Re: Text file busy

2003-09-15 Thread Peter Edwards
Terry Lambert wrote:

Wesley Morgan wrote:
 

It's also unfortunate that this protection does not seem to extend to
libaries. I've had some in-use X libraries get overwritten with some very
colorful results.
   

So send patches.
 

I did a year ago :-) See PR 37554. (Not the original patch, the 
self-follow-up).

That was for 4.5-STABLE: It's been running on a box that does nightly 
builds of -current and -stable (and infrequent installworlds of -stable) 
since then without any ill effects. A -current equivalent (with a sysctl 
knob, vm.mmap_exec_immutable, to turn the behaviour on/off) is 
attached, in case anyone's interested.

As noted in the original PR, the choice of PROT_EXEC to decide to add 
VV_TEXT to the vnode might be better done with a new mmap flag, say, 
PROT_IMMUTABLE or something, but PROT_EXEC works fine for me.

Index: sys/vm/vm_mmap.c
===
RCS file: /pub/FreeBSD/development/FreeBSD-CVS/src/sys/vm/vm_mmap.c,v
retrieving revision 1.165
diff -u -r1.165 vm_mmap.c
--- sys/vm/vm_mmap.c7 Sep 2003 18:47:54 -   1.165
+++ sys/vm/vm_mmap.c15 Sep 2003 13:36:46 -
@@ -91,6 +91,11 @@
 static int max_proc_mmap;
 SYSCTL_INT(_vm, OID_AUTO, max_proc_mmap, CTLFLAG_RW, max_proc_mmap, 0, );
 
+static int mmap_exec_immutable = 1;
+SYSCTL_INT(_vm, OID_AUTO, mmap_exec_immutable, CTLFLAG_RW,
+mmap_exec_immutable, 1, mmap(2) of a regular file for execute access 
+marks the file as immutable);
+
 /*
  * Set the maximum number of vm_map_entry structures per process.  Roughly
  * speaking vm_map_entry structures are tiny, so allowing them to eat 1/100
@@ -443,8 +448,18 @@
error = vm_mmap(vms-vm_map, addr, size, prot, maxprot,
flags, handle, pos);
mtx_lock(Giant);
-   if (error == 0)
+   if (error == 0) {
+   /*
+* If mapping a regular file as PROT_EXEC, and configured to,
+* mark the file as immutable
+*/
+   if (mmap_exec_immutable 
+   handle != NULL  vp != NULL 
+   (prot  PROT_EXEC)  vp-v_type == VREG)
+   vp-v_vflag |= VV_TEXT;
td-td_retval[0] = (register_t) (addr + pageoff);
+   }
+
 done:
if (vp)
vput(vp);
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Text file busy

2003-09-05 Thread Terry Lambert
Paul Richards wrote:
 Overwriting a file that's currently executing results in a Text file
 busy error.
 
 When did this start happening?
 
 This was something that was fixed way back on FreeBSD but it seems to be
 a problem again.

You are opening an existing file for write.  You need to rename
on top of it, or delete and create a new one, and this will not
happen.

The issue is that the pages in the executing file are not
necessarily all in core, so it can't copy-on-write them, since
it doesn't know that they are being dirtied.

The copy-on-write behaviour is relatively new; old System V
and Xenix system did not permit even deleting an executing
file, since the process did not hold an open file reference
on the file.

-- Terry
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Text file busy

2003-09-05 Thread Terry Lambert
Wesley Morgan wrote:
 On Thu, 4 Sep 2003, Scott M. Likens wrote:
  On Thu, 2003-09-04 at 07:44, Paul Richards wrote:
   Overwriting a file that's currently executing results in a Text file
   busy error.
 
  this feature has always existed in FreeBSD for as long as I remember.
 
 It's also unfortunate that this protection does not seem to extend to
 libaries. I've had some in-use X libraries get overwritten with some very
 colorful results.

