gcc: Backport sanitizer fix for 32-bit ALSR

When using the gcc-sanitizers as part of the SDK on a Linux with a newer kernel, the ASAN fails randomly. This was seen on Ubuntu 22.04. This is also described at https://stackoverflow.com/questions/77894856/possible-bug-in-gcc-sanitizers Backport the fix from LLVM project, as gcc has not yet backported anything for the 11 series. (From OE-Core rev: 7af8e24d6c60a01e398b10a57939947fb156feec) Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Claus Stovgaard <claus.stovgaard@gmail.com> 2024-03-19 12:33:17 +0100
committer: Steve Sakoman <steve@sakoman.com> 2024-04-05 07:23:59 -0700
commit: de3d966d73baee0909ed085218b1a98129cc418e (patch)
tree: 27247233ed130d01cd6f54b747668cc2961d2a45
parent: 3eb39d2618540b87a6d8990e55ec1d26594a6f20 (diff)
download: poky-de3d966d73baee0909ed085218b1a98129cc418e.tar.gz
2 files changed, 64 insertions, 0 deletions
diff --git a/meta/recipes-devtools/gcc/gcc-11.4.inc b/meta/recipes-devtools/gcc/gcc-11.4.inc
index 88310e6b79..fd6a3e92e3 100644
--- a/meta/recipes-devtools/gcc/gcc-11.4.inc
+++ b/meta/recipes-devtools/gcc/gcc-11.4.inc
@@ -59,6 +59,7 @@ SRC_URI = "\
           file://0028-debug-101473-apply-debug-prefix-maps-before-checksum.patch \
           file://0029-Fix-install-path-of-linux64.h.patch \
           file://0030-rust-recursion-limit.patch \
+           file://0031-gcc-sanitizers-fix.patch \
           file://0001-CVE-2021-42574.patch \
           file://0002-CVE-2021-42574.patch \
           file://0003-CVE-2021-42574.patch \
diff --git a/meta/recipes-devtools/gcc/gcc/0031-gcc-sanitizers-fix.patch b/meta/recipes-devtools/gcc/gcc/0031-gcc-sanitizers-fix.patch
new file mode 100644
index 0000000000..d63618132a
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/0031-gcc-sanitizers-fix.patch
@@ -0,0 +1,63 @@
+From fb77ca05ffb4f8e666878f2f6718a9fb4d686839 Mon Sep 17 00:00:00 2001
+From: Thurston Dang <thurston@google.com>
+Date: Thu, 13 Apr 2023 23:55:01 +0000
+Subject: [PATCH] Re-land 'ASan: move allocator base to avoid conflict with
+ high-entropy ASLR for x86-64 Linux'
+D147984 was reverted because it broke lit tests on Mac. This revision is based on D147984
+but maintains the old behavior for Apple.
+Note that, per the follow-up discussion with MaskRay in D147984, this patch excludes Apple
+but includes other platforms (e.g., aarch64, MIPS64) and OSes (e.g., FreeBSD, S390X), not just
+x86-64 Linux.
+Original commit message from D147984:
+Users have discovered [*] that when CONFIG_ARCH_MMAP_RND_BITS == 32,
+it will frequently conflict with ASan's allocator on x86-64 Linux, because the
+PIE program segment base address of 0x555555555554 plus an ASLR shift of up to
+((2**32) * 4K == 0x100000000000) will sometimes exceed ASan's hardcoded
+base address of 0x600000000000. We fix this by simply moving the allocator base
+to 0x500000000000, which is below the PIE program segment base address. This is
+cleaner than trying to move it to another location that is sandwiched between
+the PIE program and library segments, because if either of those grow too large,
+it will collide with the allocator region.
+Note that we will never need to change this base address again (unless we want to increase
+the size of the allocator), because ASLR cannot be set above 32-bits for x86-64 Linux (the
+PIE program segment and library segments would collide with each other; see also
+ARCH_MMAP_RND_BITS_MAX in https://github.com/torvalds/linux/blob/master/arch/x86/Kconfig).
