unsplit this line?

Perhaps apply the same way to explain that there is the elfctl flag for the binary, as was used for ASLR?

It is the next sentence.

un-split the line

I would not say that dumping core is abnormal exit, but perhaps my view is too kernel-focused. Also, wouldn't this open question about dumping core in other cases? (I know that there is no other cases, but it makes an impression for reader).

It does not disable signal delivery, it only stops delivering the SIGTRAP described above.

Might be the 'end' needs some explanation.
It is bottom for grow-down, and top for grow-up.

backed

un-split

The issue here is that it's more like:

If this control is enabled, the prot argument to mmap(2) is not PROT_NONE, and the elfctl(1) noprotomax flag is not set, the implicit protection is equal...

That is, in code it's:

 if (x || y || z)
    maxprot = _PROT_ALL;
else
    maxprot = prot;

That said, maybe it's worth reworking this a bit further to first identify the two cases (RWX vs == prot) and then outline when those cases are used.

Hmm, why the leading \? I wasn't aware of needing that (and there are several other "-1" literals in this file I'll need to fix if so).

Hmmm, I guess PT_COREDUMP is already covered by ptrace(2) (that is another case of coredumps that is presumably also prevented by this control though it is implicit by blocking PT_ATTACH). It is true that for a userspace programmer using this API, "abnormal exit" is redundant with a core dump so I can drop that part.

Yes, I will add an explicit SIGTRAP to clarify.

I think "the end of the growth area" is sufficient. I'm not sure we have any stacks that grow up on FreeBSD after the removal of ia64?

Yes, each access raises a synchronous signal. I can maybe make that a bit more explicit.

I wonder if it is worth adding a note up above about ASLR and just saying "ASLR support was added" here. The other note might read something like:

ASLR support provides minimal security in practice as it is based on secrets and is non-deterministic and comes at the cost of address space fragmentation.

One could also perhaps say that ASLR makes debugging harder, but I think that's not really true anymore for the most part? Is there any performance overhead from having PIE binaries instead of PDE binaries?

In the Heirloom troff user manual, 2. Font and Character Size Control 2.1. Character set.

ASCII Input             Character
−                          minus
Printed by troff      Character
–                         hyphen
The characters ´, `, and – may be input by \´, \`, and \– respectively or by their names.

s/end/bottom/. Apparently, grow-up stacks are not exposed to userspace.

Since I didn't change these lines at all I was planning to leave it alone to avoid adding noise in the diff.

I believe that is true, yes. However, you can use MAP_GUARD for a mapping you can't upgrade protections on via mprotect(2) alone (you have to install a new mapping via mmap(2) with MAP_FIXED).

So maybe just "A stack gap is one or more virtual pages at the bottom of a MAP_STACK mapped region..."?

Can be a separate commit in the series.

Sounds good. Do we all agree that addresses grow from smaller to larger, up?

Might be 'at the bottom (lower address) of a MAP_STACK...'

The larger world of computer science does not agree and uses top/bottom for both ends at times (in particular non-call stacks tend to use top as the newest item). In some ways "end of the growth area" is probably clearer and less ambiguous than either "top" or "bottom".

I am fine with any wording you prefer there.