Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allow to compile go and go14 without COMPAT_FREEBSD32 and COMPAT_FREEBSD10 #17267

Closed
opntr opened this issue Sep 28, 2016 · 4 comments
Closed

Comments

@opntr
Copy link

opntr commented Sep 28, 2016

What version of Go are you using (go version)?

op@opn /tmp> /usr/local/go14/bin/go version
go version go1.4.3 freebsd/amd64
op@opn /tmp> go version
go version go1.7.1 freebsd/amd64
op@opn /tmp>

What operating system and processor architecture are you using (go env)?

op@opn /tmp> go env
GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="freebsd"
GOOS="freebsd"
GOPATH=""
GORACE=""
GOROOT="/usr/local/go"
GOTOOLDIR="/usr/local/go/pkg/tool/freebsd_amd64"
CC="cc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build207787082=/tmp/go-build -gno-record-gcc-switches"
CXX="clang++"
CGO_ENABLED="1"

What did you do?

PoC-ed a working version on FreeBSD 11 without COMPAT_FREEBSD32 and COMPAT_FREEBSD10 in our kernel.

What did you expect to see?

Expected output will the compiled go on FreeBSD 10+ without COMPAT_FREEBSD32 (32 bit compatibility layer on x86-64) and without COMPAT_FREEBSD10 (FreeBSD 10 compatibility layer on FreeBSD 11+ system, this removes the old pipe implementation and only pipe2 exists in the kernel)

What did you see instead?

See the attached "dirty" patches as PoC.

XREF: https://github.com/HardenedBSD/hardenedbsd-ports/issues/30

0001-HBSD-make-it-compilable-without-COMPAT_FREEBSD32.patch.txt
0002-HBSD-make-go-compilable-without-COMPAT_FREEBSD10.patch.txt

@opntr
Copy link
Author

opntr commented Sep 28, 2016

Is there any chance to MFC (cherry-pick) the patch from the #9627 issue to go 1.4 officially?

@bradfitz
Copy link
Contributor

@opntr, very unlikely. We only maintain the past release (Go 1.7) for critical bugs, and only the past two (Go 1.6 and Go 1.7) for security issues. Go 1.4 is very old. The only reason we'd patch it is for bootstrapping problems.

Did FreeBSD change their default to no longer accept INT80 system calls? If not, and that's just your choice, we'll ask that you care the Go patches yourselves, or in the FreeBSD ports.

@opntr
Copy link
Author

opntr commented Sep 28, 2016

The official FreeBSD keeps the COMPAT_FREEBSD32 in their kernel config, but in HardenedBSD removed them by default. We can live with patched go14 in our ports tree, but when this change is in upstream, then it's even better.

The go1.4 have a special role in FreeBSD / HardenedBSD world, it is used as bootstrap compiler to compile newer GOs on these systems, and one the go1.4 isn't buildable, then we can't build the newest go anymore.
That's why I asking the MFC of the mentioned commit.

The issue what's the basis of the int 80h change is already fixed in all of the currently supported FreeBSD version, as you can see on the https://www.freebsd.org/security/security.html#sup page.

@bradfitz
Copy link
Contributor

I sympathize with your position for bootstrapping reasons, but HardenedBSD is not a supported OS for Go at the moment. (See https://golang.org/wiki/PortingPolicy)

You'll have to carry the Go 1.4 patches in your ports collection for now.

If FreeBSD ever changes their defaults, we might consider a 1.4.x update then. We've never done such a 1.4 update but we're planning one soon for #16352

@golang golang locked and limited conversation to collaborators Sep 28, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants