This is an archive of the discontinued LLVM Phabricator instance.

Re-land 'ASan: move allocator base to avoid conflict with high-entropy ASLR for x86-64 Linux'
ClosedPublic

Authored by thurston on Apr 13 2023, 4:57 PM.

Download Raw Diff

Details

Reviewers

MaskRay
vitalybuka
dvyukov

Commits

rGfb77ca05ffb4: Re-land 'ASan: move allocator base to avoid conflict with high-entropy ASLR for…

Summary

D147984 was reverted because it broke lit tests on Mac. This revision is based on D147984
but maintains the old behavior for Apple.

Note that, per the follow-up discussion with MaskRay in D147984, this patch excludes Apple
but includes other platforms (e.g., aarch64, MIPS64) and OSes (e.g., FreeBSD, S390X), not just
x86-64 Linux.

Original commit message from D147984:

Users have discovered [*] that when CONFIG_ARCH_MMAP_RND_BITS == 32,
it will frequently conflict with ASan's allocator on x86-64 Linux, because the
PIE program segment base address of 0x555555555554 plus an ASLR shift of up to
((2**32) * 4K == 0x100000000000) will sometimes exceed ASan's hardcoded
base address of 0x600000000000. We fix this by simply moving the allocator base
to 0x500000000000, which is below the PIE program segment base address. This is
cleaner than trying to move it to another location that is sandwiched between
the PIE program and library segments, because if either of those grow too large,
it will collide with the allocator region.

Note that we will never need to change this base address again (unless we want to increase
the size of the allocator), because ASLR cannot be set above 32-bits for x86-64 Linux (the
PIE program segment and library segments would collide with each other; see also
ARCH_MMAP_RND_BITS_MAX in https://github.com/torvalds/linux/blob/master/arch/x86/Kconfig).

see https://b.corp.google.com/issues/276925478

and https://groups.google.com/a/google.com/g/chrome-os-gardeners/c/BbfzCP3dEeo/m/h3C_vVUxCQAJ

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

thurston created this revision.Apr 13 2023, 4:57 PM

Herald added a project: Restricted Project. · View Herald TranscriptApr 13 2023, 4:57 PM

Herald added subscribers: Enna1, pengfei, atanasyan and 5 others. · View Herald Transcript

thurston requested review of this revision.Apr 13 2023, 4:57 PM

Herald added a project: Restricted Project. · View Herald TranscriptApr 13 2023, 4:57 PM

Herald added a subscriber: Restricted Project. · View Herald Transcript

thurston added reviewers: MaskRay, vitalybuka, dvyukov.Apr 13 2023, 4:58 PM

Harbormaster completed remote builds in B225459: Diff 513390.Apr 13 2023, 5:18 PM

Linux s390x appears to use 0x02aa........ for PIE load bases. Lowering 0x6000........ to 0x5000........ is definitely safe.

This revision is now accepted and ready to land.Apr 13 2023, 7:03 PM

Closed by commit rGfb77ca05ffb4: Re-land 'ASan: move allocator base to avoid conflict with high-entropy ASLR for… (authored by thurston). · Explain WhyApr 13 2023, 10:36 PM

This revision was automatically updated to reflect the committed changes.

thurston added a commit: rGfb77ca05ffb4: Re-land 'ASan: move allocator base to avoid conflict with high-entropy ASLR for….

In D148280#4266864, @MaskRay wrote:

Linux s390x appears to use 0x02aa........ for PIE load bases. Lowering 0x6000........ to 0x5000........ is definitely safe.

Thanks for checking!

MaskRay mentioned this in D148193: [lsan] Move allocator base to avoid conflict with high-entropy ASLR for x86-64 Linux.Apr 14 2023, 9:31 AM

MaskRay mentioned this in rG5ffe955570a5: [lsan] Move allocator base to avoid conflict with high-entropy ASLR for x86-64….Apr 14 2023, 10:19 AM

Revision Contents

Path

Size

compiler-rt/

lib/

asan/

asan_allocator.h

8 lines

Diff 513437

compiler-rt/lib/asan/asan_allocator.h

	Show First 20 Lines • Show All 137 Lines • ▼ Show 20 Lines
	#elif defined(__sparc__)			#elif defined(__sparc__)
	const uptr kAllocatorSpace = ~(uptr)0;			const uptr kAllocatorSpace = ~(uptr)0;
	const uptr kAllocatorSize = 0x20000000000ULL; // 2T.			const uptr kAllocatorSize = 0x20000000000ULL; // 2T.
	typedef DefaultSizeClassMap SizeClassMap;			typedef DefaultSizeClassMap SizeClassMap;
	# elif SANITIZER_WINDOWS			# elif SANITIZER_WINDOWS
	const uptr kAllocatorSpace = ~(uptr)0;			const uptr kAllocatorSpace = ~(uptr)0;
	const uptr kAllocatorSize = 0x8000000000ULL; // 500G			const uptr kAllocatorSize = 0x8000000000ULL; // 500G
	typedef DefaultSizeClassMap SizeClassMap;			typedef DefaultSizeClassMap SizeClassMap;
	# else			# elif SANITIZER_APPLE
	const uptr kAllocatorSpace = 0x600000000000ULL;			const uptr kAllocatorSpace = 0x600000000000ULL;
	const uptr kAllocatorSize = 0x40000000000ULL; // 4T.			const uptr kAllocatorSize = 0x40000000000ULL; // 4T.
	typedef DefaultSizeClassMap SizeClassMap;			typedef DefaultSizeClassMap SizeClassMap;
				# else
				const uptr kAllocatorSpace = 0x500000000000ULL;
				const uptr kAllocatorSize = 0x40000000000ULL; // 4T.
				typedef DefaultSizeClassMap SizeClassMap;
	# endif			# endif
	template <typename AddressSpaceViewTy>			template <typename AddressSpaceViewTy>
	struct AP64 { // Allocator64 parameters. Deliberately using a short name.			struct AP64 { // Allocator64 parameters. Deliberately using a short name.
	static const uptr kSpaceBeg = kAllocatorSpace;			static const uptr kSpaceBeg = kAllocatorSpace;
	static const uptr kSpaceSize = kAllocatorSize;			static const uptr kSpaceSize = kAllocatorSize;
	static const uptr kMetadataSize = 0;			static const uptr kMetadataSize = 0;
	typedef __asan::SizeClassMap SizeClassMap;			typedef __asan::SizeClassMap SizeClassMap;
	typedef AsanMapUnmapCallback MapUnmapCallback;			typedef AsanMapUnmapCallback MapUnmapCallback;
	static const uptr kFlags = 0;			static const uptr kFlags = 0;
	▲ Show 20 Lines • Show All 69 Lines • Show Last 20 Lines