[ovs-dev] github: Reduce ASLR entropy to be compatible with asan in llvm 14.

Starting with image version 20240310.1.0, GitHub runners are using
32-bit entropy for ASLR:

  $ sudo sysctl -a | grep vm.mmap.rnd
  vm.mmap_rnd_bits = 32
  vm.mmap_rnd_compat_bits = 16

This breaks all the asan-enabled builds, because older asan gets
confused by memory mappings and crashes with segmentation fault.

The issue is fixed in newer releases of llvm:
  https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
  https://reviews.llvm.org/D148280

But these are not available in Ubuntu 22.04 image.

This should be fixed by GitHub, but until new images are available
reducing ASLR entropy manually to 28 bits to make builds work.

Reported-at: https://github.com/actions/runner-images/issues/9491
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
---
 .github/workflows/build-and-test.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

On 12 Mar 2024, at 12:47, Ilya Maximets wrote:

> Starting with image version 20240310.1.0, GitHub runners are using
> 32-bit entropy for ASLR:
>
>   $ sudo sysctl -a | grep vm.mmap.rnd
>   vm.mmap_rnd_bits = 32
>   vm.mmap_rnd_compat_bits = 16
>
> This breaks all the asan-enabled builds, because older asan gets
> confused by memory mappings and crashes with segmentation fault.
>
> The issue is fixed in newer releases of llvm:
>  https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
>  https://reviews.llvm.org/D148280
>
> But these are not available in Ubuntu 22.04 image.
>
> This should be fixed by GitHub, but until new images are available
> reducing ASLR entropy manually to 28 bits to make builds work.
>
> Reported-at: https://github.com/actions/runner-images/issues/9491
> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>

Thanks for finding the solution to this!

Acked-by: Eelco Chaudron <echaudro@redhat.com>

Ilya Maximets <i.maximets@ovn.org> writes:

> Starting with image version 20240310.1.0, GitHub runners are using
> 32-bit entropy for ASLR:
>
>   $ sudo sysctl -a | grep vm.mmap.rnd
>   vm.mmap_rnd_bits = 32
>   vm.mmap_rnd_compat_bits = 16
>
> This breaks all the asan-enabled builds, because older asan gets
> confused by memory mappings and crashes with segmentation fault.
>
> The issue is fixed in newer releases of llvm:
>   https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
>   https://reviews.llvm.org/D148280
>
> But these are not available in Ubuntu 22.04 image.
>
> This should be fixed by GitHub, but until new images are available
> reducing ASLR entropy manually to 28 bits to make builds work.
>
> Reported-at: https://github.com/actions/runner-images/issues/9491
> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
> ---

Acked-by: Aaron Conole <aconole@redhat.com>

We'll probably need something similar in other projects, too... What a
mess.

On 3/12/24 13:16, Eelco Chaudron wrote:
> 
> 
> On 12 Mar 2024, at 12:47, Ilya Maximets wrote:
> 
>> Starting with image version 20240310.1.0, GitHub runners are using
>> 32-bit entropy for ASLR:
>>
>>   $ sudo sysctl -a | grep vm.mmap.rnd
>>   vm.mmap_rnd_bits = 32
>>   vm.mmap_rnd_compat_bits = 16
>>
>> This breaks all the asan-enabled builds, because older asan gets
>> confused by memory mappings and crashes with segmentation fault.
>>
>> The issue is fixed in newer releases of llvm:
>>  https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
>>  https://reviews.llvm.org/D148280
>>
>> But these are not available in Ubuntu 22.04 image.
>>
>> This should be fixed by GitHub, but until new images are available
>> reducing ASLR entropy manually to 28 bits to make builds work.
>>
>> Reported-at: https://github.com/actions/runner-images/issues/9491
>> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
> 
> Thanks for finding the solution to this!
> 
> Acked-by: Eelco Chaudron <echaudro@redhat.com>
> 

