[src/netbsd-8]: src Pull up following revision(s) (requested by joerg in tick...

[bouyer <bouyer%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/ca8ab59cd1f2
branches:  netbsd-8
changeset: 850979:ca8ab59cd1f2
user:      bouyer <bouyer%NetBSD.org@localhost>
date:      Thu Aug 31 08:32:38 2017 +0000

description:
Pull up following revision(s) (requested by joerg in ticket #234):
        sys/arch/amd64/include/vmparam.h: revision 1.43
        sys/kern/exec_subr.c: revision 1.79
        lib/libpthread/pthread_int.h: revision 1.94
        sys/arch/mips/include/vmparam.h: revision 1.58
        sys/arch/mips/include/vmparam.h: revision 1.59
        lib/libpthread/TODO: revision 1.19
        sys/arch/powerpc/include/vmparam.h: revision 1.20
        sys/arch/riscv/include/vmparam.h: revision 1.2
        sys/arch/riscv/include/vmparam.h: revision 1.3
        sys/arch/i386/include/vmparam.h: revision 1.85
        tests/lib/libpthread/t_join.c: revision 1.9
        sys/uvm/uvm_meter.c: revision 1.66
        sys/uvm/uvm_param.h: revision 1.36
        sys/kern/exec_subr.c: revision 1.80
        sys/uvm/uvm_param.h: revision 1.37
        sys/kern/exec_subr.c: revision 1.81
        sys/kern/exec_subr.c: revision 1.82
        lib/libpthread/pthread_attr_getguardsize.3: revision 1.4
        lib/libpthread/pthread.c: revision 1.148
        lib/libpthread/pthread_attr.c: revision 1.17
        sys/arch/amd64/include/vmparam.h: revision 1.42
Always include a 1MB guard area beyond the end of stack. While ASLR will
normally create a guard area as well, this provides a deterministic area
for all binaries.
Mitigates the rest of CVE-2017-1000374 and CVE-2017-1000375 from
Qualys.
Revert for the moment, creates problems on i386.
Recommit exec_subr.c revision 1.79:
  Always include a 1MB guard area beyond the end of stack. While ASLR will
  normally create a guard area as well, this provides a deterministic area
  for all binaries.
  Mitigates the rest of CVE-2017-1000374 and CVE-2017-1000375 from
  Qualys.
Additionally, change VM_DEFAULT_ADDRESS_TOPDOWN to include
user_stack_guard_size in the size reservation.
Update VM_DEFAULT_ADDRESS32_TOPDOWN to include guard area.
Export the guard size of the main thread via vm.guard_size. Add a
complementary writable sysctl for the initial guard size of threads
created via pthread_create. Let the existing attribut accessors do the
right thing. Raise the default guard size for threads to 64KB.

diffstat:

 lib/libpthread/TODO                        |   6 +----
 lib/libpthread/pthread.c                   |  37 +++++++++++++++++++++++++----
 lib/libpthread/pthread_attr.c              |   8 +++---
 lib/libpthread/pthread_attr_getguardsize.3 |  13 ++++------
 lib/libpthread/pthread_int.h               |   3 +-
 sys/arch/amd64/include/vmparam.h           |   6 +---
 sys/arch/i386/include/vmparam.h            |   4 +--
 sys/arch/mips/include/vmparam.h            |   6 ++--
 sys/arch/powerpc/include/vmparam.h         |   4 +--
 sys/arch/riscv/include/vmparam.h           |   6 ++--
 sys/kern/exec_subr.c                       |  18 ++++++++++++-
 sys/uvm/uvm_meter.c                        |  16 +++++++++++-
 sys/uvm/uvm_param.h                        |  10 ++++++-
 tests/lib/libpthread/t_join.c              |   9 ++++--
 14 files changed, 97 insertions(+), 49 deletions(-)

diffs (truncated from 502 to 300 lines):

diff -r 6a01ee2c02d2 -r ca8ab59cd1f2 lib/libpthread/TODO
--- a/lib/libpthread/TODO       Thu Aug 31 08:24:43 2017 +0000
+++ b/lib/libpthread/TODO       Thu Aug 31 08:32:38 2017 +0000
@@ -1,13 +1,9 @@
-$NetBSD: TODO,v 1.18 2017/02/08 03:44:41 kamil Exp $
+$NetBSD: TODO,v 1.18.4.1 2017/08/31 08:32:39 bouyer Exp $
 
 Interfaces/features to implement:
 
 - Realtime extensions: priority inheritance.
 
-- Allow threads to change their stack size.
-
-- Allow threads to modify the red zone size; cf. pthread_attr_setguardsize(3).
-
 - Keep a pool of dead LWPs so that we do not have take the full hit of
   _lwp_create() every time pthread_create() is called.
 
diff -r 6a01ee2c02d2 -r ca8ab59cd1f2 lib/libpthread/pthread.c
--- a/lib/libpthread/pthread.c  Thu Aug 31 08:24:43 2017 +0000
+++ b/lib/libpthread/pthread.c  Thu Aug 31 08:32:38 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pthread.c,v 1.147.8.2 2017/08/31 08:24:43 bouyer Exp $ */
+/*     $NetBSD: pthread.c,v 1.147.8.3 2017/08/31 08:32:39 bouyer Exp $ */
 
 /*-
  * Copyright (c) 2001, 2002, 2003, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: pthread.c,v 1.147.8.2 2017/08/31 08:24:43 bouyer Exp $");
+__RCSID("$NetBSD: pthread.c,v 1.147.8.3 2017/08/31 08:32:39 bouyer Exp $");
 
 #define        __EXPOSE_STACK  1
 
@@ -40,7 +40,9 @@
 #include <sys/lwp.h>
 #include <sys/lwpctl.h>
 #include <sys/resource.h>
+#include <sys/sysctl.h>
 #include <sys/tls.h>
+#include <uvm/uvm_param.h>
 
 #include <assert.h>
 #include <dlfcn.h>
@@ -116,6 +118,7 @@
  * stack pointer to thread data afterwards.
  */
 size_t pthread__stacksize;
+size_t pthread__guardsize;
 size_t pthread__pagesize;
 static struct __pthread_st *pthread__main;
 static size_t __pthread_st_size;
@@ -165,6 +168,9 @@
        pthread_t first;
        char *p;
        int i;
+       int mib[2];
+       unsigned int value;
+       size_t len;
        extern int __isthreaded;
 
        /*
@@ -183,6 +189,14 @@
        pthread__pagesize = (size_t)sysconf(_SC_PAGESIZE);
        pthread__concurrency = (int)sysconf(_SC_NPROCESSORS_CONF);
 
+       mib[0] = CTL_VM;
+       mib[1] = VM_THREAD_GUARD_SIZE;
+       len = sizeof(value);
+       if (sysctl(mib, __arraycount(mib), &value, &len, NULL, 0) == 0)
+               pthread__guardsize = value;
+       else
+               pthread__guardsize = pthread__pagesize;
+
        /* Initialize locks first; they're needed elsewhere. */
        pthread__lockprim_init();
        for (i = 0; i < NHASHLOCK; i++) {
@@ -336,16 +350,19 @@
 
        if (attr != NULL) {
                pthread_attr_getstack(attr, &stackbase, &stacksize);
+               pthread_attr_getguardsize(attr, &guardsize);
        } else {
                stackbase = NULL;
                stacksize = 0;
+               guardsize = pthread__guardsize;
        }
        if (stacksize == 0)
                stacksize = pthread__stacksize;
 
        if (newthread->pt_stack_allocated) {
                if (stackbase == NULL &&
-                   newthread->pt_stack.ss_size == stacksize)
+                   newthread->pt_stack.ss_size == stacksize &&
+                   newthread->pt_guardsize == guardsize)
                        return 0;
                stackbase2 = newthread->pt_stack.ss_sp;
 #ifndef __MACHINE_STACK_GROWS_UP
@@ -363,14 +380,13 @@
 
        if (stackbase == NULL) {
                stacksize = ((stacksize - 1) | (pthread__pagesize - 1)) + 1;
-               guardsize = pthread__pagesize;
+               guardsize = ((guardsize - 1) | (pthread__pagesize - 1)) + 1;
                stackbase = mmap(NULL, stacksize + guardsize,
                    PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, (off_t)0);
                if (stackbase == MAP_FAILED)
                        return ENOMEM;
                allocated = true;
        } else {
-               guardsize = 0;
                allocated = false;
        }
 #ifdef __MACHINE_STACK_GROWS_UP
@@ -1285,7 +1301,9 @@
 {
        struct rlimit slimit;
        const AuxInfo *aux;
-       size_t size;
+       size_t size, len;
+       int mib[2];
+       unsigned int value;
 
        _DIAGASSERT(_dlauxinfo() != NULL);
 
