This is an archive of the discontinued LLVM Phabricator instance.

Differential D88501

[asan][test] Several Posix/unpoison-alternate-stack.cpp fixes
ClosedPublic

Authored by ro on Sep 29 2020, 10:10 AM.

Details

Reviewers
vitalybuka
Commits
rG73fb9698c057: [asan][test] Several Posix/unpoison-alternate-stack.cpp fixes
Summary

Posix/unpoison-alternate-stack.cpp currently FAILs on Solaris/i386 and the investigation revealed several generic problems:

  • clang warns compiling the testcase:
/vol/llvm/src/llvm-project/local/compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp:83:7: warning: nested designators are a C99 extension [-Wc99-designator]
      .sa_sigaction = signalHandler,
      ^~~~~~~~~~~~~
/vol/llvm/src/llvm-project/local/compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp:84:7: warning: ISO C++ requires field designators to be specified in declaration order; field '_funcptr' will be initialized after field 'sa_flags' [-Wreorder-init-list]
      .sa_flags = SA_SIGINFO | SA_NODEFER | SA_ONSTACK,
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/vol/llvm/src/llvm-project/local/compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp:83:8: note: previous initialization for field '_funcptr' is here
      .sa_sigaction = signalHandler,
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/sys/signal.h:71:30: note: expanded from macro 'sa_sigaction'
#define sa_sigaction    _funcptr._sigaction
                                ^
/vol/llvm/src/llvm-project/local/compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp:149:7: warning: ISO C++ requires field designators to be specified in declaration order; field 'ss_flags' will be initialized after field 'ss_size' [-Wreorder-init-list]
      .ss_size = AltStackSize,
      ^~~~~~~~~~~~~~~~~~~~~~~
/vol/llvm/src/llvm-project/local/compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp:148:19: note: previous initialization for field 'ss_flags' is here
      .ss_flags = 0,
                  ^
This can all easily be avoided by initializing each field separately.
  • The test SEGVs:
Thread 4 received signal SIGSEGV, Segmentation fault.
[Switching to Thread 2 (LWP 2)]
0x08157f0f in __asan_memcpy (to=0xfe5d2e30, from=0x808cda0 <__const._ZN12_GLOBAL__N_123setSignalAlternateStackEPv.Action>, size=32) at /vol/llvm/src/llvm-project/dist/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:21
21	void *__asan_memcpy(void *to, const void *from, uptr size) {
(gdb) where
#0  0x08157f0f in __asan_memcpy (to=0xfe5d2e30, from=0x808cda0 <__const._ZN12_GLOBAL__N_123setSignalAlternateStackEPv.Action>, size=32) at /vol/llvm/src/llvm-project/dist/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:21
#1  0x081b080e in (anonymous namespace)::setSignalAlternateStack(void*) () at /vol/llvm/src/llvm-project/dist/compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp:86
#2  0x081b02bc in (anonymous namespace)::threadFun(void*) () at /vol/llvm/src/llvm-project/dist/compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp:107
#3  0x0816dd2a in __asan::AsanThread::ThreadStart (this=0xfe3f3000, os_id=2, signal_thread_is_registered=0xfeffd724) at /vol/llvm/src/llvm-project/dist/compiler-rt/lib/asan/asan_thread.cpp:262
#4  0x081400d0 in asan_thread_start (arg=0xfeffd720) at /vol/llvm/src/llvm-project/dist/compiler-rt/lib/asan/asan_interceptors.cpp:205
#5  0xfe281d3b in _thrp_setup () from /lib/libc.so.1
#6  0xfe282090 in ?? () from /lib/libc.so.1
in the sequence determing the GOT address at the `calll` insn:
	subl	$5424, %esp                     # imm = 0x1530
	calll	.L1$pb
.L1$pb:
The problem is that the default Solaris/i386 stack size is only 4 kB, while `__asan_memcpy` tries to allocate either 5436 (32-bit) or 10688 bytes (64-bit) on the stack.  This patch avoids this by requiring at least 16 kB stack size.
  • When I later investigated PlatformUnpoisonStacks calling GetThreadStackAndTls, I was reminded that GetTls is a dummy on Solaris. I do have a (not yet fully portable) implemtation, however that's moot for this testcase.
  • Even without -fsanitize=address or in a minimal testcase derived from this one, I get an assertion failure:
Assertion failed: !isOnSignalStack(), file /vol/llvm/src/llvm-project/dist/compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp, line 117
The fundamental problem with this testcase is that `longjmp` from a signal handler is highly unportable; XPG7 strongly warns against it and it is thus unspecified which stack is used when `longjmp`ing from a signal handler running on an alternative stack.

