Skip to content

[asan] Re-exec without ASLR if needed on 32-bit Linux #131975

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
thurstond merged 3 commits into from
Mar 20, 2025
Merged

[asan] Re-exec without ASLR if needed on 32-bit Linux #131975

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8b2e5e9
[asan] Re-exec without ASLR if needed on 32-bit Linux
thurstond Mar 19, 2025
4e278fc
Florian's feedback
thurstond Mar 19, 2025
f1eea40
The anti-Lisp conspiracy
thurstond Mar 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions compiler-rt/lib/asan/asan_linux.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,8 +114,12 @@ void ReExecWithoutASLR() {
// this function as a last resort (when the memory mapping is incompatible
// and ASan would fail anyway).
int old_personality = personality(0xffffffff);
Copy link
Contributor

@fmayer fmayer Mar 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would have

if (old_personality == -1) {
  [log error]
  return;
}

Copy link
Contributor Author

@thurstond thurstond Mar 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

bool aslr_on =
(old_personality != -1) && ((old_personality & ADDR_NO_RANDOMIZE) == 0);
if (old_personality == -1) {
VReport(1, "WARNING: unable to run personality check.\n");
return;
}

bool aslr_on = ((old_personality & ADDR_NO_RANDOMIZE) == 0);

if (aslr_on) {
// Disable ASLR if the memory layout was incompatible.
Expand Down
2 changes: 0 additions & 2 deletions compiler-rt/lib/asan/asan_shadow_setup.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,14 +109,12 @@ void InitializeShadowMemory() {
ProtectGap(kShadowGap2Beg, kShadowGap2End - kShadowGap2Beg + 1);
ProtectGap(kShadowGap3Beg, kShadowGap3End - kShadowGap3Beg + 1);
} else {
# if SANITIZER_LINUX
// The shadow mappings can shadow the entire user address space. However,
// on 32-bit systems, the maximum ASLR entropy (currently up to 16-bits
// == 256MB) is a significant chunk of the address space; reclaiming it by
// disabling ASLR might allow chonky binaries to run.
if (sizeof(uptr) == 32)
Copy link
Contributor

@Alcaro Alcaro Mar 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this correct? From what I can see, uptr is an alias of uintptr_t, meaning sizeof is 4 on 32bit systems and this branch is never taken on any platform.

(Yes, I'm late.)

Copy link
Contributor

@Alcaro Alcaro Mar 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

...oh, #132682 deleted that check. This question no longer matters.

Copy link
Contributor Author

@thurstond thurstond Apr 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From what I can see, uptr is an alias of uintptr_t, meaning sizeof is 4 on 32bit systems and this branch is never taken on any platform.

You're right, that was a bug. Nice catch :-)

TryReExecWithoutASLR();
# endif

Report(
"Shadow memory range interleaves with an existing memory mapping. "
Expand Down
1 change: 0 additions & 1 deletion compiler-rt/lib/asan/asan_win.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,6 @@ uptr __asan_get_shadow_memory_dynamic_address() {
__asan_init();
return __asan_shadow_memory_dynamic_address;
}

} // extern "C"

// ---------------------- Windows-specific interceptors ---------------- {{{
Expand Down