From owner-freebsd-hackers@FreeBSD.ORG Thu Oct 24 06:37:55 2013 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 1EEA4C46 for ; Thu, 24 Oct 2013 06:37:55 +0000 (UTC) (envelope-from toasty@dragondata.com) Received: from mail-ie0-x22e.google.com (mail-ie0-x22e.google.com [IPv6:2607:f8b0:4001:c03::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D94972D52 for ; Thu, 24 Oct 2013 06:37:54 +0000 (UTC) Received: by mail-ie0-f174.google.com with SMTP id qd12so3130713ieb.5 for ; Wed, 23 Oct 2013 23:37:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dragondata.com; s=google; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=akjQPXhiZWKEKdy2OWc0GsXuEP7WodfxkXMjlioBvxE=; b=YI35iPZI9ga7YXH2b9PwFJsqdFLbxPTF5B3AKFPpULtZahxtezl55slpGMpg70QB4m y7+SATMZf0LeBMi5H8t9icJyolx0NgR5QmO4Oe6btvaq3Dn8yZB9QtILK9DJDH9bvcaB hKAR0lWXzP00EzNg+BMstBJW/MOrxa9OU/n8Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=akjQPXhiZWKEKdy2OWc0GsXuEP7WodfxkXMjlioBvxE=; b=PupO/RoJt5uh2yEqn1zk0/98zIpnhVQMT0HqZXwU6sdHMxAySdXvuBDhpuqK5FmNhc ynVqHGSZVgfw9PwdP6w/bBZTwyvbqj9d6H1qA6j2s7Aj2fwg8tYPXZbiznMVyZeTDpNc PObGqUlk1D+4rqBqOeAnOLEywzT054tXGdKwve3OeOlH0Kk1+DPjfhK/lVmHB/euZY7q p9iQePzZXUdz+iSJQBb/5WK6xO7lgr63GpALDbifYFvAuLeCmUEMlNH39DNdKq6fyK6X MvUu2qUizyPBoO+FYWzpz8H7sE5sWLmJimwYXnASzsGyAOgkeSMnP9G484ZfOUWPNvX+ nlWg== X-Gm-Message-State: ALoCoQn9/zRCt+AiPpwlUVZV0OHDtiwobU+ZIeDBjICMEYOSjWOperG5LGL0jPhO45CZeo8a5NI6 X-Received: by 10.43.98.202 with SMTP id cp10mr674767icc.28.1382596674040; Wed, 23 Oct 2013 23:37:54 -0700 (PDT) Received: from vpn132.rw1.your.org (vpn132.rw1.your.org. [204.9.51.132]) by mx.google.com with ESMTPSA id ka5sm10675687igb.2.2013.10.23.23.37.52 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 23 Oct 2013 23:37:53 -0700 (PDT) Content-Type: multipart/signed; boundary="Apple-Mail=_540E5AEC-C04D-4A1D-8577-276AD9832813"; protocol="application/pkcs7-signature"; micalg=sha1 Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1812\)) Subject: Re: FoxPro on FreeBSD From: Kevin Day In-Reply-To: <5268B62B.3000104@delphij.net> Date: Thu, 24 Oct 2013 01:37:51 -0500 Message-Id: <8A799DDB-3D5C-4418-B064-A2B7821EE0F2@dragondata.com> References: <52687ED8.6080309@mindslayer.net> <9B89077C-6BE7-49F1-9F22-19FAD9F6C3ED@dragondata.com> <5268B62B.3000104@delphij.net> To: d@delphij.net, Xin Li X-Mailer: Apple Mail (2.1812) Cc: Puppet Master , "freebsd-hackers@freebsd.org Hackers" X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Oct 2013 06:37:55 -0000 --Apple-Mail=_540E5AEC-C04D-4A1D-8577-276AD9832813 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On Oct 24, 2013, at 12:54 AM, Xin Li wrote: > Signed PGP part > On 10/23/13, 8:32 PM, Kevin Day wrote: > > I did some debugging, and watched how the process was getting > > launched, and I've managed to get it to load! > >=20 > > The problem was that COFF files expect to be mapped into memory at > > address 0, something that processes are no longer allowed to do. > >=20 > > Run "sysctl security.bsd.map_at_zero=3D1=94 or add > > =93security.bsd.map_at_zero=3D1=93 to /etc/sysctl.conf and you = should > > have it