So I'm XFAILing this testcases on Solaris.

Tested on amd64-pc-solaris2.11 and x86_64-pc-linux-gnu.

Diff Detail

Event Timeline

ro created this revision.Sep 29 2020, 10:10 AM
Herald added subscribers: Restricted Project, fedor.sergeev. · View Herald TranscriptSep 29 2020, 10:10 AM
ro requested review of this revision.Sep 29 2020, 10:10 AM
Harbormaster completed remote builds in B73360: Diff 294946.Sep 29 2020, 10:19 AM
vitalybuka accepted this revision.Sep 30 2020, 4:01 AM

Please do not include entire description into git commit.
A couple of sentences should be enough.

compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp
89–91
156–159

same

This revision is now accepted and ready to land.Sep 30 2020, 4:01 AM
ro marked an inline comment as done.Sep 30 2020, 7:03 AM
ro added inline comments.
compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp
89–91

This doesn't compile on Linux/x86_64:

/vol/llvm/src/llvm-project/local/compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp:89:3: error: must use 'struct' tag to refer to type 'sigaction' in this scope
  sigaction Action = {};
  ^
  struct

Will go for

struct sigaction Action = {};

instead.

Closed by commit rG73fb9698c057: [asan][test] Several Posix/unpoison-alternate-stack.cpp fixes (authored by ro). · Explain WhySep 30 2020, 9:57 AM
This revision was automatically updated to reflect the committed changes.
ro marked an inline comment as done.
ro added a commit: rG73fb9698c057: [asan][test] Several Posix/unpoison-alternate-stack.cpp fixes.
ro mentioned this in D97933: [asan][test] Don't XFAIL Posix/unpoison-alternate-stack.cpp on Solaris.Mar 4 2021, 4:23 AM
ro mentioned this in rG579fd0259788: [asan][test] Don't XFAIL Posix/unpoison-alternate-stack.cpp on Solaris.Mar 5 2021, 12:44 AM

Revision Contents

PathSize
compiler-rt/
test/
asan/
TestCases/
Posix/
23 lines

Diff 295335

compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp

// Tests that __asan_handle_no_return properly unpoisons the signal alternate // Tests that __asan_handle_no_return properly unpoisons the signal alternate
// stack. // stack.
// Don't optimize, otherwise the variables which create redzones might be // Don't optimize, otherwise the variables which create redzones might be
// dropped. // dropped.
// RUN: %clangxx_asan -std=c++20 -fexceptions -O0 %s -o %t -pthread // RUN: %clangxx_asan -std=c++20 -fexceptions -O0 %s -o %t -pthread
// RUN: %run %t // RUN: %run %t
// XFAIL: ios && !iossim // XFAIL: ios && !iossim
// longjmp from signal handler is unportable.
// XFAIL: solaris
#include <algorithm>
#include <cassert> #include <cassert>
#include <cerrno> #include <cerrno>
#include <csetjmp> #include <csetjmp>
#include <cstdint> #include <cstdint>
#include <cstdio> #include <cstdio>
#include <cstdlib> #include <cstdlib>
#include <cstring> #include <cstring>
▲ Show 20 LinesShow All 59 Lines▼ Show 20 Linesvoid signalHandler(int, siginfo_t *, void *) {
// test unpoisoning when jumping between stacks // test unpoisoning when jumping between stacks
poisonStackAndJump(signalStack, [] { longjmp(defaultStack.JmpBuf, 1); }); poisonStackAndJump(signalStack, [] { longjmp(defaultStack.JmpBuf, 1); });
} }
void setSignalAlternateStack(void *AltStack) { void setSignalAlternateStack(void *AltStack) {
sigaltstack((stack_t const *)AltStack, nullptr); sigaltstack((stack_t const *)AltStack, nullptr);
struct sigaction Action = { struct sigaction Action = {};
.sa_sigaction = signalHandler, Action.sa_sigaction = signalHandler;
.sa_flags = SA_SIGINFO | SA_NODEFER | SA_ONSTACK, Action.sa_flags = SA_SIGINFO | SA_NODEFER | SA_ONSTACK;
vitalybukaUnsubmitted
Done
ReplyInline Actions
sigaltstack((stack_t const *)AltStack, nullptr);
- struct sigaction Action;
+ sigaction Action = {};
Action.sa_sigaction = signalHandler;
vitalybuka:
roAuthorUnsubmitted
Done
ReplyInline Actions

