This is an archive of the discontinued LLVM Phabricator instance.

Differential D13818

[compiler-rt] [msan] Unify aarch64 mapping
ClosedPublic

Authored by zatrazz on Oct 16 2015, 11:06 AM.

Details

Reviewers
kcc
rengolin
samsonov
eugenis
pcc
Summary

This patch unify the 39-bit and 42-bit mapping for aarch64 using only
one instrumentation algorithm (based on 39-bit mapping). A runtime
check avoid mapping 42-bit only segments for 39-bit kernels.

The LLVM instrumentation change is at [1]. The only downside of this
patch is for 42-bit VMA the 39-bit shadow/origin segments will be created
regardless. However a patch is possible to filter out this based on runtime
VMA information.

[1] http://reviews.llvm.org/D13817

Diff Detail

Event Timeline

zatrazz updated this revision to Diff 37614.Oct 16 2015, 11:06 AM
zatrazz retitled this revision from to [compiler-rt] [msan] Unify aarch64 mapping.
zatrazz updated this object.
zatrazz added reviewers: pcc, rengolin, eugenis, kcc, samsonov.
zatrazz added a subscriber: llvm-commits.
Herald added subscribers: rengolin, aemerson. · View Herald TranscriptOct 16 2015, 11:06 AM
eugenis added inline comments.Oct 19 2015, 11:58 AM
lib/msan/msan.h
106–107

This is probably out of scope of this review, but could your elaborate, and maybe add a comment, about the constraints that led to this complex mapping function? For example, a list of all address ranges that must be in "app" regions would help.

This mapping limits the applications to roughly 1/7th of the address space on 39 bit VMA and only 1/30th on 42 bit VMA. Could we do any better?

zatrazz added inline comments.Oct 22 2015, 6:45 AM
lib/msan/msan.h
106–107

This is exactly what I am struggling with current aarch64 39 and 42-bit VMA contraints regarding PIE positioning. The memory segments are:

0000000000-0010000000: both 39 and 42 for own programs segments
5500000000-5600000000: 39-bits PIE program segments
7f80000000-7000000000: 39-bits libraries segments

2aa00000000-2ab00000000: 42-bits PIE program segments
3ff00000000-3ffffffffff: 42-bits libraries segments

I am trying to increase the segments size, but it is hard to come up with a single transformation that works on both 39 and 42-bit VMA that maps 39-bit to 39-bits and also works for 42-bits. I open to suggestions.

eugenis added inline comments.Oct 22 2015, 11:29 AM
lib/msan/msan.h
106–107

Can we do the same as on x86_64: flip either one or both of the most significant bits (38 & 37)?
39-bit addresses will stay 39-bit.
The following regions seem to have long enough constant left prefix for this transormation to be linear:
2aa00000000-2ab00000000: 42-bits PIE program segments
3ff00000000-3ffffffffff: 42-bits libraries segments

It will fragment 42-bit VMA in like 16 application segments, and the same number of shadow and origin; some of them will be marked invalid to avoid shadow/app/origin overlap with other segments. Not a problem, as long as the function is linear on any contiguous kernel-mapped range.

zatrazz added inline comments.Oct 22 2015, 2:07 PM
lib/msan/msan.h
106–107

This seems to be a slight better strategy:

