Update on pinsyscalls(2) progress from Theo de Raadt

Contributed by Peter N. M. Hansteen on 2023-12-30 from the put a pin in the bin dept.

In a message to the tech@ mailing list, Theo de Raadt (deraadt@) gave a summary of progress so far, along with a patch for testing what will likely be the next steps in the process.

The message leads in,

List:       openbsd-tech
Subject:    update on pinsyscalls(2)
From:       "Theo de Raadt" <deraadt () openbsd ! org>
Date:       2023-12-30 18:56:35

The pinsyscalls(2) diff is now much smaller, since many pieces it depends
upon have been commmited.

All the DSO containing system call entries have the proper annotations for
kernel and ld.so to do the right thing.

This diff can be applied to a -current system, if people want to play
along:

	cd /usr/src
	make includes   ;; to update sys/proc.h mostly
	build new kernel
	build new libexec/ld.so
	build new bin/ps

ps:
	- for static binaries, ps will show 'l' to indicate the
	  binary's text segment is doing syscall pinning.
	- for dynamic binaries, ps will show 'l' to indicate that
	  ld.so's text segement is doing syscall pinning, and 'L'
	  to indicate libc.so's text segment is doing syscal pinning


There's a long tail with this diff.  Perhaps in a release or two when
all binaries are known to follow the pinsyscalls(2) rules, we'll be able
to turn msyscall() and the less powerful pinsyscall(2) into NOPs, and
eventually remove them.

The more precise pinsyscalls(2) check in syscall_mi.h is O(1) but
slightly more expensive than the msyscall(2) check which also is O(1) in
the general case but has a special case when text msyscall-allowed
segments get crossed (such as when doing ld.so GOT/PLT resolution, or
signal handlers), then uvm locks occur twice.  But we don't need both.

followed by the patch against -current for those who want to help out by testing the code. If you want to test, you can download the full message here, among other places.

(Comments are closed)

Comments

By Anonymous Coward (99.44.101.60) on 2024-01-04 13:41 https://marc.info/?l=openbsd-tech&m=170234892604404&w=2

Seems like Theo started a new thread so that he didn’t have to acknowledge someone finding a bug in his code.

original thread: https://marc.info/?l=openbsd-tech&m=170234892604404&w=2

Latest Articles

Fri, Apr 26
- 08:33 Passphrase timeout for disk decryption at boot added (potential battery lifesaver) (2)
Wed, Apr 24
- 04:35 Game of Trees 0.98 released (3)
Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (17)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]