diff mbox series

mem: allow using ASan in multi-process mode

Message ID	20231004142308.15395-1-artur.paszkiewicz@intel.com (mailing list archive)
State	Superseded, archived
Delegated to:	Thomas Monjalon
Headers	From: Artur Paszkiewicz <artur.paszkiewicz@intel.com> To: anatoly.burakov@intel.com Cc: dev@dpdk.org, Artur Paszkiewicz <artur.paszkiewicz@intel.com> Subject: [PATCH] mem: allow using ASan in multi-process mode Date: Wed, 4 Oct 2023 16:23:08 +0200 Message-Id: <20231004142308.15395-1-artur.paszkiewicz@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: dev-bounces@dpdk.org
Series	mem: allow using ASan in multi-process mode \| mem: allow using ASan in multi-process mode

Checks

Context	Check	Description
ci/checkpatch	warning	coding style issues
ci/loongarch-compilation	success	Compilation OK
ci/loongarch-unit-testing	success	Unit Testing PASS
ci/github-robot: build	success	github build: passed
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/iol-broadcom-Performance	success	Performance Testing PASS
ci/iol-compile-amd64-testing	success	Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-broadcom-Functional	success	Functional Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS
ci/iol-unit-arm64-testing	success	Testing PASS
ci/iol-unit-amd64-testing	success	Testing PASS
ci/iol-compile-arm64-testing	success	Testing PASS
ci/iol-sample-apps-testing	success	Testing PASS
ci/Intel-compilation	success	Compilation OK
ci/intel-Testing	success	Testing PASS
ci/intel-Functional	success	Functional PASS

Commit Message

Artur Paszkiewicz Oct. 4, 2023, 2:23 p.m. UTC

  Multi-process applications operate on shared hugepage memory but each
process has its own ASan shadow region which is not synchronized with
the other processes. This causes issues when different processes try to
use the same memory because they have their own view of which addresses
are valid.

Fix it by mapping the shadow regions for memseg lists as shared memory.
The primary process is responsible for creating and removing the shared
memory objects.

Disable ASan instrumentation for triggering the page fault in
alloc_seg() because if the segment is already allocated by another
process and is marked as free in the shadow, accessing this address will
cause an ASan error.

Signed-off-by: Artur Paszkiewicz <artur.paszkiewicz@intel.com>
---
 lib/eal/common/eal_common_memory.c | 10 ++++
 lib/eal/common/eal_private.h       | 22 ++++++++
 lib/eal/linux/eal_memalloc.c       |  9 +++-
 lib/eal/linux/eal_memory.c         | 87 ++++++++++++++++++++++++++++++
 lib/eal/linux/meson.build          |  4 ++
 5 files changed, 131 insertions(+), 1 deletion(-)

Comments

David Marchand Oct. 4, 2023, 2:51 p.m. UTC | #1

On Wed, Oct 4, 2023 at 4:23 PM Artur Paszkiewicz
<artur.paszkiewicz@intel.com> wrote:
>
> Multi-process applications operate on shared hugepage memory but each
> process has its own ASan shadow region which is not synchronized with
> the other processes. This causes issues when different processes try to
> use the same memory because they have their own view of which addresses
> are valid.
>
> Fix it by mapping the shadow regions for memseg lists as shared memory.
> The primary process is responsible for creating and removing the shared
> memory objects.
>
> Disable ASan instrumentation for triggering the page fault in
> alloc_seg() because if the segment is already allocated by another
> process and is marked as free in the shadow, accessing this address will
> cause an ASan error.
>
> Signed-off-by: Artur Paszkiewicz <artur.paszkiewicz@intel.com>

Interesting patch.

I have a few questions:
- did you test with --in-memory mode? with --no-huge?
- I did not look at the patch, but I wonder if there is a risk some
"local" ASan region (for the process heap, for example) can overlap
with some "shared" ASan region (for shared DPDK hugepages).
- with this work, would unit tests (that were marked failing with
ASan) be ok now? See REGISTER_FAST_TEST macro in app/test.

Thanks for working on this topic.

Artur Paszkiewicz Oct. 9, 2023, 11:05 a.m. UTC | #2

On 10/4/23 16:51, David Marchand wrote:
> - did you test with --in-memory mode? with --no-huge?

Please see v2 of the patch. I added checks for these options. They imply
no multi-process support so mapping is skipped for those cases.

> - I did not look at the patch, but I wonder if there is a risk some
> "local" ASan region (for the process heap, for example) can overlap
> with some "shared" ASan region (for shared DPDK hugepages).

I don't think it's possible unless the actual memory regions overlap.
The ASan shadow region is always at a fixed offset from the memory it
shadows. Also, this patch only makes the shadow regions shared, ASan
instrumentation already uses these regions.

> - with this work, would unit tests (that were marked failing with
> ASan) be ok now? See REGISTER_FAST_TEST macro in app/test.

I tried enabling these tests and some of them started passing with this
patch, namely:
- multiprocess_autotest
- eal_flags_c_opt_autotest
- eal_flags_main_opt_autotest
- eal_flags_a_opt_autotest

eal_flags_file_prefix_autotest still fails. The rest seem to be passing
even without the patch.

Regards,
Artur

diff mbox series

Patch

diff --git a/lib/eal/common/eal_common_memory.c b/lib/eal/common/eal_common_memory.c
index d9433db623..2c15d5fc90 100644
--- a/lib/eal/common/eal_common_memory.c
+++ b/lib/eal/common/eal_common_memory.c
@@ -263,6 +263,12 @@  eal_memseg_list_alloc(struct rte_memseg_list *msl, int reserve_flags)
 	RTE_LOG(DEBUG, EAL, "VA reserved for memseg list at %p, size %zx\n",
 			addr, mem_sz);
 
+#ifdef RTE_MALLOC_ASAN
+	if (eal_memseg_list_map_asan_shadow(msl) != 0) {
+		RTE_LOG(ERR, EAL, "Failed to map ASan shadow region for memseg list");
+		return -1;
+	}
+#endif
 	return 0;
 }
 
@@ -1050,6 +1056,10 @@  rte_eal_memory_detach(void)
 				RTE_LOG(ERR, EAL, "Could not unmap memory: %s\n",
 						rte_strerror(rte_errno));
 
+#ifdef RTE_MALLOC_ASAN
+		eal_memseg_list_unmap_asan_shadow(msl);
+#endif
+
 		/*
 		 * we are detaching the fbarray rather than destroying because
 		 * other processes might still reference this fbarray, and we
diff --git a/lib/eal/common/eal_private.h b/lib/eal/common/eal_private.h
index 5eadba4902..48df338cf9 100644
--- a/lib/eal/common/eal_private.h
+++ b/lib/eal/common/eal_private.h
@@ -300,6 +300,28 @@  eal_memseg_list_alloc(struct rte_memseg_list *msl, int reserve_flags);
 void
 eal_memseg_list_populate(struct rte_memseg_list *msl, void *addr, int n_segs);
 
+#ifdef RTE_MALLOC_ASAN
+/**
+ * Map shared memory for MSL ASan shadow region.
+ *
+ * @param msl
+ *  Memory segment list.
+ * @return
+ *  0 on success, (-1) on failure.
+ */
+int
+eal_memseg_list_map_asan_shadow(struct rte_memseg_list *msl);
+
+/**
+ * Unmap the MSL ASan shadow region.
+ *
+ * @param msl
+ *  Memory segment list.
+ */
+void
+eal_memseg_list_unmap_asan_shadow(struct rte_memseg_list *msl);
+#endif
+
 /**
  * Distribute available memory between MSLs.
  *
diff --git a/lib/eal/linux/eal_memalloc.c b/lib/eal/linux/eal_memalloc.c
index f8b1588cae..5212ae6b56 100644
--- a/lib/eal/linux/eal_memalloc.c
+++ b/lib/eal/linux/eal_memalloc.c
@@ -511,6 +511,13 @@  resize_hugefile(int fd, uint64_t fa_offset, uint64_t page_sz, bool grow,
 			grow, dirty);
 }
 
+__rte_no_asan
+static inline void
+page_fault(void *addr)
+{
+	*(volatile int *)addr = *(volatile int *)addr;
+}
+
 static int
 alloc_seg(struct rte_memseg *ms, void *addr, int socket_id,
 		struct hugepage_info *hi, unsigned int list_idx,
@@ -641,7 +648,7 @@  alloc_seg(struct rte_memseg *ms, void *addr, int socket_id,
 	 * that is already there, so read the old value, and write itback.
 	 * kernel populates the page with zeroes initially.
 	 */
-	*(volatile int *)addr = *(volatile int *)addr;
+	page_fault(addr);
 
 	iova = rte_mem_virt2iova(addr);
 	if (iova == RTE_BAD_PHYS_ADDR) {
diff --git a/lib/eal/linux/eal_memory.c b/lib/eal/linux/eal_memory.c
index 9b6f08fba8..aabc5a68b3 100644
--- a/lib/eal/linux/eal_memory.c
+++ b/lib/eal/linux/eal_memory.c
@@ -41,6 +41,7 @@ 
 #include "eal_filesystem.h"
 #include "eal_hugepages.h"
 #include "eal_options.h"
+#include "malloc_elem.h"
 
