This is an archive of the discontinued LLVM Phabricator instance.

Differential D113328

[msan] Block signals in MsanThread::Init
ClosedPublic

Authored by vitalybuka on Nov 5 2021, 8:00 PM.

Details

Reviewers
eugenis
browneee
Commits
rGf2c2292fa801: [msan] Block signals in MsanThread::Init
Summary

If async signal handler called when we MsanThread::Init
signal handler may trigger false reports.
I failed to reproduce this locally for a test.

Diff Detail

Unit TestsFailed

TimeTest
37,990 msx64 debian > libFuzzer.libFuzzer::entropic-scale-per-exec-time.test

Event Timeline

vitalybuka requested review of this revision.Nov 5 2021, 8:00 PM
vitalybuka created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptNov 5 2021, 8:00 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
Harbormaster completed remote builds in B132802: Diff 385224.Nov 5 2021, 8:16 PM
eugenis added a comment.Nov 8 2021, 11:28 AM

What if the signal arrives before MsanThread::Init?
This is what bionic does for hwasan: https://android-review.googlesource.com/c/platform/bionic/+/1134990/

vitalybuka updated this revision to Diff 385632.Nov 8 2021, 2:19 PM

better version

vitalybuka added a comment.Nov 8 2021, 2:20 PM
In D113328#3116305, @eugenis wrote:

What if the signal arrives before MsanThread::Init?
This is what bionic does for hwasan: https://android-review.googlesource.com/c/platform/bionic/+/1134990/

thanks, done!

vitalybuka planned changes to this revision.Nov 8 2021, 2:20 PM
browneee added a subscriber: browneee.Nov 8 2021, 2:37 PM
browneee added inline comments.
compiler-rt/lib/msan/msan_thread.cpp
25

Would the same fix be applicable for DFSan?
https://github.com/llvm/llvm-project/blob/443820179a849eac6ddb5cbf0ba5cc7bbc42e2d2/compiler-rt/lib/dfsan/dfsan_thread.cpp#L21

Harbormaster completed remote builds in B133120: Diff 385632.Nov 8 2021, 2:47 PM
eugenis added inline comments.Nov 8 2021, 3:11 PM
compiler-rt/lib/msan/msan_thread.cpp
25

I think so. We need to prevent signals from running on the new thread stack and tls before they are ready. Another option would be to always allocate stacks for threads ourselves in the parent thread, but the current approach is simpler.

Not sure about including <signal.h> here. It should go in msan_linux.cpp, or even in sanitizer_common_posix.cpp if it was reused in dfsan.

compiler-rt/lib/msan/msan_thread.h
72

starting_sigset_ or something like that

vitalybuka updated this revision to Diff 385678.Nov 8 2021, 7:04 PM

update

Harbormaster completed remote builds in B133153: Diff 385678.Nov 8 2021, 7:11 PM
vitalybuka updated this revision to Diff 385683.Nov 8 2021, 7:23 PM

rebase

vitalybuka added a child revision: D113454: [dfsan] Dfsan version of D113328.Nov 8 2021, 7:23 PM
vitalybuka added a reviewer: browneee.Nov 8 2021, 7:24 PM
vitalybuka added a parent revision: D113452: [NFC][sanitizer] Extract ScopedBlockSignals.
Harbormaster completed remote builds in B133157: Diff 385683.Nov 8 2021, 7:27 PM
vitalybuka updated this revision to Diff 385688.Nov 8 2021, 7:41 PM
vitalybuka marked an inline comment as done.

rebase

Harbormaster completed remote builds in B133162: Diff 385688.Nov 8 2021, 8:14 PM
eugenis accepted this revision.Nov 9 2021, 5:23 PM

LGTM

compiler-rt/lib/msan/msan_interceptors.cpp
1055 ↗(On Diff #385688)

I'd prefer an API where the save location is passed as a construction argument.

ScopedBlockSignals block(&t->starting_sigset_);

Or change the API to explicit block() and release() and move the entire object to MsanThread (call release in the parent and the child explicitly). That way MSanThread does not need to know about __sanitizer_sigset_t.

Anyway, it's just an aesthetic preference. Up to you.

This revision is now accepted and ready to land.Nov 9 2021, 5:23 PM
vitalybuka updated this revision to Diff 386030.Nov 9 2021, 6:23 PM
vitalybuka marked an inline comment as done.

rebase

This revision was landed with ongoing or failed builds.Nov 9 2021, 6:24 PM
Closed by commit rGf2c2292fa801: [msan] Block signals in MsanThread::Init (authored by vitalybuka). · Explain Why
This revision was automatically updated to reflect the committed changes.
vitalybuka added a commit: rGf2c2292fa801: [msan] Block signals in MsanThread::Init.
Harbormaster completed remote builds in B133397: Diff 386030.Nov 9 2021, 6:57 PM
thakis added a subscriber: thakis.Dec 3 2021, 8:23 AM

FYI, this broke running tests in sandboxes processes with msan for us (https://crbug.com/1276113). We're still looking into options, but here's an early heads-up.

(…mostly in case others bisect something to this change.)

hans mentioned this in D115057: [msan] Don't block SIGSYS in ScopedBlockSignals.Dec 3 2021, 11:26 AM
hans added a subscriber: hans.
In D113328#3169901, @thakis wrote:

FYI, this broke running tests in sandboxes processes with msan for us (https://crbug.com/1276113). We're still looking into options, but here's an early heads-up.

(…mostly in case others bisect something to this change.)