{0x00000000000ULL, 0x01000000000ULL, MappingDesc::INVALID, "invalid"},
{0x01000000000ULL, 0x02000000000ULL, MappingDesc::SHADOW,  "shadow-1"},
{0x02000000000ULL, 0x03000000000ULL, MappingDesc::ORIGIN,  "origin"},
{0x03000000000ULL, 0x03500000000ULL, MappingDesc::INVALID, "invalid"},
{0x03500000000ULL, 0x03600000000ULL, MappingDesc::SHADOW,  "shadow-2"},
{0x03600000000ULL, 0x04500000000ULL, MappingDesc::INVALID, "invalid"},
{0x04500000000ULL, 0x04600000000ULL, MappingDesc::ORIGIN,  "origin"},
{0x04600000000ULL, 0x05500000000ULL, MappingDesc::INVALID, "invalid"},
{0x05500000000ULL, 0x05600000000ULL, MappingDesc::APP,     "app-1"},
{0x05600000000ULL, 0x07000000000ULL, MappingDesc::INVALID, "invalid"},
{0x07000000000ULL, 0x08000000000ULL, MappingDesc::APP,     "app-2"},
{0x08000000000ULL, 0x2A000000000ULL, MappingDesc::INVALID, "invalid"},
{0x2a000000000ULL, 0x2ac00000000ULL, MappingDesc::APP,     "app-3"},
{0x2AC00000000ULL, 0x2C000000000ULL, MappingDesc::INVALID, "invalid"},
{0x2C000000000ULL, 0x2CC00000000ULL, MappingDesc::SHADOW,  "shadow-3"},
{0x2CC00000000ULL, 0x2D000000000ULL, MappingDesc::INVALID, "invalid"},
{0x2D000000000ULL, 0x2DC00000000ULL, MappingDesc::ORIGIN,  "origin-3"},
{0x2DC00000000ULL, 0x39000000000ULL, MappingDesc::INVALID, "invalid"},
{0x39000000000ULL, 0x3A000000000ULL, MappingDesc::SHADOW,  "shadow"},
{0x3A000000000ULL, 0x3B000000000ULL, MappingDesc::ORIGIN,  "origin"},
{0x3B000000000ULL, 0x3F000000000ULL, MappingDesc::INVALID, "invalid"},
{0x3F000000000ULL, 0x40000000000ULL, MappingDesc::APP,     "app-4"},
  1. define MEM_TO_SHADOW(mem) ((uptr)mem ^ 0x6000000000ULL)
  2. define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x1000000000ULL)

Although it does not increase the VMA available for 42-bits (4.39% compare to 13% for 39). I will try to check if it is possible to squeeze more for 42-bits, but the PIE constraint is really making this hard :/

eugenis added inline comments.Oct 22 2015, 2:19 PM
lib/msan/msan.h
106–107

Your "invalid" regions are suspiciously large. It should be possible to add more app space w/o changing the mapping function.

For example, [3b, 3c) is mapped to [3d, 3e) with origin at [3e, 3f) - all three are marked invalid in your list.

Also, when naming regions, please make sure that shadow for "app-N" is called "shadow-N" - makes the list easier to read and verify. The same for origin.

zatrazz added inline comments.Oct 22 2015, 2:48 PM
lib/msan/msan.h
106–107

I realized it just after I hit the send button. Using the segments:

{0x11000000000ULL, 0x12000000000ULL, MappingDesc::APP, "app"}
{0x20000000000ULL, 0x22000000000ULL, MappingDesc::APP, "app"}
{0x2E000000000ULL, 0x2F000000000ULL, MappingDesc::APP, "app"}
{0x3B000000000ULL, 0x3C000000000ULL, MappingDesc::APP, "app"}

I could reach of a total of 12.21% of total VMA avaliable for the application, % similar to x86_64 and MIPS (12.50%).

About the names, I will change and add proper comments.

zatrazz updated this revision to Diff 38256.Oct 23 2015, 1:24 PM

This is an updated patch that used a different mapping regions and a different transformation (using XOR to clear the bits 38/37). The new mapping is:

