Skip to content

Shadow panics when mmaping executable pages #2400

Closed
#2402
Closed
Shadow panics when mmaping executable pages#2400
#2402
Labels
Type: BugError or flaw producing unexpected results
@stevenengler

Description

@stevenengler
stevenengler
opened on Sep 2, 2022

When the plugin attempts to mmap, shadow will run the mmap syscall handler which will run memorymanager_handleMmap(). If the memory protection includes PROT_EXEC, the eventual calls into mmap_into_shadow() and mmap_into_plugin() will fail with EPERM. I'm not sure if this is because you can't map PROT_EXEC regions into a file that only has read/write permissions, or if this is a docker sandboxing thing (when /dev/shm is mounted with noexec; see #820 (comment)).

This was first seen in #2392.

general:
  stop_time: 30s
  model_unblocked_syscall_latency: true

network:
  graph:
    type: 1_gbit_switch

hosts:
  client:
    network_node_id: 0
    quantity: 1
    processes:
    - path: /usr/bin/jacktrip
      args: -C server -z -q auto
      start_time: 2s
$ (rm -rf shadow.data && RUST_BACKTRACE=1 ../build/src/main/shadow --strace-logging-mode standard --log-level trace shadow.yaml > shadow.log)
** Starting Shadow v2.2.0-235-g58598eec 2022-09-02--12:42:43 with GLib v2.72.3
thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: EPERM', main/host/memory_manager/memory_mapper.rs:124:10
stack backtrace:
   0: rust_begin_unwind
             at /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library/std/src/panicking.rs:584:5
   1: core::panicking::panic_fmt
             at /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library/core/src/panicking.rs:142:14
   2: core::result::unwrap_failed
             at /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library/core/src/result.rs:1805:5
   3: core::result::Result<T,E>::unwrap
             at /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library/core/src/result.rs:1098:23
   4: shadow_rs::host::memory_manager::memory_mapper::ShmFile::mmap_into_shadow
             at /tmp/shadow/src/main/host/memory_manager/memory_mapper.rs:114:9
   5: shadow_rs::host::memory_manager::memory_mapper::MemoryMapper::handle_mmap_result
             at /tmp/shadow/src/main/host/memory_manager/memory_mapper.rs:542:34
   6: shadow_rs::host::memory_manager::MemoryManager::do_mmap
             at /tmp/shadow/src/main/host/memory_manager/mod.rs:594:13
   7: memorymanager_handleMmap
             at /tmp/shadow/src/main/host/memory_manager/mod.rs:1017:9
   8: _syscallhandler_mmap
             at /tmp/shadow/src/main/host/syscall/mman.c:226:9
   9: syscallhandler_mmap
             at /tmp/shadow/src/main/host/syscall/mman.c:264:12
  10: syscallhandler_make_syscall
             at /tmp/shadow/src/main/host/syscall_handler.c:365:13
  11: managedthread_resume
             at /tmp/shadow/src/main/host/managed_thread.c:297:40
  12: thread_resume
             at /tmp/shadow/src/main/host/thread.c:125:30
  13: process_continue
             at /tmp/shadow/src/main/host/process.c:696:5
  14: _process_start
             at /tmp/shadow/src/main/host/process.c:630:5
  15: _process_runStartTask
             at /tmp/shadow/src/main/host/process.c:752:5
  ...
$ tail -n 10 shadow.log
00:00:00.391786 [20423:shadow-worker] 00:00:10.000112240 [TRACE] [client:11.0.0.1] [managed_thread.c:238] [_managedthread_waitForNextEvent] received shim_event 3
00:00:00.391798 [20423:shadow-worker] 00:00:10.000112240 [TRACE] [client:11.0.0.1] [syscall_handler.c:162] [_syscallhandler_pre_syscall] SYSCALL_HANDLER_PRE(jacktrip,pid=1000): handling syscall 217 getdents64
00:00:00.392573 [20423:shadow-worker] 00:00:10.000112240 [TRACE] [client:11.0.0.1] [regular_file.c:724] [regularfile_getdents64] RegularFile 0x7f1e5801c920 getdents64 os-backed file 11
00:00:00.392933 [20423:shadow-worker] 00:00:10.000112240 [TRACE] [client:11.0.0.1] [syscall_handler.c:200] [_syscallhandler_post_syscall] SYSCALL_HANDLER_POST(jacktrip,pid=1000): syscall 217 getdents64 result: state=DONE val=16136(n/a)
00:00:00.392943 [20423:shadow-worker] 00:00:10.000112240 [TRACE] [client:11.0.0.1] [syscall_handler.c:617] [syscallhandler_make_syscall] Unapplied CPU latency amt=1000 max=1000
00:00:00.393022 [20423:shadow-worker] 00:00:10.000112240 [TRACE] [client:11.0.0.1] [managed_thread.c:238] [_managedthread_waitForNextEvent] received shim_event 3
00:00:00.393034 [20423:shadow-worker] 00:00:10.000112240 [TRACE] [client:11.0.0.1] [syscall_handler.c:162] [_syscallhandler_pre_syscall] SYSCALL_HANDLER_PRE(jacktrip,pid=1000): handling syscall 9 mmap
00:00:00.393045 [20423:shadow-worker] 00:00:10.000112240 [TRACE] [client:11.0.0.1] [mman.c:201] [_syscallhandler_mmap] mmap called on fd -1 for 65536 bytes
00:00:00.393082 [20423:shadow-worker] 00:00:10.000112240 [TRACE] [client:11.0.0.1] [managed_thread.c:238] [_managedthread_waitForNextEvent] received shim_event 3
00:00:00.393092 [20423:shadow-worker] 00:00:10.000112240 [TRACE] [client:11.0.0.1] [memory_mapper.rs:499] [shadow_rs::host::memory_manager::memory_mapper] Handling mmap result for 7ffff1bd6000..+65536

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type: BugError or flaw producing unexpected results

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions