diff options
author | Kostya Serebryany <kcc@google.com> | 2017-05-15 23:37:54 +0000 |
---|---|---|
committer | Kostya Serebryany <kcc@google.com> | 2017-05-15 23:37:54 +0000 |
commit | 17a5de7a0d190454d00e7d093a60c679598f5f2e (patch) | |
tree | 69931464b9b66cb6d120ffec265d3556b46a4918 | |
parent | 0bbb5570008543a77479f2944189a8b508dbe16f (diff) |
[asan] make asan under sandboxes more robust
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@303132 91177308-0d34-0410-b5e6-96231b3b80d8
-rw-r--r-- | lib/sanitizer_common/sanitizer_procmaps_linux.cc | 4 | ||||
-rw-r--r-- | test/asan/TestCases/Linux/sanbox_read_proc_self_maps_test.cc | 30 |
2 files changed, 32 insertions, 2 deletions
diff --git a/lib/sanitizer_common/sanitizer_procmaps_linux.cc b/lib/sanitizer_common/sanitizer_procmaps_linux.cc index fdf85b77a..7e4a44be9 100644 --- a/lib/sanitizer_common/sanitizer_procmaps_linux.cc +++ b/lib/sanitizer_common/sanitizer_procmaps_linux.cc @@ -18,8 +18,8 @@ namespace __sanitizer { void ReadProcMaps(ProcSelfMapsBuff *proc_maps) { - CHECK(ReadFileToBuffer("/proc/self/maps", &proc_maps->data, - &proc_maps->mmaped_size, &proc_maps->len)); + ReadFileToBuffer("/proc/self/maps", &proc_maps->data, &proc_maps->mmaped_size, + &proc_maps->len); } static bool IsOneOf(char c, char c1, char c2) { diff --git a/test/asan/TestCases/Linux/sanbox_read_proc_self_maps_test.cc b/test/asan/TestCases/Linux/sanbox_read_proc_self_maps_test.cc new file mode 100644 index 000000000..a845721d5 --- /dev/null +++ b/test/asan/TestCases/Linux/sanbox_read_proc_self_maps_test.cc @@ -0,0 +1,30 @@ +// REQUIRES: x86_64-target-arch +// RUN: %clangxx_asan %s -o %t +// RUN: not %run %t 2>&1 | FileCheck %s +#include <sanitizer/common_interface_defs.h> +#include <sched.h> +#include <unistd.h> +#include <stdio.h> +#include <stdlib.h> + +int main() { + __sanitizer_sandbox_arguments args = {0}; + // should cache /proc/self/maps + __sanitizer_sandbox_on_notify(&args); + + if (unshare(CLONE_NEWUSER)) { + printf("unshare failed\n"); + abort(); + } + + // remove access to /proc/self/maps + if (chroot("/tmp")) { + printf("chroot failed\n"); + abort(); + } + + *(volatile int*)0x42 = 0; +// CHECK: AddressSanitizer: SEGV on unknown address 0x000000000042 +// CHECK-NOT: AddressSanitizer CHECK failed +// CHECK: SUMMARY: AddressSanitizer: SEGV +} |