Page MenuHomePhabricator

sanitizer_common: use permanent pipes for checking memory ranges
Needs ReviewPublic

Authored by azat on Jul 22 2021, 12:50 PM.
This revision needs review, but there are no reviewers specified.

Details

Reviewers
None
Summary

Otherwise if RLIMIT_NOFILE exceeds the UBsan reports false-positive
reports, because it cannot correctly check types:

pipe() <-- fails on EMFILE and IsAccessibleMemoryRange() returns false
__sanitizer::IsAccessibleMemoryRange(unsigned long, unsigned long)
__ubsan::checkDynamicType(void*, void*, unsigned long) + 271
HandleDynamicTypeCacheMiss(__ubsan::DynamicTypeCacheMissData*, unsigned long, unsigned long, __ubsan::ReportOptions) + 34
__ubsan_handle_dynamic_type_cache_miss_abort + 58

But there are some issues with this patch, first of all it will leave
pair of file descriptors in each thread, although it initialize them
lazily.
Another option is to simply ignore pipe() error, i.e. return true from
IsAccessibleMemoryRange() instead of false (like was before this patch).

And also it uses global destructor, and there is a compile warning
(although I saw other places in compiler-rt that does this, i.e.
compiler-rt/lib/asan/asan_posix.cpp).
But, if this is not a good thing to go, this can be fixed by using some
initialize and destructor.

v2: tried /dev/null
v3: read data from pipe to avoid stall
v4: add a test for pipe capacity exceed
v5: thread local
v6: test with RLIMIT_NOFILE
v7: ignore unavailable pipe errors

Diff Detail

Event Timeline

azat requested review of this revision.Jul 22 2021, 12:50 PM
azat created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptJul 22 2021, 12:50 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript

Please clang-format

Would you be able to create lit-test case which demonstrates RLIMIT_NOFILE problem?

azat added a comment.Jul 22 2021, 1:51 PM

Please clang-format

@vitalybuka I've created the diff by intention w/ --nolint option since the difference was too huge (and even code around was touched in the test files, in particular list of includes), so I though that clang-format does not properly configured, but OK I will resubmit with clang-format applied.

Would you be able to create lit-test case which demonstrates RLIMIT_NOFILE problem?

Sure, it is already there, take a look at IsAccessibleMemoryRange_NOFILE test.

azat updated this revision to Diff 360961.Jul 22 2021, 1:54 PM

Run clang-format

azat updated this revision to Diff 360967.Jul 22 2021, 2:11 PM

Run clang-format (via git clang-format instead of arc --lint, since later is not complete)