Date: Tue, 18 Jul 2017 01:17:38 +0200 From: "Vlad K." <vlad-fbsd@acheronmedia.com> To: freebsd-stable@freebsd.org Subject: Re: stack_guard hardening bsdinstall option in STABLE and 11.1 Message-ID: <f6d29f8604e217d429e9a02ed10b3c90@acheronmedia.hr> In-Reply-To: <047E43D8-9F99-4855-8AAC-882AFBC891C9@dsl-only.net> References: <047E43D8-9F99-4855-8AAC-882AFBC891C9@dsl-only.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2017-07-18 00:09, Mark Millard wrote: > (Although I expect Konstantin Belousov's note here is > the first public description of the problem's details.) Thanks for explaining the problem. I guess this was the reason why I failed to parse kib's reply, this was the first bit of info I encountered on that patch being effectively "broken" that way. > I agree that you did not get an answer for the other > part: > >> I simply asked if it's safe to assume the sysctl to be an integer in > >> 11.1 > > > I've not gone through any draft 11.1-release code to > check. It appears to be, the code is MFC'd with (if I'm correct) r320666. I've ran some tests in -RC3 and indeed it works, though probably for the reason you explained above (guard page eating into the stack), raising the stack_guard_pages sufficiently high (eg. 512 pages like the bsdinstaller in CURRENT defaults to) crashes threaded programs. If that is so, though, I wonder why it's not reverted, or at least the sysctl temporarily patched to remain boolean (or turned off completely). And the bsdinstaller option in CURRENT now essentially enables buggy and unstable behavior. If this is a known issue, why default to it in CURRENT. Anyway thanks for taking time to explain, this answers my questions. -- Vlad K.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f6d29f8604e217d429e9a02ed10b3c90>