diff mbox series

github: Reduce ASLR entropy to be compatible with asan in llvm 14.

Message ID 20240312145326.1377818-1-aconole@redhat.com (mailing list archive)
State Accepted, archived
Delegated to: David Marchand
Headers
Series github: Reduce ASLR entropy to be compatible with asan in llvm 14. |

Checks

Context Check Description
ci/checkpatch warning coding style issues
ci/loongarch-compilation success Compilation OK
ci/loongarch-unit-testing success Unit Testing PASS
ci/Intel-compilation success Compilation OK
ci/intel-Testing success Testing PASS
ci/intel-Functional success Functional PASS
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-compile-amd64-testing success Testing PASS
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-unit-amd64-testing success Testing PASS
ci/github-robot: build success github build: passed
ci/iol-abi-testing success Testing PASS
ci/iol-unit-arm64-testing success Testing PASS
ci/iol-sample-apps-testing success Testing PASS
ci/iol-compile-arm64-testing success Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS
ci/iol-broadcom-Functional success Functional Testing PASS

Commit Message

Aaron Conole March 12, 2024, 2:53 p.m. UTC 
  GitHub recently started using newer Ubuntu 22.04 LTS container images,
versioned 20240310.1.0 which use 32-bit entropy for ASLR:

  $ sudo sysctl -a | grep vm.mmap.rnd
  vm.mmap_rnd_bits = 32
  vm.mmap_rnd_compat_bits = 16

This breaks builds (such as the one at
https://github.com/DPDK/dpdk/actions/runs/8234334617/job/22515850325) by
causing a random segfault when ASAN is used, because older ASAN gets
confused by memory mappings and crashes.

The issue is fixed in newer releases of LLVM:
  https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
  https://reviews.llvm.org/D148280

But these are not available in Ubuntu 22.04 image.

This should be fixed by GitHub, but until new images are available
reducing ASLR entropy manually to 28 bits to make builds work.

Reported-at: https://github.com/actions/runner-images/issues/9491
Signed-off-by: Aaron Conole <aconole@redhat.com>
Suggested-by: Ilya Maximets <i.maximets@ovn.org>
---
 .github/workflows/build.yml | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

David Marchand March 13, 2024, 12:11 p.m. UTC | #1 
On Tue, Mar 12, 2024 at 3:53 PM Aaron Conole <aconole@redhat.com> wrote:
>
> GitHub recently started using newer Ubuntu 22.04 LTS container images,
> versioned 20240310.1.0 which use 32-bit entropy for ASLR:
>
>   $ sudo sysctl -a | grep vm.mmap.rnd
>   vm.mmap_rnd_bits = 32
>   vm.mmap_rnd_compat_bits = 16
>
> This breaks builds (such as the one at
> https://github.com/DPDK/dpdk/actions/runs/8234334617/job/22515850325) by
> causing a random segfault when ASAN is used, because older ASAN gets
> confused by memory mappings and crashes.
>
> The issue is fixed in newer releases of LLVM:
>   https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
>   https://reviews.llvm.org/D148280
>
> But these are not available in Ubuntu 22.04 image.
>
> This should be fixed by GitHub, but until new images are available
> reducing ASLR entropy manually to 28 bits to make builds work.
>
> Reported-at: https://github.com/actions/runner-images/issues/9491
> Signed-off-by: Aaron Conole <aconole@redhat.com>
> Suggested-by: Ilya Maximets <i.maximets@ovn.org>

Thanks Aaron, I applied this workaround for now.

Heads up to subtree maintainers.
We have some false positive test failures in GHA for the past days.
Please rebase to DPDK main repository or pick this fix in your trees.


Thanks.
diff mbox series

Patch

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 776fbf6f30..228aad8289 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -139,6 +139,13 @@  jobs:
         .ci/linux-setup.sh
         # Workaround on $HOME permissions as EAL checks them for plugin loading
         chmod o-w $HOME
+    - name: Reduce ASLR entropy
+      if: env.ASAN == 'true'
+      # Asan in llvm 14 provided in ubuntu-22.04 is incompatible with
+      # high-entropy ASLR configured in much newer kernels that GitHub
+      # runners are using leading to random crashes:
+      #   https://github.com/actions/runner-images/issues/9491
+      run: sudo sysctl -w vm.mmap_rnd_bits=28
     - name: Build and test
       run: .ci/linux-build.sh
     - name: Upload logs on failure