This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
lib/
-
asan/
-
asan_interceptors.cc
-
sanitizer_common/
4/5
sanitizer_common.cc
-
sanitizer_common_interceptors.inc
-
test/sanitizer_common/TestCases/Posix/
-
sanitizer_common/
-
TestCases/
-
Posix/
5/5
deepbind.cc

Differential D30504

[sanitizer] Bail out with warning if user dlopens shared library with RTLD_DEEPBIND flag
ClosedPublic

Authored by m.ostapenko on Mar 1 2017, 9:50 AM.

Download Raw Diff

Details

Reviewers

kcc
vitalybuka
eugenis

Commits

rG76630d43f608: [sanitizer] Bail out with warning if user dlopens shared library with…
rCRT297370: [sanitizer] Bail out with warning if user dlopens shared library with…
rL297370: [sanitizer] Bail out with warning if user dlopens shared library with…

Summary

People keep hitting on spurious failures in malloc/free routines when using sanitizers with shared libraries dlopened with RTLD_DEEPBIND (see https://github.com/google/sanitizers/issues/611 for details).
Let's check for this flag and bail out with warning message instead of failing in random places.

Diff Detail

Repository: rL LLVM

Event Timeline

m.ostapenko created this revision.Mar 1 2017, 9:50 AM

Herald added subscribers: kubamracek, srhines, danalbert. · View Herald TranscriptMar 1 2017, 9:50 AM

ygribov added inline comments.Mar 1 2017, 10:21 AM

lib/sanitizer_common/sanitizer_common.cc
485	Does it make sense to print backtrace?
test/sanitizer_common/TestCases/Posix/deepbind.cc
1	Do you need shlib at all? You don't care if `dlopen` succeeds so can call it with arbitrary path.
4	Android does not have it?
18	You can just `return 0` after this.

kcc added a reviewer: vitalybuka.Mar 1 2017, 10:50 AM

kubamracek added inline comments.Mar 1 2017, 10:57 AM

lib/sanitizer_common/sanitizer_common.cc
480	This will not compile on macOS (RTLD_DEEPBIND is not defined there).

m.ostapenko added inline comments.Mar 1 2017, 11:59 AM

lib/sanitizer_common/sanitizer_common.cc
480	Thanks, will move this to sanitizer_linux. cc.
485	Perhaps. At least we should print library name here.
test/sanitizer_common/TestCases/Posix/deepbind.cc
1	Just wanted to make sure that without deepbind everything works as expected. I can drop this for sure.
4	AFAIK Android doesn't intercept dlopen.

Updating.

m.ostapenko marked 9 inline comments as done.Mar 2 2017, 12:11 AM

m.ostapenko added inline comments.

lib/sanitizer_common/sanitizer_common.cc
485	sanitizer_common doesn't have unified stacktrace printing routine (e.g. GET_STACK_TRACE_FATAL), every tool defines it by itself. Thus I don't print backtrace here to avoid unnecessary complexity.

vitalybuka accepted this revision.Mar 6 2017, 3:36 PM

vitalybuka added inline comments.

lib/sanitizer_common/sanitizer_linux.cc
1472 ↗	(On Diff #90291)	I'd prefer we have flags to ignore this. But according kcc@ on the bug it's overkill, so LGTM

This revision is now accepted and ready to land.Mar 6 2017, 3:36 PM

Closed by commit rL297370: [sanitizer] Bail out with warning if user dlopens shared library with… (authored by chefmax). · Explain WhyMar 9 2017, 2:59 AM

This revision was automatically updated to reflect the committed changes.

We have a test in chromium that loads a small so file and calls some of the functions therein. There are no allocations in the so file. The test used to run fine under tsan, now it fails with the error message you added. I'll disable the test under tsan, but maybe others out there where also calling non-allocating so's without problems before this change.

In D30504#711277, @thakis wrote:

We have a test in chromium that loads a small so file and calls some of the functions therein. There are no allocations in the so file. The test used to run fine under tsan, now it fails with the error message you added. I'll disable the test under tsan, but maybe others out there where also calling non-allocating so's without problems before this change.

Oh, sorry. Perhaps we can remove Die()? The check still should fire a warning IMHO.

Revision Contents

Path

Size

lib/

asan/

asan_interceptors.cc

8 lines

sanitizer_common/

sanitizer_common.cc

12 lines

sanitizer_common_interceptors.inc

2 lines

test/

sanitizer_common/

TestCases/

Posix/

deepbind.cc

33 lines

Diff 90200

lib/asan/asan_interceptors.cc

	Show First 20 Lines • Show All 222 Lines • ▼ Show 20 Lines
	// can be slow.			// can be slow.
	#define COMMON_INTERCEPTOR_SET_PTHREAD_NAME(ctx, thread, name) \			#define COMMON_INTERCEPTOR_SET_PTHREAD_NAME(ctx, thread, name) \
	do { \			do { \
	} while (false)			} while (false)
	#define COMMON_INTERCEPTOR_BLOCK_REAL(name) REAL(name)			#define COMMON_INTERCEPTOR_BLOCK_REAL(name) REAL(name)
	// Strict init-order checking is dlopen-hostile:			// Strict init-order checking is dlopen-hostile:
	// https://github.com/google/sanitizers/issues/178			// https://github.com/google/sanitizers/issues/178
	#define COMMON_INTERCEPTOR_ON_DLOPEN(filename, flag) \			#define COMMON_INTERCEPTOR_ON_DLOPEN(filename, flag) \
	if (flags()->strict_init_order) { \			do { \
				if (flags()->strict_init_order) \
	StopInitOrderChecking(); \			StopInitOrderChecking(); \
	}			CheckNoDeepBind(flag); \
				} while (false)
	#define COMMON_INTERCEPTOR_ON_EXIT(ctx) OnExit()			#define COMMON_INTERCEPTOR_ON_EXIT(ctx) OnExit()
	#define COMMON_INTERCEPTOR_LIBRARY_LOADED(filename, handle) \			#define COMMON_INTERCEPTOR_LIBRARY_LOADED(filename, handle) \
	CoverageUpdateMapping()			CoverageUpdateMapping()
	#define COMMON_INTERCEPTOR_LIBRARY_UNLOADED() CoverageUpdateMapping()			#define COMMON_INTERCEPTOR_LIBRARY_UNLOADED() CoverageUpdateMapping()
	#define COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED (!asan_inited)			#define COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED (!asan_inited)
	#define COMMON_INTERCEPTOR_GET_TLS_RANGE(begin, end) \			#define COMMON_INTERCEPTOR_GET_TLS_RANGE(begin, end) \
	if (AsanThread *t = GetCurrentThread()) { \			if (AsanThread *t = GetCurrentThread()) { \
	*begin = t->tls_begin(); \			*begin = t->tls_begin(); \
	▲ Show 20 Lines • Show All 544 Lines • Show Last 20 Lines

lib/sanitizer_common/sanitizer_common.cc

Show All 13 Lines
#include "sanitizer_common.h"		#include "sanitizer_common.h"
#include "sanitizer_allocator_interface.h"		#include "sanitizer_allocator_interface.h"
#include "sanitizer_allocator_internal.h"		#include "sanitizer_allocator_internal.h"
#include "sanitizer_flags.h"		#include "sanitizer_flags.h"
#include "sanitizer_libc.h"		#include "sanitizer_libc.h"
#include "sanitizer_placement_new.h"		#include "sanitizer_placement_new.h"
#include "sanitizer_stacktrace_printer.h"		#include "sanitizer_stacktrace_printer.h"
#include "sanitizer_symbolizer.h"		#include "sanitizer_symbolizer.h"
		#include <dlfcn.h> // For RTLD_DEEPBIND

namespace __sanitizer {		namespace __sanitizer {

const char *SanitizerToolName = "SanitizerTool";		const char *SanitizerToolName = "SanitizerTool";

atomic_uint32_t current_verbosity;		atomic_uint32_t current_verbosity;
uptr PageSizeCached;		uptr PageSizeCached;

▲ Show 20 Lines • Show All 440 Lines • ▼ Show 20 Lines	if (MFHooks[i].malloc_hook == nullptr) {
MFHooks[i].malloc_hook = malloc_hook;		MFHooks[i].malloc_hook = malloc_hook;
MFHooks[i].free_hook = free_hook;		MFHooks[i].free_hook = free_hook;
return i + 1;		return i + 1;
}		}
}		}
return 0;		return 0;
}		}

		void CheckNoDeepBind(int flag) {
		if (flag & RTLD_DEEPBIND) {
		kubamracekUnsubmitted Done Reply Inline Actions This will not compile on macOS (RTLD_DEEPBIND is not defined there). kubamracek: This will not compile on macOS (RTLD_DEEPBIND is not defined there).
		m.ostapenkoAuthorUnsubmitted Done Reply Inline Actions Thanks, will move this to sanitizer_linux. cc. m.ostapenko: Thanks, will move this to sanitizer_linux. cc.
		Report("You are trying to dlopen a shared library with RTLD_DEEPBIND flag"
		" which is incompatibe with sanitizer runtime "
		"(see https://github.com/google/sanitizers/issues/611 for details"
		"). If you want to run your library under sanitizers please remove "
		"RTLD_DEEPBIND from dlopen flags.\n");
		ygribovUnsubmitted Done Reply Inline Actions Does it make sense to print backtrace? ygribov: Does it make sense to print backtrace?
		m.ostapenkoAuthorUnsubmitted Done Reply Inline Actions Perhaps. At least we should print library name here. m.ostapenko: Perhaps. At least we should print library name here.
		m.ostapenkoAuthorUnsubmitted Not Done Reply Inline Actions sanitizer_common doesn't have unified stacktrace printing routine (e.g. GET_STACK_TRACE_FATAL), every tool defines it by itself. Thus I don't print backtrace here to avoid unnecessary complexity. m.ostapenko: sanitizer_common doesn't have unified stacktrace printing routine (e.g. GET_STACK_TRACE_FATAL)…
		Die();
		}
		}