  • 39-bits adn 42-bits mapping 0x00000000000ULL-0x01000000000ULL MappingDesc::INVALID 0x01000000000ULL-0x02000000000ULL MappingDesc::SHADOW 0x02000000000ULL-0x03000000000ULL MappingDesc::ORIGIN 0x03000000000ULL-0x03500000000ULL MappingDesc::INVALID 0x03500000000ULL-0x03600000000ULL MappingDesc::SHADOW 0x03600000000ULL-0x04500000000ULL MappingDesc::INVALID 0x04500000000ULL-0x04600000000ULL MappingDesc::ORIGIN 0x04600000000ULL-0x05500000000ULL MappingDesc::INVALID 0x05500000000ULL-0x05600000000ULL MappingDesc::APP 0x05600000000ULL-0x07000000000ULL MappingDesc::INVALID 0x07000000000ULL-0x08000000000ULL MappingDesc::APP
  • 42-bit mapping 0x08000000000ULL-0x09000000000ULL MappingDesc::INVALID 0x09000000000ULL-0x0A000000000ULL MappingDesc::SHADOW 0x0A000000000ULL-0x0B000000000ULL MappingDesc::ORIGIN 0x0B000000000ULL-0x0F000000000ULL MappingDesc::INVALID 0x0F000000000ULL-0x10000000000ULL MappingDesc::APP 0x10000000000ULL-0x11000000000ULL MappingDesc::INVALID 0x11000000000ULL-0x12000000000ULL MappingDesc::APP 0x12000000000ULL-0x17000000000ULL MappingDesc::INVALID 0x17000000000ULL-0x18000000000ULL MappingDesc::SHADOW 0x18000000000ULL-0x19000000000ULL MappingDesc::ORIGIN 0x19000000000ULL-0x20000000000ULL MappingDesc::INVALID 0x20000000000ULL-0x21000000000ULL MappingDesc::APP 0x21000000000ULL-0x26000000000ULL MappingDesc::INVALID 0x26000000000ULL-0x27000000000ULL MappingDesc::SHADOW 0x27000000000ULL-0x28000000000ULL MappingDesc::ORIGIN 0x28000000000ULL-0x29000000000ULL MappingDesc::SHADOW 0x29000000000ULL-0x2A000000000ULL MappingDesc::ORIGIN 0x2A000000000ULL-0x2AC00000000ULL MappingDesc::APP 0x2AC00000000ULL-0x2C000000000ULL MappingDesc::INVALID 0x2C000000000ULL-0x2CC00000000ULL MappingDesc::SHADOW 0x2CC00000000ULL-0x2D000000000ULL MappingDesc::INVALID 0x2D000000000ULL-0x2DC00000000ULL MappingDesc::ORIGIN 0x2DC00000000ULL-0x2E000000000ULL MappingDesc::INVALID 0x2E000000000ULL-0x2F000000000ULL MappingDesc::APP 0x2F000000000ULL-0x39000000000ULL MappingDesc::INVALID 0x39000000000ULL-0x3A000000000ULL MappingDesc::SHADOW 0x3A000000000ULL-0x3B000000000ULL MappingDesc::ORIGIN 0x3B000000000ULL-0x3C000000000ULL MappingDesc::APP 0x3C000000000ULL-0x3D000000000ULL MappingDesc::INVALID 0x3D000000000ULL-0x3E000000000ULL MappingDesc::SHADOW 0x3E000000000ULL-0x3F000000000ULL MappingDesc::ORIGIN 0x3F000000000ULL-0x40000000000ULL MappingDesc::APP

Although it creates a lot of segments, it allows to use only one function transformation for both 39 and 42-bits VMA. It also allows a high percentage of total VMA avaliable for normal allocations (13.28% for 39-bits and 12.21% for 42-bits). It also uses a faster transformation.

I also updated the LLVM patch to change the instrumentation [1]. No regression found on aarch64 39/42-bit and the new transformation also fixed a XFAIL test (chained_origin_limits).

[1] http://reviews.llvm.org/D13817

eugenis edited edge metadata.Oct 23 2015, 3:30 PM

To clarify, 12-13% is based on the whole address space, as in 1<<39, and not just user-addressable part?
Because on x86_64, for example, userspace is only allowed to map up to 0x800000000000, and MSan leaves 25% of that to the application, which is close to the theoretical limit of 33%.

lib/msan/msan.h
75

Why just 55 to 56? The whole 50 to 60 seems ok.

In general, I don't see a reason why the third hexadecimal digit can be anything but 0, please reconsider another case of this below.

eugenis added a comment.Oct 23 2015, 3:33 PM

In general this looks very nice. I don't think we should be scared of the huge number of mappings, this is only a very minor constant work at startup. It also slows down MEM_IS_APP, of course, but it should not be noticeable provided that the loop in that function is fully unrolled - you might want to check that the assembly looks reasonable.

zatrazz updated this revision to Diff 38458.Oct 26 2015, 2:08 PM
zatrazz edited edge metadata.

