Closed Bug 1481638 Opened Last year Closed Last year

MOZ_CARGO_WRAP_LDFLAGS should filter out CFI santization

Categories

(Firefox Build System :: General, enhancement)

enhancement
Not set

Tracking

(firefox63 fixed)

RESOLVED FIXED
mozilla63
Tracking Status
firefox63 --- fixed

People

(Reporter: tjr, Assigned: tjr)

References

(Blocks 2 open bugs)

Details

Attachments

(1 file)

Not doing so results in passing these options to cargo and that causes errors.
Specifically you get segfaults on the build-script-build that look like this:

>#0  0x00007ffff72c00ed in __GI___get_nprocs () at ../sysdeps/unix/sysv/linux/getsysstats.c:178
>#1  0x00007ffff7287d20 in posix_sysconf (name=84) at ../sysdeps/posix/sysconf.c:631
>#2  linux_sysconf (name=84) at ../sysdeps/unix/sysv/linux/x86/../sysconf.c:140
>#3  __GI___sysconf (name=84) at ../sysdeps/unix/sysv/linux/x86/sysconf.c:36
>#4  0x00005555555bcf45 in malloc_ncpus () at /checkout/src/liballoc_jemalloc/../jemalloc/src/jemalloc.c:831
>#5  malloc_init_hard_recursible () at /checkout/src/liballoc_jemalloc/../jemalloc/src/jemalloc.c:1418
>#6  malloc_init_hard () at /checkout/src/liballoc_jemalloc/../jemalloc/src/jemalloc.c:1503
>#7  malloc_init () at /checkout/src/liballoc_jemalloc/../jemalloc/src/jemalloc.c:317
>#8  ialloc_body (zero=255, slow_path=255, size=<optimized out>, tsdn=<optimized out>, usize=<optimized out>) at /checkout/src/liballoc_jemalloc/../jemalloc/src/jemalloc.c:1583
>#9  calloc (num=<optimized out>, num@entry=1, size=<optimized out>, size@entry=32) at /checkout/src/liballoc_jemalloc/../jemalloc/src/jemalloc.c:1824
>#10 0x00007ffff79b37e5 in _dlerror_run (operate=operate@entry=0x7ffff79b30d0 <dlsym_doit>, args=args@entry=0x7fffffffe710) at dlerror.c:140
>#11 0x00007ffff79b3166 in __dlsym (handle=<optimized out>, name=0x555555561287 "signal") at dlsym.c:70
>#12 0x000055555559dcc3 in __interception::GetRealFunctionAddress(char const*, unsigned long*, unsigned long, unsigned long) ()
>    at /home/tom/Documents/moz/mozilla-unified-cfi/build/build-clang/build-clang-339310/src/llvm/projects/compiler-rt/lib/interception/interception_linux.cc:33
>#13 0x000055555559dbf4 in InitializeSignalInterceptors ()
>    at /home/tom/Documents/moz/mozilla-unified-cfi/build/build-clang/build-clang-339310/src/llvm/projects/compiler-rt/lib/ubsan/../sanitizer_common/sanitizer_signal_interceptors.inc:85
>#14 InitializeDeadlySignals ()
>    at /home/tom/Documents/moz/mozilla-unified-cfi/build/build-clang/build-clang-339310/src/llvm/projects/compiler-rt/lib/ubsan/ubsan_signals_standalone.cc:60
>#15 0x00007ffff7de5806 in _dl_init (main_map=0x7ffff7ffe170, argc=1, argv=0x7fffffffe7f8, env=0x7fffffffe808) at dl-init.c:104
>#16 0x00007ffff7dd60ca in _dl_start_user () from /lib64/ld-linux-x86-64.so.2
This may only happen locally, which implies it might be something about rust's optimization level?

I believe that filtering out cfi at this point only affects cfi sanitization of build-tool code though, so we're not losing any security.
MozReview-Commit-ID: C85uJBNugiY
Comment on attachment 8998960 [details]
Bug 1481638 Do not pass CFI sanitization flags to MOZ_CARGO_WRAP_LDFLAGS r=ted

Ted Mielczarek [:ted] [:ted.mielczarek] has approved the revision.
Attachment #8998960 - Flags: review+
Keywords: checkin-needed
Blocks: 1483296
Pushed by nerli@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3208575a228a
Do not pass CFI sanitization flags to MOZ_CARGO_WRAP_LDFLAGS r=ted
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/3208575a228a
Status: NEW → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to log in before you can comment on or make changes to this bug.