[Tsan] Why Tsan disable ASLR?

[847567161]

Hi guys, 

I have some questions about tsan:

1、Why Tsan disable ASLR?

2、How does the kernel ensure that the mapping of files is done according to the requirements of `CheckAndProtect` in Tsan

[Dmitry Vyukov]

On Wed, 13 Mar 2024 at 11:41, '847567161' via thread-sanitizer
<thread-s...@googlegroups.com> wrote:
>
> Hi guys,
> I have some questions about tsan:
> 1、Why Tsan disable ASLR?

See your question 2.

> 2、How does the kernel ensure that the mapping of files is done according to the requirements of `CheckAndProtect` in Tsan

See your question 1 :)

On a serious note: disabling ASLR helps to ensure things are mapped
where we expect them.

Other than that, sanitizers don't ensure that, they just rely on the
way the kernel maps things (which is not random).

[Dmitry Vyukov]

+thread-sanitizer mailing list back (please keep in CC)

+Thurston do we have any public links to the recent ASLR issues in
Chromium/V8? Your fixes are supposed to resolve issues on the newer
kernels, right?



On Wed, 13 Mar 2024 at 12:20, 847567161 <8475...@qq.com> wrote:
>
> could you give more details about fast check?what's offset do you mean?
>
> ---Original---
> From: "Dmitry Vyukov"<dvy...@google.com>
> Date: Wed, Mar 13, 2024 19:11 PM
> To: "847567161"<8475...@qq.com>;
> Subject: Re: [Tsan] Why Tsan disable ASLR?
>
> On Wed, 13 Mar 2024 at 12:08, 847567161 <8475...@qq.com> wrote:
> >
> > 1、Why do we need to map to the fixed address we expect? What is the purpose?
>
> This leads to faster checks (offset is encoded in instructions and we
> don't need to load it from a global variable).
>
> > 2、Could you tell me where the kernel describes the mapping area of file in non-ALSR scene ？
>
> I don't have the location off the top of my head.
>
>
> > ------------------ 原始邮件 ------------------
> > 发件人: "Dmitry Vyukov" ;
> > 发送时间: 2024年3月13日(星期三) 晚上6:43
> > 收件人: "847567161"<8475...@qq.com>;
> > 抄送: "thread-sanitizer"<thread-s...@googlegroups.com>;
> > 主题: Re: [Tsan] Why Tsan disable ASLR?

[Thurston Dang]

On Wed, Mar 13, 2024 at 4:23 AM Dmitry Vyukov <dvy...@google.com> wrote:

+thread-sanitizer mailing list back (please keep in CC)

+Thurston do we have any public links to the recent ASLR issues in
Chromium/V8? Your fixes are supposed to resolve issues on the newer
kernels, right?

The Chromium issue is non-public (https://bugs.chromium.org/p/chromium/issues/detail?id=1496730) but there have been public reports by other users that recent Linux distros have increased the ASLR entropy (https://github.com/google/sanitizers/issues/1716), and that it can be fixed by either disabling ASLR or reducing ASLR entropy back to the less aggressive setting.

(N.B. I think it's a distro-specific change; AFAICS, the kernel has not changed the default setting of ARCH_MMAP_RND_BITS setting: https://elixir.bootlin.com/linux/v6.6.6/source/arch/Kconfig#L1031)