msan fails on FreeBSD with ASLR enabled

emaste commented 2 years ago

Disabling ASLR should not be a requirement for using msan on FreeBSD.

Right now it fails with

This sanitizer is not compatible with enabled ASLR and binaries compiled with PIE

The check was added in e2ed800d622567b35968a27f8784705fb48190f5.

If I downgrade the error to a warning locally I see:

$ ./a.out
This sanitizer is not compatible with enabled ASLR and binaries compiled with PIE
Running anyway
FATAL: Code 0x3dd1ab38d9b0 is out of application range. Non-PIE build?
FATAL: MemorySanitizer can not mmap the shadow memory.
FATAL: Make sure to compile with -fPIE and to link with -pie.
FATAL: Disabling ASLR is known to cause this error.
FATAL: If running under GDB, try 'set disable-randomization off'.
==81625==Process memory map follows:
        0x3dd1ab35b000-0x3dd1ab38c000   /usr/home/emaste/src/samples/llvm/msan/a.out
        0x3dd1ab38c000-0x3dd1ab3eb000   /usr/home/emaste/src/samples/llvm/msan/a.out
        0x3dd1ab3eb000-0x3dd1ab3ec000   /usr/home/emaste/src/samples/llvm/msan/a.out
        0x3dd1ab3ec000-0x3dd1ab3ef000   /usr/home/emaste/src/samples/llvm/msan/a.out
...

The "Code" address 0x3dd1ab38d9b0 is within the second address range 0x3dd1ab38c000-0x3dd1ab3eb000 for a.out.

emaste commented 2 years ago

Perhaps relevant comment about ASLR on Linux and PIE binaries: https://github.com/llvm/llvm-project/issues/21032#issuecomment-980935219

emaste commented 2 years ago

I see CheckASLR calls in:

compiler-rt/lib/dfsan/dfsan.cpp
compiler-rt/lib/msan/msan.cpp
compiler-rt/lib/memprof/memprof_rtl.cpp
compiler-rt/lib/tsan/rtl/tsan_rtl.cpp
compiler-rt/lib/tsan/rtl-old/tsan_rtl.cpp
compiler-rt/lib/asan/asan_rtl.cpp

so this is not limited to msan; I haven't yet investigated how other sanitizers behave with ASLR on (and the check disabled).

In general it can be preferable to debug or run diagnostics with ASLR disabled (so that results are reproducible), although it should also be possible to override if desired. lldb for example has settings set target.disable-aslr false to run with ASLR enabled.

There are a couple of issues with CheckASLR for FreeBSD:

it checks the kern.elf64.aslr.pie_enable sysctl (and kern.elf32.aslr.pie_enable) but these indicate the default ASLR on/off state for PIE binaries only; the default for "regular" ET_EXEC binaries is set by kern.elf64.aslr.enable and kern.elf32.aslr.enable.
the sysctls indicate default settings, but ASLR can be enabled/disabled on a per-process basis
we could improve user-friendliness by taking the same approach as Linux PPC, and re-execing the target with ASLR disabled, if necessary.

emaste commented 2 years ago

Review for first two bullets above: https://reviews.llvm.org/D117521

emaste commented 2 years ago

I have committed a change implementing bullet 3 above, in https://github.com/emaste/freebsd/commit/96fe7c8ab0f65cf829619abd74ae6c126b21e15f and https://github.com/emaste/freebsd/commit/930a7c2ac67e1e8e511aa1d0a31a16c632060ebb. This will need more work for upstream as I believe we still support (in LLVM) FreeBSD versions without elf_aux_info / AT_EXEC_PATH. (See llvm/lib/Support/Unix/Path.inc std::string getMainExecutable())

emaste commented 11 months ago

elf_aux_info / AT_EXEC_PATH is (now) available in all supported FreeBSD releases

DimitryAndric commented 10 months ago

llvm / llvm-project

msan fails on FreeBSD with ASLR enabled #53256