Make stack depth check work with asan's use-after-return

With address sanitizer's stack-use-after-return check, stack variables are
moved to heap allocations, to allow to detect references to the memory at a
later time. That broke our stack-depth check, which is why we had to disable
detect_stack_use_after_return in CI. Luckily __builtin_frame_address() works
correctly, even under asan, so use that.

We started using __builtin_frame_address() with de447bb8e6fb, however as of
that commit we just used it for the stack base address, not for the value to
compare to the base address.  Now we use it for both.

When building without __builtin_frame_address() support, we continue to use
stack variables for the stack depth determination.

Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://postgr.es/m/2kk4z4odvuyrg7qlwjd7ft4eron4cle4btb33v4qatgsdkayir@gj6e62rgsel4
Backpatch-through: 14

diff --git a/.cirrus.tasks.yml b/.cirrus.tasks.yml
index 7fa2bea366d7b320db1e97a0bb1c54370673d4ee..a32848cc3f4a6ce2e4cd966a5078dc477278e82c 100644 (file)
--- a/.cirrus.tasks.yml
+++ b/.cirrus.tasks.yml
@@ -271,7 +271,7 @@ task:
     # print_stacktraces=1,verbosity=2, duh
     # detect_leaks=0: too many uninteresting leak errors in short-lived binaries
     UBSAN_OPTIONS: print_stacktrace=1:disable_coredump=0:abort_on_error=1:verbosity=2
-    ASAN_OPTIONS: print_stacktrace=1:disable_coredump=0:abort_on_error=1:detect_leaks=0:detect_stack_use_after_return=0
+    ASAN_OPTIONS: print_stacktrace=1:disable_coredump=0:abort_on_error=1:detect_leaks=0
 
     # SANITIZER_FLAGS is set in the tasks below
     CFLAGS: -Og -ggdb -fno-sanitize-recover=all $SANITIZER_FLAGS

diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c
index 73d6a6194f1e6fbce554a46bfb310e870acae3ee..7ba3e283dc3f3442cd3f04c30540d0277f74eb02 100644 (file)
--- a/src/backend/tcop/postgres.c
+++ b/src/backend/tcop/postgres.c
@@ -3495,7 +3495,8 @@ set_stack_base(void)
        /*
         * Set up reference point for stack depth checking.  On recent gcc we use
         * __builtin_frame_address() to avoid a warning about storing a local
-        * variable's address in a long-lived variable.
+        * variable's address in a long-lived variable.  This is also important
+        * with address sanitizer, see comment in stack_is_too_deep().
         */
 #ifdef HAVE__BUILTIN_FRAME_ADDRESS
        stack_base_ptr = __builtin_frame_address(0);
@@ -3549,13 +3550,28 @@ check_stack_depth(void)
 bool
 stack_is_too_deep(void)
 {
+#ifndef HAVE__BUILTIN_FRAME_ADDRESS
        char            stack_top_loc;
+#endif
        long            stack_depth;
+       char       *stack_address;
+
+       /*
+        * With address sanitizer's stack-use-after-return check, stack variables
+        * are moved to heap allocations, to allow to detect references to the
+        * memory at a later time. That would break our stack-depth check. Luckily
+        * __builtin_frame_address() works correctly, even under asan.
+        */
+#ifndef HAVE__BUILTIN_FRAME_ADDRESS
+       stack_address = &stack_top_loc;
+#else
+       stack_address = (char *) __builtin_frame_address(0);
+#endif
 
        /*
-        * Compute distance from reference point to my local variables
+        * Compute distance from reference point to my stack frame.
         */
-       stack_depth = (long) (stack_base_ptr - &stack_top_loc);
+       stack_depth = (long) (stack_base_ptr - stack_address);
 
        /*
         * Take abs value, since stacks grow up on some machines, down on others