} // namespace __sanitizer		} // namespace __sanitizer

using namespace __sanitizer; // NOLINT		using namespace __sanitizer; // NOLINT

extern "C" {		extern "C" {
void __sanitizer_set_report_path(const char *path) {		void __sanitizer_set_report_path(const char *path) {
report_file.SetReportPath(path);		report_file.SetReportPath(path);
}		}
Show All 30 Lines

lib/sanitizer_common/sanitizer_common_interceptors.inc

	Show First 20 Lines • Show All 136 Lines • ▼ Show 20 Lines
	#define COMMON_INTERCEPTOR_READ_STRING_OF_LEN(ctx, s, len, n) \			#define COMMON_INTERCEPTOR_READ_STRING_OF_LEN(ctx, s, len, n) \
	COMMON_INTERCEPTOR_READ_RANGE((ctx), (s), \			COMMON_INTERCEPTOR_READ_RANGE((ctx), (s), \
	common_flags()->strict_string_checks ? (len) + 1 : (n) )			common_flags()->strict_string_checks ? (len) + 1 : (n) )

	#define COMMON_INTERCEPTOR_READ_STRING(ctx, s, n) \			#define COMMON_INTERCEPTOR_READ_STRING(ctx, s, n) \
	COMMON_INTERCEPTOR_READ_STRING_OF_LEN((ctx), (s), REAL(strlen)(s), (n))			COMMON_INTERCEPTOR_READ_STRING_OF_LEN((ctx), (s), REAL(strlen)(s), (n))

	#ifndef COMMON_INTERCEPTOR_ON_DLOPEN			#ifndef COMMON_INTERCEPTOR_ON_DLOPEN
	#define COMMON_INTERCEPTOR_ON_DLOPEN(filename, flag) {}			#define COMMON_INTERCEPTOR_ON_DLOPEN(filename, flag) { CheckNoDeepBind(flag); }
	#endif			#endif

	#ifndef COMMON_INTERCEPTOR_GET_TLS_RANGE			#ifndef COMMON_INTERCEPTOR_GET_TLS_RANGE
	#define COMMON_INTERCEPTOR_GET_TLS_RANGE(begin, end) begin = end = 0;			#define COMMON_INTERCEPTOR_GET_TLS_RANGE(begin, end) begin = end = 0;
	#endif			#endif

	#ifndef COMMON_INTERCEPTOR_ACQUIRE			#ifndef COMMON_INTERCEPTOR_ACQUIRE
	#define COMMON_INTERCEPTOR_ACQUIRE(ctx, u) {}			#define COMMON_INTERCEPTOR_ACQUIRE(ctx, u) {}
	▲ Show 20 Lines • Show All 6,083 Lines • Show Last 20 Lines

test/sanitizer_common/TestCases/Posix/deepbind.cc

This file was added.

				// RUN: %clangxx -DSHARED_LIB %s -fPIC -shared -o %t-so.so
				ygribovUnsubmitted Done Reply Inline Actions Do you need shlib at all? You don't care if `dlopen` succeeds so can call it with arbitrary path. ygribov: Do you need shlib at all? You don't care if `dlopen` succeeds so can call it with arbitrary…
				m.ostapenkoAuthorUnsubmitted Done Reply Inline Actions Just wanted to make sure that without deepbind everything works as expected. I can drop this for sure. m.ostapenko: Just wanted to make sure that without deepbind everything works as expected. I can drop this…
				// RUN: %clangxx %s -o %t && %run %t 2>&1
				// RUN: %run not %t 1 2>&1 \| FileCheck %s --check-prefix CHECK-DEEPBIND
				// UNSUPPORTED: lsan, android
				ygribovUnsubmitted Done Reply Inline Actions Android does not have it? ygribov: Android does not have it?
				m.ostapenkoAuthorUnsubmitted Done Reply Inline Actions AFAIK Android doesn't intercept dlopen. m.ostapenko: AFAIK Android doesn't intercept dlopen.

				#if !defined(SHARED_LIB)
				#include <dlfcn.h>
				#include <stdio.h>
				#include <string>

				using std::string;

				int main (int argc, char *argv[]) {
				int flag = argc > 1 ? RTLD_NOW \| RTLD_DEEPBIND : RTLD_NOW;
				string path = string(argv[0]) + "-so.so";
				printf("opening %s ... \n", path.c_str());
				// CHECK-DEEPBIND: You are trying to dlopen a shared library with RTLD_DEEPBIND flag
				void *lib = dlopen(path.c_str(), flag);
				ygribovUnsubmitted Done Reply Inline Actions You can just `return 0` after this. ygribov: You can just `return 0` after this.
				if (!lib) {
				printf("error in dlopen(): %s\n", dlerror());
				return 1;
				}
				dlclose(lib);
				return 0;
				}
				#else // SHARED_LIB
				#include <stdio.h>

				__attribute__((constructor))
				void at_dlopen() {
				printf("%s: I am being dlopened\n", __FILE__);
				}
				#endif