Chia-Che Tsai 10 anni fa
parent
commit
328ca4af9b
45 ha cambiato i file con 662 aggiunte e 680 eliminazioni
  1. 3 5
      LibOS/Makefile
  2. 1 2
      LibOS/shim/Makefile
  3. 2 1
      LibOS/shim/include/shim_thread.h
  4. 8 14
      LibOS/shim/src/bookkeep/shim_thread.c
  5. 18 37
      LibOS/shim/src/bookkeep/shim_vma.c
  6. 0 1
      LibOS/shim/src/fs/shim_dcache.c
  7. 5 1
      LibOS/shim/src/fs/socket/fs.c
  8. 1 0
      LibOS/shim/src/ipc/shim_ipc_helper.c
  9. 1 0
      LibOS/shim/src/shim_async.c
  10. 6 2
      LibOS/shim/src/shim_init.c
  11. 2 1
      LibOS/shim/src/shim_syscalls.c
  12. 2 0
      LibOS/shim/src/sys/shim_clone.c
  13. 5 1
      LibOS/shim/src/sys/shim_exec.c
  14. 1 0
      LibOS/shim/src/sys/shim_fork.c
  15. 2 0
      LibOS/shim/src/sys/shim_vfork.c
  16. 4 4
      LibOS/shim/test/apps/Makefile
  17. 1 1
      LibOS/shim/test/apps/apache/Makefile
  18. BIN
      LibOS/shim/test/apps/apache/php-5.6.6.tar.bz2
  19. 3 3
      LibOS/shim/test/apps/busybox/Makefile
  20. BIN
      LibOS/shim/test/apps/busybox/busybox-1.19.4.tar.gz
  21. BIN
      LibOS/shim/test/apps/busybox/busybox-1.23.1.tar.bz2
  22. 100 55
      LibOS/shim/test/apps/busybox/config_for_graphene
  23. 100 55
      LibOS/shim/test/apps/busybox/config_for_graphene_nofork
  24. 1 1
      LibOS/shim/test/apps/make/Makefile
  25. 2 2
      LibOS/shim/test/apps/make/graphene/Makefile
  26. 11 3
      LibOS/shim/test/apps/pal_loader
  27. 10 5
      LibOS/shim/test/native/Makefile
  28. 12 0
      LibOS/shim/test/native/pie.c
  29. 2 8
      Pal/Makefile
  30. 43 47
      Pal/linux-3.14/graphene/graphene.c
  31. 11 37
      Pal/src/db_main.c
  32. 22 21
      Pal/src/db_rtld.c
  33. 1 1
      Pal/src/db_streams.c
  34. 1 1
      Pal/src/host/Linux/Makefile
  35. 68 29
      Pal/src/host/Linux/db_main.c
  36. 139 225
      Pal/src/host/Linux/db_process.c
  37. 1 1
      Pal/src/host/Linux/db_sockets.c
  38. 17 0
      Pal/src/host/Linux/pal_linux.h
  39. 8 7
      Pal/src/host/Linux/pal_security.h
  40. 3 0
      Pal/src/pal.h
  41. 18 12
      Pal/src/pal_internal.h
  42. 1 0
      Pal/src/security/Linux/filter.c
  43. 22 91
      Pal/src/security/Linux/main.c
  44. 2 2
      Pal/src/security/Linux/wrapper.c
  45. 2 4
      Pal/test/Makefile

+ 3 - 5
LibOS/Makefile

@@ -4,13 +4,11 @@ BUILD_DIR = build
 GLIBC_TARGET = $(addprefix $(BUILD_DIR)/,libc.so.6 ld-linux-x86-64.so.2)
 
 all: $(GLIBC_TARGET)
-	make -C $(SHIM_DIR)/src
-	make -C $(SHIM_DIR)/test
+	make -C $(SHIM_DIR) all
 
 debug: DEBUG=debug
 debug: $(GLIBC_TARGET)
-	make -C $(SHIM_DIR)/src  debug
-	make -C $(SHIM_DIR)/test debug
+	make -C $(SHIM_DIR) debug
 
 # nothing to install
 install:
@@ -28,5 +26,5 @@ $(GLIBC_SRC)/configure:
 	[ ! -f $(GLIBC_SRC).patch ] || git apply $(GLIBC_SRC).patch
 
 clean:
-	make -C $(SHIM_DIR)/src clean
+	make -C $(SHIM_DIR) clean
 	rm -rf $(BUILD_DIR)

+ 1 - 2
LibOS/shim/Makefile

@@ -1,11 +1,10 @@
 MAKEFLAGS += --check-symlink-times
 
-TARGET := all debug clean
 SRC_DIRS := src
 TESTS_DIRS := test
 DIRS := ${SRC_DIRS} ${TESTS_DIRS}
 
-${TARGET}: ${DIRS}
+all debug clean: ${DIRS}
 	for d in ${DIRS}; \
 	do \
 		make $@ -C $$d; \

+ 2 - 1
LibOS/shim/include/shim_thread.h

@@ -79,6 +79,7 @@ struct shim_thread {
 
     void * stack, * stack_top, * stack_red;
     void * tcb;
+    bool user_tcb; /* is tcb assigned by user? */
     void * frameptr;
 
     REFTYPE ref_count;
@@ -121,7 +122,7 @@ void get_simple_thread (struct shim_simple_thread * thread);
 void put_simple_thread (struct shim_simple_thread * thread);
 
 void allocate_tls (void * tcb_location, struct shim_thread * thread);
-void populate_tls (void * tcb_location);
+void populate_tls (void * tcb_location, bool user);
 
 void debug_setprefix (shim_tcb_t * tcb);
 

+ 8 - 14
LibOS/shim/src/bookkeep/shim_thread.c

@@ -593,6 +593,7 @@ void switch_dummy_thread (struct shim_thread * thread)
 
     DkThreadPrivate(real_thread->tcb);
     set_cur_thread(real_thread);
+    debug("set tcb to %p\n", real_thread->tcb);
 
     debug("jump to the stack %p\n", real_thread->frameptr);
     debug("shim_vfork success (returning %d)\n", child);
@@ -732,13 +733,13 @@ RESUME_FUNC_BODY(thread)
     if (thread->handle_map)
         get_handle_map(thread->handle_map);
 
-#ifndef DEBUG_RESUME
+//#ifdef DEBUG_RESUME
     debug("thread: "
           "tid=%d,tgid=%d,parent=%d,stack=%p,frameptr=%p,tcb=%p\n",
           thread->tid, thread->tgid,
           thread->parent ? thread->parent->tid : thread->tid,
           thread->stack, thread->frameptr, thread->tcb);
-#endif
+//#endif
 }
 END_RESUME_FUNC
 
@@ -755,16 +756,13 @@ MIGRATE_FUNC_BODY(running_thread)
     DO_MIGRATE(thread, thread, thread_obj, recursive);
     ADD_FUNC_ENTRY(new_thread);
 
-    __libc_tcb_t * tcb = thread->tcb;
-    if (tcb && lookup_supervma(tcb, sizeof(__libc_tcb_t), NULL) < 0) {
+    if (!thread->user_tcb) {
         ADD_OFFSET(sizeof(__libc_tcb_t));
-        ADD_ENTRY(ADDR, base + *offset);
         if (!dry) {
             __libc_tcb_t * new_tcb = (void *) (base + *offset);
-            memcpy(new_tcb, tcb, sizeof(__libc_tcb_t));
+            new_thread->tcb = new_tcb;
+            memcpy(new_tcb, thread->tcb, sizeof(__libc_tcb_t));
         }
-    } else {
-        ADD_ENTRY(ADDR, NULL);
     }
 }
 END_MIGRATE_FUNC
@@ -782,6 +780,7 @@ int resume_wrapper (void * param)
     thread->in_vm = thread->is_alive = true;
     allocate_tls(libc_tcb, thread);
     debug_setbuf(tcb, true);
+    debug("set tcb to %p\n", libc_tcb);
 
     DkObjectsWaitAny(1, &thread_start_event, NO_TIMEOUT);
 
@@ -798,12 +797,6 @@ RESUME_FUNC_BODY(running_thread)
 
     get_thread(thread);
 
-    void * new_tcb = (void *) GET_ENTRY(ADDR);
-    if (new_tcb) {
-        RESUME_REBASE(new_tcb);
-        thread->tcb = new_tcb;
-    }
-
     if (cur_thread) {
         PAL_HANDLE handle = DkThreadCreate(resume_wrapper, thread, 0);
         if (!thread)
@@ -819,6 +812,7 @@ RESUME_FUNC_BODY(running_thread)
             tcb->debug_buf = SHIM_GET_TLS()->debug_buf;
             allocate_tls(libc_tcb, thread);
             debug_setprefix(tcb);
+            debug("after resume, set tcb to %p\n", libc_tcb);
         } else {
             set_cur_thread(thread);
         }

+ 18 - 37
LibOS/shim/src/bookkeep/shim_vma.c

@@ -90,26 +90,6 @@ static inline int test_vma_overlap (struct shim_vma * tmp,
            test_vma_startin (tmp, addr, length - 1);
 }
 
-static void * heap_base = &__load_address;
-
-static int __set_heap_base (void)
-{
-    unsigned long heap_addr = (unsigned long) &__load_address;
-    unsigned long shim_size = (unsigned long) &__load_address_end -
-                              (unsigned long) &__load_address;
-    unsigned long base_size = allocsize;
-
-    while ((base_size >> 12) < shim_size)
-        base_size <<= 1;
-    while ((base_size << 6) < heap_addr)
-        base_size <<= 1;
-
-    heap_base = (void *) &__load_address - base_size;
-
-    debug("heap base is %p\n", heap_base);
-    return 0;
-}
-
 int bkeep_shim_heap (void);
 
 int init_vma (void)
@@ -118,7 +98,6 @@ int init_vma (void)
         return -ENOMEM;
 
     bkeep_shim_heap();
-    __set_heap_base();
     create_lock(vma_list_lock);
 
     return 0;
@@ -617,41 +596,43 @@ int bkeep_mprotect (void * addr, size_t length, int prot, const int * flags)
 
 void * get_unmapped_vma (size_t length, int flags)
 {
-    struct shim_vma * tmp, * prev = NULL, * new;
-    void * addr = heap_base;
-
-    new = get_new_vma();
+    struct shim_vma * new = get_new_vma();
     if (!new)
         return NULL;
 
+    struct shim_vma * tmp, * prev = NULL;
     lock(vma_list_lock);
 
-    list_for_each_entry_reverse(tmp, &vma_list, list) {
-        if (tmp->addr >= addr)
-            continue;
+    new->addr = pal_control.user_address_begin;
+    new->length = length;
+    new->flags = flags|VMA_UNMAPPED;
 
-        if (tmp->addr + tmp->length + length <= addr) {
+    list_for_each_entry(tmp, &vma_list, list) {
+        if (tmp->addr <= new->addr) {
+            if (tmp->addr + tmp->length > new->addr)
+                new->addr = tmp->addr + tmp->length;
             prev = tmp;
-            break;
+            continue;
         }
 
-        addr = tmp->addr;
+        if (tmp->addr >= new->addr + length)
+            break;
+
+        new->addr = tmp->addr + tmp->length;
+        prev = tmp;
     }
 
-    if ((unsigned long) addr < length) {
+    if (new->addr + length > pal_control.user_address_end) {
         unlock(vma_list_lock);
         put_vma(new);
         return NULL;
     }
 
-    new->addr   = (addr -= length);
-    new->length = length;
-    new->flags  = flags|VMA_UNMAPPED;
     assert(!prev || prev->addr + prev->length <= new->addr);
     get_vma(new);
     list_add(&new->list, prev ? &prev->list : &vma_list);
     unlock(vma_list_lock);
-    return addr;
+    return new->addr;
 }
 
 /* This might not give the same vma but we might need to
@@ -855,7 +836,7 @@ int dump_all_vmas (struct shim_thread * thread, char * buf, size_t size)
             if (vma->comment[0])
                 cnt += snprintf(buf + cnt, size - cnt,
                                 " %c%c%cp 00000000 00:00 0 [%s]\n",
-                                prot[0], prot[1], prot[2], vma->comment[0]);
+                                prot[0], prot[1], prot[2], vma->comment);
             else
                 cnt += snprintf(buf + cnt, size - cnt,
                                 " %c%c%cp 00000000 00:00 0\n",

+ 0 - 1
LibOS/shim/src/fs/shim_dcache.c

@@ -382,7 +382,6 @@ __lookup_dcache (struct shim_dentry * start, const char * name, int namelen,
                 continue;
             if (memcmp(fullpath, path, pathlen))
                 continue;
-            debug("dentry %p matched path: %s\n", dent, path);
         }
 
         get_dentry(dent);

+ 5 - 1
LibOS/shim/src/fs/socket/fs.c

@@ -180,6 +180,11 @@ static int socket_poll (struct shim_handle * hdl, int poll_type)
                 ret = -ENOTCONN;
                 goto out;
             }
+
+            if (sock->sock_state == SOCK_LISTENED) {
+                ret = -EAGAIN;
+                goto out;
+            }
         }
 
         if (sock->sock_type == SOCK_DGRAM &&
@@ -187,7 +192,6 @@ static int socket_poll (struct shim_handle * hdl, int poll_type)
             ret = -ENOTCONN;
             goto out;
         }
-
     }
 
     if (poll_type & FS_POLL_WR) {

+ 1 - 0
LibOS/shim/src/ipc/shim_ipc_helper.c

@@ -738,6 +738,7 @@ static void shim_ipc_helper (void * arg)
     __libc_tcb_t tcb;
     allocate_tls(&tcb, self);
     debug_setbuf(&tcb.shim_tcb, true);
+    debug("set tcb to %p\n", &tcb);
 
     lock(ipc_helper_lock);
     bool notme = (self != ipc_helper_thread);

+ 1 - 0
LibOS/shim/src/shim_async.c

@@ -109,6 +109,7 @@ static void shim_async_helper (void * arg)
     __libc_tcb_t tcb;
     allocate_tls(&tcb, self);
     debug_setbuf(&tcb.shim_tcb, true);
+    debug("set tcb to %p\n", &tcb);
 
     lock(async_helper_lock);
 

+ 6 - 2
LibOS/shim/src/shim_init.c

@@ -146,6 +146,7 @@ void allocate_tls (void * tcb_location, struct shim_thread * thread)
 
     if (thread) {
         thread->tcb       = tcb;
+        thread->user_tcb  = false;
         tcb->shim_tcb.tp  = thread;
         tcb->shim_tcb.tid = thread->tid;
     } else {
@@ -157,7 +158,7 @@ void allocate_tls (void * tcb_location, struct shim_thread * thread)
     assert(SHIM_TLS_CHECK_CANARY());
 }
 
-void populate_tls (void * tcb_location)
+void populate_tls (void * tcb_location, bool user)
 {
     __libc_tcb_t * tcb = (__libc_tcb_t *) tcb_location;
     assert(tcb);
@@ -165,8 +166,10 @@ void populate_tls (void * tcb_location)
     copy_tcb(&tcb->shim_tcb, SHIM_GET_TLS());
 
     struct shim_thread * thread = (struct shim_thread *) tcb->shim_tcb.tp;
-    if (thread)
+    if (thread) {
         thread->tcb = tcb;
+        thread->user_tcb = user;
+    }
 
     DkThreadPrivate(tcb);
     assert(SHIM_TLS_CHECK_CANARY());
@@ -590,6 +593,7 @@ int shim_init (int argc, void * args, void ** return_stack)
     memset(&tcb, 0, sizeof(__libc_tcb_t));
     allocate_tls(&tcb, NULL);
     debug_setbuf(&tcb.shim_tcb, true);
+    debug("set tcb to %p\n", &tcb);
 
 #ifdef PROFILE
     unsigned long begin_time = GET_PROFILE_INTERVAL();

+ 2 - 1
LibOS/shim/src/shim_syscalls.c

@@ -671,7 +671,8 @@ void * shim_do_arch_prctl (int code, void * addr)
             if (!addr)
                 return (void *) -EINVAL;
 
-            populate_tls(addr);
+            populate_tls(addr, true);
+            debug("set tcb to %p\n", (void *) addr);
             return NULL;
 
         case ARCH_GET_FS:

+ 2 - 0
LibOS/shim/src/sys/shim_clone.c

@@ -110,6 +110,7 @@ int clone_implementation_wrapper(struct clone_args * arg)
     allocate_tls(my_thread->tcb, my_thread);
     shim_tcb_t * tcb = &((__libc_tcb_t *) my_thread->tcb)->shim_tcb;
     debug_setbuf(tcb, true);
+    debug("set tcb to %p\n", my_thread->tcb);
 
     struct shim_regs * regs = __alloca(sizeof(struct shim_regs));
     *regs = *((__libc_tcb_t *) arg->parent->tcb)->shim_tcb.context.regs;
@@ -216,6 +217,7 @@ int shim_do_clone (int flags, void * user_stack_addr, int * parent_tidptr,
             goto failed;
         }
         thread->tcb = tls;
+        thread->user_tcb = true;
     } else {
         thread->tcb = NULL;
     }

+ 5 - 1
LibOS/shim/src/sys/shim_exec.c

@@ -87,7 +87,8 @@ int shim_do_execve_rtld (struct shim_handle * hdl, const char ** argv,
     if (!tcb)
         return -ENOMEM;
 
-    populate_tls(tcb);
+    populate_tls(tcb, false);
+    debug("set tcb to %p\n", tcb);
 
     put_handle(cur_thread->exec);
     get_handle(hdl);
@@ -306,12 +307,14 @@ retry:
     void * stack     = cur_thread->stack;
     void * stack_top = cur_thread->stack_top;
     void * tcb       = cur_thread->tcb;
+    bool   user_tcb  = cur_thread->user_tcb;
     void * frameptr  = cur_thread->frameptr;
 
     cur_thread->stack     = NULL;
     cur_thread->stack_top = NULL;
     cur_thread->frameptr  = NULL;
     cur_thread->tcb       = NULL;
+    cur_thread->user_tcb  = false;
     cur_thread->in_vm     = false;
     unlock(cur_thread->lock);
 
@@ -325,6 +328,7 @@ retry:
     cur_thread->stack_top   = stack_top;
     cur_thread->frameptr    = frameptr;
     cur_thread->tcb         = tcb;
+    cur_thread->user_tcb    = user_tcb;
 
     if (ret < 0) {
         cur_thread->in_vm = true;

+ 1 - 0
LibOS/shim/src/sys/shim_fork.c

@@ -104,6 +104,7 @@ int shim_do_fork (void)
         return -ENOMEM;
 
     new_thread->tcb      = cur_thread->tcb;
+    new_thread->user_tcb = cur_thread->user_tcb;
     new_thread->tgid     = new_thread->tid;
     new_thread->in_vm    = false;
     new_thread->is_alive = true;

+ 2 - 0
LibOS/shim/src/sys/shim_vfork.c

@@ -84,6 +84,8 @@ int shim_do_vfork (void)
     new_thread->is_alive  = true;
     new_thread->stack     = cur_thread->stack;
     new_thread->stack_top = cur_thread->stack_top;
+    new_thread->tcb       = cur_thread->tcb;
+    new_thread->user_tcb  = cur_thread->user_tcb;
     cur_thread->stack     = dummy_stack;
     cur_thread->stack_top = dummy_stack + stack_size;
     cur_thread->frameptr  = NULL;

+ 4 - 4
LibOS/shim/test/apps/Makefile

@@ -7,11 +7,11 @@ level = ../
 include ../Makefile
 
 manifest_rules = \
-	-e 's:\$$(PAL):$(shell pwd)/pal_loader:g' \
-	-e 's:\$$(PWD):$(shell pwd)/$(appdir):g' \
+	-e 's:\$$(PAL):$(abspath $(PWD)/../pal_loader):g' \
+	-e 's:\$$(PWD):$(PWD):g' \
 	-e 's:\$$(BIN):$(subst .manifest,,$(notdir $@)):g' \
-	-e 's:\$$(SHIMPATH):$(shell readlink -f ../../src/libsysdb.so):g' \
-	-e 's:\$$(GLIBCDIR):$(shell readlink -f $(glibc_dir)):g' \
+	-e 's:\$$(SHIMPATH):$(abspath ../../src/libsysdb.so):g' \
+	-e 's:\$$(GLIBCDIR):$(abspath $(glibc_dir)):g' \
 	$(extra_rules)
 
 %.manifest: %.manifest.template

+ 1 - 1
LibOS/shim/test/apps/apache/Makefile

@@ -10,7 +10,7 @@ endif
 HTTPD_DIR = httpd-2.4.3
 APR_DIR = apr-1.4.6
 APRUTIL_DIR = apr-util-1.5.1
-PHP_DIR = php-5.3.16
+PHP_DIR = php-5.6.6
 
 INSTALL_DIR = $(PWD)/obj
 SRC_DIRS = $(HTTPD_DIR) $(APR_DIR) $(APRUTIL_DIR) $(PHP_DIR)

BIN
LibOS/shim/test/apps/apache/php-5.3.16.tar.bz2 → LibOS/shim/test/apps/apache/php-5.6.6.tar.bz2


+ 3 - 3
LibOS/shim/test/apps/busybox/Makefile

@@ -1,4 +1,4 @@
-busybox_src = busybox-1.19.4
+busybox_src = busybox-1.23.1
 
 manifests = busybox.manifest busybox_nofork.manifest
 targets = busybox busybox_gdb busybox_nofork busybox_nofork_gdb $(manifests)
@@ -10,14 +10,14 @@ debug: MAKE_FLAGS=CC="gcc -g"
 debug: $(targets)
 
 busybox busybox_gdb: config_for_graphene
-	[ -d $(busybox_src) ] || tar -xzf $(busybox_src).tar.gz
+	[ -d $(busybox_src) ] || tar -xjf $(busybox_src).tar.bz2
 	cp config_for_graphene $(busybox_src)/.config
 	cd $(busybox_src) && make $(MAKE_FLAGS)
 	cp $(busybox_src)/busybox busybox
 	cp $(busybox_src)/busybox_unstripped busybox_gdb
 
 busybox_nofork busybox_nofork_gdb: $(busybox_src) config_for_graphene_nofork
-	[ -d $(busybox_src) ] || tar -xzf $(busybox_src).tar.gz
+	[ -d $(busybox_src) ] || tar -xjf $(busybox_src).tar.bz2
 	cp config_for_graphene_nofork $(busybox_src)/.config
 	cd $(busybox_src) && make $(MAKE_FLAGS)
 	cp $(busybox_src)/busybox busybox_nofork

BIN
LibOS/shim/test/apps/busybox/busybox-1.19.4.tar.gz


BIN
LibOS/shim/test/apps/busybox/busybox-1.23.1.tar.bz2


+ 100 - 55
LibOS/shim/test/apps/busybox/config_for_graphene

@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
-# Busybox version: 1.19.4
-# Wed Mar 28 21:27:36 2012
+# Busybox version: 1.23.1
+# Thu Feb 26 19:10:09 2015
 #
 CONFIG_HAVE_DOT_CONFIG=y
 
@@ -36,12 +36,15 @@ CONFIG_LAST_SUPPORTED_WCHAR=767
 # CONFIG_UNICODE_BIDI_SUPPORT is not set
 # CONFIG_UNICODE_NEUTRAL_TABLE is not set
 # CONFIG_UNICODE_PRESERVE_BROKEN is not set
+# CONFIG_PAM is not set
+CONFIG_FEATURE_USE_SENDFILE=y
 CONFIG_LONG_OPTS=y
 # CONFIG_FEATURE_DEVPTS is not set
 # CONFIG_FEATURE_CLEAN_UP is not set
 # CONFIG_FEATURE_UTMP is not set
 # CONFIG_FEATURE_WTMP is not set
 # CONFIG_FEATURE_PIDFILE is not set
+CONFIG_PID_FILE_PATH=""
 # CONFIG_FEATURE_SUID is not set
 # CONFIG_FEATURE_SUID_CONFIG is not set
 # CONFIG_FEATURE_SUID_CONFIG_QUIET is not set
@@ -62,13 +65,17 @@ CONFIG_FEATURE_HAVE_RPC=y
 # CONFIG_FEATURE_SHARED_BUSYBOX is not set
 # CONFIG_LFS is not set
 CONFIG_CROSS_COMPILER_PREFIX=""
+CONFIG_SYSROOT=""
 CONFIG_EXTRA_CFLAGS="-g -lc"
+CONFIG_EXTRA_LDFLAGS=""
+CONFIG_EXTRA_LDLIBS=""
 
 #
 # Debugging Options
 #
 # CONFIG_DEBUG is not set
 # CONFIG_DEBUG_PESSIMIZE is not set
+# CONFIG_UNIT_TEST is not set
 # CONFIG_WERROR is not set
 CONFIG_NO_DEBUG_LIB=y
 # CONFIG_DMALLOC is not set
@@ -92,7 +99,8 @@ CONFIG_PREFIX="./_install"
 # CONFIG_FEATURE_SYSTEMD is not set
 # CONFIG_FEATURE_RTMINMAX is not set
 CONFIG_PASSWORD_MINLEN=6
-CONFIG_MD5_SIZE_VS_SPEED=2
+CONFIG_MD5_SMALL=1
+CONFIG_SHA3_SMALL=1
 # CONFIG_FEATURE_FAST_TOP is not set
 # CONFIG_FEATURE_ETC_NETWORKS is not set
 # CONFIG_FEATURE_USE_TERMIOS is not set
@@ -101,6 +109,7 @@ CONFIG_FEATURE_EDITING_MAX_LEN=1024
 # CONFIG_FEATURE_EDITING_VI is not set
 CONFIG_FEATURE_EDITING_HISTORY=255
 CONFIG_FEATURE_EDITING_SAVEHISTORY=y
+# CONFIG_FEATURE_EDITING_SAVE_ON_EXIT is not set
 CONFIG_FEATURE_REVERSE_SEARCH=y
 CONFIG_FEATURE_TAB_COMPLETION=y
 # CONFIG_FEATURE_USERNAME_COMPLETION is not set
@@ -129,7 +138,14 @@ CONFIG_FEATURE_COPYBUF_KB=4
 # CONFIG_AR is not set
 # CONFIG_FEATURE_AR_LONG_FILENAMES is not set
 # CONFIG_FEATURE_AR_CREATE is not set
+# CONFIG_UNCOMPRESS is not set
+# CONFIG_GUNZIP is not set
 # CONFIG_BUNZIP2 is not set
+# CONFIG_UNLZMA is not set
+# CONFIG_FEATURE_LZMA_FAST is not set
+# CONFIG_LZMA is not set
+# CONFIG_UNXZ is not set
+# CONFIG_XZ is not set
 CONFIG_BZIP2=y
 # CONFIG_CPIO is not set
 # CONFIG_FEATURE_CPIO_O is not set
@@ -137,13 +153,13 @@ CONFIG_BZIP2=y
 # CONFIG_DPKG is not set
 # CONFIG_DPKG_DEB is not set
 # CONFIG_FEATURE_DPKG_DEB_EXTRACT_ONLY is not set
-# CONFIG_GUNZIP is not set
 CONFIG_GZIP=y
 # CONFIG_FEATURE_GZIP_LONG_OPTIONS is not set
+CONFIG_GZIP_FAST=0
 # CONFIG_LZOP is not set
 # CONFIG_LZOP_COMPR_HIGH is not set
-# CONFIG_RPM2CPIO is not set
 # CONFIG_RPM is not set
+# CONFIG_RPM2CPIO is not set
 CONFIG_TAR=y
 # CONFIG_FEATURE_TAR_CREATE is not set
 # CONFIG_FEATURE_TAR_AUTODETECT is not set
@@ -156,12 +172,6 @@ CONFIG_TAR=y
 # CONFIG_FEATURE_TAR_UNAME_GNAME is not set
 # CONFIG_FEATURE_TAR_NOPRESERVE_TIME is not set
 # CONFIG_FEATURE_TAR_SELINUX is not set
-# CONFIG_UNCOMPRESS is not set
-# CONFIG_UNLZMA is not set
-# CONFIG_FEATURE_LZMA_FAST is not set
-# CONFIG_LZMA is not set
-# CONFIG_UNXZ is not set
-# CONFIG_XZ is not set
 # CONFIG_UNZIP is not set
 
 #
@@ -173,14 +183,19 @@ CONFIG_DATE=y
 CONFIG_FEATURE_DATE_ISOFMT=y
 # CONFIG_FEATURE_DATE_NANO is not set
 CONFIG_FEATURE_DATE_COMPAT=y
+CONFIG_HOSTID=y
 CONFIG_ID=y
 CONFIG_GROUPS=y
+CONFIG_SHUF=y
 CONFIG_TEST=y
 CONFIG_FEATURE_TEST_64=y
 CONFIG_TOUCH=y
+CONFIG_FEATURE_TOUCH_NODEREF=y
+CONFIG_FEATURE_TOUCH_SUSV3=y
 CONFIG_TR=y
 CONFIG_FEATURE_TR_CLASSES=y
 CONFIG_FEATURE_TR_EQUIV=y
+CONFIG_UNLINK=y
 CONFIG_BASE64=y
 # CONFIG_WHO is not set
 # CONFIG_USERS is not set
@@ -220,7 +235,6 @@ CONFIG_FOLD=y
 CONFIG_FSYNC=y
 CONFIG_HEAD=y
 CONFIG_FEATURE_FANCY_HEAD=y
-CONFIG_HOSTID=y
 CONFIG_INSTALL=y
 CONFIG_FEATURE_INSTALL_LONG_OPTIONS=y
 CONFIG_LN=y
@@ -257,6 +271,7 @@ CONFIG_SEQ=y
 CONFIG_SHA1SUM=y
 CONFIG_SHA256SUM=y
 CONFIG_SHA512SUM=y
+CONFIG_SHA3SUM=y
 CONFIG_SLEEP=y
 CONFIG_FEATURE_FANCY_SLEEP=y
 CONFIG_FEATURE_FLOAT_SLEEP=y
@@ -288,6 +303,11 @@ CONFIG_FEATURE_WC_LARGE=y
 CONFIG_WHOAMI=y
 CONFIG_YES=y
 
+#
+# Common options
+#
+CONFIG_FEATURE_VERBOSE=y
+
 #
 # Common options for cp and mv
 #
@@ -304,7 +324,7 @@ CONFIG_FEATURE_AUTOWIDTH=y
 CONFIG_FEATURE_HUMAN_READABLE=y
 
 #
-# Common options for md5sum, sha1sum, sha256sum, sha512sum
+# Common options for md5sum, sha1sum, sha256sum, sha512sum, sha3sum
 #
 CONFIG_FEATURE_MD5_SHA1_SUM_CHECK=y
 
@@ -354,7 +374,16 @@ CONFIG_WHICH=y
 #
 # Editors
 #
+# CONFIG_AWK is not set
+# CONFIG_FEATURE_AWK_LIBM is not set
+# CONFIG_FEATURE_AWK_GNU_EXTENSIONS is not set
+# CONFIG_CMP is not set
+# CONFIG_DIFF is not set
+# CONFIG_FEATURE_DIFF_LONG_OPTIONS is not set
+# CONFIG_FEATURE_DIFF_DIR is not set
+# CONFIG_ED is not set
 # CONFIG_PATCH is not set
+# CONFIG_SED is not set
 # CONFIG_VI is not set
 CONFIG_FEATURE_VI_MAX_LEN=0
 # CONFIG_FEATURE_VI_8BIT is not set
@@ -369,15 +398,9 @@ CONFIG_FEATURE_VI_MAX_LEN=0
 # CONFIG_FEATURE_VI_SET is not set
 # CONFIG_FEATURE_VI_WIN_RESIZE is not set
 # CONFIG_FEATURE_VI_ASK_TERMINAL is not set
-# CONFIG_FEATURE_VI_OPTIMIZE_CURSOR is not set
-# CONFIG_AWK is not set
-# CONFIG_FEATURE_AWK_LIBM is not set
-# CONFIG_CMP is not set
-# CONFIG_DIFF is not set
-# CONFIG_FEATURE_DIFF_LONG_OPTIONS is not set
-# CONFIG_FEATURE_DIFF_DIR is not set
-# CONFIG_ED is not set
-# CONFIG_SED is not set
+# CONFIG_FEATURE_VI_UNDO is not set
+# CONFIG_FEATURE_VI_UNDO_QUEUE is not set
+CONFIG_FEATURE_VI_UNDO_QUEUE_MAX=0
 # CONFIG_FEATURE_ALLOW_EXEC is not set
 
 #
@@ -394,6 +417,7 @@ CONFIG_FEATURE_FIND_MAXDEPTH=y
 CONFIG_FEATURE_FIND_NEWER=y
 CONFIG_FEATURE_FIND_INUM=y
 CONFIG_FEATURE_FIND_EXEC=y
+CONFIG_FEATURE_FIND_EXEC_PLUS=y
 CONFIG_FEATURE_FIND_USER=y
 CONFIG_FEATURE_FIND_GROUP=y
 CONFIG_FEATURE_FIND_NOT=y
@@ -415,6 +439,7 @@ CONFIG_FEATURE_XARGS_SUPPORT_CONFIRMATION=y
 CONFIG_FEATURE_XARGS_SUPPORT_QUOTES=y
 CONFIG_FEATURE_XARGS_SUPPORT_TERMOPT=y
 CONFIG_FEATURE_XARGS_SUPPORT_ZERO_TERM=y
+CONFIG_FEATURE_XARGS_SUPPORT_REPL_STR=y
 
 #
 # Init Utilities
@@ -451,6 +476,7 @@ CONFIG_ADD_SHELL=y
 # CONFIG_ADDUSER is not set
 # CONFIG_FEATURE_ADDUSER_LONG_OPTIONS is not set
 # CONFIG_FEATURE_CHECK_NAMES is not set
+CONFIG_LAST_ID=0
 CONFIG_FIRST_SYSTEM_ID=0
 CONFIG_LAST_SYSTEM_ID=0
 # CONFIG_ADDGROUP is not set
@@ -461,7 +487,7 @@ CONFIG_LAST_SYSTEM_ID=0
 # CONFIG_FEATURE_DEL_USER_FROM_GROUP is not set
 # CONFIG_GETTY is not set
 # CONFIG_LOGIN is not set
-# CONFIG_PAM is not set
+# CONFIG_LOGIN_SESSION_AS_CHILD is not set
 # CONFIG_LOGIN_SCRIPTS is not set
 # CONFIG_FEATURE_NOLOGIN is not set
 # CONFIG_FEATURE_SECURETTY is not set
@@ -469,6 +495,7 @@ CONFIG_LAST_SYSTEM_ID=0
 # CONFIG_FEATURE_PASSWD_WEAK_CHECK is not set
 # CONFIG_CRYPTPW is not set
 # CONFIG_CHPASSWD is not set
+CONFIG_FEATURE_DEFAULT_PASSWD_ALGO=""
 # CONFIG_SU is not set
 # CONFIG_FEATURE_SU_SYSLOG is not set
 # CONFIG_FEATURE_SU_CHECKS_SHELLS is not set
@@ -518,6 +545,14 @@ CONFIG_DEFAULT_DEPMOD_FILE=""
 # Linux System Utilities
 #
 # CONFIG_BLOCKDEV is not set
+CONFIG_FATATTR=y
+CONFIG_FSTRIM=y
+# CONFIG_MDEV is not set
+# CONFIG_FEATURE_MDEV_CONF is not set
+# CONFIG_FEATURE_MDEV_RENAME is not set
+# CONFIG_FEATURE_MDEV_RENAME_REGEXP is not set
+# CONFIG_FEATURE_MDEV_EXEC is not set
+# CONFIG_FEATURE_MDEV_LOAD_FIRMWARE is not set
 # CONFIG_REV is not set
 # CONFIG_ACPID is not set
 # CONFIG_FEATURE_ACPID_COMPAT is not set
@@ -561,12 +596,6 @@ CONFIG_DEFAULT_DEPMOD_FILE=""
 # CONFIG_LOSETUP is not set
 # CONFIG_LSPCI is not set
 # CONFIG_LSUSB is not set
-# CONFIG_MDEV is not set
-# CONFIG_FEATURE_MDEV_CONF is not set
-# CONFIG_FEATURE_MDEV_RENAME is not set
-# CONFIG_FEATURE_MDEV_RENAME_REGEXP is not set
-# CONFIG_FEATURE_MDEV_EXEC is not set
-# CONFIG_FEATURE_MDEV_LOAD_FIRMWARE is not set
 # CONFIG_MKSWAP is not set
 # CONFIG_FEATURE_MKSWAP_UUID is not set
 # CONFIG_MORE is not set
@@ -588,6 +617,7 @@ CONFIG_DEFAULT_DEPMOD_FILE=""
 # CONFIG_SCRIPTREPLAY is not set
 # CONFIG_SETARCH is not set
 # CONFIG_SWAPONOFF is not set
+# CONFIG_FEATURE_SWAPON_DISCARD is not set
 # CONFIG_FEATURE_SWAPON_PRI is not set
 # CONFIG_SWITCH_ROOT is not set
 # CONFIG_UMOUNT is not set
@@ -596,28 +626,36 @@ CONFIG_DEFAULT_DEPMOD_FILE=""
 # CONFIG_FEATURE_MOUNT_LOOP_CREATE is not set
 # CONFIG_FEATURE_MTAB_SUPPORT is not set
 # CONFIG_VOLUMEID is not set
-# CONFIG_FEATURE_VOLUMEID_EXT is not set
 # CONFIG_FEATURE_VOLUMEID_BTRFS is not set
-# CONFIG_FEATURE_VOLUMEID_REISERFS is not set
+# CONFIG_FEATURE_VOLUMEID_CRAMFS is not set
+# CONFIG_FEATURE_VOLUMEID_EXFAT is not set
+# CONFIG_FEATURE_VOLUMEID_EXT is not set
+# CONFIG_FEATURE_VOLUMEID_F2FS is not set
 # CONFIG_FEATURE_VOLUMEID_FAT is not set
 # CONFIG_FEATURE_VOLUMEID_HFS is not set
-# CONFIG_FEATURE_VOLUMEID_JFS is not set
-# CONFIG_FEATURE_VOLUMEID_XFS is not set
-# CONFIG_FEATURE_VOLUMEID_NTFS is not set
 # CONFIG_FEATURE_VOLUMEID_ISO9660 is not set
-# CONFIG_FEATURE_VOLUMEID_UDF is not set
-# CONFIG_FEATURE_VOLUMEID_LUKS is not set
+# CONFIG_FEATURE_VOLUMEID_JFS is not set
+# CONFIG_FEATURE_VOLUMEID_LINUXRAID is not set
 # CONFIG_FEATURE_VOLUMEID_LINUXSWAP is not set
-# CONFIG_FEATURE_VOLUMEID_CRAMFS is not set
+# CONFIG_FEATURE_VOLUMEID_LUKS is not set
+# CONFIG_FEATURE_VOLUMEID_NILFS is not set
+# CONFIG_FEATURE_VOLUMEID_NTFS is not set
+# CONFIG_FEATURE_VOLUMEID_OCFS2 is not set
+# CONFIG_FEATURE_VOLUMEID_REISERFS is not set
 # CONFIG_FEATURE_VOLUMEID_ROMFS is not set
+# CONFIG_FEATURE_VOLUMEID_SQUASHFS is not set
 # CONFIG_FEATURE_VOLUMEID_SYSV is not set
-# CONFIG_FEATURE_VOLUMEID_OCFS2 is not set
-# CONFIG_FEATURE_VOLUMEID_LINUXRAID is not set
+# CONFIG_FEATURE_VOLUMEID_UDF is not set
+# CONFIG_FEATURE_VOLUMEID_XFS is not set
 
 #
 # Miscellaneous Utilities
 #
 # CONFIG_CONSPY is not set
+CONFIG_CROND=y
+CONFIG_FEATURE_CROND_D=y
+CONFIG_FEATURE_CROND_CALL_SENDMAIL=y
+CONFIG_FEATURE_CROND_DIR="/var/spool/cron"
 CONFIG_LESS=y
 CONFIG_FEATURE_LESS_MAXLINES=9999999
 CONFIG_FEATURE_LESS_BRACKETS=y
@@ -630,13 +668,17 @@ CONFIG_FEATURE_LESS_DASHCMD=y
 CONFIG_FEATURE_LESS_LINENUMS=y
 # CONFIG_NANDWRITE is not set
 # CONFIG_NANDDUMP is not set
+# CONFIG_RFKILL is not set
 CONFIG_SETSERIAL=y
+# CONFIG_TASKSET is not set
+# CONFIG_FEATURE_TASKSET_FANCY is not set
 CONFIG_UBIATTACH=y
 CONFIG_UBIDETACH=y
 CONFIG_UBIMKVOL=y
 CONFIG_UBIRMVOL=y
 CONFIG_UBIRSVOL=y
 CONFIG_UBIUPDATEVOL=y
+# CONFIG_WALL is not set
 CONFIG_ADJTIMEX=y
 # CONFIG_BBCONFIG is not set
 # CONFIG_FEATURE_COMPRESS_BBCONFIG is not set
@@ -652,10 +694,6 @@ CONFIG_FEATURE_CHAT_SEND_ESCAPES=y
 CONFIG_FEATURE_CHAT_VAR_ABORT_LEN=y
 CONFIG_FEATURE_CHAT_CLR_ABORT=y
 CONFIG_CHRT=y
-CONFIG_CROND=y
-CONFIG_FEATURE_CROND_D=y
-CONFIG_FEATURE_CROND_CALL_SENDMAIL=y
-CONFIG_FEATURE_CROND_DIR="/var/spool/cron"
 CONFIG_CRONTAB=y
 CONFIG_DC=y
 CONFIG_FEATURE_DC_LIBM=y
@@ -693,18 +731,14 @@ CONFIG_MOUNTPOINT=y
 CONFIG_MT=y
 CONFIG_RAIDAUTORUN=y
 # CONFIG_READAHEAD is not set
-# CONFIG_RFKILL is not set
 # CONFIG_RUNLEVEL is not set
 CONFIG_RX=y
 CONFIG_SETSID=y
 CONFIG_STRINGS=y
-# CONFIG_TASKSET is not set
-# CONFIG_FEATURE_TASKSET_FANCY is not set
 CONFIG_TIME=y
 CONFIG_TIMEOUT=y
 CONFIG_TTYSIZE=y
 CONFIG_VOLNAME=y
-# CONFIG_WALL is not set
 CONFIG_WATCHDOG=y
 
 #
@@ -736,13 +770,13 @@ CONFIG_FAKEIDENTD=y
 CONFIG_FTPD=y
 CONFIG_FEATURE_FTP_WRITE=y
 CONFIG_FEATURE_FTPD_ACCEPT_BROKEN_LIST=y
+CONFIG_FEATURE_FTP_AUTHENTICATION=y
 CONFIG_FTPGET=y
 CONFIG_FTPPUT=y
 CONFIG_FEATURE_FTPGETPUT_LONG_OPTIONS=y
 CONFIG_HOSTNAME=y
 CONFIG_HTTPD=y
 CONFIG_FEATURE_HTTPD_RANGES=y
-CONFIG_FEATURE_HTTPD_USE_SENDFILE=y
 CONFIG_FEATURE_HTTPD_SETUID=y
 CONFIG_FEATURE_HTTPD_BASIC_AUTH=y
 CONFIG_FEATURE_HTTPD_AUTH_MD5=y
@@ -799,6 +833,7 @@ CONFIG_FEATURE_NETSTAT_PRG=y
 CONFIG_NSLOOKUP=y
 CONFIG_NTPD=y
 CONFIG_FEATURE_NTPD_SERVER=y
+CONFIG_FEATURE_NTPD_CONF=y
 CONFIG_PSCAN=y
 CONFIG_ROUTE=y
 CONFIG_SLATTACH=y
@@ -827,6 +862,7 @@ CONFIG_FEATURE_TRACEROUTE_VERBOSE=y
 # CONFIG_FEATURE_TRACEROUTE_USE_ICMP is not set
 CONFIG_TUNCTL=y
 CONFIG_FEATURE_TUNCTL_UG=y
+# CONFIG_UDHCPC6 is not set
 CONFIG_UDHCPD=y
 CONFIG_DHCPRELAY=y
 CONFIG_DUMPLEASES=y
@@ -835,6 +871,7 @@ CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY=y
 CONFIG_DHCPD_LEASES_FILE="/var/lib/misc/udhcpd.leases"
 CONFIG_UDHCPC=y
 CONFIG_FEATURE_UDHCPC_ARPING=y
+CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y
 # CONFIG_FEATURE_UDHCP_PORT is not set
 CONFIG_UDHCP_DEBUG=9
 CONFIG_FEATURE_UDHCP_RFC3397=y
@@ -873,6 +910,7 @@ CONFIG_SENDMAIL=y
 # Process Utilities
 #
 CONFIG_IOSTAT=y
+CONFIG_LSOF=y
 CONFIG_MPSTAT=y
 CONFIG_NMETER=y
 CONFIG_PMAP=y
@@ -880,6 +918,13 @@ CONFIG_POWERTOP=y
 CONFIG_PSTREE=y
 CONFIG_PWDX=y
 CONFIG_SMEMCAP=y
+CONFIG_TOP=y
+CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE=y
+CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS=y
+CONFIG_FEATURE_TOP_SMP_CPU=y
+CONFIG_FEATURE_TOP_DECIMALS=y
+CONFIG_FEATURE_TOP_SMP_PROCESS=y
+CONFIG_FEATURE_TOPMEM=y
 CONFIG_UPTIME=y
 # CONFIG_FEATURE_UPTIME_UTMP_SUPPORT is not set
 CONFIG_FREE=y
@@ -894,18 +939,12 @@ CONFIG_FEATURE_PIDOF_OMIT=y
 CONFIG_PKILL=y
 CONFIG_PS=y
 CONFIG_FEATURE_PS_WIDE=y
+CONFIG_FEATURE_PS_LONG=y
 # CONFIG_FEATURE_PS_TIME is not set
 # CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS is not set
 # CONFIG_FEATURE_PS_UNUSUAL_SYSTEMS is not set
 CONFIG_RENICE=y
 CONFIG_BB_SYSCTL=y
-CONFIG_TOP=y
-CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE=y
-CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS=y
-CONFIG_FEATURE_TOP_SMP_CPU=y
-CONFIG_FEATURE_TOP_DECIMALS=y
-CONFIG_FEATURE_TOP_SMP_PROCESS=y
-CONFIG_FEATURE_TOPMEM=y
 CONFIG_FEATURE_SHOW_THREADS=y
 CONFIG_WATCH=y
 
@@ -951,6 +990,7 @@ CONFIG_ASH_GETOPTS=y
 CONFIG_ASH_BUILTIN_ECHO=y
 CONFIG_ASH_BUILTIN_PRINTF=y
 CONFIG_ASH_BUILTIN_TEST=y
+CONFIG_ASH_HELP=y
 CONFIG_ASH_CMDCMD=y
 # CONFIG_ASH_MAIL is not set
 CONFIG_ASH_OPTIMIZE_FOR_SIZE=y
@@ -1000,6 +1040,11 @@ CONFIG_FEATURE_IPC_SYSLOG=y
 CONFIG_FEATURE_IPC_SYSLOG_BUFFER_SIZE=16
 CONFIG_LOGREAD=y
 CONFIG_FEATURE_LOGREAD_REDUCED_LOCKING=y
+CONFIG_FEATURE_KMSG_SYSLOG=y
 CONFIG_KLOGD=y
+
+#
+# klogd should not be used together with syslog to kernel printk buffer
+#
 CONFIG_FEATURE_KLOGD_KLOGCTL=y
 CONFIG_LOGGER=y

+ 100 - 55
LibOS/shim/test/apps/busybox/config_for_graphene_nofork

@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
-# Busybox version: 1.19.4
-# Wed Mar 28 21:27:36 2012
+# Busybox version: 1.23.1
+# Thu Feb 26 19:10:35 2015
 #
 CONFIG_HAVE_DOT_CONFIG=y
 
@@ -36,12 +36,15 @@ CONFIG_LAST_SUPPORTED_WCHAR=767
 # CONFIG_UNICODE_BIDI_SUPPORT is not set
 # CONFIG_UNICODE_NEUTRAL_TABLE is not set
 # CONFIG_UNICODE_PRESERVE_BROKEN is not set
+# CONFIG_PAM is not set
+CONFIG_FEATURE_USE_SENDFILE=y
 CONFIG_LONG_OPTS=y
 # CONFIG_FEATURE_DEVPTS is not set
 # CONFIG_FEATURE_CLEAN_UP is not set
 # CONFIG_FEATURE_UTMP is not set
 # CONFIG_FEATURE_WTMP is not set
 # CONFIG_FEATURE_PIDFILE is not set
+CONFIG_PID_FILE_PATH=""
 # CONFIG_FEATURE_SUID is not set
 # CONFIG_FEATURE_SUID_CONFIG is not set
 # CONFIG_FEATURE_SUID_CONFIG_QUIET is not set
@@ -62,13 +65,17 @@ CONFIG_FEATURE_HAVE_RPC=y
 # CONFIG_FEATURE_SHARED_BUSYBOX is not set
 # CONFIG_LFS is not set
 CONFIG_CROSS_COMPILER_PREFIX=""
+CONFIG_SYSROOT=""
 CONFIG_EXTRA_CFLAGS="-g -lc"
+CONFIG_EXTRA_LDFLAGS=""
+CONFIG_EXTRA_LDLIBS=""
 
 #
 # Debugging Options
 #
 # CONFIG_DEBUG is not set
 # CONFIG_DEBUG_PESSIMIZE is not set
+# CONFIG_UNIT_TEST is not set
 # CONFIG_WERROR is not set
 CONFIG_NO_DEBUG_LIB=y
 # CONFIG_DMALLOC is not set
@@ -92,7 +99,8 @@ CONFIG_PREFIX="./_install"
 # CONFIG_FEATURE_SYSTEMD is not set
 # CONFIG_FEATURE_RTMINMAX is not set
 CONFIG_PASSWORD_MINLEN=6
-CONFIG_MD5_SIZE_VS_SPEED=2
+CONFIG_MD5_SMALL=1
+CONFIG_SHA3_SMALL=1
 # CONFIG_FEATURE_FAST_TOP is not set
 # CONFIG_FEATURE_ETC_NETWORKS is not set
 # CONFIG_FEATURE_USE_TERMIOS is not set
@@ -101,6 +109,7 @@ CONFIG_FEATURE_EDITING_MAX_LEN=1024
 # CONFIG_FEATURE_EDITING_VI is not set
 CONFIG_FEATURE_EDITING_HISTORY=255
 CONFIG_FEATURE_EDITING_SAVEHISTORY=y
+# CONFIG_FEATURE_EDITING_SAVE_ON_EXIT is not set
 CONFIG_FEATURE_REVERSE_SEARCH=y
 CONFIG_FEATURE_TAB_COMPLETION=y
 # CONFIG_FEATURE_USERNAME_COMPLETION is not set
@@ -129,7 +138,14 @@ CONFIG_FEATURE_COPYBUF_KB=4
 # CONFIG_AR is not set
 # CONFIG_FEATURE_AR_LONG_FILENAMES is not set
 # CONFIG_FEATURE_AR_CREATE is not set
+# CONFIG_UNCOMPRESS is not set
+# CONFIG_GUNZIP is not set
 # CONFIG_BUNZIP2 is not set
+# CONFIG_UNLZMA is not set
+# CONFIG_FEATURE_LZMA_FAST is not set
+# CONFIG_LZMA is not set
+# CONFIG_UNXZ is not set
+# CONFIG_XZ is not set
 CONFIG_BZIP2=y
 # CONFIG_CPIO is not set
 # CONFIG_FEATURE_CPIO_O is not set
@@ -137,13 +153,13 @@ CONFIG_BZIP2=y
 # CONFIG_DPKG is not set
 # CONFIG_DPKG_DEB is not set
 # CONFIG_FEATURE_DPKG_DEB_EXTRACT_ONLY is not set
-# CONFIG_GUNZIP is not set
 CONFIG_GZIP=y
 # CONFIG_FEATURE_GZIP_LONG_OPTIONS is not set
+CONFIG_GZIP_FAST=0
 # CONFIG_LZOP is not set
 # CONFIG_LZOP_COMPR_HIGH is not set
-# CONFIG_RPM2CPIO is not set
 # CONFIG_RPM is not set
+# CONFIG_RPM2CPIO is not set
 CONFIG_TAR=y
 # CONFIG_FEATURE_TAR_CREATE is not set
 # CONFIG_FEATURE_TAR_AUTODETECT is not set
@@ -156,12 +172,6 @@ CONFIG_TAR=y
 # CONFIG_FEATURE_TAR_UNAME_GNAME is not set
 # CONFIG_FEATURE_TAR_NOPRESERVE_TIME is not set
 # CONFIG_FEATURE_TAR_SELINUX is not set
-# CONFIG_UNCOMPRESS is not set
-# CONFIG_UNLZMA is not set
-# CONFIG_FEATURE_LZMA_FAST is not set
-# CONFIG_LZMA is not set
-# CONFIG_UNXZ is not set
-# CONFIG_XZ is not set
 # CONFIG_UNZIP is not set
 
 #
@@ -173,14 +183,19 @@ CONFIG_DATE=y
 CONFIG_FEATURE_DATE_ISOFMT=y
 # CONFIG_FEATURE_DATE_NANO is not set
 CONFIG_FEATURE_DATE_COMPAT=y
+CONFIG_HOSTID=y
 CONFIG_ID=y
 CONFIG_GROUPS=y
+CONFIG_SHUF=y
 CONFIG_TEST=y
 CONFIG_FEATURE_TEST_64=y
 CONFIG_TOUCH=y
+CONFIG_FEATURE_TOUCH_NODEREF=y
+CONFIG_FEATURE_TOUCH_SUSV3=y
 CONFIG_TR=y
 CONFIG_FEATURE_TR_CLASSES=y
 CONFIG_FEATURE_TR_EQUIV=y
+CONFIG_UNLINK=y
 CONFIG_BASE64=y
 # CONFIG_WHO is not set
 # CONFIG_USERS is not set
@@ -220,7 +235,6 @@ CONFIG_FOLD=y
 CONFIG_FSYNC=y
 CONFIG_HEAD=y
 CONFIG_FEATURE_FANCY_HEAD=y
-CONFIG_HOSTID=y
 CONFIG_INSTALL=y
 CONFIG_FEATURE_INSTALL_LONG_OPTIONS=y
 CONFIG_LN=y
@@ -257,6 +271,7 @@ CONFIG_SEQ=y
 CONFIG_SHA1SUM=y
 CONFIG_SHA256SUM=y
 CONFIG_SHA512SUM=y
+CONFIG_SHA3SUM=y
 CONFIG_SLEEP=y
 CONFIG_FEATURE_FANCY_SLEEP=y
 CONFIG_FEATURE_FLOAT_SLEEP=y
@@ -288,6 +303,11 @@ CONFIG_FEATURE_WC_LARGE=y
 CONFIG_WHOAMI=y
 CONFIG_YES=y
 
+#
+# Common options
+#
+CONFIG_FEATURE_VERBOSE=y
+
 #
 # Common options for cp and mv
 #
@@ -304,7 +324,7 @@ CONFIG_FEATURE_AUTOWIDTH=y
 CONFIG_FEATURE_HUMAN_READABLE=y
 
 #
-# Common options for md5sum, sha1sum, sha256sum, sha512sum
+# Common options for md5sum, sha1sum, sha256sum, sha512sum, sha3sum
 #
 CONFIG_FEATURE_MD5_SHA1_SUM_CHECK=y
 
@@ -354,7 +374,16 @@ CONFIG_WHICH=y
 #
 # Editors
 #
+# CONFIG_AWK is not set
+# CONFIG_FEATURE_AWK_LIBM is not set
+# CONFIG_FEATURE_AWK_GNU_EXTENSIONS is not set
+# CONFIG_CMP is not set
+# CONFIG_DIFF is not set
+# CONFIG_FEATURE_DIFF_LONG_OPTIONS is not set
+# CONFIG_FEATURE_DIFF_DIR is not set
+# CONFIG_ED is not set
 # CONFIG_PATCH is not set
+# CONFIG_SED is not set
 # CONFIG_VI is not set
 CONFIG_FEATURE_VI_MAX_LEN=0
 # CONFIG_FEATURE_VI_8BIT is not set
@@ -369,15 +398,9 @@ CONFIG_FEATURE_VI_MAX_LEN=0
 # CONFIG_FEATURE_VI_SET is not set
 # CONFIG_FEATURE_VI_WIN_RESIZE is not set
 # CONFIG_FEATURE_VI_ASK_TERMINAL is not set
-# CONFIG_FEATURE_VI_OPTIMIZE_CURSOR is not set
-# CONFIG_AWK is not set
-# CONFIG_FEATURE_AWK_LIBM is not set
-# CONFIG_CMP is not set
-# CONFIG_DIFF is not set
-# CONFIG_FEATURE_DIFF_LONG_OPTIONS is not set
-# CONFIG_FEATURE_DIFF_DIR is not set
-# CONFIG_ED is not set
-# CONFIG_SED is not set
+# CONFIG_FEATURE_VI_UNDO is not set
+# CONFIG_FEATURE_VI_UNDO_QUEUE is not set
+CONFIG_FEATURE_VI_UNDO_QUEUE_MAX=0
 # CONFIG_FEATURE_ALLOW_EXEC is not set
 
 #
@@ -394,6 +417,7 @@ CONFIG_FEATURE_FIND_MAXDEPTH=y
 CONFIG_FEATURE_FIND_NEWER=y
 CONFIG_FEATURE_FIND_INUM=y
 CONFIG_FEATURE_FIND_EXEC=y
+CONFIG_FEATURE_FIND_EXEC_PLUS=y
 CONFIG_FEATURE_FIND_USER=y
 CONFIG_FEATURE_FIND_GROUP=y
 CONFIG_FEATURE_FIND_NOT=y
@@ -415,6 +439,7 @@ CONFIG_FEATURE_XARGS_SUPPORT_CONFIRMATION=y
 CONFIG_FEATURE_XARGS_SUPPORT_QUOTES=y
 CONFIG_FEATURE_XARGS_SUPPORT_TERMOPT=y
 CONFIG_FEATURE_XARGS_SUPPORT_ZERO_TERM=y
+CONFIG_FEATURE_XARGS_SUPPORT_REPL_STR=y
 
 #
 # Init Utilities
@@ -451,6 +476,7 @@ CONFIG_ADD_SHELL=y
 # CONFIG_ADDUSER is not set
 # CONFIG_FEATURE_ADDUSER_LONG_OPTIONS is not set
 # CONFIG_FEATURE_CHECK_NAMES is not set
+CONFIG_LAST_ID=0
 CONFIG_FIRST_SYSTEM_ID=0
 CONFIG_LAST_SYSTEM_ID=0
 # CONFIG_ADDGROUP is not set
@@ -461,7 +487,7 @@ CONFIG_LAST_SYSTEM_ID=0
 # CONFIG_FEATURE_DEL_USER_FROM_GROUP is not set
 # CONFIG_GETTY is not set
 # CONFIG_LOGIN is not set
-# CONFIG_PAM is not set
+# CONFIG_LOGIN_SESSION_AS_CHILD is not set
 # CONFIG_LOGIN_SCRIPTS is not set
 # CONFIG_FEATURE_NOLOGIN is not set
 # CONFIG_FEATURE_SECURETTY is not set
@@ -469,6 +495,7 @@ CONFIG_LAST_SYSTEM_ID=0
 # CONFIG_FEATURE_PASSWD_WEAK_CHECK is not set
 # CONFIG_CRYPTPW is not set
 # CONFIG_CHPASSWD is not set
+CONFIG_FEATURE_DEFAULT_PASSWD_ALGO=""
 # CONFIG_SU is not set
 # CONFIG_FEATURE_SU_SYSLOG is not set
 # CONFIG_FEATURE_SU_CHECKS_SHELLS is not set
@@ -518,6 +545,14 @@ CONFIG_DEFAULT_DEPMOD_FILE=""
 # Linux System Utilities
 #
 # CONFIG_BLOCKDEV is not set
+CONFIG_FATATTR=y
+CONFIG_FSTRIM=y
+# CONFIG_MDEV is not set
+# CONFIG_FEATURE_MDEV_CONF is not set
+# CONFIG_FEATURE_MDEV_RENAME is not set
+# CONFIG_FEATURE_MDEV_RENAME_REGEXP is not set
+# CONFIG_FEATURE_MDEV_EXEC is not set
+# CONFIG_FEATURE_MDEV_LOAD_FIRMWARE is not set
 # CONFIG_REV is not set
 # CONFIG_ACPID is not set
 # CONFIG_FEATURE_ACPID_COMPAT is not set
@@ -561,12 +596,6 @@ CONFIG_DEFAULT_DEPMOD_FILE=""
 # CONFIG_LOSETUP is not set
 # CONFIG_LSPCI is not set
 # CONFIG_LSUSB is not set
-# CONFIG_MDEV is not set
-# CONFIG_FEATURE_MDEV_CONF is not set
-# CONFIG_FEATURE_MDEV_RENAME is not set
-# CONFIG_FEATURE_MDEV_RENAME_REGEXP is not set
-# CONFIG_FEATURE_MDEV_EXEC is not set
-# CONFIG_FEATURE_MDEV_LOAD_FIRMWARE is not set
 # CONFIG_MKSWAP is not set
 # CONFIG_FEATURE_MKSWAP_UUID is not set
 # CONFIG_MORE is not set
@@ -588,6 +617,7 @@ CONFIG_DEFAULT_DEPMOD_FILE=""
 # CONFIG_SCRIPTREPLAY is not set
 # CONFIG_SETARCH is not set
 # CONFIG_SWAPONOFF is not set
+# CONFIG_FEATURE_SWAPON_DISCARD is not set
 # CONFIG_FEATURE_SWAPON_PRI is not set
 # CONFIG_SWITCH_ROOT is not set
 # CONFIG_UMOUNT is not set
@@ -596,28 +626,36 @@ CONFIG_DEFAULT_DEPMOD_FILE=""
 # CONFIG_FEATURE_MOUNT_LOOP_CREATE is not set
 # CONFIG_FEATURE_MTAB_SUPPORT is not set
 # CONFIG_VOLUMEID is not set
-# CONFIG_FEATURE_VOLUMEID_EXT is not set
 # CONFIG_FEATURE_VOLUMEID_BTRFS is not set
-# CONFIG_FEATURE_VOLUMEID_REISERFS is not set
+# CONFIG_FEATURE_VOLUMEID_CRAMFS is not set
+# CONFIG_FEATURE_VOLUMEID_EXFAT is not set
+# CONFIG_FEATURE_VOLUMEID_EXT is not set
+# CONFIG_FEATURE_VOLUMEID_F2FS is not set
 # CONFIG_FEATURE_VOLUMEID_FAT is not set
 # CONFIG_FEATURE_VOLUMEID_HFS is not set
-# CONFIG_FEATURE_VOLUMEID_JFS is not set
-# CONFIG_FEATURE_VOLUMEID_XFS is not set
-# CONFIG_FEATURE_VOLUMEID_NTFS is not set
 # CONFIG_FEATURE_VOLUMEID_ISO9660 is not set
-# CONFIG_FEATURE_VOLUMEID_UDF is not set
-# CONFIG_FEATURE_VOLUMEID_LUKS is not set
+# CONFIG_FEATURE_VOLUMEID_JFS is not set
+# CONFIG_FEATURE_VOLUMEID_LINUXRAID is not set
 # CONFIG_FEATURE_VOLUMEID_LINUXSWAP is not set
-# CONFIG_FEATURE_VOLUMEID_CRAMFS is not set
+# CONFIG_FEATURE_VOLUMEID_LUKS is not set
+# CONFIG_FEATURE_VOLUMEID_NILFS is not set
+# CONFIG_FEATURE_VOLUMEID_NTFS is not set
+# CONFIG_FEATURE_VOLUMEID_OCFS2 is not set
+# CONFIG_FEATURE_VOLUMEID_REISERFS is not set
 # CONFIG_FEATURE_VOLUMEID_ROMFS is not set
+# CONFIG_FEATURE_VOLUMEID_SQUASHFS is not set
 # CONFIG_FEATURE_VOLUMEID_SYSV is not set
-# CONFIG_FEATURE_VOLUMEID_OCFS2 is not set
-# CONFIG_FEATURE_VOLUMEID_LINUXRAID is not set
+# CONFIG_FEATURE_VOLUMEID_UDF is not set
+# CONFIG_FEATURE_VOLUMEID_XFS is not set
 
 #
 # Miscellaneous Utilities
 #
 # CONFIG_CONSPY is not set
+CONFIG_CROND=y
+CONFIG_FEATURE_CROND_D=y
+CONFIG_FEATURE_CROND_CALL_SENDMAIL=y
+CONFIG_FEATURE_CROND_DIR="/var/spool/cron"
 CONFIG_LESS=y
 CONFIG_FEATURE_LESS_MAXLINES=9999999
 CONFIG_FEATURE_LESS_BRACKETS=y
@@ -630,13 +668,17 @@ CONFIG_FEATURE_LESS_DASHCMD=y
 CONFIG_FEATURE_LESS_LINENUMS=y
 # CONFIG_NANDWRITE is not set
 # CONFIG_NANDDUMP is not set
+# CONFIG_RFKILL is not set
 CONFIG_SETSERIAL=y
+# CONFIG_TASKSET is not set
+# CONFIG_FEATURE_TASKSET_FANCY is not set
 CONFIG_UBIATTACH=y
 CONFIG_UBIDETACH=y
 CONFIG_UBIMKVOL=y
 CONFIG_UBIRMVOL=y
 CONFIG_UBIRSVOL=y
 CONFIG_UBIUPDATEVOL=y
+# CONFIG_WALL is not set
 CONFIG_ADJTIMEX=y
 # CONFIG_BBCONFIG is not set
 # CONFIG_FEATURE_COMPRESS_BBCONFIG is not set
@@ -652,10 +694,6 @@ CONFIG_FEATURE_CHAT_SEND_ESCAPES=y
 CONFIG_FEATURE_CHAT_VAR_ABORT_LEN=y
 CONFIG_FEATURE_CHAT_CLR_ABORT=y
 CONFIG_CHRT=y
-CONFIG_CROND=y
-CONFIG_FEATURE_CROND_D=y
-CONFIG_FEATURE_CROND_CALL_SENDMAIL=y
-CONFIG_FEATURE_CROND_DIR="/var/spool/cron"
 CONFIG_CRONTAB=y
 CONFIG_DC=y
 CONFIG_FEATURE_DC_LIBM=y
@@ -693,18 +731,14 @@ CONFIG_MOUNTPOINT=y
 CONFIG_MT=y
 CONFIG_RAIDAUTORUN=y
 # CONFIG_READAHEAD is not set
-# CONFIG_RFKILL is not set
 # CONFIG_RUNLEVEL is not set
 CONFIG_RX=y
 CONFIG_SETSID=y
 CONFIG_STRINGS=y
-# CONFIG_TASKSET is not set
-# CONFIG_FEATURE_TASKSET_FANCY is not set
 CONFIG_TIME=y
 CONFIG_TIMEOUT=y
 CONFIG_TTYSIZE=y
 CONFIG_VOLNAME=y
-# CONFIG_WALL is not set
 CONFIG_WATCHDOG=y
 
 #
@@ -736,13 +770,13 @@ CONFIG_FAKEIDENTD=y
 CONFIG_FTPD=y
 CONFIG_FEATURE_FTP_WRITE=y
 CONFIG_FEATURE_FTPD_ACCEPT_BROKEN_LIST=y
+CONFIG_FEATURE_FTP_AUTHENTICATION=y
 CONFIG_FTPGET=y
 CONFIG_FTPPUT=y
 CONFIG_FEATURE_FTPGETPUT_LONG_OPTIONS=y
 CONFIG_HOSTNAME=y
 CONFIG_HTTPD=y
 CONFIG_FEATURE_HTTPD_RANGES=y
-CONFIG_FEATURE_HTTPD_USE_SENDFILE=y
 CONFIG_FEATURE_HTTPD_SETUID=y
 CONFIG_FEATURE_HTTPD_BASIC_AUTH=y
 CONFIG_FEATURE_HTTPD_AUTH_MD5=y
@@ -799,6 +833,7 @@ CONFIG_FEATURE_NETSTAT_PRG=y
 CONFIG_NSLOOKUP=y
 CONFIG_NTPD=y
 CONFIG_FEATURE_NTPD_SERVER=y
+CONFIG_FEATURE_NTPD_CONF=y
 CONFIG_PSCAN=y
 CONFIG_ROUTE=y
 CONFIG_SLATTACH=y
@@ -827,6 +862,7 @@ CONFIG_FEATURE_TRACEROUTE_VERBOSE=y
 # CONFIG_FEATURE_TRACEROUTE_USE_ICMP is not set
 CONFIG_TUNCTL=y
 CONFIG_FEATURE_TUNCTL_UG=y
+# CONFIG_UDHCPC6 is not set
 CONFIG_UDHCPD=y
 CONFIG_DHCPRELAY=y
 CONFIG_DUMPLEASES=y
@@ -835,6 +871,7 @@ CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY=y
 CONFIG_DHCPD_LEASES_FILE="/var/lib/misc/udhcpd.leases"
 CONFIG_UDHCPC=y
 CONFIG_FEATURE_UDHCPC_ARPING=y
+CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y
 # CONFIG_FEATURE_UDHCP_PORT is not set
 CONFIG_UDHCP_DEBUG=9
 CONFIG_FEATURE_UDHCP_RFC3397=y
@@ -873,6 +910,7 @@ CONFIG_SENDMAIL=y
 # Process Utilities
 #
 CONFIG_IOSTAT=y
+CONFIG_LSOF=y
 CONFIG_MPSTAT=y
 CONFIG_NMETER=y
 CONFIG_PMAP=y
@@ -880,6 +918,13 @@ CONFIG_POWERTOP=y
 CONFIG_PSTREE=y
 CONFIG_PWDX=y
 CONFIG_SMEMCAP=y
+CONFIG_TOP=y
+CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE=y
+CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS=y
+CONFIG_FEATURE_TOP_SMP_CPU=y
+CONFIG_FEATURE_TOP_DECIMALS=y
+CONFIG_FEATURE_TOP_SMP_PROCESS=y
+CONFIG_FEATURE_TOPMEM=y
 CONFIG_UPTIME=y
 # CONFIG_FEATURE_UPTIME_UTMP_SUPPORT is not set
 CONFIG_FREE=y
@@ -894,18 +939,12 @@ CONFIG_FEATURE_PIDOF_OMIT=y
 CONFIG_PKILL=y
 CONFIG_PS=y
 CONFIG_FEATURE_PS_WIDE=y
+CONFIG_FEATURE_PS_LONG=y
 # CONFIG_FEATURE_PS_TIME is not set
 # CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS is not set
 # CONFIG_FEATURE_PS_UNUSUAL_SYSTEMS is not set
 CONFIG_RENICE=y
 CONFIG_BB_SYSCTL=y
-CONFIG_TOP=y
-CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE=y
-CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS=y
-CONFIG_FEATURE_TOP_SMP_CPU=y
-CONFIG_FEATURE_TOP_DECIMALS=y
-CONFIG_FEATURE_TOP_SMP_PROCESS=y
-CONFIG_FEATURE_TOPMEM=y
 CONFIG_FEATURE_SHOW_THREADS=y
 CONFIG_WATCH=y
 
@@ -951,6 +990,7 @@ CONFIG_ASH_GETOPTS=y
 CONFIG_ASH_BUILTIN_ECHO=y
 CONFIG_ASH_BUILTIN_PRINTF=y
 CONFIG_ASH_BUILTIN_TEST=y
+CONFIG_ASH_HELP=y
 CONFIG_ASH_CMDCMD=y
 # CONFIG_ASH_MAIL is not set
 CONFIG_ASH_OPTIMIZE_FOR_SIZE=y
@@ -1000,6 +1040,11 @@ CONFIG_FEATURE_IPC_SYSLOG=y
 CONFIG_FEATURE_IPC_SYSLOG_BUFFER_SIZE=16
 CONFIG_LOGREAD=y
 CONFIG_FEATURE_LOGREAD_REDUCED_LOCKING=y
+CONFIG_FEATURE_KMSG_SYSLOG=y
 CONFIG_KLOGD=y
+
+#
+# klogd should not be used together with syslog to kernel printk buffer
+#
 CONFIG_FEATURE_KLOGD_KLOGCTL=y
 CONFIG_LOGGER=y

+ 1 - 1
LibOS/shim/test/apps/make/Makefile

@@ -49,4 +49,4 @@ clean-manifests:
 	rm -rf $(manifests)
 
 clean-tests:
-	for d in $(test_targets); do (make -C $$d clean || true); done
+	for d in $(test_targets); do ([ ! -d $$d ] || make -C $$d clean); done

+ 2 - 2
LibOS/shim/test/apps/make/graphene/Makefile

@@ -1,7 +1,7 @@
 SRCDIR = LibOS/shim/src
 
 all:
-	$(MAKE) $(if $(NPROC),-j$(NPROC),) -C $(SRCDIR)
+	[ ! -d $(SRCDIR) ] || $(MAKE) $(if $(NPROC),-j$(NPROC),) -C $(SRCDIR)
 
 clean:
-	$(MAKE) -C $(SRCDIR) clean
+	[ ! -d $(SRCDIR) ] || $(MAKE) -C $(SRCDIR) clean

+ 11 - 3
LibOS/shim/test/apps/pal_loader

@@ -5,13 +5,21 @@ PAL=$PAL_DIR/pal
 PAL_SEC=$PAL_DIR/pal_sec
 
 MANIFEST=
-GDB=
+GDB_CMD=
 PAL_CMD=$PAL
 
+if [ "$GDB" == "1" ]; then
+	GDB_CMD="gdb --args"
+fi
+
+if [ "$SEC" == "1" ]; then
+	PAL_CMD=$PAL_SEC
+fi
+
 while [ "$1" != "" ];
 do
 	if [ "$1" = "-gdb" ]; then
-		GDB="gdb --args"
+		GDB_CMD="gdb --args"
 		shift
 		continue
 	fi
@@ -36,4 +44,4 @@ if [ ! -f "$PAL_CMD" ]; then
 	exit 1
 fi
 
-exec $GDB $PAL $MANIFEST $*
+exec $GDB_CMD $PAL_CMD $MANIFEST $*

+ 10 - 5
LibOS/shim/test/native/Makefile

@@ -1,8 +1,8 @@
 CFLAGS-libos = -L../../../build/libos -I../../include
 
+SPECIALS = static pie
 NATIVE_TESTS_CPP = $(patsubst %.cpp,%,$(wildcard *.cpp))
-NATIVE_TESTS_STATIC = static
-NATIVE_TESTS = $(filter-out $(NATIVE_TESTS_STATIC),$(patsubst %.c,%,$(wildcard *.c)))
+NATIVE_TESTS = $(patsubst %.c,%,$(wildcard *.c))
 
 targets = $(NATIVE_TESTS) $(NATIVE_TESTS_CPP) $(NATIVE_TESTS_STATIC) \
 	  manifest static.manifest pal pal_sec
@@ -28,21 +28,26 @@ test-helloworld.pthread = grep -q "Hello World" OUTPUT
 	rm -rf $@
 	cp $@.template $@
 
-$(NATIVE_TESTS): %: %.c
+$(filter-out $(SPECIALS),$(NATIVE_TESTS)): %: %.c
 	@echo [ $@ ]
 	@$(CC) $(CFLAGS) $(if $(findstring .libos,$@),$(CFLAGS-libos),) -o $@ $< \
 	$(shell echo $@ | sed 's/^[^\.]*//g' | sed 's/\./ -l/g')
 
-$(NATIVE_TESTS_CPP): %: %.cpp
+$(filter-out $(SPECIALS),$(NATIVE_TESTS_CPP)): %: %.cpp
 	@echo [ $@ ]
 	@$(CC) $(CFLAGS) -o $@ $< \
 	$(shell echo $@ | sed 's/^[^\.]*//g' | sed 's/\./ -l/g')
 
-$(NATIVE_TESTS_STATIC): %: %.c
+static: %: %.c
 	@echo [ $@ ]
 	@$(CC) $(CFLAGS) -o $@ -static $< \
 	$(shell echo $@ | sed 's/^[^\.]*//g' | sed 's/\./ -l/g')
 
+pie: %: %.c
+	@echo [ $@ ]
+	@$(CC) $(CFLAGS) -fPIC --pie -o $@ $< \
+	$(shell echo $@ | sed 's/^[^\.]*//g' | sed 's/\./ -l/g')
+
 test-helloworld = grep -q "Hello world" OUTPUT
 
 clean-exec:

+ 12 - 0
LibOS/shim/test/native/pie.c

@@ -0,0 +1,12 @@
+/* -*- mode:c; c-file-style:"k&r"; c-basic-offset: 4; tab-width:4; indent-tabs-mode:nil; mode:auto-fill; fill-column:78; -*- */
+/* vim: set ts=4 sw=4 et tw=78 fo=cqt wm=0: */
+
+/* a simple helloworld test */
+
+#include <stdio.h>
+
+int main(int argc, char ** argv)
+{
+    printf("Hello world (%s)!\n", argv[0]);
+    return 0;
+}

+ 2 - 8
Pal/Makefile

@@ -13,7 +13,7 @@ endif
 
 DIRS = src test
 
-all debug:
+all debug clean:
 	for d in $(DIRS); \
 	do \
 		make -C $$d $@; \
@@ -32,7 +32,7 @@ $(LINUX_SRC)/Makefile:
 	tar -xzf $(LINUX_SRC).tar.gz
 	[ ! -f $(LINUX_SRC).patch ] || git apply $(LINUX_SRC).patch
 
-$(LINUX_SRC)/.config:
+$(LINUX_SRC)/.config: $(LINUX_SRC)/Makefile
 	cd $(LINUX_SRC) && make menuconfig
 
 install: $(LINUX_KERNEL)
@@ -53,9 +53,3 @@ endif
 .PHONY: test
 test:
 	make -C test test
-
-clean:
-	for d in $(DIRS) $(LINUX_KERNEL); \
-	do \
-		make -C $$d clean; \
-	done

+ 43 - 47
Pal/linux-3.14/graphene/graphene.c

@@ -507,9 +507,7 @@ static int __unix_perm(struct sockaddr *address, int addrlen)
 {
 	struct graphene_info *gi = get_graphene_info(current->graphene);
 	const char *path, *sun_path;
-	struct nameidata nd;
-	struct path *p = NULL;
-	int err = 0;
+	int err = 0, path_len;
 
 	if (!gi->gi_unix)
 		return -EPERM;
@@ -519,44 +517,46 @@ static int __unix_perm(struct sockaddr *address, int addrlen)
 	if (gi->gi_unix->root.mnt) {
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 6, 0)
 		struct path parent;
+		const char *s;
 
-		err = kern_path(path, LOOKUP_FOLLOW, &nd.path);
-		if (!err)
+		err = kern_path(path, LOOKUP_PARENT, &parent);
+		if (err)
 			return err;
 
-		p = &nd.path;
-
-		err = vfs_path_lookup(nd.path.dentry, nd.path.mnt, "..", 0,
-				      &parent);
-		if (!err)
-			goto denied;
-
 		if (!path_equal(&gi->gi_unix->root, &parent))
 			goto denied;
 
 		path_put(&parent);
-		path = nd.path.dentry->d_name.name;
+		/* find the last name */
+		for (s = path; *s ; s++)
+			if (*s == '/')
+				path = s + 1;
+		path_len = s - path;
 #else
+		struct nameidata nd;
 		err = kern_path_parent(path, &nd);
-		if (!err)
+		if (err)
 			return err;
 
 		path_put(&nd.path);
 		path = nd.last.name;
+		path_len = nd.last.len;
 
 		if (!path_equal(&gi->gi_unix->root, &nd.path))
 			goto denied;
 
 #endif
+	} else {
+		path_len = strlen(path);
 	}
 
-	if (gi->gi_unix->prefix.len &&
-	    memcmp(path, gi->gi_unix->prefix.name,
-		   gi->gi_unix->prefix.len))
-		err = -EPERM;
-
-	if (p)
-		path_put(p);
+	if (gi->gi_unix->prefix.len) {
+		if (gi->gi_unix->prefix.len > path_len ||
+		    memcmp(path,
+			   gi->gi_unix->prefix.name,
+			   gi->gi_unix->prefix.len))
+			err = -EPERM;
+	}
 
 	if (!err)
 		return 0;
@@ -566,8 +566,6 @@ denied:
 	printk(KERN_INFO "Graphene: DENY PID %d SOCKET %s\n",
 	       current->pid, sun_path);
 #endif
-	if (p)
-		path_put(p);
 	return -EPERM;
 }
 
@@ -581,12 +579,12 @@ static int net_cmp(int family, int addr_any, int port_any,
 
 		if (!addr_any) {
 			if (a->sin_addr.s_addr != ga->addr.sin_addr.s_addr)
-				return -EPERM;
+				return 1;
 		}
 		if (!port_any) {
 			unsigned short port = ntohs(a->sin_port);
 			if (!(port >= ga->port_begin && port <= ga->port_end))
-				return -EPERM;
+				return 1;
 		}
 
 		break;
@@ -598,12 +596,12 @@ static int net_cmp(int family, int addr_any, int port_any,
 		if (!addr_any) {
 			if (memcmp(&a6->sin6_addr, &ga->addr.sin6_addr,
 				   sizeof(struct in6_addr)))
-				return -EPERM;
+				return 1;
 		}
 		if (!port_any) {
 			unsigned short port = ntohs(a6->sin6_port);
 			if (!(port >= ga->port_begin && port <= ga->port_end))
-				return -EPERM;
+				return 1;
 		}
 
 		break;
@@ -753,7 +751,7 @@ int __common_net_perm(struct graphene_info *gi, int op, struct socket *sock,
 		local_needcmp = 1;
 
 		err = sock->ops->getname(sock, local_addr, &local_addrlen, 0);
-		if (err < 0)
+		if (err)
 			return err;
 	}
 
@@ -772,18 +770,16 @@ int __common_net_perm(struct graphene_info *gi, int op, struct socket *sock,
 			continue;
 
 		if (local_needcmp) {
-			err = net_cmp(sk->sk_family, gn->flags & LOCAL_ADDR_ANY,
-				      gn->flags & LOCAL_PORT_ANY,
-				      &gn->local, local_addr, local_addrlen);
-			if (err < 0)
+			if (net_cmp(sk->sk_family, gn->flags & LOCAL_ADDR_ANY,
+				    gn->flags & LOCAL_PORT_ANY,
+				    &gn->local, local_addr, local_addrlen))
 				continue;
 		}
 
 		if (peer_needcmp) {
-			err = net_cmp(sk->sk_family, gn->flags & PEER_ADDR_ANY,
-				      gn->flags & PEER_PORT_ANY,
-				      &gn->peer, peer_addr, peer_addrlen);
-			if (err < 0)
+			if (net_cmp(sk->sk_family, gn->flags & PEER_ADDR_ANY,
+				    gn->flags & PEER_PORT_ANY,
+				    &gn->peer, peer_addr, peer_addrlen))
 				continue;
 		}
 
@@ -1112,7 +1108,7 @@ int set_graphene(struct task_struct *current_tsk,
 #endif
 
 	rv = copy_from_user(&npolicies, &gpolicies->npolicies, sizeof(int));
-	if (rv < 0)
+	if (rv)
 		return -EFAULT;
 
 	if (npolicies && !policies)
@@ -1146,8 +1142,10 @@ int set_graphene(struct task_struct *current_tsk,
 		int type, flags;
 		rv = copy_from_user(&ptmp, policies + i,
 				    sizeof(struct graphene_user_policy));
-		if (rv < 0)
+		if (rv) {
+			rv = -EFAULT;
 			goto err;
+		}
 
 		if (!ptmp.value) {
 			rv = -EINVAL;
@@ -1270,8 +1268,10 @@ int set_graphene(struct task_struct *current_tsk,
 
 			rv = copy_from_user(&np, ptmp.value,
 					    sizeof(struct graphene_net_policy));
-			if (rv < 0)
+			if (rv) {
+				rv = -EFAULT;
 				goto err;
+			}
 
 			rv = set_net_rule(&np, gi);
 			if (rv < 0)
@@ -1384,14 +1384,10 @@ static int do_close_sock(struct graphene_info *gi, struct socket *sock,
 	inet = inet_sk(sk);
 	if (inet->inet_dport) {
 		err = sock->ops->getname(sock, addr, &len, 1);
-		if (err < 0)
-			return err;
-
-		err = __common_net_perm(gi, OP_CONNECT, sock, addr, len);
-		if (err < 0)
+		if (err)
 			return err;
 
-		return 0;
+		return __common_net_perm(gi, OP_CONNECT, sock, addr, len);
 	}
 
 	if (!inet->inet_num)
@@ -1401,7 +1397,7 @@ static int do_close_sock(struct graphene_info *gi, struct socket *sock,
 		err = __common_net_perm(gi, OP_LISTEN, sock, NULL, 0);
 	} else {
 		err = sock->ops->getname(sock, addr, &len, 0);
-		if (err < 0)
+		if (err)
 			return err;
 
 		err = __common_net_perm(gi, OP_BIND, sock, addr, len);
@@ -1539,7 +1535,7 @@ static int update_graphene(struct task_struct *current_tsk,
 		}
 		if (new->gi_unix->prefix.len) {
 			int err = add_graphene_unix(new->gi_unix);
-			if (err < 0)
+			if (err)
 				return err;
 		}
 		close_unix = 1;

+ 11 - 37
Pal/src/db_main.c

@@ -83,8 +83,10 @@ int load_libraries (struct config_store * root_config, const char ** msg)
     return 0;
 }
 
-static void read_envs (const char ** envp)
+static void read_envs (const char *** envpp)
 {
+    const char ** envp = *envpp;
+
     if (!pal_config.root_config)
         goto done;
 
@@ -160,37 +162,10 @@ static void read_envs (const char ** envp)
     }
 
 done:
-    pal_config.environments = envp;
+    *envpp = envp;
 }
 
-static void * find_heap_base (void)
-{
-    /* This function is to allocate an area to map preloaded loibraries,
-       but try to get around future address of PAL caused by ASLR.
-       The top of heap must be at least 1/16 of the area below where PAL
-       is loaded. The address is still randomized. */
-    unsigned long heap_base = (unsigned long) pal_config.lib_text_start;
-    unsigned long pal_size = pal_config.lib_data_end -
-                             pal_config.lib_text_start;
-    unsigned long base = allocsize;
-
-    while ((base >> 12) < pal_size)
-        base <<= 1;
-    while ((base << 6) < heap_base)
-        base <<= 1;
-
-    heap_base &= allocmask;
-    while ((heap_base -= base) > base) {
-        void * heap = (void *) heap_base;
-        if (!_DkVirtualMemoryAlloc(&heap, allocsize, PAL_ALLOC_RESERVE,
-                                   PAL_PROT_NONE))
-            return heap;
-    }
-
-    return NULL;
-}
-
-void start_execution (int argc, const char ** argv);
+void start_execution (int argc, const char ** argv, const char ** envp);
 
 void pal_main (int argc, const char ** argv, const char ** envp)
 {
@@ -244,10 +219,7 @@ void pal_main (int argc, const char ** argv, const char ** envp)
         }
     }
 
-    read_envs(envp);
-
-    if (!pal_config.heap_base)
-        pal_config.heap_base = find_heap_base();
+    read_envs(&envp);
 
     if (pal_config.root_config) {
         struct config_store * cfg = pal_config.root_config;
@@ -291,11 +263,13 @@ void pal_main (int argc, const char ** argv, const char ** envp)
         pal_config.root_config = NULL;
     }
 
-    __pal_control.manifest_handle = pal_config.manifest_handle;
-    __pal_control.executable = pal_config.exec;
+    __pal_control.manifest_handle    = pal_config.manifest_handle;
+    __pal_control.executable         = pal_config.exec;
+    __pal_control.user_address_begin = pal_config.user_addr_start;
+    __pal_control.user_address_end   = pal_config.user_addr_end;
 
     /* Now we will start the execution */
-    start_execution(argc, argv);
+    start_execution(argc, argv, envp);
 
     /* We wish we will never reached here */
     printf("unexpected termination\n");

+ 22 - 21
Pal/src/db_rtld.c

@@ -151,20 +151,20 @@ void setup_elf_hash (struct link_map *map)
     map->l_chain = hash;
 }
 
-static void * __heap_base = NULL;
-
-static ElfW(Addr) __get_heap_base (size_t size)
+static ElfW(Addr) __get_map_addr (size_t size, enum object_type type)
 {
-    if (__heap_base == (void *) -1)
-        return 0;
-
-    if (!__heap_base &&
-        !(__heap_base = pal_config.heap_base)) {
-        __heap_base = (void *) -1;
-        return 0;
-    }
+    return type == OBJECT_EXEC ?
+           (ElfW(Addr)) pal_config.user_addr_start :
+           (ElfW(Addr)) pal_config.user_addr_end - ALLOC_ALIGNUP(size);
+}
 
-    return (ElfW(Addr)) (__heap_base -= ALLOC_ALIGNUP(size));
+static void __save_map_addr (ElfW(Addr) addr, size_t size,
+                             enum object_type type)
+{
+    if (type == OBJECT_EXEC)
+        pal_config.user_addr_start = (void *) ALLOC_ALIGNUP(addr + size);
+    else
+        pal_config.user_addr_end = (void *) ALLOC_ALIGNDOWN(addr);
 }
 
 /* Map in the shared object NAME, actually located in REALNAME, and already
@@ -183,7 +183,7 @@ map_elf_object_by_handle (PAL_HANDLE handle, enum object_type type,
         errstring = "cannot stat shared object";
         errval = PAL_ERROR_INVAL;
 call_lose:
-        printf("%s (%d)\n", errstring, PAL_STRERROR(errval));
+        printf("%s (%s)\n", errstring, PAL_STRERROR(errval));
         return NULL;
     }
 
@@ -328,7 +328,7 @@ call_lose:
            As a refinement, sometimes we have an address that we would
            prefer to map such objects at; but this is only a preference,
            the OS can do whatever it likes. */
-        ElfW(Addr) mappref = __get_heap_base(maplength);
+        ElfW(Addr) mappref = __get_map_addr(maplength, type);
 
         /* Remember which part of the address space this object uses.  */
         errval = _DkStreamMap(handle, (void **) &mappref,
@@ -342,8 +342,9 @@ map_error:
             goto call_lose;
         }
 
+        __save_map_addr(mappref, maplength, type);
         l->l_map_start = mappref;
-        l->l_map_end = l->l_map_start + maplength;
+        l->l_map_end = mappref + maplength;
         l->l_addr = l->l_map_start - c->mapstart;
 
         if (has_holes)
@@ -361,6 +362,7 @@ map_error:
 
     /* Remember which part of the address space this object uses.  */
     l->l_map_start = c->mapstart + l->l_addr;
+    __save_map_addr(l->l_map_start, maplength, type);
     l->l_map_end = l->l_map_start + maplength;
 
     while (c < &loadcmds[nloadcmds]) {
@@ -1039,7 +1041,7 @@ void DkDebugDetachBinary (PAL_PTR start_addr)
 {
 }
 
-void start_execution (int argc, const char ** argv)
+void start_execution (int argc, const char ** argv, const char ** envp)
 {
     /* First we will try to run all the preloaded libraries which come with
        entry points */
@@ -1057,7 +1059,7 @@ void start_execution (int argc, const char ** argv)
     size_t ncookies = argc + 2; /* 1 for argc, argc + 1 for argv */
 
     /* Then we count envp */
-    for (const char ** e = pal_config.environments; *e; e++)
+    for (const char ** e = envp; *e; e++)
         ncookies++;
 
     ncookies++; /* for NULL-end */
@@ -1077,9 +1079,8 @@ void start_execution (int argc, const char ** argv)
 
     size_t cnt = argc + 2;
 
-    if (pal_config.environments)
-        for (i = 0 ; pal_config.environments[i]; i++)
-            cookies[cnt++] = (unsigned long int) pal_config.environments[i];
+    for (i = 0 ; envp[i]; i++)
+        cookies[cnt++] = (unsigned long int) envp[i];
 
     cookies[cnt++] = 0;
 
@@ -1148,7 +1149,7 @@ NO_PRELOAD:
         /* This part is awesome. Don't risk changing it!! */
 #if defined(__x86_64__)
         ret = ((int (*) (int, const char **, const char **))
-               exec_map->l_entry) (argc, argv, pal_config.environments);
+               exec_map->l_entry) (argc, argv, envp);
 #else
 # error "architecture not supported"
 #endif

+ 1 - 1
Pal/src/db_streams.c

@@ -361,7 +361,7 @@ DkStreamWrite (PAL_HANDLE handle, PAL_NUM offset, PAL_NUM count,
 
 /* _DkStreamAttributesQuery of internal use. The function query attribute
    of streams by their URI */
-int _DkStreamAttributesQuery (PAL_STR uri, PAL_STREAM_ATTR * attr)
+int _DkStreamAttributesQuery (const char * uri, PAL_STREAM_ATTR * attr)
 {
     struct handle_ops * ops = NULL;
     const char * type = NULL;

+ 1 - 1
Pal/src/host/Linux/Makefile

@@ -16,7 +16,7 @@ ARFLAGS	=
 
 host_target = libpal-Linux.a
 
-defs	= -DIN_PAL -DPAL_LOADER_PATH="$(shell readlink -f ../../pal)" \
+defs	= -DIN_PAL -DSRCDIR="$(PWD)/" -DPAL_LOADER_PATH="$(shell readlink -f ../../pal)" \
 	  -DGDB_SCRIPT="$(CURDIR)/pal-gdb.py"
 objs	= $(addprefix db_,files devices pipes sockets streams memory threading \
 	    semaphore mutex events process object main rtld misc ipc \

+ 68 - 29
Pal/src/host/Linux/db_main.c

@@ -70,8 +70,6 @@ static gid_t gid;
 static ElfW(Addr) sysinfo_ehdr;
 #endif
 
-static const char * child_args;
-
 static void pal_init_bootstrap (void * args, int * pargc,
                                 const char *** pargv,
                                 const char *** penvp)
@@ -123,17 +121,8 @@ static void pal_init_bootstrap (void * args, int * pargc,
 #endif
         }
 
-    if (!memcmp(*argv + strlen(*argv) - 3, "pal", 3)) {
-        argv++;
-        argc--;
-
-        if (argc >= 1 && (*argv)[0] == ':') {
-            child_args = (*argv) + 1;
-            argv++;
-            argc--;
-        }
-    }
-
+    argv++;
+    argc--;
     *pargc = argc;
     *pargv = argv;
     *penvp = envp;
@@ -252,6 +241,9 @@ void pal_linux_main (void * args)
                          pal_addr);
     ELF_DYNAMIC_RELOCATE(pal_dyn, pal_addr);
 
+    allocsize  = PRESET_PAGESIZE;
+    allocshift = PRESET_PAGESIZE - 1;
+    allocmask  = ~(PRESET_PAGESIZE - 1);
     init_slab_mgr();
 
     setup_pal_map(XSTRINGIFY(SRCDIR) "/pal", pal_dyn, pal_addr);
@@ -269,9 +261,9 @@ int create_domain_dir (void)
 
     if (IS_ERR(ret) && ERRNO(ret) != EEXIST) {
         if (ERRNO(ret) == ENOENT) {
-            ret = INLINE_SYSCALL(mkdir, 2, (path = GRAPHENE_TMPDIR), 0777);
+            ret = INLINE_SYSCALL(mkdir, 2, (path = GRAPHENE_TEMPDIR), 0777);
             if (!IS_ERR(ret)) {
-                INLINE_SYSCALL(chmod, 2, GRAPHENE_TMPDIR, 0777);
+                INLINE_SYSCALL(chmod, 2, GRAPHENE_TEMPDIR, 0777);
                 ret = INLINE_SYSCALL(mkdir, 2, (path = GRAPHENE_PIPEDIR), 0777);
             }
         }
@@ -286,7 +278,7 @@ int create_domain_dir (void)
     if (!IS_ERR(ret))
         INLINE_SYSCALL(chmod, 2, GRAPHENE_PIPEDIR, 0777);
 
-    char * pipedir = __alloca(GRAPHENE_PIPEDIR_LEN + 10);
+    char * pipedir = __alloca(sizeof(GRAPHENE_PIPEDIR) + 10);
     unsigned int id;
 
     do {
@@ -295,7 +287,7 @@ int create_domain_dir (void)
             return -PAL_ERROR_DENIED;
         }
 
-        snprintf(pipedir, GRAPHENE_PIPEDIR_LEN + 10,
+        snprintf(pipedir, sizeof(GRAPHENE_PIPEDIR) + 10,
                  GRAPHENE_PIPEDIR "/%08x", id);
 
         ret = INLINE_SYSCALL(mkdir, 2, pipedir, 0700);
@@ -311,9 +303,6 @@ int create_domain_dir (void)
     return 0;
 }
 
-int init_child_process (const char * proc_args);
-int signal_setup (void);
-
 #if USE_VDSO_GETTIME == 1
 void setup_vdso_map (ElfW(Addr) addr);
 #endif
@@ -329,22 +318,68 @@ int _DkInitHost (int * pargc, const char *** pargv)
     const char ** argv = *pargv, * first_argv = NULL;
     int ret = 0;
 
-    if (!child_args && !argc) {
+    struct pal_proc_args proc_args;
+    void * proc_data;
+    bool in_child = false;
+
+    ret = INLINE_SYSCALL(read, 3, PROC_INIT_FD, &proc_args,
+                         sizeof(proc_args));
+
+    if (IS_ERR(ret) && ERRNO(ret) != EBADF)
+        return -PAL_ERROR_DENIED;
+
+    if (!IS_ERR(ret)) {
+        in_child = true;
+        proc_data = __alloca(proc_args.data_size);
+        ret = INLINE_SYSCALL(read, 3, PROC_INIT_FD, proc_data,
+                             proc_args.data_size);
+        if (IS_ERR(ret) || ret < proc_args.data_size)
+            return -PAL_ERROR_DENIED;
+    }
+
+    if (!in_child && !argc) {
         printf("USAGE: libpal.so [executable|manifest] args ...\n");
         return -PAL_ERROR_INVAL;
     }
 
     pal_linux_config.pid = INLINE_SYSCALL(getpid, 0);
 
+    pal_config.user_addr_end = (void *)
+                    ALLOC_ALIGNDOWN(pal_config.lib_text_start);
+
+    /* look for lowest mappable address, starting at 0x400000 */
+    if (pal_sec_info.user_addr_base) {
+        pal_config.user_addr_start = pal_sec_info.user_addr_base;
+    } else {
+        void * base = (void *) 0x400000;
+        for (; base < pal_config.user_addr_end ;
+             base = (void *) ((unsigned long) base << 4)) {
+            void * mem = (void *) ARCH_MMAP(base, allocsize,
+                                            PROT_NONE,
+                                            MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE,
+                                            -1, 0);
+            if (IS_ERR_P(mem))
+                continue;
+            INLINE_SYSCALL(munmap, 2, mem, allocsize);
+            if (mem == base)
+                break;
+        }
+
+        pal_sec_info.user_addr_base = pal_config.user_addr_start = base;
+    }
+
     signal_setup();
 
-    if (child_args) {
-        if ((ret = init_child_process(child_args)) < 0)
+    if (in_child) {
+        if ((ret = init_child_process(&proc_args, proc_data)) < 0)
             return ret;
 
         goto read_manifest;
     }
 
+    /* occupy PROC_INIT_FD so no one will use it */
+    INLINE_SYSCALL(dup2, 2, 0, PROC_INIT_FD);
+
     if (!(ret = read_shebang(argv)) < 0)
         goto read_manifest;
 
@@ -399,7 +434,8 @@ read_manifest:
                                                 &attr)) < 0)
         return ret;
 
-    void * cfg_addr = NULL;
+    pal_config.user_addr_end -= ALLOC_ALIGNUP(attr.size);
+    void * cfg_addr = pal_config.user_addr_end;
     size_t cfg_size = attr.size;
 
     if ((ret = _DkStreamMap(pal_config.manifest_handle, &cfg_addr,
@@ -440,7 +476,7 @@ read_manifest:
         }
     }
 
-    if (!child_args) {
+    if (!in_child) {
         if ((len = get_config(root_config, "loader.execname", cfgbuf,
                               CONFIG_MAX)) > 0)
             first_argv = remalloc(cfgbuf, len + 1);
@@ -450,7 +486,7 @@ read_manifest:
     }
 
 done_init:
-    if (!child_args && !pal_sec_info.domain_id) {
+    if (!in_child && !pal_sec_info.domain_id) {
         if ((ret = create_domain_dir()) < 0)
             return ret;
     }
@@ -468,11 +504,14 @@ done_init:
     if (!pal_sec_info.mcast_port) {
         unsigned short mcast_port;
         getrand(&mcast_port, sizeof(unsigned short));
-        pal_sec_info.mcast_port = mcast_port % 1024;
+        if (mcast_port < 1024)
+            mcast_port += 1024;
+        pal_sec_info.mcast_port = mcast_port > 1024 ? mcast_port :
+                                  mcast_port + 1204;
     }
 
-    __pal_control.broadcast_stream = pal_sec_info.mcast_handle ? :
-                            _DkBroadcastStreamOpen(pal_sec_info.mcast_port);
+    __pal_control.broadcast_stream =
+                _DkBroadcastStreamOpen(pal_sec_info.mcast_port);
 
     if (first_argv) {
         argc++;

+ 139 - 225
Pal/src/host/Linux/db_process.c

@@ -51,15 +51,17 @@ typedef __kernel_pid_t pid_t;
 # define SEEK_SET 0
 #endif
 
-int _DkProcessCreate (PAL_HANDLE * handle, const char * uri,
-                      int flags, const char ** args)
+int _DkProcessCreate (PAL_HANDLE * handle,
+                      const char * uri, int flags, const char ** args)
 {
-    int ret, rete = 0;
+    int ret, rete;
 
     const char * manifest_uri   = pal_config.manifest;
     PAL_HANDLE   manifest       = pal_config.manifest_handle;
+    int          manifest_fd    = -1;
     const char * exec_uri       = NULL;
     PAL_HANDLE   exec           = NULL;
+    int          exec_fd        = -1;
     bool         noexec         = false;
 
     if (uri) {
@@ -73,10 +75,18 @@ int _DkProcessCreate (PAL_HANDLE * handle, const char * uri,
             exec = NULL;
             exec_uri = NULL;
         }
+
+        exec_fd = exec->file.fd;
+        INLINE_SYSCALL(fcntl, 3, exec_fd, F_SETFD, 0);
     } else {
         noexec = true;
     }
 