Differences from previous versions:

  • Change 39-bit mapping for PIE from 0x55...-0x56... to whole 0x50...-0x60...

And answering the questioning, I was considering based on whole VMA range to make the calculations. I think with these mappings MSAN for aarch64 with 39 and 42 is in par with other architecture regarding the available VMA for program memory allocation. I also checked the MEM_IS_APP code generation and clang does unroll all the loop, while GCC does not (and I do not think also this is an issue right now).

eugenis accepted this revision.Oct 26 2015, 2:17 PM
eugenis edited edge metadata.

LGTM

This revision is now accepted and ready to land.Oct 26 2015, 2:17 PM
zatrazz closed this revision.Oct 29 2015, 6:06 AM

Revision Contents

PathSize
lib/
msan/
86 lines
2 lines
6 lines
test/
msan/
4 lines
32 lines
16 lines

Diff 38458

lib/msan/msan.h

Show First 20 LinesShow All 48 Lines▼ Show 20 Linesconst MappingDesc kMemoryLayout[] = {
{0x00c000000000ULL, 0x00e000000000ULL, MappingDesc::ORIGIN, "origin"}, {0x00c000000000ULL, 0x00e000000000ULL, MappingDesc::ORIGIN, "origin"},
{0x00e000000000ULL, 0x010000000000ULL, MappingDesc::APP, "app"}}; {0x00e000000000ULL, 0x010000000000ULL, MappingDesc::APP, "app"}};
#define MEM_TO_SHADOW(mem) (((uptr)(mem)) & ~0x4000000000ULL) #define MEM_TO_SHADOW(mem) (((uptr)(mem)) & ~0x4000000000ULL)
#define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x002000000000) #define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x002000000000)
#elif SANITIZER_LINUX && defined(__aarch64__) #elif SANITIZER_LINUX && defined(__aarch64__)
# if SANITIZER_AARCH64_VMA == 39 // The mapping describes both 39-bits and 42-bits. AArch64 maps:
// - 0x00000000000-0x00010000000: 39/42-bits program own segments
// - 0x05500000000-0x05600000000: 39-bits PIE program segments
// - 0x07f80000000-0x07fffffffff: 39-bits libraries segments
// - 0x2aa00000000-0x2ab00000000: 42-bits PIE program segments
// - 0x3ff00000000-0x3ffffffffff: 42-bits libraries segments
// It is fragmented in multiples segments to increase the memory available
// on 42-bits (12.21% of total VMA available for 42-bits and 13.28 for
// 39 bits).
const MappingDesc kMemoryLayout[] = { const MappingDesc kMemoryLayout[] = {
{0x0000000000ULL, 0x4000000000ULL, MappingDesc::INVALID, "invalid"}, {0x00000000000ULL, 0x01000000000ULL, MappingDesc::INVALID, "invalid"},
{0x4000000000ULL, 0x4300000000ULL, MappingDesc::SHADOW, "shadow"}, {0x01000000000ULL, 0x02000000000ULL, MappingDesc::SHADOW, "shadow-2"},
{0x4300000000ULL, 0x4600000000ULL, MappingDesc::ORIGIN, "origin"}, {0x02000000000ULL, 0x03000000000ULL, MappingDesc::ORIGIN, "origin-2"},
{0x4600000000ULL, 0x5500000000ULL, MappingDesc::INVALID, "invalid"}, {0x03000000000ULL, 0x04000000000ULL, MappingDesc::SHADOW, "shadow-1"},
{0x5500000000ULL, 0x5600000000ULL, MappingDesc::APP, "app"}, {0x04000000000ULL, 0x05000000000ULL, MappingDesc::ORIGIN, "origin-1"},
{0x5600000000ULL, 0x7000000000ULL, MappingDesc::INVALID, "invalid"}, {0x05000000000ULL, 0x06000000000ULL, MappingDesc::APP, "app-1"},
{0x7000000000ULL, 0x8000000000ULL, MappingDesc::APP, "app"} {0x06000000000ULL, 0x07000000000ULL, MappingDesc::INVALID, "invalid"},
{0x07000000000ULL, 0x08000000000ULL, MappingDesc::APP, "app-2"},
{0x08000000000ULL, 0x09000000000ULL, MappingDesc::INVALID, "invalid"},
eugenisUnsubmitted
Not Done
ReplyInline Actions

Why just 55 to 56? The whole 50 to 60 seems ok.

