[compiler-rt] r303132 - [asan] make asan under sandboxes more robust
Hal Finkel via llvm-commits
llvm-commits at lists.llvm.org
Wed May 24 21:09:13 PDT 2017
On 05/15/2017 07:10 PM, Peter Collingbourne via llvm-commits wrote:
> I'm fine with waiting.
What's the symptom? This test is failing on some of my build systems:
$
/path/to/build/llvm-stage1/projects/compiler-rt/test/asan/X86_64LinuxConfig/TestCases/Linux/Output/sanbox_read_proc_self_maps_test.cc.tmp
unshare failed
Aborted
strace shows:
unshare(CLONE_NEWUSER) = -1 EINVAL (Invalid argument)
The system is RHEL7 (Kernel 3.10.0).
Can you please make the test more robust?
Thanks again,
Hal
>
> Peter
>
> On Mon, May 15, 2017 at 5:09 PM, Kostya Serebryany <kcc at google.com
> <mailto:kcc at google.com>> wrote:
>
> I see...
> Shall we wait for someone to complain about this test first (to
> know who is affected) or disable it right away?
>
> --kcc
>
> On Mon, May 15, 2017 at 5:06 PM, Peter Collingbourne
> <peter at pcc.me.uk <mailto:peter at pcc.me.uk>> wrote:
>
> I think it's not just a matter of a new enough kernel but the
> fact that some Linux distributions disable user namespaces for
> security reasons, e.g. Arch Linux:
> https://bugs.archlinux.org/task/36969
> <https://bugs.archlinux.org/task/36969>
>
> Peter
>
> On Mon, May 15, 2017 at 5:03 PM, Kostya Serebryany
> <kcc at google.com <mailto:kcc at google.com>> wrote:
>
> Yea, probably.
> Will this include fresh enough kernels that we care about?
>
> On Mon, May 15, 2017 at 4:54 PM, Peter Collingbourne
> <peter at pcc.me.uk <mailto:peter at pcc.me.uk>> wrote:
>
> The test will fail if the kernel does not allow user
> namespaces, won't it?
>
> Peter
>
> On Mon, May 15, 2017 at 4:37 PM, Kostya Serebryany via
> llvm-commits <llvm-commits at lists.llvm.org
> <mailto:llvm-commits at lists.llvm.org>> wrote:
>
> Author: kcc
> Date: Mon May 15 18:37:54 2017
> New Revision: 303132
>
> URL:
> http://llvm.org/viewvc/llvm-project?rev=303132&view=rev
> <http://llvm.org/viewvc/llvm-project?rev=303132&view=rev>
> Log:
> [asan] make asan under sandboxes more robust
>
> Added:
> compiler-rt/trunk/test/asan/TestCases/Linux/sanbox_read_proc_self_maps_test.cc
> Modified:
> compiler-rt/trunk/lib/sanitizer_common/sanitizer_procmaps_linux.cc
>
> Modified:
> compiler-rt/trunk/lib/sanitizer_common/sanitizer_procmaps_linux.cc
> URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_procmaps_linux.cc?rev=303132&r1=303131&r2=303132&view=diff
> <http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_procmaps_linux.cc?rev=303132&r1=303131&r2=303132&view=diff>
> ==============================================================================
> ---
> compiler-rt/trunk/lib/sanitizer_common/sanitizer_procmaps_linux.cc
> (original)
> +++
> compiler-rt/trunk/lib/sanitizer_common/sanitizer_procmaps_linux.cc
> Mon May 15 18:37:54 2017
> @@ -18,8 +18,8 @@
> namespace __sanitizer {
>
> void ReadProcMaps(ProcSelfMapsBuff *proc_maps) {
> - CHECK(ReadFileToBuffer("/proc/self/maps",
> &proc_maps->data,
> - &proc_maps->mmaped_size, &proc_maps->len));
> + ReadFileToBuffer("/proc/self/maps",
> &proc_maps->data, &proc_maps->mmaped_size,
> + &proc_maps->len);
> }
>
> static bool IsOneOf(char c, char c1, char c2) {
>
> Added:
> compiler-rt/trunk/test/asan/TestCases/Linux/sanbox_read_proc_self_maps_test.cc
> URL:
> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/sanbox_read_proc_self_maps_test.cc?rev=303132&view=auto
> <http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/sanbox_read_proc_self_maps_test.cc?rev=303132&view=auto>
> ==============================================================================
> ---
> compiler-rt/trunk/test/asan/TestCases/Linux/sanbox_read_proc_self_maps_test.cc
> (added)
> +++
> compiler-rt/trunk/test/asan/TestCases/Linux/sanbox_read_proc_self_maps_test.cc
> Mon May 15 18:37:54 2017
> @@ -0,0 +1,30 @@
> +// REQUIRES: x86_64-target-arch
> +// RUN: %clangxx_asan %s -o %t
> +// RUN: not %run %t 2>&1 | FileCheck %s
> +#include <sanitizer/common_interface_defs.h>
> +#include <sched.h>
> +#include <unistd.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +
> +int main() {
> + __sanitizer_sandbox_arguments args = {0};
> + // should cache /proc/self/maps
> + __sanitizer_sandbox_on_notify(&args);
> +
> + if (unshare(CLONE_NEWUSER)) {
> + printf("unshare failed\n");
> + abort();
> + }
> +
> + // remove access to /proc/self/maps
> + if (chroot("/tmp")) {
> + printf("chroot failed\n");
> + abort();
> + }
> +
> + *(volatile int*)0x42 = 0;
> +// CHECK: AddressSanitizer: SEGV on unknown
> address 0x000000000042
> +// CHECK-NOT: AddressSanitizer CHECK failed
> +// CHECK: SUMMARY: AddressSanitizer: SEGV
> +}
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> <mailto:llvm-commits at lists.llvm.org>
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
> <http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits>
>
>
>
>
> --
> --
> Peter
>
>
>
>
>
> --
> --
> Peter
>
>
>
>
>
> --
> --
> Peter
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
--
Hal Finkel
Lead, Compiler Technology and Programming Languages
Leadership Computing Facility
Argonne National Laboratory
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20170524/b492cc01/attachment.html>
More information about the llvm-commits
mailing list