This is an archive of the discontinued LLVM Phabricator instance.

Differential D54113

[sanitizer] Use AT_EXECFN in ReExec() if available
ClosedPublic

Authored by bkramer on Nov 5 2018, 9:42 AM.

Details

Reviewers
pcc
dvyukov
kcc
vitalybuka
Commits
rG178d26fa18d3: [sanitizer] Use AT_EXECFN in ReExec() if available
rCRT346215: [sanitizer] Use AT_EXECFN in ReExec() if available
rL346215: [sanitizer] Use AT_EXECFN in ReExec() if available
Summary

execve("/proc/self/exe") will not work if the binary relies on
$EXEC_ORIGIN in an rpath. Query AT_EXECFN instead, which will give the
same string that the current binary was exec'd with.

Diff Detail

Event Timeline

bkramer created this revision.Nov 5 2018, 9:42 AM
Herald added subscribers: Restricted Project, delcypher, jlebar, kubamracek. · View Herald TranscriptNov 5 2018, 9:42 AM
Harbormaster completed remote builds in B24562: Diff 172610.Nov 5 2018, 9:42 AM
jgorbe added a subscriber: jgorbe.Nov 5 2018, 10:10 AM
kcc added a reviewer: vitalybuka.Nov 5 2018, 1:32 PM

Is a test possible here?

bkramer updated this revision to Diff 172649.Nov 5 2018, 1:50 PM

Add test

Harbormaster completed remote builds in B24569: Diff 172649.Nov 5 2018, 1:50 PM
bkramer added a comment.Nov 5 2018, 1:50 PM
In D54113#1287835, @kcc wrote:

Is a test possible here?

I thought it was only possible on PPC, but I can abuse the fact that MSAN re-execs on unlimited stacks. Test included.

vitalybuka added inline comments.Nov 5 2018, 2:48 PM
test/msan/Linux/reexec_unlimited_stack.cc
17

How this test triggers changed code?

bkramer added inline comments.Nov 5 2018, 2:59 PM
test/msan/Linux/reexec_unlimited_stack.cc
17

The idea is that the ulimit -s unlimited makes msan re-exec on startup. Currently this overwrites AT_EXECFN with /proc/self/exe. With this change it's preserved.

bkramer updated this revision to Diff 172669.Nov 5 2018, 3:01 PM
  • Add a comment to the test.
vitalybuka accepted this revision.Nov 5 2018, 4:41 PM
This revision is now accepted and ready to land.Nov 5 2018, 4:41 PM
Closed by commit rL346215: [sanitizer] Use AT_EXECFN in ReExec() if available (authored by d0k). · Explain WhyNov 6 2018, 12:56 AM
Closed by commit rCRT346215: [sanitizer] Use AT_EXECFN in ReExec() if available (authored by d0k). · Explain Why
This revision was automatically updated to reflect the committed changes.
This revision was automatically updated to reflect the committed changes.
MaskRay added a subscriber: MaskRay.Nov 6 2018, 10:17 AM

$EXEC_ORIGIN ($ORIGIN without tracing the symlink) does not exist in vanilla glibc https://sourceware.org/ml/libc-alpha/2017-10/msg01109.html

This breaks TSanitizer-x86_64-Test-Nolibc as getauxval is a glibc symbol, which can be fixed by https://reviews.llvm.org/D54160

ld.lld: error: undefined symbol: getauxval
>>> referenced by sanitizer_linux.cc:646 (../projects/compiler-rt/lib/sanitizer_common/sanitizer_linux.cc:646)
>>>               sanitizer_linux.cc.o:(__sanitizer::ReExec()) in archive libRTSanitizerCommon.test.nolibc.x86_64.a

Revision Contents

PathSize
lib/
sanitizer_common/
4 lines
test/
msan/
Linux/
23 lines

Diff 172716

lib/sanitizer_common/sanitizer_linux.cc

Show First 20 LinesShow All 634 Lines▼ Show 20 Lines#if SANITIZER_NETBSD
uptr len; uptr len;
len = sizeof(path); len = sizeof(path);
if (internal_sysctl(name, ARRAY_SIZE(name), path, &len, NULL, 0) != -1) if (internal_sysctl(name, ARRAY_SIZE(name), path, &len, NULL, 0) != -1)
pathname = path; pathname = path;
#elif SANITIZER_SOLARIS #elif SANITIZER_SOLARIS
pathname = getexecname(); pathname = getexecname();
CHECK_NE(pathname, NULL); CHECK_NE(pathname, NULL);
#elif SANITIZER_USE_GETAUXVAL
// Calling execve with /proc/self/exe sets that as $EXEC_ORIGIN. Binaries that
// rely on that will fail to load shared libraries. Query AT_EXECFN instead.
pathname = reinterpret_cast<const char *>(getauxval(AT_EXECFN));
#endif #endif
GetArgsAndEnv(&argv, &envp); GetArgsAndEnv(&argv, &envp);
uptr rv = internal_execve(pathname, argv, envp); uptr rv = internal_execve(pathname, argv, envp);
int rverrno; int rverrno;
CHECK_EQ(internal_iserror(rv, &rverrno), true); CHECK_EQ(internal_iserror(rv, &rverrno), true);
Printf("execve failed, errno %d\n", rverrno); Printf("execve failed, errno %d\n", rverrno);
Die(); Die();
▲ Show 20 LinesShow All 1,442 LinesShow Last 20 Lines

test/msan/Linux/reexec_unlimited_stack.cc

// MSAN re-execs on unlimited stacks. We use that to verify ReExec() uses the
// right path.
// RUN: %clangxx_msan -O0 %s -o %t && ulimit -s unlimited && %run %t | FileCheck %s
#include <stdio.h>
#if !defined(__GLIBC_PREREQ)
#define __GLIBC_PREREQ(a, b) 0
#endif
#if __GLIBC_PREREQ(2, 16)
#include <sys/auxv.h>
#endif
int main() {
#if __GLIBC_PREREQ(2, 16)
// Make sure AT_EXECFN didn't get overwritten by re-exec.
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

How this test triggers changed code?

vitalybuka: How this test triggers changed code?
bkramerAuthorUnsubmitted
Not Done
ReplyInline Actions

The idea is that the ulimit -s unlimited makes msan re-exec on startup. Currently this overwrites AT_EXECFN with /proc/self/exe. With this change it's preserved.

bkramer: The idea is that the `ulimit -s unlimited` makes msan re-exec on startup. Currently this…
puts(reinterpret_cast<const char *>(getauxval(AT_EXECFN)));
#else
puts("No getauxval");
#endif
// CHECK-NOT: /proc/self/exe
}