So send patches.  The specific problem is in the ld.so mapping
of a page in a library file as executable, and this mapping
not setting the bit on the file image.

In general, this isn't done because the other references to the
file image may be as data (there's a race condition on install,
and a security race, if the libraries are writable, that could
permit a linked-shared SUID executable to be compromised after
it's running, but then if it's writable at all, that exists
anyway).  So it's probably safe to do this without resource
tracking the processes who've got it mapped this way.

My ld.so currently differs significantly from the stock version,
as does my C++ static constructor code, since I have a working
static libdlopen on my own developement boxes, so the patches I
have for this would be pretty useless for you, but they would
be quite trivial to recreate; all you do is set the bit whem mmap
has PROT_EXEC, or when mprotect has PROT_EXEC (both of these are
used by ld.so; for the crt0.c startup code that loads ld.so
initially, only mmap is used).

-- Terry
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Text file busy

2003-09-05 Thread Paul Richards
On Thu, 2003-09-04 at 19:20, Tim Kientzle wrote:

 Depends on how you're installing the binary.  It has always been
 safe to do either of the following:
* Rename the current executable and then install the new one.
* Unlink the current executable and then install the new one.
 Many tools that claim to overwrite really do the latter, which
 causes a certain amount of understandable confusion.  (I'm pretty
 sure install does unlink/copy by default and will do rename/copy
 if you specify -b.)

I thought I remembered a discussion from the very early days where a
solution was implemented to copy the pages if a file was overwritten
into memory or swap but I can find no record of that now other than a
suggestion in a thread that Solaris might do this.

I think I'm confusing the above impression with an actual problem that
was fixed where you'd still get the error even though the program had
stopped executing.

Paul.


intY has scanned this email for all known viruses (www.inty.com)

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]


Text file busy

2003-09-04 Thread Paul Richards
Overwriting a file that's currently executing results in a Text file
busy error.

When did this start happening?

This was something that was fixed way back on FreeBSD but it seems to be
a problem again.

Paul.


intY has scanned this email for all known viruses (www.inty.com)

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Text file busy

2003-09-04 Thread Sheldon Hearn
On (2003/09/04 14:44), Paul Richards wrote:

 Overwriting a file that's currently executing results in a Text file
 busy error.
 
 When did this start happening?
 
 This was something that was fixed way back on FreeBSD but it seems to be
 a problem again.

Really?  I've never seen it fixed.  I've occasionally hit this problem
upgrading perl and exim for as long as I can remember.

Ciao,
Sheldon.
-- 
http://starjuice.net/
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Text file busy

2003-09-04 Thread Scott M. Likens
On Thu, 2003-09-04 at 07:44, Paul Richards wrote:
 Overwriting a file that's currently executing results in a Text file
 busy error.
 
 When did this start happening?
 
 This was something that was fixed way back on FreeBSD but it seems to be
 a problem again.
 
 Paul.

this feature has always existed in FreeBSD for as long as I remember.

Of course there are ways to bypass this feature but it's there for
your protection.  You shouldn't be upgrading a program that's in
resident memory.  That's like trying to reinstall X while running in X. 
You're just asking for problems.

turnoff postfix, install the new version and be happy.

Every single 'flavor' of Unix/Unices has always had this feature.  I've
seen it on HP-UX box's on Solaris Servers, Linux, NetBSD, OpenBSD,
FreeBSD.  Maybe you wern't paying attention but, that is one of those
things I think should fall under duh, i shouldn't do that it might make
things crash hard.

Scott.
-- 
I think we ought to be out there doing what we do best - making large
holes in other people's countries. - George Carlin



signature.asc
Description: This is a digitally signed message part
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Text file busy

2003-09-04 Thread Stijn Hoop
On Thu, Sep 04, 2003 at 08:02:50AM -0700, Scott M. Likens wrote:
 That's like trying to reinstall X while running in X. 
 You're just asking for problems.

