Re: CVS commit: src/sys
BTW, the patch you submitted with the initial message in this thread looks good for avoiding the issue. But I'm not sure it is a complete solution. In particular, you would need to build a 32-bit arm that contains ``no options COMPAT_NETBSD32'' and then boot and load the compat_netbsd32 and compat_netbsd32_coredump modules modload compat_netbsd32 modload compat_netbsd32_coredump Then see if emulation of the old ABI still works, and check if core- dump works for old-ADI programs; the test program I've been using for core-dump checking is #include int main(int argc, void *argv) { abort(); } I really have to leave and take care of some personal business, so I would greatly appreciate if you can check this out. Thanks! On Wed, 4 Nov 2020, Paul Goyette wrote: I guess I don't understand why a 32-bit architecture would also have COMPAT_NETBSD32. Christos, can you help out on this? On Wed, 4 Nov 2020, Rin Okuyama wrote: Hello again, On 2020/11/02 3:51, Paul Goyette wrote: Module Name:src Committed By: pgoyette Date: Sun Nov 1 18:51:03 UTC 2020 Modified Files: src/sys/compat/netbsd32: netbsd32.h netbsd32_core.c src/sys/kern: compat_stub.c files.kern kern_core.c kern_sig.c sys_ptrace_common.c src/sys/modules: Makefile src/sys/modules/compat_netbsd32: Makefile src/sys/modules/coredump: Makefile src/sys/sys: compat_stub.h param.h signalvar.h Added Files: src/sys/modules/compat_netbsd32_coredump: Makefile Log Message: Separate the compat_netbsd32_coredump from the compat_netbsd32 and coredump modules, into its own module. Welcome to 7.99.75 !!! To generate a diff of this commit: cvs rdiff -u -r1.133 -r1.134 src/sys/compat/netbsd32/netbsd32.h cvs rdiff -u -r1.15 -r1.16 src/sys/compat/netbsd32/netbsd32_core.c cvs rdiff -u -r1.20 -r1.21 src/sys/kern/compat_stub.c cvs rdiff -u -r1.53 -r1.54 src/sys/kern/files.kern cvs rdiff -u -r1.33 -r1.34 src/sys/kern/kern_core.c cvs rdiff -u -r1.394 -r1.395 src/sys/kern/kern_sig.c cvs rdiff -u -r1.88 -r1.89 src/sys/kern/sys_ptrace_common.c cvs rdiff -u -r1.247 -r1.248 src/sys/modules/Makefile cvs rdiff -u -r1.35 -r1.36 src/sys/modules/compat_netbsd32/Makefile cvs rdiff -u -r0 -r1.1 src/sys/modules/compat_netbsd32_coredump/Makefile cvs rdiff -u -r1.7 -r1.8 src/sys/modules/coredump/Makefile cvs rdiff -u -r1.24 -r1.25 src/sys/sys/compat_stub.h cvs rdiff -u -r1.677 -r1.678 src/sys/sys/param.h cvs rdiff -u -r1.102 -r1.103 src/sys/sys/signalvar.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. This commit breaks arm, i.e., ILP32 arch with COMPAT_NETBSD32. For arm, coredump_elf32_hook is already hooked in the main kernel. Therefore, compat_netbsd32_coredump_modcmd(MODULE_CMD_INIT) causes KASSERT failure: panic: kernel diagnostic assertion "!*hooked" failed: file "../../../../kern/kern_module_hook.c", line 70 Does the attached patch seem reasonable to you? Thanks, rin ++--+---+ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired) | FA29 0E3B 35AF E8AE 6651 | p...@whooppee.com | | Software Developer | 0786 F758 55DE 53BA 7731 | pgoye...@netbsd.org | ++--+---+ !DSPAM:5fa2ae10252946113815662! ++--+---+ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired) | FA29 0E3B 35AF E8AE 6651 | p...@whooppee.com | | Software Developer | 0786 F758 55DE 53BA 7731 | pgoye...@netbsd.org | ++--+---+
Re: CVS commit: src/sys/kern
OK, this is my mistake. When I change the calls in the ptrace_common modcmd, I should also have renamed the functions (including their entries in sys/ptrace.h). I will commit this shortly, before I leave. Thanks for the "recipe" for reproducing the problem - I will try it later when I return. On Wed, 4 Nov 2020, Rin Okuyama wrote: On 2020/11/04 22:52, Paul Goyette wrote: On Wed, 4 Nov 2020, Rin Okuyama wrote: ptrace_common_{init,fini} are called from the ptrace_common module's modcmd routine in kern/sys_ptrace_common.c. The modcmd routine in turn is called at module initialization time. In the case of a built-in module, it will be called by module_init via init_main; if the module is loaded (or auto-loaded) module_load will call the modcmd routine. The module will be built-in if either ``options PTRACE'' or ``file- system PROCFS'' is set in the kernel configuration file. Oops, sorry, I meant ptrace_{init,fini}(). These functions are not called at all since this commit, which forbids ptrace(2) for non-root users. If the module is built-in (``options PTRACE'' selected in the config file), then the module will already have been initialized. If the module is not built-in, then a privileged user will need to modload(8) the module. Prior to this change, the built-in ptrace_common module was calling the ptrace module's init/fini routine. Quite likely ptrace_common was built-in (due to inclusion of file-system PROCFS), so the init was handled during init_main(). This change ensures that the ptrace init/fini routines are called ONLY if the ptrace module itself (not the ptrace_common) routine is built-in. Please check to make sure that ``options PTRACE'' is included in your kernel config. Yes: $ config -x netbsd.gdb | grep PTRACE ###> optionsPTRACE # Include ptrace(2) syscall ###> optionsPTRACE_HOOKS# Include ptrace hooks The problem is that ptrace_{init,fini}() are not called from ptrace_modcmd(): https://nxr.netbsd.org/xref/src/sys/kern/sys_ptrace.c#184 184 static int 185 ptrace_modcmd(modcmd_t cmd, void *arg) 186 { 187 int error; 188 189 switch (cmd) { 190 case MODULE_CMD_INIT: 191 error = syscall_establish(&emul_netbsd, ptrace_syscalls); 192 break; 193 case MODULE_CMD_FINI: 194 error = syscall_disestablish(&emul_netbsd, ptrace_syscalls); 195 break; 196 default: 197 error = ENOTTY; 198 break; 199 } 200 return error; 201 } Can you easily confirm that ktrace(2) is unusable for non-privileged users on 9.99.75 kernel: $ gdb echo GNU gdb (GDB) 8.3 ... (gdb) b main Breakpoint 1 at 0x950: file /usr/src/bin/echo/echo.c, line 58. (gdb) r Starting program: /bin/echo warning: Could not trace the inferior process. Error: warning: ptrace: Operation not permitted terminate called after throwing an instance of 'gdb_exception_RETURN_MASK_ERROR' [1] Abort trap (core dumped) gdb echo Also, ptrace_{init,fini} should be moved from sys_ptrace_common.c to sys_ptrace.c, IMO. Thanks, rin !DSPAM:5fa2b869233318156490363! ++--+---+ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired) | FA29 0E3B 35AF E8AE 6651 | p...@whooppee.com | | Software Developer | 0786 F758 55DE 53BA 7731 | pgoye...@netbsd.org | ++--+---+
Re: CVS commit: src/sys/kern
On Wed, 4 Nov 2020, Rin Okuyama wrote: On 2020/11/04 22:52, Paul Goyette wrote: On Wed, 4 Nov 2020, Rin Okuyama wrote: ptrace_common_{init,fini} are called from the ptrace_common module's modcmd routine in kern/sys_ptrace_common.c. The modcmd routine in turn is called at module initialization time. In the case of a built-in module, it will be called by module_init via init_main; if the module is loaded (or auto-loaded) module_load will call the modcmd routine. The module will be built-in if either ``options PTRACE'' or ``file- system PROCFS'' is set in the kernel configuration file. Oops, sorry, I meant ptrace_{init,fini}(). These functions are not called at all since this commit, which forbids ptrace(2) for non-root users. If the module is built-in (``options PTRACE'' selected in the config file), then the module will already have been initialized. If the module is not built-in, then a privileged user will need to modload(8) the module. Prior to this change, the built-in ptrace_common module was calling the ptrace module's init/fini routine. Quite likely ptrace_common was built-in (due to inclusion of file-system PROCFS), so the init was handled during init_main(). This change ensures that the ptrace init/fini routines are called ONLY if the ptrace module itself (not the ptrace_common) routine is built-in. Please check to make sure that ``options PTRACE'' is included in your kernel config. Yes: $ config -x netbsd.gdb | grep PTRACE ###> optionsPTRACE # Include ptrace(2) syscall ###> optionsPTRACE_HOOKS# Include ptrace hooks The problem is that ptrace_{init,fini}() are not called from ptrace_modcmd(): https://nxr.netbsd.org/xref/src/sys/kern/sys_ptrace.c#184 184 static int 185 ptrace_modcmd(modcmd_t cmd, void *arg) 186 { 187 int error; 188 189 switch (cmd) { 190 case MODULE_CMD_INIT: 191 error = syscall_establish(&emul_netbsd, ptrace_syscalls); 192 break; 193 case MODULE_CMD_FINI: 194 error = syscall_disestablish(&emul_netbsd, ptrace_syscalls); 195 break; 196 default: 197 error = ENOTTY; 198 break; 199 } 200 return error; 201 } Yes that would be a problem. Can you easily confirm that ktrace(2) is unusable for non-privileged users on 9.99.75 kernel: $ gdb echo GNU gdb (GDB) 8.3 ... (gdb) b main Breakpoint 1 at 0x950: file /usr/src/bin/echo/echo.c, line 58. (gdb) r Starting program: /bin/echo warning: Could not trace the inferior process. Error: warning: ptrace: Operation not permitted terminate called after throwing an instance of 'gdb_exception_RETURN_MASK_ERROR' [1] Abort trap (core dumped) gdb echo Also, ptrace_{init,fini} should be moved from sys_ptrace_common.c to sys_ptrace.c, IMO. I have some prior obligations, so I won't be able to look at this until this evening. Thanks for the detailed analysis. ++--+---+ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired) | FA29 0E3B 35AF E8AE 6651 | p...@whooppee.com | | Software Developer | 0786 F758 55DE 53BA 7731 | pgoye...@netbsd.org | ++--+---+
Re: CVS commit: src/sys/kern
On 2020/11/04 22:52, Paul Goyette wrote: On Wed, 4 Nov 2020, Rin Okuyama wrote: ptrace_common_{init,fini} are called from the ptrace_common module's modcmd routine in kern/sys_ptrace_common.c. The modcmd routine in turn is called at module initialization time. In the case of a built-in module, it will be called by module_init via init_main; if the module is loaded (or auto-loaded) module_load will call the modcmd routine. The module will be built-in if either ``options PTRACE'' or ``file- system PROCFS'' is set in the kernel configuration file. Oops, sorry, I meant ptrace_{init,fini}(). These functions are not called at all since this commit, which forbids ptrace(2) for non-root users. If the module is built-in (``options PTRACE'' selected in the config file), then the module will already have been initialized. If the module is not built-in, then a privileged user will need to modload(8) the module. Prior to this change, the built-in ptrace_common module was calling the ptrace module's init/fini routine. Quite likely ptrace_common was built-in (due to inclusion of file-system PROCFS), so the init was handled during init_main(). This change ensures that the ptrace init/fini routines are called ONLY if the ptrace module itself (not the ptrace_common) routine is built-in. Please check to make sure that ``options PTRACE'' is included in your kernel config. Yes: $ config -x netbsd.gdb | grep PTRACE ###> optionsPTRACE # Include ptrace(2) syscall ###> optionsPTRACE_HOOKS# Include ptrace hooks The problem is that ptrace_{init,fini}() are not called from ptrace_modcmd(): https://nxr.netbsd.org/xref/src/sys/kern/sys_ptrace.c#184 184 static int 185 ptrace_modcmd(modcmd_t cmd, void *arg) 186 { 187 int error; 188 189 switch (cmd) { 190 case MODULE_CMD_INIT: 191 error = syscall_establish(&emul_netbsd, ptrace_syscalls); 192 break; 193 case MODULE_CMD_FINI: 194 error = syscall_disestablish(&emul_netbsd, ptrace_syscalls); 195 break; 196 