This is an archive of the discontinued LLVM Phabricator instance.

Differential D56475

Don't require a null terminator when loading objects
ClosedPublic

Authored by glandium on Jan 8 2019, 9:37 PM.

Details

Reviewers
zturner
Commits
rG30ba0a0c950a: Don't require a null terminator when loading objects
rL350774: Don't require a null terminator when loading objects
Summary

Requiring one doesn't cause harm in most cases, but when things align perfectly, things can go really bad.

Imagine you have a browser, built with ASAN. It uses multiple processes. It has intentional leaks, with suppressions. You run it, exit it. Each child process exits. Each with leaks, that need symbolication to match against the suppressions. So each runs llvm-symbolizer. At the same time.

Some of the addresses to symbolicate are in a shared library. That shared library contains all DWARF info, so it's rather large (close to a 1GB). Oh, and because all stars were aligned, its size is exactly a multiple of the page size. So shouldUseMmap in MemoryBuffer returns false for it. So llvm-symbolizer pread() the file instead. All instances of it. Did I say there are multiple processes? So suddenly you have n processes simultaneously allocating and filling 1GB of memory each, on CI machines that have enough memory for the job they usually run, but not enough for a sudden rush of n GB.

And things go awry. When you're lucky and the OOM killer didn't take care of killing the CI entirely, symbolication couldn't happen and the suppressions are not matched, and leaks are reported.

Diff Detail

Repository
rL LLVM

Event Timeline

glandium created this revision.Jan 8 2019, 9:37 PM
Herald added subscribers: llvm-commits, JDevlieghere, kristof.beyls and 2 others. · View Herald TranscriptJan 8 2019, 9:37 PM
zturner added a reviewer: zturner.Jan 9 2019, 12:45 PM
zturner accepted this revision.Jan 9 2019, 12:50 PM

Thanks. I fixed this exact bug in a different place a month ago. I wonder if we should audit all callers of getFileOrSTDIN and MemoryBuffer::getFile, because I'm guessing this can still occur in other places for the same reason.

This revision is now accepted and ready to land.Jan 9 2019, 12:50 PM
Closed by commit rL350774: Don't require a null terminator when loading objects (authored by dmajor). · Explain WhyJan 9 2019, 3:40 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
llvm/
trunk/
lib/
Object/
3 lines

Diff 180950

llvm/trunk/lib/Object/Binary.cpp

Show First 20 LinesShow All 82 Lines▼ Show 20 Lines case file_magic::coff_cl_gl_object:
// Unrecognized object file format. // Unrecognized object file format.
return errorCodeToError(object_error::invalid_file_type); return errorCodeToError(object_error::invalid_file_type);
} }
llvm_unreachable("Unexpected Binary File Type"); llvm_unreachable("Unexpected Binary File Type");
} }
Expected<OwningBinary<Binary>> object::createBinary(StringRef Path) { Expected<OwningBinary<Binary>> object::createBinary(StringRef Path) {
ErrorOr<std::unique_ptr<MemoryBuffer>> FileOrErr = ErrorOr<std::unique_ptr<MemoryBuffer>> FileOrErr =
MemoryBuffer::getFileOrSTDIN(Path); MemoryBuffer::getFileOrSTDIN(Path, /*FileSize=*/-1,
/*RequiresNullTerminator=*/false);
if (std::error_code EC = FileOrErr.getError()) if (std::error_code EC = FileOrErr.getError())
return errorCodeToError(EC); return errorCodeToError(EC);
std::unique_ptr<MemoryBuffer> &Buffer = FileOrErr.get(); std::unique_ptr<MemoryBuffer> &Buffer = FileOrErr.get();
Expected<std::unique_ptr<Binary>> BinOrErr = Expected<std::unique_ptr<Binary>> BinOrErr =
createBinary(Buffer->getMemBufferRef()); createBinary(Buffer->getMemBufferRef());
if (!BinOrErr) if (!BinOrErr)
return BinOrErr.takeError(); return BinOrErr.takeError();
std::unique_ptr<Binary> &Bin = BinOrErr.get(); std::unique_ptr<Binary> &Bin = BinOrErr.get();
return OwningBinary<Binary>(std::move(Bin), std::move(Buffer)); return OwningBinary<Binary>(std::move(Bin), std::move(Buffer));
} }