This doesn't compile on Linux/x86_64:

/vol/llvm/src/llvm-project/local/compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp:89:3: error: must use 'struct' tag to refer to type 'sigaction' in this scope
  sigaction Action = {};
  ^
  struct

Will go for

struct sigaction Action = {};

instead.

ro: This doesn't compile on Linux/x86_64: ``` /vol/llvm/src/llvm-project/local/compiler…
};
sigemptyset(&Action.sa_mask); sigemptyset(&Action.sa_mask);
sigaction(SIGUSR1, &Action, nullptr); sigaction(SIGUSR1, &Action, nullptr);
} }
// Main test function. // Main test function.
// Must be run on another thread to be able to control memory placement between // Must be run on another thread to be able to control memory placement between
// default stack and alternate signal stack. // default stack and alternate signal stack.
Show All 34 Lines
// Check that __asan_handle_no_return properly unpoisons a signal alternate // Check that __asan_handle_no_return properly unpoisons a signal alternate
// stack. // stack.
// __asan_handle_no_return tries to determine the stack boundaries and // __asan_handle_no_return tries to determine the stack boundaries and
// unpoisons all memory inside those. If this is not done properly, redzones for // unpoisons all memory inside those. If this is not done properly, redzones for
// variables on can remain in shadow memory which might lead to false positive // variables on can remain in shadow memory which might lead to false positive
// reports when the stack is reused. // reports when the stack is reused.
int main() { int main() {
size_t const PageSize = sysconf(_SC_PAGESIZE); size_t const PageSize = sysconf(_SC_PAGESIZE);
// The Solaris defaults of 4k (32-bit) and 8k (64-bit) are too small.
size_t const MinStackSize = std::max(PTHREAD_STACK_MIN, 16 * 1024);
// To align the alternate stack, we round this up to page_size. // To align the alternate stack, we round this up to page_size.
size_t const DefaultStackSize = size_t const DefaultStackSize =
(PTHREAD_STACK_MIN - 1 + PageSize) & ~(PageSize - 1); (MinStackSize - 1 + PageSize) & ~(PageSize - 1);
// The alternate stack needs a certain size, or the signal handler segfaults. // The alternate stack needs a certain size, or the signal handler segfaults.
size_t const AltStackSize = 10 * PageSize; size_t const AltStackSize = 10 * PageSize;
size_t const MappingSize = DefaultStackSize + AltStackSize; size_t const MappingSize = DefaultStackSize + AltStackSize;
// Using mmap guarantees proper alignment. // Using mmap guarantees proper alignment.
void *const Mapping = mmap(nullptr, MappingSize, void *const Mapping = mmap(nullptr, MappingSize,
PROT_READ | PROT_WRITE, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS, MAP_PRIVATE | MAP_ANONYMOUS,
-1, 0); -1, 0);
stack_t const AltStack = { stack_t AltStack = {};
.ss_sp = (char *)Mapping + DefaultStackSize, AltStack.ss_sp = (char *)Mapping + DefaultStackSize;
.ss_flags = 0, AltStack.ss_flags = 0;
.ss_size = AltStackSize, AltStack.ss_size = AltStackSize;
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

same

vitalybuka: same
};
pthread_t Thread; pthread_t Thread;
pthread_attr_t ThreadAttr; pthread_attr_t ThreadAttr;
pthread_attr_init(&ThreadAttr); pthread_attr_init(&ThreadAttr);
pthread_attr_setstack(&ThreadAttr, Mapping, DefaultStackSize); pthread_attr_setstack(&ThreadAttr, Mapping, DefaultStackSize);
pthread_create(&Thread, &ThreadAttr, &threadFun, (void *)&AltStack); pthread_create(&Thread, &ThreadAttr, &threadFun, (void *)&AltStack);
pthread_join(Thread, nullptr); pthread_join(Thread, nullptr);
munmap(Mapping, MappingSize); munmap(Mapping, MappingSize);
} }