diff options
author | Neil Horman <nhorman@openssl.org> | 2024-03-14 12:04:17 -0400 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-03-15 08:51:37 +0100 |
commit | f990d1684a674474d53c79531596e88861334e0c (patch) | |
tree | 39e8ec2ac153c109fb3b852dc3a0c38ca6d84eb7 | |
parent | 17d12183797033f55aec03376ffd3969cd703c0e (diff) |
Fix ASLR to be smaller during asan/tsan/ubsan runs
Recently asan/tsan/ubsan runs have been failing randomly. It appears
that a recent runner update may have led to the Address Space Layout
Randomization setting in the linux kernel of ubuntu-latest runner
getting set to too high a value (it defaults to 30). Such a setting
leads to the possibility that a given application will have memory
mapped to an address space that the sanitizer code typically uses to do
its job. Lowering this value allows a/t/ubsan to work consistently
again
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23842)
(cherry picked from commit 37cd49f57f9ce4128381ca122b0ac8ca21395265)
-rw-r--r-- | .github/workflows/ci.yml | 16 | ||||
-rw-r--r-- | .github/workflows/fuzz-checker.yml | 4 | ||||
-rw-r--r-- | .github/workflows/run-checker-merge.yml | 4 |
3 files changed, 24 insertions, 0 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6952a65ce7..7e99dedf7c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -161,6 +161,10 @@ jobs: runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - name: config run: ./config --banner=Configured --debug enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump - name: make @@ -172,6 +176,10 @@ jobs: runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - name: config run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump - name: make @@ -183,6 +191,10 @@ jobs: runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - name: config # --debug -O1 is to produce a debug build that runs in a reasonable amount of time run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump @@ -195,6 +207,10 @@ jobs: runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - name: config run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump - name: make diff --git a/.github/workflows/fuzz-checker.yml b/.github/workflows/fuzz-checker.yml index 3e84fdbac6..8d48262265 100644 --- a/.github/workflows/fuzz-checker.yml +++ b/.github/workflows/fuzz-checker.yml @@ -48,6 +48,10 @@ jobs: run: | sudo apt-get update sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }} + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - uses: actions/checkout@v4 - name: config diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml index 7154b6b62d..b18c62299f 100644 --- a/.github/workflows/run-checker-merge.yml +++ b/.github/workflows/run-checker-merge.yml @@ -32,6 +32,10 @@ jobs: ] runs-on: ubuntu-latest steps: + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 - uses: actions/checkout@v4 - name: config run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }} |