[PATCH] D137666: [msan] Increase size of app/shadow/origin mappings on aarch64
Thurston Dang via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Nov 22 15:15:38 PST 2022
thurston added a comment.
In D137666#3920077 <https://reviews.llvm.org/D137666#3920077>, @eugenis wrote:
> If we are changing the mapping + the ABI, we should be 100% confident the new one covers all ASLR possibilities. Why not just run some binary a lot of times and collect the range of addresses, or even inspect the kernel source for possible executable locations? Also, make it a large binary.
tl;dr I've enlarged the regions as much as I can; it's not feasible to fully maximize the regions, but AFAICS they're large enough for typical configurations of ASLR.
The kernel source (https://elixir.bootlin.com/linux/v5.19/source/arch/arm64/Kconfig#L267) essentially does:
#define ARCH_MMAP_RND_BITS_MAX 33
for 48-bit VMA. That means each ASLR region is potentially 45-bits i.e., 2/16th of the 48-bit address space.
If we maximize the PIE regions, the address space used is:
- program (non-PIE): 1/16
- program (PIE): 2/16
- libraries (PIE): 2/16
- TOTAL: 5/16
We need to triple this, to account for the app, shadow and origin regions, which would make up 15/16th of the address space; this is theoretically doable. Unfortunately, if we use the constrained arithmetic (shadow = app XOR constant; origin = shadow + another constant) for performance, there is no set of constants that make a workable (non-overlapping) set of mappings (I brute-forced all possible constants). We would need to look into the dynamic mappings to make it work.
What the current patch does is:
- program (non-PIE): 1/16
- program (PIE): 1/16 i.e., half as large as it could theoretically be
- libraries (PIE): 2/16
In practice, though, systems do not usually maximize the bits of randomness, so this set of mappings works well enough.
Alternatively, there is a workable set of mappings that makes the program (PIE) mapping larger at the expense of the libraries (PIE) mapping.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D137666/new/
https://reviews.llvm.org/D137666
More information about the llvm-commits
mailing list