09:31:23 What's the recommended cpp for building the gate with? 09:32:01 I just tried with https://github.com/illumos/cpp and the build blows up 09:33:16 with /usr/include/sys/isa_defs.h: 380: undefined control 09:33:38 which I think comes from 09:33:42 dtrace: failed to compile script ../port/threads/plockstat.d: Preprocessor failed to process input program 13:27:37 OmniOS uses https://github.com/omniosorg/cpp but it doesn't look like there is too much omnios-specific in that fork 13:29:18 It seems like https://github.com/omniosorg/cpp/commit/ffd04475acfb90d6c7eb9afcca532782ac03fe01 might be important though 13:38:09 has anyone looked at the recent openssh rce? It looks like _maybe_ illumos wouldn't be impacted, but there's enough going on in our syslog() implementation that i don't feel particularly confident in that assessment 14:34:57 [illumos-gate] 15685 iscsi: the comparison will always evaluate as 'true' -- Toomas Soome 15:48:54 Reading on the openssh rce, given that it's a regression due to a missing #ifdef, then simply putting the #ifdef back ought to be a quick fix 15:49:18 Looking at the freebsd ports collection, that's essentially what they've done 16:14:40 Debian too - and it's the approach we're taking in omnios, other than in bloody where we will jump to 9.8p1, although that's not being as easy as I'd hope. 16:16:27 Yeah, I had a look at 9.8p1 and it's quite a large change, so punted on that and went for the quick fix instead 16:16:53 The other regression around chaff packets doesn't worry me as much 16:26:45 https://www.openwall.com/lists/oss-security/2024/07/01/2 has minimal patches for both bugs 16:39:40 andyf, if you need a test host for the updated sshd package for OmniOS let me know. I can drop it on the boxes I've been doing testing on. 16:52:29 nomad - pkg update -g https://pkg.omnios.org/r151046/staging openssh openssh-server 16:52:49 I don't think it will be too long before the update is published, like everyone else. 17:05:29 I've dropped it on fs2, one of the two test hosts. 17:05:40 aside from "can I still ssh in" are there any other tests you'd like run? 17:06:09 No, if it still works, that's good enough for this patch, thanks! 17:06:28 no problems. 17:06:43 kerberos ssh was unchallenged, un-ticketed ssh required a password for a valid account. 20:34:17 9.8 is a PITA. 20:35:09 We're respinning 20240627 to #if-0-out the async-unsafe code like OmniOS. Testing it now. 22:13:42 I'm looking at the dotnet port, and comparing illumos vs Linux behavior. To my surprise, this works on linux: 22:13:43 p = mmap(0, 2494763008, PROT_NONE, MAP_ANON | MAP_PRIVATE, 0); 22:13:55 Yes, that's 2GB of anon space. 22:14:43 Conceptually, it wants to "reserve" that space, maybe not actually allocate pages (not sure about that). 22:16:26 that's classic linux overcommit, no? 22:16:45 you ask for memory, and linux says yes as long as _virtual_ memory exists 22:17:42 maybe so 22:19:06 You may want MAP_NORESERVE. 22:19:23 That's pretty common in some of these ports if you don't mind getting a SIGBUS when you try to fault in the page. 22:19:55 yeah, that's where I was heading 22:20:14 Given it's an attempt at creating a deliberate hole. But that's assuming it'll never mprotect it back on. 22:20:41 I'd assume it's trying to make itself a contiguous heap 22:20:48 it's got that vibe, at least. 22:21:07 for the managed heap, that is 22:21:40 Ah, in that case the NORESERVE may be a bit spicier. But IIRC node.js did it a lot of the v8 heap with NORESERVE but it's been a long time. 22:23:14 Yeah, it's setting up a heap (dotnet uses potentially multiple heaps and garbage collection... quite complex) 22:23:45 I think MAP_NORESERVE will give you something approximating the linux behaviour, but it's hard for me to reason about because I don't really think the linux behaviour is ok 22:23:48 Would MAP_NORESERVE give me similar behavior as what the Linux mmap allowed? 22:24:19 I believe this will actually go touch the pages. I can try and see :) 22:24:34 The semantic difference between us and Linux here is that when you mmap and you later go to allocate the page, do you expect it to work or fail. 22:24:46 Well, do you want a guarantee it'll work vs. chance it'll fail. 22:25:00 If it's going to do touch the pages, it'll change the protection on them I assume. 22:25:09 right. 22:25:24 If basically you don't want a guarantee that you can use the pages you allocate, then sure MAP_NORESREVE will give you that I guess. 22:25:29 As it actually allocates segments for its heap manager. 22:27:44 right, the question is "does that manager handle SIGSEGV and SIGBUS" here, and it probably does for the garbage collector etc. 22:27:55 so I would say MAP_NORESERVE is at least close to what you want 22:28:14 if you want to be thorough, cause a lot of actual pressure for memory 22:30:13 it's going to be handling the protections, and faults on, the heap constantly regardless for the GC, so the common case it should give it exactly what it wants. 22:30:24 the problem is the case where there's no pages there for it 22:40:16 Still fails when asking for a little over 2GB (in a 64-bit program) using MAP_NORESREVE 22:44:01 What is the full invocation? 22:44:06 I wrote a sample program and it's working fine. 22:44:10 You're missing an arg there. 22:44:26 You're specifying -1 for the fd? 22:44:37 and 0 for the off? 22:44:40 not the other way around :) 22:44:51 not that I've ever tried that... 22:45:27 nevermind. bug in my test program. 22:45:51 32 lines of code, bug count = 2 :) 22:45:58 Maybe time for a break :) 22:46:04 Not too bad a ration for C. 22:46:14 *ratio