Portage Access Denied error in compiler-rt [204375293]

Fixed

Bug

Status Update

No update yet.

Description

ry...@google.com

created issue #1

Oct 27, 2021 11:59PM

CQ is failing for https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/3220220 due to portage having a permission denied error.

Example log: https://logs.chromium.org/logs/chromeos/buildbucket/cr-buildbucket/8832181829708125505/+/u/update_sdk/call_chromite.api.SdkService_Update/call_build_API_script/stdout

16:02:47    /usr/lib64/clang/12.0.0/lib/linux/libclang_rt.xray-profiling-armhf.a
ln: failed to create symbolic link '/var/tmp/portage/cross-armv7a-cros-linux-gnueabihf/compiler-rt-13.0_pre433403-r2/image/usr/lib/debug/.build-id/e7/f4a2f77f26e1f0.debug': File exists
ln: ln: failed to create symbolic link '/var/tmp/portage/cross-armv7a-cros-linux-gnueabihf/compiler-rt-13.0_pre433403-r2/image/usr/lib/debug/.build-id/e7/f4a2f77f26e1f0'failed to create symbolic link '/var/tmp/portage/cross-armv7a-cros-linux-gnueabihf/compiler-rt-13.0_pre433403-r2/image/usr/lib/debug/.build-id/e7/f4a2f77f26e1f0': File exists: File exists

ln: failed to create symbolic link '/var/tmp/portage/cross-armv7a-cros-linux-gnueabihf/compiler-rt-13.0_pre433403-r2/image/usr/lib/debug/.build-id/44/fde002adc7cfc0.debug': File exists
ln: failed to create symbolic link '/var/tmp/portage/cross-armv7a-cros-linux-gnueabihf/compiler-rt-13.0_pre433403-r2/image/usr/lib/debug/.build-id/44/fde002adc7cfc0.debug': File exists
ln: failed to create symbolic link '/var/tmp/portage/cross-armv7a-cros-linux-gnueabihf/compiler-rt-13.0_pre433403-r2/image/usr/lib/debug/.build-id/44/fde002adc7cfc0': File exists
ln: failed to create symbolic link '/var/tmp/portage/cross-armv7a-cros-linux-gnueabihf/compiler-rt-13.0_pre433403-r2/image/usr/lib/debug/.build-id/44/fde002adc7cfc0': File exists
ln: failed to create symbolic link '/var/tmp/portage/cross-armv7a-cros-linux-gnueabihf/compiler-rt-13.0_pre433403-r2/image/usr/lib/debug/.build-id/09/4703fa28f64e36.debug': File exists
ln: failed to create symbolic link '/var/tmp/portage/cross-armv7a-cros-linux-gnueabihf/compiler-rt-13.0_pre433403-r2/image/usr/lib/debug/.build-id/09/4703fa28f64e36.debug': File exists
 * ACCESS DENIED:  symlinkat:     /var/tmp/portage/cross-armv7a-cros-linux-gnueabihf/compiler-rt-13.0_pre433403-r2/image/usr/lib/debug/.build-id/09/4703fa28f64e36
ln: failed to create symbolic link '/var/tmp/portage/cross-armv7a-cros-linux-gnueabihf/compiler-rt-13.0_pre433403-r2/image/usr/lib/debug/.build-id/09/4703fa28f64e36': Permission denied
ln: failed to create symbolic link '/var/tmp/portage/cross-armv7a-cros-linux-gnueabihf/compiler-rt-13.0_pre433403-r2/image/usr/lib/debug/.build-id/09/4703fa28f64e36': File exists
 * --------------------------- ACCESS VIOLATION SUMMARY ---------------------------
 * LOG FILE: "/var/tmp/portage/cross-armv7a-cros-linux-gnueabihf/compiler-rt-13.0_pre433403-r2/temp/sandbox.log"
 * 
VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: symlinkat
S: deny
P: /var/tmp/portage/cross-armv7a-cros-linux-gnueabihf/compiler-rt-13.0_pre433403-r2/image/usr/lib/debug/.build-id/09/4703fa28f64e36
A: /var/tmp/portage/cross-armv7a-cros-linux-gnueabihf/compiler-rt-13.0_pre433403-r2/image/usr/lib/debug/.build-id/09/4703fa28f64e36
R: /usr/lib64/clang/13.0.0/lib/linux/libclang_rt.asan-armhf.so
C: ln -s /usr/lib64/clang/12.0.0/lib/linux/libclang_rt.asan-armhf.so /var/tmp/portage/cross-armv7a-cros-linux-gnueabihf/compiler-rt-13.0_pre433403-r2/image/usr/lib/debug/.build-id/09/4703fa28f64e36 
 * --------------------------------------------------------------------------------
!!! post install failed; exiting.

