On 5/02/2022 3:20 am, Ed Maste wrote:
The branch main has been updated by emaste:
URL:
https://cgit.FreeBSD.org/src/commit/?id=930a7c2ac67e1e8e511aa1d0a31a16c632060ebb
commit 930a7c2ac67e1e8e511aa1d0a31a16c632060ebb
Author: Ed Maste <[email protected]>
AuthorDate: 2022-01-16 19:22:05 +0000
Commit: Ed Maste <[email protected]>
CommitDate: 2022-02-04 16:20:00 +0000
compiler-rt: re-exec with ASLR disabled when necessary
Some sanitizers (at least msan) currently require ASLR to be disabled.
When we detect that ASLR is enabled, re-exec with it disabled rather
than exiting with an error. See LLVM GitHub issue 53256 for more
detail: https://github.com/llvm/llvm-project/issues/53256
No objection: dim
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33934
---
.../compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git
a/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp
b/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp
index 09b3f31831df..daa07c15490e 100644
--- a/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp
+++ b/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp
@@ -2197,8 +2197,11 @@ void CheckASLR() {
}
if ((aslr_status & PROC_ASLR_ACTIVE) != 0) {
Printf("This sanitizer is not compatible with enabled ASLR "
- "and binaries compiled with PIE\n");
- Die();
+ "and binaries compiled with PIE\n"
+ "ASLR will be disabled and the program re-executed.\n");
+ int aslr_ctl = PROC_ASLR_FORCE_DISABLE;
+ CHECK_NE(procctl(P_PID, 0, PROC_ASLR_CTL, &aslr_ctl), -1);
+ ReExec();
}
#else
// Do nothing
Could we sysctl tunable this, defaulting to previous behaviour?
Feels useful, particularly with respect to compatibility with *San
behaviour elsewhere and cases where a re-exec may not be desirable
./koobs
