This is an archive of the discontinued LLVM Phabricator instance.

Differential D112588

[sanitizer] Switch dlsym hack to internal_allocator
ClosedPublic

Authored by vitalybuka on Oct 26 2021, 6:03 PM.

Details

Reviewers
Lekensteyn
nickdesaulniers
xiongji90
MaskRay
hjl.tools
eugenis
morehouse
Commits
rGcb0e14ce6dcd: [sanitizer] Switch dlsym hack to internal_allocator
Summary

Since glibc 2.34, dlsym does

  1. malloc 1
  2. malloc 2
  3. free pointer from malloc 1
  4. free pointer from malloc 2

These sequence was not handled by trivial dlsym hack.

This fixes https://bugs.llvm.org/show_bug.cgi?id=52278

Diff Detail

Event Timeline

hjl.tools requested review of this revision.Oct 26 2021, 6:03 PM
hjl.tools created this revision.
Harbormaster completed remote builds in B130840: Diff 382499.Oct 26 2021, 6:20 PM
hjl.tools updated this revision to Diff 382606.Oct 27 2021, 4:42 AM
Harbormaster completed remote builds in B130916: Diff 382606.Oct 27 2021, 5:01 AM
hjl.tools added reviewers: xiongji90, MaskRay.Oct 27 2021, 9:05 PM
vitalybuka added inline comments.Nov 1 2021, 4:39 PM
compiler-rt/lib/asan/asan_malloc_linux.cpp
79

I realy don't like were we are going. What if we need 3 soon?

Any idea why we can't use internal_allocator()?

if we can't use internal allocator here I propose the following to simplify this.

  1. AllocateFromLocalPool store size at (return value - 1) location.
  2. so DeallocateFromLocalPool can find size from there.
  3. To create byte(or bit) map to mark used words.
  4. AllocateFromLocalPool will use last_dlsym_alloc_size_in_words_index to walkback and find start of unused bytest (or maybe just remove last_dlsym_alloc_size_in_words_index and scan full range)
vitalybuka requested changes to this revision.Nov 3 2021, 12:36 PM
vitalybuka added inline comments.
compiler-rt/lib/asan/asan_malloc_linux.cpp
79

Please let me know if you are going to implement suggested changes.
If if not, you are fixing a real issue, and I will do that myself.

This revision now requires changes to proceed.Nov 3 2021, 12:36 PM
hjl.tools added inline comments.Nov 3 2021, 12:45 PM
compiler-rt/lib/asan/asan_malloc_linux.cpp
79

Please let me know if you are going to implement suggested changes.
If if not, you are fixing a real issue, and I will do that myself.

I am not familiar with the code. Could you please fix it? Thanks.

vitalybuka commandeered this revision.Nov 3 2021, 5:41 PM
vitalybuka edited reviewers, added: hjl.tools; removed: vitalybuka.
This revision now requires review to proceed.Nov 3 2021, 5:41 PM
vitalybuka planned changes to this revision.Nov 3 2021, 5:41 PM
vitalybuka retitled this revision from [sanitizer] Avoid memory leak from dlsym in glibc 2.34 to [sanitizer] Switch to dlsym hack to internal_allocator.Nov 10 2021, 6:10 PM
vitalybuka edited the summary of this revision. (Show Details)
vitalybuka retitled this revision from [sanitizer] Switch to dlsym hack to internal_allocator to [sanitizer] Switch dlsym hack to internal_allocator.
vitalybuka updated this revision to Diff 386392.Nov 10 2021, 6:18 PM

upload

Herald added a project: Restricted Project. · View Herald TranscriptNov 10 2021, 6:18 PM
Herald added subscribers: Restricted Project, abrachet, phosek, mgorny. · View Herald Transcript
vitalybuka added a reviewer: eugenis.Nov 10 2021, 6:19 PM
vitalybuka added a reviewer: morehouse.
vitalybuka updated this revision to Diff 386394.Nov 10 2021, 6:36 PM

remove global

Harbormaster completed remote builds in B133640: Diff 386394.Nov 10 2021, 6:52 PM
morehouse accepted this revision.Nov 11 2021, 3:27 PM
morehouse added inline comments.
compiler-rt/lib/memprof/memprof_malloc_linux.cpp
37 ↗(On Diff #386394)

Shouldn't this be GET_STACK_TRACE_MALLOC?

