New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 806604 link

Starred by 1 user
Status: Fixed
Owner:
ejcaruso@chromium.org
Closed: Feb 2018
Cc:
llozano@chromium.org
apronin@chromium.org
ejcaruso@chromium.org
rahulchaudhry@chromium.org
manojgupta@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

chaps failing in asan

Project Member Reported by manojgupta@chromium.org, Jan 28 2018 
https://build.chromium.org/p/chromiumos/builders/amd64-generic-asan/builds/23095

chaps-0.0.1-r2629:  * ASAN error detected:
chaps-0.0.1-r2629:  * /mnt/host/source/src/platform2/chaps/object_mock.h:133:12: runtime error: load of misaligned address 0x7ffc8f7f66e1 for type 'const int', which requires 4 byte alignment
chaps-0.0.1-r2629:  * 0x7ffc8f7f66e1: note: pointer points here
chaps-0.0.1-r2629:  *  00 00 00  08 03 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  d2 a7 5f fd 81
chaps-0.0.1-r2629:  *               ^
chaps-0.0.1-r2629:  * SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /mnt/host/source/src/platform2/chaps/object_mock.h:133:12 in
chaps-0.0.1-r2629:  * /../../../../../../../../mnt/host/source/src/platform2/chaps/object_impl.cc:165:20 in
chaps-0.0.1-r2629:  * ../../../../../../../../../mnt/host/source/src/platform2/chaps/object_impl.cc:163:20: runtime error: load of misaligned address 0x606000001849 for type 'const uint16_t' (aka 'const unsigned short'), which requires 2 byte alignment
chaps-0.0.1-r2629:  * 0x606000001849: note: pointer points here
chaps-0.0.1-r2629:  *  00 00 00  04 0a 0a 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00
chaps-0.0.1-r2629:  *               ^
chaps-0.0.1-r2629:  * SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../../../../../../../../mnt/host/source/src/platform2/chaps/object_impl.cc:163:20 in
chaps-0.0.1-r2629:  * ../../../../../../../../../mnt/host/source/src/platform2/chaps/object_impl.cc:164:20: runtime error: load of misaligned address 0x606000001849 for type 'const uint32_t' (aka 'const unsigned int'), which requires 4 byte alignment
chaps-0.0.1-r2629:  * 0x606000001849: note: pointer points here
chaps-0.0.1-r2629:  *  00 00 00  08 0a 0a 0a 0a 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00
chaps-0.0.1-r2629:  *               ^
chaps-0.0.1-r2629:  * SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../../../../../../../../mnt/host/source/src/platform2/chaps/object_impl.cc:164:20 in
chaps-0.0.1-r2629:  * ASAN error detected:
chaps-0.0.1-r2629:  * ../../../../../../../../../mnt/host/source/src/platform2/chaps/object_impl.cc:165:20: runtime error: load of misaligned address 0x606000000409 for type 'const uint64_t' (aka 'const unsigned long'), which requires 8 byte alignment
chaps-0.0.1-r2629:  * 0x606000000409: note: pointer points here
chaps-0.0.1-r2629:  *  00 00 00  10 01 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  b9 96 6e cc 00
chaps-0.0.1-r2629:  *               ^
chaps-0.0.1-r2629:  * SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../../../../../../../../mnt/host/source/src/platform2/chaps/object_impl.cc:165:20 in
chaps-0.0.1-r2629:  * The complete build log is located at '/build/amd64-generic/tmp/portage/logs/chromeos-base:chaps-0.0.1-r2629:20180128-143103.log'.

Comment 1 by manojgupta@chromium.org, Jan 28 2018

Cc: ejcaruso@chromium.org
Owner: ejcaruso@chromium.org
ejcaruso@ Assigning to you since you seem to be active in chaps.

Comment 2 by ejcaruso@chromium.org, Jan 29 2018

Cc: apronin@chromium.org
How do I run asan tests for chaps locally? Is it just inclusion of USE=asan? Thanks!

Comment 3 by manojgupta@chromium.org, Jan 29 2018

Cc: llozano@chromium.org
I think the following should work:
FEATURES="test" USE="asan" emerge-$BOARD chaps.

Comment 4 by ejcaruso@chromium.org, Jan 29 2018 

I assume amd64 uses tpm1, so I'll try this locally on cyan. If not I have other boards I can try it on.

Comment 5 by ejcaruso@chromium.org, Jan 29 2018 

Looks like this is intentional. The code in question is deserializing some data which was packed into a std::string:

// from object.h
typedef std::map<CK_ATTRIBUTE_TYPE, std::string> AttributeMap;

// from object_impl.cc
int ObjectImpl::GetAttributeInt(CK_ATTRIBUTE_TYPE type,
                                int default_value) const {
  AttributeMap::const_iterator it = attributes_.find(type);
  if (it == attributes_.end())
    return default_value;
  switch (it->second.length()) {
    case 1: return it->second[0];
    case 2: return *reinterpret_cast<const uint16_t*>(it->second.data());
    case 4: return *reinterpret_cast<const uint32_t*>(it->second.data());
    case 8: return *reinterpret_cast<const uint64_t*>(it->second.data());
    default:
      LOG(WARNING) << "GetAttributeInt: invalid length: "
                   << it->second.length();
  }
  return default_value;
}

// and those were stored here
void ObjectImpl::SetAttributeInt(CK_ATTRIBUTE_TYPE type, int value) {
  CK_ULONG long_value = value;
  attributes_[type] = string(reinterpret_cast<const char*>(&long_value),
                             sizeof(CK_ULONG));
}

We can fix this by doing the number-to-byte-string conversion more explicitly.

Comment 6 by manojgupta@chromium.org, Jan 29 2018 

Unaligned loads can be problematic if compiler generated SSE loads.

The following should let compiler know that the address might be unaligned:
#define UNALIGNED __attribute__((aligned(1))

-    case 8: return *reinterpret_cast<const uint64_t*>(it->second.data());
+    case 8: return *reinterpret_cast<const UNALIGNED uint64_t*>(it->second.data());
Project Member

Comment 7 by bugdroid1@chromium.org, Feb 1 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/85b5c83dba62a690b93c2fb17211aff499ca95ea

commit 85b5c83dba62a690b93c2fb17211aff499ca95ea
Author: Eric Caruso <ejcaruso@chromium.org>
Date: Thu Feb 01 10:41:55 2018

chaps: fix up some types and ASAN tests

We were using int in some places where we should have been using
CK_ULONG, which meant there were potentially narrowing conversions
in some attribute retrieval operations. In addition, fetching
CK_ULONGs from strings should be done in a way which does not break
ASAN.

BUG= chromium:806604 
TEST=asan unit tests

Change-Id: I18396cc9c2d72deaf6945896a31b4f78a787c2bd
Reviewed-on: https://chromium-review.googlesource.com/891585
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Eric Caruso <ejcaruso@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>

[modify] https://crrev.com/85b5c83dba62a690b93c2fb17211aff499ca95ea/chaps/object_pool_impl.cc
[modify] https://crrev.com/85b5c83dba62a690b93c2fb17211aff499ca95ea/chaps/session_test.cc
[modify] https://crrev.com/85b5c83dba62a690b93c2fb17211aff499ca95ea/chaps/object_impl.h
[modify] https://crrev.com/85b5c83dba62a690b93c2fb17211aff499ca95ea/chaps/object.h
[modify] https://crrev.com/85b5c83dba62a690b93c2fb17211aff499ca95ea/chaps/object_impl.cc
[modify] https://crrev.com/85b5c83dba62a690b93c2fb17211aff499ca95ea/chaps/session_impl.cc
[modify] https://crrev.com/85b5c83dba62a690b93c2fb17211aff499ca95ea/chaps/chaps_utility.h
[modify] https://crrev.com/85b5c83dba62a690b93c2fb17211aff499ca95ea/chaps/object_mock.h

Comment 8 by ejcaruso@chromium.org, Feb 1 2018

Status: Fixed (was: Untriaged)

Comment 9 by manojgupta@chromium.org, Mar 15 2018

Labels: libcxx_asan

Sign in to add a comment