Here's a fix: https://reviews.llvm.org/D115057

vitalybuka mentioned this in D149085: [HWASAN] Fix TLS + signal handling related crash.Apr 24 2023, 1:57 PM

Revision Contents

PathSize
compiler-rt/
lib/
msan/
4 lines
14 lines

Diff 385632

compiler-rt/lib/msan/msan_thread.h

Show All 9 Lines
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef MSAN_THREAD_H #ifndef MSAN_THREAD_H
#define MSAN_THREAD_H #define MSAN_THREAD_H
#include "msan_allocator.h" #include "msan_allocator.h"
#include "sanitizer_common/sanitizer_common.h" #include "sanitizer_common/sanitizer_common.h"
#include "sanitizer_common/sanitizer_posix.h"
namespace __msan { namespace __msan {
class MsanThread { class MsanThread {
public: public:
static MsanThread *Create(thread_callback_t start_routine, void *arg); static MsanThread *Create(thread_callback_t start_routine, void *arg);
static void TSDDtor(void *tsd); static void TSDDtor(void *tsd);
void Destroy(); void Destroy();
Show All 37 Lines private:
StackBounds stack_; StackBounds stack_;
StackBounds next_stack_; StackBounds next_stack_;
uptr tls_begin_; uptr tls_begin_;
uptr tls_end_; uptr tls_end_;
unsigned in_signal_handler_; unsigned in_signal_handler_;
__sanitizer_sigset_t sigset_;
eugenisUnsubmitted
Done
ReplyInline Actions

starting_sigset_ or something like that

eugenis: starting_sigset_ or something like that
MsanThreadLocalMallocStorage malloc_storage_; MsanThreadLocalMallocStorage malloc_storage_;
}; };
MsanThread *GetCurrentThread(); MsanThread *GetCurrentThread();
void SetCurrentThread(MsanThread *t); void SetCurrentThread(MsanThread *t);
} // namespace __msan } // namespace __msan
#endif // MSAN_THREAD_H #endif // MSAN_THREAD_H

compiler-rt/lib/msan/msan_thread.cpp

#include "msan.h"
#include "msan_thread.h" #include "msan_thread.h"
#include "msan_interface_internal.h"
#include <signal.h>
#include "msan.h"
#include "msan_interface_internal.h"
#include "sanitizer_common/sanitizer_linux.h"
#include "sanitizer_common/sanitizer_posix.h"
#include "sanitizer_common/sanitizer_tls_get_addr.h" #include "sanitizer_common/sanitizer_tls_get_addr.h"
namespace __msan { namespace __msan {
MsanThread *MsanThread::Create(thread_callback_t start_routine, MsanThread *MsanThread::Create(thread_callback_t start_routine,
void *arg) { void *arg) {
uptr PageSize = GetPageSizeCached(); uptr PageSize = GetPageSizeCached();
uptr size = RoundUpTo(sizeof(MsanThread), PageSize); uptr size = RoundUpTo(sizeof(MsanThread), PageSize);
MsanThread *thread = (MsanThread*)MmapOrDie(size, __func__); MsanThread *thread = (MsanThread*)MmapOrDie(size, __func__);
thread->start_routine_ = start_routine; thread->start_routine_ = start_routine;
thread->arg_ = arg; thread->arg_ = arg;
thread->destructor_iterations_ = GetPthreadDestructorIterations(); thread->destructor_iterations_ = GetPthreadDestructorIterations();
__sanitizer_sigset_t set;
internal_sigfillset(&set);
CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, &set, &thread->sigset_));
browneeeUnsubmitted
Not Done
ReplyInline Actions

Would the same fix be applicable for DFSan?
https://github.com/llvm/llvm-project/blob/443820179a849eac6ddb5cbf0ba5cc7bbc42e2d2/compiler-rt/lib/dfsan/dfsan_thread.cpp#L21

browneee: Would the same fix be applicable for DFSan? https://github.com/llvm/llvm…
eugenisUnsubmitted
Not Done
ReplyInline Actions

I think so. We need to prevent signals from running on the new thread stack and tls before they are ready. Another option would be to always allocate stacks for threads ourselves in the parent thread, but the current approach is simpler.

Not sure about including <signal.h> here. It should go in msan_linux.cpp, or even in sanitizer_common_posix.cpp if it was reused in dfsan.

eugenis: I think so. We need to prevent signals from running on the new thread stack and tls before they…
return thread; return thread;
} }
void MsanThread::SetThreadStackAndTls() { void MsanThread::SetThreadStackAndTls() {
uptr tls_size = 0; uptr tls_size = 0;
uptr stack_size = 0; uptr stack_size = 0;
GetThreadStackAndTls(IsMainThread(), &stack_.bottom, &stack_size, &tls_begin_, GetThreadStackAndTls(IsMainThread(), &stack_.bottom, &stack_size, &tls_begin_,
&tls_size); &tls_size);
Show All 15 Linesvoid MsanThread::ClearShadowForThreadStackAndTLS() {
}); });
} }
void MsanThread::Init() { void MsanThread::Init() {
SetThreadStackAndTls(); SetThreadStackAndTls();
CHECK(MEM_IS_APP(stack_.bottom)); CHECK(MEM_IS_APP(stack_.bottom));
CHECK(MEM_IS_APP(stack_.top - 1)); CHECK(MEM_IS_APP(stack_.top - 1));
ClearShadowForThreadStackAndTLS(); ClearShadowForThreadStackAndTLS();
CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, &sigset_, nullptr));
} }
void MsanThread::TSDDtor(void *tsd) { void MsanThread::TSDDtor(void *tsd) {
MsanThread *t = (MsanThread*)tsd; MsanThread *t = (MsanThread*)tsd;
t->Destroy(); t->Destroy();
} }
void MsanThread::Destroy() { void MsanThread::Destroy() {
▲ Show 20 LinesShow All 67 LinesShow Last 20 Lines