working. We probably should either make an exception for > > COFF files to bypass this the sysctl restriction, or at least print > > a more helpful error than just letting the process segfault because > > it didn=92t get mapped where it was supposed to go. >=20 > Wow, this is impressive find, indeed! Do they need to do the map at > startup only, or do they want to explicitly map something at address 0 > during runtime? It=92s the COFF loader in sys/i386/ibcs2 that=92s attempting to do this, = with some debug printing enabled on the ibcs2 module, you can see the = layout of the binary: i =3D 0, s_name =3D .text, s_vaddr =3D 000000d0, s_scnptr =3D 208 s_size = =3D 1f9260 i =3D 1, s_name =3D .data, s_vaddr =3D 00400330, s_scnptr =3D 2069296 = s_size =3D 10598 i =3D 2, s_name =3D .bss, s_vaddr =3D 004108c8, s_scnptr =3D 0 s_size =3D = 1ebb0 i =3D 3, s_name =3D .comment, s_vaddr =3D 00000000, s_scnptr =3D 2136264 = s_size =3D feb4 which maps to these calls: vm_mmap(&vmspace->vm_map, &0x00000000, 0x1fa000, 0x5, VM_PROT_ALL, = MAP_PRIVATE | MAP_FIXED, OBJT_VNODE, vp, 0x0) vm_mmap(&vmspace->vm_map, &0x00400000, 0x10000, 0x7, VM_PROT_ALL, = MAP_PRIVATE | MAP_FIXED, OBJT_VNODE, vp, 0x1f9000) vm_map_find(&vmspace->vm_map, NULL, 0, &0x00410000,0x20000, = VMFS_NO_SPACE, VM_PROT_ALL, VM_PROT_ALL, 0) vm_map_find(&vmspace->vm_map, NULL, 0, &0x430000, PAGE_SIZE, FALSE, = VM_PROT_ALL, VM_PROT_ALL, 0) Nothing is returning any errors, but the .text session isn=92t getting = mapped to the desired location (0x0). If map_at_zero is set to 0, the = process=92s vm_map has min_offset set to PAGE_SIZE instead of 0.=20 What=92s actually happening is pretty subtle. if MAP_FIXED is set, = vm_mmap() uses vm_map_fixed() to create the mapping. Inside = vm_map_fixed(), it uses vm_map_insert() which would properly error out = that this mapping is impossible (we want 0x0, but the process=92s = vm_map.min_offset is 0x1000), but vm_map_fixed() calls = VM_MAP_RANGE_CHECK first: VM_MAP_RANGE_CHECK(map, start, end); (void) vm_map_delete(map, start, end); result =3D vm_map_insert(map, object, offset, start, end, prot, VM_MAP_RANGE_CHECK does: if (start < vm_map_min(map)) \ start =3D vm_map_min(map); \ which looks like the wrong thing to do here. vm_mmap() thinks it=92s = requesting 0x0 through 0x1fa000, but now the request just silently got = changed to 0x1000 through 0x1fa000. So what the ibcs2 module thinks .text is being loaded at 0, ends up = being loaded at 0x1000, and is 0x1000 bytes too small. It then jumps to = the wrong starting address, and the process crashes.=20 Also to clarify my original posting, COFF itself isn=92t the issue here, = just that this specific binary wants its .text section to begin at a = virtual address below 0x1000.