From owner-freebsd-hackers@freebsd.org Sat Oct 26 17:28:14 2019 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 219DD17A71A for ; Sat, 26 Oct 2019 17:28:14 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 470nxm66C3z4PyC for ; Sat, 26 Oct 2019 17:28:12 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id OPrDipuDDSrVcOPrFiwF4m; Sat, 26 Oct 2019 11:28:10 -0600 X-Authority-Analysis: v=2.3 cv=L5ZjvNb8 c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=kj9zAlcOel0A:10 a=XobE76Q3jBoA:10 a=mDV3o1hIAAAA:8 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=JM8qXt8h-E9RX_fPIuoA:9 a=CjuIK1q_8ugA:10 a=dI9p-avQWAUA:10 a=_FVE-zBwftR9WsbkzFJk:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id AC1CC1FAD for ; Sat, 26 Oct 2019 10:28:07 -0700 (PDT) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id x9QHS7hu001090 for ; Sat, 26 Oct 2019 10:28:07 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id x9QHS7av001087 for ; Sat, 26 Oct 2019 10:28:07 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201910261728.x9QHS7av001087@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7.1 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: freebsd-hackers@freebsd.org Subject: ASLR and Stack Gap != 0 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 26 Oct 2019 10:28:07 -0700 X-CMAE-Envelope: MS4wfDlgcbtHP1tC3zBrQKwUJCTnUTVIUWwyU7Fx3FeuMq/lxkcw1awUT2pRl1mY0iTxjngWMmsZMOiyobkn2WbDqR84UKn8yKQ3UURCkh8mLkRKKe54CAOd JnRBSs4RktA7vf7jcwNQ+hrEoE+NYs2X6T9O/EZT0P+u96BCpXUEtpyGzE52mSxaeHF7rEiuKGCjAA== X-Rspamd-Queue-Id: 470nxm66C3z4PyC X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; spf=none (mx1.freebsd.org: domain of cy.schubert@cschubert.com has no SPF policy when checking 64.59.136.137) smtp.mailfrom=cy.schubert@cschubert.com X-Spamd-Result: default: False [-3.86 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; HAS_REPLYTO(0.00)[Cy.Schubert@cschubert.com]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; HAS_XAW(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; REPLYTO_EQ_FROM(0.00)[]; TO_DN_NONE(0.00)[]; SUBJECT_HAS_EXCLAIM(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[137.136.59.64.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA]; RCVD_TLS_LAST(0.00)[]; IP_SCORE(-2.26)[ip: (-5.81), ipnet: 64.59.128.0/20(-3.04), asn: 6327(-2.36), country: CA(-0.09)]; RECEIVED_SPAMHAUS_PBL(0.00)[17.125.67.70.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Oct 2019 17:28:14 -0000 Let's try this again. This time with a subject line. Hi, The following little test case segfaults when aslr is enabled: #include #include #include #include int main(int argc, char *argv[]) { struct rlimit rl; int rc; rl.rlim_cur = 50 * 4096; rl.rlim_max = 50 * 4096; rc = setrlimit(RLIMIT_STACK, &rl); return(rc); } slippy# sysctl kern.elf64.aslr.enable=1 kern.elf64.aslr.enable: 0 -> 1 slippy# ./test Segmentation fault (core dumped) slippy# gdb test GNU gdb (GDB) 8.3.1 [GDB v8.3.1 for FreeBSD] Copyright (C) 2019 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-portbld-freebsd13.0". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from test... (gdb) run Starting program: /export/home/cy/freebsd/tests/setrlimit/test Program received signal SIGSEGV, Segmentation fault. setrlimit () at setrlimit.S:4 4 setrlimit.S: No such file or directory. (gdb) bt #0 setrlimit () at setrlimit.S:4 Backtrace stopped: Cannot access memory at address 0x7fffffe372e8 (gdb) It only occurs with aslr enabled and stack gap != 0. This isn't right. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.