restorer: Workaround ASan false-positives after clone().

ASan doesn't play nicely with clone if we use current stack for
child task. ASan puts local variables on the fake stack
to catch use-after-return bug:
	https://github.com/google/sanitizers/wiki/AddressSanitizerUseAfterReturn#algorithm

So it's become easy to overflow this fake stack frame in cloned child.
We need a real stack for clone().

To workaround this we add clone_noasan() not-instrumented wrapper for
clone(). Unfortunately we can't use __attrbute__((no_sanitize_addresss))
for this because of bug in GCC > 6:
	https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69863

So the only way is to put this wrapper in separate non-instrumented file.

travis-ci: success for series starting with [1/6] compel/infect: fix out-of-bounds parasite memcpy()
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reviewed-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>

criu/Makefile.crtools

 ccflags-y		+= -iquote criu/$(ARCH)
 ccflags-y		+= $(COMPEL_UAPI_INCLUDES)
+CFLAGS_REMOVE_clone-noasan.o += $(CFLAGS-ASAN)
 
 obj-y			+= action-scripts.o
 obj-y			+= external.o
@@ -8,6 +9,7 @@ obj-y			+= bfd.o
 obj-y			+= bitmap.o
 obj-y			+= cgroup.o
 obj-y			+= cgroup-props.o
+obj-y			+= clone-noasan.o
 obj-y			+= cr-check.o
 obj-y			+= cr-dedup.o
 obj-y			+= cr-dump.o

criu/clone-noasan.c

+#include <sched.h>
+#include "common/compiler.h"
+
+/*
+ * ASan doesn't play nicely with clone if we use current stack for
+ * child task. ASan puts local variables on the fake stack
+ * to catch use-after-return bug:
+ *         https://github.com/google/sanitizers/wiki/AddressSanitizerUseAfterReturn#algorithm
+ *
+ * So it's become easy to overflow this fake stack frame in cloned child.
+ * We need a real stack for clone().
+ *
+ * To workaround this we add clone_noasan() not-instrumented wrapper for
+ * clone(). Unfortunately we can't use __attrbute__((no_sanitize_addresss))
+ * for this because of bug in GCC > 6:
+ *         https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69863
+ *
+ * So the only way is to put this wrapper in separate non-instrumented file
+ */
+int clone_noasan(int (*fn)(void *), int flags, void *arg)
+{
+	/*
+	 * Reserve some space for clone() to locate arguments
+	 * and retcode in this place
+	 */
+	char stack[128] __stack_aligned__;
+	char *stack_ptr = &stack[sizeof(stack)];
+	int ret;
+
+	ret = clone(fn, stack_ptr, flags, arg);
+	return ret;
+}
+

criu/cr-restore.c

@@ -27,6 +27,7 @@
 #include <compel/ptrace.h>
 #include "common/compiler.h"
 
+#include "clone-noasan.h"
 #include "cr_options.h"
 #include "servicefd.h"
 #include "image.h"
@@ -909,12 +910,6 @@ static int restore_one_task(int pid, CoreEntry *core)
 
 /* All arguments should be above stack, because it grows down */
 struct cr_clone_arg {
-	/*
-	 * Reserve some space for clone() to locate arguments
-	 * and retcode in this place
-	 */
-	char stack[128] __stack_aligned__;
-	char stack_ptr[0];
 	struct pstree_item *item;
 	unsigned long clone_flags;
 	int fd;
@@ -1037,9 +1032,8 @@ static inline int fork_with_pid(struct pstree_item *item)
 	 * The cgroup namespace is also unshared explicitly in the
 	 * move_in_cgroup(), so drop this flag here as well.
 	 */
-	ret = clone(restore_task_with_children, ca.stack_ptr,
-		    (ca.clone_flags & ~(CLONE_NEWNET | CLONE_NEWCGROUP)) | SIGCHLD, &ca);
-
+	ret = clone_noasan(restore_task_with_children,
+			(ca.clone_flags & ~(CLONE_NEWNET | CLONE_NEWCGROUP)) | SIGCHLD, &ca);
 	if (ret < 0) {
 		pr_perror("Can't fork for %d", pid);
 		goto err_unlock;

criu/include/clone-noasan.h

+#ifndef __CR_CLONE_NOASAN_H__
+#define __CR_CLONE_NOASAN_H__
+
+int clone_noasan(int (*fn)(void *), int flags, void *arg);
+
+#endif /* __CR_CLONE_NOASAN_H__ */