=20 =97 Kevin --Apple-Mail=_540E5AEC-C04D-4A1D-8577-276AD9832813 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPLzCCBN0w ggPFoAMCAQICEHGS++YZX6xNEoV0cTSiGKcwDQYJKoZIhvcNAQEFBQAwezELMAkGA1UEBhMCR0Ix GzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwR Q29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0w NDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQx FzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsx ITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJz dC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIx B8dOtINknS4p1aJkxIW9hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8 om+rWV6lL8/K2m2qL+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLmSGHG TPNpsaguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM1tZUOt4KpLoDd7Nl yP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu9mIwFIws6wIDAQABo4IBJzCCASMwHwYDVR0j BBgwFoAUoBEKIz6W8Qfs4q8p74Klf9AwpLQwHQYDVR0OBBYEFImCZ33EnSZwAEu0UEh83j2uBG59 MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr BgEFBQcDBDARBgNVHSAECjAIMAYGBFUdIAAwewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5j b21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwu Y29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDARBglghkgBhvhCAQEEBAMCAQYw DQYJKoZIhvcNAQEFBQADggEBAJ2Vyzy4fqUJxB6/C8LHdo45PJTGEKpPDMngq4RdiVTgZTvzbRx8 NywlVF+WIfw3hJGdFdwUT4HPVB1rbEVgxy35l1FM+WbKPKCCjKbI8OLp1Er57D9Wyd12jMOCAU9s APMeGmF0BEcDqcZAV5G8ZSLFJ2dPV9tkWtmNH7qGL/QGrpxp7en0zykX2OBKnxogL5dMUbtGB8SK N04g4wkxaMeexIud6H4RvDJoEJYRmETYKlFgTYjrdDrfQwYyyDlWjDoRUtNBpEMD9O3vMyfbOeAU TibJ2PU54om4k123KSZB6rObroP8d3XK6Mq1/uJlSmM+RMTQw16Hc6mYHK9/FX8wggUaMIIEAqAD AgECAhBtGeqnGU9qMyLmIjJ6qnHeMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJVUzELMAkG A1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNU IE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVRO LVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsMB4XDTExMDQyODAwMDAw MFoXDTIwMDUzMDEwNDgzOFowgZMxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNo ZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTkwNwYD VQQDEzBDT01PRE8gQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCShIRbS1eY1F4vi6ThQMijU1hfZmXxMk73nzJ9 VdB4TFW3QpTg+SdxB8XGaaS5MsTxQBqQzCdWYn8XtXFpruUgG+TLY15gyqJB9mrho/+43x9IbWVD jCouK2M4d9+xF6zC2oIC1tQyatRnbyATj1w1+uVUgK/YcQodNwoCUFNslR2pEBS0mZVZEjH/CaLS TNxS297iQAFbSGjdxUq04O0kHzqvcV8H46y/FDuwJXFoPfQP1hdYRhWBPGiLi4MPbXohV+Y0sNsy fuNK4aVScmQmkU6lkg//4LFg/RpvaFGZY40ai6XMQpubfSJj06mg/M6ekN9EGfRcWzW6FvOnm//B AgMBAAGjggFLMIIBRzAfBgNVHSMEGDAWgBSJgmd9xJ0mcABLtFBIfN49rgRufTAdBgNVHQ4EFgQU ehNOAHRbxnhjZCfBL+KgW7x5xXswDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAw EQYDVR0gBAowCDAGBgRVHSAAMFgGA1UdHwRRME8wTaBLoEmGR2h0dHA6Ly9jcmwudXNlcnRydXN0 LmNvbS9VVE4tVVNFUkZpcnN0LUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kRW1haWwuY3JsMHQGCCsG AQUFBwEBBGgwZjA9BggrBgEFBQcwAoYxaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VUTkFkZFRy dXN0Q2xpZW50X0NBLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTAN BgkqhkiG9w0BAQUFAAOCAQEAhda+eFdVbTN/RFL+QtUGqAEDgIr7DbL9Sr/2r0FJ9RtaxdKtG3Nu PukmfOZMmMEwKN/L+0I8oSU+CnXW0D05hmbRoZu1TZtvryhsHa/l6nRaqNqxwPF1ei+eupN5yv7i kR5WdLL4jdPgQ3Ib7Y/9YDkgR/uLrzplSDyYPaUlv73vYOBJ5RbI6z9Dg/Dg7g3B080zX5vQvWBq szv++tTJOjwf7Zv/m0kzvkIpOYPuM2kugp1FTahp2oAbHj3SGl18R5mlmwhtEpmG1l1XBxunML5L SUS4kH7K0Xk467Qz+qA6XSZYnmFVGLQh1ZnV4ENAQjC+6qXnlNKw/vN1+X9u5zCCBSwwggQUoAMC AQICEQDbETdDYf7wYKjx8ymk38yAMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJHQjEbMBkG A1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P RE8gQ0EgTGltaXRlZDE5MDcGA1UEAxMwQ09NT0RPIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQg U2VjdXJlIEVtYWlsIENBMB4XDTEzMDYxNjAwMDAwMFoXDTE0MDYxNjIzNTk1OVowJjEkMCIGCSqG SIb3DQEJARYVdG9hc3R5QGRyYWdvbmRhdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAvoIO+cLWLe7YYAGV/WdoWC85K8uIgstlYMg/bC8eGbC7AY/nuQXpRV5+xlTXgN7qry/m 6XErlaw1U3rmwlNyjMhJdYaPZclywBKKpYnc3sp0q2A6naeVmOF/t4QDImtfc3sV7SaEkIr7zssK MFTnkOX57g1r3MuiYoHBx1cMaWXYCJ5LDzsynwHGAExYuziRzXcu4sRZ1HBJlQ8hM3yhTTGGOQv1 H1ky13a1RxXC+uoTtYFyrxdBgPUd4eGF1tILHtK9NXnU6lhey90wDa2jmQOJQErgYuYPZriSuBXz QobK7tGcjMBgBQ1U+gxaTyThbXgxfb1MTjDx46hSl8Z35wIDAQABo4IB5TCCAeEwHwYDVR0jBBgw FoAUehNOAHRbxnhjZCfBL+KgW7x5xXswHQYDVR0OBBYEFO9wHp89I1B980w64KR38bmtuHFYMA4G A1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMCAGA1UdJQQZMBcGCCsGAQUFBwMEBgsrBgEEAbIx AQMFAjARBglghkgBhvhCAQEEBAMCBSAwRgYDVR0gBD8wPTA7BgwrBgEEAbIxAQIBAQEwKzApBggr BgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLm5ldC9DUFMwVwYDVR0fBFAwTjBMoEqgSIZG aHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1 cmVFbWFpbENBLmNybDCBiAYIKwYBBQUHAQEEfDB6MFIGCCsGAQUFBzAChkZodHRwOi8vY3J0LmNv bW9kb2NhLmNvbS9DT01PRE9DbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0 MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wIAYDVR0RBBkwF4EVdG9hc3R5 QGRyYWdvbmRhdGEuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCBaQ8dcaprzzREiMtsc2UtOPSHFiCy dcd5OjE6BN+pkcQozhx3nol9dFKJ+YfGvIxIjHmDGFTOgJgJvjRZ0D1Hw2WJCEtyD+U6yi/cnDFu Ksl039qafzbah6ft2r+GM0QufuFmrBi/bTWU3lGuhL8TKOvsWeLFkyGqtv9AJz2vg7j7dpxutLQY NWnrt7nS2x6p4f1LXu3iwczefyNNFUYwE9zXAT0Uwn48g2iijuf9vekfpqtHBmfSu0tSfd3FS3JC hmFp1fMxnWOnuZ529HFtGeYzr1K8Tp+JEVPjzPCxymVFsZ945Vzj0kc0DT3f9N5Gdw6uybrUwupM NHJJCB9VMYIDrjCCA6oCAQEwgakwgZMxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1h bmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTkw NwYDVQQDEzBDT01PRE8gQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EC EQDbETdDYf7wYKjx8ymk38yAMAkGBSsOAwIaBQCgggHZMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTEzMTAyNDA2Mzc1MlowIwYJKoZIhvcNAQkEMRYEFEqIfdDFZTC/ k0is9fRIRSdaZOBVMIG6BgkrBgEEAYI3EAQxgawwgakwgZMxCzAJBgNVBAYTAkdCMRswGQYDVQQI ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBD QSBMaW1pdGVkMTkwNwYDVQQDEzBDT01PRE8gQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1 cmUgRW1haWwgQ0ECEQDbETdDYf7wYKjx8ymk38yAMIG8BgsqhkiG9w0BCRACCzGBrKCBqTCBkzEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9y ZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENPTU9ETyBDbGllbnQgQXV0 aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIRANsRN0Nh/vBgqPHzKaTfzIAwDQYJKoZI hvcNAQEBBQAEggEAS7PsuujTPlmJjn37R60KW68DGdg80gNgmhB004+d9F2+fSUET5LqqNLcBPWU /qns76CpkQ9spbJMaLwsIb9QgWZfx5bWFgdjV5fZlWhdYY/uKACHjMirjBlqBaSEhfMIosLcrpJY 12eJo71nIz4q//0rhjeqTxwvhlfqdRWzqyjnpD4pBbwJO1eg5+B+IYZqE3FeR9cTavU2Q21r2hFd uLPfb98924P3ySXGwM8I9mSLzEW65VJRy77FBqhuKFkJIEFABeKa6u3o3VeHXje0qrpNkR8fzJR9 9c7bckaIQHg2SjC5WR0ZnvVHyNaZG2klH9egZJ1hoqwonADX5bokLQAAAAAAAA== --Apple-Mail=_540E5AEC-C04D-4A1D-8577-276AD9832813--