mojo_core_unittests failing on the Linux CFI buildbot |
||||||
Issue descriptionFirst failing build is https://ci.chromium.org/buildbot/chromium.memory/Linux%20CFI/8387, but that's where Nico added mojo_core_unittests to the bot. The report itself is as follows: ../../mojo/public/c/system/thunks.cc:71:5: runtime error: control flow integrity check for type 'void (MojoSystemThunks *)' failed during indirect function call (libmojo_core.so+0x6a580): note: (unknown) defined here #0 0x53a19e (/b/s/w/ir/out/Release/mojo_core_unittests+0x53a19e) #1 0x539d1c (/b/s/w/ir/out/Release/mojo_core_unittests+0x539d1c) #2 0x3a2cef (/b/s/w/ir/out/Release/mojo_core_unittests+0x3a2cef) #3 0x7fefa5119f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #4 0x382029 (/b/s/w/ir/out/Release/mojo_core_unittests+0x382029) Error: failed to symbolize snippets in JSON: Traceback (most recent call last): File "/b/s/w/ir/tools/valgrind/asan/asan_symbolize.py", line 245, in <module> main() File "/b/s/w/ir/tools/valgrind/asan/asan_symbolize.py", line 238, in main symbolize_snippets_in_json(args.test_summary_json_file, loop) File "/b/s/w/ir/tools/valgrind/asan/asan_symbolize.py", line 194, in symbolize_snippets_in_json with open(filename, 'r') as f: IOError: [Errno 2] No such file or directory: '/b/s/w/iofN02Bb/output.json' Traceback (most recent call last): File "../../testing/test_env.py", line 280, in <module> sys.exit(main()) File "../../testing/test_env.py", line 276, in main return run_executable(sys.argv[1:], os.environ.copy()) File "../../testing/test_env.py", line 266, in run_executable symbolize_snippets_in_json(cmd, env) File "../../testing/test_env.py", line 172, in symbolize_snippets_in_json raise subprocess.CalledProcessError(p.returncode, symbolize_command) subprocess.CalledProcessError: Command '['/b/s/w/ir/.swarming_module_cache/vpython/73deba/bin/python', '/b/s/w/ir/tools/valgrind/asan/asan_symbolize.py', '--test-summary-json-file=/b/s/w/iofN02Bb/output.json', '--executable-path=./mojo_core_unittests']' returned non-zero exit status 1
,
Jun 7 2018
So the function tripping CFI (and in fact the entire function table to which it belongs) is resolved dynamically from a DSO. Am I correct in understanding that we essentially need to move the Mojo symbol table into ProtectedMemory when loading it dynamically like this? i.e. something like https://chromium-review.googlesource.com/c/chromium/src/+/1000426
,
Jun 7 2018
,
Jun 7 2018
Yes, generally if there's a cross-DSO icall it needs to use ProtectedMemory.
,
Jun 8 2018
rockot, if this is taking a while to fix, should we add CFI to mojo_core_unittests's exceptions in testing/buildbot/test_suite_exceptions.pyl to green up the bot?
,
Jun 8 2018
That SGTM - I don't really have time to fix it this week, but probably soon after.
,
Jun 8 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/018c6638b34a8154cd21ef2d846c49253d2c5814 commit 018c6638b34a8154cd21ef2d846c49253d2c5814 Author: Nico Weber <thakis@chromium.org> Date: Fri Jun 08 17:10:30 2018 Disable mojo_core_unittests on the CFI bots for now. Bug: 850464 Change-Id: I06e41f5f1d06d4397182b57883543d8a9e0680bf Reviewed-on: https://chromium-review.googlesource.com/1093063 Reviewed-by: Ken Rockot <rockot@chromium.org> Commit-Queue: Nico Weber <thakis@chromium.org> Cr-Commit-Position: refs/heads/master@{#565663} [modify] https://crrev.com/018c6638b34a8154cd21ef2d846c49253d2c5814/testing/buildbot/chromium.clang.json [modify] https://crrev.com/018c6638b34a8154cd21ef2d846c49253d2c5814/testing/buildbot/chromium.fyi.json [modify] https://crrev.com/018c6638b34a8154cd21ef2d846c49253d2c5814/testing/buildbot/chromium.memory.json [modify] https://crrev.com/018c6638b34a8154cd21ef2d846c49253d2c5814/testing/buildbot/test_suite_exceptions.pyl
,
Jun 19 2018
Bots seem happy.
,
Jun 19 2018
Doh. Misread my stuff, CL hasn't even landed yet. XD https://chromium-review.googlesource.com/c/chromium/src/+/1105301 incoming.
,
Jun 19 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d929779dfb995e11090f2499f3a08e9c46daa18f commit d929779dfb995e11090f2499f3a08e9c46daa18f Author: Ken Rockot <rockot@chromium.org> Date: Tue Jun 19 16:31:32 2018 Fix and re-enable mojo_core_unittests on CFI bots Adapts dynamic mojo_core library thunking to use base::ProtectedMemory for function table storage and exempts the calls from cfi-icall checks. Bug: 850464 Change-Id: I8e7d8dbcb4d312e089bdee830e89ed973ae5727e Reviewed-on: https://chromium-review.googlesource.com/1105301 Reviewed-by: Nico Weber <thakis@chromium.org> Reviewed-by: Jay Civelli <jcivelli@chromium.org> Commit-Queue: Ken Rockot <rockot@chromium.org> Cr-Commit-Position: refs/heads/master@{#568483} [modify] https://crrev.com/d929779dfb995e11090f2499f3a08e9c46daa18f/mojo/public/c/system/thunks.cc [modify] https://crrev.com/d929779dfb995e11090f2499f3a08e9c46daa18f/testing/buildbot/chromium.clang.json [modify] https://crrev.com/d929779dfb995e11090f2499f3a08e9c46daa18f/testing/buildbot/chromium.memory.json [modify] https://crrev.com/d929779dfb995e11090f2499f3a08e9c46daa18f/testing/buildbot/test_suite_exceptions.pyl
,
Jun 19 2018
Bots seem happy for real. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by thakis@chromium.org
, Jun 7 2018Labels: OS-Linux