From nobody Tue Oct 31 00:40:54 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SKBC84hCLz4ycjm; Tue, 31 Oct 2023 00:41:08 +0000 (UTC) (envelope-from kib@freebsd.org) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4SKBC72LwVz4cRl; Tue, 31 Oct 2023 00:41:07 +0000 (UTC) (envelope-from kib@freebsd.org) Authentication-Results: mx1.freebsd.org; none Received: from tom.home (kib@localhost [127.0.0.1] (may be forged)) by kib.kiev.ua (8.17.1/8.17.1) with ESMTP id 39V0es1C004377; Tue, 31 Oct 2023 02:40:57 +0200 (EET) (envelope-from kib@freebsd.org) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua 39V0es1C004377 Received: (from kostik@localhost) by tom.home (8.17.1/8.17.1/Submit) id 39V0esUA004376; Tue, 31 Oct 2023 02:40:54 +0200 (EET) (envelope-from kib@freebsd.org) X-Authentication-Warning: tom.home: kostik set sender to kib@freebsd.org using -f Date: Tue, 31 Oct 2023 02:40:54 +0200 From: Konstantin Belousov To: Benjamin Kaduk Cc: "Stephen J. Kiernan" , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 95335dd3c19e - main - rtld: introduce STATIC_TLS_EXTRA Message-ID: References: <202310301742.39UHgSPp011580@gitrepo.freebsd.org> List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=4.0.0 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on tom.home X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US] X-Rspamd-Queue-Id: 4SKBC72LwVz4cRl On Mon, Oct 30, 2023 at 10:56:52AM -0700, Benjamin Kaduk wrote: > On Mon, Oct 30, 2023 at 10:42 AM Stephen J. Kiernan > wrote: > > > The branch main has been updated by stevek: > > > > URL: > > https://cgit.FreeBSD.org/src/commit/?id=95335dd3c19e0ade161bb4dc8462fc3d045ce4f8 > > > > commit 95335dd3c19e0ade161bb4dc8462fc3d045ce4f8 > > Author: Stephen J. Kiernan > > AuthorDate: 2023-10-29 21:13:10 +0000 > > Commit: Stephen J. Kiernan > > CommitDate: 2023-10-30 17:42:05 +0000 > > > > rtld: introduce STATIC_TLS_EXTRA > > > > The new STATIC_TLS_EXTRA variable provides a means for applications > > to increases the size of the extra static TLS space allocated by > > rtld beyond the default of '128'. This extra static TLS space is used > > for objects loaded with dlopen. > > > > The value specified in the variable must be no less than the default > > value and no greater than the maximum allowed value for size_t type. > > > > > > I think that we want to have a maximum allowed value that is smaller than > SIZE_T_MAX, both to prevent chance of this being used in attacks and to > prevent integer overflow. > > Perhaps something large but not incredibly large, like 1M? What attacks? > > > > If an invalid value is specified, rtld will ignore it and just use > > the default value. > > > > The rtld(1) man page is updated to document this new option. > > > > Obtained from: Juniper Networks, Inc. > > Differential Revision: https://reviews.freebsd.org/D42025 > > --- > > libexec/rtld-elf/aarch64/reloc.c | 2 +- > > libexec/rtld-elf/amd64/reloc.c | 2 +- > > libexec/rtld-elf/arm/reloc.c | 3 ++- > > libexec/rtld-elf/i386/reloc.c | 2 +- > > libexec/rtld-elf/powerpc/reloc.c | 3 ++- > > libexec/rtld-elf/powerpc64/reloc.c | 3 ++- > > libexec/rtld-elf/riscv/reloc.c | 2 +- > > libexec/rtld-elf/rtld.1 | 8 +++++++- > > libexec/rtld-elf/rtld.c | 21 +++++++++++++++++---- > > libexec/rtld-elf/rtld.h | 1 + > > 10 files changed, 35 insertions(+), 12 deletions(-) > > > > diff --git a/libexec/rtld-elf/aarch64/reloc.c > > b/libexec/rtld-elf/aarch64/reloc.c > > index c8f09d797215..907377f2619a 100644 > > --- a/libexec/rtld-elf/aarch64/reloc.c > > +++ b/libexec/rtld-elf/aarch64/reloc.c > > @@ -521,7 +521,7 @@ allocate_initial_tls(Obj_Entry *objs) > > * use. > > */ > > tls_static_space = tls_last_offset + tls_last_size + > > - RTLD_STATIC_TLS_EXTRA; > > + ld_static_tls_extra; > > > > _tcb_set(allocate_tls(objs, NULL, TLS_TCB_SIZE, TLS_TCB_ALIGN)); > > } > > diff --git a/libexec/rtld-elf/amd64/reloc.c > > b/libexec/rtld-elf/amd64/reloc.c > > index ce74c54cc5c3..9c5887def356 100644 > > --- a/libexec/rtld-elf/amd64/reloc.c > > +++ b/libexec/rtld-elf/amd64/reloc.c > > @@ -527,7 +527,7 @@ allocate_initial_tls(Obj_Entry *objs) > > * offset allocated so far and adding a bit for dynamic > > * modules to use. > > */ > > - tls_static_space = tls_last_offset + RTLD_STATIC_TLS_EXTRA; > > + tls_static_space = tls_last_offset + ld_static_tls_extra; > > > > > This calculation could overflow, as I see it (likewise for the other archs). So do not do it.