Re: ntpd doesn't like ASLR on stable/12 post-r350672
On Sun, 25 Aug 2019 01:28+0300, Konstantin Belousov wrote: > On Sun, Aug 25, 2019 at 12:19:43AM +0200, Trond Endrestøl wrote: > > On Sat, 24 Aug 2019 23:41+0300, Konstantin Belousov wrote: > > > > I tried changing command="/usr/sbin/${name}" to > > > > command="/usr/bin/proccontrol -m aslr -s disable /usr/sbin/${name}" in > > > > /etc/rc.d/ntpd, but that didn't go well. > > > > > > If you set kern.elf64.aslr.stack_gap to zero, does it help ? > > > > That helped. Thank you again. > > Can you verify is ntpd sets new rlimit(RLIMIT_STACK) for the main thread, > and if yes, what this new limit is ? (gdb) 5265if (-1 == setrlimit(RLIMIT_STACK, &rl)) { (gdb) print rl $1 = {rlim_cur = 204800, rlim_max = 536870912} > aslr.stack_gap is the percentage for the gap on that stack, and since > default size of the main stack limit is quite large 512M, even 3% > (default gap upper limit) are whole 15M. If the new limit is less than > 15M, there is a likely probability that only the gap is left after the > rlimit(2) call, leaving no space for the program frames. > > At least this looks like a nice theory. -- Trond. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: ntpd doesn't like ASLR on stable/12 post-r350672
On Sun, Aug 25, 2019 at 12:19:43AM +0200, Trond Endrestøl wrote: > On Sat, 24 Aug 2019 23:41+0300, Konstantin Belousov wrote: > > > I tried changing command="/usr/sbin/${name}" to > > > command="/usr/bin/proccontrol -m aslr -s disable /usr/sbin/${name}" in > > > /etc/rc.d/ntpd, but that didn't go well. > > > > If you set kern.elf64.aslr.stack_gap to zero, does it help ? > > That helped. Thank you again. Can you verify is ntpd sets new rlimit(RLIMIT_STACK) for the main thread, and if yes, what this new limit is ? aslr.stack_gap is the percentage for the gap on that stack, and since default size of the main stack limit is quite large 512M, even 3% (default gap upper limit) are whole 15M. If the new limit is less than 15M, there is a likely probability that only the gap is left after the rlimit(2) call, leaving no space for the program frames. At least this looks like a nice theory. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: ntpd doesn't like ASLR on stable/12 post-r350672
On Sat, 24 Aug 2019 23:41+0300, Konstantin Belousov wrote: > On Sat, Aug 24, 2019 at 10:04:49PM +0200, Trond Endrestøl wrote: > > > Disabling ASLR, kern.elf64.aslr.enable=0, before starting ntpd > > manually is a workaround, but this is not viable in the long run. > > Why ? I like to keep ALSR enabled in the hope that it actually achieves something. You are right, I can disable it completely. > > I tried changing command="/usr/sbin/${name}" to > > command="/usr/bin/proccontrol -m aslr -s disable /usr/sbin/${name}" in > > /etc/rc.d/ntpd, but that didn't go well. > > If you set kern.elf64.aslr.stack_gap to zero, does it help ? That helped. Thank you again. -- Trond. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: ntpd doesn't like ASLR on stable/12 post-r350672
