Details
- Reviewers
imp markj mjg emaste brooks - Commits
- rGdaa85548d5cf: rtld: teach LD_SHOW_AUXV about AT_USRSTACK*
rGe03c7f500541: libthr: extract code to get main stack base and size into helpers
rGe2879ece4314: libc, libthr: use AT_USRSTACK{BASE,LIM} instead of sysctl("kern.usrstack") and…
rGebf7a01594ee: libthr: use nitems() for mib length
rG0ae364adcd8d: jemalloc: use auxv ELF_BSDF_VMNOOVERCOMMIT instead of sysctl("vm.overcommit")
rG62b4fb22df04: auxv.3: Document AT_USRSTACKBASE and AT_USRSTACKLIM
rG1d280f21427f: procstat(1): print AT_USRSTACKBASE and AT_USRSTACKLIM
rG8f2668b0605e: _elf_aux_info(3): add support for AT_USRSTACK{BASE,LIM}
rGff41239f587f: Add AT_USRSTACK{BASE, LIM} AT vectors, and ELF_BSDF_VMNOOVERCOMMIT flag
rG87384c51e047: jemalloc: use symbolic definitions for bits in vm_overcommit
rG26eed2aa06a2: swap_pager: style, wrap long lines
rGccdaa1ab1c5f: vm_overcommit: put into __read_mostly section
rGa6cc4c6e98eb: vm: make vm.overcommit available externally
Diff Detail
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
This is outside of my areas of expertise. I'm afraid I won't be able to help with the review.
I only added you as subscriber. In fact, my question would be, are there any other sysctls relevant for the image startup. I do not see anything else in truss output.
contrib/jemalloc/src/pages.c | ||
---|---|---|
441 | It is already under some kind of #ifdef that implies BSD at least, and perhaps FreeBSD specifically. But I added one more #ifdef to hide ELF_BSDF_VMNOOVERCOMMIT. |
OK. This now looks good to my eye... assuming the values computed in the kernel are good (I'm less sure about those, to be honest, though they look like what I'd write).
it can also shave the issetugid call, see https://reviews.freebsd.org/D23779
sys/kern/imgact_elf.c | ||
---|---|---|
1515 | there should be no need to take the lock here. instead i would assert curthread->td_limit == imgp->proc->p_limit. it matters because it is likely contend against the parent doing wait after forking | |
sys/vm/swap_pager.c | ||
172–173 | this should be __read_mostly |
Note that there is some change in the semantic, because AT_USRSTACKLIM is set at exec time, while getrlimit(2) is current. But I do not believe it matters for map_stacks_exec().
Even more so, I do not think the difference matter for vm_overcommit.
Should auxv.3 be updated?
contrib/jemalloc/src/pages.c | ||
---|---|---|
441 | bsdflags might trigger some -Wunused warning if ELF_BSDF_VMNOOVERCOMMIT is not defined. | |
lib/libc/gen/elf_utils.c | ||
97 | I think this can't work on CHERI, since it relies on being able to forge a pointer from u_longs provided by the kernel. Should we instead make the type of the USRSTACKBASE entry a uintptr_t instead? @jhb or @jrtc27 or @brooks might have an opinion. Though, it looks like this problem exists with KERN_USRSTACK today in CheriBSD, so maybe they don't care about supporting executable stacks. | |
lib/libthr/thread/thr_stack.c | ||
157 | Should libthr panic if this call fails? It would provide a more useful failure mode if some W^X policy is enabled, no? Same for __libc_map_stacks_exec(). | |
sys/vm/vm.h | ||
172 | These can be defined under _KERNEL, no? |
lib/libc/gen/elf_utils.c | ||
---|---|---|
97 | Yes, KERN_USRSTACK is same. This is why I selected a_un.a_val for AT_USRSTACKLIM. | |
lib/libthr/thread/thr_stack.c | ||
157 | No, I do not think so. I highly dislike system libraries abruptly terminating the process. If it can continue, it should. | |
sys/vm/vm.h | ||
172 | No, the bits define values for sysctl vm.overcommit, so I thought that the definitions are useful for userspace. In fact, jemalloc should be modified to use the symbols on sysctl fallback. |
Use SWAP_RESERVE_ symbols instead of magic in jemalloc
Fix potential unused variable warning in jemalloc
Document new AT_ values
Seems like a good change. We don't need usrstack to be a pointer on CheriBSD and having it be one is a least-privilege violation. We don't support an executable stack for the main thread and there isn't really any reason to do so for ABIs that don't have backwards compatibility concerns (the main reason to do so is to support nested functions and IIRC gcc now supports nested functions without exec stacks, but doing so is an ABI break).
sys/vm/swap_pager.c | ||
---|---|---|
270 | I'd prefer all this whitespace churn was in a separate commit. |
sys/vm/swap_pager.c | ||
---|---|---|
270 | It is, please see https://kib.kiev.ua/git/gitweb.cgi?p=deviant3.git;a=shortlog;h=refs/heads/at_vm for per-commit split |