compiler-rt: avoid segfaults when re-exec'ing with ASLR

DimitryAndric · DimitryAndric · commit 4c9a0adad182 · 2023-11-22T19:23:06.000+01:00
After 930a7c2 ("compiler-rt: re-exec with ASLR disabled when necessary") and 96fe7c8 ("compiler-rt: support ReExec() on FreeBSD"), binaries linked against the sanitizer libraries may segfault due to procctl(2) being intercepted. Instead, the non-intercepted internal_procctl() should be called. Similarly, the ReExec() function that re-executes the binary after turning off ASLR should not call elf_aux_info(3) and realpath(3), since these will also be intercepted. Instead, loop directly over the elf aux info vector to find the executable path, and avoid calling realpath(3) since it is actually unwanted for this use case. Fixes: 930a7c2, 96fe7c8 MFC after: 3 days
diff --git a/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp b/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp
@@ -2323,7 +2323,7 @@ void CheckASLR() {
                "and binaries compiled with PIE\n"
                "ASLR will be disabled and the program re-executed.\n");
     int aslr_ctl = PROC_ASLR_FORCE_DISABLE;
-    CHECK_NE(procctl(P_PID, 0, PROC_ASLR_CTL, &aslr_ctl), -1);
+    CHECK_NE(internal_procctl(P_PID, 0, PROC_ASLR_CTL, &aslr_ctl), -1);
     ReExec();
   }
 #  elif SANITIZER_PPC64V2
diff --git a/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp b/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp
@@ -56,6 +56,7 @@
 // that, it was never implemented. So just define it to zero.
 #undef MAP_NORESERVE
 #define MAP_NORESERVE 0
+extern const Elf_Auxinfo *__elf_aux_vector;
 #endif
 
 #if SANITIZER_NETBSD
@@ -947,11 +948,11 @@ void ReExec() {
   const char *pathname = "/proc/self/exe";
 
 #if SANITIZER_FREEBSD
-  char exe_path[PATH_MAX];
-  if (elf_aux_info(AT_EXECPATH, exe_path, sizeof(exe_path)) == 0) {
-    char link_path[PATH_MAX];
-    if (realpath(exe_path, link_path))
-      pathname = link_path;
+  for (const auto *aux = __elf_aux_vector; aux->a_type != AT_NULL; aux++) {
+    if (aux->a_type == AT_EXECPATH) {
+      pathname = static_cast<const char *>(aux->a_un.a_ptr);
+      break;
+    }
   }
 #elif SANITIZER_NETBSD
   static const int name[] = {

Original file line number	Diff line number	Diff line change
`@@ -2323,7 +2323,7 @@ void CheckASLR() {`
`2323`	`2323`	`"and binaries compiled with PIE\n"`
`2324`	`2324`	`"ASLR will be disabled and the program re-executed.\n");`
`2325`	`2325`	`int aslr_ctl = PROC_ASLR_FORCE_DISABLE;`
`2326`		`- CHECK_NE(procctl(P_PID, 0, PROC_ASLR_CTL, &aslr_ctl), -1);`
	`2326`	`+ CHECK_NE(internal_procctl(P_PID, 0, PROC_ASLR_CTL, &aslr_ctl), -1);`
`2327`	`2327`	`ReExec();`
`2328`	`2328`	`}`
`2329`	`2329`	`# elif SANITIZER_PPC64V2`