From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/13277 Path: news.gmane.org!.POSTED!not-for-mail From: "A. Wilcox" Newsgroups: gmane.linux.lib.musl.general Subject: Re: Replacing a_crash() ? Date: Sun, 16 Sep 2018 22:50:26 -0500 Organization: =?UTF-8?Q?Ad=c3=a9lie_Linux?= Message-ID: <401b7365-a7d5-b9be-18bc-1ec74c9c6c06@adelielinux.org> References: <20180917032317.GF17995@brightrain.aerifal.cx> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="QKkc1740tZ1zpSNCwjFBNapBzXyuP67qT" X-Trace: blaine.gmane.org 1537156011 25759 195.159.176.226 (17 Sep 2018 03:46:51 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Mon, 17 Sep 2018 03:46:51 +0000 (UTC) User-Agent: Mozilla/5.0 (X11; Linux ppc64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 To: musl@lists.openwall.com Original-X-From: musl-return-13293-gllmg-musl=m.gmane.org@lists.openwall.com Mon Sep 17 05:46:47 2018 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.84_2) (envelope-from ) id 1g1kUn-0006bH-Md for gllmg-musl@m.gmane.org; Mon, 17 Sep 2018 05:46:45 +0200 Original-Received: (qmail 17516 invoked by uid 550); 17 Sep 2018 03:48:54 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 17495 invoked from network); 17 Sep 2018 03:48:53 -0000 Openpgp: preference=signencrypt In-Reply-To: <20180917032317.GF17995@brightrain.aerifal.cx> Xref: news.gmane.org gmane.linux.lib.musl.general:13277 Archived-At: This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --QKkc1740tZ1zpSNCwjFBNapBzXyuP67qT Content-Type: multipart/mixed; boundary="AjXVoT9y9nsxu8VjHSX3klyiYCgNM7UxP"; protected-headers="v1" From: "A. Wilcox" To: musl@lists.openwall.com Message-ID: <401b7365-a7d5-b9be-18bc-1ec74c9c6c06@adelielinux.org> Subject: Re: [musl] Replacing a_crash() ? References: <20180917032317.GF17995@brightrain.aerifal.cx> In-Reply-To: <20180917032317.GF17995@brightrain.aerifal.cx> --AjXVoT9y9nsxu8VjHSX3klyiYCgNM7UxP Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 09/16/18 22:23, Rich Felker wrote: > Now that we have an abort() that reliably terminates with uncatchable > SIGABRT, I've been thinking about replacing the a_crash() calls in > musl (which are usually an instruction generating SIGILL or SIGSEGV) > with calls to the uncatchable tail of abort(), which I would factor > off as a __forced_abort() function. >=20 > In case it's not clear, the reason for not just calling abort() is > that too many programs catch it, and catching it is even encouraged. > Catchability is a problem with the current approach too, since > a_crash() is used in places where process state is known to be > dangerously corrupt and likely under attacker control; eliminating it > is one of the potential goals of switching to __forced_abort(). Yes, please! > Are there any objections to making such a change? So far I've gotten > mostly positive feedback -- SIGABRT is more telling of what's happened > than SIGSEGV/SIGILL. It would also get rid of the ugly misplacement of > a_crash() (no longer needed) in "atomic.h" and the inclusion of > "atomic.h" in some files where it makes no sense without knowing it's > where a_crash() is defined. >=20 > For i386, some nontrivial work would be needed to make abort's tail > perform syscalls with int $128 rather than the vdso, which is unsafe > since the pointer to it may have been subverted. On other archs, > inline syscalls are fully inline. I'd probably add a > NEED_FAILSAFE_SYSCALL macro to define before including "syscall.h" and > have arch/i386/syscall_arch.h adjust the asm string based on it; this > is more maintainable than writing an asm version of the function. That seems like a sane way to do it. Best, --arw --=20 A. Wilcox (awilfox) Project Lead, Ad=C3=A9lie Linux https://www.adelielinux.org --AjXVoT9y9nsxu8VjHSX3klyiYCgNM7UxP-- --QKkc1740tZ1zpSNCwjFBNapBzXyuP67qT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjNyWOYPU1SaTSMHHyynLUZIrnRQFAlufJIMACgkQyynLUZIr nRR5sA//ZYLeMVvfbRF/LyFzBcN0GnbDW10NBTM7LrvS0epj50OGAIlcWUYCDSeE yDzrJ0jaqLKEPKHOIy9BJrXoPyaAGxnv1x8koC2602fpaip0n1X5j9RKHM9xA+nE kLwKGgD40etcKBVxuydiWcmg7P1uoGCS1TS30pbcS1qrnpTnx7UHdUF7ohWlbeQn 2BJAxp2eNwrr4n4bzazr3Nmdlayw7lAuFzu0LE7ik0k+wKYhea2wxVVpFv8FU4qn c0y9zCk1tkJiZb3mHUKY2TET5QUMezw7+W3xRXXPT1ao+ZvNY3R+46M5pToO8GkW 8nZ55FbqP0I5GAulv4BXPDRNKNS8xKwpmtiUr6uJ7bPTC2CfSE/GvkxhAGedh5kX OeHdC4nrDRuuI4YZetWlzG4t3R6xg1nqBWLNTF+hl0CIkcT79D/5VRnYKOzMdP7D wOEg6lYDp2ovhZY+3MJWIkX+XgIJs9h/WKK+b6l9qoeVxGPluGCgiinCFMCEZH7f Py7eAjBANGs2L0RPGQ5mMUDnghvTmPD9chIavhXJcOGPc9RyZH0MDr2nUvDEDC7P 29eVHZV852cPUv5+li3KJPJeN2lipTmY0P/8m/uRJ5bpLtD8bCS49QRCrdxVkeGq CKn4vA1dYEZKbZ3nExKdp6sw1OeLTeLr3CbmcfkMDhjhOCJhk3k= =geOn -----END PGP SIGNATURE----- --QKkc1740tZ1zpSNCwjFBNapBzXyuP67qT--