On Sat, Aug 24, 2019 at 10:04:49PM +0200, Trond Endrestøl wrote: > Hi, > > I'm running stable/12 with ASLR enabled in /etc/sysctl.conf: > > kern.elf64.aslr.enable=1 > kern.elf64.aslr.pie_enable=1 > kern.elf32.aslr.enable=1 > kern.elf32.aslr.pie_enable=1 > > After upgrading to anything after r350672, now at r351450, ntpd > refuses to start at boot. > > Aug 24 21:25:42 HOSTNAME ntpd[5618]: ntpd 4.2.8p12-a (1): > Starting > Aug 24 21:25:43 HOSTNAME kernel: [406] pid 5619 (ntpd), jid 0, > uid 123: exited on signal 11 > > Disabling ASLR, kern.elf64.aslr.enable=0, before starting ntpd > manually is a workaround, but this is not viable in the long run. Why ? > > I tried changing command="/usr/sbin/${name}" to > command="/usr/bin/proccontrol -m aslr -s disable /usr/sbin/${name}" in > /etc/rc.d/ntpd, but that didn't go well. If you set kern.elf64.aslr.stack_gap to zero, does it help ? > > Running ntpd through gdb while ASLR was enabled, I narrowed it down to > /usr/src/contrib/ntp/ntpd/ntpd.c:1001 > > ntp_rlimit(RLIMIT_STACK, DFLT_RLIMIT_STACK * 4096, 4096, "4k"); > > which calls /usr/src/contrib/ntp/ntpd/ntp_config.c:5211 and proceeds > to /usr/src/contrib/ntp/ntpd/ntp_config.c:5254 > > if (-1 == getrlimit(RLIMIT_STACK, &rl)) { > > Single stepping from this point gave me: > > > > (gdb) s > _thr_rtld_set_flag (mask=1) at /usr/src/lib/libthr/thread/thr_rtld.c:171 > 171 { > (gdb) > 176 return (0); > (gdb) > _thr_rtld_rlock_acquire (lock=0x80180d200) at > /usr/src/lib/libthr/thread/thr_rtld.c:115 > 115 { > (gdb) > 120 curthread = _get_curthread(); > (gdb) > _get_curthread () at /usr/src/lib/libthr/arch/amd64/include/pthread_md.h:97 > 97 return (TCB_GET64(tcb_thread)); > (gdb) > _thr_rtld_rlock_acquire (lock=0x80180d200) at > /usr/src/lib/libthr/thread/thr_rtld.c:121 > 121 SAVE_ERRNO(); > (gdb) > 124 THR_CRITICAL_ENTER(curthread); > (gdb) > _thr_rwlock_tryrdlock (rwlock=, flags=0) at > /usr/src/lib/libthr/thread/thr_umtx.h:192 > 192 (rwlock->rw_flags & URWLOCK_PREFER_READER) != 0) > (gdb) > 191 if ((flags & URWLOCK_PREFER_READER) != 0 || > (gdb) > 197 while (!(state & wrflags)) { > (gdb) > 201 if (atomic_cmpset_acq_32(&rwlock->rw_state, state, > state + 1)) > (gdb) > atomic_cmpset_int (dst=, expect=, src=1) at > /usr/obj/usr/src/amd64.amd64/tmp/usr/include/machine/atomic.h:220 > 220 ATOMIC_CMPSET(int); > (gdb) > _thr_rwlock_tryrdlock (rwlock=, flags=0) at > /usr/src/lib/libthr/thread/thr_umtx.h:201 > 201 if (atomic_cmpset_acq_32(&rwlock->rw_state, state, > state + 1)) > (gdb) > _thr_rtld_rlock_acquire (lock=0x80180d200) at > /usr/src/lib/libthr/thread/thr_rtld.c:127 > 127 curthread->rdlock_count++; > (gdb) > 128 RESTORE_ERRNO(); > (gdb) > 129 } > (gdb) > _thr_rtld_clr_flag (mask=1) at /usr/src/lib/libthr/thread/thr_rtld.c:181 > 181 { > (gdb) > 182 return (0); > (gdb) > _thr_rtld_lock_release (lock=0x80180d200) at > /usr/src/lib/libthr/thread/thr_rtld.c:150 > 150 { > (gdb) > _get_curthread () at /usr/src/lib/libthr/arch/amd64/include/pthread_md.h:97 > 97 return (TCB_GET64(tcb_thread)); > (gdb) > _thr_rtld_lock_release (lock=0x80180d200) at > /usr/src/lib/libthr/thread/thr_rtld.c:157 > 157 SAVE_ERRNO(); > (gdb) > 160 state = l->lock.rw_state; > (gdb) > 161 if (_thr_rwlock_unlock(&l->lock) == 0) { > (gdb) > _thr_rwlock_unlock (rwlock=0x80180d200) at > /usr/src/lib/libthr/thread/thr_umtx.h:249 > 249 state = rwlock->rw_state; > (gdb) > 250 if ((state & URWLOCK_WRITE_OWNER) != 0) { > (gdb) > 256 if > (__predict_false(URWLOCK_READER_COUNT(state) == 0)) > (gdb) > 260 URWLOCK_READER_COUNT(state) == 1)) > { > (gdb) > 259 URWLOCK_READ_WAITERS)) != 0 && > (gdb) > 262 state, state - 1)) > (gdb) > 261 if > (atomic_cmpset_rel_32(&rwlock->rw_state, > (gdb) > atomic_cmpset_int (dst=, expect=, src=0) at > /usr/obj/usr/src/amd64.amd64/tmp/usr/include/machine/atomic.h:220 > 220 ATOMIC_CMPSET(int); > (gdb) > _thr_rwlock_unlock (rwlock=0x80180d200) at > /usr/src/lib/libthr/thread/thr_umtx.h:261 > 261 if > (atomic_cmpset_rel_32(&rwlock->rw_state, > (gdb) > _thr_rtld_lock_release (lock=) at > /usr/src/lib/libthr/thread/thr_rtld.c:162 > 162 if ((state & URWLOCK_WRITE_OWNER) == 0) > (gdb) > 163 curthread->rdlock_count--; > (gdb) > 164 THR_CRITICAL_LEAVE(curthread); > (gdb) > _thr_ast (curthread=0x80864b000) at /usr/src/lib/libthr/thread/thr_sig.c:271 > 271 if (!THR_IN_CRITICAL(curthread)) { > (gdb) > 272 check_deferred_sign
ntpd doesn't like ASLR on stable/12 post-r350672
Hi, I'm running stable/12 with ASLR enabled in /etc/sysctl.conf: kern.elf64.aslr.enable=1 kern.elf64.aslr.pie_enable=1 kern.elf32.aslr.enable=1 kern.elf32.aslr.pie_enable=1 After upgrading to anything after r350672, now at r351450, ntpd refuses to start at boot. Aug 24 21:25:42 HOSTNAME ntpd[5618]: ntpd 4.2.8p12-a (1): Starting Aug 24 21:25:43 HOSTNAME kernel: [406] pid 5619 (ntpd), jid 0, uid 123: exited on signal 11 Disabling ASLR, kern.elf64.aslr.enable=0, before starting ntpd manually is a workaround, but this is not viable in the long run. I tried changing command="/usr/sbin/${name}" to command="/usr/bin/proccontrol -m aslr -s disable /usr/sbin/${name}" in /etc/rc.d/ntpd, but that didn't go well. Running ntpd through gdb while ASLR was enabled, I narrowed it down to /usr/src/contrib/ntp/ntpd/ntpd.c:1001 ntp_rlimit(RLIMIT_STACK, DFLT_RLIMIT_STACK * 4096, 4096, "4k"); which calls /usr/src/contrib/ntp/ntpd/ntp_config.c:5211 and proceeds to /usr/src/contrib/ntp/ntpd/ntp_config.c:5254 if (-1 == getrlimit(RLIMIT_STACK, &rl)) { Single stepping from this point gave me: (gdb) s _thr_rtld_set_flag (mask=1) at /usr/src/lib/libthr/thread/thr_rtld.c:171 171 { (gdb) 176 return (0); (gdb) _thr_rtld_rlock_acquire (lock=0x80180d200) at /usr/src/lib/libthr/thread/thr_rtld.c:115 115 { (gdb) 120 curthread = _get_curthread(); (gdb) _get_curthread () at /usr/src/lib/libthr/arch/amd64/include/pthread_md.h:97 97 return (TCB_GET64(tcb_thread)); (gdb) _thr_rtld_rlock_acquire (lock=0x80180d200) at /usr/src/lib/libthr/thread/thr_rtld.c:121 121 SAVE_ERRNO(); (gdb) 124 THR_CRITICAL_ENTER(curthread); (gdb) _thr_rwlock_tryrdlock (rwlock=, flags=0) at /usr/src/lib/libthr/thread/thr_umtx.h:192 192 (rwlock->rw_flags & URWLOCK_PREFER_READER) != 0) (gdb) 191 if ((flags & URWLOCK_PREFER_READER) != 0 || (gdb) 197 while (!(state & wrflags)) { (gdb) 201 if (atomic_cmpset_acq_32(&rwlock->rw_state, state, state + 1)) (gdb) atomic_cmpset_int (dst=, expect=, src=1) at /usr/obj/usr/src/amd64.amd64/tmp/usr/include/machine/atomic.h:220 220 ATOMIC_CMPSET(int); (gdb) _thr_rwlock_tryrdlock (rwlock=, flags=0) at /usr/src/lib/libthr/thread/thr_umtx.h:201 201 if (atomic_cmpset_acq_32(&rwlock->rw_state, state, state + 1)) (gdb) _thr_rtld_rlock_acquire (lock=0x80180d200) at /usr/src/lib/libthr/thread/thr_rtld.c:127 127 curthread->rdlock_count++; (gdb) 128 RESTORE_ERRNO(); (gdb) 129 } (gdb) _thr_rtld_clr_flag (mask=1) at /usr/src/lib/libthr/thread/thr_rtld.c:181 181 { (gdb) 182 return (0); (gdb) _thr_rtld_lock_release (lock=0x80180d200) at /usr/src/lib/libthr/thread/thr_rtld.c:150 150 { (gdb) _get_curthread () at /usr/src/lib/libthr/arch/amd64/include/pthread_md.h:97 97 return (TCB_GET64(tcb_thread)); (gdb) _thr_rtld_lock_release (lock=0x80180d200) at /usr/src/lib/libthr/thread/thr_rtld.c:157 157 SAVE_ERRNO(); (gdb) 160 state = l->lock.rw_state; (gdb) 161 if (_thr_rwlock_unlock(&l->lock) == 0) { (gdb) _thr_rwlock_unlock (rwlock=0x80180d200) at /usr/src/lib/libthr/thread/thr_umtx.h:249 249 state = rwlock->rw_state; (gdb) 250 if ((state & URWLOCK_WRITE_OWNER) != 0) { (gdb) 256 if (__predict_false(URWLOCK_READER_COUNT(state) == 0)) (gdb) 260 URWLOCK_READER_COUNT(state) == 1)) { (gdb) 259 URWLOCK_READ_WAITERS)) != 0 && (gdb) 262 state, state - 1)) (gdb) 261 if (atomic_cmpset_rel_32(&rwlock->rw_state, (gdb) atomic_cmpset_int (dst=, expect=, src=0) at /usr/obj/usr/src/amd64.amd64/tmp/usr/include/machine/atomic.h:220 220 ATOMIC_CMPSET(int); (gdb) _thr_rwlock_unlock (rwlock=0x80180d200) at /usr/src/lib/libthr/thread/thr_umtx.h:261 261 if (atomic_cmpset_rel_32(&rwlock->rw_state, (gdb) _thr_rtld_lock_release (lock=) at /usr/src/lib/libthr/thread/thr_rtld.c:162 162 if ((state & URWLOCK_WRITE_OWNER) == 0) (gdb) 163 curthread->rdlock_count--; (gdb) 164 THR_CRITICAL_LEAVE(curthread); (gdb) _thr_ast (curthread=0x80864b000) at /usr/src/lib/libthr/thread/thr_sig.c:271 271 if (!THR_IN_CRITICAL(curthread)) { (gdb) 272 check_deferred_signal(curthread); (gdb) check_deferred_signal (curthread=0x80864b000) at /usr/src/lib/libthr/thread/thr_sig.c:332 332 if (__predict_true(curthread->deferred_siginfo.si_signo == 0 || (gdb) 351 } (gdb) _thr_ast (curthread=0x80864b000) at /usr/src/lib/libthr/thread/thr_sig.c:273 273 check_suspend(curthread); (gdb) check_suspend (curthread=0x80864b000) at /usr/src/lib/libthr/thread/thr_sig.c:358