This has worked for me many times in the past :)

Of course it's on a (essentially) single user desktop, and I do a restart
after portupgrade -frRa finishes...

--Stijn

-- 
I wish there was a knob on the TV to turn up the intelligence.  There's a knob
called `brightness', but it doesn't work.
-- Gallagher


pgp0.pgp
Description: PGP signature


Re: Text file busy

2003-09-04 Thread John Polstra
On 04-Sep-2003 William K. Josephson wrote:
 On Thu, Sep 04, 2003 at 08:02:50AM -0700, Scott M. Likens wrote:
 Every single 'flavor' of Unix/Unices has always had this feature.  I've
 
 No, just recent ones.  One use to be able to page in from the wrong
 binary with rather entertaining results.

What's your idea of recent?  Even Unix V6 had EBUSY.  I ran
into it with regularity back then.

Anything with an errno value of 26 isn't what I'd call recent. :-)
Even the ancient EPIPE is 32.

John
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Text file busy

2003-09-04 Thread John Polstra
On 04-Sep-2003 John Polstra wrote:
 On 04-Sep-2003 William K. Josephson wrote:
 On Thu, Sep 04, 2003 at 08:02:50AM -0700, Scott M. Likens wrote:
 Every single 'flavor' of Unix/Unices has always had this feature.  I've
 
 No, just recent ones.  One use to be able to page in from the wrong
 binary with rather entertaining results.
 
 What's your idea of recent?  Even Unix V6 had EBUSY.

Oops, I meant ETXTBSY.

John
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Text file busy

2003-09-04 Thread Mikko Työläjärvi
On Thu, 4 Sep 2003, Scott M. Likens wrote:

 On Thu, 2003-09-04 at 07:44, Paul Richards wrote:
  Overwriting a file that's currently executing results in a Text file
  busy error.
 
  When did this start happening?
 
  This was something that was fixed way back on FreeBSD but it seems to be
  a problem again.
 
  Paul.

 this feature has always existed in FreeBSD for as long as I remember.

 Of course there are ways to bypass this feature but it's there for
 your protection.  You shouldn't be upgrading a program that's in
 resident memory.  That's like trying to reinstall X while running in X.
 You're just asking for problems.

 turnoff postfix, install the new version and be happy.

 Every single 'flavor' of Unix/Unices has always had this feature.  I've
 seen it on HP-UX box's on Solaris Servers, Linux, NetBSD, OpenBSD,
 FreeBSD.  Maybe you wern't paying attention but, that is one of those
 things I think should fall under duh, i shouldn't do that it might make
 things crash hard.

SunOS 4 let you overwrite binaries for running programs, which almost
surely made them crash.  HP-UX has the annoying misfeature that you
cannot even unlink a binary used for paging.

The way to do it is to mv/rm te target before installing the new
version.  AFAIK install(1) will do the right thing.

If you are into foot shooting, you can always overwrite a shared lib,
such as libc.so, and watch (almost) all your programs crash and burn :-)

   $.02,
   /Mikko
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Text file busy

2003-09-04 Thread Ruslan Ermilov
On Thu, Sep 04, 2003 at 02:44:13PM +, Paul Richards wrote:
 Overwriting a file that's currently executing results in a Text file
 busy error.
 
 When did this start happening?
 
 This was something that was fixed way back on FreeBSD but it seems to be
 a problem again.
 
cp -f


Cheers,
-- 
Ruslan Ermilov  Sysadmin and DBA,
[EMAIL PROTECTED]   Sunbay Software Ltd,
[EMAIL PROTECTED]   FreeBSD committer


pgp0.pgp
Description: PGP signature


Re: Text file busy

2003-09-04 Thread Tim Kientzle
Paul Richards wrote:
Overwriting a file that's currently executing results in a Text file
busy error.
I guess there are folks around who don't know this:

