228964 – [patch] ASLR feature request

Bug 228964 - [patch] ASLR feature request

Summary: [patch] ASLR feature request

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Konstantin Belousov

URL:	https://reviews.freebsd.org/D5603
Keywords:	patch

Depends on:
Blocks:	228911
	Show dependency tree / graph

Reported:	2018-06-12 16:50 UTC by Rodney W. Grimes
Modified:	2019-12-07 03:58 UTC (History)
CC List:	3 users (show)

See Also:	181497

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Rodney W. Grimes freebsd_committer

2018-06-12 16:50:01 UTC

ASLR

Comment 1 Conrad Meyer freebsd_committer

2018-08-02 01:49:19 UTC

Kib, any objection to committing your existing work off-by-default and following up with exp-runs of it enabled to chase out remaining ports bugs?  Is there another specific concern about committing the change, other than it being fairly large and invasive?  Thanks.

Comment 2 Ed Maste freebsd_committer

2018-08-03 17:14:50 UTC

(In reply to Conrad Meyer from comment #1)
Note that there is an outstanding issue with i386 in the current patch set.

Comment 3 Conrad Meyer freebsd_committer

2018-08-03 18:42:36 UTC

(In reply to Ed Maste from comment #2)
What's the specific issue?  I don't see anything called out i386-specific in the phabricator review, and the problems you pointed out earlier seem to have been addressed.

If you referring to the Go issue, that appears to be a bug in the Go runtime that they have been addressed in their master branch (also present in 1.11beta1+):  https://github.com/golang/go/commit/51ae88ee2f9a1063c272a497527751d786291c89

(They previously assumed that mmap() without MAP_FIXED would honor their requested address, which has definitely never been guaranteed.  And the bug was only present on 64-bit platforms, not i386.)

ASLR has limited utility on i386 — IMO it would be perfectly acceptable to merge with support for 32-bit architectures fully disabled.  This gets us 99% of the benefit and any bugfixes for 32-bit architecture support can be applied on CURRENT and potentially MFC'd to a later 12.x.

Comment 4 Conrad Meyer freebsd_committer

2018-08-03 18:55:21 UTC

(Further on Go: the authors explicitly reject the idea of ASLR and claim it is only useful for C programs.  Those mmap assumptions probably ignored ASLR entirely.  It is unclear how they reconcile that with, say, cgo or other interaction with C libraries.  https://groups.google.com/forum/#!topic/golang-nuts/Jd9tlNc6jUE )

Comment 5 Konstantin Belousov freebsd_committer

2018-08-03 19:03:24 UTC

(In reply to Conrad Meyer from comment #3)
No, there seems to be an overflow in calculating the interpreter base address.  It is hidden by the fact that 64bit AS has more space and I only randomize that many bits,  I need to fix this.

Comment 6 Ed Maste freebsd_committer

2018-08-03 19:05:22 UTC

(In reply to Conrad Meyer from comment #3)

On i386 we trip one of these assertions:
        KASSERT(res >= base,
            ("res %#lx < base %#lx, minv %#lx maxv %#lx rbase %#lx",
            res, base, minv, maxv, rbase));
        KASSERT(res < maxv,
            ("res %#lx > maxv %#lx, minv %#lx base %#lx rbase %#lx",
            res, maxv, minv, base, rbase));

Comment 7 Conrad Meyer freebsd_committer

2018-08-03 19:30:36 UTC

(In reply to Konstantin Belousov from comment #5)
(In reply to Ed Maste from comment #6)
Thanks!

Comment 8 Ed Maste freebsd_committer

2018-11-05 01:43:53 UTC

(In reply to Ed Maste from comment #6)

i386 assertions fixed as of diff 49195
https://reviews.freebsd.org/differential/diff/49195/

Comment 9 Ed Maste freebsd_committer

2019-12-07 03:58:42 UTC

Committed.