulseaudio-ecj clean-add-nss-ecj \
- clean-add-tzdata-support-ecj clean-add-archive-ecj clean-pax-mark-vm-ecj clean-check-crypto-boot
+ clean-add-tzdata-support-ecj clean-add-archive-ecj clean-runnable-icedtea-ecj clean-check-crypto-boot
 	rm -f stamps/icedtea-against-ecj.stamp

 stamps/add-systemtap-ecj.stamp: stamps/icedtea-ecj.stamp
@@ -2208,7 +2229,7 @@
 	fi
 	rm -f stamps/add-tzdata-support-ecj.stamp

-stamps/add-archive-ecj.stamp: stamps/icedtea-ecj.stamp
+stamps/add-archive-ecj.stamp: stamps/runnable-icedtea-ecj.stamp
 if !ENABLE_JAMVM
 if !ENABLE_CACAO
 if !ZERO_BUILD
@@ -2233,7 +2254,7 @@
 clean-pax-mark-vm-ecj:
 	rm -f stamps/pax-mark-vm-ecj.stamp

-stamps/check-crypto-boot.stamp: stamps/cryptocheck.stamp stamps/icedtea-ecj.stamp
+stamps/check-crypto-boot.stamp: stamps/cryptocheck.stamp stamps/runnable-icedtea-ecj.stamp
 	if [ -e $(ECJ_BUILD_OUTPUT_DIR)/j2sdk-image/bin/java ] ; then \
 	  $(ECJ_BUILD_OUTPUT_DIR)/j2sdk-image/bin/java -cp $(CRYPTO_CHECK_BUILD_DIR) TestCryptoLevel ; \
 	fi
--- a/NEWS	Tue Mar 18 12:32:37 2014 +0000
+++ b/NEWS	Wed Mar 19 17:33:09 2014 +0000
@@ -18,6 +18,8 @@
   - S7151089: PS NUMA: NUMA allocator should not attempt to free pages when using SHM large pages
   - S8013057: Detect mmap() commit failures in Linux and Solaris os::commit_memory() impls and call vm_exit_out_of_memory()
   - S8026887: Make issues due to failed large pages allocations easier to debug
+* Bug fixes
+  - PR1714: Update PaX support to detect running PaX kernel and use newer tools

 New in release 1.11.15 (2014-01-21):
--- a/acinclude.m4	Tue Mar 18 12:32:37 2014 +0000
+++ b/acinclude.m4	Wed Mar 19 17:33:09 2014 +0000
@@ -2139,48 +2139,79 @@
   AM_CONDITIONAL([VM_SUPPORTS_XBOOTCLASSPATH], test x"${it_cv_xbootclasspath_works}" = "xyes")
 ])

+AC_DEFUN_ONCE([IT_HAS_PAX],
+[
+  AC_MSG_CHECKING([if a PaX kernel is in use])
+  if cat /proc/self/status | grep '^PaX' >&AS_MESSAGE_LOG_FD 2>&1; then
+    pax_active=yes;
+  else
+    pax_active=no;
+  fi
+  AC_MSG_RESULT([${pax_active}])
+  AM_CONDITIONAL([USING_PAX], test x"${pax_active}" = "xyes")
+])
+
 AC_DEFUN_ONCE([IT_WITH_PAX],
 [
-  AC_MSG_CHECKING([for pax utility to use])
+  AC_REQUIRE([IT_HAS_PAX])
+  PAX_DEFAULT=/usr/sbin/paxmark.sh
+  AC_MSG_CHECKING([if a PaX utility was specified])
   AC_ARG_WITH([pax],
               [AS_HELP_STRING(--with-pax=COMMAND,the command used for pax marking)],
   [
-    PAX_COMMAND=${withval}
-    if test "x${PAX_COMMAND}" = "xno"; then
-      PAX_COMMAND="not specified"
+    if test "x${withval}" = "xyes"; then
+      PAX_COMMAND=no
+    else
+      PAX_COMMAND="${withval}"
     fi
   ],
   [
-    PAX_COMMAND="not specified"
+    PAX_COMMAND=no
   ])
-  case "x${PAX_COMMAND}" in
-    xchpax)
-      case "${host_cpu}" in
-        i?86)
-          PAX_COMMAND_ARGS="-msp"
-          ;;
-        *)
-          PAX_COMMAND_ARGS="-m"
-          ;;
-      esac
-      ;;
-    xpaxctl)
-      case "${host_cpu}" in
-        i?86)
-          PAX_COMMAND_ARGS="-msp"
-          ;;
-        *)
-          PAX_COMMAND_ARGS="-m"
-          ;;
-      esac
-      ;;
-    *)
-      PAX_COMMAND="not specified"
-      PAX_COMMAND_ARGS="not specified"
-      ;;
-  esac
+  AC_MSG_RESULT(${PAX_COMMAND})
+  if test "x${PAX_COMMAND}" == "xno"; then
+    PAX_COMMAND=${PAX_DEFAULT}
+  fi
+  AC_MSG_CHECKING([if $PAX_COMMAND is a valid executable file])
+  if test -x "${PAX_COMMAND}" && test -f "${PAX_COMMAND}"; then
+    AC_MSG_RESULT([yes])
+  else
+    AC_MSG_RESULT([no])
+    PAX_COMMAND=""
+    AC_PATH_PROG(PAX_COMMAND, "paxmark.sh")
+    if test -z "${PAX_COMMAND}"; then
+      AC_PATH_PROG(PAX_COMMAND, "paxctl-ng")
+    fi
+    if test -z "${PAX_COMMAND}"; then
+      AC_PATH_PROG(PAX_COMMAND, "chpax")
+    fi
+    if test -z "${PAX_COMMAND}"; then
+      AC_PATH_PROG(PAX_COMMAND, "paxctl")
+    fi
+    if test -z "${PAX_COMMAND}"; then
+      if test "x${pax_active}" = "xyes"; then
+        AC_MSG_ERROR("No PaX utility found and running on a PaX kernel.")
+      else
+        AC_MSG_WARN("No PaX utility found.")
+      fi
+    fi
+  fi
+  if test -z "${PAX_COMMAND}"; then
+    PAX_COMMAND="not specified"
+    PAX_COMMAND_ARGS="not specified"
+  else
+    AC_MSG_CHECKING([which options to pass to ${PAX_COMMAND}])
+    case "${host_cpu}" in
+      i?86)
+        PAX_COMMAND_ARGS="-msp"
+        ;;
+      *)
+        PAX_COMMAND_ARGS="-m"
+        ;;
+    esac
+    AC_MSG_RESULT(${PAX_COMMAND_ARGS})
+  fi
   AM_CONDITIONAL(WITH_PAX, test "x${PAX_COMMAND}" != "xnot specified")
-  AC_MSG_RESULT(${PAX_COMMAND})
   AC_SUBST(PAX_COMMAND)
   AC_SUBST(PAX_COMMAND_ARGS)
 ])