This is an archive of the discontinued LLVM Phabricator instance.

Differential D30504

[sanitizer] Bail out with warning if user dlopens shared library with RTLD_DEEPBIND flag
ClosedPublic

Authored by m.ostapenko on Mar 1 2017, 9:50 AM.

Details

Reviewers
kcc
vitalybuka
eugenis
Commits
rG76630d43f608: [sanitizer] Bail out with warning if user dlopens shared library with…
rCRT297370: [sanitizer] Bail out with warning if user dlopens shared library with…
rL297370: [sanitizer] Bail out with warning if user dlopens shared library with…
Summary

People keep hitting on spurious failures in malloc/free routines when using sanitizers with shared libraries dlopened with RTLD_DEEPBIND (see https://github.com/google/sanitizers/issues/611 for details).
Let's check for this flag and bail out with warning message instead of failing in random places.

Diff Detail

Repository
rL LLVM

Event Timeline

m.ostapenko created this revision.Mar 1 2017, 9:50 AM
Herald added subscribers: kubamracek, srhines, danalbert. · View Herald TranscriptMar 1 2017, 9:50 AM
ygribov added inline comments.Mar 1 2017, 10:21 AM
lib/sanitizer_common/sanitizer_common.cc
485 ↗(On Diff #90200)

Does it make sense to print backtrace?

test/sanitizer_common/TestCases/Posix/deepbind.cc
1 ↗(On Diff #90200)

Do you need shlib at all? You don't care if dlopen succeeds so can call it with arbitrary path.

4 ↗(On Diff #90200)

Android does not have it?

18 ↗(On Diff #90200)

You can just return 0 after this.

kcc added a reviewer: vitalybuka.Mar 1 2017, 10:50 AM
kubamracek added inline comments.Mar 1 2017, 10:57 AM
lib/sanitizer_common/sanitizer_common.cc
480 ↗(On Diff #90200)

This will not compile on macOS (RTLD_DEEPBIND is not defined there).

m.ostapenko added inline comments.Mar 1 2017, 11:59 AM
lib/sanitizer_common/sanitizer_common.cc
480 ↗(On Diff #90200)

Thanks, will move this to sanitizer_linux. cc.

485 ↗(On Diff #90200)

Perhaps. At least we should print library name here.

test/sanitizer_common/TestCases/Posix/deepbind.cc
1 ↗(On Diff #90200)

Just wanted to make sure that without deepbind everything works as expected. I can drop this for sure.

4 ↗(On Diff #90200)

AFAIK Android doesn't intercept dlopen.

m.ostapenko updated this revision to Diff 90291.Mar 2 2017, 12:07 AM

Updating.

m.ostapenko marked 9 inline comments as done.Mar 2 2017, 12:11 AM
m.ostapenko added inline comments.
lib/sanitizer_common/sanitizer_common.cc
485 ↗(On Diff #90200)

sanitizer_common doesn't have unified stacktrace printing routine (e.g. GET_STACK_TRACE_FATAL), every tool defines it by itself. Thus I don't print backtrace here to avoid unnecessary complexity.

vitalybuka accepted this revision.Mar 6 2017, 3:36 PM
vitalybuka added inline comments.
lib/sanitizer_common/sanitizer_linux.cc
1472 ↗(On Diff #90291)

I'd prefer we have flags to ignore this. But according kcc@ on the bug it's overkill, so LGTM

This revision is now accepted and ready to land.Mar 6 2017, 3:36 PM
Closed by commit rL297370: [sanitizer] Bail out with warning if user dlopens shared library with… (authored by chefmax). · Explain WhyMar 9 2017, 2:59 AM
This revision was automatically updated to reflect the committed changes.
thakis added a subscriber: thakis.Mar 27 2017, 7:44 AM

We have a test in chromium that loads a small so file and calls some of the functions therein. There are no allocations in the so file. The test used to run fine under tsan, now it fails with the error message you added. I'll disable the test under tsan, but maybe others out there where also calling non-allocating so's without problems before this change.

m.ostapenko added a comment.Mar 28 2017, 4:18 AM
In D30504#711277, @thakis wrote:

We have a test in chromium that loads a small so file and calls some of the functions therein. There are no allocations in the so file. The test used to run fine under tsan, now it fails with the error message you added. I'll disable the test under tsan, but maybe others out there where also calling non-allocating so's without problems before this change.

Oh, sorry. Perhaps we can remove Die()? The check still should fire a warning IMHO.

