Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow disabling ASan instrumentation for globals #127483

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Allow disabling ASan instrumentation for globals #127483

wants to merge 2 commits into from
+47 −1

Conversation

BertalanD
Copy link

AddressSanitizer adds instrumentation to global variables unless the no_sanitize_address attribute is set on them.

This commit extends the existing #[no_sanitize(address)] attribute to set this; previously it only had the desired effect on functions.

(cc #39699)

@rustbot
Copy link
Collaborator

rustbot commented Jul 8, 2024

Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @cuviper (or someone else) some time within the next two weeks.

Please see the contribution instructions for more information. Namely, in order to ensure the minimum review times lag, PR authors and assigned reviewers should ensure that the review label (S-waiting-on-review and S-waiting-on-author) stays updated, invoking these commands when appropriate:

  • @rustbot author: the review is finished, PR author should check the comments and take action accordingly
  • @rustbot review: the author is ready for a review, this PR will be queued again in the reviewer's queue

@rustbot rustbot added PG-exploit-mitigations Project group: Exploit mitigations S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Jul 8, 2024
@rustbot
Copy link
Collaborator

rustbot commented Jul 8, 2024

Some changes occurred in tests/codegen/sanitizer

cc @rust-lang/project-exploit-mitigations, @rcvalle

@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rcvalle
Copy link
Member

rcvalle commented Jul 9, 2024

LGTM (@cuviper FYI). We'll want this for #123617. Thank you for your time and for working on this, @BertalanD! Much appreciated.

@rcvalle
Copy link
Member

rcvalle commented Jul 9, 2024

@BertalanD do you know if there is anything else possibly missing instrumentation before #123617?

@BertalanD
Copy link
Author

BertalanD commented Jul 9, 2024
edited
Loading

Thank you for reviewing; I pushed up the suggested style change.

I haven't looked into missing instrumentation, so I can't help with that. But what might be relevant for stabilization is that this came up in the context of a Chromium issue where the added ASan annotation on #[small_ctor::ctor] items resulted in link-time crashes and run-time failures on Apple platforms.

@rcvalle
Copy link
Member

rcvalle commented Jul 9, 2024

Thank you for the information and for sending it out, @BertalanD! I'll take a look.

@BertalanD
Copy link
Author

BertalanD commented Jul 9, 2024
edited
Loading

@rcvalle

ctor and linkme are two other crates that will definitely be impacted by ASan annotation on global variables (alongside small_ctor).

The operation of all three basically boils down to creating a special section in the output file that's an array of pointers, by creating static variables annotated with #[link_section]. The ASan instrumentation pads these to 32 bytes, filling the rest with zeros. So the code that traverses the array will either stop processing them when encountering the zeros (this is what dyld does for me on macOS 15), or crash with a null deref in the worst case.

@cuviper cuviper mentioned this pull request Jul 12, 2024
Open
@bors
Copy link
Contributor

bors commented Jul 17, 2024

☔ The latest upstream changes (presumably #127831) made this pull request unmergeable. Please resolve the merge conflicts.

@BertalanD
Allow disabling ASan instrumentation for globals
7cc0aba 
AddressSanitizer adds instrumentation to global variables unless the
[`no_sanitize_address`](https://llvm.org/docs/LangRef.html#global-attributes)
attribute is set on them.

This commit extends the existing `#[no_sanitize(address)]` attribute to
set this; previously it only had the desired effect on functions.
@rust-log-analyzer
Copy link
Collaborator

The job x86_64-gnu-llvm-17 failed! Check out the build log: (web) (plain)

Click to see the possible cause of the failure (guessed by this bot) 
------
 > importing cache manifest from ghcr.io/rust-lang/rust-ci-cache:fb97a1d6377f6cf2227825318ca4bbde3889e0c420746f5a03ba46a07e9a862725c26a09b9fc49a0d129ebd75935d3f6cd19acf41cc4267a6846fd4aa574b12c:
------
##[endgroup]
Setting extra environment values for docker:  --env ENABLE_GCC_CODEGEN=1 --env GCC_EXEC_PREFIX=/usr/lib/gcc/
[CI_JOB_NAME=x86_64-gnu-llvm-17]
---
sccache: Starting the server...
##[group]Configure the build
configure: processing command line
configure: 
configure: build.configure-args := ['--build=x86_64-unknown-linux-gnu', '--llvm-root=/usr/lib/llvm-17', '--enable-llvm-link-shared', '--set', 'rust.randomize-layout=true', '--set', 'rust.thin-lto-import-instr-limit=10', '--set', 'change-id=99999999', '--enable-verbose-configure', '--enable-sccache', '--disable-manage-submodules', '--enable-locked-deps', '--enable-cargo-native-static', '--set', 'rust.codegen-units-std=1', '--set', 'dist.compression-profile=balanced', '--dist-compression-formats=xz', '--set', 'rust.lld=false', '--disable-dist-src', '--release-channel=nightly', '--enable-debug-assertions', '--enable-overflow-checks', '--enable-llvm-assertions', '--set', 'rust.verify-llvm-ir', '--set', 'rust.codegen-backends=llvm,cranelift,gcc', '--set', 'llvm.static-libstdcpp', '--enable-new-symbol-mangling']
configure: target.x86_64-unknown-linux-gnu.llvm-config := /usr/lib/llvm-17/bin/llvm-config
configure: llvm.link-shared     := True
configure: rust.randomize-layout := True
configure: rust.thin-lto-import-instr-limit := 10
---
---- [ui] tests/ui/attributes/no-sanitize.rs stdout ----

error: ui test compiled successfully!
status: exit status: 0
command: env -u RUSTC_LOG_COLOR RUSTC_ICE="0" RUST_BACKTRACE="short" "/checkout/obj/build/x86_64-unknown-linux-gnu/stage2/bin/rustc" "/checkout/tests/ui/attributes/no-sanitize.rs" "-Zthreads=1" "-Zsimulate-remapped-rust-src-base=/rustc/FAKE_PREFIX" "-Ztranslate-remapped-path-to-local-path=no" "-Z" "ignore-directory-in-diagnostics-source-blocks=/cargo" "-Z" "ignore-directory-in-diagnostics-source-blocks=/checkout/vendor" "--sysroot" "/checkout/obj/build/x86_64-unknown-linux-gnu/stage2" "--target=x86_64-unknown-linux-gnu" "--check-cfg" "cfg(FALSE)" "--error-format" "json" "--json" "future-incompat" "-Ccodegen-units=1" "-Zui-testing" "-Zdeduplicate-diagnostics=no" "-Zwrite-long-types-to-disk=no" "-Cstrip=debuginfo" "--emit" "metadata" "-C" "prefer-dynamic" "--out-dir" "/checkout/obj/build/x86_64-unknown-linux-gnu/test/ui/attributes/no-sanitize" "-A" "unused" "-A" "internal_features" "-Crpath" "-Cdebuginfo=0" "-Lnative=/checkout/obj/build/x86_64-unknown-linux-gnu/native/rust-test-helpers" "-L" "/checkout/obj/build/x86_64-unknown-linux-gnu/test/ui/attributes/no-sanitize/auxiliary"
stderr: none

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tgross35 tgross35 tgross35 left review comments

Assignees

@cuviper cuviper

Labels
PG-exploit-mitigations Project group: Exploit mitigations S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@BertalanD @rustbot @rust-log-analyzer @rcvalle @bors @tgross35 @cuviper