This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
lib/scudo/
-
scudo/
2
scudo_utils.cpp

Differential D40504

[scudo] Workaround for uninitialized Bionic globals
ClosedPublic

Authored by cryptoad on Nov 27 2017, 9:32 AM.

Download Raw Diff

Details

Reviewers

alekseyshl

Commits

rG06b891f6939c: [scudo] Workaround for uninitialized Bionic globals
rCRT319099: [scudo] Workaround for uninitialized Bionic globals
rL319099: [scudo] Workaround for uninitialized Bionic globals

Summary

Bionic doesn't initialize its globals early enough. This causes issues when
trying to access them from a preinit_array (b/25751302) or from another
constructor called before the libc one (b/68046352). __progname is initialized
after the other globals, so we can check its value to know if calling
getauxval is safe.

Diff Detail

Build Status

Buildable 12498
Build 12498: arc lint + arc unit

Event Timeline

cryptoad created this revision.Nov 27 2017, 9:32 AM

Herald added a subscriber: srhines. · View Herald TranscriptNov 27 2017, 9:32 AM

alekseyshl accepted this revision.Nov 27 2017, 11:22 AM

alekseyshl added inline comments.

lib/scudo/scudo_utils.cpp
110	So, hasHardwareCRC32ARMPosix() works fine, even that not all globals are initialized? Maybe the proper way is to repeat the check after globals are initialized (a lot more hassle, I know)?

This revision is now accepted and ready to land.Nov 27 2017, 11:22 AM

cryptoad added inline comments.Nov 27 2017, 11:33 AM

lib/scudo/scudo_utils.cpp
110	I'll see what I can whip out regarding the 2nd part of the comment. A few other words for the record: hasHardwareCRC32ARMPosix will work if the application has access to /proc/self/auxv. Two reasons I see why it wouldn't: /proc is not mounted yet (which is the case for init) or the file is disallowed via selinux/seccompbpf/sandboxing in general. This doesn't involve the libc globals. getauxval will work if the first dynamic memory allocation related call isn't prior to the initialization of the Bionic globals, as it loops through __libc_auxv which is NULL at this point. Things work with other libcs (musl, glibc) AFAICT, and is only an issue for Bionic.

cryptoad closed this revision.Nov 27 2017, 1:34 PM

Revision Contents

Path

Size

lib/

scudo/

scudo_utils.cpp

12 lines

Diff 124405

lib/scudo/scudo_utils.cpp

Show First 20 Lines • Show All 90 Lines • ▼ Show 20 Lines	bool hasHardwareCRC32ARMPosix() {
}		}
internal_close(F);		internal_close(F);
return (Entry.Tag == AT_HWCAP && (Entry.Value & HWCAP_CRC32) != 0);		return (Entry.Tag == AT_HWCAP && (Entry.Value & HWCAP_CRC32) != 0);
}		}
# else		# else
bool hasHardwareCRC32ARMPosix() { return false; }		bool hasHardwareCRC32ARMPosix() { return false; }
# endif // SANITIZER_POSIX		# endif // SANITIZER_POSIX

		// Bionic doesn't initialize its globals early enough. This causes issues when
		// trying to access them from a preinit_array (b/25751302) or from another
		// constructor called before the libc one (b/68046352). __progname is
		// initialized after the other globals, so we can check its value to know if
		// calling getauxval is safe.
		extern "C" SANITIZER_WEAK_ATTRIBUTE char *__progname;
		INLINE bool areBionicGlobalsInitialized() {
		return !SANITIZER_ANDROID \|\| (&__progname && __progname);
		}

bool hasHardwareCRC32() {		bool hasHardwareCRC32() {
if (&getauxval)		if (&getauxval && areBionicGlobalsInitialized())
		alekseyshlUnsubmitted Not Done Reply Inline Actions So, hasHardwareCRC32ARMPosix() works fine, even that not all globals are initialized? Maybe the proper way is to repeat the check after globals are initialized (a lot more hassle, I know)? alekseyshl: So, hasHardwareCRC32ARMPosix() works fine, even that not all globals are initialized? Maybe the…
		cryptoadAuthorUnsubmitted Not Done Reply Inline Actions I'll see what I can whip out regarding the 2nd part of the comment. A few other words for the record: hasHardwareCRC32ARMPosix will work if the application has access to /proc/self/auxv. Two reasons I see why it wouldn't: /proc is not mounted yet (which is the case for init) or the file is disallowed via selinux/seccompbpf/sandboxing in general. This doesn't involve the libc globals. getauxval will work if the first dynamic memory allocation related call isn't prior to the initialization of the Bionic globals, as it loops through __libc_auxv which is NULL at this point. Things work with other libcs (musl, glibc) AFAICT, and is only an issue for Bionic. cryptoad: I'll see what I can whip out regarding the 2nd part of the comment. A few other words for the…
return !!(getauxval(AT_HWCAP) & HWCAP_CRC32);		return !!(getauxval(AT_HWCAP) & HWCAP_CRC32);
return hasHardwareCRC32ARMPosix();		return hasHardwareCRC32ARMPosix();
}		}
#else		#else
bool hasHardwareCRC32() { return false; }		bool hasHardwareCRC32() { return false; }
#endif // defined(__x86_64__) \|\| defined(__i386__)		#endif // defined(__x86_64__) \|\| defined(__i386__)

} // namespace __scudo		} // namespace __scudo