[tor-bugs] #13499 [Tor]: Generate usable coredumps when using ASAN.

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Oct 20 15:12:33 UTC 2014 

#13499: Generate usable coredumps when using ASAN.
-------------------------+----------------------------------
 Reporter:  yawning      |          Owner:
     Type:  enhancement  |         Status:  new
 Priority:  minor        |      Milestone:  Tor: unspecified
Component:  Tor          |        Version:  Tor: unspecified
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+----------------------------------
 Migrating this from starlight's comments in #13471:

 > As a point of interest, this bug handily facilitated the completion of a
 goal I've had to configure useable core-dumps on the stripped-down
 production relay system.
 >
 > The key bit was an undocumented ASAN environment option:
 >
 > unmap_shadow_on_exit=1
 >
 > per
 >
 > https://code.google.com/p/address-sanitizer/issues/detail?id=345
 >
 > so running with
 >
 > ASAN_OPTIONS="disable_core=0:unmap_shadow_on_exit=1:abort_on_error=1"
 >
 > I was finally able to obtain a good core file of this particular event.
 Then one brings the chroot_tor jail over to the dev system  and can use
 gdb to examine the file.  E.G.
 >
 > '''Ed: GDB session omitted'''
 >
 > Had to add libthread_db-1.0.so to the copy of the jail for 'gdb'.
 >
 > Of course the point of all this is to obtain core files that can be used
 for postmortem analysis a one-off failures that may be impossible to
 reproduce.

 > I'll have to take a look at --enable-expensive-hardening.
 >
 > I see in
 >
 > gcc-4.9.1/libsanitizer/include/sanitizer/asan_interface.h
 >
 > {{{
 >   // This function may be optionally provided by user and should return
 >   // a string containing ASan runtime options. See asan_flags.h for
 details.
 >   const char* __asan_default_options();
 > }}}
 >
 > which seems like it will do the job.  Be aware that many references are
 made in web-postings regarding ASAN to usage similar to
 >
 > {{{
 > #if defined(__has_feature)
 > #if __has_feature(address_sanitizer)
 >   __sanitizer_sandbox_on_notify(NULL);
 > #endif
 > #endif
 > }}}
 >
 > which I call to allow ASAN to work with `/chroot_tor/proc` unmounted
 after startup, but the conditional compile is specific to CLANG and does
 not work for GCC.  You should create your own -DASANFLAG conditional
 compilation flag.  I only just figured this out and the above code was not
 working at all though I was laboring under the misconception that it was.
 >
 > Also be sure to either direct stdout/stderr to a file (as in my patch
 above) or configure the "log_path" ASAN option or ASAN will not work.  I
 favor standard I/O since sometimes glibc will write a message that may be
 of value.

 > Note all of the options should be used
 >
 > {{{
 > ASAN_OPTIONS="disable_core=0:unmap_shadow_on_exit=1:abort_on_error=1"
 > }}}
 >
 > Apparently `abort_on_error=1` is necessary for SEGV traps to produce a
 core per the Google code issue linked above.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13499>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list