+[*] see https://b.corp.google.com/issues/276925478
+and https://groups.google.com/a/google.com/g/chrome-os-gardeners/c/BbfzCP3dEeo/m/h3C_vVUxCQAJ
+Differential Revision: https://reviews.llvm.org/D148280
+Upstream-Status: Backport from llvm-project: https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
+Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com>
+---
+ libsanitizer/asan/asan_allocator.h | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+diff --git a/libsanitizer/asan/asan_allocator.h b/libsanitizer/asan/asan_allocator.h
+index 0b4dbf03bb9d53..6a12a6c6025283 100644
+--- a/libsanitizer/asan/asan_allocator.h
+++ b/libsanitizer/asan/asan_allocator.h
+@@ -143,11 +143,15 @@ typedef DefaultSizeClassMap SizeClassMap;
+ const uptr kAllocatorSpace = ~(uptr)0;
+ const uptr kAllocatorSize  =  0x8000000000ULL;  // 500G
+ typedef DefaultSizeClassMap SizeClassMap;
+-# else
+#  elif SANITIZER_APPLE
+ const uptr kAllocatorSpace = 0x600000000000ULL;
+ const uptr kAllocatorSize  =  0x40000000000ULL;  // 4T.
+ typedef DefaultSizeClassMap SizeClassMap;
+-# endif
+#  else
+const uptr kAllocatorSpace = 0x500000000000ULL;
+const uptr kAllocatorSize = 0x40000000000ULL;  // 4T.
+typedef DefaultSizeClassMap SizeClassMap;
+#  endif
+ template <typename AddressSpaceViewTy>
+ struct AP64 {  // Allocator64 parameters. Deliberately using a short name.
+   static const uptr kSpaceBeg = kAllocatorSpace;
author	Claus Stovgaard <claus.stovgaard@gmail.com>	2024-03-19 12:33:17 +0100
committer	Steve Sakoman <steve@sakoman.com>	2024-04-05 07:23:59 -0700
commit	de3d966d73baee0909ed085218b1a98129cc418e (patch)
tree	27247233ed130d01cd6f54b747668cc2961d2a45
parent	3eb39d2618540b87a6d8990e55ec1d26594a6f20 (diff)
download	poky-de3d966d73baee0909ed085218b1a98129cc418e.tar.gz

diff --git a/meta/recipes-devtools/gcc/gcc-11.4.inc b/meta/recipes-devtools/gcc/gcc-11.4.inc index 88310e6b79..fd6a3e92e3 100644 --- a/meta/recipes-devtools/gcc/gcc-11.4.inc +++ b/meta/recipes-devtools/gcc/gcc-11.4.inc
@@ -59,6 +59,7 @@ SRC_URI = "\
59	file://0028-debug-101473-apply-debug-prefix-maps-before-checksum.patch \	59	file://0028-debug-101473-apply-debug-prefix-maps-before-checksum.patch \
60	file://0029-Fix-install-path-of-linux64.h.patch \	60	file://0029-Fix-install-path-of-linux64.h.patch \
61	file://0030-rust-recursion-limit.patch \	61	file://0030-rust-recursion-limit.patch \
		62	file://0031-gcc-sanitizers-fix.patch \
62	file://0001-CVE-2021-42574.patch \	63	file://0001-CVE-2021-42574.patch \
63	file://0002-CVE-2021-42574.patch \	64	file://0002-CVE-2021-42574.patch \
64	file://0003-CVE-2021-42574.patch \	65	file://0003-CVE-2021-42574.patch \


diff --git a/meta/recipes-devtools/gcc/gcc/0031-gcc-sanitizers-fix.patch b/meta/recipes-devtools/gcc/gcc/0031-gcc-sanitizers-fix.patch new file mode 100644 index 0000000000..d63618132a --- /dev/null +++ b/meta/recipes-devtools/gcc/gcc/0031-gcc-sanitizers-fix.patch
@@ -0,0 +1,63 @@
		1	From fb77ca05ffb4f8e666878f2f6718a9fb4d686839 Mon Sep 17 00:00:00 2001
		2	From: Thurston Dang <thurston@google.com>
		3	Date: Thu, 13 Apr 2023 23:55:01 +0000
		4	Subject: [PATCH] Re-land 'ASan: move allocator base to avoid conflict with
		5	high-entropy ASLR for x86-64 Linux'
		6
		7	D147984 was reverted because it broke lit tests on Mac. This revision is based on D147984
		8	but maintains the old behavior for Apple.
		9
		10	Note that, per the follow-up discussion with MaskRay in D147984, this patch excludes Apple
		11	but includes other platforms (e.g., aarch64, MIPS64) and OSes (e.g., FreeBSD, S390X), not just
		12	x86-64 Linux.
		13
		14	Original commit message from D147984:
		15
		16	Users have discovered [*] that when CONFIG_ARCH_MMAP_RND_BITS == 32,
		17	it will frequently conflict with ASan's allocator on x86-64 Linux, because the
		18	PIE program segment base address of 0x555555555554 plus an ASLR shift of up to
		19	((2*32) 4K == 0x100000000000) will sometimes exceed ASan's hardcoded
		20	base address of 0x600000000000. We fix this by simply moving the allocator base
		21	to 0x500000000000, which is below the PIE program segment base address. This is
		22	cleaner than trying to move it to another location that is sandwiched between
		23	the PIE program and library segments, because if either of those grow too large,
		24	it will collide with the allocator region.
		25
		26	Note that we will never need to change this base address again (unless we want to increase
		27	the size of the allocator), because ASLR cannot be set above 32-bits for x86-64 Linux (the
		28	PIE program segment and library segments would collide with each other; see also
		29	ARCH_MMAP_RND_BITS_MAX in https://github.com/torvalds/linux/blob/master/arch/x86/Kconfig).
		30
		31	[*] see https://b.corp.google.com/issues/276925478
		32	and https://groups.google.com/a/google.com/g/chrome-os-gardeners/c/BbfzCP3dEeo/m/h3C_vVUxCQAJ
		33
		34	Differential Revision: https://reviews.llvm.org/D148280
		35
		36	Upstream-Status: Backport from llvm-project: https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
		37	Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com>
		38	---
		39	libsanitizer/asan/asan_allocator.h \| 8 ++++++--
		40	1 file changed, 6 insertions(+), 2 deletions(-)
		41
		42	diff --git a/libsanitizer/asan/asan_allocator.h b/libsanitizer/asan/asan_allocator.h
		43	index 0b4dbf03bb9d53..6a12a6c6025283 100644
		44	--- a/libsanitizer/asan/asan_allocator.h
		45	+++ b/libsanitizer/asan/asan_allocator.h
		46	@@ -143,11 +143,15 @@ typedef DefaultSizeClassMap SizeClassMap;
		47	const uptr kAllocatorSpace = ~(uptr)0;
		48	const uptr kAllocatorSize = 0x8000000000ULL; // 500G
		49	typedef DefaultSizeClassMap SizeClassMap;
		50	-# else
		51	+# elif SANITIZER_APPLE
		52	const uptr kAllocatorSpace = 0x600000000000ULL;
		53	const uptr kAllocatorSize = 0x40000000000ULL; // 4T.
		54	typedef DefaultSizeClassMap SizeClassMap;
		55	-# endif
		56	+# else
		57	+const uptr kAllocatorSpace = 0x500000000000ULL;
		58	+const uptr kAllocatorSize = 0x40000000000ULL; // 4T.
		59	+typedef DefaultSizeClassMap SizeClassMap;
		60	+# endif
		61	template <typename AddressSpaceViewTy>
		62	struct AP64 { // Allocator64 parameters. Deliberately using a short name.
		63	static const uptr kSpaceBeg = kAllocatorSpace;