Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Attempt to circumvent ASLR issues with ThreadSanitizer #191

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

mosra
Copy link
Owner

@mosra mosra commented Nov 13, 2024

As of 2024-11-08, CircleCI uses a base system with kernel 6.5 instead of 5.15: https://discuss.circleci.com/t/docker-executor-infrastructure-upgrade/52282 That makes the TSan job to fail because it hits google/sanitizers#1716 .

  • Neither of the suggested solutions (sysctl vm.mmap_rnd_bits=28, echo 0 | tee /proc/sys/kernel/randomize_va_space) work because the filesystem is readonly on the Docker image.
  • Tried to use Clang 18 instead, however that only makes it fail later down the line, with ThreadSanitizer: CHECK failed: tsan_platform_linux.cpp:282 "((personality(old_personality | ADDR_NO_RANDOMIZE))) != ((-1))" (0xffffffffffffffff, 0xffffffffffffffff). This problem however seems so rare that there's nothing to be found for it, except TSan/MSan builds failures ClickHouse/ClickHouse#64086 where I have no idea what could I do in order to fix this. There it's related to getauxval, so maybe in my case it's related to CPU dispatch? Ifunc isn't used with sanitizers, tho, and disabling CPU dispatch completely for sanitizer builds will just lead to a xz-level security nightmare.
  • The problem sometimes goes away and the TSan build passes, but that's only because a 5.15 runner was randomly chosen instead of 6.5. Such as in https://circleci.com/gh/mosra/corrade/14047.

Why is everything such a giant fucking recursive pain fractal all the
time?! FFS.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant