This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/trunk/
-
trunk/
-
lib/asan/
-
asan/
2/2
asan_malloc_linux.cc
-
test/asan/TestCases/
-
asan/
-
TestCases/
-
long-object-path.cc

Differential D47995

[ASAN] fix startup crash in dlsym for long paths since glibc 2.27
ClosedPublic

Authored by Lekensteyn on Jun 10 2018, 1:40 PM.

Download Raw Diff

Details

Reviewers

kcc
vitalybuka

Commits

rG1bbab1e55852: [ASAN] fix startup crash in dlsym for long paths since glibc 2.27
rCRT334703: [ASAN] fix startup crash in dlsym for long paths since glibc 2.27
rL334703: [ASAN] fix startup crash in dlsym for long paths since glibc 2.27

Summary

Error messages for dlsym used to be stored on the stack, but since
commit 2449ae7b ("ld.so: Introduce struct dl_exception") in glibc 2.27
these are now stored on the heap (and thus use the dlsym alloc pool).

Messages look like "undefined symbol: __isoc99_printf\0/path/to/a.out".
With many missing library functions and long object paths, the pool is
quickly exhausted. Implement a simple mechanism to return freed memory
to the pool (clear it in case it is used for calloc).

Fixes https://github.com/google/sanitizers/issues/957

Diff Detail

Repository: rL LLVM

Event Timeline

Lekensteyn created this revision.Jun 10 2018, 1:40 PM

Herald added subscribers: Restricted Project, llvm-commits, kubamracek. · View Herald TranscriptJun 10 2018, 1:40 PM

vitalybuka accepted this revision.Jun 13 2018, 4:49 PM

This revision is now accepted and ready to land.Jun 13 2018, 4:49 PM

vitalybuka added inline comments.Jun 13 2018, 4:52 PM

lib/asan/asan_malloc_linux.cc
58 ↗	(On Diff #150661)	Alternative, more general solution is to have some bitmap which tells if byte is allocated. And then trim the tail on each free.

Closed by commit rL334703: [ASAN] fix startup crash in dlsym for long paths since glibc 2.27 (authored by Lekensteyn). · Explain WhyJun 14 2018, 3:47 AM

This revision was automatically updated to reflect the committed changes.

Herald added a subscriber: delcypher. · View Herald TranscriptJun 14 2018, 3:47 AM

Lekensteyn added inline comments.Jun 14 2018, 3:48 AM

lib/asan/asan_malloc_linux.cc
58 ↗	(On Diff #150661)	A bitmap before (or after) an allocation increases memory consumption (by a tiny amount). It would only be beneficial in the following pattern: p = malloc(a); q = malloc(b); free(q); free(p); // currently does not release "p" // or: //free(p); free(q); // currently does not release "p" and "q" however as I have not observed these patterns and its implementation is more complex, I decided to take the current, simpler approach.

delcypher added inline comments.Jun 14 2018, 4:15 AM

compiler-rt/trunk/lib/asan/asan_malloc_linux.cc
53	Typo? s/dlsym longer/dlsym no longer/
54	Typo. s/use/uses/

Thanks for the reviews, I fixed both typos in r334719 and disabled the test due to a lit problem on Windows. I'll be looking at supporting glob patterns for commands in general or just the "cd" builtin.

