Hi John<div><br></div><div> ok, I get it. Ignore the previous message. Apologies.<br><br><div class="gmail_quote">On Fri, Jul 10, 2009 at 11:29 AM, John M McIntosh <span dir="ltr"><<a href="mailto:johnmci@smalltalkconsulting.com">johnmci@smalltalkconsulting.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><br>
As a reminder if this is being executed on a closure VM there is a bug in the VM where interacting with the SecurityPlugin<br>
can cause the VM to crash even if the image is not a closure based image. I attached the earlier note detailing this problem<br>
<br>
On 10-Jul-09, at 10:16 AM, Yoshiki Ohshima wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
At Fri, 10 Jul 2009 08:26:49 -0700,<br>
Yoshiki Ohshima wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
At Fri, 10 Jul 2009 00:10:10 -0700,<br>
Andreas Raab wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
The installer works fine but once I've installed it I get VM crashes<br>
when trying to use the plugin a browser, regardless of which browser<br>
(Firefox, IE7, Chrome).<br>
<br>
The crashes are extremely similar, see below:<br>
</blockquote>
<br>
Thank you for testing. I do get the crash, actually, too.<br>
<br>
One theory floating was OggPlugin, but removing it seems to take any<br>
effect. As the debug log suggests, it could be in the security<br>
plugin. I wonder what has changed. I'll look into it.<br>
</blockquote>
<br>
It works fine with the VM we used to distribute with the previous<br>
public installer, which claim to be 3.10.10 but I think with some<br>
modification on the SecurityPlugin where it expands the<br>
pseudo-variables like %MYDOCUMENTS% in etoys.ini. (But after<br>
substituting them in the .ini files it still crashes, so the expanding<br>
them may not be a problem.)<br>
<br>
If I put self halt in #enterRestrictedMode and step execute it, it<br>
goes through fine. It seems to suggest that some stack unbalance in a<br>
primitive (disableFileAccess or disableImageWrite) may be the issue.<br>
<br>
For the interest of release time, I think I put up an installer with<br>
the old VM for now, and look into the difference from it and 3.11.2<br>
VM.<br>
<br>
-- Yoshiki<br>
</blockquote>
<br>
<br>
<br>
----------<br>
<br>
Begin forwarded message:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
From: John M McIntosh <<a href="mailto:johnmci@smalltalkconsulting.com" target="_blank">johnmci@smalltalkconsulting.com</a>><br>
Date: May 3, 2009 1:58:29 PM PDT (CA)<br>
To: Andreas Raab <<a href="mailto:andreas.raab@gmx.de" target="_blank">andreas.raab@gmx.de</a>><br>
Subject: Fwd: Squeak crash<br>
<br>
<br>
<br>
Sent from my iPhone<br>
<br>
Begin forwarded message:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
From: John McIntosh <<a href="mailto:johnmci@smalltalkconsulting.com" target="_blank">johnmci@smalltalkconsulting.com</a>><br>
Date: May 3, 2009 1:43:21 PM PDT (CA)<br>
To: Eliot Miranda <<a href="mailto:eliot.miranda@gmail.com" target="_blank">eliot.miranda@gmail.com</a>><br>
Cc: Bert Freudenberg <<a href="mailto:bert@freudenbergs.de" target="_blank">bert@freudenbergs.de</a>><br>
Subject: Re: Squeak crash<br>
<br>
Ok I'm older and wiser this morning now if I had turned check for<br>
balanced stacks about a day ago the answer would be clearer.It seem<br>
the code in disable read write pops the stack which unbalanced it.<br>
Then the push literal sticks that constant in but then the method<br>
return true uses that as the content index where in the past that slot<br>
wasn't used or critical, so now you die<br>
<br>
I think andreas wrote the original security code, also was there not<br>
some recovery code for unbalanced stacks somewhere? My concern is<br>
