mirror of
https://github.com/archlinuxarm/PKGBUILDs.git
synced 2024-11-18 22:54:00 +00:00
195 lines
7.4 KiB
Diff
195 lines
7.4 KiB
Diff
From 80dc25a213216b31f981b80f74c94a757eb3b8c1 Mon Sep 17 00:00:00 2001
|
|
From: Peter Wu <peter@lekensteyn.nl>
|
|
Date: Sun, 10 Jun 2018 11:17:47 +0000
|
|
Subject: [PATCH 1/2] [ASAN] Fix crash on i?86-linux (32-bit) against glibc
|
|
2.27 and later
|
|
|
|
Summary:
|
|
Running sanitized 32-bit x86 programs on glibc 2.27 crashes at startup, with:
|
|
|
|
ERROR: AddressSanitizer: SEGV on unknown address 0xf7a8a250 (pc 0xf7f807f4 bp 0xff969fc8 sp 0xff969f7c T16777215)
|
|
The signal is caused by a WRITE memory access.
|
|
#0 0xf7f807f3 in _dl_get_tls_static_info (/lib/ld-linux.so.2+0x127f3)
|
|
#1 0xf7a92599 (/lib/libasan.so.5+0x112599)
|
|
#2 0xf7a80737 (/lib/libasan.so.5+0x100737)
|
|
#3 0xf7f7e14f in _dl_init (/lib/ld-linux.so.2+0x1014f)
|
|
#4 0xf7f6eb49 (/lib/ld-linux.so.2+0xb49)
|
|
|
|
The problem is that glibc changed the calling convention for the GLIBC_PRIVATE
|
|
symbol that sanitizer uses (even when it should not, GLIBC_PRIVATE is exactly
|
|
for symbols that can change at any time, be removed etc.), see
|
|
https://sourceware.org/ml/libc-alpha/2017-08/msg00497.html
|
|
|
|
Fixes https://github.com/google/sanitizers/issues/954
|
|
|
|
Patch By: Jakub Jelinek
|
|
|
|
Reviewed By: vitalybuka, Lekensteyn
|
|
|
|
Differential Revison: https://reviews.llvm.org/D44623
|
|
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334363 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
---
|
|
.../sanitizer_linux_libcdep.cc | 45 ++++++++++++++++---
|
|
1 file changed, 38 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/lib/sanitizer_common/sanitizer_linux_libcdep.cc b/lib/sanitizer_common/sanitizer_linux_libcdep.cc
|
|
index 56fdfc870..5d543622f 100644
|
|
--- a/lib/sanitizer_common/sanitizer_linux_libcdep.cc
|
|
+++ b/lib/sanitizer_common/sanitizer_linux_libcdep.cc
|
|
@@ -178,24 +178,55 @@ bool SanitizerGetThreadName(char *name, int max_len) {
|
|
static uptr g_tls_size;
|
|
|
|
#ifdef __i386__
|
|
+# ifndef __GLIBC_PREREQ
|
|
+# define CHECK_GET_TLS_STATIC_INFO_VERSION 1
|
|
+# else
|
|
+# define CHECK_GET_TLS_STATIC_INFO_VERSION (!__GLIBC_PREREQ(2, 27))
|
|
+# endif
|
|
+#else
|
|
+# define CHECK_GET_TLS_STATIC_INFO_VERSION 0
|
|
+#endif
|
|
+
|
|
+#if CHECK_GET_TLS_STATIC_INFO_VERSION
|
|
# define DL_INTERNAL_FUNCTION __attribute__((regparm(3), stdcall))
|
|
#else
|
|
# define DL_INTERNAL_FUNCTION
|
|
#endif
|
|
|
|
+namespace {
|
