IRC channel logs
2022-11-23.log
back to list of logs
<muurkha>though it would be better with longer variable names in some cases <rickmasters>I just changed wstrcpy to this, which seems to fix it: <rickmasters>After that fix, flex-2.5.11 and then musl-1.1.24 finishes on fiwix. <rickmasters>Then it fails on "build tcc-0.9.27 tcc-musl-pass1.sh" <rickmasters>It builds tcc-musl, but has a memory fault trying to build tcc-musl with tcc-musl. <stikonas>rickmasters: if that works with linux, can you make a pull request? <rickmasters>stikonas: sure. I just edited the patch rather than reconstruct it. Is that ok? <stikonas>maybe musl is doing something that crashes fiwix? <rickmasters>yeah, i kept the number of changed lines the same for wstrcpy <stikonas>I think emacs even fixes changed line numbers for you <rickmasters>to clarify, fiwix doesn't crash - the process triggers a general protection fault and is terminated <rickmasters>So, digging further might take some time. But can you think of problems other than uninitialized stack variables that might occur if it doesn't zero the stack? <oriansj>I can think of a couple optimizations that might assume the default stack is zero but none that should absolutely be needed. <oriansj>muurkha: if you notice knight zeros memory on stack pop <oriansj>and the compiler should be putting zero on the stack prior to use anyway (regardless of what the kernel does) <muurkha>oriansj: it's not clear to me whether the Fiwix kernel is intended to provide security boundaries between processes (i.e., support some processes having more privileges than others) <muurkha>but if it is, it wouldn't be okay for it to rely on the compiler for those security boundaries <muurkha>the fact that it supports the Linux system call interface implies that you can use a malicious compiler <muurkha>rickmasters: I explained the problem in the post I linked above on the orange website <muurkha>(the problem other than uninitialized stack variables that might occur if it doesn't zero the stack) <muurkha>with arrays in the stack frame that are set up by calling functions (such as wstrcpy!), having the compiler pre-zero them would be a performance loss, and potentially a significant one in some applications <stikonas>and at the moment M2-Planet does not pre-zero arrays on the stack <muurkha>for M2-Planet, the performance loss should not be an issue <rickmasters>muurkha: so, the leakage of confidential information? Yes, it would be a problem for fiwix, but not something that would stop me in my tracks in this bootstrapping effort. <rickmasters>A malloc issue would be a heap problem of course rather than stack but its the same issue in the sense that the kernel needs to zero that too and probably manages it in a similar way <muurkha>no, it's probably not a problem relevant to bootstrapping, but it's a problem a kernel needs to solve to provide security boundaries between processes <stikonas>indeed, leakage of confidential information is not a big deal in bootstrapping <stikonas>we have full control of what code we run there <stikonas>and checking hashes of all programs actually would help to spot if any uninitialized data somehow propagated into executables <muurkha>yeah, it could cause a determinism problem