This is an archive of the discontinued LLVM Phabricator instance.

Differential D110888

[compiler-rt][scudo] Check for failing prctl call
ClosedPublic

Authored by leonardchan on Sep 30 2021, 3:30 PM.

Details

Reviewers
phosek
cryptoad
pcc
eugenis
Commits
rG993555beb8ff: [compiler-rt][scudo] Check for failing prctl call
Summary

A bunch of MTE tests like ./ScudoUnitTest-aarch64-Test/MemtagTest.StoreTags can fail on aarch64-linux if the kernel doesn't support TBI. It looks like the call to prctl(PR_GET_TAGGED_ADDR_CTRL, 0, 0, 0, 0) can return -1, which casted to an unsigned int and masked will return a value not equal to PR_MTE_TCF_NONE, meaning systemDetectsMemoryTagFaultsTestOnly can return an incorrect value.

This updates the check to account for a failing prctl call.

Diff Detail

Event Timeline

leonardchan created this revision.Sep 30 2021, 3:30 PM
Herald added subscribers: kristof.beyls, dberris. · View Herald TranscriptSep 30 2021, 3:30 PM
leonardchan requested review of this revision.Sep 30 2021, 3:30 PM
Herald added a project: Restricted Project. · View Herald TranscriptSep 30 2021, 3:30 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
leonardchan added reviewers: pcc, eugenis.Sep 30 2021, 3:31 PM
leonardchan mentioned this in D110889: [clang][Fuchsia] Add -DSCUDO_DISABLE_TBI to test flags.Sep 30 2021, 3:33 PM
pcc added a comment.Sep 30 2021, 4:08 PM

Please remember to upload patches with context: https://llvm.org/docs/Phabricator.html#requesting-a-review-via-the-web-interface

The tests in MemtagTests are meant to be skipped if the hardware doesn't support MTE (see the top of MemtagTest::SetUp()). Is that not working for you?

I don't think you should normally need to be defining SCUDO_DISABLE_TBI because it's controlled by the operating system, and all arm64 Linux systems that we normally care about support TBI. I figured that you were maybe trying to run these tests on Fuchsia, but then I noticed that memtag_test.cpp is wrapped in an #if SCUDO_LINUX, so I'm not sure why you're running into an issue. Are you trying to run these tests on arm64 non-Android Linux? Maybe the GTEST_SKIP() isn't working correctly for you for some reason?

compiler-rt/lib/scudo/standalone/memtag.h
21

Can we change this to:

#if (__clang_major__ >= 12 && defined(__aarch64__) && SCUDO_LINUX && !defined(SCUDO_DISABLE_TBI)) || defined(SCUDO_FUZZ)

and remove the #if on line 26 instead? (This is orthogonal to your issue though.)

leonardchan added a comment.Sep 30 2021, 5:40 PM
In D110888#3035193, @pcc wrote:

Please remember to upload patches with context: https://llvm.org/docs/Phabricator.html#requesting-a-review-via-the-web-interface

The tests in MemtagTests are meant to be skipped if the hardware doesn't support MTE (see the top of MemtagTest::SetUp()). Is that not working for you?

I don't think you should normally need to be defining SCUDO_DISABLE_TBI because it's controlled by the operating system, and all arm64 Linux systems that we normally care about support TBI. I figured that you were maybe trying to run these tests on Fuchsia, but then I noticed that memtag_test.cpp is wrapped in an #if SCUDO_LINUX, so I'm not sure why you're running into an issue. Are you trying to run these tests on arm64 non-Android Linux? Maybe the GTEST_SKIP() isn't working correctly for you for some reason?