there other example of this which we not yet crashed over. So how<br>
would we fix the VM to avoid? Or do we need to check all the plugin<br>
prim code for coding issues.<br>
<br>
On 5/2/09, John M McIntosh <<a href="mailto:johnmci@smalltalkconsulting.com" target="_blank">johnmci@smalltalkconsulting.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
On 30-Apr-09, at 9:12 AM, Eliot Miranda wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
John,<br>
<br>
I owuld run under gdb, put a halt somehwere after the context is<br>
created and before the primitive is called at put a watch on the<br>
address of closureOrNil.<br>
</blockquote>
<br>
Ok, I'm older, but not sure I"m wiser... However<br>
<br>
what i did is use some of the message send tracing code to break at<br>
the point of the enterRestrictedMode send, then look at the method<br>
contexts being allocated.<br>
A quick check showed the message context was the third back from the<br>
point of break on message send of enterRestrictedMode/<br>
<br>
problem context is at<br>
S2077c9cc <----- third back<br>
S207a1644<br>
S207a16a0(gdb) hereweare<br>
Undefined command: "hereweare". Try "help".<br>
(gdb) 1f4367a4 is the problem at 0x14 from 2077c9cc<br>
5f e3 9a 05 80 bc 77 20 e3 00 00 00 01 00 00 00<br>
80 86 42 20 a4 67 43 1f 30 3b 8f 1f 30 3b 8f 1f<br>
<br>
method is<br>
enterRestrictedMode<br>
<br>
run again, now the context is 0x2077ceac, a set up of a<br>
watch location for 0x14 from the start of the context triggers on the<br>
longAtPointerput.<br>
<br>
CASE(81)<br>
/* pushLiteralVariableBytecode */<br>
{<br>
flag("requires currentBytecode to be expanded to a constant");<br>
/* begin fetchNextBytecode */<br>
currentBytecode = byteAtPointer(++localIP);<br>
/* begin pushLiteralVariable: */<br>
/* begin internalPush: */<br>
longAtPointerput(localSP += BytesPerWord, longAt(((longAt((foo-<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
method + BaseHeaderSize) + (((81 & 31) + LiteralStart) <<<br>
</blockquote>
ShiftForWord))) + BaseHeaderSize) + (ValueIndex << ShiftForWord)));<br>
}<br>
;<br>
<br>
<br>
localReturnContext is 0x2077ceac<br>
localHomeContext is 0x2077ceac<br>
local SP is 0x2077cec0<br>
local IP is 0x204286fc<br>
currentByteCode is 112<br>
<br>
which stuffs 0x1f4367a4 into 0x2077cec0 which<br>
is offset 0x14 in localReturnContext<br>
<br>
then on the returnTrue for context 0x2077ceac we see the 0x1f4367a4<br>
and start the while loop until we get a memory exception...<br>
<br>
So let's look at the code.<br>
<br>
enterRestrictedMode<br>
"Some insecure contents was encountered. Close all doors and proceed."<br>
self isInRestrictedMode ifTrue:[^true].<br>
(SugarLauncher isRunningInRainbow or: [Preferences<br>
securityChecksEnabled not]) ifTrue: [^true]. "it's been your choice..."<br>
Preferences warnAboutInsecureContent ifTrue:[<br>
(PopUpMenu confirm:<br>
'You are about to load some insecure content.<br>
If you continue, access to files as well as<br>
some other capabilities will be limited.' translated<br>
trueChoice:'Load it anyways' translated<br>
falseChoice:'Do not load it' translated) ifFalse:[<br>
"user doesn't really want it"<br>
^false.<br>
].<br>
].<br>
"here goes the actual restriction"<br>
self flushSecurityKeys.<br>
self disableFileAccess.<br>
self disableImageWrite.<br>
"self disableSocketAccess."<br>
FileDirectory setDefaultDirectory: self untrustedUserDirectory.<br>
^true<br>
<br>
I note we are at case(81) which is hex 51 which I guess would be the<br>
120 <51> pushLit: FileDirectory<br>
<br>
81 <70> self<br>
82 <D0> send: isInRestrictedMode<br>
83 <98> jumpFalse: 85<br>
84 <79> return: true<br>
85 <45> pushLit: SugarLauncher<br>
86 <D4> send: isRunningInRainbow<br>
87 <99> jumpFalse: 90<br>
88 <71> pushConstant: true<br>
89 <92> jumpTo: 93<br>
90 <43> pushLit: Preferences<br>
91 <D2> send: securityChecksEnabled<br>
92 <D1> send: not<br>
93 <98> jumpFalse: 95<br>
94 <79> return: true<br>
95 <43> pushLit: Preferences<br>
96 <DC> send: warnAboutInsecureContent<br>
97 <AC 0C> jumpFalse: 111<br>
99 <47> pushLit: PopUpMenu<br>
100 <29> pushConstant: 'You are about to load some insecure content.<br>
If you continue, access to files as well as<br>
some other capabilities will be limited.'<br>
101 <D8> send: translated<br>
102 <2A> pushConstant: 'Load it anyways'<br>
103 <D8> send: translated<br>
104 <2B> pushConstant: 'Do not load it'<br>
105 <D8> send: translated<br>
106 <83 66> send: confirm:trueChoice:falseChoice:<br>
108 <A8 01> jumpTrue: 111<br>
110 <7A> return: false<br>
111 <70> self<br>
112 <DD> send: flushSecurityKeys<br>
113 <87> pop<br>
114 <70> self<br>
115 <DE> send: disableFileAccess<br>
116 <87> pop<br>
117 <70> self<br>
118 <DF> send: disableImageWrite<br>
119 <87> pop<br>
120 <51> pushLit: FileDirectory<br>
121 <70> self<br>
122 <83 12> send: untrustedUserDirectory<br>
124 <83 30> send: setDefaultDirectory:<br>
126 <87> pop<br>
127 <79> return: true<br>
<br>
Let's see if anything looks interesting<br>
<br>
disableImageWrite<br>
"SecurityManager default disableImageWrite"<br>
"Primitive. Disable writing to an image file.<br>
Cannot be revoked from the image."<br>
<primitive: 'primitiveDisableImageWrite' module: 'SecurityPlugin'><br>
^self primitiveFailed<br>
<br>
EXPORT(sqInt) primitiveDisableImageWrite(void) {<br>
ioDisableImageWrite();<br>
if (!(interpreterProxy->failed())) {<br>
interpreterProxy->pop(1);<br>
}<br>
}<br>
<br>
<br>
int ioDisableImageWrite() {<br>
allowImageWrite = 0;<br>
return 0;<br>
}<br>
<br>
<br>
disableFileAccess<br>
"SecurityManager default disableFileAccess"<br>
"Primitive. Disable unlimited access to files.<br>
Cannot be revoked from the image."<br>
<primitive: 'primitiveDisableFileAccess' module: 'FilePlugin'><br>
^self primitiveFailed<br>
<br>
<br>
EXPORT(sqInt) primitiveDisableFileAccess(void) {<br>
if (sDFAfn != 0) {<br>
((sqInt (*)(void))sDFAfn)();<br>
}<br>
if (!(interpreterProxy->failed())) {<br>
interpreterProxy->pop(1);<br>
}<br>
}<br>
<br>
sDFAfn = interpreterProxy->ioLoadFunctionFrom("secDisableFileAccess",<br>
"SecurityPlugin");<br>
<br>
<br>
EXPORT(sqInt) secDisableFileAccess(void) {<br>
return ioDisableFileAccess();<br>
}<br>
<br>
/* disabling/querying */<br>
int ioDisableFileAccess(void) {<br>
allowFileAccess = 0;<br>
return 0;<br>
}<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
=<br>
=<br>
=<br>
========================================================================<br>
John M. McIntosh <<a href="mailto:johnmci@smalltalkconsulting.com" target="_blank">johnmci@smalltalkconsulting.com</a>> Twitter:<br>
squeaker68882<br>
Corporate Smalltalk Consulting Ltd. <a href="http://www.smalltalkconsulting.com" target="_blank">http://www.smalltalkconsulting.com</a><br>
=<br>
=<br>
=<br>
========================================================================<br>
<br>
<br>
<br>
<br>
<br>
</blockquote>
<br>
</blockquote></blockquote>
<br>
--<br>
===========================================================================<br>
John M. McIntosh <<a href="mailto:johnmci@smalltalkconsulting.com" target="_blank">johnmci@smalltalkconsulting.com</a>> Twitter: squeaker68882<br>
Corporate Smalltalk Consulting Ltd. <a href="http://www.smalltalkconsulting.com" target="_blank">http://www.smalltalkconsulting.com</a><br>
===========================================================================<br>
<br>
<br>
<br>
<br>
</blockquote></div><br></div>