+    if (manifest) {
+        manifest_fd = manifest->file.fd;
+        INLINE_SYSCALL(fcntl, 3, manifest_fd, F_SETFD, 0);
+    }
+
     int fds[6] = { -1, -1, -1, -1, -1, -1 };
 
     if (IS_ERR((ret = INLINE_SYSCALL(pipe2, 2, &fds[0], 0))) ||
@@ -92,69 +102,12 @@ int _DkProcessCreate (PAL_HANDLE * handle, const char * uri,
         { fds[2], fds[1], fds[5] },
     };
 
-    int nargs = 0;
-    if (args) {
-        const char ** p = args;
-        while (*p) {
-            p++;
-            nargs++;
-        }
-    }
-
-# define STRARG_SIZE    256
-
-    const char ** new_args = __alloca(sizeof(const char *) * (nargs + 3));
-    int bufsize = STRARG_SIZE;
-    char * argbuf = __alloca(STRARG_SIZE);
-    new_args[0] = PAL_LOADER;
-    new_args[1] = argbuf;
-    if (args)
-        memcpy(new_args + 2, args, sizeof(const char *) * nargs);
-    new_args[nargs + 2] = NULL;
-
-#define write_arg(...)                                      \
-    do {                                                    \
-        int _len = snprintf(argbuf, bufsize, __VA_ARGS__);  \
-        argbuf += _len;                                     \
-        bufsize -= _len;                                    \
-    } while (0);
-
-    write_arg(":domain=%08x;", pal_sec_info.domain_id);
-
-    int manifest_fd = -1;
-
-    if (manifest) {
-        manifest_fd = manifest->file.fd;
-        INLINE_SYSCALL(fcntl, 3, manifest_fd, F_SETFD, 0);
-        write_arg("manifest=%d,%s;", manifest_fd, manifest_uri ? : "");
-
-        if (manifest != pal_config.manifest_handle)
-            manifest_fd = -1;
-    }
-
-    write_arg("proc=%d,%d,%d,%d;",
-              proc_fds[0][0], proc_fds[0][1], proc_fds[0][2],
-              pal_linux_config.pid);
-
-    if (exec) {
-        int exec_fd = exec->file.fd;
-        INLINE_SYSCALL(fcntl, 3, exec_fd, F_SETFD, 0);
-        write_arg("exec=%d,%s;", exec_fd, exec_uri ? : "");
-    } else if (noexec) {
-        write_arg("noexec;");
-    }
-
-    if (pal_sec_info.pipe_prefix)
-        write_arg("pipe=%s;", pal_sec_info.pipe_prefix);
-
-    if (pal_config.heap_base)
-        write_arg("heap=%lx;", pal_config.heap_base);
-
-    if (pal_sec_info.rand_gen)
-        write_arg("rand=%d;", pal_sec_info.rand_gen);
-
-    if (pal_sec_info.mcast_port)
-        write_arg("mcast=%u;", pal_sec_info.mcast_port);
+    int argc = 0;
+    if (args) for (; args[argc] ; argc++);
+    const char ** argv = __alloca(sizeof(const char *) * (argc + 2));
+    argv[0] = PAL_LOADER;
+    if (args) memcpy(&argv[1], args, sizeof(const char *) * argc);
+    argv[argc + 1] = NULL;
 
     ret = ARCH_VFORK();
 
@@ -167,14 +120,19 @@ int _DkProcessCreate (PAL_HANDLE * handle, const char * uri,
         for (int i = 0 ; i < 3 ; i++)
             INLINE_SYSCALL(close, 1, proc_fds[1][i]);
 
+        INLINE_SYSCALL(close, 1, PROC_INIT_FD);
+        rete = INLINE_SYSCALL(dup2, 2, proc_fds[0][0], PROC_INIT_FD);
+        if (IS_ERR(rete))
+            goto out_child;
+
         if (manifest_fd >= 0)
             INLINE_SYSCALL(fcntl, 3, manifest_fd, F_SETFD, 0);
 
-        rete = INLINE_SYSCALL(execve, 3,  PAL_LOADER, new_args,
-                              pal_config.environments);
+        rete = INLINE_SYSCALL(execve, 3, PAL_LOADER, argv, NULL);
 
         /* shouldn't get to here */
         printf("unexpected failure of new process\n");
+out_child:
         asm("hlt");
         return 0;
     }
@@ -187,6 +145,67 @@ int _DkProcessCreate (PAL_HANDLE * handle, const char * uri,
     for (int i = 0 ; i < 3 ; i++)
         INLINE_SYSCALL(close, 1, proc_fds[0][i]);
 
+    int pipe_in = proc_fds[1][0], pipe_out = proc_fds[1][1];
+    unsigned short data_size = 0;
+    unsigned short exec_uri_offset = 0, manifest_uri_offset = 0;
+
+    if (exec_uri) {
+        int len = strlen(exec_uri);
+        exec_uri_offset = data_size;
+        data_size += len + 1;
+    }
+
+    if (manifest_fd >= 0) {
+        int len = strlen(manifest_uri);
+        manifest_uri_offset = data_size;
+        data_size += len + 1;
+    }
+
+    struct pal_proc_args * proc_args = __alloca(sizeof(struct pal_proc_args) +
+                                                data_size);
+    void * data = ((void *) proc_args) + sizeof(struct pal_proc_args);
+    memset(proc_args, 0, sizeof(struct pal_proc_args));
+    memcpy(&proc_args->pal_sec_info, &pal_sec_info, sizeof(struct pal_sec_info));
+    proc_args->pal_sec_info._dl_debug_state = NULL;
+    proc_args->pal_sec_info._r_debug = NULL;
+    proc_args->proc_fds[0] = proc_fds[0][0];
+    proc_args->proc_fds[1] = proc_fds[0][1];
+    proc_args->proc_fds[2] = proc_fds[0][2];
+    proc_args->parent_pid  = pal_linux_config.pid;
+    proc_args->exec_fd = (exec_fd == -1) ? PAL_IDX_POISON : exec_fd;
+    proc_args->noexec  = noexec;
+    proc_args->manifest_fd = (manifest_fd == -1) ? PAL_IDX_POISON : manifest_fd;
+
+    if (exec_uri)
+        memcpy(data + (proc_args->exec_uri_offset = exec_uri_offset),
+               exec_uri, strlen(exec_uri) + 1);
+
+    if (manifest_uri)
+        memcpy(data + (proc_args->manifest_uri_offset = manifest_uri_offset),
+               manifest_uri, strlen(manifest_uri) + 1);
+
+    proc_args->data_size = data_size;
+
+    ret = INLINE_SYSCALL(write, 3, pipe_out, proc_args,
+                         sizeof(struct pal_proc_args) + data_size);
+
+    if (IS_ERR(ret) || ret < sizeof(struct pal_proc_args) + data_size) {
+        ret = -PAL_ERROR_DENIED;
+        goto out;
+    }
+
+    ret = INLINE_SYSCALL(read, 3, pipe_in, &rete, sizeof(int));
+
+    if (IS_ERR(ret) || ret < sizeof(int)) {
+        ret = -PAL_ERROR_DENIED;
+        goto out;
+    }
+
+    if (rete < 0) {
+        ret = rete;
+        goto out;
+    }
+
     for (int i = 0 ; i < 3 ; i++)
         INLINE_SYSCALL(fcntl, 3, proc_fds[1][i], F_SETFD, FD_CLOEXEC);
 
@@ -211,166 +230,61 @@ out:
     return ret;
 }
 
-static void read_child_args (const char * val, int vlen,
-                             void * arg1, bool isnum1,
-                             void * arg2, bool isnum2,
-                             void * arg3, bool isnum3,
-                             void * arg4, bool isnum4)
-{
-    const char * v1 = val, * v2 = v1, * end = val + vlen;
-    void * arg[4] = { arg1, arg2, arg3, arg4 };
-    bool isnum[4] = { isnum1, isnum2, isnum3, isnum4 };
-
-    for (int i = 0 ; i < 4 ; i++) {
-        if (!arg[i])
-            return;
-
-        while (v2 < end && *v2 != ',')
-            v2++;
-
-        if (v1 >= end || v2 <= v1) {
-            if (isnum[i])
-                *(int *) arg[i] = 0;
-            else
-                ((char *) arg[i])[0] = 0;
-            continue;
-        }
-
-        if (isnum[i]) {
-            *(int *) arg[i] = atoi(v1);
-        } else {
-            memcpy((char *) arg[i], v1, v2 - v1);
-            ((char *) arg[i])[v2 - v1] = 0;
-        }
-
-        v2 = v1 = v2 + 1;
-    }
-}
-
-static inline bool set_fd_cloexec (int fd)
+int init_child_process (struct pal_proc_args * proc_args, void * proc_data)
 {
-    return !(IS_ERR(INLINE_SYSCALL(fcntl, 3, fd, F_SETFD, FD_CLOEXEC)));
-}
-
-#define STRARG_SIZE     256
-
-static void read_child_handle (const char * val, int vlen,
-                               PAL_HANDLE * handle, const char ** uri)
-{
-    int fd;
-    char buf[STRARG_SIZE];
-    read_child_args(val, vlen, &fd, true, buf, false,
-                    NULL, false, NULL, false);
-
-    if (!fd || !set_fd_cloexec(fd)) {
-        *handle = NULL;
-        *uri = NULL;
-        return;
-    }
-
-    INLINE_SYSCALL(lseek, 3, fd, 0, SEEK_SET);
-
-    int len = strlen(buf);
-    PAL_HANDLE hdl = malloc(HANDLE_SIZE(file) + (len > 4 ? len - 4 : 0));
-    SET_HANDLE_TYPE(hdl, file);
-    hdl->__in.flags |= RFD(0)|WFD(0)|WRITEABLE(0);
-    hdl->file.fd = fd;
-    if (len > 4) {
-        char * path = (void *) hdl + HANDLE_SIZE(file);
-        memcpy(path, buf + 5, len - 4);
-        hdl->file.realpath = path;
+    memcpy(&pal_sec_info, &proc_args->pal_sec_info, sizeof(pal_sec_info));
+
+    PAL_HANDLE parent = malloc(HANDLE_SIZE(process));
+    SET_HANDLE_TYPE(parent, process);
+    parent->__in.flags |= RFD(0)|WFD(1)|RFD(2)|WFD(2)|WRITEABLE(1)|WRITEABLE(2);
+    parent->process.stream_in  = proc_args->proc_fds[0];
+    parent->process.stream_out = proc_args->proc_fds[1];
+    parent->process.cargo      = proc_args->proc_fds[2];
+    parent->process.pid        = proc_args->parent_pid;
+    parent->process.nonblocking = PAL_FALSE;
+    __pal_control.parent_process = parent;
+
+    if (proc_args->exec_fd != PAL_IDX_POISON) {
+        char * uri = (char *) proc_data + proc_args->exec_uri_offset;
+        char * exec_uri = remalloc(uri, strlen(uri) + 1);
+        INLINE_SYSCALL(lseek, 3, proc_args->exec_fd, 0, SEEK_SET);
+        PAL_HANDLE exec = malloc(HANDLE_SIZE(file));
+        SET_HANDLE_TYPE(exec, file);
+        exec->__in.flags |= RFD(0);
+        exec->file.fd = proc_args->exec_fd;
+        exec->file.offset = 0;
+        exec->file.append = PAL_FALSE;
+        exec->file.pass   = PAL_FALSE;
+        exec->file.realpath = remalloc(exec_uri + 5, strlen(exec_uri + 5) + 1);
+        pal_config.exec = exec_uri;
+        pal_config.exec_handle = exec;
     } else {
-        hdl->file.realpath = NULL;
+        pal_linux_config.noexec = proc_args->noexec;
     }
-    *handle = hdl;
-    *uri = len ? remalloc(buf, len + 1) : NULL;
-}
-
-int init_child_process (const char * proc_args)
-{
-    const char * c = proc_args;
-
-    while (*c) {
-        const char * key = c, * val;
-        int klen, vlen;
-
-        while (*c && *c != '=' && *c != ';')
-            c++;
 
-        klen = c - key;
-        if (klen == 6 && !memcmp(key, "noexec", 6))
-            /* format: noexec */
-            pal_linux_config.noexec = true;
-
-        if (!*c)
-            break;
-        if (*c == ';') {
-            c++;
-            continue;
-        }
-
-        val = (++c);
-        while (*c && *c != ';')
-            c++;
-        vlen = c - val;
-        if (*c == ';')
-            c++;
-
-        if (klen == 4) {
-            if (!memcmp(key, "exec", 4)) {
-                /* format: exec=fd,uri */
-                read_child_handle(val, vlen, &pal_config.exec_handle,
-                                  &pal_config.exec);
-            } else if (!memcmp(key, "proc", 4)) {
-                /* format: proc=fd,pid */
-                int fds[3], pid;
-                read_child_args(val, vlen,
-                                &fds[0], true, &fds[1], true, &fds[2], true,
-                                &pid, true);
-
-                for (int i = 0 ; i < 3 ; i++)
-                    if (!set_fd_cloexec(fds[i]))
-                        fds[i] = PAL_IDX_POISON;
-
-                PAL_HANDLE proc = malloc(HANDLE_SIZE(process));
-                SET_HANDLE_TYPE(proc, process);
-                proc->__in.flags |= RFD(0)|WFD(1)|RFD(2)|WFD(2)|WRITEABLE(1)|WRITEABLE(2);
-                proc->process.stream_in  = fds[0];
-                proc->process.stream_out = fds[1];
-                proc->process.cargo      = fds[2];
-                proc->process.pid = pid;
-                __pal_control.parent_process = proc;
-            } else if (!memcmp(key, "pipe", 4)) {
-                /* format: pipe=prefix */
-                char * prefix = remalloc(val, vlen + 1);
-                prefix[vlen] = 0;
-                pal_sec_info.pipe_prefix = prefix;
-            } else if (!memcmp(key, "rand", 4)) {
-                /* format: rand=fd */
-                pal_sec_info.rand_gen = atoi(val);
-            } else if (!memcmp(key, "heap", 4)) {
-                /* format: heap=addr (hex) */
-                pal_config.heap_base = (void *) strtol(val, NULL, 16);
-            }
-        } else if (klen == 5) {
-            if (!memcmp(key, "mcast", 5)) {
-                /* format: mcast=port */
-                pal_sec_info.mcast_port = atoi(val);
-            }
-        } else if (klen == 6) {
-            if (!memcmp(key, "domain", 6)) {
-                /* format: domain=id */
-                pal_sec_info.domain_id = strtol(val, NULL, 16);
-            }
-        } else if (klen == 8) {
-            if (!memcmp(key, "manifest", 8)) {
-                /* format: manifest=fd,uri */
-                read_child_handle(val, vlen, &pal_config.manifest_handle,
-                                  &pal_config.manifest);
-            }
-        }
+    if (proc_args->manifest_fd != PAL_IDX_POISON) {
+        char * uri = (char *) proc_data + proc_args->manifest_uri_offset;
+        char * manifest_uri = remalloc(uri, strlen(uri) + 1);
+        INLINE_SYSCALL(lseek, 3, proc_args->manifest_fd, 0, SEEK_SET);
+        PAL_HANDLE manifest = malloc(HANDLE_SIZE(file));
+        SET_HANDLE_TYPE(manifest, file);
+        manifest->__in.flags |= RFD(0);
+        manifest->file.fd = proc_args->manifest_fd;
+        manifest->file.offset = 0;
+        manifest->file.append = PAL_FALSE;
+        manifest->file.pass   = PAL_FALSE;
+        manifest->file.realpath = remalloc(manifest_uri + 5,
+                                           strlen(manifest_uri + 5) + 1);
+        pal_config.manifest = manifest_uri;
+        pal_config.manifest_handle = manifest;
     }
 
+    int child_status = 0;
+    int ret = INLINE_SYSCALL(write, 3, proc_args->proc_fds[1], &child_status,
+                             sizeof(int));
+    if (IS_ERR(ret))
+        return -PAL_ERROR_DENIED;
+
     return 0;
 }
 
@@ -450,12 +364,12 @@ static int set_graphene_task (const char * uri, int flags)
     mcast_rules[1].peer.port_end = pal_sec_info.mcast_port;
 
     if (flags & PAL_SANDBOX_PIPE) {
-        char pipe_root[GRAPHENE_PIPEDIR_LEN + 20];
+        char pipe_root[sizeof(GRAPHENE_PIPEDIR) + 20];
         char pipe_prefix[9];
         int sandboxid;
 
         snprintf(pipe_root,
-                 GRAPHENE_PIPEDIR_LEN + 20, GRAPHENE_PIPEDIR "/%08x",
+                 sizeof(GRAPHENE_PIPEDIR) + 20, GRAPHENE_PIPEDIR "/%08x",
                  pal_sec_info.domain_id);
 
         getrand(&sandboxid, sizeof(int));
@@ -474,7 +388,7 @@ static int set_graphene_task (const char * uri, int flags)
         if (ret < 0)
             goto out_mem;
 
-        pal_sec_info.pipe_prefix = remalloc(pipe_prefix, 9);
+        memcpy(&pal_sec_info.pipe_prefix, pipe_prefix, 9);
     } else {
         const struct graphene_user_policy default_policies[] = {
             { .type = GRAPHENE_NET_RULE,    .value = &mcast_rules[0], },

+ 1 - 1
Pal/src/host/Linux/db_sockets.c

@@ -1281,7 +1281,7 @@ static int mcast_c (PAL_HANDLE handle, int port)
 
 PAL_HANDLE _DkBroadcastStreamOpen (int port)
 {
-    PAL_HANDLE hdl = malloc(HANDLE_SIZE(file));
+    PAL_HANDLE hdl = malloc(HANDLE_SIZE(mcast));
     SET_HANDLE_TYPE(hdl, mcast);
     mcast_s(hdl, port);
     mcast_c(hdl, port);

+ 17 - 0
Pal/src/host/Linux/pal_linux.h

@@ -110,6 +110,23 @@ int _DkMutexLock (struct mutex_handle * mut);
 int _DkMutexLockTimeout (struct mutex_handle * mut, int timeout);
 int _DkMutexUnlock (struct mutex_handle * mut);
 
+#include "pal_security.h"
+
+struct pal_proc_args {
+    struct pal_sec_info pal_sec_info;
+    PAL_IDX             proc_fds[3];
+    unsigned int        parent_pid;
+    PAL_IDX             exec_fd;
+    unsigned short      exec_uri_offset;
+    bool                noexec;
+    PAL_IDX             manifest_fd;
+    unsigned short      manifest_uri_offset;
+    unsigned short      data_size;
+};
+
+int init_child_process (struct pal_proc_args * proc_args, void * proc_data);
+int signal_setup (void);
+
 #if USE_VDSO_GETTIME == 1
 # if USE_CLOCK_GETTIME == 1
 struct timespec;

+ 8 - 7
Pal/src/host/Linux/pal_security.h

@@ -22,24 +22,25 @@
 
 #include "pal.h"
 
+#define PATH_MAX    80
+#define PIPE_MAX    32
+
 struct r_debug;
 
 extern struct pal_sec_info {
-    const char *        pal_name;
     unsigned int        domain_id;
-    const char *        pipe_prefix;
+    char                pipe_prefix[PIPE_MAX];
+    void *              user_addr_base;
     int                 rand_gen;
     unsigned short      mcast_port;
-    PAL_HANDLE          mcast_handle;
     void                (*_dl_debug_state) (void);
     struct r_debug *    _r_debug;
 } pal_sec_info;
 
-#define GRAPHENE_TMPDIR         "/tmp/graphene"
-#define GRAPHENE_TMPDIR_LEN     (13)
+#define GRAPHENE_TEMPDIR        "/tmp/graphene"
+#define GRAPHENE_PIPEDIR        GRAPHENE_TEMPDIR "/pipes"
 
-#define GRAPHENE_PIPEDIR        GRAPHENE_TMPDIR "/pipes"
-#define GRAPHENE_PIPEDIR_LEN    (GRAPHENE_TMPDIR_LEN + 6)
+#define PROC_INIT_FD    3
 
 #define MCAST_GROUP "239.0.0.1"
 

+ 3 - 0
Pal/src/pal.h

@@ -125,6 +125,9 @@ typedef struct {
     /* address where PAL is loaded */
     PAL_BUF library_begin;
     PAL_BUF library_end;
+    /* The range of address allowed for user */
+    PAL_BUF user_address_begin;
+    PAL_BUF user_address_end;
     /* host page size */
     PAL_NUM pagesize;
     /* host allocation alignment */

+ 18 - 12
Pal/src/pal_internal.h

@@ -117,9 +117,6 @@ extern const struct handle_ops * pal_handle_ops [];
        NULL : pal_handle_ops[_type];                    \
     })
 
-int parse_stream_uri (const char ** uri, const char ** prefix,
-                      struct handle_ops ** ops);
-
 /* interger hash functions defined inline. The algorithm we used here
   is based on Robert Jenkins developed in 96', the algorithm has two
   version, 32-bit one and 64-bit one. */
@@ -283,11 +280,10 @@ extern struct pal_config {
     PAL_HANDLE      manifest_handle;
     PAL_HANDLE      exec_handle;
     struct config_store * root_config;
-    const char **   environments;
     unsigned long   pagesize;
     unsigned long   alloc_align;
     bool            daemonize;
-    void *          heap_base;
+    void *          user_addr_start, * user_addr_end;
     void *          lib_text_start, * lib_text_end;
     void *          lib_data_start, * lib_data_end;
     PAL_HANDLE      console_output;
@@ -309,12 +305,22 @@ extern void * data_start, * data_end;
    boundaries */
 extern unsigned long allocsize, allocshift, allocmask;
 
-#define ALLOC_ALIGNDOWN(addr) \
-    (allocsize ? ((unsigned long) (addr)) & allocmask : (unsigned long) (addr))
-#define ALLOC_ALIGNUP(addr) \
-    (allocsize ? (((unsigned long) (addr)) + allocshift) & allocmask : (unsigned long) (addr))
-#define ALLOC_ALIGNED(addr) \
-    (allocsize && ((unsigned long) (addr)) == (((unsigned long) (addr)) & allocmask))
+#define ALLOC_ALIGNDOWN(addr)                           \
+    ({                                                  \
+        assert(allocsize && allocshift && allocmask);   \
+        ((unsigned long) (addr)) & allocmask;           \
+    })
+#define ALLOC_ALIGNUP(addr)                             \
+    ({                                                  \
+        assert(allocsize && allocshift && allocmask);   \
+        (((unsigned long) (addr)) + allocshift) & allocmask;    \
+    })
+#define ALLOC_ALIGNED(addr)                             \
+    ({                                                  \
+        assert(allocsize && allocshift && allocmask);   \
+        (unsigned long) (addr) ==                       \
+            (((unsigned long) (addr)) & allocmask);     \
+    })
 
 /* For initialization */
 void pal_main (int argc, const char ** argv, const char ** envp);
@@ -336,7 +342,7 @@ int _DkStreamRead (PAL_HANDLE handle, int offset, int count, void * buf,
                    char * addr, int addrlen);
 int _DkStreamWrite (PAL_HANDLE handle, int offset, int count,
                     const void * buf, const char * addr, int addrlen);
-int _DkStreamAttributesQuery (PAL_STR uri, PAL_STREAM_ATTR * attr);
+int _DkStreamAttributesQuery (const char * uri, PAL_STREAM_ATTR * attr);
 int _DkStreamAttributesQuerybyHandle (PAL_HANDLE hdl, PAL_STREAM_ATTR * attr);
 int _DkStreamMap (PAL_HANDLE handle, void ** addr, int prot, int offset,
                   size_t size);

+ 1 - 0
Pal/src/security/Linux/filter.c

@@ -39,6 +39,7 @@ typedef __builtin_va_list __gnuc_va_list;
     SYSCALL(__NR_bind,          action_trace),                  \
     SYSCALL(__NR_clone,         action_allow),                  \
     SYSCALL(__NR_close,         action_allow),                  \
+    SYSCALL(__NR_dup2,          action_allow),                  \
     SYSCALL(__NR_connect,       action_trace),                  \
     SYSCALL(__NR_execve,        action_trace),                  \
     SYSCALL(__NR_exit,          action_allow),                  \

+ 22 - 91
Pal/src/security/Linux/main.c

@@ -33,9 +33,8 @@ unsigned long pagemask  = ~4095;
 # define FILEBUF_SIZE 832
 #endif
 
-char libname[80];
+char libname[PATH_MAX];
 const char * execname;
-char pipe_prefix[10];
 
 int find_manifest (int * pargc, const char *** pargv)
 {
@@ -373,7 +372,8 @@ static void run_library (unsigned long entry, void * stack,
     *((void **) (stack -= sizeof(void *))) = NULL;
     for (int i = argc - 1 ; i >= 0 ; i--)
         *((const void **) (stack -= sizeof(void *))) = argv[i];
-    *((unsigned long *) (stack -= sizeof(unsigned long))) = argc;
+    *((const void **) (stack -= sizeof(void *))) = libname;
+    *((unsigned long *) (stack -= sizeof(unsigned long))) = argc + 1;
 
     asm volatile ("movq %0, %%rsp\r\n"
                   "pushq %1\r\n"
@@ -412,73 +412,6 @@ struct config_store root_config;
 
 int free_heaps (void);
 
-static int mcast_s (PAL_HANDLE handle, int port)
-{
-    handle->mcast.srv = PAL_IDX_POISON;
-    int ret = 0;
-
-    int fd = INLINE_SYSCALL(socket, 3, AF_INET, SOCK_DGRAM, 0);
-
-    if (IS_ERR(fd))
-        return -ERRNO(fd);
-
-    struct in_addr local;
-    local.s_addr  = INADDR_ANY;
-    ret = INLINE_SYSCALL(setsockopt, 5, fd, IPPROTO_IP, IP_MULTICAST_IF,
-                         &local, sizeof(local));
-    if (IS_ERR(ret))
-        return -ERRNO(ret);
-
-    handle->__in.flags |= WFD(1)|WRITEABLE(1);
-    handle->mcast.srv = fd;
-    return 0;
-}
-
-static int mcast_c (PAL_HANDLE handle, int port)
-{
-    handle->mcast.cli = PAL_IDX_POISON;
-    int ret = 0;
-
-    int fd = INLINE_SYSCALL(socket, 3, AF_INET, SOCK_DGRAM, 0);
-
-    if (IS_ERR(fd))
-        return -ERRNO(fd);
-
-    int reuse = 1;
-    INLINE_SYSCALL(setsockopt, 5, fd, SOL_SOCKET, SO_REUSEADDR,
-                   &reuse, sizeof(reuse));
-
-    struct sockaddr_in addr;
-    addr.sin_family = AF_INET;
-    addr.sin_addr.s_addr = htonl(INADDR_ANY);
-    addr.sin_port = htons(port);
-    ret = INLINE_SYSCALL(bind, 3, fd, &addr, sizeof(addr));
-    if (IS_ERR(ret))
-        return -ERRNO(ret);
-
-    struct in_addr local;
-    local.s_addr = INADDR_ANY;
-    ret = INLINE_SYSCALL(setsockopt, 5, fd, IPPROTO_IP, IP_MULTICAST_IF,
-                         &local, sizeof(local));
-    if (IS_ERR(ret))
-        return -ERRNO(ret);
-
-    struct ip_mreq group;
-    inet_pton(AF_INET, MCAST_GROUP, &group.imr_multiaddr.s_addr);
-    group.imr_interface.s_addr = htonl(INADDR_ANY);
-    ret = INLINE_SYSCALL(setsockopt, 5, fd, IPPROTO_IP, IP_ADD_MEMBERSHIP,
-                         &group, sizeof(group));
-    if (IS_ERR(ret))
-        return -ERRNO(ret);
-
-    handle->__in.flags |= RFD(0);
-    handle->mcast.cli = fd;
-    handle->mcast.nonblocking = PAL_FALSE;
-    return 0;
-}
-
-union pal_handle mcast_handle;
-
 void do_main (void * args)
 {
     void **all_args = (void **) args;
@@ -504,6 +437,9 @@ void do_main (void * args)
         goto exit;
     }
 
+    /* occupy PAL_INIT_FD */
+    INLINE_SYSCALL(dup2, 2, 0, PROC_INIT_FD);
+
     for (av = (void *) auxv ; av->a_type != AT_NULL ; av++)
         switch (av->a_type) {
             case AT_BASE:
@@ -582,10 +518,10 @@ void do_main (void * args)
 
     if (IS_ERR(ret) && ERRNO(ret) != EEXIST) {
         if (ERRNO(ret) == ENOENT) {
-            ret = INLINE_SYSCALL(mkdir, 2, GRAPHENE_TMPDIR, 0777);
+            ret = INLINE_SYSCALL(mkdir, 2, GRAPHENE_TEMPDIR, 0777);
 
             if (!IS_ERR(ret)) {
-                INLINE_SYSCALL(chmod, 2, GRAPHENE_TMPDIR, 0777);
+                INLINE_SYSCALL(chmod, 2, GRAPHENE_TEMPDIR, 0777);
                 ret = INLINE_SYSCALL(mkdir, 2, GRAPHENE_PIPEDIR, 0777);
             }
         }
@@ -598,8 +534,9 @@ void do_main (void * args)
         INLINE_SYSCALL(chmod, 2, GRAPHENE_PIPEDIR, 0777);
 
     unsigned int domainid = 0;
-    char * tmpdir = __alloca(GRAPHENE_PIPEDIR_LEN + 12);
-    memcpy(tmpdir, GRAPHENE_PIPEDIR, GRAPHENE_PIPEDIR_LEN + 1);
+    char * tmpdir = __alloca(sizeof(GRAPHENE_PIPEDIR) + 12);
+    memcpy(tmpdir, GRAPHENE_PIPEDIR, sizeof(GRAPHENE_PIPEDIR));
+    tmpdir[sizeof(GRAPHENE_PIPEDIR) - 1] = '/';
 
     while (!domainid) {
         ret = INLINE_SYSCALL(read, 3, rand, &domainid,
@@ -610,7 +547,7 @@ void do_main (void * args)
         }
 
         if (domainid) {
-            snprintf(tmpdir + GRAPHENE_PIPEDIR_LEN, 12, "/%08x", domainid);
+            snprintf(tmpdir + sizeof(GRAPHENE_PIPEDIR), 12, "%08x", domainid);
             ret = INLINE_SYSCALL(mkdir, 2, tmpdir, 0700);
             if (IS_ERR(ret)) {
                 if ((ret = -ERRNO(ret)) != -EEXIST)
@@ -621,28 +558,19 @@ void do_main (void * args)
         }
     }
 
-    snprintf(pipe_prefix, sizeof(pipe_prefix), "%08x", domainid);
+    snprintf(pal_sec_info_addr->pipe_prefix, PIPE_MAX, "%08x", domainid);
 
     unsigned short mcast_port = 0;
-    do {
-        ret = INLINE_SYSCALL(read, 3, rand, &mcast_port,
-                             sizeof(unsigned short));
-        if (IS_ERR(ret)) {
-            ret = -ERRNO(ret);
-            goto exit;
-        }
-    } while (mcast_port < 1024);
-
-    SET_HANDLE_TYPE(&mcast_handle, mcast);
-    mcast_s(&mcast_handle, mcast_port);
-    mcast_c(&mcast_handle, mcast_port);
-    mcast_handle.mcast.port = mcast_port;
+    ret = INLINE_SYSCALL(read, 3, rand, &mcast_port, sizeof(mcast_port));
+    if (IS_ERR(ret)) {
+        ret = -ERRNO(ret);
+        goto exit;
+    }
+    if (mcast_port < 1024) mcast_port += 1024;
 
     pal_sec_info_addr->domain_id    = domainid;
-    pal_sec_info_addr->pipe_prefix  = pipe_prefix;
     pal_sec_info_addr->rand_gen     = rand;
     pal_sec_info_addr->mcast_port   = mcast_port;
-    pal_sec_info_addr->mcast_handle = &mcast_handle;
     pal_sec_info_addr->_dl_debug_state = &___dl_debug_state;
     pal_sec_info_addr->_r_debug     = &___r_debug;
 
@@ -652,6 +580,9 @@ void do_main (void * args)
 
     free_heaps();
 
+    /* free PAL_INIT_FD */
+    INLINE_SYSCALL(close, 1, PROC_INIT_FD);
+
     ret = install_syscall_filter(libname, pal_start, pal_end, do_trace);
     if (ret < 0) {
         printf("Unable to install system call filter\n");

+ 2 - 2
Pal/src/security/Linux/wrapper.c

@@ -27,8 +27,8 @@ int ioctl_set_graphene (struct config_store * config, int ndefault,
 int init_child (int argc, const char ** argv, const char ** envp)
 {
     const char * pipe_prefix = pal_sec_info_addr->pipe_prefix;
-    char pipe_root[GRAPHENE_PIPEDIR_LEN + 20];
-    snprintf(pipe_root, GRAPHENE_PIPEDIR_LEN + 20, GRAPHENE_PIPEDIR "/%08x",
+    char pipe_root[sizeof(GRAPHENE_PIPEDIR) + 20];
+    snprintf(pipe_root, sizeof(GRAPHENE_PIPEDIR) + 20, GRAPHENE_PIPEDIR "/%08x",
              pal_sec_info_addr->domain_id);
 
     struct graphene_net_policy mcast_rules[2];

+ 2 - 4
Pal/test/Makefile

@@ -16,8 +16,7 @@ debug:	CC=gcc -g
 debug:	$(target) manifest
 
 manifest: manifest.template
-	[ ! -f manifest ] || mv -f manifest manifest.backup
-	cp manifest.template manifest
+	cp -f manifest.template manifest
 
 # Regression Test
 rtest:	$(rtarget)
@@ -49,6 +48,5 @@ $(target): %: %.c $(graphene_lib) $(pal_lib)
 	@$(CC) $(CFLAGS) $^ -o $@
 
 clean:
-	rm -rf $(target)
-	[ ! -f manifest ] || mv manifest manifest.backup
+	rm -rf $(target) manifest
 	find -type f -executable -exec rm {} \;