NetBSD Problem Report #57711
From www@netbsd.org Mon Nov 20 10:53:13 2023
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id B836A1A9238
for <gnats-bugs@gnats.NetBSD.org>; Mon, 20 Nov 2023 10:53:12 +0000 (UTC)
Message-Id: <20231120105241.73D011A9239@mollari.NetBSD.org>
Date: Mon, 20 Nov 2023 10:52:41 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: setrlimit(RLIMIT_STACK) fails to increase usable stack size
X-Send-Pr-Version: www-1.0
>Number: 57711
>Category: kern
>Synopsis: setrlimit(RLIMIT_STACK) fails to increase usable stack size
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Nov 20 10:55:00 +0000 2023
>Closed-Date: Sat Dec 09 14:15:50 +0000 2023
>Last-Modified: Sat Dec 09 14:15:50 +0000 2023
>Originator: Taylor R Campbell
>Release:
>Organization:
The PaxBSD Mprotectation
>Environment:
>Description:
Using setrlimit(RLIMIT_STACK) to increase the current process's stack size by raising the soft rlimit doesn't actually increase the usable stack.
The reason is that exec creates three mappings to set up the stack:
1. the guard region, with PROT_NONE;
2. the noaccess region, with PROT_NONE; and
3. the access region, with PROT_READ|PROT_WRITE.
The sizes of the noaccess and access regions are based on the current soft rlimit at exec time. However, a 2017 change to PAX (in the service of implementing MAP_REMAPDUP) had the unintended side effect of setting the _maximum_ protection to be the same as the current protection. That's correct for the guard region and for the access region, but for the noaccess region it breaks stack resizing: the uvm_map_protect(PROT_READ|PROT_WRITE) internally issued by setrlimit(RLIMIT_STACK) on some subrange of the noaccess region to make it accessible doesn't have any effect (it fails with EACCES), because the maximum protection is PROT_NONE.
>How-To-Repeat:
Use setrlimit(RLIMIT_STACK) to increase the current process image's stack size.
(Note that this change takes effect on the _next_ exec. It just doesn't take effect on the current process image.)
>Fix:
Yes, please!
>Release-Note:
>Audit-Trail:
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/57711 CVS commit: src/tests/lib/libc/sys
Date: Mon, 20 Nov 2023 13:05:17 +0000
Module Name: src
Committed By: riastradh
Date: Mon Nov 20 13:05:17 UTC 2023
Modified Files:
src/tests/lib/libc/sys: t_setrlimit.c
Log Message:
t_setrlimit: Verify changing RLIMIT_STACK affects access to stack.
PR kern/57711
XXX pullup-10
XXX pullup-9
XXX pullup-8
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/tests/lib/libc/sys/t_setrlimit.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/57711 CVS commit: src
Date: Tue, 21 Nov 2023 00:09:19 +0000
Module Name: src
Committed By: riastradh
Date: Tue Nov 21 00:09:19 UTC 2023
Modified Files:
src/sys/kern: exec_subr.c
src/tests/lib/libc/sys: t_setrlimit.c
Log Message:
exec: Map noaccess part of stack with prot=NONE, maxprot=READ|WRITE.
This way, setrlimit(RLIMT_STACK) can grant READ|WRITE access when
increasing the stack size.
PR kern/57711
XXX pullup-10
XXX pullup-9
XXX pullup-8
To generate a diff of this commit:
cvs rdiff -u -r1.85 -r1.86 src/sys/kern/exec_subr.c
cvs rdiff -u -r1.8 -r1.9 src/tests/lib/libc/sys/t_setrlimit.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/57711 CVS commit: src/sys/kern
Date: Tue, 21 Nov 2023 12:12:26 +0000
Module Name: src
Committed By: martin
Date: Tue Nov 21 12:12:26 UTC 2023
Modified Files:
src/sys/kern: exec_subr.c
Log Message:
Stopgap build fix for kernels w/o PAX_MPROTECT after the fixes
for PR 57711: mark variable as unused (sometimes, e.g. in macppc kernels).
To generate a diff of this commit:
cvs rdiff -u -r1.86 -r1.87 src/sys/kern/exec_subr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/57711 CVS commit: src/sys
Date: Tue, 21 Nov 2023 14:35:36 +0000
Module Name: src
Committed By: riastradh
Date: Tue Nov 21 14:35:36 UTC 2023
Modified Files:
src/sys/kern: exec_subr.c
src/sys/sys: pax.h
src/sys/uvm: uvm_mmap.c
Log Message:
pax(9): Rework header file more coherently to nix some needless #ifs.
Cleans up some of the fallout from PR kern/57711 fixes.
Could do a little more to nix PAX_SEGVGUARD conditionals but maybe
not worth it.
To generate a diff of this commit:
cvs rdiff -u -r1.87 -r1.88 src/sys/kern/exec_subr.c
cvs rdiff -u -r1.27 -r1.28 src/sys/sys/pax.h
cvs rdiff -u -r1.184 -r1.185 src/sys/uvm/uvm_mmap.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/57711 CVS commit: src/tests/lib/libc/sys
Date: Wed, 22 Nov 2023 02:20:34 +0000
Module Name: src
Committed By: riastradh
Date: Wed Nov 22 02:20:34 UTC 2023
Modified Files:
src/tests/lib/libc/sys: t_setrlimit.c
Log Message:
t_setrlimit: Fix typos in comments and messages.
No substantive change intended. Suggested by rillig@.
PR kern/57711
XXX pullup-10
XXX pullup-9
XXX pullup-8
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/tests/lib/libc/sys/t_setrlimit.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->needs-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Thu, 23 Nov 2023 18:56:40 +0000
State-Changed-Why:
needs pullup-8, pullup-9, pullup-10
State-Changed-From-To: needs-pullups->pending-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Tue, 28 Nov 2023 02:51:26 +0000
State-Changed-Why:
pullup-10 #477
pullup-9 #1769
pullup-8 #1920
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/57711 CVS commit: [netbsd-10] src
Date: Tue, 28 Nov 2023 12:56:28 +0000
Module Name: src
Committed By: martin
Date: Tue Nov 28 12:56:28 UTC 2023
Modified Files:
src/sys/kern [netbsd-10]: exec_subr.c
src/tests/lib/libc/sys [netbsd-10]: t_setrlimit.c
Log Message:
Pull up following revision(s) (requested by riastradh in ticket #477):
tests/lib/libc/sys/t_setrlimit.c: revision 1.8
tests/lib/libc/sys/t_setrlimit.c: revision 1.9
sys/kern/exec_subr.c: revision 1.86
t_setrlimit: Verify changing RLIMIT_STACK affects access to stack.
PR kern/57711
exec: Map noaccess part of stack with prot=NONE, maxprot=READ|WRITE.
This way, setrlimit(RLIMT_STACK) can grant READ|WRITE access when
increasing the stack size.
PR kern/57711
To generate a diff of this commit:
cvs rdiff -u -r1.84 -r1.84.20.1 src/sys/kern/exec_subr.c
cvs rdiff -u -r1.7 -r1.7.10.1 src/tests/lib/libc/sys/t_setrlimit.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/57711 CVS commit: [netbsd-9] src
Date: Tue, 28 Nov 2023 12:59:21 +0000
Module Name: src
Committed By: martin
Date: Tue Nov 28 12:59:21 UTC 2023
Modified Files:
src/sys/kern [netbsd-9]: exec_subr.c
src/tests/lib/libc/sys [netbsd-9]: t_setrlimit.c
Log Message:
Pull up following revision(s) (requested by riastradh in ticket #1769):
tests/lib/libc/sys/t_setrlimit.c: revision 1.8
tests/lib/libc/sys/t_setrlimit.c: revision 1.9
sys/kern/exec_subr.c: revision 1.86
t_setrlimit: Verify changing RLIMIT_STACK affects access to stack.
PR kern/57711
exec: Map noaccess part of stack with prot=NONE, maxprot=READ|WRITE.
This way, setrlimit(RLIMT_STACK) can grant READ|WRITE access when
increasing the stack size.
PR kern/57711
To generate a diff of this commit:
cvs rdiff -u -r1.82 -r1.82.10.1 src/sys/kern/exec_subr.c
cvs rdiff -u -r1.6 -r1.6.16.1 src/tests/lib/libc/sys/t_setrlimit.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/57711 CVS commit: [netbsd-8] src
Date: Tue, 28 Nov 2023 13:00:52 +0000
Module Name: src
Committed By: martin
Date: Tue Nov 28 13:00:52 UTC 2023
Modified Files:
src/sys/kern [netbsd-8]: exec_subr.c
src/tests/lib/libc/sys [netbsd-8]: t_setrlimit.c
Log Message:
Pull up following revision(s) (requested by riastradh in ticket #1920):
tests/lib/libc/sys/t_setrlimit.c: revision 1.8
tests/lib/libc/sys/t_setrlimit.c: revision 1.9
sys/kern/exec_subr.c: revision 1.86
t_setrlimit: Verify changing RLIMIT_STACK affects access to stack.
PR kern/57711
exec: Map noaccess part of stack with prot=NONE, maxprot=READ|WRITE.
This way, setrlimit(RLIMT_STACK) can grant READ|WRITE access when
increasing the stack size.
PR kern/57711
To generate a diff of this commit:
cvs rdiff -u -r1.78.2.3 -r1.78.2.4 src/sys/kern/exec_subr.c
cvs rdiff -u -r1.6 -r1.6.6.1 src/tests/lib/libc/sys/t_setrlimit.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: pending-pullups->closed
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Thu, 07 Dec 2023 14:31:34 +0000
State-Changed-Why:
fixed and pulled up to 10, 9, 8
State-Changed-From-To: closed->pending-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Thu, 07 Dec 2023 16:02:26 +0000
State-Changed-Why:
reopened pullups with SSP build fix
pullup-10 #477
pullup-9 #1769
pullup-8 #1920
State-Changed-From-To: pending-pullups->closed
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Sat, 09 Dec 2023 14:15:50 +0000
State-Changed-Why:
ssp build fix pulled up to 10, 9, 8
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home