Acked-by: Dumitru Ceara <dceara@redhat.com>

Ilya, if you're OK with it, I can cherry-pick this into the OVN tree
too.  It applies there too.  Here's the commit in my fork:

https://github.com/dceara/ovn/commit/7a9fdc76ce18f4081700ebee4aa88708a711f5f5

Thanks,
Dumitru

On 3/12/24 14:28, Dumitru Ceara wrote:
> On 3/12/24 13:16, Eelco Chaudron wrote:
>>
>>
>> On 12 Mar 2024, at 12:47, Ilya Maximets wrote:
>>
>>> Starting with image version 20240310.1.0, GitHub runners are using
>>> 32-bit entropy for ASLR:
>>>
>>>   $ sudo sysctl -a | grep vm.mmap.rnd
>>>   vm.mmap_rnd_bits = 32
>>>   vm.mmap_rnd_compat_bits = 16
>>>
>>> This breaks all the asan-enabled builds, because older asan gets
>>> confused by memory mappings and crashes with segmentation fault.
>>>
>>> The issue is fixed in newer releases of llvm:
>>>  https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
>>>  https://reviews.llvm.org/D148280
>>>
>>> But these are not available in Ubuntu 22.04 image.
>>>
>>> This should be fixed by GitHub, but until new images are available
>>> reducing ASLR entropy manually to 28 bits to make builds work.
>>>
>>> Reported-at: https://github.com/actions/runner-images/issues/9491
>>> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
>>
>> Thanks for finding the solution to this!
>>
>> Acked-by: Eelco Chaudron <echaudro@redhat.com>
>>
> 
> Acked-by: Dumitru Ceara <dceara@redhat.com>
> 
> Ilya, if you're OK with it, I can cherry-pick this into the OVN tree
> too.  It applies there too.  Here's the commit in my fork:
> 
> https://github.com/dceara/ovn/commit/7a9fdc76ce18f4081700ebee4aa88708a711f5f5

Yeah, sure.  Feel free to take it.

Best regards, Ilya Maximets.

On 3/12/24 13:16, Eelco Chaudron wrote:
> 
> 
> On 12 Mar 2024, at 12:47, Ilya Maximets wrote:
> 
>> Starting with image version 20240310.1.0, GitHub runners are using
>> 32-bit entropy for ASLR:
>>
>>   $ sudo sysctl -a | grep vm.mmap.rnd
>>   vm.mmap_rnd_bits = 32
>>   vm.mmap_rnd_compat_bits = 16
>>
>> This breaks all the asan-enabled builds, because older asan gets
>> confused by memory mappings and crashes with segmentation fault.
>>
>> The issue is fixed in newer releases of llvm:
>>  https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
>>  https://reviews.llvm.org/D148280
>>
>> But these are not available in Ubuntu 22.04 image.
>>
>> This should be fixed by GitHub, but until new images are available
>> reducing ASLR entropy manually to 28 bits to make builds work.
>>
>> Reported-at: https://github.com/actions/runner-images/issues/9491
>> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
> 
> Thanks for finding the solution to this!
> 
> Acked-by: Eelco Chaudron <echaudro@redhat.com>
> 

Thanks, Eelco, Dumitru and Aaron.

Applied to all branches.

Best regards, Ilya Maximets.

On 3/12/24 15:12, Ilya Maximets wrote:
> On 3/12/24 13:16, Eelco Chaudron wrote:
>>
>>
>> On 12 Mar 2024, at 12:47, Ilya Maximets wrote:
>>
>>> Starting with image version 20240310.1.0, GitHub runners are using
>>> 32-bit entropy for ASLR:
>>>
>>>   $ sudo sysctl -a | grep vm.mmap.rnd
>>>   vm.mmap_rnd_bits = 32
>>>   vm.mmap_rnd_compat_bits = 16
>>>
>>> This breaks all the asan-enabled builds, because older asan gets
>>> confused by memory mappings and crashes with segmentation fault.
>>>
>>> The issue is fixed in newer releases of llvm:
>>>  https://github.com/llvm/llvm-project/commit/fb77ca05ffb4f8e666878f2f6718a9fb4d686839
>>>  https://reviews.llvm.org/D148280
>>>
>>> But these are not available in Ubuntu 22.04 image.
>>>
>>> This should be fixed by GitHub, but until new images are available
>>> reducing ASLR entropy manually to 28 bits to make builds work.
>>>
>>> Reported-at: https://github.com/actions/runner-images/issues/9491
>>> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
>>
>> Thanks for finding the solution to this!
>>
>> Acked-by: Eelco Chaudron <echaudro@redhat.com>
>>
> 
> Thanks, Eelco, Dumitru and Aaron.
> 
> Applied to all branches.
> 

Also applied to the OVN tree to main and all branches down to 22.03.

Regards,
Dumitru