This revision is now accepted and ready to land.Nov 11 2021, 3:27 PM
eugenis added inline comments.Nov 11 2021, 3:38 PM
compiler-rt/lib/asan/asan_malloc_linux.cpp
146

Why do we need to specialize ReallocImpl? And do we even need stack traces here?

vitalybuka updated this revision to Diff 386756.Nov 12 2021, 1:01 AM
vitalybuka marked 2 inline comments as done.

Add root region hooks

Harbormaster completed remote builds in B133887: Diff 386756.Nov 12 2021, 1:23 AM
vitalybuka added inline comments.Nov 12 2021, 10:20 AM
compiler-rt/lib/asan/asan_malloc_linux.cpp
67

This one is annoying. To keep behavioral closer to original I use root regions.
What I see is that "dlsym hack" allocations contains pointers to later regular dlerror allocations.

it would be nice to investigate if dlerror is special. If so we can remove regions in followup patches
and add dlerror interceptors to lsan and asan.

eugenis added inline comments.Nov 12 2021, 3:34 PM
compiler-rt/lib/sanitizer_common/sanitizer_allocator_dlsym.h
67 ↗(On Diff #386756)

I'd rather call OnFree(p) before deallocating, even if it does not matter for lsan.
Or does it?

vitalybuka added inline comments.Nov 12 2021, 3:37 PM
compiler-rt/lib/sanitizer_common/sanitizer_allocator_dlsym.h
67 ↗(On Diff #386756)

we do on like 52

vitalybuka added inline comments.Nov 12 2021, 3:40 PM
compiler-rt/lib/sanitizer_common/sanitizer_allocator_dlsym.h
67 ↗(On Diff #386756)

if the question about Details::OnAllocate Details::OnFree order then
the point to keep at least one of buffers, ptr or new_ptr, in lsan roots.

vitalybuka updated this revision to Diff 386973.Nov 12 2021, 4:01 PM

redo Realloc

eugenis accepted this revision.Nov 12 2021, 4:03 PM

LGTM

This revision was landed with ongoing or failed builds.Nov 12 2021, 4:11 PM
Closed by commit rGcb0e14ce6dcd: [sanitizer] Switch dlsym hack to internal_allocator (authored by vitalybuka). · Explain Why
This revision was automatically updated to reflect the committed changes.
vitalybuka added a commit: rGcb0e14ce6dcd: [sanitizer] Switch dlsym hack to internal_allocator.
Harbormaster completed remote builds in B134052: Diff 386973.Nov 12 2021, 5:47 PM
hauhsu mentioned this in D152990: [RISCV][sanitizer] Set SANITIZER_MMAP_RANGE_SIZE for sv57.Jul 30 2023, 10:31 PM

Revision Contents

PathSize
compiler-rt/
lib/
asan/
62 lines

Diff 382606

compiler-rt/lib/asan/asan_malloc_linux.cpp

Show All 23 Lines
# include "sanitizer_common/sanitizer_allocator_checks.h" # include "sanitizer_common/sanitizer_allocator_checks.h"
# include "sanitizer_common/sanitizer_errno.h" # include "sanitizer_common/sanitizer_errno.h"
# include "sanitizer_common/sanitizer_tls_get_addr.h" # include "sanitizer_common/sanitizer_tls_get_addr.h"
// ---------------------- Replacement functions ---------------- {{{1 // ---------------------- Replacement functions ---------------- {{{1
using namespace __asan; using namespace __asan;
static uptr allocated_for_dlsym; static uptr allocated_for_dlsym;
static uptr last_dlsym_alloc_size_in_words; static uptr last_dlsym_alloc_size_in_words[2];
const void *last_dlsym_alloc[2];
static int last_dlsym_alloc_size_in_words_index = -1;
const void *last_freed_dlsym_alloc;
static const uptr kDlsymAllocPoolSize = 1024; static const uptr kDlsymAllocPoolSize = 1024;
static uptr alloc_memory_for_dlsym[kDlsymAllocPoolSize]; static uptr alloc_memory_for_dlsym[kDlsymAllocPoolSize];
static inline bool IsInDlsymAllocPool(const void *ptr) { static inline bool IsInDlsymAllocPool(const void *ptr) {
uptr off = (uptr)ptr - (uptr)alloc_memory_for_dlsym; uptr off = (uptr)ptr - (uptr)alloc_memory_for_dlsym;
return off < allocated_for_dlsym * sizeof(alloc_memory_for_dlsym[0]); return off < allocated_for_dlsym * sizeof(alloc_memory_for_dlsym[0]);
} }
static void *AllocateFromLocalPool(uptr size_in_bytes) { static void *AllocateFromLocalPool(uptr size_in_bytes) {
uptr size_in_words = RoundUpTo(size_in_bytes, kWordSize) / kWordSize; uptr size_in_words = RoundUpTo(size_in_bytes, kWordSize) / kWordSize;
void *mem = (void*)&alloc_memory_for_dlsym[allocated_for_dlsym]; void *mem = (void*)&alloc_memory_for_dlsym[allocated_for_dlsym];
last_dlsym_alloc_size_in_words = size_in_words; last_dlsym_alloc_size_in_words_index++;
last_dlsym_alloc_size_in_words_index &= 1;
last_dlsym_alloc_size_in_words[last_dlsym_alloc_size_in_words_index] =
size_in_words;
last_dlsym_alloc[last_dlsym_alloc_size_in_words_index] = mem;
allocated_for_dlsym += size_in_words; allocated_for_dlsym += size_in_words;
CHECK_LT(allocated_for_dlsym, kDlsymAllocPoolSize); CHECK_LT(allocated_for_dlsym, kDlsymAllocPoolSize);
return mem; return mem;
} }
static void DeallocateFromLocalPool(const void *ptr) { static void DeallocateFromLocalPool(const void *ptr) {
// Hack: since glibc 2.27 dlsym no longer uses stack-allocated memory to store // Hack: since glibc 2.27 dlsym no longer uses stack-allocated memory to store
// error messages and instead uses malloc followed by free. To avoid pool // error messages and instead uses malloc followed by free. To avoid pool
// exhaustion due to long object filenames, handle that special case here. // exhaustion due to long object filenames, handle that special case here.
uptr prev_offset = allocated_for_dlsym - last_dlsym_alloc_size_in_words; uptr prev_dlsym_alloc_size_in_words;
void *prev_mem = (void*)&alloc_memory_for_dlsym[prev_offset]; uptr prev_offset;
void *prev_mem;
if (last_dlsym_alloc_size_in_words_index == 0) {
prev_dlsym_alloc_size_in_words = last_dlsym_alloc_size_in_words[0];
prev_offset = allocated_for_dlsym - prev_dlsym_alloc_size_in_words;
prev_mem = (void *)&alloc_memory_for_dlsym[prev_offset];
vitalybukaAuthorUnsubmitted
Done
ReplyInline Actions

This one is annoying. To keep behavioral closer to original I use root regions.
What I see is that "dlsym hack" allocations contains pointers to later regular dlerror allocations.

it would be nice to investigate if dlerror is special. If so we can remove regions in followup patches
and add dlerror interceptors to lsan and asan.

vitalybuka: This one is annoying. To keep behavioral closer to original I use root regions. What I see is…
if (prev_mem == ptr) { if (prev_mem == ptr) {
REAL(memset)(prev_mem, 0, last_dlsym_alloc_size_in_words * kWordSize); REAL(memset)(prev_mem, 0, prev_dlsym_alloc_size_in_words * kWordSize);
allocated_for_dlsym = prev_offset; allocated_for_dlsym = prev_offset;
last_dlsym_alloc_size_in_words = 0; last_dlsym_alloc_size_in_words[0] = 0;
last_dlsym_alloc[0] = nullptr;
last_dlsym_alloc_size_in_words_index = -1;
last_freed_dlsym_alloc = nullptr;
return;
}
} }
if (last_dlsym_alloc_size_in_words_index == 1) {
vitalybukaAuthorUnsubmitted
Not Done
ReplyInline Actions

I realy don't like were we are going. What if we need 3 soon?

Any idea why we can't use internal_allocator()?

if we can't use internal allocator here I propose the following to simplify this.