In general, I don't see a reason why the third hexadecimal digit can be anything but 0, please reconsider another case of this below.

eugenis: Why just 55 to 56? The whole 50 to 60 seems ok. In general, I don't see a reason why the third…
// The mappings below are used only for 42-bits VMA.
{0x09000000000ULL, 0x0A000000000ULL, MappingDesc::SHADOW, "shadow-3"},
{0x0A000000000ULL, 0x0B000000000ULL, MappingDesc::ORIGIN, "origin-3"},
{0x0B000000000ULL, 0x0F000000000ULL, MappingDesc::INVALID, "invalid"},
{0x0F000000000ULL, 0x10000000000ULL, MappingDesc::APP, "app-3"},
{0x10000000000ULL, 0x11000000000ULL, MappingDesc::INVALID, "invalid"},
{0x11000000000ULL, 0x12000000000ULL, MappingDesc::APP, "app-4"},
{0x12000000000ULL, 0x17000000000ULL, MappingDesc::INVALID, "invalid"},
{0x17000000000ULL, 0x18000000000ULL, MappingDesc::SHADOW, "shadow-4"},
{0x18000000000ULL, 0x19000000000ULL, MappingDesc::ORIGIN, "origin-4"},
{0x19000000000ULL, 0x20000000000ULL, MappingDesc::INVALID, "invalid"},
{0x20000000000ULL, 0x21000000000ULL, MappingDesc::APP, "app-5"},
{0x21000000000ULL, 0x26000000000ULL, MappingDesc::INVALID, "invalid"},
{0x26000000000ULL, 0x27000000000ULL, MappingDesc::SHADOW, "shadow-5"},
{0x27000000000ULL, 0x28000000000ULL, MappingDesc::ORIGIN, "origin-5"},
{0x28000000000ULL, 0x29000000000ULL, MappingDesc::SHADOW, "shadow-7"},
{0x29000000000ULL, 0x2A000000000ULL, MappingDesc::ORIGIN, "origin-7"},
{0x2A000000000ULL, 0x2B000000000ULL, MappingDesc::APP, "app-6"},
{0x2B000000000ULL, 0x2C000000000ULL, MappingDesc::INVALID, "invalid"},
{0x2C000000000ULL, 0x2D000000000ULL, MappingDesc::SHADOW, "shadow-6"},
{0x2D000000000ULL, 0x2E000000000ULL, MappingDesc::ORIGIN, "origin-6"},
{0x2E000000000ULL, 0x2F000000000ULL, MappingDesc::APP, "app-7"},
{0x2F000000000ULL, 0x39000000000ULL, MappingDesc::INVALID, "invalid"},
{0x39000000000ULL, 0x3A000000000ULL, MappingDesc::SHADOW, "shadow-9"},
{0x3A000000000ULL, 0x3B000000000ULL, MappingDesc::ORIGIN, "origin-9"},
{0x3B000000000ULL, 0x3C000000000ULL, MappingDesc::APP, "app-8"},
{0x3C000000000ULL, 0x3D000000000ULL, MappingDesc::INVALID, "invalid"},
{0x3D000000000ULL, 0x3E000000000ULL, MappingDesc::SHADOW, "shadow-8"},
{0x3E000000000ULL, 0x3F000000000ULL, MappingDesc::ORIGIN, "origin-8"},
{0x3F000000000ULL, 0x40000000000ULL, MappingDesc::APP, "app-9"},
}; };
// Maps low and high app ranges to contiguous space with zero base: # define MEM_TO_SHADOW(mem) ((uptr)mem ^ 0x6000000000ULL)
eugenisUnsubmitted
Not Done
ReplyInline Actions

This is probably out of scope of this review, but could your elaborate, and maybe add a comment, about the constraints that led to this complex mapping function? For example, a list of all address ranges that must be in "app" regions would help.

