Author: Ralph Sennhaser The idea is to apply the pax markings before using a freshly built jdk. Be it for running tests or building additonal vms or after bootstrap to build the final jdk. There are currently two types of pax markings with the userspace utilities chpax and paxctl. Both types of pax marking are base on modifing the ELFs. A third type based on xattrs is in development. The embedded test_gamma.patch is taken from icedtea 2.0 itself. diff --git a/Makefile.am b/Makefile.am index 129edf2..158b149 100644 --- a/Makefile.am +++ b/Makefile.am @@ -279,6 +279,10 @@ else ICEDTEA_PATCHES += patches/nss-not-enabled-config.patch endif +if WITH_PAX +ICEDTEA_PATCHES += patches/test_gamma.patch +endif + ICEDTEA_PATCHES += $(DISTRIBUTION_PATCHES) # Bootstrapping patches @@ -300,7 +304,6 @@ ICEDTEA_BOOT_PATCHES = \ patches/boot/jar.patch \ patches/boot/symbols.patch \ patches/boot/tobin.patch \ - patches/boot/test_gamma.patch \ patches/boot/tools.jar.patch \ patches/boot/jopt.patch \ patches/boot/jaxp-dependency.patch \ @@ -320,6 +323,10 @@ ICEDTEA_BOOT_PATCHES = \ patches/boot/ecj-autoboxing.patch \ patches/boot/xsltproc.patch +if !WITH_PAX +ICEDTEA_BOOT_PATCHES += patches/boot/test_gamma.patch +endif + if CP39408_JAVAH ICEDTEA_BOOT_PATCHES += patches/boot/pr39408.patch endif @@ -1612,6 +1619,7 @@ stamps/icedtea.stamp: stamps/bootstrap-directory-symlink-stage2.stamp \ $(ICEDTEA_ENV) \ -C openjdk/ \ $(ICEDTEA_BUILD_TARGET) + $(abs_top_builddir)/pax-mark-vm $(BUILD_OUTPUT_DIR)/j2sdk-image mkdir -p $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/$(INSTALL_ARCH_DIR) mkdir -p $(BUILD_OUTPUT_DIR)/j2re-image/lib/$(INSTALL_ARCH_DIR) mkdir -p $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/ext @@ -1765,6 +1773,7 @@ stamps/icedtea-boot.stamp: stamps/bootstrap-directory-symlink-stage1.stamp \ $(ICEDTEA_ENV_BOOT) \ -C openjdk-boot \ $(ICEDTEA_BUILD_TARGET) + $(abs_top_builddir)/pax-mark-vm $(BOOT_BUILD_OUTPUT_DIR)/j2sdk-image @echo "Bootstrapped IcedTea is served:" \ $(BOOT_BUILD_OUTPUT_DIR) mkdir -p stamps diff --git a/acinclude.m4 b/acinclude.m4 index 5310d71..f08f1a9 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -2181,3 +2181,49 @@ rmdir tmp.$$ AM_CONDITIONAL([NO_BYTECODE7], test x"${it_cv_bytecode7}" = "xyes") AC_PROVIDE([$0])dnl ]) + +AC_DEFUN_ONCE([IT_WITH_PAX], +[ + AC_MSG_CHECKING([for pax utility to use]) + AC_ARG_WITH([pax], + [AS_HELP_STRING(--with-pax=COMMAND,the command used for pax marking)], + [ + PAX_COMMAND=${withval} + if test "x${PAX_COMMAND}" = "xno"; then + PAX_COMMAND="not specified" + fi + ], + [ + PAX_COMMAND="not specified" + ]) + case "x${PAX_COMMAND}" in + xchpax) + case "${host_cpu}" in + i?86) + PAX_COMMAND_ARGS="-msp" + ;; + *) + PAX_COMMAND_ARGS="-m" + ;; + esac + ;; + xpaxctl) + case "${host_cpu}" in + i?86) + PAX_COMMAND_ARGS="-msp" + ;; + *) + PAX_COMMAND_ARGS="-m" + ;; + esac + ;; + *) + PAX_COMMAND="not specified" + PAX_COMMAND_ARGS="not specified" + ;; + esac + AM_CONDITIONAL(WITH_PAX, test "x${PAX_COMMAND}" != "xnot specified") + AC_MSG_RESULT(${PAX_COMMAND}) + AC_SUBST(PAX_COMMAND) + AC_SUBST(PAX_COMMAND_ARGS) +]) diff --git a/configure.ac b/configure.ac index e0b866b..7c665ef 100644 --- a/configure.ac +++ b/configure.ac @@ -146,6 +146,9 @@ IT_WITH_PROJECT IT_ENABLE_HG IT_WITH_TZDATA_DIR +IT_WITH_PAX +AC_CONFIG_FILES([pax-mark-vm], [chmod +x pax-mark-vm]) + AC_PATH_TOOL([HG],[hg]) if test "x${enable_hg}" = "xyes"; then if test "x${HG}" = x; then diff --git a/patches/test_gamma.patch b/patches/test_gamma.patch new file mode 100644 index 0000000..7e8d3d6 --- /dev/null +++ b/patches/test_gamma.patch @@ -0,0 +1,47 @@ +diff -Nru ../openjdk.orig/openjdk/hotspot/make/linux/Makefile openjdk/hotspot/make/linux/Makefile +--- ../openjdk.orig/openjdk/hotspot/make/linux/Makefile 2009-10-30 17:37:07.000000000 +0000 ++++ openjdk/hotspot/make/linux/Makefile 2009-10-30 17:45:40.000000000 +0000 +@@ -287,42 +287,36 @@ + + $(TARGETS_C2): $(SUBDIRS_C2) + cd $(OSNAME)_$(BUILDARCH)_compiler2/$@ && $(MAKE) $(MFLAGS) +- cd $(OSNAME)_$(BUILDARCH)_compiler2/$@ && ./test_gamma + ifdef INSTALL + cd $(OSNAME)_$(BUILDARCH)_compiler2/$@ && $(MAKE) $(MFLAGS) install + endif + + $(TARGETS_TIERED): $(SUBDIRS_TIERED) + cd $(OSNAME)_$(BUILDARCH)_tiered/$(patsubst %tiered,%,$@) && $(MAKE) $(MFLAGS) +- cd $(OSNAME)_$(BUILDARCH)_tiered/$(patsubst %tiered,%,$@) && ./test_gamma + ifdef INSTALL + cd $(OSNAME)_$(BUILDARCH)_tiered/$(patsubst %tiered,%,$@) && $(MAKE) $(MFLAGS) install + endif + + $(TARGETS_C1): $(SUBDIRS_C1) + cd $(OSNAME)_$(BUILDARCH)_compiler1/$(patsubst %1,%,$@) && $(MAKE) $(MFLAGS) +- cd $(OSNAME)_$(BUILDARCH)_compiler1/$(patsubst %1,%,$@) && ./test_gamma + ifdef INSTALL + cd $(OSNAME)_$(BUILDARCH)_compiler1/$(patsubst %1,%,$@) && $(MAKE) $(MFLAGS) install + endif + + $(TARGETS_CORE): $(SUBDIRS_CORE) + cd $(OSNAME)_$(BUILDARCH)_core/$(patsubst %core,%,$@) && $(MAKE) $(MFLAGS) +- cd $(OSNAME)_$(BUILDARCH)_core/$(patsubst %core,%,$@) && ./test_gamma + ifdef INSTALL + cd $(OSNAME)_$(BUILDARCH)_core/$(patsubst %core,%,$@) && $(MAKE) $(MFLAGS) install + endif + + $(TARGETS_ZERO): $(SUBDIRS_ZERO) + cd $(OSNAME)_$(VARIANTARCH)_zero/$(patsubst %zero,%,$@) && $(MAKE) $(MFLAGS) +- cd $(OSNAME)_$(VARIANTARCH)_zero/$(patsubst %zero,%,$@) && ./test_gamma + ifdef INSTALL + cd $(OSNAME)_$(VARIANTARCH)_zero/$(patsubst %zero,%,$@) && $(MAKE) $(MFLAGS) install + endif + + $(TARGETS_SHARK): $(SUBDIRS_SHARK) + cd $(OSNAME)_$(VARIANTARCH)_shark/$(patsubst %shark,%,$@) && $(MAKE) $(MFLAGS) +- cd $(OSNAME)_$(VARIANTARCH)_shark/$(patsubst %shark,%,$@) && ./test_gamma + ifdef INSTALL + cd $(OSNAME)_$(VARIANTARCH)_shark/$(patsubst %shark,%,$@) && $(MAKE) $(MFLAGS) install + endif + diff --git a/pax-mark-vm.in b/pax-mark-vm.in new file mode 100644 index 0000000..118bb61 --- /dev/null +++ b/pax-mark-vm.in @@ -0,0 +1,13 @@ +#!/bin/sh + +# Taken from Gentoo's pax-utils.eclass +list_paxables() { + file "$@" 2> /dev/null | grep -E 'ELF.*(executable|shared object)' | sed -e 's/: .*$//' +} + +if test "@PAX_COMMAND@" != "not specified"; then + for paxable in `list_paxables "${1}"/bin/* "${1}"/jre/bin/*`; do + echo "PaX mark @PAX_COMMAND_ARGS@ ${paxable}" + @PAX_COMMAND@ @PAX_COMMAND_ARGS@ "${paxable}" + done +fi