|
+struct GetTlsStaticInfoCall {
|
|
+ typedef void (*get_tls_func)(size_t*, size_t*);
|
|
+};
|
|
+struct GetTlsStaticInfoRegparmCall {
|
|
+ typedef void (*get_tls_func)(size_t*, size_t*) DL_INTERNAL_FUNCTION;
|
|
+};
|
|
+
|
|
+template <typename T>
|
|
+void CallGetTls(void* ptr, size_t* size, size_t* align) {
|
|
+ typename T::get_tls_func get_tls;
|
|
+ CHECK_EQ(sizeof(get_tls), sizeof(ptr));
|
|
+ internal_memcpy(&get_tls, &ptr, sizeof(ptr));
|
|
+ CHECK_NE(get_tls, 0);
|
|
+ get_tls(size, align);
|
|
+}
|
|
+} // namespace
|
|
+
|
|
void InitTlsSize() {
|
|
// all current supported platforms have 16 bytes stack alignment
|
|
const size_t kStackAlign = 16;
|
|
- typedef void (*get_tls_func)(size_t*, size_t*) DL_INTERNAL_FUNCTION;
|
|
- get_tls_func get_tls;
|
|
void *get_tls_static_info_ptr = dlsym(RTLD_NEXT, "_dl_get_tls_static_info");
|
|
- CHECK_EQ(sizeof(get_tls), sizeof(get_tls_static_info_ptr));
|
|
- internal_memcpy(&get_tls, &get_tls_static_info_ptr,
|
|
- sizeof(get_tls_static_info_ptr));
|
|
- CHECK_NE(get_tls, 0);
|
|
size_t tls_size = 0;
|
|
size_t tls_align = 0;
|
|
- get_tls(&tls_size, &tls_align);
|
|
+ // On i?86, _dl_get_tls_static_info used to be internal_function, i.e.
|
|
+ // __attribute__((regparm(3), stdcall)) before glibc 2.27 and is normal
|
|
+ // function in 2.27 and later.
|
|
+ if (CHECK_GET_TLS_STATIC_INFO_VERSION &&
|
|
+ !dlvsym(RTLD_NEXT, "glob", "GLIBC_2.27"))
|
|
+ CallGetTls<GetTlsStaticInfoRegparmCall>(get_tls_static_info_ptr,
|
|
+ &tls_size, &tls_align);
|
|
+ else
|
|
+ CallGetTls<GetTlsStaticInfoCall>(get_tls_static_info_ptr,
|
|
+ &tls_size, &tls_align);
|
|
if (tls_align < kStackAlign)
|
|
tls_align = kStackAlign;
|
|
g_tls_size = RoundUpTo(tls_size, tls_align);
|
|
|
|
From 05ecff3cb7a0898de0d709a495f229ab611f3ca4 Mon Sep 17 00:00:00 2001
|
|
From: Peter Wu <peter@lekensteyn.nl>
|
|
Date: Thu, 14 Jun 2018 10:42:54 +0000
|
|
Subject: [PATCH 2/2] [ASAN] fix startup crash in dlsym for long paths since
|
|
glibc 2.27
|
|
|
|
Summary:
|
|
Error messages for dlsym used to be stored on the stack, but since
|
|
commit 2449ae7b ("ld.so: Introduce struct dl_exception") in glibc 2.27
|
|
these are now stored on the heap (and thus use the dlsym alloc pool).
|
|
|
|
Messages look like "undefined symbol: __isoc99_printf\0/path/to/a.out".
|
|
With many missing library functions and long object paths, the pool is
|
|
quickly exhausted. Implement a simple mechanism to return freed memory
|
|
to the pool (clear it in case it is used for calloc).
