Re: git: 930a7c2ac67e - main - compiler-rt: re-exec with ASLR disabled when necessary

Reply: Ed Maste : "Re: git: 930a7c2ac67e - main - compiler-rt: re-exec with ASLR disabled when necessary"
In reply to: Ed Maste : "git: 930a7c2ac67e - main - compiler-rt: re-exec with ASLR disabled when necessary"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Kubilay Kocak <koobs_at_FreeBSD.org>
Date: Tue, 08 Feb 2022 22:30:24 UTC

On 5/02/2022 3:20 am, Ed Maste wrote:
> The branch main has been updated by emaste:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=930a7c2ac67e1e8e511aa1d0a31a16c632060ebb
> 
> commit 930a7c2ac67e1e8e511aa1d0a31a16c632060ebb
> Author:     Ed Maste <emaste@FreeBSD.org>
> AuthorDate: 2022-01-16 19:22:05 +0000
> Commit:     Ed Maste <emaste@FreeBSD.org>
> CommitDate: 2022-02-04 16:20:00 +0000
> 
>      compiler-rt: re-exec with ASLR disabled when necessary
>      
>      Some sanitizers (at least msan) currently require ASLR to be disabled.
>      When we detect that ASLR is enabled, re-exec with it disabled rather
>      than exiting with an error.  See LLVM GitHub issue 53256 for more
>      detail: https://github.com/llvm/llvm-project/issues/53256
>      
>      No objection:   dim
>      MFC after:      2 weeks
>      Sponsored by:   The FreeBSD Foundation
>      Differential Revision:  https://reviews.freebsd.org/D33934
> ---
>   .../compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp           | 7 +++++--
>   1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp b/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp
> index 09b3f31831df..daa07c15490e 100644
> --- a/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp
> +++ b/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp
> @@ -2197,8 +2197,11 @@ void CheckASLR() {
>     }
>     if ((aslr_status & PROC_ASLR_ACTIVE) != 0) {
>       Printf("This sanitizer is not compatible with enabled ASLR "
> -           "and binaries compiled with PIE\n");
> -    Die();
> +           "and binaries compiled with PIE\n"
> +           "ASLR will be disabled and the program re-executed.\n");
> +    int aslr_ctl = PROC_ASLR_FORCE_DISABLE;
> +    CHECK_NE(procctl(P_PID, 0, PROC_ASLR_CTL, &aslr_ctl), -1);
> +    ReExec();
>     }
>   #else
>     // Do nothing
> 

Could we sysctl tunable this, defaulting to previous behaviour?

Feels useful, particularly with respect to compatibility with *San 
behaviour elsewhere and cases where a re-exec may not be desirable

./koobs