[compiler-rt] r303132 - [asan] make asan under sandboxes more robust

Peter Collingbourne via llvm-commits llvm-commits at lists.llvm.org
Mon May 15 17:10:51 PDT 2017 

I'm fine with waiting.

Peter

On Mon, May 15, 2017 at 5:09 PM, Kostya Serebryany <kcc at google.com> wrote:

> I see...
> Shall we wait for someone to complain about this test first (to know who
> is affected) or disable it right away?
>
> --kcc
>
> On Mon, May 15, 2017 at 5:06 PM, Peter Collingbourne <peter at pcc.me.uk>
> wrote:
>
>> I think it's not just a matter of a new enough kernel but the fact that
>> some Linux distributions disable user namespaces for security reasons, e.g.
>> Arch Linux: https://bugs.archlinux.org/task/36969
>>
>> Peter
>>
>> On Mon, May 15, 2017 at 5:03 PM, Kostya Serebryany <kcc at google.com>
>> wrote:
>>
>>> Yea, probably.
>>> Will this include fresh enough kernels that we care about?
>>>
>>> On Mon, May 15, 2017 at 4:54 PM, Peter Collingbourne <peter at pcc.me.uk>
>>> wrote:
>>>
>>>> The test will fail if the kernel does not allow user namespaces, won't
>>>> it?
>>>>
>>>> Peter
>>>>
>>>> On Mon, May 15, 2017 at 4:37 PM, Kostya Serebryany via llvm-commits <
>>>> llvm-commits at lists.llvm.org> wrote:
>>>>
>>>>> Author: kcc
>>>>> Date: Mon May 15 18:37:54 2017
>>>>> New Revision: 303132
>>>>>
>>>>> URL: http://llvm.org/viewvc/llvm-project?rev=303132&view=rev
>>>>> Log:
>>>>> [asan] make asan under sandboxes more robust
>>>>>
>>>>> Added:
>>>>>     compiler-rt/trunk/test/asan/TestCases/Linux/sanbox_read_proc
>>>>> _self_maps_test.cc
>>>>> Modified:
>>>>>     compiler-rt/trunk/lib/sanitizer_common/sanitizer_procmaps_linux.cc
>>>>>
>>>>> Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_procmaps_li
>>>>> nux.cc
>>>>> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sa
>>>>> nitizer_common/sanitizer_procmaps_linux.cc?rev=303132&r1=303
>>>>> 131&r2=303132&view=diff
>>>>> ============================================================
>>>>> ==================
>>>>> --- compiler-rt/trunk/lib/sanitizer_common/sanitizer_procmaps_linux.cc
>>>>> (original)
>>>>> +++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_procmaps_linux.cc
>>>>> Mon May 15 18:37:54 2017
>>>>> @@ -18,8 +18,8 @@
>>>>>  namespace __sanitizer {
>>>>>
>>>>>  void ReadProcMaps(ProcSelfMapsBuff *proc_maps) {
>>>>> -  CHECK(ReadFileToBuffer("/proc/self/maps", &proc_maps->data,
>>>>> -                         &proc_maps->mmaped_size, &proc_maps->len));
>>>>> +  ReadFileToBuffer("/proc/self/maps", &proc_maps->data,
>>>>> &proc_maps->mmaped_size,
>>>>> +                   &proc_maps->len);
>>>>>  }
>>>>>
>>>>>  static bool IsOneOf(char c, char c1, char c2) {
>>>>>
>>>>> Added: compiler-rt/trunk/test/asan/TestCases/Linux/sanbox_read_proc
>>>>> _self_maps_test.cc
>>>>> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/a
>>>>> san/TestCases/Linux/sanbox_read_proc_self_maps_test.cc?rev=3
>>>>> 03132&view=auto
>>>>> ============================================================
>>>>> ==================
>>>>> --- compiler-rt/trunk/test/asan/TestCases/Linux/sanbox_read_proc_self_maps_test.cc
>>>>> (added)
>>>>> +++ compiler-rt/trunk/test/asan/TestCases/Linux/sanbox_read_proc_self_maps_test.cc
>>>>> Mon May 15 18:37:54 2017
>>>>> @@ -0,0 +1,30 @@
>>>>> +// REQUIRES: x86_64-target-arch
>>>>> +// RUN: %clangxx_asan  %s -o %t
>>>>> +// RUN: not %run %t 2>&1 | FileCheck %s
>>>>> +#include <sanitizer/common_interface_defs.h>
>>>>> +#include <sched.h>
>>>>> +#include <unistd.h>
>>>>> +#include <stdio.h>
>>>>> +#include <stdlib.h>
>>>>> +
>>>>> +int main() {
>>>>> +  __sanitizer_sandbox_arguments args = {0};
>>>>> +  // should cache /proc/self/maps
>>>>> +  __sanitizer_sandbox_on_notify(&args);
>>>>> +
>>>>> +  if (unshare(CLONE_NEWUSER)) {
>>>>> +    printf("unshare failed\n");
>>>>> +    abort();
>>>>> +  }
>>>>> +
>>>>> +  // remove access to /proc/self/maps
>>>>> +  if (chroot("/tmp")) {
>>>>> +    printf("chroot failed\n");
>>>>> +    abort();
>>>>> +  }
>>>>> +
>>>>> +  *(volatile int*)0x42 = 0;
>>>>> +// CHECK: AddressSanitizer: SEGV on unknown address 0x000000000042
>>>>> +// CHECK-NOT: AddressSanitizer CHECK failed
>>>>> +// CHECK: SUMMARY: AddressSanitizer: SEGV
>>>>> +}
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> llvm-commits mailing list
>>>>> llvm-commits at lists.llvm.org
>>>>> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> --
>>>> Peter
>>>>
>>>
>>>
>>
>>
>> --
>> --
>> Peter
>>
>
>


-- 
-- 
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20170515/f72b113f/attachment.html>

More information about the llvm-commits mailing list