This is an archive of the discontinued LLVM Phabricator instance.

Re-land 'ASan: move allocator base to avoid conflict with high-entropy ASLR for x86-64 Linux'
ClosedPublic

Authored by thurston on Apr 13 2023, 4:57 PM.

Details

Summary

D147984 was reverted because it broke lit tests on Mac. This revision is based on D147984
but maintains the old behavior for Apple.

Note that, per the follow-up discussion with MaskRay in D147984, this patch excludes Apple
but includes other platforms (e.g., aarch64, MIPS64) and OSes (e.g., FreeBSD, S390X), not just
x86-64 Linux.

Original commit message from D147984:

Users have discovered [*] that when CONFIG_ARCH_MMAP_RND_BITS == 32,
it will frequently conflict with ASan's allocator on x86-64 Linux, because the
PIE program segment base address of 0x555555555554 plus an ASLR shift of up to
((2**32) * 4K == 0x100000000000) will sometimes exceed ASan's hardcoded
base address of 0x600000000000. We fix this by simply moving the allocator base
to 0x500000000000, which is below the PIE program segment base address. This is
cleaner than trying to move it to another location that is sandwiched between
the PIE program and library segments, because if either of those grow too large,
it will collide with the allocator region.

Note that we will never need to change this base address again (unless we want to increase
the size of the allocator), because ASLR cannot be set above 32-bits for x86-64 Linux (the
PIE program segment and library segments would collide with each other; see also
ARCH_MMAP_RND_BITS_MAX in https://github.com/torvalds/linux/blob/master/arch/x86/Kconfig).

and https://groups.google.com/a/google.com/g/chrome-os-gardeners/c/BbfzCP3dEeo/m/h3C_vVUxCQAJ

Diff Detail

Event Timeline

thurston created this revision.Apr 13 2023, 4:57 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 13 2023, 4:57 PM
thurston requested review of this revision.Apr 13 2023, 4:57 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 13 2023, 4:57 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
MaskRay accepted this revision.Apr 13 2023, 7:03 PM

Linux s390x appears to use 0x02aa........ for PIE load bases. Lowering 0x6000........ to 0x5000........ is definitely safe.

This revision is now accepted and ready to land.Apr 13 2023, 7:03 PM

Linux s390x appears to use 0x02aa........ for PIE load bases. Lowering 0x6000........ to 0x5000........ is definitely safe.

Thanks for checking!