Date: Fri, 21 May 2021 18:42:31 +0200 From: Marcin Wojtas <mw@semihalf.com> To: Cy Schubert <Cy.Schubert@cschubert.com> Cc: Jessica Clarke <jrtc27@freebsd.org>, shawn.webb@hardenedbsd.org, Marcin Wojtas <mw@freebsd.org>, "src-committers@freebsd.org" <src-committers@freebsd.org>, "dev-commits-src-all@freebsd.org" <dev-commits-src-all@freebsd.org>, "dev-commits-src-main@freebsd.org" <dev-commits-src-main@freebsd.org>, =?UTF-8?Q?Dawid_G=C3=B3recki?= <dgr@semihalf.com> Subject: Re: git: af949c590bd8 - main - Disable stack gap for ntpd during build. Message-ID: <CAPv3WKe4O--Jne20ozpMfLe3XvyPZXawUx%2BLgvOF8bsDEVsa7g@mail.gmail.com> In-Reply-To: <202105211446.14LEk8kZ009266@slippy.cwsent.com> References: <202105211334.14LDYqoa004343@gitrepo.freebsd.org> <04F25FD0-7863-4AC1-A257-EF0F1EB90659@freebsd.org> <CAPv3WKeV1Oz8Gbv0LBFD03J6k3k%2B2XMBEvi28DuMM8LVq8cjrQ@mail.gmail.com> <02078965-24BE-4F23-92D5-5E8E54A0C3E7@freebsd.org> <202105211446.14LEk8kZ009266@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Cy, pt., 21 maj 2021 o 16:46 Cy Schubert <Cy.Schubert@cschubert.com> napisa=C5= =82(a): > > In message <02078965-24BE-4F23-92D5-5E8E54A0C3E7@freebsd.org>, Jessica > Clarke w > rites: > > > On 21 May 2021, at 15:11, Marcin Wojtas <mw@semihalf.com> wrote: > > > > > > Hi Jess > > > > > > pt., 21 maj 2021 o 15:39 Jessica Clarke <jrtc27@freebsd.org> napisa= =C5=82(a): > > >> > > >> On 21 May 2021, at 14:34, Marcin Wojtas <mw@FreeBSD.org> wrote: > > >>> > > >>> The branch main has been updated by mw: > > >>> > > >>> URL: https://cgit.FreeBSD.org/src/commit/?id=3Daf949c590bd8a00a5973= b5875d7e > > 0fa6832ea64a > > >>> > > >>> commit af949c590bd8a00a5973b5875d7e0fa6832ea64a > > >>> Author: Marcin Wojtas <mw@FreeBSD.org> > > >>> AuthorDate: 2021-05-21 09:29:22 +0000 > > >>> Commit: Marcin Wojtas <mw@FreeBSD.org> > > >>> CommitDate: 2021-05-21 13:33:06 +0000 > > >>> > > >>> Disable stack gap for ntpd during build. > > >>> > > >>> When starting, ntpd calls setrlimit(2) to limit maximum size of i= ts > > >>> stack. The stack limit chosen by ntpd is 200K, so when stack gap > > >>> is enabled, the stack gap is larger than this limit, which result= s > > >>> in ntpd crashing. > > >> > > >> Isn=E2=80=99t the bug that the unusable gap counts as usage? > > >> > > >> Jess > > >> > > > > > > An alternative solution was submitted > > > (https://reviews.freebsd.org/D29832), so that to extend the limit for > > > ntpd, but eventually it was recommended to simple disable the stack > > > gap for it until it's fixed upstream (see the last comment in the > > > linked revision). > > > > That=E2=80=99s my point, there is nothing to =E2=80=9Cfix=E2=80=9D upst= ream. NTPD uses less tha > > n 200K > > of stack, thus it is perfectly reasonable for it to set its limit to th= at. Th > > e > > fact that FreeBSD decides to count an arbitrary, non-deterministic amou= nt of > > additional unusable virtual address space towards that limit is not its= fault > > , > > but a bug in FreeBSD that needs to be fixed as it=E2=80=99s entirely un= reasonable f > > or > > applications to have to account for that. > > This latest problem is not stack gap. It is PIE. > I have to disagree. ntpd does not start because of stack gap, not PIE, even though it may seem like PIE causes this. This is due to the fact that stack gap is disabled if PIE is disabled. Because of that value of sysctl kern.elf64.aslr.stack_gap does not matter when kern.elf64.aslr.pie_enable is set to 0. When pie_enabled is set to 1 and stack gap is enabled, then ntpd fails to start, but when pie_enabled is set to 1 and stack_gap is set to 0, then ntpd starts without any issue. We verified this on FreeBSD-CURRENT snapshot from 2021-05-20. The fact that this is a stack gap issue can be verified using following procedure: 1. Install FreeBSD-CURRENT snapshot from 2021-05-20 using default configuration. 2. On a newly installed system start ntpd. With default configuration it should start successfully. 3. Set sysctl kern.elf64.aslr.pie_enable=3D1 and start ntpd. This time ntpd should fail. An entry indicating that ntpd was killed because of signal 11 should be visible in /var/log/messages. 4. Set sysctl kern.elf64.aslr.stack_gap=3D0 and start ntpd once again. This time ntpd should start even though pie_enable is set to 1. Exact log from the boot it was tested: root@freebsd-ntpd-test:~ # sysctl -a | grep aslr kern.elf32.aslr.stack_gap: 3 kern.elf32.aslr.honor_sbrk: 1 kern.elf32.aslr.pie_enable: 0 kern.elf32.aslr.enable: 0 kern.elf64.aslr.stack_gap: 3 kern.elf64.aslr.honor_sbrk: 1 kern.elf64.aslr.pie_enable: 0 kern.elf64.aslr.enable: 0 vm.aslr_restarts: 0 root@freebsd-ntpd-test:~ # ntpd root@freebsd-ntpd-test:~ # ps aux | grep ntpd root 826 0.0 0.2 22060 6960 - Ss 17:38 0:00.01 ntpd root 828 0.0 0.1 12976 2416 0 S+ 17:38 0:00.00 grep ntpd root@freebsd-ntpd-test:~ # killall ntpd root@freebsd-ntpd-test:~ # ps aux | grep ntpd root 831 0.0 0.1 12976 2416 0 S+ 17:38 0:00.00 grep ntpd root@freebsd-ntpd-test:~ # sysctl kern.elf64.aslr.pie_enable=3D1 kern.elf64.aslr.pie_enable: 0 -> 1 root@freebsd-ntpd-test:~ # ntpd root@freebsd-ntpd-test:~ # ps aux | grep ntpd root 836 0.0 0.1 14128 2452 0 S+ 17:39 0:00.00 grep ntpd root@freebsd-ntpd-test:~ # cat /var/log/messages | tail May 21 17:38:25 freebsd-ntpd-test ntpd[826]: ntpd exiting on signal 15 (Terminated) May 21 17:39:14 freebsd-ntpd-test ntpd[833]: ntpd 4.2.8p15-a (1): Starting May 21 17:39:14 freebsd-ntpd-test ntpd[833]: Command line: ntpd May 21 17:39:14 freebsd-ntpd-test ntpd[833]: ---------------------------------------------------- May 21 17:39:14 freebsd-ntpd-test ntpd[833]: ntp-4 is maintained by Network Time Foundation, May 21 17:39:14 freebsd-ntpd-test ntpd[833]: Inc. (NTF), a non-profit 501(c)(3) public-benefit May 21 17:39:14 freebsd-ntpd-test ntpd[833]: corporation. Support and training for ntp-4 are May 21 17:39:14 freebsd-ntpd-test ntpd[833]: available at https://www.nwtime.org/support May 21 17:39:14 freebsd-ntpd-test ntpd[833]: ---------------------------------------------------- May 21 17:39:14 freebsd-ntpd-test kernel: pid 834 (ntpd), jid 0, uid 0: exited on signal 11 (core dumped) root@freebsd-ntpd-test:~ # sysctl kern.elf64.aslr.stack_gap=3D0 kern.elf64.aslr.stack_gap: 3 -> 0 root@freebsd-ntpd-test:~ # sysctl -a | grep aslr kern.elf32.aslr.stack_gap: 3 kern.elf32.aslr.honor_sbrk: 1 kern.elf32.aslr.pie_enable: 0 kern.elf32.aslr.enable: 0 kern.elf64.aslr.stack_gap: 0 kern.elf64.aslr.honor_sbrk: 1 kern.elf64.aslr.pie_enable: 1 kern.elf64.aslr.enable: 0 vm.aslr_restarts: 1 root@freebsd-ntpd-test:~ # ntpd root@freebsd-ntpd-test:~ # ps aux | grep ntpd root 845 0.0 0.2 22060 6924 - Ss 17:40 0:00.01 ntpd root 847 0.0 0.1 12976 2440 0 S+ 17:40 0:00.00 grep ntpd root@freebsd-ntpd-test:~ # cat /var/log/messages | tail May 21 17:39:14 freebsd-ntpd-test kernel: pid 834 (ntpd), jid 0, uid 0: exited on signal 11 (core dumped) May 21 17:40:52 freebsd-ntpd-test ntpd[844]: ntpd 4.2.8p15-a (1): Starting May 21 17:40:52 freebsd-ntpd-test ntpd[844]: Command line: ntpd May 21 17:40:52 freebsd-ntpd-test ntpd[844]: ---------------------------------------------------- May 21 17:40:52 freebsd-ntpd-test ntpd[844]: ntp-4 is maintained by Network Time Foundation, May 21 17:40:52 freebsd-ntpd-test ntpd[844]: Inc. (NTF), a non-profit 501(c)(3) public-benefit May 21 17:40:52 freebsd-ntpd-test ntpd[844]: corporation. Support and training for ntp-4 are May 21 17:40:52 freebsd-ntpd-test ntpd[844]: available at https://www.nwtime.org/support May 21 17:40:52 freebsd-ntpd-test ntpd[844]: ---------------------------------------------------- May 21 17:40:52 freebsd-ntpd-test ntpd[845]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): stat failed: No such file or directory root@freebsd-ntpd-test:~ # killall ntpd Best regards, Marcin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPv3WKe4O--Jne20ozpMfLe3XvyPZXawUx%2BLgvOF8bsDEVsa7g>