Failing test: http://lab.llvm.org:8011/builders/sanitizer-windows/builds/30093

******************** TEST 'AddressSanitizer-i386-windows :: TestCases/long-object-path.cc' FAILED ********************
Exception during script execution:
Traceback (most recent call last):
  File "C:/b/slave/sanitizer-windows/llvm\utils\lit\lit\run.py", line 202, in _execute_test_impl
    result = test.config.test_format.execute(test, lit_config)
  File "C:/b/slave/sanitizer-windows/llvm\utils\lit\lit\formats\shtest.py", line 25, in execute
    self.execute_external)
  File "C:/b/slave/sanitizer-windows/llvm\utils\lit\lit\TestRunner.py", line 1576, in executeShTest
    res = _runShTest(test, litConfig, useExternalSh, script, tmpBase)
  File "C:/b/slave/sanitizer-windows/llvm\utils\lit\lit\TestRunner.py", line 1524, in _runShTest
    res = executeScriptInternal(test, litConfig, tmpBase, script, execdir)
  File "C:/b/slave/sanitizer-windows/llvm\utils\lit\lit\TestRunner.py", line 1019, in executeScriptInternal
    exitCode, timeoutInfo = executeShCmd(cmd, shenv, results, timeout=litConfig.maxIndividualTestTime)
  File "C:/b/slave/sanitizer-windows/llvm\utils\lit\lit\TestRunner.py", line 163, in executeShCmd
    finalExitCode = _executeShCmd(cmd, shenv, results, timeoutHelper)
  File "C:/b/slave/sanitizer-windows/llvm\utils\lit\lit\TestRunner.py", line 738, in _executeShCmd
    res = _executeShCmd(cmd.rhs, shenv, results, timeoutHelper)
  File "C:/b/slave/sanitizer-windows/llvm\utils\lit\lit\TestRunner.py", line 721, in _executeShCmd
    return _executeShCmd(cmd.rhs, shenv, results, timeoutHelper)
  File "C:/b/slave/sanitizer-windows/llvm\utils\lit\lit\TestRunner.py", line 852, in _executeShCmd
    is_builtin_cmd = args[0] in builtin_commands;
TypeError: unhashable instance

Reproducible on Linux with the environment variable LIT_USE_INTERNAL_SHELL=1 set.

Revision Contents

Path

Size

compiler-rt/

trunk/

lib/

asan/

asan_malloc_linux.cc

19 lines

test/

asan/

TestCases/

long-object-path.cc

7 lines

Diff 151324

compiler-rt/trunk/lib/asan/asan_malloc_linux.cc

Show All 25 Lines
#include "asan_internal.h"		#include "asan_internal.h"
#include "asan_malloc_local.h"		#include "asan_malloc_local.h"
#include "asan_stack.h"		#include "asan_stack.h"

// ---------------------- Replacement functions ---------------- {{{1		// ---------------------- Replacement functions ---------------- {{{1
using namespace __asan; // NOLINT		using namespace __asan; // NOLINT

static uptr allocated_for_dlsym;		static uptr allocated_for_dlsym;
		static uptr last_dlsym_alloc_size_in_words;
static const uptr kDlsymAllocPoolSize = SANITIZER_RTEMS ? 4096 : 1024;		static const uptr kDlsymAllocPoolSize = SANITIZER_RTEMS ? 4096 : 1024;
static uptr alloc_memory_for_dlsym[kDlsymAllocPoolSize];		static uptr alloc_memory_for_dlsym[kDlsymAllocPoolSize];

static INLINE bool IsInDlsymAllocPool(const void *ptr) {		static INLINE bool IsInDlsymAllocPool(const void *ptr) {
uptr off = (uptr)ptr - (uptr)alloc_memory_for_dlsym;		uptr off = (uptr)ptr - (uptr)alloc_memory_for_dlsym;
return off < allocated_for_dlsym * sizeof(alloc_memory_for_dlsym[0]);		return off < allocated_for_dlsym * sizeof(alloc_memory_for_dlsym[0]);
}		}

static void *AllocateFromLocalPool(uptr size_in_bytes) {		static void *AllocateFromLocalPool(uptr size_in_bytes) {
uptr size_in_words = RoundUpTo(size_in_bytes, kWordSize) / kWordSize;		uptr size_in_words = RoundUpTo(size_in_bytes, kWordSize) / kWordSize;
void mem = (void)&alloc_memory_for_dlsym[allocated_for_dlsym];		void mem = (void)&alloc_memory_for_dlsym[allocated_for_dlsym];
		last_dlsym_alloc_size_in_words = size_in_words;
allocated_for_dlsym += size_in_words;		allocated_for_dlsym += size_in_words;
CHECK_LT(allocated_for_dlsym, kDlsymAllocPoolSize);		CHECK_LT(allocated_for_dlsym, kDlsymAllocPoolSize);
return mem;		return mem;
}		}