When you execute a program, the program is not simply copied
into memory.  Instead, the kernel keeps the file open and pages the
executable in as necessary.  This is called demand-paging of
executables and it's an old performance optimization that
improves VM operation (executable code never needs to be copied
out to swap; it can just be dumped and paged back in later) and
quickens application startup (only the immediately-required
parts of the application are read into memory immediately).
I'm not certain, but I suspect it first appeared in Unix in
the mid-1970s.
In essence, the file _is_ the executable contents of memory.
Overwriting it is almost always a bad idea; if the
system has to swap in another part of that executable,
the program is almost certain to crash.
This was something that was fixed way back on FreeBSD but it seems to be
a problem again.
Depends on how you're installing the binary.  It has always been
safe to do either of the following:
  * Rename the current executable and then install the new one.
  * Unlink the current executable and then install the new one.
Many tools that claim to overwrite really do the latter, which
causes a certain amount of understandable confusion.  (I'm pretty
sure install does unlink/copy by default and will do rename/copy
if you specify -b.)
True overwriting of in-use executable files (e.g., cat new  old)
is dangerous and should be prohibited.
Tim

P.S. I wonder if demand-paging of executables is still a win for
program startup on modern systems with dynamically-linked executables?
Large reads are a lot more efficient, and it seems that dynamic
linking might cause more startup thrashing.  Hmmm...
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Text file busy

2003-09-04 Thread Matthew Dillon
:
:Tim
:
:P.S. I wonder if demand-paging of executables is still a win for
:program startup on modern systems with dynamically-linked executables?
:Large reads are a lot more efficient, and it seems that dynamic
:linking might cause more startup thrashing.  Hmmm...

Yes, they are a big win 95% of the time.  Don't worry, the kernel will
pre-fault pages that are already cached in memory (to a point), and
the kernel will also cluster pagein operations if actual I/O becomes
necessary.

-Matt
Matthew Dillon 
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Text file busy

2003-09-04 Thread Wesley Morgan
On Thu, 4 Sep 2003, Scott M. Likens wrote:

 On Thu, 2003-09-04 at 07:44, Paul Richards wrote:
  Overwriting a file that's currently executing results in a Text file
  busy error.
 
  When did this start happening?
 
  This was something that was fixed way back on FreeBSD but it seems to be
  a problem again.
 
  Paul.

 this feature has always existed in FreeBSD for as long as I remember.

 Of course there are ways to bypass this feature but it's there for
 your protection.  You shouldn't be upgrading a program that's in
 resident memory.  That's like trying to reinstall X while running in X.
 You're just asking for problems.

 turnoff postfix, install the new version and be happy.

 Every single 'flavor' of Unix/Unices has always had this feature.  I've
 seen it on HP-UX box's on Solaris Servers, Linux, NetBSD, OpenBSD,
 FreeBSD.  Maybe you wern't paying attention but, that is one of those
 things I think should fall under duh, i shouldn't do that it might make
 things crash hard.

It's also unfortunate that this protection does not seem to extend to
libaries. I've had some in-use X libraries get overwritten with some very
colorful results.

-- 
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Text file busy

2003-09-04 Thread Matthew D. Fuller
On Thu, Sep 04, 2003 at 09:36:31AM -0700 I heard the voice of
Mikko Ty?l?j?rvi, and lo! it spake thus:
 
 If you are into foot shooting, you can always overwrite a shared lib,
 such as libc.so, and watch (almost) all your programs crash and burn :-)

*raise hand*

Yup.  Got the t-shirt.

Nothing like watching your pinkie move in slow motion to depress the
Enter key, while your brain is screaming, NO, I meant *MV*, not cp!!!



-- 
Matthew Fuller (MF4839)   |  [EMAIL PROTECTED]
Systems/Network Administrator |  http://www.over-yonder.net/~fullermd/

The only reason I'm burning my candle at both ends, is because I
  haven't figured out how to light the middle yet
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]