From owner-freebsd-current@freebsd.org Wed Jun 10 18:31:45 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5757E33C1A0 for ; Wed, 10 Jun 2020 18:31:45 +0000 (UTC) (envelope-from damjan.jov@gmail.com) Received: from mail-io1-xd42.google.com (mail-io1-xd42.google.com [IPv6:2607:f8b0:4864:20::d42]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49hwYr70ZPz4NG0; Wed, 10 Jun 2020 18:31:44 +0000 (UTC) (envelope-from damjan.jov@gmail.com) Received: by mail-io1-xd42.google.com with SMTP id m81so3443472ioa.1; Wed, 10 Jun 2020 11:31:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Ujk1yJ47RbHMYc8T2VOezOx+MB8rgTI0fbqcS8QO3ek=; b=mpHoWzo5vNkrw1bdjfPubkv77iuKkNqIYXyh05CYHOYyPVex4Z67Dxbnt2sQlPRhIf ydJcO9b/jaR2tRi+Me6Yc2/xbCoPXg8kf7I1AX81DgjJV6T2w4wEpOlwuPcQlf8+tjZW kiKk1N7vqK4l86sOs0IaxUqmsOG7pfy5M1pjWiDSTxstOXQXDnesN4TmFKCgD4b8FUFk vWgOUyRLy6P3TMjNhvxGLuf5pkVd0WbDmpYGCak1gKLqItne9Cl5CaZsz2az34LMz7Wp gjhtdW3LyOOxqTlWUoQsEVdLf1oirw+jvB+14MV9NP2F52whBhNNpi1/JbfgrG//qtcA 7zDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ujk1yJ47RbHMYc8T2VOezOx+MB8rgTI0fbqcS8QO3ek=; b=s4yjcWZATxdxkTedVO1vfLuvgY/nls7qk8+Wb+cpUqtVgYZZG88tDTPkG0XyKbUxUM faPeT84ACr5mzs1j57sTVAaGALtIM9ADGjhJRaOgo8KDdJX6wfdbJLzpJSH3n3h5K53F m45hLBpFRU/bvkcEHKIwTsF4zLVlFf/SZ8A58iFZD72UyKTyXuRd+Wu3sEKO83/TWK9g KN1oCYl2+4jFh70D4fvBDImnmw8RhXSOb3yoe7ELkxcQQKB04FL2dxbEDeftvZSUeMfn nR+vO335/TB6p8aAiy/fUYjtXeXuAugJ7AVv9dBi9tEoRcyioSpmlPpHzciYObrk/JLY EmYg== X-Gm-Message-State: AOAM532eDWHPlQh4w+zbqbnycNLtxOesRSunZBu6hJyVnBuzTKz6PYXp UjUW+dej67vKzEvg6LMD78brKrO3Glc7fLWB6qMk64As X-Google-Smtp-Source: ABdhPJxXVPVjtCbxWCMuid39cEawBYcN92xT9SwStKuBMn2tBYMMVGdAHa0jS4dBlbdydJHQe0Aq4Sjl4nZefqw1Y4c= X-Received: by 2002:a5e:a70b:: with SMTP id b11mr4686353iod.63.1591813903647; Wed, 10 Jun 2020 11:31:43 -0700 (PDT) MIME-Version: 1.0 References: <128AB51F-0950-448F-8463-12C573C1AA38@freebsd.org> <20200610165908.GA81346@raichu> <0281EB7A-B5DE-4D52-96DF-C7A2D6DC805C@freebsd.org> In-Reply-To: <0281EB7A-B5DE-4D52-96DF-C7A2D6DC805C@freebsd.org> From: Damjan Jovanovic Date: Wed, 10 Jun 2020 20:30:23 +0200 Message-ID: Subject: Re: gcc versus clang issue for 32-bit binaries To: Michael Tuexen Cc: Mark Johnston , "freebsd-current@FreeBSD.org" X-Rspamd-Queue-Id: 49hwYr70ZPz4NG0 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; REPLY(-4.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2020 18:31:45 -0000 MAP_FIXED is generally bad news, as it overwrites any prior mappings within the range of addresses being mapped to. They should use MAP_FIXED | MAP_EXCL instead, which will fail if any mappings already exist in the range, and then maybe retry with another range if it fails. Linux and NetBSD have MAP_TRYFIXED instead, which does the retrying internally. Or at the very least, run mincore() on every page in the range to verify that nothing is mapped before using mmap() with MAP_FIXED. If there is no other way but to use a single hardcoded value, check /proc//map for a number of different processes, 32 and 64 bit, and find an address range that isn't used often. Damjan On Wed, Jun 10, 2020 at 7:40 PM Michael Tuexen wrote: > > On 10. Jun 2020, at 18:59, Mark Johnston wrote: > > > > On Wed, Jun 10, 2020 at 06:41:50PM +0200, Michael Tuexen wrote: > >> Dear all, > >> > >> consider the following program test.c: > >> > >> #include > >> #include > >> > >> int > >> main(void) > >> { > >> void *p; > >> > >> p = mmap((void *)0x20000000, 0x1000000, PROT_READ | PROT_WRITE | > PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); > >> printf("p= %p\n", p); > >> return (0); > >> } > >> > >> On i386 the following happens: > >> * when compiling it with cc and running it, it crashes. > >> * when compiling it with gcc it runs fine. > >> > >> On amd64 the following happens: > >> * when compiling it with cc -m64 it runs fine. > >> * when compiling it with cc -m32 is crashes. > >> * when compiling it with gcc -m64 it runs fine. > >> * when compiling it with gcc -m32 it runs fine. > >> > >> So why does the above program crash when compiled for 32-bit when using > clang, but runs fine when compiled with gcc. > > > > The difference is between ld.bfd and ld.lld, which emit executables with > > different entry point addresses. cc -m32 -fuse-ld=bfd gives an > > executable that does not crash. > > > > When linked with lld, libc and ld-elf get mapped into the region > > [0x20000000,0x21000000], so the program crashes when the libc.so mapping > > is overwritten with that created by the mmap() call and the program > > calls printf(). > > > >> I'm testing this on 32-bit and 64-bit head systems. gcc is from ports. > >> > >> The reason I'm looking into it is that I want to get syzkaller working > on 32-bit with clang. > > > > Do you know why SYZ_DATA_OFFSET is hard-coded the way it is? It looks > > like it works more or less by accident, but at a glance I don't see why > > it has to be a fixed mapping. > I don't know, it comes from: > https://github.com/google/syzkaller/blob/master/sys/targets/targets.go#L450 > > Do you have a value which can be used on FreeBSD? Then we can just change > it... > > Best regards > Michael > > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >