From owner-freebsd-hackers@freebsd.org  Sat Oct 26 17:23:05 2019
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 372DB17A409
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Sat, 26 Oct 2019 17:23:05 +0000 (UTC)
 (envelope-from cy.schubert@cschubert.com)
Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.9])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "Client", Issuer "CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 470nqq4CpXz4PgR
 for <freebsd-hackers@freebsd.org>; Sat, 26 Oct 2019 17:23:03 +0000 (UTC)
 (envelope-from cy.schubert@cschubert.com)
Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA
 id OPmEiBbS1sAGkOPmFiuXuq; Sat, 26 Oct 2019 11:23:00 -0600
X-Authority-Analysis: v=2.3 cv=WeVylHpX c=1 sm=1 tr=0
 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17
 a=kj9zAlcOel0A:10 a=XobE76Q3jBoA:10 a=mDV3o1hIAAAA:8 a=YxBL1-UpAAAA:8
 a=6I5d2MoRAAAA:8 a=JM8qXt8h-E9RX_fPIuoA:9 a=CjuIK1q_8ugA:10 a=dI9p-avQWAUA:10
 a=_FVE-zBwftR9WsbkzFJk:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22
Received: from slippy.cwsent.com (slippy [10.1.1.91])
 by spqr.komquats.com (Postfix) with ESMTPS id 2DE0B1F2C
 for <freebsd-hackers@freebsd.org>; Sat, 26 Oct 2019 10:22:57 -0700 (PDT)
Received: from slippy.cwsent.com (localhost [127.0.0.1])
 by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id x9QHMuaE000984
 for <freebsd-hackers@freebsd.org>; Sat, 26 Oct 2019 10:22:56 -0700 (PDT)
 (envelope-from Cy.Schubert@cschubert.com)
Received: from slippy (cy@localhost)
 by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id x9QHMuK1000981
 for <freebsd-hackers@freebsd.org>; Sat, 26 Oct 2019 10:22:56 -0700 (PDT)
 (envelope-from Cy.Schubert@cschubert.com)
Message-Id: <201910261722.x9QHMuK1000981@slippy.cwsent.com>
X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7.1
Reply-to: Cy Schubert <Cy.Schubert@cschubert.com>
From: Cy Schubert <Cy.Schubert@cschubert.com>
X-os: FreeBSD
X-Sender: cy@cwsent.com
X-URL: http://www.cschubert.com/
To: freebsd-hackers@freebsd.org
Subject: 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sat, 26 Oct 2019 10:22:56 -0700
X-CMAE-Envelope: MS4wfKmQAqjGVrcIb721g4G0rvZnAZUyKZJuUG+TRo9nctC77CPSXm8G/EkZo0NdvuzUg/b9YjpFNF8ex4NgdkXnQPgbzAQSXPNOLdj0MQxiaG9zmNtGp3BW
 eZFCOCh4padIVLi0m2iFT4xbzuiObsxZtQMaAekI+mVKtILMFoh5qCSeAhCmSog4af4Ns/7ZpWotCg==
X-Rspamd-Queue-Id: 470nqq4CpXz4PgR
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org; dkim=none;
 spf=none (mx1.freebsd.org: domain of cy.schubert@cschubert.com has no SPF
 policy when checking 64.59.134.9) smtp.mailfrom=cy.schubert@cschubert.com
X-Spamd-Result: default: False [-2.93 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5];
 HAS_REPLYTO(0.00)[Cy.Schubert@cschubert.com];
 FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1];
 REPLYTO_EQ_FROM(0.00)[]; TO_DN_NONE(0.00)[];
 IP_SCORE(-2.34)[ip: (-6.19), ipnet: 64.59.128.0/20(-3.04), asn: 6327(-2.36),
 country: CA(-0.09)]; 
 RCVD_IN_DNSWL_NONE(0.00)[9.134.59.64.list.dnswl.org : 127.0.5.0];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_SPF_NA(0.00)[];
 FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 EMPTY_SUBJECT(1.00)[];
 ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA];
 MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[];
 RECEIVED_SPAMHAUS_PBL(0.00)[17.125.67.70.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net
 : 127.0.0.11]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Oct 2019 17:23:05 -0000

Hi,

The following little test case segfaults when aslr is enabled:

#include <stdio.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/resource.h>

int
main(int argc, char *argv[])
{
	struct rlimit   rl;
	int rc;

	rl.rlim_cur = 50 * 4096;
	rl.rlim_max = 50 * 4096;
	rc = setrlimit(RLIMIT_STACK, &rl);

	return(rc);
}


slippy# sysctl kern.elf64.aslr.enable=1
kern.elf64.aslr.enable: 0 -> 1
slippy# ./test 
Segmentation fault (core dumped)
slippy# gdb test
GNU gdb (GDB) 8.3.1 [GDB v8.3.1 for FreeBSD]
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html
>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd13.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from test...
(gdb) run
Starting program: /export/home/cy/freebsd/tests/setrlimit/test 

Program received signal SIGSEGV, Segmentation fault.
setrlimit () at setrlimit.S:4
4	setrlimit.S: No such file or directory.
(gdb) bt
#0  setrlimit () at setrlimit.S:4
Backtrace stopped: Cannot access memory at address 0x7fffffe372e8
(gdb) 


It only occurs with aslr enabled and stack gap != 0. This isn't right.


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.