[Vm-dev] Re: [squeakland] Re: [Fwd: Re: New Etoys installer for
testing]
John M McIntosh
johnmci at smalltalkconsulting.com
Fri Jul 10 18:29:52 UTC 2009
As a reminder if this is being executed on a closure VM there is a bug
in the VM where interacting with the SecurityPlugin
can cause the VM to crash even if the image is not a closure based
image. I attached the earlier note detailing this problem
On 10-Jul-09, at 10:16 AM, Yoshiki Ohshima wrote:
>
> At Fri, 10 Jul 2009 08:26:49 -0700,
> Yoshiki Ohshima wrote:
>>
>> At Fri, 10 Jul 2009 00:10:10 -0700,
>> Andreas Raab wrote:
>>>
>>> The installer works fine but once I've installed it I get VM crashes
>>> when trying to use the plugin a browser, regardless of which browser
>>> (Firefox, IE7, Chrome).
>>>
>>> The crashes are extremely similar, see below:
>>
>> Thank you for testing. I do get the crash, actually, too.
>>
>> One theory floating was OggPlugin, but removing it seems to take any
>> effect. As the debug log suggests, it could be in the security
>> plugin. I wonder what has changed. I'll look into it.
>
> It works fine with the VM we used to distribute with the previous
> public installer, which claim to be 3.10.10 but I think with some
> modification on the SecurityPlugin where it expands the
> pseudo-variables like %MYDOCUMENTS% in etoys.ini. (But after
> substituting them in the .ini files it still crashes, so the expanding
> them may not be a problem.)
>
> If I put self halt in #enterRestrictedMode and step execute it, it
> goes through fine. It seems to suggest that some stack unbalance in a
> primitive (disableFileAccess or disableImageWrite) may be the issue.
>
> For the interest of release time, I think I put up an installer with
> the old VM for now, and look into the difference from it and 3.11.2
> VM.
>
> -- Yoshiki
----------
Begin forwarded message:
> From: John M McIntosh <johnmci at smalltalkconsulting.com>
> Date: May 3, 2009 1:58:29 PM PDT (CA)
> To: Andreas Raab <andreas.raab at gmx.de>
> Subject: Fwd: Squeak crash
>
>
>
> Sent from my iPhone
>
> Begin forwarded message:
>
>> From: John McIntosh <johnmci at smalltalkconsulting.com>
>> Date: May 3, 2009 1:43:21 PM PDT (CA)
>> To: Eliot Miranda <eliot.miranda at gmail.com>
>> Cc: Bert Freudenberg <bert at freudenbergs.de>
>> Subject: Re: Squeak crash
>>
>> Ok I'm older and wiser this morning now if I had turned check for
>> balanced stacks about a day ago the answer would be clearer.It seem
>> the code in disable read write pops the stack which unbalanced it.
>> Then the push literal sticks that constant in but then the method
>> return true uses that as the content index where in the past that
>> slot
>> wasn't used or critical, so now you die
>>
>> I think andreas wrote the original security code, also was there not
>> some recovery code for unbalanced stacks somewhere? My concern is
>> there other example of this which we not yet crashed over. So how
>> would we fix the VM to avoid? Or do we need to check all the plugin
>> prim code for coding issues.
>>
>> On 5/2/09, John M McIntosh <johnmci at smalltalkconsulting.com> wrote:
>>>
>>> On 30-Apr-09, at 9:12 AM, Eliot Miranda wrote:
>>>
>>>> John,
>>>>
>>>> I owuld run under gdb, put a halt somehwere after the context is
>>>> created and before the primitive is called at put a watch on the
>>>> address of closureOrNil.
>>>
>>> Ok, I'm older, but not sure I"m wiser... However
>>>
>>> what i did is use some of the message send tracing code to break at
>>> the point of the enterRestrictedMode send, then look at the method
>>> contexts being allocated.
>>> A quick check showed the message context was the third back from the
>>> point of break on message send of enterRestrictedMode/
>>>
>>> problem context is at
>>> S2077c9cc <----- third back
>>> S207a1644
>>> S207a16a0(gdb) hereweare
>>> Undefined command: "hereweare". Try "help".
>>> (gdb) 1f4367a4 is the problem at 0x14 from 2077c9cc
>>> 5f e3 9a 05 80 bc 77 20 e3 00 00 00 01 00 00 00
>>> 80 86 42 20 a4 67 43 1f 30 3b 8f 1f 30 3b 8f 1f
>>>
>>> method is
>>> enterRestrictedMode
>>>
>>> run again, now the context is 0x2077ceac, a set up of a
>>> watch location for 0x14 from the start of the context triggers on
>>> the
>>> longAtPointerput.
>>>
>>> CASE(81)
>>> /* pushLiteralVariableBytecode */
>>> {
>>> flag("requires currentBytecode to be expanded to a
>>> constant");
>>> /* begin fetchNextBytecode */
>>> currentBytecode = byteAtPointer(++localIP);
>>> /* begin pushLiteralVariable: */
>>> /* begin internalPush: */
>>> longAtPointerput(localSP += BytesPerWord,
>>> longAt(((longAt((foo-
>>>> method + BaseHeaderSize) + (((81 & 31) + LiteralStart) <<
>>> ShiftForWord))) + BaseHeaderSize) + (ValueIndex << ShiftForWord)));
>>> }
>>> ;
>>>
>>>
>>> localReturnContext is 0x2077ceac
>>> localHomeContext is 0x2077ceac
>>> local SP is 0x2077cec0
>>> local IP is 0x204286fc
>>> currentByteCode is 112
>>>
>>> which stuffs 0x1f4367a4 into 0x2077cec0 which
>>> is offset 0x14 in localReturnContext
>>>
>>> then on the returnTrue for context 0x2077ceac we see the 0x1f4367a4
>>> and start the while loop until we get a memory exception...