@@ -1294,6 +1312,13 @@
                    "Couldn't get stack resource consumption limits");
        size = slimit.rlim_cur;
        pthread__main->pt_stack.ss_size = size;
+       pthread__main->pt_guardsize = pthread__pagesize;
+
+       mib[0] = CTL_VM;
+       mib[1] = VM_GUARD_SIZE;
+       len = sizeof(value);
+       if (sysctl(mib, __arraycount(mib), &value, &len, NULL, 0) == 0)
+               pthread__main->pt_guardsize = value;
 
        for (aux = _dlauxinfo(); aux->a_type != AT_NULL; ++aux) {
                if (aux->a_type == AT_STACKBASE) {
diff -r 6a01ee2c02d2 -r ca8ab59cd1f2 lib/libpthread/pthread_attr.c
--- a/lib/libpthread/pthread_attr.c     Thu Aug 31 08:24:43 2017 +0000
+++ b/lib/libpthread/pthread_attr.c     Thu Aug 31 08:32:38 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pthread_attr.c,v 1.16 2012/03/02 18:06:05 joerg Exp $  */
+/*     $NetBSD: pthread_attr.c,v 1.16.24.1 2017/08/31 08:32:39 bouyer Exp $    */
 
 /*-
  * Copyright (c) 2001, 2002, 2003, 2008 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: pthread_attr.c,v 1.16 2012/03/02 18:06:05 joerg Exp $");
+__RCSID("$NetBSD: pthread_attr.c,v 1.16.24.1 2017/08/31 08:32:39 bouyer Exp $");
 
 #include <errno.h>
 #include <stdio.h>
@@ -107,7 +107,7 @@
        p->ptap_namearg = thread->pt_name;
        p->ptap_stackaddr = thread->pt_stack.ss_sp;
        p->ptap_stacksize = thread->pt_stack.ss_size;
-       p->ptap_guardsize = pthread__pagesize;
+       p->ptap_guardsize = thread->pt_guardsize;
        return pthread_getschedparam(thread, &p->ptap_policy, &p->ptap_sp);
 }
 
@@ -150,7 +150,7 @@
        struct pthread_attr_private *p;
 
        if ((p = attr->pta_private) == NULL)
-               *guard = (size_t)sysconf(_SC_PAGESIZE);
+               *guard = pthread__guardsize;
        else
                *guard = p->ptap_guardsize;
 
diff -r 6a01ee2c02d2 -r ca8ab59cd1f2 lib/libpthread/pthread_attr_getguardsize.3
--- a/lib/libpthread/pthread_attr_getguardsize.3        Thu Aug 31 08:24:43 2017 +0000
+++ b/lib/libpthread/pthread_attr_getguardsize.3        Thu Aug 31 08:32:38 2017 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: pthread_attr_getguardsize.3,v 1.3 2016/04/07 06:21:48 dholland Exp $
+.\"    $NetBSD: pthread_attr_getguardsize.3,v 1.3.8.1 2017/08/31 08:32:39 bouyer Exp $
 .\"
 .\" Copyright (c) 2010 Jukka Ruohonen <jruohonen%iki.fi@localhost>
 .\" All rights reserved.
@@ -25,7 +25,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd July 7, 2010
+.Dd July 2, 2017
 .Dt PTHREAD_ATTR_GETGUARDSIZE 3
 .Os
 .Sh NAME
@@ -66,12 +66,9 @@
 .Nx
 the default
 .Fa guardsize
-is the system page size.
-(This value is often 4096 bytes but varies on some ports; the
-precise value can be retrieved by using
-.Xr sysconf 3
-with
-.Dv _SC_PAGESIZE . )
+is given by the
+.Pa vm.thread_guard_size
+.Xr sysctl 7 .
 .Pp
 The rationale behind
 .Fa guardsize
diff -r 6a01ee2c02d2 -r ca8ab59cd1f2 lib/libpthread/pthread_int.h
--- a/lib/libpthread/pthread_int.h      Thu Aug 31 08:24:43 2017 +0000
+++ b/lib/libpthread/pthread_int.h      Thu Aug 31 08:32:38 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pthread_int.h,v 1.93 2017/02/08 03:44:41 kamil Exp $   */
+/*     $NetBSD: pthread_int.h,v 1.93.4.1 2017/08/31 08:32:39 bouyer Exp $      */
 
 /*-
  * Copyright (c) 2001, 2002, 2003, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -171,6 +171,7 @@
 #define PT_ATTR_DEAD   0xDEAD0002
 
 extern size_t  pthread__stacksize;
+extern size_t  pthread__guardsize;
 extern size_t  pthread__pagesize;
 extern int     pthread__nspins;
 extern int     pthread__concurrency;
diff -r 6a01ee2c02d2 -r ca8ab59cd1f2 sys/arch/amd64/include/vmparam.h
--- a/sys/arch/amd64/include/vmparam.h  Thu Aug 31 08:24:43 2017 +0000
+++ b/sys/arch/amd64/include/vmparam.h  Thu Aug 31 08:32:38 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: vmparam.h,v 1.39 2017/02/11 15:05:15 maxv Exp $        */
+/*     $NetBSD: vmparam.h,v 1.39.6.1 2017/08/31 08:32:38 bouyer Exp $  */
 
