This is an archive of the discontinued LLVM Phabricator instance.

Differential D48255

[sanitizer] Fix LSAN for 32-bit glibc before 2.27
AbandonedPublic

Authored by Lekensteyn on Jun 16 2018, 3:16 AM.

Details

Reviewers
vitalybuka
kcc
jakubjelinek
Summary

When dlvsym fails (because the requested symbol does not exist), it
might call malloc and crash with LSAN. Fixes regression in r334363.

Diff Detail

Event Timeline

Lekensteyn created this revision.Jun 16 2018, 3:16 AM
Herald added subscribers: Restricted Project, llvm-commits, kubamracek. · View Herald TranscriptJun 16 2018, 3:16 AM
Lekensteyn updated this revision to Diff 151615.Jun 16 2018, 3:18 AM

Oops, wrong (unsplit) diff. This is the correct one and depends on D48254.

jakubjelinek added inline comments.Jun 16 2018, 3:50 AM
lib/sanitizer_common/sanitizer_linux_libcdep.cc
189

Why this hunk? This will unnecessary forever pessimize sanitizers built against glibc 2.27+.

Lekensteyn added inline comments.Jun 16 2018, 9:47 AM
lib/sanitizer_common/sanitizer_linux_libcdep.cc
189

Only 32-bit builds are affected and the overhead is neglible as InitTlsSize is called only *once* per process. The advantage of this dynamic approach is that 32-bit programs can still be copied to a different OS with older glibc and execute without *unconditionally* crashing.

The previous code used dlvsym to perform the version check, but as I now call gnu_get_libc_version directly for GNU libc in D48254, its overhead is pretty small.

Given these circumstances, I think it is reasonable to unconditionally check the version.

If you are interested in some numbers,
line 220 required 2858 instructions (the dlsym call) while
line 226 took 1722 instructions (retrieval of the version and parsing it).
Line 230 took 1806 instructions (as measured with record full and info record in gdb and stepping with next).

Lekensteyn abandoned this revision.Jun 17 2018, 1:54 PM

Superseded by https://reviews.llvm.org/D48265

I still think it would be worth doing the unconditional check on x86 though, but it's a minor issue so I'll defer it.

Revision Contents

PathSize
lib/
sanitizer_common/
9 lines

Diff 151615

lib/sanitizer_common/sanitizer_linux_libcdep.cc

Show First 20 LinesShow All 179 Lines▼ Show 20 Lines#endif // __GLIBC__
return 0; return 0;
} }
#if !SANITIZER_FREEBSD && !SANITIZER_ANDROID && !SANITIZER_GO && \ #if !SANITIZER_FREEBSD && !SANITIZER_ANDROID && !SANITIZER_GO && \
!SANITIZER_NETBSD && !SANITIZER_OPENBSD && !SANITIZER_SOLARIS !SANITIZER_NETBSD && !SANITIZER_OPENBSD && !SANITIZER_SOLARIS
static uptr g_tls_size; static uptr g_tls_size;
#ifdef __i386__ #ifdef __i386__
# ifndef __GLIBC_PREREQ
# define CHECK_GET_TLS_STATIC_INFO_VERSION 1 # define CHECK_GET_TLS_STATIC_INFO_VERSION 1
# else #else
jakubjelinekUnsubmitted
Not Done
ReplyInline Actions

Why this hunk? This will unnecessary forever pessimize sanitizers built against glibc 2.27+.

jakubjelinek: Why this hunk? This will unnecessary forever pessimize sanitizers built against glibc 2.27+.
LekensteynAuthorUnsubmitted
Not Done
ReplyInline Actions

Only 32-bit builds are affected and the overhead is neglible as InitTlsSize is called only *once* per process. The advantage of this dynamic approach is that 32-bit programs can still be copied to a different OS with older glibc and execute without *unconditionally* crashing.

The previous code used dlvsym to perform the version check, but as I now call gnu_get_libc_version directly for GNU libc in D48254, its overhead is pretty small.

Given these circumstances, I think it is reasonable to unconditionally check the version.

If you are interested in some numbers,
line 220 required 2858 instructions (the dlsym call) while
line 226 took 1722 instructions (retrieval of the version and parsing it).
Line 230 took 1806 instructions (as measured with record full and info record in gdb and stepping with next).

Lekensteyn: Only 32-bit builds are affected and the overhead is neglible as InitTlsSize is called only…
# define CHECK_GET_TLS_STATIC_INFO_VERSION (!__GLIBC_PREREQ(2, 27))
# endif
#else
# define CHECK_GET_TLS_STATIC_INFO_VERSION 0 # define CHECK_GET_TLS_STATIC_INFO_VERSION 0
#endif #endif
#if CHECK_GET_TLS_STATIC_INFO_VERSION #if CHECK_GET_TLS_STATIC_INFO_VERSION
# define DL_INTERNAL_FUNCTION __attribute__((regparm(3), stdcall)) # define DL_INTERNAL_FUNCTION __attribute__((regparm(3), stdcall))
#else #else
# define DL_INTERNAL_FUNCTION # define DL_INTERNAL_FUNCTION
#endif #endif
Show All 20 Linesvoid InitTlsSize() {
// all current supported platforms have 16 bytes stack alignment // all current supported platforms have 16 bytes stack alignment
const size_t kStackAlign = 16; const size_t kStackAlign = 16;
void *get_tls_static_info_ptr = dlsym(RTLD_NEXT, "_dl_get_tls_static_info"); void *get_tls_static_info_ptr = dlsym(RTLD_NEXT, "_dl_get_tls_static_info");
size_t tls_size = 0; size_t tls_size = 0;
size_t tls_align = 0; size_t tls_align = 0;
// On i?86, _dl_get_tls_static_info used to be internal_function, i.e. // On i?86, _dl_get_tls_static_info used to be internal_function, i.e.
// __attribute__((regparm(3), stdcall)) before glibc 2.27 and is normal // __attribute__((regparm(3), stdcall)) before glibc 2.27 and is normal
// function in 2.27 and later. // function in 2.27 and later.
if (CHECK_GET_TLS_STATIC_INFO_VERSION && if (CHECK_GET_TLS_STATIC_INFO_VERSION && GetGlibcVersion(nullptr) < 27)
!dlvsym(RTLD_NEXT, "glob", "GLIBC_2.27"))
CallGetTls<GetTlsStaticInfoRegparmCall>(get_tls_static_info_ptr, CallGetTls<GetTlsStaticInfoRegparmCall>(get_tls_static_info_ptr,
&tls_size, &tls_align); &tls_size, &tls_align);
else else
CallGetTls<GetTlsStaticInfoCall>(get_tls_static_info_ptr, CallGetTls<GetTlsStaticInfoCall>(get_tls_static_info_ptr,
&tls_size, &tls_align); &tls_size, &tls_align);
if (tls_align < kStackAlign) if (tls_align < kStackAlign)
tls_align = kStackAlign; tls_align = kStackAlign;
g_tls_size = RoundUpTo(tls_size, tls_align); g_tls_size = RoundUpTo(tls_size, tls_align);
▲ Show 20 LinesShow All 558 LinesShow Last 20 Lines