default: 197 error = ENOTTY; 198 break; 199 } 200 return error; 201 } Can you easily confirm that ktrace(2) is unusable for non-privileged users on 9.99.75 kernel: $ gdb echo GNU gdb (GDB) 8.3 ... (gdb) b main Breakpoint 1 at 0x950: file /usr/src/bin/echo/echo.c, line 58. (gdb) r Starting program: /bin/echo warning: Could not trace the inferior process. Error: warning: ptrace: Operation not permitted terminate called after throwing an instance of 'gdb_exception_RETURN_MASK_ERROR' [1] Abort trap (core dumped) gdb echo Also, ptrace_{init,fini} should be moved from sys_ptrace_common.c to sys_ptrace.c, IMO. Thanks, rin
Re: CVS commit: src/sys
> On Nov 4, 2020, at 5:33 AM, Paul Goyette wrote: > > I guess I don't understand why a 32-bit architecture would also have > COMPAT_NETBSD32. In this particular case, it's for the old 32-bit ABI that predates the EABI standard the ARM port now uses. -- thorpej
Re: CVS commit: src/sys/kern
On Wed, 4 Nov 2020, Rin Okuyama wrote: ptrace_common_{init,fini} are called from the ptrace_common module's modcmd routine in kern/sys_ptrace_common.c. The modcmd routine in turn is called at module initialization time. In the case of a built-in module, it will be called by module_init via init_main; if the module is loaded (or auto-loaded) module_load will call the modcmd routine. The module will be built-in if either ``options PTRACE'' or ``file- system PROCFS'' is set in the kernel configuration file. Oops, sorry, I meant ptrace_{init,fini}(). These functions are not called at all since this commit, which forbids ptrace(2) for non-root users. If the module is built-in (``options PTRACE'' selected in the config file), then the module will already have been initialized. If the module is not built-in, then a privileged user will need to modload(8) the module. Prior to this change, the built-in ptrace_common module was calling the ptrace module's init/fini routine. Quite likely ptrace_common was built-in (due to inclusion of file-system PROCFS), so the init was handled during init_main(). This change ensures that the ptrace init/fini routines are called ONLY if the ptrace module itself (not the ptrace_common) routine is built-in. Please check to make sure that ``options PTRACE'' is included in your kernel config. ++--+---+ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired) | FA29 0E3B 35AF E8AE 6651 | p...@whooppee.com | | Software Developer | 0786 F758 55DE 53BA 7731 | pgoye...@netbsd.org | ++--+---+
Re: CVS commit: src/sys/kern
On 2020/11/04 22:31, Paul Goyette wrote: On Wed, 4 Nov 2020, Rin Okuyama wrote: Hi, On 2020/10/26 0:55, Paul Goyette wrote: Module Name: src Committed By: pgoyette Date: Sun Oct 25 15:55:37 UTC 2020 Modified Files: src/sys/kern: sys_ptrace_common.c Log Message: ptrace_Common is a module unto itself. Don't use the ptrace module's init/fini routines. To generate a diff of this commit: cvs rdiff -u -r1.87 -r1.88 src/sys/kern/sys_ptrace_common.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. This commit makes ptrace(2) unusable for non-privileged users; ptrace_common_{init,fini}() should be called from somewhere. ptrace_common_{init,fini} are called from the ptrace_common module's modcmd routine in kern/sys_ptrace_common.c. The modcmd routine in turn is called at module initialization time. In the case of a built-in module, it will be called by module_init via init_main; if the module is loaded (or auto-loaded) module_load will call the modcmd routine. The module will be built-in if either ``options PTRACE'' or ``file- system PROCFS'' is set in the kernel configuration file. Oops, sorry, I meant ptrace_{init,fini}(). These functions are not called at all since this commit, which forbids ptrace(2) for non-root users. Thanks, rin
Re: CVS commit: src/sys
