From: Neil Horman Date: Thu, 14 Mar 2024 16:04:17 +0000 (-0400) Subject: Fix ASLR to be smaller during asan/tsan/ubsan runs X-Git-Tag: openssl-3.3.0-alpha1~16 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=37cd49f57f9ce4128381ca122b0ac8ca21395265;p=thirdparty%2Fopenssl.git Fix ASLR to be smaller during asan/tsan/ubsan runs Recently asan/tsan/ubsan runs have been failing randomly. It appears that a recent runner update may have led to the Address Space Layout Randomization setting in the linux kernel of ubuntu-latest runner getting set to too high a value (it defaults to 30). Such a setting leads to the possibility that a given application will have memory mapped to an address space that the sanitizer code typically uses to do its job. Lowering this value allows a/t/ubsan to work consistently again Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/23842) --- diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e21381ae980..cfab096ddf7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -205,6 +205,10 @@ jobs: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - name: config run: ./config --banner=Configured --debug enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump - name: make @@ -222,6 +226,10 @@ jobs: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - name: config run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump - name: make @@ -239,6 +247,10 @@ jobs: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - name: config run: ./config --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-nextprotoneg && perl configdata.pm --dump - name: make @@ -256,6 +268,10 @@ jobs: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - name: config # --debug -O1 is to produce a debug build that runs in a reasonable amount of time run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump @@ -274,6 +290,10 @@ jobs: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - name: config run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump - name: make diff --git a/.github/workflows/fuzz-checker.yml b/.github/workflows/fuzz-checker.yml index 766a4a1326e..08dc7d54dbe 100644 --- a/.github/workflows/fuzz-checker.yml +++ b/.github/workflows/fuzz-checker.yml @@ -48,6 +48,10 @@ jobs: run: | sudo apt-get update sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }} + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - uses: actions/checkout@v4 - name: config diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml index 6d400781222..5ad006e2692 100644 --- a/.github/workflows/run-checker-daily.yml +++ b/.github/workflows/run-checker-daily.yml @@ -269,6 +269,10 @@ jobs: uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - name: config run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-brotli -DPEDANTIC && perl configdata.pm --dump - name: make @@ -291,6 +295,10 @@ jobs: uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - name: config run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-zstd -DPEDANTIC && perl configdata.pm --dump - name: make diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml index c5958a5b997..e776d922390 100644 --- a/.github/workflows/run-checker-merge.yml +++ b/.github/workflows/run-checker-merge.yml @@ -38,6 +38,10 @@ jobs: ] runs-on: ubuntu-latest steps: + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora