#30614 closed defect (fixed)

Use MAP_INHERIT_NONE/ZERO if available instead of crashing on assertion failure

Reported by: riastradh Owned by:
Priority: Medium Milestone: Tor: 0.4.0.x-final
Component: Core Tor/Tor Version: Tor:
Severity: Normal Keywords: 040-backport 041-regression dgoulet-merge
Cc: Actual Points:
Parent ID: Points:
Reviewer: nickm Sponsor:


On NetBSD, the way to ask a page range be zero'd or unmapped on fork is minherit(addr, nbytes, MAP_INHERIT_ZERO) or minherit(addr, nbytes, MAP_INHERIT_NONE). However,

  • map_anon.c does not actually check for or use MAP_INHERIT_ZERO or MAP_INHERIT_NONE, so
  • FLAG_NOINHERIT is undefined, so
  • tor_mmap_anonymous fails to disinherit the mapping, so
  • crypto_fast_rng_new_from_seed throws a fit.
slow/prob_distr/stochastic_log_logistic: [forking] May 25 03:56:58.091 [err] tor_assertion_failed_(): Bug: src/lib/crypt_ops/crypto_rand_fast.c:184: crypto_fast_rng_new_from_seed: Assertion inherit != INHERIT_RES_KEEP failed; aborting. (on Tor 29955f13e5bc8e61)
May 25 03:56:58.091 [err] Bug: Assertion inherit != INHERIT_RES_KEEP failed in crypto_fast_rng_new_from_seed at src/lib/crypt_ops/crypto_rand_fast.c:184: . (Stack trace not available) (on Tor 29955f13e5bc8e61)
[Lost connection!]

The attached patch checks for and uses MAP_INHERIT_ZERO and MAP_INHERIT_NONE. However, it does not adjust the code path that gets confused if tor_mmap_anonymous fails to disinherit the mapping, which might be worth doing too, perhaps earlier on by detecting and noisily reporting a lack of support for cutting off the hereditary concentration of wealth, or at least secrets, in society before it's too late.

Child Tickets

Attachments (1)

map-inherit.patch (1.4 KB) - added by riastradh 15 months ago.
check for and use MAP_INHERIT_NONE/ZERO

Download all attachments as: .zip

Change History (7)

Changed 15 months ago by riastradh

Attachment: map-inherit.patch added

check for and use MAP_INHERIT_NONE/ZERO

comment:1 Changed 15 months ago by nickm

Keywords: 041-must 040-backport? 041-regression? added
Milestone: Tor: 0.4.1.x-final

comment:2 Changed 15 months ago by nickm

Reviewer: nickm
Status: newneeds_review

comment:3 Changed 15 months ago by nickm

Keywords: 040-backport 041-regression dgoulet-merge added; 040-backport? 041-regression? removed
Status: needs_reviewmerge_ready

I've put this in a branch bug30614_040 for CI, and made a PR at https://github.com/torproject/tor/pull/1049 . If it passes, let's merge it.

I'm opening a new ticket for the improved warning at #30686

comment:4 Changed 15 months ago by dgoulet

Milestone: Tor: 0.4.1.x-finalTor: 0.4.0.x-final

Merged into master. Going to 040 milestone for backport.

comment:5 Changed 15 months ago by nickm

Keywords: 041-must removed

comment:6 Changed 12 months ago by teor

Resolution: fixed
Status: merge_readyclosed

Backported to 0.4.0.
Merged with the other 0.3.5 and 0.4.0 backports on 2019-08-12.

Note: See TracTickets for help on using tickets.