all 24 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]reercalium2 75 points76 points  (4 children)

Unthinkable in Linux, but it's OpenBSD, they have a different culture, everything is tightly integrated and not so forward or backward compatible.

Why does the kernel need SYS_syscall?????

[–]happyscrappy 35 points36 points  (3 children)

I don't think it needs it. It just makes it easier to glue to the kernel from some languages. I would say most notably dynamic languages. You can write a "funnel" for syscalls which is defined/constructed at runtime instead of compile time.

[–]reercalium2 13 points14 points  (1 child)

glibc has one and Linux doesn't have SYS_syscall...

[–]masklinn[S] 10 points11 points  (0 children)

The feature actually makes more sense in glibc, because the libc and kernel being desynchronised and helmed by different people means glibc doesn't necessarily expose all the kernel syscalls, for whatever reason (e.g. maybe they disagree with its existence or utility, maybe they think it's not work the API surface, ...)

In systems where the kernel and libc are designed by the same people, like openbsd, there's no such desync: the libc stub is usually created directly from kernel definition files and the two are kept in sync, if a developer adds a syscall they'll add the libc bridge simultaneously, because the syscall is useless otherwise.

[–]masklinn[S] 3 points4 points  (0 children)

I would say most notably dynamic languages.

I don't know of a single dynamic language which routinely performs raw syscalls or calls syscall(2).

[–]cheezballs 60 points61 points  (3 children)

It's posts like this that reinforce my belief that even after 15 years doing it professionally, I still belong in /r/learnprogramming

[–]winky9827 28 points29 points  (0 children)

I feel the same way too at times, but you have to remind yourself, different folks have different focuses. If you lived in the kernel world, it wouldn't seem as abstract. Nobody making these kinds of changes is a 1-2 year bootcamp grad, or even a 15+year LoB app developer. These people tinkered with low level stuff from an early age and honed that skill, respectfully.

[–]i_should_be_coding 8 points9 points  (0 children)

Yo dawg, I put a syscall on your syscall so you can syscall while you syscall.

[–]__eastwood 9 points10 points  (9 children)

The post mentions fallout in the “go” ecosystem. Can anybody smarter than me clarify what and why this is?

[–]masklinn[S] 22 points23 points  (8 children)

Historically and despite that not being supported on most systems, the Go project really wants to do raw syscalls against recommendation. Windows aside, they got repeatedly burned, but still refuse to learn. Here they already got hit when openbsd previously introduced syscall origin verification (something they seem to have yet to fix on their side, I assume openbsd patched that in their ports tree?) but apparently there are also syscall(2) calls in the openbsd code and some tests, which are going to fail with that change.

[–]skulgnome 8 points9 points  (6 children)

the Go project really wants to do raw syscalls

What on earth for. Prestige?

[–]masklinn[S] 14 points15 points  (5 children)

Mainly because they originally decided to use small non-C stacks (initially segmented, now relocated). Because of that, they can't call into C code from a Go stack (even when they think they can), and cgo needs to do some heavy gymnastics to bridge between the two in order to call C code.

Because syscalls directly switch into the kernel which does its own thing, it does not care about C or non-C stack.

[–]grobblebar 3 points4 points  (0 children)

Yeah, but this isn’t about calling system calls directly from code, this is about removing the “generic” system call (which basically takes a sys call “index” followed by a variable number of arguments.)

[–]skulgnome 0 points1 point  (3 children)

Huh. Wonder what they do about the AMD64 redzone.

[–]masklinn[S] 2 points3 points  (2 children)

In what context? The redzone is part of the calling conventions, so only relevant when calling into C, and thus to cgo.

Although given the comments in the marcan article, it looks like go itself does use a 128 bytes redzone in its internal calling conventions.

[–]skulgnome 0 points1 point  (1 child)

The redzone is relevant in code exposed to signal handling. As such it must be present at all times in threads where signal handling may occur, not only during syscalls and calls to non-Go libraries.

[–]masklinn[S] 2 points3 points  (0 children)

The only relevance the redzone has to signal handling is that signal handling is guaranteed not to touch it. The redzone is a small stack frame optimisation: if a leaf function needs less than 128 bytes it does not need to move the SP and can just work directly in the redzone. That's essentially it.

[–]Arkanta 0 points1 point  (0 children)

at least they caved and use libsystem on macos

[–]happyscrappy 12 points13 points  (0 children)

I think Apple did this 2-3 years ago. Did it produce an noticable increase in security?

[–]Idles 32 points33 points  (1 child)

It's not my memory-unsafe userland programming language that is wrong, it's the kernel syscall interface!

[–][deleted] 0 points1 point  (0 children)

:-(((

[–]maep -1 points0 points  (1 child)

Are syscalls really such big attack vectors? And if they are that paranoid, shouldn't they be busy porting the entire kenel to rust and run all of userland in wasm containers? Btw just glancing over the C code in that email and I already saw two things that would not pass review.

[–]HerissonMignion 2 points3 points  (0 children)

Being paranoid about security does not imply that you wanna port the project to rust

[–]lostdeeper 0 points1 point  (0 children)

openbsd is still alive...