Opened 5 years ago

Closed 2 years ago

#13499 closed enhancement (worksforme)

Generate usable coredumps when using ASAN.

Reported by: yawning Owned by:
Priority: Low Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Normal Keywords:
Cc: starlight, isis Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Migrating this from starlight's comments in #13471:

As a point of interest, this bug handily facilitated the completion of a goal I've had to configure useable core-dumps on the stripped-down production relay system.

The key bit was an undocumented ASAN environment option:

unmap_shadow_on_exit=1

per

https://code.google.com/p/address-sanitizer/issues/detail?id=345

so running with

ASAN_OPTIONS="disable_core=0:unmap_shadow_on_exit=1:abort_on_error=1"

I was finally able to obtain a good core file of this particular event. Then one brings the chroot_tor jail over to the dev system and can use gdb to examine the file. E.G.

Ed: GDB session omitted

Had to add libthread_db-1.0.so to the copy of the jail for 'gdb'.

Of course the point of all this is to obtain core files that can be used for postmortem analysis a one-off failures that may be impossible to reproduce.

I'll have to take a look at --enable-expensive-hardening.

I see in

gcc-4.9.1/libsanitizer/include/sanitizer/asan_interface.h

  // This function may be optionally provided by user and should return
  // a string containing ASan runtime options. See asan_flags.h for details.
  const char* __asan_default_options();

which seems like it will do the job. Be aware that many references are made in web-postings regarding ASAN to usage similar to

#if defined(__has_feature)
#if __has_feature(address_sanitizer)
  __sanitizer_sandbox_on_notify(NULL);
#endif
#endif

which I call to allow ASAN to work with /chroot_tor/proc unmounted after startup, but the conditional compile is specific to CLANG and does not work for GCC. You should create your own -DASANFLAG conditional compilation flag. I only just figured this out and the above code was not working at all though I was laboring under the misconception that it was.

Also be sure to either direct stdout/stderr to a file (as in my patch above) or configure the "log_path" ASAN option or ASAN will not work. I favor standard I/O since sometimes glibc will write a message that may be of value.

Note all of the options should be used

ASAN_OPTIONS="disable_core=0:unmap_shadow_on_exit=1:abort_on_error=1"

Apparently abort_on_error=1 is necessary for SEGV traps to produce a core per the Google code issue linked above.

Child Tickets

Change History (2)

comment:1 Changed 5 years ago by isis

Cc: isis added

comment:2 Changed 2 years ago by nickm

Resolution: worksforme
Severity: Normal
Status: newclosed

The history on the code.google.com bug indicates that the correct fix was merged upstream to clang and gcc, so I'm going to suggest that the answer here is "worksforme."

Note: See TracTickets for help on using tickets.