This is an archive of the discontinued LLVM Phabricator instance.

Differential D136897

[tsan] re-exec when ASLR is enabled for x86_64 as well
ClosedPublic

Authored by ZijunZhao on Oct 27 2022, 4:10 PM.

Details

Reviewers
pirama
enh
danalbert
dvyukov
vitalybuka
eugenis
Commits
rG3c73c560e4db: [tsan] re-exec when ASLR is enabled for x86_64 as well

Diff Detail

Event Timeline

ZijunZhao created this revision.Oct 27 2022, 4:10 PM
Herald added a project: Restricted Project. · View Herald TranscriptOct 27 2022, 4:10 PM
Herald added a subscriber: Enna1. · View Herald Transcript
ZijunZhao requested review of this revision.Oct 27 2022, 4:10 PM
Herald added a project: Restricted Project. · View Herald TranscriptOct 27 2022, 4:10 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
ZijunZhao added reviewers: pirama, enh, danalbert, dvyukov, vitalybuka.Oct 27 2022, 4:11 PM
ZijunZhao added a reviewer: eugenis.
enh added inline comments.Oct 27 2022, 4:18 PM
compiler-rt/lib/tsan/rtl/tsan_platform_linux.cpp
302

do we know the corresponding x86-64 patch?

Harbormaster completed remote builds in B194774: Diff 471317.Oct 27 2022, 4:28 PM
pirama added inline comments.Oct 28 2022, 10:06 AM
compiler-rt/lib/tsan/rtl/tsan_platform_linux.cpp
302

https://android.googlesource.com/platform/system/core/+/master/init/security.cpp#100 points to 9e08f57d684a x86: mm: support ARCH_MMAP_RND_BITS as the equivalent for x86.

319

This function seems to be needed only for aarch64 [1]? Add a separate #if guard around this call with the old check #if SANITIZER_LINUX && defined(__aarch64__).

[1] https://github.com/llvm/llvm-project/blob/main/compiler-rt/lib/tsan/rtl/tsan_platform_linux.cpp#L432

ZijunZhao updated this revision to Diff 471656.Oct 28 2022, 2:28 PM
ZijunZhao marked an inline comment as done.
Harbormaster completed remote builds in B195014: Diff 471656.Oct 28 2022, 2:48 PM
pirama added inline comments.Oct 28 2022, 2:49 PM
compiler-rt/lib/tsan/rtl/tsan_platform_linux.cpp
319

For clarity, I'd duplicate the SANITIZER_LINUX here instead of nesting the pre-processor checks - because the ASLR personality check is unrelated to initializing the longjmp key.

ZijunZhao updated this revision to Diff 472134.Oct 31 2022, 2:27 PM
ZijunZhao retitled this revision from Extend the personality way to x86_64 to [tsan] re-exec when ASLR is enabled for x86_64 as well.
ZijunZhao marked an inline comment as done.
Harbormaster completed remote builds in B195352: Diff 472134.Oct 31 2022, 2:58 PM
fmayer added a subscriber: fmayer.Oct 31 2022, 3:00 PM
fmayer added inline comments.
compiler-rt/lib/tsan/rtl/tsan_platform_linux.cpp
306

nit

vitalybuka requested changes to this revision.Dec 7 2022, 1:58 PM
vitalybuka added inline comments.
compiler-rt/lib/tsan/rtl/tsan_platform_linux.cpp
302

Is this 39-bit VA specific?
Can you please update comment to cover x86

I guess it's android only?
So it should be SANITIZER_ANDROID.

I was recently notoced internal that ASLR is not working on TSAN arm64 linux, and want to undo this reexec

This revision now requires changes to proceed.Dec 7 2022, 1:58 PM
pirama added inline comments.Dec 7 2022, 2:37 PM
compiler-rt/lib/tsan/rtl/tsan_platform_linux.cpp
302

I was recently notoced internal that ASLR is not working on TSAN arm64 linux, and want to undo this reexec

If I'm reading this correctly, TSAN for arm64-linux doesn't need the re-exec? It's possible the address mappings here are for a different VA address space. Can you confirm if it's ok to relax the re-exec for all linux systems?

ZijunZhao updated this revision to Diff 481112.Dec 7 2022, 5:09 PM

Use SANITIZER_ANDROID in line 293 instead of SANITIZER_LINUX and fix the nit.

ZijunZhao marked an inline comment as done.Dec 7 2022, 5:09 PM
Harbormaster completed remote builds in B201851: Diff 481112.Dec 7 2022, 5:30 PM
vitalybuka accepted this revision.Dec 7 2022, 5:53 PM
This revision is now accepted and ready to land.Dec 7 2022, 5:53 PM
This revision was landed with ongoing or failed builds.Dec 8 2022, 11:38 AM
Closed by commit rG3c73c560e4db: [tsan] re-exec when ASLR is enabled for x86_64 as well (authored by ZijunZhao). · Explain Why
This revision was automatically updated to reflect the committed changes.
ZijunZhao added a commit: rG3c73c560e4db: [tsan] re-exec when ASLR is enabled for x86_64 as well.