  1. AllocateFromLocalPool store size at (return value - 1) location.
  2. so DeallocateFromLocalPool can find size from there.
  3. To create byte(or bit) map to mark used words.
  4. AllocateFromLocalPool will use last_dlsym_alloc_size_in_words_index to walkback and find start of unused bytest (or maybe just remove last_dlsym_alloc_size_in_words_index and scan full range)
vitalybuka: I realy don't like were we are going. What if we need 3 soon? Any idea why we can't use…
vitalybukaAuthorUnsubmitted
Not Done
ReplyInline Actions

Please let me know if you are going to implement suggested changes.
If if not, you are fixing a real issue, and I will do that myself.

vitalybuka: Please let me know if you are going to implement suggested changes. If if not, you are fixing a…
hjl.toolsUnsubmitted
Done
ReplyInline Actions

Please let me know if you are going to implement suggested changes.
If if not, you are fixing a real issue, and I will do that myself.

I am not familiar with the code. Could you please fix it? Thanks.

hjl.tools: > Please let me know if you are going to implement suggested changes. > If if not, you are…
// Hack: Since glibc 2.34, dlsym does
// 1. malloc 1
// 2. malloc 2
// 3. free pointer from malloc 1
// 4. free pointer from malloc 2
// Free memory from malloc 1 and malloc 2 together.
if (last_freed_dlsym_alloc == last_dlsym_alloc[0] &&
ptr == last_dlsym_alloc[1]) {
prev_dlsym_alloc_size_in_words =
last_dlsym_alloc_size_in_words[0] + last_dlsym_alloc_size_in_words[1];
prev_offset = allocated_for_dlsym - prev_dlsym_alloc_size_in_words;
void *prev_mem = (void *)&alloc_memory_for_dlsym[prev_offset];
if (prev_mem == last_freed_dlsym_alloc) {
REAL(memset)(prev_mem, 0, prev_dlsym_alloc_size_in_words * kWordSize);
allocated_for_dlsym = prev_offset;
last_dlsym_alloc_size_in_words[0] = 0;
last_dlsym_alloc_size_in_words[1] = 0;
last_dlsym_alloc[0] = nullptr;
last_dlsym_alloc[1] = nullptr;
last_dlsym_alloc_size_in_words_index = -1;
last_freed_dlsym_alloc = nullptr;
return;
}
}
}
last_freed_dlsym_alloc = ptr;
} }
static int PosixMemalignFromLocalPool(void **memptr, uptr alignment, static int PosixMemalignFromLocalPool(void **memptr, uptr alignment,
uptr size_in_bytes) { uptr size_in_bytes) {
if (UNLIKELY(!CheckPosixMemalignAlignment(alignment))) if (UNLIKELY(!CheckPosixMemalignAlignment(alignment)))
return errno_EINVAL; return errno_EINVAL;
CHECK(alignment >= kWordSize); CHECK(alignment >= kWordSize);
Show All 23 Linesstatic void *ReallocFromLocalPool(void *ptr, uptr size) {
const uptr offset = (uptr)ptr - (uptr)alloc_memory_for_dlsym; const uptr offset = (uptr)ptr - (uptr)alloc_memory_for_dlsym;
const uptr copy_size = Min(size, kDlsymAllocPoolSize - offset); const uptr copy_size = Min(size, kDlsymAllocPoolSize - offset);
void *new_ptr; void *new_ptr;
if (UNLIKELY(UseLocalPool())) { if (UNLIKELY(UseLocalPool())) {
new_ptr = AllocateFromLocalPool(size); new_ptr = AllocateFromLocalPool(size);
} else { } else {
ENSURE_ASAN_INITED(); ENSURE_ASAN_INITED();
GET_STACK_TRACE_MALLOC; GET_STACK_TRACE_MALLOC;
new_ptr = asan_malloc(size, &stack); new_ptr = asan_malloc(size, &stack);
eugenisUnsubmitted
Done
ReplyInline Actions

Why do we need to specialize ReallocImpl? And do we even need stack traces here?

eugenis: Why do we need to specialize ReallocImpl? And do we even need stack traces here?
} }
internal_memcpy(new_ptr, ptr, copy_size); internal_memcpy(new_ptr, ptr, copy_size);
return new_ptr; return new_ptr;
} }
INTERCEPTOR(void, free, void *ptr) { INTERCEPTOR(void, free, void *ptr) {
if (UNLIKELY(IsInDlsymAllocPool(ptr))) { if (UNLIKELY(IsInDlsymAllocPool(ptr))) {
DeallocateFromLocalPool(ptr); DeallocateFromLocalPool(ptr);
▲ Show 20 LinesShow All 183 LinesShow Last 20 Lines