diff options
| author | Neil Horman <nhorman@openssl.org> | 2024-03-14 12:04:17 -0400 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-03-15 08:47:24 +0100 |
| commit | 37cd49f57f9ce4128381ca122b0ac8ca21395265 (patch) | |
| tree | b4211ad00a566a5819a8636f18ac8e2f0427c451 | |
| parent | f08be096517f9bdae8a9d1d837748237db4d13a9 (diff) | |
Fix ASLR to be smaller during asan/tsan/ubsan runs
Recently asan/tsan/ubsan runs have been failing randomly. It appears
that a recent runner update may have led to the Address Space Layout
Randomization setting in the linux kernel of ubuntu-latest runner
getting set to too high a value (it defaults to 30). Such a setting
leads to the possibility that a given application will have memory
mapped to an address space that the sanitizer code typically uses to do
its job. Lowering this value allows a/t/ubsan to work consistently
again
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23842)
| -rw-r--r-- | .github/workflows/ci.yml | 20 | ||||
| -rw-r--r-- | .github/workflows/fuzz-checker.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/run-checker-daily.yml | 8 | ||||
| -rw-r--r-- | .github/workflows/run-checker-merge.yml | 4 |
4 files changed, 36 insertions, 0 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e21381ae98..cfab096ddf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -205,6 +205,10 @@ jobs: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - name: config run: ./config --banner=Configured --debug enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump - name: make @@ -222,6 +226,10 @@ jobs: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - name: config run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump - name: make @@ -239,6 +247,10 @@ jobs: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - name: config run: ./config --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-nextprotoneg && perl configdata.pm --dump - name: make @@ -256,6 +268,10 @@ jobs: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - name: config # --debug -O1 is to produce a debug build that runs in a reasonable amount of time run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump @@ -274,6 +290,10 @@ jobs: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - name: config run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump - name: make diff --git a/.github/workflows/fuzz-checker.yml b/.github/workflows/fuzz-checker.yml index 766a4a1326..08dc7d54db 100644 --- a/.github/workflows/fuzz-checker.yml +++ b/.github/workflows/fuzz-checker.yml @@ -48,6 +48,10 @@ jobs: run: | sudo apt-get update sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }} + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - uses: actions/checkout@v4 - name: config diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml index 6d40078122..5ad006e269 100644 --- a/.github/workflows/run-checker-daily.yml +++ b/.github/workflows/run-checker-daily.yml @@ -269,6 +269,10 @@ jobs: uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - name: config run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-brotli -DPEDANTIC && perl configdata.pm --dump - name: make @@ -291,6 +295,10 @@ jobs: uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - name: config run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-zstd -DPEDANTIC && perl configdata.pm --dump - name: make diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml index c5958a5b99..e776d92239 100644 --- a/.github/workflows/run-checker-merge.yml +++ b/.github/workflows/run-checker-merge.yml @@ -38,6 +38,10 @@ jobs: ] runs-on: ubuntu-latest steps: + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora |