From owner-freebsd-stable@freebsd.org Sun Aug 25 12:03:50 2019 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 97214DDE40 for ; Sun, 25 Aug 2019 12:03:50 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46GYh56PcVz3NbG; Sun, 25 Aug 2019 12:03:49 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kib@localhost [127.0.0.1]) by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id x7PC3gpB009569 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Sun, 25 Aug 2019 15:03:45 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua x7PC3gpB009569 Received: (from kostik@localhost) by tom.home (8.15.2/8.15.2/Submit) id x7PC3gUX009568; Sun, 25 Aug 2019 15:03:42 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Sun, 25 Aug 2019 15:03:42 +0300 From: Konstantin Belousov To: Trond =?utf-8?Q?Endrest=C3=B8l?= Cc: freebsd-stable@freebsd.org, emaste@freebsd.org Subject: Re: ntpd doesn't like ASLR on stable/12 post-r350672 Message-ID: <20190825120342.GN71821@kib.kiev.ua> References: <20190824204114.GG71821@kib.kiev.ua> <20190824222817.GJ71821@kib.kiev.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.12.1 (2019-06-15) X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FREEMAIL_FROM, NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tom.home X-Rspamd-Queue-Id: 46GYh56PcVz3NbG X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=gmail.com (policy=none); spf=softfail (mx1.freebsd.org: 2001:470:d5e7:1::1 is neither permitted nor denied by domain of kostikbel@gmail.com) smtp.mailfrom=kostikbel@gmail.com X-Spamd-Result: default: False [-2.95 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; FREEMAIL_FROM(0.00)[gmail.com]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; R_SPF_SOFTFAIL(0.00)[~all]; IP_SCORE_FREEMAIL(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-0.95)[-0.954,0]; IP_SCORE(0.00)[ip: (-2.52), ipnet: 2001:470::/32(-4.43), asn: 6939(-3.06), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; FREEMAIL_ENVFROM(0.00)[gmail.com]; DMARC_POLICY_SOFTFAIL(0.10)[gmail.com : No valid SPF, No valid DKIM,none] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Aug 2019 12:03:50 -0000 On Sun, Aug 25, 2019 at 12:40:22AM +0200, Trond Endrestøl wrote: > On Sun, 25 Aug 2019 01:28+0300, Konstantin Belousov wrote: > > > On Sun, Aug 25, 2019 at 12:19:43AM +0200, Trond Endrestøl wrote: > > > On Sat, 24 Aug 2019 23:41+0300, Konstantin Belousov wrote: > > > > > I tried changing command="/usr/sbin/${name}" to > > > > > command="/usr/bin/proccontrol -m aslr -s disable /usr/sbin/${name}" in > > > > > /etc/rc.d/ntpd, but that didn't go well. > > > > > > > > If you set kern.elf64.aslr.stack_gap to zero, does it help ? > > > > > > That helped. Thank you again. > > > > Can you verify is ntpd sets new rlimit(RLIMIT_STACK) for the main thread, > > and if yes, what this new limit is ? > > (gdb) > 5265 if (-1 == setrlimit(RLIMIT_STACK, &rl)) { > (gdb) print rl > $1 = {rlim_cur = 204800, rlim_max = 536870912} So they set the stack limit to 200K, am I right ? I suspect they do that because ntpd wires entire process address space, so 512M blows off all limits on wiring. I do not have a good idea how to make this behaviour compatible with the gap. Might be we can change the gap sizing parameter to KBs instead of percentage, and set the defaults in 64KB range. > > > aslr.stack_gap is the percentage for the gap on that stack, and since > > default size of the main stack limit is quite large 512M, even 3% > > (default gap upper limit) are whole 15M. If the new limit is less than > > 15M, there is a likely probability that only the gap is left after the > > rlimit(2) call, leaving no space for the program frames. > > > > At least this looks like a nice theory. > > -- > Trond.