On Wed, Nov 04, 2020 at 05:33:29AM -0800, Paul Goyette wrote: > I guess I don't understand why a 32-bit architecture would also have > COMPAT_NETBSD32. (At least) mips and arm have various 32bit ABIs that are handled by COMPAT_NETBSD32. Martin
Re: CVS commit: src/sys
I guess I don't understand why a 32-bit architecture would also have COMPAT_NETBSD32. Christos, can you help out on this? On Wed, 4 Nov 2020, Rin Okuyama wrote: Hello again, On 2020/11/02 3:51, Paul Goyette wrote: Module Name:src Committed By: pgoyette Date: Sun Nov 1 18:51:03 UTC 2020 Modified Files: src/sys/compat/netbsd32: netbsd32.h netbsd32_core.c src/sys/kern: compat_stub.c files.kern kern_core.c kern_sig.c sys_ptrace_common.c src/sys/modules: Makefile src/sys/modules/compat_netbsd32: Makefile src/sys/modules/coredump: Makefile src/sys/sys: compat_stub.h param.h signalvar.h Added Files: src/sys/modules/compat_netbsd32_coredump: Makefile Log Message: Separate the compat_netbsd32_coredump from the compat_netbsd32 and coredump modules, into its own module. Welcome to 7.99.75 !!! To generate a diff of this commit: cvs rdiff -u -r1.133 -r1.134 src/sys/compat/netbsd32/netbsd32.h cvs rdiff -u -r1.15 -r1.16 src/sys/compat/netbsd32/netbsd32_core.c cvs rdiff -u -r1.20 -r1.21 src/sys/kern/compat_stub.c cvs rdiff -u -r1.53 -r1.54 src/sys/kern/files.kern cvs rdiff -u -r1.33 -r1.34 src/sys/kern/kern_core.c cvs rdiff -u -r1.394 -r1.395 src/sys/kern/kern_sig.c cvs rdiff -u -r1.88 -r1.89 src/sys/kern/sys_ptrace_common.c cvs rdiff -u -r1.247 -r1.248 src/sys/modules/Makefile cvs rdiff -u -r1.35 -r1.36 src/sys/modules/compat_netbsd32/Makefile cvs rdiff -u -r0 -r1.1 src/sys/modules/compat_netbsd32_coredump/Makefile cvs rdiff -u -r1.7 -r1.8 src/sys/modules/coredump/Makefile cvs rdiff -u -r1.24 -r1.25 src/sys/sys/compat_stub.h cvs rdiff -u -r1.677 -r1.678 src/sys/sys/param.h cvs rdiff -u -r1.102 -r1.103 src/sys/sys/signalvar.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. This commit breaks arm, i.e., ILP32 arch with COMPAT_NETBSD32. For arm, coredump_elf32_hook is already hooked in the main kernel. Therefore, compat_netbsd32_coredump_modcmd(MODULE_CMD_INIT) causes KASSERT failure: panic: kernel diagnostic assertion "!*hooked" failed: file "../../../../kern/kern_module_hook.c", line 70 Does the attached patch seem reasonable to you? Thanks, rin !DSPAM:5fa25cf9259143308188765! ++--+---+ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired) | FA29 0E3B 35AF E8AE 6651 | p...@whooppee.com | | Software Developer | 0786 F758 55DE 53BA 7731 | pgoye...@netbsd.org | ++--+---+
Re: CVS commit: src/sys/kern
On Wed, 4 Nov 2020, Rin Okuyama wrote: Hi, On 2020/10/26 0:55, Paul Goyette wrote: Module Name:src Committed By: pgoyette Date: Sun Oct 25 15:55:37 UTC 2020 Modified Files: src/sys/kern: sys_ptrace_common.c Log Message: ptrace_Common is a module unto itself. Don't use the ptrace module's init/fini routines. To generate a diff of this commit: cvs rdiff -u -r1.87 -r1.88 src/sys/kern/sys_ptrace_common.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. This commit makes ptrace(2) unusable for non-privileged users; ptrace_common_{init,fini}() should be called from somewhere. ptrace_common_{init,fini} are called from the ptrace_common module's modcmd routine in kern/sys_ptrace_common.c. The modcmd routine in turn is called at module initialization time. In the case of a built-in module, it will be called by module_init via init_main; if the module is loaded (or auto-loaded) module_load will call the modcmd routine. The module will be built-in if either ``options PTRACE'' or ``file- system PROCFS'' is set in the kernel configuration file. ++--+---+ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired) | FA29 0E3B 35AF E8AE 6651 | p...@whooppee.com | | Software Developer | 0786 F758 55DE 53BA 7731 | pgoye...@netbsd.org | ++--+---+