Re: Adding a boot flag for No ASLR

[Joerg Sonnenberger <joerg%bec.de@localhost>]

On Mon, Jul 23, 2018 at 06:24:09PM +0530, Siddharth Muralee wrote:
> >
> >
> > (1) An implementation detail of userland shouldn't be leaked into the
> > kernel boot (!) process.
> >
> 
> Okay. I think this makes sense(I am still pretty new to NetBSD) - Can you
> suggest some other location/config that can be used.

paxctl.

> > (2) There is no fundamental issue that makes the sanitizers incompatible
> > with ASLR. The only issue for asan and friends is the reservation of the
> > shadow buffer and that can and should be handled explicitly.
> >
> 
> We have implemented the ATF tests for ASan - The tests work only 50% or
> less when ASLR is on. To get perfect results I think ASLR needs to be off.
> I guess Kamil can provide more info on this.

I'm very aware of the current situation. Ultimately, stack randomisation
has the same issue. The way we setup the VM space of a new process is
suboptimal for a world that wants to randomize things. I.e. at the
moment, the VM commands (epp->ep_vmcmds) are executed in order and that
makes placing fixed location objects difficult. What should happen is:
(1) Each VM object should grow an object group field. VM objects in the
same group are assigned a random location together. A special group
field value of 0 means no randomisation.
(2) Locations should be assigned first to fixed position fields and
otherwise in descending order of size.
(3) The stack of the main thread should be reserved and integrated into
the VM object reservation just like the rest. The current stack
randomisation should be removed.

It should be noted that (2) needs to deal with impossible allocations,
so it should do one pass to size up each free range in the address space
that can fit the requested object, pick a random value and then as
second iteration find the correct range. to split.

Joerg