>>>
>>> So let's look at the code.
>>>
>>> enterRestrictedMode
>>> "Some insecure contents was encountered. Close all doors and
>>> proceed."
>>> self isInRestrictedMode ifTrue:[^true].
>>> (SugarLauncher isRunningInRainbow or: [Preferences
>>> securityChecksEnabled not]) ifTrue: [^true]. "it's been your
>>> choice..."
>>> Preferences warnAboutInsecureContent ifTrue:[
>>> (PopUpMenu confirm:
>>> 'You are about to load some insecure content.
>>> If you continue, access to files as well as
>>> some other capabilities will be limited.' translated
>>> trueChoice:'Load it anyways' translated
>>> falseChoice:'Do not load it' translated) ifFalse:[
>>> "user doesn't really want it"
>>> ^false.
>>> ].
>>> ].
>>> "here goes the actual restriction"
>>> self flushSecurityKeys.
>>> self disableFileAccess.
>>> self disableImageWrite.
>>> "self disableSocketAccess."
>>> FileDirectory setDefaultDirectory: self untrustedUserDirectory.
>>> ^true
>>>
>>> I note we are at case(81) which is hex 51 which I guess would be the
>>> 120 <51> pushLit: FileDirectory
>>>
>>> 81 <70> self
>>> 82 <D0> send: isInRestrictedMode
>>> 83 <98> jumpFalse: 85
>>> 84 <79> return: true
>>> 85 <45> pushLit: SugarLauncher
>>> 86 <D4> send: isRunningInRainbow
>>> 87 <99> jumpFalse: 90
>>> 88 <71> pushConstant: true
>>> 89 <92> jumpTo: 93
>>> 90 <43> pushLit: Preferences
>>> 91 <D2> send: securityChecksEnabled
>>> 92 <D1> send: not
>>> 93 <98> jumpFalse: 95
>>> 94 <79> return: true
>>> 95 <43> pushLit: Preferences
>>> 96 <DC> send: warnAboutInsecureContent
>>> 97 <AC 0C> jumpFalse: 111
>>> 99 <47> pushLit: PopUpMenu
>>> 100 <29> pushConstant: 'You are about to load some insecure content.
>>> If you continue, access to files as well as
>>> some other capabilities will be limited.'
>>> 101 <D8> send: translated
>>> 102 <2A> pushConstant: 'Load it anyways'
>>> 103 <D8> send: translated
>>> 104 <2B> pushConstant: 'Do not load it'
>>> 105 <D8> send: translated
>>> 106 <83 66> send: confirm:trueChoice:falseChoice:
>>> 108 <A8 01> jumpTrue: 111
>>> 110 <7A> return: false
>>> 111 <70> self
>>> 112 <DD> send: flushSecurityKeys
>>> 113 <87> pop
>>> 114 <70> self
>>> 115 <DE> send: disableFileAccess
>>> 116 <87> pop
>>> 117 <70> self
>>> 118 <DF> send: disableImageWrite
>>> 119 <87> pop
>>> 120 <51> pushLit: FileDirectory
>>> 121 <70> self
>>> 122 <83 12> send: untrustedUserDirectory
>>> 124 <83 30> send: setDefaultDirectory:
>>> 126 <87> pop
>>> 127 <79> return: true
>>>
>>> Let's see if anything looks interesting
>>>
>>> disableImageWrite
>>> "SecurityManager default disableImageWrite"
>>> "Primitive. Disable writing to an image file.
>>> Cannot be revoked from the image."
>>> <primitive: 'primitiveDisableImageWrite' module:
>>> 'SecurityPlugin'>
>>> ^self primitiveFailed
>>>
>>> EXPORT(sqInt) primitiveDisableImageWrite(void) {
>>> ioDisableImageWrite();
>>> if (!(interpreterProxy->failed())) {
>>> interpreterProxy->pop(1);
>>> }
>>> }
>>>
>>>
>>> int ioDisableImageWrite() {
>>> allowImageWrite = 0;
>>> return 0;
>>> }
>>>
>>>
>>> disableFileAccess
>>> "SecurityManager default disableFileAccess"
>>> "Primitive. Disable unlimited access to files.
>>> Cannot be revoked from the image."
>>> <primitive: 'primitiveDisableFileAccess' module: 'FilePlugin'>
>>> ^self primitiveFailed
>>>
>>>
>>> EXPORT(sqInt) primitiveDisableFileAccess(void) {
>>> if (sDFAfn != 0) {
>>> ((sqInt (*)(void))sDFAfn)();
>>> }
>>> if (!(interpreterProxy->failed())) {
>>> interpreterProxy->pop(1);
>>> }
>>> }
>>>
>>> sDFAfn = interpreterProxy-
>>> >ioLoadFunctionFrom("secDisableFileAccess",
>>> "SecurityPlugin");
>>>
>>>
>>> EXPORT(sqInt) secDisableFileAccess(void) {
>>> return ioDisableFileAccess();
>>> }
>>>
>>> /* disabling/querying */
>>> int ioDisableFileAccess(void) {
>>> allowFileAccess = 0;
>>> return 0;
>>> }
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> ====================================================================
>>> John M. McIntosh <johnmci at smalltalkconsulting.com> Twitter:
>>> squeaker68882
>>> Corporate Smalltalk Consulting Ltd. http://www.smalltalkconsulting.com
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> ====================================================================
>>>
>>>
>>>
>>>
>>>
>>
--
=
=
=
========================================================================
John M. McIntosh <johnmci at smalltalkconsulting.com> Twitter:
squeaker68882
Corporate Smalltalk Consulting Ltd. http://www.smalltalkconsulting.com
=
=
=
========================================================================
More information about the Vm-dev
mailing list