OpenBSD Journal

Update on pinsyscalls(2) progress from Theo de Raadt

Contributed by Peter N. M. Hansteen on from the put a pin in the bin dept.

In a message to the tech@ mailing list, Theo de Raadt (deraadt@) gave a summary of progress so far, along with a patch for testing what will likely be the next steps in the process.

The message leads in,

List:       openbsd-tech
Subject:    update on pinsyscalls(2)
From:       "Theo de Raadt" <deraadt () openbsd ! org>
Date:       2023-12-30 18:56:35

The pinsyscalls(2) diff is now much smaller, since many pieces it depends
upon have been commmited.

All the DSO containing system call entries have the proper annotations for
kernel and to do the right thing.
This diff can be applied to a -current system, if people want to play

	cd /usr/src
	make includes   ;; to update sys/proc.h mostly
	build new kernel
	build new libexec/
	build new bin/ps

	- for static binaries, ps will show 'l' to indicate the
	  binary's text segment is doing syscall pinning.
	- for dynamic binaries, ps will show 'l' to indicate that's text segement is doing syscall pinning, and 'L'
	  to indicate's text segment is doing syscal pinning

There's a long tail with this diff.  Perhaps in a release or two when
all binaries are known to follow the pinsyscalls(2) rules, we'll be able
to turn msyscall() and the less powerful pinsyscall(2) into NOPs, and
eventually remove them.

The more precise pinsyscalls(2) check in syscall_mi.h is O(1) but
slightly more expensive than the msyscall(2) check which also is O(1) in
the general case but has a special case when text msyscall-allowed
segments get crossed (such as when doing GOT/PLT resolution, or
signal handlers), then uvm locks occur twice.  But we don't need both.
followed by the patch against -current for those who want to help out by testing the code. If you want to test, you can download the full message here, among other places.

(Comments are closed)

  1. By Anonymous Coward ( on

    Seems like Theo started a new thread so that he didn’t have to acknowledge someone finding a bug in his code.

    original thread:


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]