[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b

Török Edvin edwin at clamav.net
Sun Apr 4 01:24:58 UTC 2010 

The following commit has been merged in the debian/unstable branch:
commit bdd9aeaeeb9c8a014b891310951bc3fdab7bf071
Author: Török Edvin <edwin at clamav.net>
Date:   Tue Mar 23 16:33:41 2010 +0200

    Use a watchdog thread. Also make timeout be ms instead of us.

diff --git a/etc/clamd.conf b/etc/clamd.conf
index 2f8a349..d5a5a44 100644
--- a/etc/clamd.conf
+++ b/etc/clamd.conf
@@ -465,7 +465,7 @@ Example
 # Default: TrustSigned
 #BytecodeSecurity TrustSigned
 
-# Set bytecode timeout in microseconds.
+# Set bytecode timeout in miliseconds.
 # 
-# Default: 5000000
-#BytecodeTimeout 5000000
+# Default: 5000
+# BytecodeTimeout 5000
diff --git a/libclamav/bytecode.c b/libclamav/bytecode.c
index 1b1d173..4ba984e 100644
--- a/libclamav/bytecode.c
+++ b/libclamav/bytecode.c
@@ -42,7 +42,7 @@ static const uint32_t nomatch[64];
 struct cli_bc_ctx *cli_bytecode_context_alloc(void)
 {
     struct cli_bc_ctx *ctx = cli_calloc(1, sizeof(*ctx));
-    ctx->bytecode_timeout = 5000000;
+    ctx->bytecode_timeout = 5000;
     return ctx;
 }
 
diff --git a/libclamav/c++/bytecode2llvm.cpp b/libclamav/c++/bytecode2llvm.cpp
index 3991a03..16e19f9 100644
--- a/libclamav/c++/bytecode2llvm.cpp
+++ b/libclamav/c++/bytecode2llvm.cpp
@@ -379,7 +379,6 @@ public:
 
 
     virtual bool runOnFunction(Function &F) {
-	bool Changed = false;
 	BBSetTy BackedgeTargets;
 	if (!F.isDeclaration()) {
 	    // Get the common backedge targets.
@@ -491,7 +490,6 @@ public:
 	    TerminatorInst *TI = BB->getTerminator();
 	    BranchInst::Create(AbrtBB, newBB, Cond, TI);
 	    TI->eraseFromParent();
-	    BB->dump();
 	    // Update dominator info
 	    DomTreeNode *N = DT.getNode(AbrtBB);
 	    if (!N) {
@@ -503,8 +501,7 @@ public:
 	    }
 	    DEBUG(errs() << *I << "\n");
 	}
-	F.dump();
-	verifyFunction(F);
+	//verifyFunction(F);
 	return true;
     }
 
@@ -1497,15 +1494,31 @@ static void addFunctionProtos(struct CommonFunctions *CF, ExecutionEngine *EE, M
 
 }
 
-struct bc_thread {
-    void *code;
-    struct cli_bc_ctx *ctx;
+struct bc_watchdog {
+    volatile uint8_t* timeout;
+    struct timespec * abstimeout;
+    pthread_mutex_t   mutex;
+    pthread_cond_t    cond;
     int finished;
-    pthread_mutex_t  mutex;
-    pthread_cond_t cond;
 };
 
-static int bytecode_thread_execute(intptr_t code, struct cli_bc_ctx *ctx)
+static void *bytecode_watchdog(void *arg)
+{
+    int ret = 0;
+    struct bc_watchdog *w = (struct bc_watchdog*)arg;
+    pthread_mutex_lock(&w->mutex);
+    while (!w->finished && ret != ETIMEDOUT) {
+	ret = pthread_cond_timedwait(&w->cond, &w->mutex, w->abstimeout);
+    }
+    pthread_mutex_unlock(&w->mutex);
+    if (ret == ETIMEDOUT) {
+	*w->timeout = 1;
+	errs() << "Bytecode run timed out, timeout flag set\n";
+    }
+    return NULL;
+}
+
+static int bytecode_execute(intptr_t code, struct cli_bc_ctx *ctx)
 {
     jmp_buf env;
     // execute;
@@ -1520,33 +1533,17 @@ static int bytecode_thread_execute(intptr_t code, struct cli_bc_ctx *ctx)
     errs().changeColor(raw_ostream::RED, true) << MODULE
 	<< "*** JITed code intercepted runtime error!\n";
     errs().resetColor();
-    return 1;
+    return CL_EBYTECODE;
 }
 
-static void* bytecode_thread(void* dummy)
-{
-    int ret;
-    struct bc_thread *thr = (struct bc_thread*)dummy;
-    pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
-    pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
-    ret = bytecode_thread_execute((intptr_t)thr->code, thr->ctx);
-    pthread_mutex_lock(&thr->mutex);
-    thr->finished = 1;
-    pthread_cond_signal(&thr->cond);
-    pthread_mutex_unlock(&thr->mutex);
-    return ret ? dummy : NULL;
-}
 extern "C" const char *cli_strerror(int errnum, char* buf, size_t len);
 int cli_vm_execute_jit(const struct cli_all_bc *bcs, struct cli_bc_ctx *ctx,
 		       const struct cli_bc_func *func)
 {
     char buf[1024];
     int ret;
-    void *threadret;
     pthread_t thread;
     struct timeval tv0, tv1;
-    struct timespec abstimeout;
-    int timedout = 0;
     uint32_t timeoutus;
     // no locks needed here, since LLVM automatically acquires a JIT lock
     // if needed.
@@ -1558,54 +1555,43 @@ int cli_vm_execute_jit(const struct cli_all_bc *bcs, struct cli_bc_ctx *ctx,
 		<< (unsigned)func->numArgs << " arguments, it must have 0 to be called as entrypoint\n";
 	return CL_EBYTECODE;
     }
-    struct bc_thread bcthr = {
-	code, ctx, 0,
-	PTHREAD_MUTEX_INITIALIZER, PTHREAD_COND_INITIALIZER
-    };
-    ctx->timeout = 0;
     gettimeofday(&tv0, NULL);
-    pthread_mutex_lock(&bcthr.mutex);
-    ret = pthread_create(&thread, NULL, bytecode_thread, &bcthr);
-    if (ret) {
+    struct timespec abstime;
+
+    timeoutus = (ctx->bytecode_timeout%1000)*1000 + tv0.tv_usec;
+    abstime.tv_sec = tv0.tv_sec + ctx->bytecode_timeout/1000 + timeoutus/1000000;
+    abstime.tv_nsec = 1000*(timeoutus%1000000);
+    ctx->timeout = 0;
+
+    struct bc_watchdog w = {
+	&ctx->timeout,
+	&abstime,
+	PTHREAD_MUTEX_INITIALIZER,
+	PTHREAD_COND_INITIALIZER,
+	0
+    };
+
+    if ((ret = pthread_create(&thread, NULL, bytecode_watchdog, &w))) {
 	errs() << "Bytecode: failed to create new thread!";
 	errs() << cli_strerror(ret, buf, sizeof(buf));
 	errs() << "\n";
 	return CL_EBYTECODE;
     }
 
-    timeoutus = ctx->bytecode_timeout + tv0.tv_usec;
-    abstimeout.tv_nsec = 1000*(timeoutus%1000000);
-    abstimeout.tv_sec = tv0.tv_sec + timeoutus/1000000;
-    do {
-	ret = pthread_cond_timedwait(&bcthr.cond, &bcthr.mutex, &abstimeout);
-    } while (!bcthr.finished && ret != ETIMEDOUT);
-    pthread_mutex_unlock(&bcthr.mutex);
-    if (ret == ETIMEDOUT) {
-	errs() << "Bytecode run timed out, canceling thread\n";
-	timedout = 1;
-	ctx->timeout = 1;
-#if 0
-	ret = pthread_cancel(thread);
-	if (ret) {
-	    errs() << "Bytecode: failed to create new thread!";
-	    errs() << cli_strerror(ret, buf, sizeof(buf));
-	    errs() << "\n";
-	}
-#endif
-    }
-    ret = pthread_join(thread, &threadret);
-    if (ret) {
-	errs() << "Bytecode: failed to create new thread!";
-	errs() << cli_strerror(ret, buf, sizeof(buf));
-	errs() << "\n";
-    }
+    ret = bytecode_execute((intptr_t)code, ctx);
+    pthread_mutex_lock(&w.mutex);
+    w.finished = 1;
+    pthread_cond_signal(&w.cond);
+    pthread_mutex_unlock(&w.mutex);
+    pthread_join(thread, NULL);
+
     if (cli_debug_flag) {
 	gettimeofday(&tv1, NULL);
 	tv1.tv_sec -= tv0.tv_sec;
 	tv1.tv_usec -= tv0.tv_usec;
 	errs() << "bytecode finished in " << (tv1.tv_sec*1000000 + tv1.tv_usec) << "us\n";
     }
-    return timedout ? CL_ETIMEOUT : (threadret ? CL_EBYTECODE : CL_SUCCESS);
+    return ctx->timeout ? CL_ETIMEOUT : ret;
 }
 
 static unsigned char name_salt[16] = { 16, 38, 97, 12, 8, 4, 72, 196, 217, 144, 33, 124, 18, 11, 17, 253 };
diff --git a/shared/optparser.c b/shared/optparser.c
index 05594b1..0e15aee 100644
--- a/shared/optparser.c
+++ b/shared/optparser.c
@@ -250,8 +250,8 @@ const struct clam_option __clam_options[] = {
     { "Bytecode", "bytecode", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.", "yes" },
     { "BytecodeSecurity", NULL, 0, TYPE_STRING, "^(None|TrustSigned|Paranoid)$", -1, "TrustSigned", 0, OPT_CLAMD, 
 	"Set bytecode security level.\nPossible values:\n\tNone - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS\n\tTrustSigned - trust bytecode loaded from signed .c[lv]d files,\n\t\t insert runtime safety checks for bytecode loaded from other sources\n\tParanoid - don't trust any bytecode, insert runtime checks for all\nRecommended: TrustSigned, because bytecode in .cvd files already has these checks\n","TrustSigned"},
-    { "BytecodeTimeout", "bytecode-timeout", 0, TYPE_NUMBER, MATCH_NUMBER, 5000000, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, 
-	"Set bytecode timeout in microseconds.\n","5000000"},
+    { "BytecodeTimeout", "bytecode-timeout", 0, TYPE_NUMBER, MATCH_NUMBER, 5000, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, 
+	"Set bytecode timeout in miliseconds.\n","5000"},
     { "DetectPUA", "detect-pua", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Detect Potentially Unwanted Applications.", "yes" },
 
     { "ExcludePUA", "exclude-pua", 0, TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_CLAMSCAN, "Exclude a specific PUA category. This directive can be used multiple times.\nSee http://www.clamav.net/support/pua for the complete list of PUA\ncategories.", "NetTool\nPWTool" },
diff --git a/unit_tests/check_bytecode.c b/unit_tests/check_bytecode.c
index e480502..052488c 100644
--- a/unit_tests/check_bytecode.c
+++ b/unit_tests/check_bytecode.c
@@ -75,7 +75,7 @@ static void runtest(const char *file, uint64_t expected, int fail, int nojit)
 
     ctx = cli_bytecode_context_alloc();
     /* small timeout, these bytecodes are fast! */
-    ctx->bytecode_timeout = 100000;
+    ctx->bytecode_timeout = 10;
     fail_unless(!!ctx, "cli_bytecode_context_alloc failed");
 
     cli_bytecode_context_setfuncid(ctx, &bc, 0);

-- 
Debian repository for ClamAV

More information about the Pkg-clamav-commits mailing list