From: Aaron Conole <aconole@redhat.com>
To: dev@dpdk.org
Cc: Ilya Maximets <i.maximets@ovn.org>,
David Marchand <dmarchan@redhat.com>,
Michael Santana <msantana@redhat.com>
Subject: [PATCH] github: Reduce ASLR entropy to be compatible with asan in llvm 14.
Date: Tue, 12 Mar 2024 10:53:26 -0400 [thread overview]
Message-ID: <20240312145326.1377818-1-aconole@redhat.com> (raw)
GitHub recently started using newer Ubuntu 22.04 LTS container images,
versioned 20240310.1.0 which use 32-bit entropy for ASLR:
$ sudo sysctl -a | grep vm.mmap.rnd
vm.mmap_rnd_bits = 32
vm.mmap_rnd_compat_bits = 16
This breaks builds (such as the one at
https://github.com/DPDK/dpdk/actions/runs/8234334617/job/22515850325) by
causing a random segfault when ASAN is used, because older ASAN gets
confused by memory mappings and crashes.
The issue is fixed in newer releases of LLVM:
https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
https://reviews.llvm.org/D148280
But these are not available in Ubuntu 22.04 image.
This should be fixed by GitHub, but until new images are available
reducing ASLR entropy manually to 28 bits to make builds work.
Reported-at: https://github.com/actions/runner-images/issues/9491
Signed-off-by: Aaron Conole <aconole@redhat.com>
Suggested-by: Ilya Maximets <i.maximets@ovn.org>
---
.github/workflows/build.yml | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 776fbf6f30..228aad8289 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -139,6 +139,13 @@ jobs:
.ci/linux-setup.sh
# Workaround on $HOME permissions as EAL checks them for plugin loading
chmod o-w $HOME
+ - name: Reduce ASLR entropy
+ if: env.ASAN == 'true'
+ # Asan in llvm 14 provided in ubuntu-22.04 is incompatible with
+ # high-entropy ASLR configured in much newer kernels that GitHub
+ # runners are using leading to random crashes:
+ # https://github.com/actions/runner-images/issues/9491
+ run: sudo sysctl -w vm.mmap_rnd_bits=28
- name: Build and test
run: .ci/linux-build.sh
- name: Upload logs on failure
--
2.41.0
next reply other threads:[~2024-03-12 14:53 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-12 14:53 Aaron Conole [this message]
2024-03-13 12:11 ` David Marchand
[not found] <20240312114750.68295-1-i.maximets@ovn.org>
2024-03-12 13:28 ` Aaron Conole
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240312145326.1377818-1-aconole@redhat.com \
--to=aconole@redhat.com \
--cc=dev@dpdk.org \
--cc=dmarchan@redhat.com \
--cc=i.maximets@ovn.org \
--cc=msantana@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).