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
@@ -133,13 +133,11 @@
 #endif
 #define __USE_TOPDOWN_VM
 
-#define VM_DEFAULT_ADDRESS_TOPDOWN(da, sz) \
-    trunc_page(USRSTACK - MAXSSIZ - (sz))
 #define VM_DEFAULT_ADDRESS_BOTTOMUP(da, sz) \
     round_page((vaddr_t)(da) + (vsize_t)maxdmap)
 
 #define VM_DEFAULT_ADDRESS32_TOPDOWN(da, sz) \
-       trunc_page(USRSTACK32 - MAXSSIZ32 - (sz))
+       trunc_page(USRSTACK32 - MAXSSIZ32 - (sz) - user_stack_guard_size)
 #define VM_DEFAULT_ADDRESS32_BOTTOMUP(da, sz) \
     round_page((vaddr_t)(da) + (vsize_t)MAXDSIZ32)
 
diff -r 6a01ee2c02d2 -r ca8ab59cd1f2 sys/arch/i386/include/vmparam.h
--- a/sys/arch/i386/include/vmparam.h   Thu Aug 31 08:24:43 2017 +0000
+++ b/sys/arch/i386/include/vmparam.h   Thu Aug 31 08:32:38 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: vmparam.h,v 1.84 2017/02/11 15:05:15 maxv Exp $        */
+/*     $NetBSD: vmparam.h,v 1.84.6.1 2017/08/31 08:32:39 bouyer Exp $  */
 
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
@@ -114,8 +114,6 @@
 #include "opt_xen.h"
 #endif
 #define __USE_TOPDOWN_VM
-#define VM_DEFAULT_ADDRESS_TOPDOWN(da, sz) \
-    trunc_page(USRSTACK - MAXSSIZ - (sz))
 #define VM_DEFAULT_ADDRESS_BOTTOMUP(da, sz) \
     round_page((vaddr_t)(da) + (vsize_t)MIN(maxdmap, MAXDSIZ_BU))
 
diff -r 6a01ee2c02d2 -r ca8ab59cd1f2 sys/arch/mips/include/vmparam.h
--- a/sys/arch/mips/include/vmparam.h   Thu Aug 31 08:24:43 2017 +0000
+++ b/sys/arch/mips/include/vmparam.h   Thu Aug 31 08:32:38 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: vmparam.h,v 1.57 2016/11/22 11:01:50 skrll Exp $       */
+/*     $NetBSD: vmparam.h,v 1.57.8.1 2017/08/31 08:32:39 bouyer Exp $  */
 
 /*
  * Copyright (c) 1988 University of Utah.
@@ -185,12 +185,12 @@
 #define __USE_TOPDOWN_VM
 
 #define VM_DEFAULT_ADDRESS_TOPDOWN(da, sz) \
-    trunc_page(USRSTACK - MAXSSIZ - (sz))
+    trunc_page(USRSTACK - MAXSSIZ - (sz) - user_stack_guard_size)
 #define VM_DEFAULT_ADDRESS_BOTTOMUP(da, sz) \
     round_page((vaddr_t)(da) + (vsize_t)maxdmap)
 
 #define VM_DEFAULT_ADDRESS32_TOPDOWN(da, sz) \
-    trunc_page(USRSTACK32 - MAXSSIZ32 - (sz))
+    trunc_page(USRSTACK32 - MAXSSIZ32 - (sz) - user_stack_guard_size)
 #define VM_DEFAULT_ADDRESS32_BOTTOMUP(da, sz) \
     round_page((vaddr_t)(da) + (vsize_t)MAXDSIZ32)
 
diff -r 6a01ee2c02d2 -r ca8ab59cd1f2 sys/arch/powerpc/include/vmparam.h
--- a/sys/arch/powerpc/include/vmparam.h        Thu Aug 31 08:24:43 2017 +0000
+++ b/sys/arch/powerpc/include/vmparam.h        Thu Aug 31 08:32:38 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: vmparam.h,v 1.19 2014/10/18 08:33:26 snj Exp $ */
+/*     $NetBSD: vmparam.h,v 1.19.12.1 2017/08/31 08:32:39 bouyer Exp $ */