On Fri, Sep 29, 2023 at 09:20:00PM +0000, Lucas wrote:
> Christian Weisgerber <naddy@mips.inka.de> wrote:
> > If you bought a new Intel laptop this year, chances are its hardware
> > is capable of IBT (indirect branch tracking), and OpenBSD now enables
> > this security feature by default.
> >
> > It is very likely that some packages are broken at runtime because
> > they fail to handle IBT. This doesn't show up at build time, so
> > people need to actually run their favorite packages from a snapshot
> > _now_ and need to report SIGILL failures, or those problems will
> > not be fixed in time for the release.
>
> I gave the ports that depend on boost-context a spin, after running into
> issues trying out the Taisei Project update [0].
>
> I used this command to hopefully find all the programs that potentially
> consume boost-context:
>
> sqlite3 /usr/local/share/sqlports <<'_EOF'
> SELECT FullPkgPath FROM PortsQ WHERE
> (BUILD_DEPENDS LIKE '%devel/boost,-md%' OR
> LIB_DEPENDS LIKE '%devel/boost,-md%' OR
> WANTLIB LIKE '%boost_context-mt%') AND
> USE_NOBTCFI IS NULL
> ORDER BY FullPkgPath;
> _EOF
>
> which returned
>
> - games/wesnoth: didn't find issues playing the campaign, nor I found
> any clear usage of boost::context or boost::coroutine grepping the
> code around.
> - net/icinga/core2,-main: didn't find issues running it in foreground
> nor any clear usage of boost::context or boost::coroutine grepping
> the code, other than printing a backtrace (but I get the feeling it
> can be hidden in boost::asio)
> - net/powerdns_recursor: SIGILLs on start. otto@ in cc.
> - sysutils/nix: tbh, I have no clue on how to test it.
>
> Lucas
I can only guess about powerdns_recursor here, ads I do not have a
modern Intel machine: it's the context switch assembly in boot-md. I
have no clue yet how to fix this, I did not follow the IBT
developments closely. Sadly I'll also be leaving for a holiday for a
week this weekend. So I'd be really grateful if somebody else could
take a look at powerdns_recursor and boost-md.
-Otto
No comments:
Post a Comment