Revision Contents

PathSize
compiler-rt/
lib/
tsan/
rtl/
6 lines

Diff 481382

compiler-rt/lib/tsan/rtl/tsan_platform_linux.cpp

Show First 20 LinesShow All 292 Lines▼ Show 20 Lines#if !SANITIZER_GO
if (!AddressSpaceIsUnlimited()) { if (!AddressSpaceIsUnlimited()) {
Report("WARNING: Program is run with limited virtual address space," Report("WARNING: Program is run with limited virtual address space,"
" which wouldn't work with ThreadSanitizer.\n"); " which wouldn't work with ThreadSanitizer.\n");
Report("Re-execing with unlimited virtual address space.\n"); Report("Re-execing with unlimited virtual address space.\n");
SetAddressSpaceUnlimited(); SetAddressSpaceUnlimited();
reexec = true; reexec = true;
} }
#if SANITIZER_LINUX && defined(__aarch64__) #if SANITIZER_ANDROID && (defined(__aarch64__) || defined(__x86_64__))
// After patch "arm64: mm: support ARCH_MMAP_RND_BITS." is introduced in // After patch "arm64: mm: support ARCH_MMAP_RND_BITS." is introduced in
enhUnsubmitted
Not Done
ReplyInline Actions

do we know the corresponding x86-64 patch?

enh: do we know the corresponding x86-64 patch?
piramaUnsubmitted
Not Done
ReplyInline Actions

https://android.googlesource.com/platform/system/core/+/master/init/security.cpp#100 points to 9e08f57d684a x86: mm: support ARCH_MMAP_RND_BITS as the equivalent for x86.

pirama: https://android.googlesource.com/platform/system/core/+/master/init/security.cpp#100 points to…
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

Is this 39-bit VA specific?
Can you please update comment to cover x86

I guess it's android only?
So it should be SANITIZER_ANDROID.

I was recently notoced internal that ASLR is not working on TSAN arm64 linux, and want to undo this reexec

vitalybuka: Is this 39-bit VA specific? Can you please update comment to cover x86 I guess it's android…
piramaUnsubmitted
Not Done
ReplyInline Actions

I was recently notoced internal that ASLR is not working on TSAN arm64 linux, and want to undo this reexec

If I'm reading this correctly, TSAN for arm64-linux doesn't need the re-exec? It's possible the address mappings here are for a different VA address space. Can you confirm if it's ok to relax the re-exec for all linux systems?

pirama: > I was recently notoced internal that ASLR is not working on TSAN arm64 linux, and want to…
// linux kernel, the random gap between stack and mapped area is increased // linux kernel, the random gap between stack and mapped area is increased
// from 128M to 36G on 39-bit aarch64. As it is almost impossible to cover // from 128M to 36G on 39-bit aarch64. As it is almost impossible to cover
// this big range, we should disable randomized virtual space on aarch64. // this big range, we should disable randomized virtual space on aarch64.
// ASLR personality check.
fmayerUnsubmitted
Done
ReplyInline Actions

nit

fmayer: nit
int old_personality = personality(0xffffffff); int old_personality = personality(0xffffffff);
if (old_personality != -1 && (old_personality & ADDR_NO_RANDOMIZE) == 0) { if (old_personality != -1 && (old_personality & ADDR_NO_RANDOMIZE) == 0) {
VReport(1, "WARNING: Program is run with randomized virtual address " VReport(1, "WARNING: Program is run with randomized virtual address "
"space, which wouldn't work with ThreadSanitizer.\n" "space, which wouldn't work with ThreadSanitizer.\n"
"Re-execing with fixed virtual address space.\n"); "Re-execing with fixed virtual address space.\n");
CHECK_NE(personality(old_personality | ADDR_NO_RANDOMIZE), -1); CHECK_NE(personality(old_personality | ADDR_NO_RANDOMIZE), -1);
reexec = true; reexec = true;
} }
#endif
#if SANITIZER_LINUX && defined(__aarch64__)
// Initialize the xor key used in {sig}{set,long}jump. // Initialize the xor key used in {sig}{set,long}jump.
InitializeLongjmpXorKey(); InitializeLongjmpXorKey();
piramaUnsubmitted
Done
ReplyInline Actions

This function seems to be needed only for aarch64 [1]? Add a separate #if guard around this call with the old check #if SANITIZER_LINUX && defined(__aarch64__).

[1] https://github.com/llvm/llvm-project/blob/main/compiler-rt/lib/tsan/rtl/tsan_platform_linux.cpp#L432

pirama: This function seems to be needed only for aarch64 [1]? Add a separate `#if` guard around this…
piramaUnsubmitted
Done
ReplyInline Actions

For clarity, I'd duplicate the SANITIZER_LINUX here instead of nesting the pre-processor checks - because the ASLR personality check is unrelated to initializing the longjmp key.

pirama: For clarity, I'd duplicate the `SANITIZER_LINUX` here instead of nesting the pre-processor…
#endif #endif
if (reexec) if (reexec)
ReExec(); ReExec();
} }
CheckAndProtect(); CheckAndProtect();
InitTlsSize(); InitTlsSize();
#endif // !SANITIZER_GO #endif // !SANITIZER_GO
▲ Show 20 LinesShow All 226 LinesShow Last 20 Lines