Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-exec TSan with no ASLR if memory layout is incompatible on Linux #78351

Merged
merged 6 commits into from
Jan 19, 2024
Merged

Re-exec TSan with no ASLR if memory layout is incompatible on Linux #78351

merged 6 commits into from
Jan 19, 2024

Commits on Jan 19, 2024

  1. Re-exec TSan with no ASLR if memory layout is incompatible 

    TSan's shadow mappings only support 30-bits of ASLR entropy on x86, and
it is not practical to support the maximum of 32-bits (due to pointer
compression and the overhead of shadow mappings). Instead, this patch
changes TSan to re-exec without ASLR if it encounters an incompatible
memory layout, as suggested by Dmitry in google/sanitizers#1716.
If ASLR is already disabled, it will abort.

This patch involves a bit of refactoring, because the old code is:
    InitializePlatformEarly()
    InitializeAllocator()
    InitializePlatform(): CheckAndProtect()
but it may already segfault during InitializeAllocator() if the memory
layout is incompatible, before we get a chance to check in
CheckAndProtect.

This patch adds CheckAndProtect during InitializePlatformEarly(), before
the allocator is initialized. Naturally, it is necessary to ensure that
CheckAndProtect does *not* allow the heap regions to be occupied there,
hence we generalize CheckAndProtect to optionally check the heap
regions. We keep the original behavior of CheckAndProtect() in InitializePlatform()
as a last line of defense.

We need to careful not to prematurely abort if ASLR is disabled but TSan was going to re-exec
for other reasons (e.g., unlimited stack size); we implement this by
moving all the re-exec logic into ReExecIfNeeded().
    @thurstond
    thurstond committed Jan 19, 2024
    Configuration menu
    Copy the full SHA
    479ac09 View commit details
    Browse the repository at this point in the history

  2. Update tsan_platform_mac.cpp to use new CheckAndProtect semantics. 

    The overall behavior is unchanged for Mac (i.e., there is no
re-exec added).
    @thurstond
    thurstond committed Jan 19, 2024
    Configuration menu
    Copy the full SHA
    bf8d52f View commit details
    Browse the repository at this point in the history

  3. Remove unnecessary braces

    @thurstond
    thurstond committed Jan 19, 2024
    Configuration menu
    Copy the full SHA
    115eb0c View commit details
    Browse the repository at this point in the history

  4. Whitespace

    @thurstond
    thurstond committed Jan 19, 2024
    Configuration menu
    Copy the full SHA
    2dd6026 View commit details
    Browse the repository at this point in the history

  5. More changes to whitespace

    @thurstond
    thurstond committed Jan 19, 2024
    Configuration menu
    Copy the full SHA
    efcef0c View commit details
    Browse the repository at this point in the history

  6. Empty commit to try to trick BuildKite into re-running

    @thurstond
    thurstond committed Jan 19, 2024
    Configuration menu
    Copy the full SHA
    ecf732c View commit details
    Browse the repository at this point in the history