Revision Contents

PathSize
compiler-rt/
trunk/
lib/
asan/
8 lines
sanitizer_common/
2 lines
3 lines
13 lines
4 lines
3 lines
test/
sanitizer_common/
TestCases/
Linux/
12 lines

Diff 91148

compiler-rt/trunk/lib/asan/asan_interceptors.cc

Show First 20 LinesShow All 222 Lines▼ Show 20 Lines
// can be slow. // can be slow.
#define COMMON_INTERCEPTOR_SET_PTHREAD_NAME(ctx, thread, name) \ #define COMMON_INTERCEPTOR_SET_PTHREAD_NAME(ctx, thread, name) \
do { \ do { \
} while (false) } while (false)
#define COMMON_INTERCEPTOR_BLOCK_REAL(name) REAL(name) #define COMMON_INTERCEPTOR_BLOCK_REAL(name) REAL(name)
// Strict init-order checking is dlopen-hostile: // Strict init-order checking is dlopen-hostile:
// https://github.com/google/sanitizers/issues/178 // https://github.com/google/sanitizers/issues/178
#define COMMON_INTERCEPTOR_ON_DLOPEN(filename, flag) \ #define COMMON_INTERCEPTOR_ON_DLOPEN(filename, flag) \
if (flags()->strict_init_order) { \ do { \
if (flags()->strict_init_order) \
StopInitOrderChecking(); \ StopInitOrderChecking(); \
} CheckNoDeepBind(filename, flag); \
} while (false)
#define COMMON_INTERCEPTOR_ON_EXIT(ctx) OnExit() #define COMMON_INTERCEPTOR_ON_EXIT(ctx) OnExit()
#define COMMON_INTERCEPTOR_LIBRARY_LOADED(filename, handle) \ #define COMMON_INTERCEPTOR_LIBRARY_LOADED(filename, handle) \
CoverageUpdateMapping() CoverageUpdateMapping()
#define COMMON_INTERCEPTOR_LIBRARY_UNLOADED() CoverageUpdateMapping() #define COMMON_INTERCEPTOR_LIBRARY_UNLOADED() CoverageUpdateMapping()
#define COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED (!asan_inited) #define COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED (!asan_inited)
#define COMMON_INTERCEPTOR_GET_TLS_RANGE(begin, end) \ #define COMMON_INTERCEPTOR_GET_TLS_RANGE(begin, end) \
if (AsanThread *t = GetCurrentThread()) { \ if (AsanThread *t = GetCurrentThread()) { \
*begin = t->tls_begin(); \ *begin = t->tls_begin(); \
▲ Show 20 LinesShow All 544 LinesShow Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_common.h

Show First 20 LinesShow All 905 Lines▼ Show 20 Linesstruct StackDepotStats {
uptr n_uniq_ids; uptr n_uniq_ids;
uptr allocated; uptr allocated;
}; };
// The default value for allocator_release_to_os_interval_ms common flag to // The default value for allocator_release_to_os_interval_ms common flag to
// indicate that sanitizer allocator should not attempt to release memory to OS. // indicate that sanitizer allocator should not attempt to release memory to OS.
const s32 kReleaseToOSIntervalNever = -1; const s32 kReleaseToOSIntervalNever = -1;
void CheckNoDeepBind(const char *filename, int flag);
} // namespace __sanitizer } // namespace __sanitizer
inline void *operator new(__sanitizer::operator_new_size_type size, inline void *operator new(__sanitizer::operator_new_size_type size,
__sanitizer::LowLevelAllocator &alloc) { __sanitizer::LowLevelAllocator &alloc) {
return alloc.Allocate(size); return alloc.Allocate(size);
} }
#endif // SANITIZER_COMMON_H #endif // SANITIZER_COMMON_H

compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc

Show First 20 LinesShow All 136 Lines▼ Show 20 Lines
#define COMMON_INTERCEPTOR_READ_STRING_OF_LEN(ctx, s, len, n) \ #define COMMON_INTERCEPTOR_READ_STRING_OF_LEN(ctx, s, len, n) \
COMMON_INTERCEPTOR_READ_RANGE((ctx), (s), \ COMMON_INTERCEPTOR_READ_RANGE((ctx), (s), \
common_flags()->strict_string_checks ? (len) + 1 : (n) ) common_flags()->strict_string_checks ? (len) + 1 : (n) )
#define COMMON_INTERCEPTOR_READ_STRING(ctx, s, n) \ #define COMMON_INTERCEPTOR_READ_STRING(ctx, s, n) \
COMMON_INTERCEPTOR_READ_STRING_OF_LEN((ctx), (s), REAL(strlen)(s), (n)) COMMON_INTERCEPTOR_READ_STRING_OF_LEN((ctx), (s), REAL(strlen)(s), (n))
#ifndef COMMON_INTERCEPTOR_ON_DLOPEN #ifndef COMMON_INTERCEPTOR_ON_DLOPEN
#define COMMON_INTERCEPTOR_ON_DLOPEN(filename, flag) {} #define COMMON_INTERCEPTOR_ON_DLOPEN(filename, flag) \
CheckNoDeepBind(filename, flag);
#endif #endif
#ifndef COMMON_INTERCEPTOR_GET_TLS_RANGE #ifndef COMMON_INTERCEPTOR_GET_TLS_RANGE
#define COMMON_INTERCEPTOR_GET_TLS_RANGE(begin, end) *begin = *end = 0; #define COMMON_INTERCEPTOR_GET_TLS_RANGE(begin, end) *begin = *end = 0;
#endif #endif
#ifndef COMMON_INTERCEPTOR_ACQUIRE #ifndef COMMON_INTERCEPTOR_ACQUIRE
#define COMMON_INTERCEPTOR_ACQUIRE(ctx, u) {} #define COMMON_INTERCEPTOR_ACQUIRE(ctx, u) {}
▲ Show 20 LinesShow All 6,094 LinesShow Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_linux.cc

Show First 20 LinesShow All 1,454 Lines▼ Show 20 Lines
} }
void MaybeReexec() { void MaybeReexec() {
// No need to re-exec on Linux. // No need to re-exec on Linux.
} }
void PrintModuleMap() { } void PrintModuleMap() { }
void CheckNoDeepBind(const char *filename, int flag) {
if (flag & RTLD_DEEPBIND) {
Report(
"You are trying to dlopen a %s shared library with RTLD_DEEPBIND flag"
" which is incompatibe with sanitizer runtime "
"(see https://github.com/google/sanitizers/issues/611 for details"
"). If you want to run %s library under sanitizers please remove "
"RTLD_DEEPBIND from dlopen flags.\n",
filename, filename);
Die();
}
}
uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding) { uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding) {
UNREACHABLE("FindAvailableMemoryRange is not available"); UNREACHABLE("FindAvailableMemoryRange is not available");
return 0; return 0;
} }
} // namespace __sanitizer } // namespace __sanitizer
#endif // SANITIZER_FREEBSD || SANITIZER_LINUX #endif // SANITIZER_FREEBSD || SANITIZER_LINUX

compiler-rt/trunk/lib/sanitizer_common/sanitizer_mac.cc

Show First 20 LinesShow All 880 Lines▼ Show 20 Lines for (uptr i = 0; i < modules.size(); ++i) {
FormatUUID(uuid_str, sizeof(uuid_str), modules[i].uuid()); FormatUUID(uuid_str, sizeof(uuid_str), modules[i].uuid());
Printf("0x%zx-0x%zx %s (%s) %s\n", modules[i].base_address(), Printf("0x%zx-0x%zx %s (%s) %s\n", modules[i].base_address(),
modules[i].max_executable_address(), modules[i].full_name(), modules[i].max_executable_address(), modules[i].full_name(),
ModuleArchToString(modules[i].arch()), uuid_str); ModuleArchToString(modules[i].arch()), uuid_str);
} }
Printf("End of module map.\n"); Printf("End of module map.\n");
} }
void CheckNoDeepBind(const char *filename, int flag) {
// Do nothing.
}
} // namespace __sanitizer } // namespace __sanitizer
#endif // SANITIZER_MAC #endif // SANITIZER_MAC

compiler-rt/trunk/lib/sanitizer_common/sanitizer_win.cc

Show First 20 LinesShow All 984 Lines▼ Show 20 Linesbool IsProcessRunning(pid_t pid) {
return false; return false;
} }
int WaitForProcess(pid_t pid) { return -1; } int WaitForProcess(pid_t pid) { return -1; }
// FIXME implement on this platform. // FIXME implement on this platform.
void GetMemoryProfile(fill_profile_f cb, uptr *stats, uptr stats_size) { } void GetMemoryProfile(fill_profile_f cb, uptr *stats, uptr stats_size) { }
void CheckNoDeepBind(const char *filename, int flag) {
// Do nothing.
}
} // namespace __sanitizer } // namespace __sanitizer
#endif // _WIN32 #endif // _WIN32

compiler-rt/trunk/test/sanitizer_common/TestCases/Linux/deepbind.cc

// RUN: %clangxx %s -o %t && %run not %t 1 2>&1 | FileCheck %s
// UNSUPPORTED: lsan, android
#include <dlfcn.h>
#include <stdio.h>
#include <string>
int main (int argc, char *argv[]) {
// CHECK: You are trying to dlopen a <arbitrary path> shared library with RTLD_DEEPBIND flag
void *lib = dlopen("<arbitrary path>", RTLD_NOW | RTLD_DEEPBIND);
return 0;
}