		static void DeallocateFromLocalPool(const void *ptr) {
		// Hack: since glibc 2.27, dlsym longer use stack-allocated memory to store
		delcypherUnsubmitted Done Reply Inline Actions Typo? s/dlsym longer/dlsym no longer/ delcypher: Typo? s/dlsym longer/dlsym no longer/
		// error messages and instead use malloc followed by free. To avoid pool
		delcypherUnsubmitted Done Reply Inline Actions Typo. s/use/uses/ delcypher: Typo. s/use/uses/
		// exhaustion due to long object filenames, handle that special case here.
		uptr prev_offset = allocated_for_dlsym - last_dlsym_alloc_size_in_words;
		void prev_mem = (void)&alloc_memory_for_dlsym[prev_offset];
		if (prev_mem == ptr) {
		REAL(memset)(prev_mem, 0, last_dlsym_alloc_size_in_words * kWordSize);
		allocated_for_dlsym = prev_offset;
		last_dlsym_alloc_size_in_words = 0;
		}
		}

static int PosixMemalignFromLocalPool(void **memptr, uptr alignment,		static int PosixMemalignFromLocalPool(void **memptr, uptr alignment,
uptr size_in_bytes) {		uptr size_in_bytes) {
if (UNLIKELY(!CheckPosixMemalignAlignment(alignment)))		if (UNLIKELY(!CheckPosixMemalignAlignment(alignment)))
return errno_EINVAL;		return errno_EINVAL;

CHECK(alignment >= kWordSize);		CHECK(alignment >= kWordSize);

uptr addr = (uptr)&alloc_memory_for_dlsym[allocated_for_dlsym];		uptr addr = (uptr)&alloc_memory_for_dlsym[allocated_for_dlsym];
▲ Show 20 Lines • Show All 44 Lines • ▼ Show 20 Lines	if (UNLIKELY(UseLocalPool())) {
new_ptr = asan_malloc(size, &stack);		new_ptr = asan_malloc(size, &stack);
}		}
internal_memcpy(new_ptr, ptr, copy_size);		internal_memcpy(new_ptr, ptr, copy_size);
return new_ptr;		return new_ptr;
}		}

INTERCEPTOR(void, free, void *ptr) {		INTERCEPTOR(void, free, void *ptr) {
GET_STACK_TRACE_FREE;		GET_STACK_TRACE_FREE;
if (UNLIKELY(IsInDlsymAllocPool(ptr)))		if (UNLIKELY(IsInDlsymAllocPool(ptr))) {
		DeallocateFromLocalPool(ptr);
return;		return;
		}
asan_free(ptr, &stack, FROM_MALLOC);		asan_free(ptr, &stack, FROM_MALLOC);
}		}

#if SANITIZER_INTERCEPT_CFREE		#if SANITIZER_INTERCEPT_CFREE
INTERCEPTOR(void, cfree, void *ptr) {		INTERCEPTOR(void, cfree, void *ptr) {
GET_STACK_TRACE_FREE;		GET_STACK_TRACE_FREE;
if (UNLIKELY(IsInDlsymAllocPool(ptr)))		if (UNLIKELY(IsInDlsymAllocPool(ptr)))
return;		return;
▲ Show 20 Lines • Show All 164 Lines • Show Last 20 Lines

compiler-rt/trunk/test/asan/TestCases/long-object-path.cc

				// RUN: mkdir -p %T/a-long-directory-name-to-test-allocations-for-exceptions-in-_dl_lookup_symbol_x-since-glibc-2.27
				// RUN: %clangxx_asan -g %s -o %T/long-object-path
				// RUN: %run %T/a-/../a-/../a-/../a-/../a-/../a-/../a-/../a-/../long-object-path

				int main(void) {
				return 0;
				}