From nobody Wed Apr 17 11:53:25 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VKK731Y4Vz5GlT3 for ; Wed, 17 Apr 2024 11:53:35 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from slim.berklix.org (slim.berklix.org [94.185.90.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "slim", Issuer "slim" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VKK722F1tz4b4r for ; Wed, 17 Apr 2024 11:53:34 +0000 (UTC) (envelope-from jhs@berklix.com) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of jhs@berklix.com has no SPF policy when checking 94.185.90.68) smtp.mailfrom=jhs@berklix.com Received: from dell.no.berklix.net (p4fc4ce15.dip0.t-ipconnect.de [79.196.206.21]) (authenticated bits=128) by slim.berklix.org (8.17.1/8.17.1) with ESMTPSA id 43HBrQNI096021 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=FAIL); Wed, 17 Apr 2024 13:53:26 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from dell.no.berklix.net (localhost [127.0.0.1]) by dell.no.berklix.net (8.16.1/8.16.1) with ESMTPS id 43HBrPX2033676 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Wed, 17 Apr 2024 13:53:26 +0200 (CEST) (envelope-from jhs@localhost.no.berklix.net) Received: (from jhs@localhost) by dell.no.berklix.net (8.16.1/8.16.1/Submit) id 43HBrPhj033675; Wed, 17 Apr 2024 13:53:25 +0200 (CEST) (envelope-from jhs) Message-Id: <202404171153.43HBrPhj033675@dell.no.berklix.net> To: "Poul-Henning Kamp" cc: FreeBSD Hackers Subject: Re: Question regarding crunchgen(1) binaries From: "Julian H. Stacey" Organization: http://berklix.com/jhs/ User-agent: EXMH on FreeBSD http://berklix.com/free/ X-From: http://www.berklix.org/~jhs/ In-reply-to: Your message "Mon, 15 Apr 2024 19:55:22 -0000." <202404151955.43FJtMnU083779@critter.freebsd.dk> List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <33673.1713354805.1@localhost> Date: Wed, 17 Apr 2024 13:53:25 +0200 X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.09 / 15.00]; AUTH_NA(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.988]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; ASN(0.00)[asn:33824, ipnet:94.185.88.0/22, country:DE]; FREEFALL_USER(0.00)[jhs]; HAS_ORG_HEADER(0.00)[]; MIME_TRACE(0.00)[0:+]; RCPT_COUNT_TWO(0.00)[2]; MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org]; RCVD_COUNT_THREE(0.00)[3]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; R_DKIM_NA(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_TLS_LAST(0.00)[]; TO_DN_ALL(0.00)[]; DMARC_NA(0.00)[berklix.com]; R_SPF_NA(0.00)[no SPF record] X-Rspamd-Queue-Id: 4VKK722F1tz4b4r Hi, Reference: > From: "Poul-Henning Kamp" > Date: Mon, 15 Apr 2024 19:55:22 +0000 "Poul-Henning Kamp" wrote: > -------- > Warner Losh writes: > > > Maybe start there to understand what "LTO" the security thing is doing and > > why it's either wrong or violates an assumption in crunchgen that can be > > fixed. > > Crunch binaries were invented 30 years ago, to make FreeBSD > installation program fit on a single floppy disk. > > Note that the goal was saving disk-space rather than RAM. > > The "architecture" of crunchgen is to take a lot of programs, rename > their main() and link them all together with a new main() which > dispatches to the right program's main() based on argv[0] > > Statistically you save half a disk-allocation unit for each program > which was nothing to sneeze at, but the real disk-space dividend > comes from linking the resulting combi-program static. > > Because it is linked static, only those .o files which are referenced > gets pulled in from the libraries, libm::j0.o only gets pulled in > if you Bessel functions, which, countrary to rumours, sysinstall > did not. > > (The goal of shared libraries is saving RAM: Everybody gets the > complete library, but only one copy of it's code ever gets loaded.) > > But the real trick is actually not crunchgen, which was originally just > a shell script, but rather crunchide(1). > > Crunchide(1) does unnatural acts to an objectfile's symboltabel, > to get around the fact that all the programs have a function called > "main" and that they litter the global symbol namespace with their > private inter-file references. > > To make a crunched binary, the .o files for the individual programs > are first "pre-linked" without libraries so that internal interfile > references are resolved. > > Then crunchide changes all global symbols, except "main" to be local > symbols, so that they become unavailable for symbol resolution in > the final run of the linker. The "main" symbol is also renamed > to a per-program name, something like "cp_main" for cp(1) etc. > > And then all the prelinked .o files, one per program, gets linked > together with the "dispatch main" and this time with libraries. > > I see no reason why crunchgen cannot be done with Link Time > Optimization, but somebody has to write the new crunchide(1), and > I suspect it will have a tougher row to hoe, because pre-linking > cannot be used to take care of the inter-program symbols. > > As I understand it LTO can also link with "normal libraries" > so one option might be to only LTO the final linking step of > the crunch process, treating all the programs as "normal libraries", > but still getting LTO advantage internally in the libraries. > > Poul-Henning Interesting, Nice if some of that were added to man crunchide. Cheers, -- Julian Stacey. Gmail & Googlemail Fail http://berklix.org/jhs/mail/#bad Brits abroad reclaim http://StolenVotes.UK http://www.gov.uk/register-to-vote Arm Ukraine defence. Contraception reduces global warming & resource wars.