|
|
|
|
Fixes https://github.com/google/sanitizers/issues/957
|
|
|
|
Reviewed By: vitalybuka
|
|
|
|
Differential Revision: https://reviews.llvm.org/D47995
|
|
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334703 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
---
|
|
lib/asan/asan_malloc_linux.cc | 19 ++++++++++++++++++-
|
|
test/asan/TestCases/long-object-path.cc | 7 +++++++
|
|
2 files changed, 25 insertions(+), 1 deletion(-)
|
|
create mode 100644 test/asan/TestCases/long-object-path.cc
|
|
|
|
diff --git a/lib/asan/asan_malloc_linux.cc b/lib/asan/asan_malloc_linux.cc
|
|
index 6697ff876..af05af9d6 100644
|
|
--- a/lib/asan/asan_malloc_linux.cc
|
|
+++ b/lib/asan/asan_malloc_linux.cc
|
|
@@ -28,6 +28,7 @@
|
|
using namespace __asan; // NOLINT
|
|
|
|
static uptr allocated_for_dlsym;
|
|
+static uptr last_dlsym_alloc_size_in_words;
|
|
static const uptr kDlsymAllocPoolSize = 1024;
|
|
static uptr alloc_memory_for_dlsym[kDlsymAllocPoolSize];
|
|
|
|
@@ -39,11 +40,25 @@ static INLINE bool IsInDlsymAllocPool(const void *ptr) {
|
|
static void *AllocateFromLocalPool(uptr size_in_bytes) {
|
|
uptr size_in_words = RoundUpTo(size_in_bytes, kWordSize) / kWordSize;
|
|
void *mem = (void*)&alloc_memory_for_dlsym[allocated_for_dlsym];
|
|
+ last_dlsym_alloc_size_in_words = size_in_words;
|
|
allocated_for_dlsym += size_in_words;
|
|
CHECK_LT(allocated_for_dlsym, kDlsymAllocPoolSize);
|
|
return mem;
|
|
}
|
|
|
|
+static void DeallocateFromLocalPool(const void *ptr) {
|
|
+ // Hack: since glibc 2.27, dlsym longer use stack-allocated memory to store
|
|
+ // error messages and instead use malloc followed by free. To avoid pool
|
|
+ // exhaustion due to long object filenames, handle that special case here.
|
|
+ uptr prev_offset = allocated_for_dlsym - last_dlsym_alloc_size_in_words;
|
|
+ void *prev_mem = (void*)&alloc_memory_for_dlsym[prev_offset];
|
|
+ if (prev_mem == ptr) {
|
|
+ REAL(memset)(prev_mem, 0, last_dlsym_alloc_size_in_words * kWordSize);
|
|
+ allocated_for_dlsym = prev_offset;
|
|
+ last_dlsym_alloc_size_in_words = 0;
|
|
+ }
|
|
+}
|
|
+
|
|
static INLINE bool MaybeInDlsym() {
|
|
// Fuchsia doesn't use dlsym-based interceptors.
|
|
return !SANITIZER_FUCHSIA && asan_init_is_running;
|
|
@@ -66,8 +81,10 @@ static void *ReallocFromLocalPool(void *ptr, uptr size) {
|
|
|
|
INTERCEPTOR(void, free, void *ptr) {
|
|
GET_STACK_TRACE_FREE;
|
|
- if (UNLIKELY(IsInDlsymAllocPool(ptr)))
|
|
+ if (UNLIKELY(IsInDlsymAllocPool(ptr))) {
|
|
+ DeallocateFromLocalPool(ptr);
|
|
return;
|
|
+ }
|
|
asan_free(ptr, &stack, FROM_MALLOC);
|
|
}
|
|
|
|
diff --git a/test/asan/TestCases/long-object-path.cc b/test/asan/TestCases/long-object-path.cc
|
|
new file mode 100644
|
|
index 000000000..592b0abb0
|
|
--- /dev/null
|
|
+++ b/test/asan/TestCases/long-object-path.cc
|
|
@@ -0,0 +1,7 @@
|
|
+// RUN: mkdir -p %T/a-long-directory-name-to-test-allocations-for-exceptions-in-_dl_lookup_symbol_x-since-glibc-2.27
|
|
+// RUN: %clangxx_asan -g %s -o %T/long-object-path
|
|
+// RUN: %run %T/a-*/../a-*/../a-*/../a-*/../a-*/../a-*/../a-*/../a-*/../long-object-path
|
|
+
|
|
+int main(void) {
|
|
+ return 0;
|
|
+}
|