 #define PFN_MASK_SIZE	8
 
@@ -1956,3 +1957,89 @@  rte_eal_memseg_init(void)
 #endif
 			memseg_secondary_init();
 }
+
+#ifdef RTE_MALLOC_ASAN
+int
+eal_memseg_list_map_asan_shadow(struct rte_memseg_list *msl)
+{
+	const struct internal_config *internal_conf =
+			eal_get_internal_configuration();
+	void *addr = msl->base_va;
+	void *shadow_addr = ASAN_MEM_TO_SHADOW(addr);
+	size_t shadow_sz = msl->len >> ASAN_SHADOW_SCALE;
+	int shm_oflag = O_RDWR;
+	char shm_path[PATH_MAX];
+	int shm_fd;
+	int ret = 0;
+
+	if (!msl->heap)
+		return 0;
+
+	snprintf(shm_path, sizeof(shm_path), "/%s_%s_shadow",
+		eal_get_hugefile_prefix(), msl->memseg_arr.name);
+
+	if (internal_conf->process_type == RTE_PROC_PRIMARY)
+		shm_oflag |= O_CREAT | O_TRUNC;
+
+	shm_fd = shm_open(shm_path, shm_oflag, 0600);
+	if (shm_fd == -1) {
+		RTE_LOG(DEBUG, EAL, "shadow shm_open() failed: %s\n",
+			strerror(errno));
+		return -1;
+	}
+
+	if (internal_conf->process_type == RTE_PROC_PRIMARY) {
+		ret = ftruncate(shm_fd, shadow_sz);
+		if (ret == -1) {
+			RTE_LOG(DEBUG, EAL, "shadow ftruncate() failed: %s\n",
+				strerror(errno));
+			goto out;
+		}
+	}
+
+	addr = mmap(shadow_addr, shadow_sz, PROT_READ | PROT_WRITE,
+		    MAP_SHARED | MAP_FIXED, shm_fd, 0);
+	if (addr == MAP_FAILED) {
+		RTE_LOG(DEBUG, EAL, "shadow mmap() failed: %s\n",
+			strerror(errno));
+		goto out;
+	}
+
+	if (addr != shadow_addr) {
+		RTE_LOG(DEBUG, EAL, "wrong shadow mmap() address\n");
+		munmap(addr, shadow_sz);
+		ret = -1;
+	}
+out:
+	close(shm_fd);
+	if (ret != 0) {
+		if (internal_conf->process_type == RTE_PROC_PRIMARY)
+			shm_unlink(shm_path);
+	}
+
+	return ret;
+}
+
+void
+eal_memseg_list_unmap_asan_shadow(struct rte_memseg_list *msl)
+{
+	const struct internal_config *internal_conf =
+			eal_get_internal_configuration();
+
+	if (!msl->heap)
+		return;
+
+	if (munmap(ASAN_MEM_TO_SHADOW(msl->base_va),
+		   msl->len >> ASAN_SHADOW_SCALE) != 0)
+		RTE_LOG(ERR, EAL, "Could not unmap asan shadow memory: %s\n",
+			strerror(errno));
+	if (internal_conf->process_type == RTE_PROC_PRIMARY) {
+		char shm_path[PATH_MAX];
+
+		snprintf(shm_path, sizeof(shm_path), "/%s_%s_shadow",
+			 eal_get_hugefile_prefix(),
+			 msl->memseg_arr.name);
+		shm_unlink(shm_path);
+	}
+}
+#endif
diff --git a/lib/eal/linux/meson.build b/lib/eal/linux/meson.build
index e99ebed256..1e8a48c8d3 100644
--- a/lib/eal/linux/meson.build
+++ b/lib/eal/linux/meson.build
@@ -23,3 +23,7 @@  deps += ['kvargs', 'telemetry']
 if has_libnuma
     dpdk_conf.set10('RTE_EAL_NUMA_AWARE_HUGEPAGES', true)
 endif
+
+if dpdk_conf.has('RTE_MALLOC_ASAN')
+    ext_deps += cc.find_library('rt')
+endif