When the linux kernel is patched with PaX (http://pax.grsecurity.net/) and
the option UDEREF enable the use-after-free test fail with
laptop1 / # ./use-after-free
==13568==AddressSanitizer CHECK failed: /var/tmp/portage/sys-devel/llvm-3.3-r1/work/llvm-3.3.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_allocator.h:310
"((kSpaceBeg)) == (( reinterpret_cast<uptr>(Mprotect(kSpaceBeg, kSpaceSize))))" (0x600000000000,
#0 0x425b9f (/use-after-free+0x425b9f)
#1 0x427371 (/use-after-free+0x427371)
#2 0x414652 (/use-after-free+0x414652)
#3 0x4112d5 (/use-after-free+0x4112d5)
#4 0x4259a4 (/use-after-free+0x4259a4)
#5 0x2f3cdc5ed45 (/lib64/ld-2.17.so+0xed45)
#6 0x2f3cdc516c9 (/lib64/ld-2.17.so+0x16c9)
laptop1 / #
PaX enable kernel have diffrent userland address space size then the usual 47 bit linux/amd64
userland address space size.
The test is done on a Gentoo Hardened system with Grsecurity and Pax enable kernel
with llvm 3.3 or gcc 4.8.1. Downstream bug https://bugs.gentoo.org/show_bug.cgi?id=458706
Reported by firstname.lastname@example.org on 2013-09-30 20:19:54
The text was updated successfully, but these errors were encountered:
You may try to change the shadow offset using
See more compile-time flags in lib/Transforms/Instrumentation/AddressSanitizer.cpp
But these options are by no means supported -- use them on your own risk.
Reported by konstantin.s.serebryany on 2013-10-01 07:40:55
From http://blog.siphos.be/2013/12/december-hardened-meeting/ :
>> And on the ASAN (Address Sanitizer) debacle; well… still the same.
>> Doesn’t work with PaX. I think there is a standstill on this.
Sure, this will not get fixed by itself.
Patches to support PaX are welcome,
*especially* if they are accompanied by a public LLVM build bot.
Reported by konstantin.s.serebryany on 2013-12-26 11:58:31
If anyone is still interested in using AddressSanitizer (or other Clang sanitizers)
under PaX kernels, I've implemented the necessary patches - details are here: http://endl.ch/clang-sanitizers-with-pax