From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 24AFD53B5E9; Fri, 1 Sep 2023 16:03:33 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 24AFD53B5E9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1693573413; bh=UzJkWFBe8o8Dt4+N+b/NSf5Tkn8KbTPwT93cYh5HDpc=; h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=fWPOw1LO8PUNoDB81/qQnochDqUXRsnaUslRp4eqDguDZCuT8h/EeQJZUcM/BIigu W9kBEdc0mPmzRDAgfAde92NZfA+neSclGlFfuyTQfyAHnTEvpuqySWKKE0bsiHLBXu bAvxeSSO6zjbeSNqlKvtrBUAJT+D0BgXvHvqgqgk= Received: from smtp35.i.mail.ru (smtp35.i.mail.ru [95.163.41.76]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 46C4D53915E for ; Fri, 1 Sep 2023 16:03:32 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 46C4D53915E Received: by smtp35.i.mail.ru with esmtpa (envelope-from ) id 1qc3oB-00BmIa-0d; Fri, 01 Sep 2023 16:03:31 +0300 To: Maxim Kokryashkin , Sergey Kaplun Date: Fri, 1 Sep 2023 12:46:00 +0000 Message-Id: X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Mailru-Src: smtp X-7564579A: 78E4E2B564C1792B X-77F55803: 4F1203BC0FB41BD96E142CFC92DB15CDE87830E258C493C61F3CEBBE49E3D68C182A05F53808504048E54AA55192E2B7A6D4D9629FB4C4571C4B68AFED07CB24F63E073A63B5EC04 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE765EC468FF5F3030AEA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637EA9DEEAA3ECF8E948638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D8D9232E1DEBD777D73415A46FBD512D84117882F4460429724CE54428C33FAD305F5C1EE8F4F765FC1D8F55CB9E08B94CA471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F4460429728776938767073520B1593CA6EC85F86D2CC0D3CB04F14752D2E47CDBA5A96583BA9C0B312567BB2376E601842F6C81A19E625A9149C048EE4B6963042765DA4B1421F57CABF51D54D8FC6C240DEA76429C9F4D5AE37F343AA9539A8B242431040A6AB1C7CE11FEE30085B890FD2717DAC0837EA9F3D19764C4224003CC836476E2F48590F00D11D6E2021AF6380DFAD1A18204E546F3947CB11811A4A51E3B096D1867E19FE1407959CC434672EE6371089D37D7C0E48F6C8AA50765F79006371F24DFF1B2961425731C566533BA786AA5CC5B56E945C8DA X-C1DE0DAB: 0D63561A33F958A585206D9D6DE565739A24B4D2353662E5889A7EA54F62AB37F87CCE6106E1FC07E67D4AC08A07B9B065B78C30F681404D9C5DF10A05D560A950611B66E3DA6D700B0A020F03D25A0997E3FB2386030E77 X-C8649E89: 1C3962B70DF3F0ADE00A9FD3E00BEEDF77DD89D51EBB7742D3581295AF09D3DF87807E0823442EA2ED31085941D9CD0AF7F820E7B07EA4CF1FB2C29FC922C2456975BAA535436F4FBC745C83BD1831E1EA2EC9E40D76415AECCBE4C437D6579CCB50FCC00789692ACAC0AAA0E9B96603502680B34F9651C6A74DFFEFA5DC0E7F02C26D483E81D6BEECAEF3E2CCC1ED8C383653B6C8D9AE0FD16FCAA6493B703A X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojbL9S8ysBdXgdiPqB+IEtfrSrfX2KADCg X-Mailru-Sender: 2FEBA92C8E508479FE7B9A1DF348D5316D761DC970BA06A4FCF011C3DC81983671F13636F5FFAC8E2326FE6F2A341ACE0FB9F97486540B4CD9E8847AB8CFED4D9ABF8A61C016C2CFB0DAF586E7D11B3E67EA787935ED9F1B X-Mras: Ok Subject: [Tarantool-patches] [PATCH luajit] Always exit after machine code page protection change fails. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Igor Munkin via Tarantool-patches Reply-To: Igor Munkin Cc: tarantool-patches@dev.tarantool.org Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" From: Mike Pall Reported by Sergey Kaplun. (cherry picked from commit c50232eb320d56d526ba5e6cb5bda8cf5a848a55) Unfortunately, call had been missing for a long time for the case when fails within . Though the patch per se is quite trivial, the test is not at all. It exploits the fact, that is used only for protecting area for mcode or callback function pointers. Hence, if the test doesn't use FFI at all, it is guaranteed that the only called in LuaJIT runtime locates in (that is not true for Tarantool, so the test is disabled for integration testing routine). Furthermore, overloading on macOS occurs to be not an easy ride either, so running the test on macOS is disabled, since this is the common part for all platforms and everything can be checked on Linux in a much more easier way. Igor Munkin: * added the description and the test for the problem Part of tarantool/tarantool#8825 Signed-off-by: Igor Munkin --- Branch: https://github.com/tarantool/luajit/tree/imun/lj-802-panic-at-mcode-protfail Tarantool PR: https://github.com/tarantool/tarantool/pull/9077 Related issues: * https://github.com/tarantool/tarantool/issues/8825 * https://github.com/LuaJIT/LuaJIT/issues/802 Regarding the macOS and overriding: I tried several flags to make this crap work, but I've finally failed to override via the alternative dylib. I add the related changes right below, so anyone curious can try my approach. ================================================================================ diff --git a/test/tarantool-tests/lj-802-panic-at-mcode-protfail.test.lua b/test/tarantool-tests/lj-802-panic-at-mcode-protfail.test.lua index 83a9ae2e..3f28e420 100644 --- a/test/tarantool-tests/lj-802-panic-at-mcode-protfail.test.lua +++ b/test/tarantool-tests/lj-802-panic-at-mcode-protfail.test.lua @@ -24,7 +24,11 @@ test:plan(3) -- runs %testname%/script.lua by -- with the given environment, launch options and CLI arguments. local script = require('utils').exec.makecmd(arg, { - env = { LD_PRELOAD = 'mymprotect.so' }, + env = { + DYLD_LIBRARY_PATH = os.getenv('DYLD_LIBRARY_PATH'), + DYLD_INSERT_LIBRARIES = 'mymprotect.dylib', + LD_PRELOAD = 'mymprotect.so', + }, redirect = '2>&1', }) ================================================================================ This link[1] claims, that there is no way to override syscalls this way on macOS, but I've even failed to override or rather . DYLD_FORCE_FLATE_NAMESPACE didn't change the result, all DYLD_* debugging envvars yield some info, that looks like a gibberish to me (comparing to LD_DEBUG=1). I'm giving up (at least for now), but I'm open to discuss if someone is interested in debugging this. [1]: https://stackoverflow.com/questions/929893/how-can-i-override-malloc-calloc-free-etc-under-os-x src/lj_mcode.c | 3 +- test/tarantool-tests/CMakeLists.txt | 1 + .../lj-802-panic-at-mcode-protfail.test.lua | 41 +++++++++++++++++++ .../CMakeLists.txt | 1 + .../mymprotect.c | 6 +++ .../lj-802-panic-at-mcode-protfail/script.lua | 12 ++++++ 6 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 test/tarantool-tests/lj-802-panic-at-mcode-protfail.test.lua create mode 100644 test/tarantool-tests/lj-802-panic-at-mcode-protfail/CMakeLists.txt create mode 100644 test/tarantool-tests/lj-802-panic-at-mcode-protfail/mymprotect.c create mode 100644 test/tarantool-tests/lj-802-panic-at-mcode-protfail/script.lua diff --git a/src/lj_mcode.c b/src/lj_mcode.c index 808a9897..a88d16bd 100644 --- a/src/lj_mcode.c +++ b/src/lj_mcode.c @@ -180,7 +180,7 @@ static void mcode_protect(jit_State *J, int prot) #define MCPROT_RUN MCPROT_RX /* Protection twiddling failed. Probably due to kernel security. */ -static LJ_NOINLINE void mcode_protfail(jit_State *J) +static LJ_NORET LJ_NOINLINE void mcode_protfail(jit_State *J) { lua_CFunction panic = J2G(J)->panic; if (panic) { @@ -188,6 +188,7 @@ static LJ_NOINLINE void mcode_protfail(jit_State *J) setstrV(L, L->top++, lj_err_str(L, LJ_ERR_JITPROT)); panic(L); } + exit(EXIT_FAILURE); } /* Change protection of MCode area. */ diff --git a/test/tarantool-tests/CMakeLists.txt b/test/tarantool-tests/CMakeLists.txt index 6218f76a..64c0319b 100644 --- a/test/tarantool-tests/CMakeLists.txt +++ b/test/tarantool-tests/CMakeLists.txt @@ -65,6 +65,7 @@ add_subdirectory(gh-6189-cur_L) add_subdirectory(lj-416-xor-before-jcc) add_subdirectory(lj-601-fix-gc-finderrfunc) add_subdirectory(lj-727-lightuserdata-itern) +add_subdirectory(lj-802-panic-at-mcode-protfail) add_subdirectory(lj-flush-on-trace) # The part of the memory profiler toolchain is located in tools diff --git a/test/tarantool-tests/lj-802-panic-at-mcode-protfail.test.lua b/test/tarantool-tests/lj-802-panic-at-mcode-protfail.test.lua new file mode 100644 index 00000000..83a9ae2e --- /dev/null +++ b/test/tarantool-tests/lj-802-panic-at-mcode-protfail.test.lua @@ -0,0 +1,41 @@ +local tap = require('tap') +local test = tap.test('lj-flush-on-trace'):skipcond({ + ['Test requires JIT enabled'] = not jit.status(), + ['Disabled on *BSD due to #4819'] = jit.os == 'BSD', + -- XXX: This test has to check the particular patch for + -- and is overloaded for this + -- purpose. However, is used widely in Tarantool + -- to play with fiber stacks, so overriding is not + -- suitable to test this feature in Tarantool. + -- luacheck: no global + [' overriding can break Tarantool'] = _TARANTOOL, + -- XXX: Unfortunately, it's too hard to overload (or even + -- impossible, who knows, since Cupertino fellows do not + -- provide any information about their system) something from + -- libsystem_kernel.dylib (the library providing ). + -- All in all, this test checks the part, that is common for all + -- platforms, so it's not vital to run this test on macOS, since + -- everything can be checked on Linux in a much more easier way. + [' cannot be overridden on macOS'] = jit.os == 'OSX', +}) + +test:plan(3) + +-- runs %testname%/script.lua by +-- with the given environment, launch options and CLI arguments. +local script = require('utils').exec.makecmd(arg, { + env = { LD_PRELOAD = 'mymprotect.so' }, + redirect = '2>&1', +}) + +-- See the rationale for this poison hack in the script.lua. +local poison = '"runtime code generation succeed"' +local output = script(poison) +test:like(output, 'runtime code generation failed, restricted kernel%?', + 'Panic occurred as a result of failure') +test:unlike(output, 'Segmentation fault', + 'LuaJIT exited as a result of the panic (error check)') +test:unlike(output, poison, + 'LuaJIT exited as a result of the panic (poison check)') + +test:done(true) diff --git a/test/tarantool-tests/lj-802-panic-at-mcode-protfail/CMakeLists.txt b/test/tarantool-tests/lj-802-panic-at-mcode-protfail/CMakeLists.txt new file mode 100644 index 00000000..25520a1a --- /dev/null +++ b/test/tarantool-tests/lj-802-panic-at-mcode-protfail/CMakeLists.txt @@ -0,0 +1 @@ +BuildTestCLib(mymprotect mymprotect.c) diff --git a/test/tarantool-tests/lj-802-panic-at-mcode-protfail/mymprotect.c b/test/tarantool-tests/lj-802-panic-at-mcode-protfail/mymprotect.c new file mode 100644 index 00000000..65763b1b --- /dev/null +++ b/test/tarantool-tests/lj-802-panic-at-mcode-protfail/mymprotect.c @@ -0,0 +1,6 @@ +#include + +int mprotect(void *addr, size_t len, int prot) +{ + return -1; +} diff --git a/test/tarantool-tests/lj-802-panic-at-mcode-protfail/script.lua b/test/tarantool-tests/lj-802-panic-at-mcode-protfail/script.lua new file mode 100644 index 00000000..661099fa --- /dev/null +++ b/test/tarantool-tests/lj-802-panic-at-mcode-protfail/script.lua @@ -0,0 +1,12 @@ +jit.opt.start('hotloop=1') + +-- Run a simple loop that triggers on trace assembling. +local a = 0 +for i = 1, 3 do + a = a + i +end + +-- XXX: Just a simple contract output in case neither panic at +-- , nor crash occurs (see for LUAJIT_UNPROTECT_MCODE in +-- lj_mcode.c for more info). +io.write(arg[1]) -- 2.30.2