>>> 16:02:48 Failed to emerge cross-armv7a-cros-linux-gnueabihf/compiler-rt-13.0_pre433403-r2, Log file:
>>> 16:02:48   /var/log/portage/cross-armv7a-cros-linux-gnueabihf:compiler-rt-13.0_pre433403-r2:20211027-230137.log


 * error: compiler-rt failed :(

Comments

ma...@google.com <ma...@google.com> #2Oct 28, 2021 12:10AM

Portage is suppose to ignore these collisions:

COLLISION_IGNORE="*.py[co] *$py.class */dropin.cache /usr/lib/debug/.build-id"

https://source.corp.google.com/chromeos_public/src/third_party/chromiumos-overlay/profiles/base/make.defaults;l=139?q=%22COLLISION_IGNORE%3D%22&ss=piper%2FGoogle%2Fchromeos_public

Will move to build team.

bl...@google.com <bl...@google.com> #3Oct 28, 2021 12:17AM

Assigned to va...@google.com.

Automated by Blunderbuss job chromeos-build-eng-blunderbuss-autoassigner for component 1037860.

va...@google.com <va...@google.com> #4Oct 28, 2021 01:51AM

Accepted by va...@google.com.

it's not because of the collision detection. sandbox things the target (which is outside of the build tree) is being written to, so it rejects it. guessing we have a TOCTOU race here ...

$ sandbox
$ cat doit.sh
#!/bin/bash
while [[ ! -e $SANDBOX_LOG ]] ; do
  strace -o log.1 ln -s /bin/bash ./f &
  strace -o log.2 ln -s /bin/bash ./f &
  rm -f f
  wait
done
$ ./doit.sh
...
 * ACCESS DENIED:  symlinkat:     ./f
...

va...@google.com <va...@google.com> #5Oct 28, 2021 02:37AM

it seems like this bug has been here forever. i stopped history searching when i hit 2005.

it does indeed look like a TOCTOU. the situation of multiple processes trying to create the same symlink pretty much never happens.

should be easy to fix.

va...@google.com <va...@google.com> #6Oct 28, 2021 03:45AM

as for why this is showing up now, we've been on sandbox-2.11 from 2016. it had a bug where it didn't check symlinkat properly. i fixed it in sandbox-2.12+. i just recently upgraded us to the latest sandbox release which includes the symlinkat check, and the portage splitdebug install step uses that.

the bug exists for many functions, it just required a specific behavior to be triggered, and that behavior has only showed up so far in code that used symlinkat.

at any rate, fixed upstream:
https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=49e6eb50d1c77f06d8b4c728cd222d3d404c8d08

ap...@google.com <ap...@google.com> #7Oct 29, 2021 05:29AM

Project: chromiumos/overlays/chromiumos-overlay
Branch: main

commit a9031d7d0c5da213ff769c78f8dce2c47cd54c5c
Author: Mike Frysinger <vapier@chromium.org>
Date: Wed Oct 27 23:46:42 2021

sandbox: backport upstream fix for symlink toctou race

BUG=b:204375293
TEST=CQ passes

Change-Id: Ie8e47fd0dcd23aaeba7beaba8651dfa891cb9797
Reviewed-on:

https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/3248087
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>

A sys-apps/sandbox/files/sandbox-2.27-symlink-toctou.patch
M sys-apps/sandbox/sandbox-2.27-r1.ebuild

https://chromium-review.googlesource.com/3248087

va...@google.com <va...@google.com> Oct 29, 2021 05:41AM

Marked as fixed.