I'm attempting to run host-linux runtimes tests. We weren't running them before and this is the first time we're trying it. We just happen to run into these test failures when turning them on before. But I think I found out the underlying issue: prctl(PR_GET_TAGGED_ADDR_CTRL, 0, 0, 0, 0) (in systemDetectsMemoryTagFaultsTestOnly) can return -1 if TBI isn't supported according to https://man7.org/linux/man-pages/man2/prctl.2.html, and this seems to be the case for us. The -1 is cast to an unsigned long and masked, then systemDetectsMemoryTagFaultsTestOnly ends up returning true when comparing a non-zero value after masking. I think the proper fix might be to just account for the -1 result. I'll update the patch later.

pcc added a comment.Sep 30 2021, 6:06 PM
In D110888#3035297, @leonardchan wrote:
In D110888#3035193, @pcc wrote:

Please remember to upload patches with context: https://llvm.org/docs/Phabricator.html#requesting-a-review-via-the-web-interface

The tests in MemtagTests are meant to be skipped if the hardware doesn't support MTE (see the top of MemtagTest::SetUp()). Is that not working for you?

I don't think you should normally need to be defining SCUDO_DISABLE_TBI because it's controlled by the operating system, and all arm64 Linux systems that we normally care about support TBI. I figured that you were maybe trying to run these tests on Fuchsia, but then I noticed that memtag_test.cpp is wrapped in an #if SCUDO_LINUX, so I'm not sure why you're running into an issue. Are you trying to run these tests on arm64 non-Android Linux? Maybe the GTEST_SKIP() isn't working correctly for you for some reason?

I'm attempting to run host-linux runtimes tests. We weren't running them before and this is the first time we're trying it. We just happen to run into these test failures when turning them on before. But I think I found out the underlying issue: prctl(PR_GET_TAGGED_ADDR_CTRL, 0, 0, 0, 0) (in systemDetectsMemoryTagFaultsTestOnly) can return -1 if TBI isn't supported according to https://man7.org/linux/man-pages/man2/prctl.2.html, and this seems to be the case for us. The -1 is cast to an unsigned long and masked, then systemDetectsMemoryTagFaultsTestOnly ends up returning true when comparing a non-zero value after masking. I think the proper fix might be to just account for the -1 result. I'll update the patch later.

Ah, that could explain it. I don't think the issue is that TBI isn't supported (it's always been supported on Linux going back to 2013 or so), it's that the tagged address ABI isn't supported in your kernel. The support for the tagged address ABI was first introduced in kernel version 5.4, but it was backported quite far back on Android , so I guess we never noticed this issue because we never ran the tests on a machine that didn't have them backported. Checking for the -1 return value seems like the right fix to me, thanks.

leonardchan updated this revision to Diff 376950.Oct 4 2021, 11:11 AM
leonardchan retitled this revision from [compiler-rt][scudo] Move !defined(SCUDO_DISABLE_TBI) check to [compiler-rt][scudo] Check for failing prctl call.
leonardchan edited the summary of this revision. (Show Details)
leonardchan added inline comments.Oct 4 2021, 11:15 AM
compiler-rt/lib/scudo/standalone/memtag.h
21

Made D111080 for this.

Harbormaster completed remote builds in B126865: Diff 376950.Oct 4 2021, 11:29 AM
pcc accepted this revision.Oct 4 2021, 12:00 PM

LGTM

s/TBI/the tagged address ABI/ in the commit message.

This revision is now accepted and ready to land.Oct 4 2021, 12:00 PM
Closed by commit rG993555beb8ff: [compiler-rt][scudo] Check for failing prctl call (authored by leonardchan). · Explain WhyOct 4 2021, 1:14 PM
This revision was automatically updated to reflect the committed changes.
leonardchan added a commit: rG993555beb8ff: [compiler-rt][scudo] Check for failing prctl call.

