From nobody Wed Jan 19 21:11:00 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 66950196D5D1; Wed, 19 Jan 2022 21:11:07 +0000 (UTC) (envelope-from brooks@spindle.one-eyed-alien.net) Received: from spindle.one-eyed-alien.net (spindle.one-eyed-alien.net [199.48.129.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4JfJGL52Bcz4YC8; Wed, 19 Jan 2022 21:11:06 +0000 (UTC) (envelope-from brooks@spindle.one-eyed-alien.net) Received: by spindle.one-eyed-alien.net (Postfix, from userid 3001) id CA3503C0199; Wed, 19 Jan 2022 21:11:00 +0000 (UTC) Date: Wed, 19 Jan 2022 21:11:00 +0000 From: Brooks Davis To: John Baldwin Cc: Mark Johnston , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 706f4a81a812 - main - exec: Introduce the PROC_PS_STRINGS() macro Message-ID: <20220119211100.GC79998@spindle.one-eyed-alien.net> References: <202201172113.20HLD7v9006931@gitrepo.freebsd.org> <4e0db863-71fd-faa3-41f1-3cb05d539def@FreeBSD.org> <8580d8c9-bc4f-53d5-0366-23922d3bf299@FreeBSD.org> List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Q68bSM7Ycu6FN28Q" Content-Disposition: inline In-Reply-To: <8580d8c9-bc4f-53d5-0366-23922d3bf299@FreeBSD.org> User-Agent: Mutt/1.9.4 (2018-02-28) X-Rspamd-Queue-Id: 4JfJGL52Bcz4YC8 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of brooks@spindle.one-eyed-alien.net has no SPF policy when checking 199.48.129.229) smtp.mailfrom=brooks@spindle.one-eyed-alien.net X-Spamd-Result: default: False [0.10 / 15.00]; R_SPF_NA(0.00)[no SPF record]; ARC_NA(0.00)[]; FREEFALL_USER(0.00)[brooks]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; DMARC_NA(0.00)[freebsd.org]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; RCPT_COUNT_FIVE(0.00)[5]; NEURAL_SPAM_SHORT(1.00)[1.000]; MLMMJ_DEST(0.00)[dev-commits-src-all,dev-commits-src-main]; FORGED_SENDER(0.30)[brooks@freebsd.org,brooks@spindle.one-eyed-alien.net]; RCVD_COUNT_ZERO(0.00)[0]; SIGNED_PGP(-2.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:36236, ipnet:199.48.128.0/22, country:US]; FROM_NEQ_ENVFROM(0.00)[brooks@freebsd.org,brooks@spindle.one-eyed-alien.net] X-ThisMailContainsUnwantedMimeParts: N --Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 18, 2022 at 02:18:03PM -0800, John Baldwin wrote: > On 1/18/22 11:58 AM, Mark Johnston wrote: > > On Tue, Jan 18, 2022 at 07:31:47AM -0800, John Baldwin wrote: > >> On 1/17/22 1:13 PM, Mark Johnston wrote: > >>> The branch main has been updated by markj: > >>> > >>> URL: https://cgit.FreeBSD.org/src/commit/?id=3D706f4a81a81250a326ea25= 914e7effe1768f1a37 > >>> > >>> commit 706f4a81a81250a326ea25914e7effe1768f1a37 > >>> Author: Mark Johnston > >>> AuthorDate: 2022-01-17 16:42:28 +0000 > >>> Commit: Mark Johnston > >>> CommitDate: 2022-01-17 21:11:54 +0000 > >>> > >>> exec: Introduce the PROC_PS_STRINGS() macro > >>> =20 > >>> Rather than fetching the ps_strings address directly from a pro= cess' > >>> sysentvec, use this macro. With stack address randomization the > >>> ps_strings address is no longer fixed. > >>> =20 > >>> Reviewed by: kib > >>> MFC after: 2 weeks > >>> Sponsored by: The FreeBSD Foundation > >>> Differential Revision: https://reviews.freebsd.org/D33704 > >> > >> FWIW, in CheriBSD we have a 'p_psstrings' member in struct proc that i= s a pointer > >> to the ps_strings structure in user space that is set by the ABI durin= g exec. > >=20 > > I did the exact same thing in an earlier version of the patch. It ended > > up being more useful to keep the stacktop address, and to derive the > > ps_strings address from that. I would like to MFC this as well, and > > that'll be easier without having modified the layout of struct proc. >=20 > Ok. As an MFCable change this seems fine. > >> CHERI removes the need for ASLR, but due to alignment requirements of = capabilities > >> the stack is not a fixed location as its address can vary based on the= size. > >=20 > > Is it possible to use PROC_PS_STRINGS() there? >=20 > Well, the other trick is that I think a more recent change from Brooks is= that we > have completely divorced the strings area (argv, envp, auxv, ps_strings, = etc.) from > the stack, so we will still need the separate pointer in CheriBSD. This was more or less forced by CHERI bounds alignment constraints on the stack. It's also cleaner if the stack is only the stack, but that's obviously not practical on existing ABIs. -- Brooks --Q68bSM7Ycu6FN28Q Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJh6H5kAAoJEKzQXbSebgfAwegIAJGcgE/kVNXMwfPQuktceOXq jB2oAmi/0hQyx0mOgO5cKUWrZQY6N6lRylNzMKYkQrSOjOmatClex9BfEdgpJzOQ 4vvoUWQhtGlTorA6UaPvYp/+FQT2VnVcdmRMbiJdYak8ikHYScmBTtCsBEXNGYRj CplHIN/jhKMhmXe2ooce/3SPzT3Zl6YcDL8bdGCOq2Q26tl/89DE7fVAToae/xew JmsJ45H1oc2ORxKkjyoCJy48vCAw5rbmeLPB0vV/zqiF6s+EiMhaQazvLvZxAMrT /nXNPixdrJs50aTyIiZABJyyTh6iPPt6w6vwtzrPUj4j8OyQR8pIakQ80tereI4= =Eehg -----END PGP SIGNATURE----- --Q68bSM7Ycu6FN28Q--