[GWP-ASan] Provide runtime configuration through an env var + sysprop.
This patch introduces GWP-ASan system properties and environment
variables to control the internal sampling rates of GWP-ASan. This can
be used for:
1. "Torture testing" the system, i.e. running it under an extremely
high sampling rate under GWP-ASan.
2. Increasing sampling remotely to allow further crash report
collection of rare issues.
There are three sets of system properites:
1. libc.debug.gwp_asan.*.system_default: Default values for native
executables and system apps.
2. libc.debug.gwp_asan.*.app_default: Default values for non-system
apps, and
3. libc.debug.gwp_asan.*.<basename/app_name>: Default values for an
individual app or native process.
There are three variables that can be changed:
1. The allocation sampling rate (default: 2500) - using the environment
variable GWP_ASAN_SAMPLE_RATE or the libc.debug.gwp_asan.sample_rate.*
system property.
2. The process sampling rate (default: 128 for system apps/processes, 1
for opted-in apps) - using the environment variable
GWP_ASAN_PROCESS_SAMPLING or the libc.debug.gwp_asan.process_sampling.*
system property,
3. The number of slots available (default: 32) - using the environment
variable GWP_ASAN_MAX_ALLOCS or the libc.debug.gwp_asan.max_allocs.*
system property.
If not specified, #3 will be calculated as a ratio of the default
|2500 SampleRate : 32 slots|. So, a sample rate of "1250" (i.e. twice as
frequent sampling) will result in a doubling of the max_allocs to "64".
Bug: 219651032
Test: atest bionic-unit-tests
Change-Id: Idb40a2a4d074e01ce3c4e635ad639a91a32d570f
diff --git a/tests/Android.bp b/tests/Android.bp
index 3061142..ee49e65 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -62,7 +62,10 @@
// For glibc.
"-D__STDC_LIMIT_MACROS",
],
- header_libs: ["libcutils_headers"],
+ header_libs: [
+ "libcutils_headers",
+ "gwp_asan_headers"
+ ],
// Ensure that the tests exercise shadow call stack support and
// the hint space PAC/BTI instructions.
arch: {
@@ -571,6 +574,18 @@
],
}
+cc_test_library {
+ name: "libBionicGwpAsanTests",
+ defaults: ["bionic_tests_defaults"],
+ srcs: [
+ "gwp_asan_test.cpp",
+ ],
+ include_dirs: [
+ "bionic/libc",
+ ],
+ static_libs: ["libbase"],
+}
+
// -----------------------------------------------------------------------------
// Fortify tests.
// -----------------------------------------------------------------------------
@@ -735,6 +750,7 @@
"libBionicStandardTests",
"libBionicElfTlsTests",
"libBionicFramePointerTests",
+ "libBionicGwpAsanTests",
"libfortify1-tests-clang",
"libfortify1-new-tests-clang",
"libfortify2-tests-clang",
diff --git a/tests/gwp_asan_test.cpp b/tests/gwp_asan_test.cpp
new file mode 100644
index 0000000..b442f51
--- /dev/null
+++ b/tests/gwp_asan_test.cpp
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <gtest/gtest.h>
+#include <stdio.h>
+#include <string>
+
+#if defined(__BIONIC__)
+
+#include "gwp_asan/options.h"
+#include "platform/bionic/malloc.h"
+#include "utils.h"
+
+void RunGwpAsanTest(const char* test_name) {
+ ExecTestHelper eh;
+ eh.SetEnv({"GWP_ASAN_SAMPLE_RATE=1", "GWP_ASAN_PROCESS_SAMPLING=1", "GWP_ASAN_MAX_ALLOCS=40000",
+ nullptr});
+ std::string filter_arg = "--gtest_filter=";
+ filter_arg += test_name;
+ std::string exec(testing::internal::GetArgvs()[0]);
+ eh.SetArgs({exec.c_str(), "--gtest_also_run_disabled_tests", filter_arg.c_str()});
+ eh.Run([&]() { execve(exec.c_str(), eh.GetArgs(), eh.GetEnv()); },
+ /* expected_exit_status */ 0,
+ // |expected_output_regex|, ensure at least one test ran:
+ R"(\[ PASSED \] [1-9]+0? test)");
+}
+
+// This file implements "torture testing" under GWP-ASan, where we sample every
+// single allocation. The upper limit for the number of GWP-ASan allocations in
+// the torture mode is is generally 40,000, so that svelte devices don't
+// explode, as this uses ~163MiB RAM (4KiB per live allocation).
+TEST(gwp_asan_integration, malloc_tests_under_torture) {
+ RunGwpAsanTest("malloc.*:-malloc.mallinfo*");
+}
+
+#endif // defined(__BIONIC__)
diff --git a/tests/malloc_test.cpp b/tests/malloc_test.cpp
index f157ec4..8b8c90a 100644
--- a/tests/malloc_test.cpp
+++ b/tests/malloc_test.cpp
@@ -1010,18 +1010,6 @@
AlignCheck();
}
-// Force GWP-ASan on and verify all alignment checks still pass.
-TEST(malloc, align_check_gwp_asan) {
-#if defined(__BIONIC__)
- bool force_init = true;
- ASSERT_TRUE(android_mallopt(M_INITIALIZE_GWP_ASAN, &force_init, sizeof(force_init)));
-
- AlignCheck();
-#else
- GTEST_SKIP() << "bionic-only test";
-#endif
-}
-
// Jemalloc doesn't pass this test right now, so leave it as disabled.
TEST(malloc, DISABLED_alloc_after_fork) {
// Both of these need to be a power of 2.
@@ -1371,17 +1359,24 @@
#endif
}
-TEST(android_mallopt, force_init_gwp_asan) {
#if defined(__BIONIC__)
- bool force_init = true;
- ASSERT_TRUE(android_mallopt(M_INITIALIZE_GWP_ASAN, &force_init, sizeof(force_init)));
+using Action = android_mallopt_gwp_asan_options_t::Action;
+TEST(android_mallopt, DISABLED_multiple_enable_gwp_asan) {
+ android_mallopt_gwp_asan_options_t options;
+ options.program_name = ""; // Don't infer GWP-ASan options from sysprops.
+ options.desire = Action::DONT_TURN_ON_UNLESS_OVERRIDDEN;
+ // GWP-ASan should already be enabled. Trying to enable or disable it should
+ // always pass.
+ ASSERT_TRUE(android_mallopt(M_INITIALIZE_GWP_ASAN, &options, sizeof(options)));
+ options.desire = Action::TURN_ON_WITH_SAMPLING;
+ ASSERT_TRUE(android_mallopt(M_INITIALIZE_GWP_ASAN, &options, sizeof(options)));
+}
+#endif // defined(__BIONIC__)
- // Verify that trying to do the call again also passes no matter the
- // value of force_init.
- force_init = false;
- ASSERT_TRUE(android_mallopt(M_INITIALIZE_GWP_ASAN, &force_init, sizeof(force_init)));
- force_init = true;
- ASSERT_TRUE(android_mallopt(M_INITIALIZE_GWP_ASAN, &force_init, sizeof(force_init)));
+TEST(android_mallopt, multiple_enable_gwp_asan) {
+#if defined(__BIONIC__)
+ // Always enable GWP-Asan, with default options.
+ RunGwpAsanTest("*.DISABLED_multiple_enable_gwp_asan");
#else
GTEST_SKIP() << "bionic extension";
#endif
diff --git a/tests/utils.h b/tests/utils.h
index 284140a..296b6bf 100644
--- a/tests/utils.h
+++ b/tests/utils.h
@@ -270,6 +270,8 @@
std::vector<const char*> env_;
std::string output_;
};
+
+void RunGwpAsanTest(const char* test_name);
#endif
class FdLeakChecker {