Revision Contents

PathSize
compiler-rt/
lib/
scudo/
standalone/
7 lines

Diff 377018

compiler-rt/lib/scudo/standalone/memtag.h

Show All 12 Lines
#if SCUDO_LINUX #if SCUDO_LINUX
#include <sys/auxv.h> #include <sys/auxv.h>
#include <sys/prctl.h> #include <sys/prctl.h>
#endif #endif
namespace scudo { namespace scudo {
#if (__clang_major__ >= 12 && defined(__aarch64__)) || defined(SCUDO_FUZZ) #if (__clang_major__ >= 12 && defined(__aarch64__)) || defined(SCUDO_FUZZ)
pccUnsubmitted
Not Done
ReplyInline Actions

Can we change this to:

#if (__clang_major__ >= 12 && defined(__aarch64__) && SCUDO_LINUX && !defined(SCUDO_DISABLE_TBI)) || defined(SCUDO_FUZZ)

and remove the #if on line 26 instead? (This is orthogonal to your issue though.)

pcc: Can we change this to: ``` #if (__clang_major__ >= 12 && defined(__aarch64__) && SCUDO_LINUX &&…
leonardchanAuthorUnsubmitted
Done
ReplyInline Actions

Made D111080 for this.

leonardchan: Made D111080 for this.
// We assume that Top-Byte Ignore is enabled if the architecture supports memory // We assume that Top-Byte Ignore is enabled if the architecture supports memory
// tagging. Not all operating systems enable TBI, so we only claim architectural // tagging. Not all operating systems enable TBI, so we only claim architectural
// support for memory tagging if the operating system enables TBI. // support for memory tagging if the operating system enables TBI.
#if SCUDO_LINUX && !defined(SCUDO_DISABLE_TBI) #if SCUDO_LINUX && !defined(SCUDO_DISABLE_TBI)
inline constexpr bool archSupportsMemoryTagging() { return true; } inline constexpr bool archSupportsMemoryTagging() { return true; }
#else #else
inline constexpr bool archSupportsMemoryTagging() { return false; } inline constexpr bool archSupportsMemoryTagging() { return false; }
▲ Show 20 LinesShow All 56 Lines▼ Show 20 Lines
#define PR_MTE_TCF_NONE (0UL << PR_MTE_TCF_SHIFT) #define PR_MTE_TCF_NONE (0UL << PR_MTE_TCF_SHIFT)
#endif #endif
#ifndef PR_MTE_TCF_SYNC #ifndef PR_MTE_TCF_SYNC
#define PR_MTE_TCF_SYNC (1UL << PR_MTE_TCF_SHIFT) #define PR_MTE_TCF_SYNC (1UL << PR_MTE_TCF_SHIFT)
#endif #endif
#ifndef PR_MTE_TCF_MASK #ifndef PR_MTE_TCF_MASK
#define PR_MTE_TCF_MASK (3UL << PR_MTE_TCF_SHIFT) #define PR_MTE_TCF_MASK (3UL << PR_MTE_TCF_SHIFT)
#endif #endif
return (static_cast<unsigned long>( int res = prctl(PR_GET_TAGGED_ADDR_CTRL, 0, 0, 0, 0);
prctl(PR_GET_TAGGED_ADDR_CTRL, 0, 0, 0, 0)) & if (res == -1)
PR_MTE_TCF_MASK) != PR_MTE_TCF_NONE; return false;
return (static_cast<unsigned long>(res) & PR_MTE_TCF_MASK) != PR_MTE_TCF_NONE;
} }
inline void enableSystemMemoryTaggingTestOnly() { inline void enableSystemMemoryTaggingTestOnly() {
prctl(PR_SET_TAGGED_ADDR_CTRL, prctl(PR_SET_TAGGED_ADDR_CTRL,
PR_TAGGED_ADDR_ENABLE | PR_MTE_TCF_SYNC | (0xfffe << PR_MTE_TAG_SHIFT), PR_TAGGED_ADDR_ENABLE | PR_MTE_TCF_SYNC | (0xfffe << PR_MTE_TAG_SHIFT),
0, 0, 0); 0, 0, 0);
} }
▲ Show 20 LinesShow All 224 LinesShow Last 20 Lines