git: bf1a58efa081 - stable/12 - sanitizers: Improve FreeBSD ASLR detection
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 02 Feb 2022 01:17:44 UTC
The branch stable/12 has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=bf1a58efa081ff4fe5ef0a679c56667f9c46235b
commit bf1a58efa081ff4fe5ef0a679c56667f9c46235b
Author: Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2022-01-18 00:00:35 +0000
Commit: Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-02-02 01:14:13 +0000
sanitizers: Improve FreeBSD ASLR detection
The kern.elf64.aslr.pie_enable and kern.elf32.aslr.pie_enable sysctls
control the default setting for PIE binary address randomization, but
it is possible to enable or disable ASLR on a per-process basis. Use
procctl(2) to query whether ASLR is enabled.
(Note that with ASLR enabled but sysctl kern.elf64.aslr.pie_enable=0
a PIE binary will in effect have randomization disabled, and be
functional with msan. This is not intended as as a user-facing control
though. The user can use proccontrol(1) to disable aslr for the
process.)
Approved by: dim
Obtained from: LLVM 64de0064f315f57044294879d9ff4eacb454d45b
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33933
(cherry picked from commit 7cafe89f9ce33effe6e471b185339d413da1ca46)
---
.../lib/sanitizer_common/sanitizer_linux.cpp | 25 +++++-----------------
1 file changed, 5 insertions(+), 20 deletions(-)
diff --git a/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp b/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp
index 9b7d87eb85e1..09b3f31831df 100644
--- a/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp
+++ b/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp
@@ -80,6 +80,7 @@
#if SANITIZER_FREEBSD
#include <sys/exec.h>
+#include <sys/procctl.h>
#include <sys/sysctl.h>
#include <machine/atomic.h>
extern "C" {
@@ -2187,30 +2188,14 @@ void CheckASLR() {
ReExec();
}
#elif SANITIZER_FREEBSD
- int aslr_pie;
- uptr len = sizeof(aslr_pie);
-#if SANITIZER_WORDSIZE == 64
- if (UNLIKELY(internal_sysctlbyname("kern.elf64.aslr.pie_enable",
- &aslr_pie, &len, NULL, 0) == -1)) {
+ int aslr_status;
+ if (UNLIKELY(procctl(P_PID, 0, PROC_ASLR_STATUS, &aslr_status) == -1)) {
// We're making things less 'dramatic' here since
- // the OID is not necessarily guaranteed to be here
+ // the cmd is not necessarily guaranteed to be here
// just yet regarding FreeBSD release
return;
}
-
- if (aslr_pie > 0) {
- Printf("This sanitizer is not compatible with enabled ASLR "
- "and binaries compiled with PIE\n");
- Die();
- }
-#endif
- // there might be 32 bits compat for 64 bits
- if (UNLIKELY(internal_sysctlbyname("kern.elf32.aslr.pie_enable",
- &aslr_pie, &len, NULL, 0) == -1)) {
- return;
- }
-
- if (aslr_pie > 0) {
+ if ((aslr_status & PROC_ASLR_ACTIVE) != 0) {
Printf("This sanitizer is not compatible with enabled ASLR "
"and binaries compiled with PIE\n");
Die();