This mapping limits the applications to roughly 1/7th of the address space on 39 bit VMA and only 1/30th on 42 bit VMA. Could we do any better?

eugenis: This is probably out of scope of this review, but could your elaborate, and maybe add a comment…
zatrazzAuthorUnsubmitted
Not Done
ReplyInline Actions

This is exactly what I am struggling with current aarch64 39 and 42-bit VMA contraints regarding PIE positioning. The memory segments are:

0000000000-0010000000: both 39 and 42 for own programs segments
5500000000-5600000000: 39-bits PIE program segments
7f80000000-7000000000: 39-bits libraries segments

2aa00000000-2ab00000000: 42-bits PIE program segments
3ff00000000-3ffffffffff: 42-bits libraries segments

I am trying to increase the segments size, but it is hard to come up with a single transformation that works on both 39 and 42-bit VMA that maps 39-bit to 39-bits and also works for 42-bits. I open to suggestions.

zatrazz: This is exactly what I am struggling with current aarch64 39 and 42-bit VMA contraints…
eugenisUnsubmitted
Not Done
ReplyInline Actions

Can we do the same as on x86_64: flip either one or both of the most significant bits (38 & 37)?
39-bit addresses will stay 39-bit.
The following regions seem to have long enough constant left prefix for this transormation to be linear:
2aa00000000-2ab00000000: 42-bits PIE program segments
3ff00000000-3ffffffffff: 42-bits libraries segments

It will fragment 42-bit VMA in like 16 application segments, and the same number of shadow and origin; some of them will be marked invalid to avoid shadow/app/origin overlap with other segments. Not a problem, as long as the function is linear on any contiguous kernel-mapped range.

eugenis: Can we do the same as on x86_64: flip either one or both of the most significant bits (38 & 37)?
zatrazzAuthorUnsubmitted
Not Done
ReplyInline Actions

This seems to be a slight better strategy:

{0x00000000000ULL, 0x01000000000ULL, MappingDesc::INVALID, "invalid"},
{0x01000000000ULL, 0x02000000000ULL, MappingDesc::SHADOW,  "shadow-1"},
{0x02000000000ULL, 0x03000000000ULL, MappingDesc::ORIGIN,  "origin"},
{0x03000000000ULL, 0x03500000000ULL, MappingDesc::INVALID, "invalid"},
{0x03500000000ULL, 0x03600000000ULL, MappingDesc::SHADOW,  "shadow-2"},
{0x03600000000ULL, 0x04500000000ULL, MappingDesc::INVALID, "invalid"},
{0x04500000000ULL, 0x04600000000ULL, MappingDesc::ORIGIN,  "origin"},
{0x04600000000ULL, 0x05500000000ULL, MappingDesc::INVALID, "invalid"},
{0x05500000000ULL, 0x05600000000ULL, MappingDesc::APP,     "app-1"},
{0x05600000000ULL, 0x07000000000ULL, MappingDesc::INVALID, "invalid"},
{0x07000000000ULL, 0x08000000000ULL, MappingDesc::APP,     "app-2"},
{0x08000000000ULL, 0x2A000000000ULL, MappingDesc::INVALID, "invalid"},
{0x2a000000000ULL, 0x2ac00000000ULL, MappingDesc::APP,     "app-3"},
{0x2AC00000000ULL, 0x2C000000000ULL, MappingDesc::INVALID, "invalid"},
{0x2C000000000ULL, 0x2CC00000000ULL, MappingDesc::SHADOW,  "shadow-3"},
{0x2CC00000000ULL, 0x2D000000000ULL, MappingDesc::INVALID, "invalid"},
{0x2D000000000ULL, 0x2DC00000000ULL, MappingDesc::ORIGIN,  "origin-3"},
{0x2DC00000000ULL, 0x39000000000ULL, MappingDesc::INVALID, "invalid"},
{0x39000000000ULL, 0x3A000000000ULL, MappingDesc::SHADOW,  "shadow"},
{0x3A000000000ULL, 0x3B000000000ULL, MappingDesc::ORIGIN,  "origin"},
{0x3B000000000ULL, 0x3F000000000ULL, MappingDesc::INVALID, "invalid"},
{0x3F000000000ULL, 0x40000000000ULL, MappingDesc::APP,     "app-4"},
  1. define MEM_TO_SHADOW(mem) ((uptr)mem ^ 0x6000000000ULL)
  2. define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x1000000000ULL)

Although it does not increase the VMA available for 42-bits (4.39% compare to 13% for 39). I will try to check if it is possible to squeeze more for 42-bits, but the PIE constraint is really making this hard :/

zatrazz: This seems to be a slight better strategy: {0x00000000000ULL, 0x01000000000ULL, MappingDesc…
eugenisUnsubmitted
Not Done
ReplyInline Actions

Your "invalid" regions are suspiciously large. It should be possible to add more app space w/o changing the mapping function.

For example, [3b, 3c) is mapped to [3d, 3e) with origin at [3e, 3f) - all three are marked invalid in your list.

Also, when naming regions, please make sure that shadow for "app-N" is called "shadow-N" - makes the list easier to read and verify. The same for origin.

eugenis: Your "invalid" regions are suspiciously large. It should be possible to add more app space w/o…
zatrazzAuthorUnsubmitted
Not Done
ReplyInline Actions

I realized it just after I hit the send button. Using the segments:

{0x11000000000ULL, 0x12000000000ULL, MappingDesc::APP, "app"}
{0x20000000000ULL, 0x22000000000ULL, MappingDesc::APP, "app"}
{0x2E000000000ULL, 0x2F000000000ULL, MappingDesc::APP, "app"}
{0x3B000000000ULL, 0x3C000000000ULL, MappingDesc::APP, "app"}

I could reach of a total of 12.21% of total VMA avaliable for the application, % similar to x86_64 and MIPS (12.50%).

About the names, I will change and add proper comments.

zatrazz: I realized it just after I hit the send button. Using the segments: {0x11000000000ULL…
// Low: 55 0000 0000 - 55 ffff ffff -> 1 0000 0000 - 1 ffff ffff # define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x1000000000ULL)
// High: 70 0000 0000 - 7f ffff ffff -> 0 0000 0000 - f ffff ffff
# define LINEARIZE_MEM(mem) \
(((uptr)(mem) & ~0x7C00000000ULL) ^ 0x100000000ULL)
# define MEM_TO_SHADOW(mem) (LINEARIZE_MEM((mem)) + 0x4000000000ULL)
# define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x300000000ULL)
# elif SANITIZER_AARCH64_VMA == 42
const MappingDesc kMemoryLayout[] = {
{0x00000000000ULL, 0x10000000000ULL, MappingDesc::INVALID, "invalid"},
{0x10000000000ULL, 0x11b00000000ULL, MappingDesc::SHADOW, "shadow"},
{0x11b00000000ULL, 0x12000000000ULL, MappingDesc::INVALID, "invalid"},
{0x12000000000ULL, 0x13b00000000ULL, MappingDesc::ORIGIN, "origin"},
{0x13b00000000ULL, 0x2aa00000000ULL, MappingDesc::INVALID, "invalid"},
{0x2aa00000000ULL, 0x2ab00000000ULL, MappingDesc::APP, "app"},
{0x2ab00000000ULL, 0x3f000000000ULL, MappingDesc::INVALID, "invalid"},
{0x3f000000000ULL, 0x40000000000ULL, MappingDesc::APP, "app"},
};
// Maps low and high app ranges to contigous space with zero base:
// 2 aa00 0000 00 - 2 ab00 0000 00: -> 1a00 0000 00 - 1aff ffff ff
// 3 f000 0000 00 - 4 0000 0000 00: -> 0000 0000 00 - 0fff ffff ff
# define LINEARIZE_MEM(mem) \
(((uptr)(mem) & ~0x3E000000000ULL) ^ 0x1000000000ULL)
# define MEM_TO_SHADOW(mem) (LINEARIZE_MEM((mem)) + 0x10000000000ULL)
# define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x2000000000ULL)
# endif // SANITIZER_AARCH64_VMA
#elif SANITIZER_LINUX && defined(__powerpc64__) #elif SANITIZER_LINUX && defined(__powerpc64__)
const MappingDesc kMemoryLayout[] = { const MappingDesc kMemoryLayout[] = {
{0x000000000000ULL, 0x000100000000ULL, MappingDesc::APP, "low memory"}, {0x000000000000ULL, 0x000100000000ULL, MappingDesc::APP, "low memory"},
{0x000100000000ULL, 0x080000000000ULL, MappingDesc::INVALID, "invalid"}, {0x000100000000ULL, 0x080000000000ULL, MappingDesc::INVALID, "invalid"},
{0x080000000000ULL, 0x180100000000ULL, MappingDesc::SHADOW, "shadow"}, {0x080000000000ULL, 0x180100000000ULL, MappingDesc::SHADOW, "shadow"},
{0x180100000000ULL, 0x1C0000000000ULL, MappingDesc::INVALID, "invalid"}, {0x180100000000ULL, 0x1C0000000000ULL, MappingDesc::INVALID, "invalid"},
▲ Show 20 LinesShow All 201 LinesShow Last 20 Lines

lib/msan/msan.cc

Show First 20 LinesShow All 374 Lines▼ Show 20 Linesvoid __msan_init() {
msan_init_is_running = 1; msan_init_is_running = 1;
SanitizerToolName = "MemorySanitizer"; SanitizerToolName = "MemorySanitizer";
InitTlsSize(); InitTlsSize();
CacheBinaryName(); CacheBinaryName();
InitializeFlags(); InitializeFlags();
CheckVMASize();
__sanitizer_set_report_path(common_flags()->log_path); __sanitizer_set_report_path(common_flags()->log_path);
InitializeInterceptors(); InitializeInterceptors();
InstallAtExitHandler(); // Needs __cxa_atexit interceptor. InstallAtExitHandler(); // Needs __cxa_atexit interceptor.
DisableCoreDumperIfNecessary(); DisableCoreDumperIfNecessary();
if (StackSizeIsUnlimited()) { if (StackSizeIsUnlimited()) {
VPrintf(1, "Unlimited stack, doing reexec\n"); VPrintf(1, "Unlimited stack, doing reexec\n");
▲ Show 20 LinesShow All 252 LinesShow Last 20 Lines

lib/msan/msan_linux.cc

Show First 20 LinesShow All 113 Lines▼ Show 20 Linesbool InitShadow(bool init_origins) {
CheckMemoryLayoutSanity(); CheckMemoryLayoutSanity();
if (!MEM_IS_APP(&__msan_init)) { if (!MEM_IS_APP(&__msan_init)) {
Printf("FATAL: Code %p is out of application range. Non-PIE build?\n", Printf("FATAL: Code %p is out of application range. Non-PIE build?\n",
(uptr)&__msan_init); (uptr)&__msan_init);
return false; return false;
} }
const uptr maxVirtualAddress = GetMaxVirtualAddress();
for (unsigned i = 0; i < kMemoryLayoutSize; ++i) { for (unsigned i = 0; i < kMemoryLayoutSize; ++i) {
uptr start = kMemoryLayout[i].start; uptr start = kMemoryLayout[i].start;
uptr end = kMemoryLayout[i].end; uptr end = kMemoryLayout[i].end;
uptr size= end - start; uptr size= end - start;
MappingDesc::Type type = kMemoryLayout[i].type; MappingDesc::Type type = kMemoryLayout[i].type;
// Check if the segment should be mapped based on platform constraints.
if (start >= maxVirtualAddress)
continue;
bool map = type == MappingDesc::SHADOW || bool map = type == MappingDesc::SHADOW ||
(init_origins && type == MappingDesc::ORIGIN); (init_origins && type == MappingDesc::ORIGIN);
bool protect = type == MappingDesc::INVALID || bool protect = type == MappingDesc::INVALID ||
(!init_origins && type == MappingDesc::ORIGIN); (!init_origins && type == MappingDesc::ORIGIN);
CHECK(!(map && protect)); CHECK(!(map && protect));
if (!map && !protect) if (!map && !protect)
CHECK(type == MappingDesc::APP); CHECK(type == MappingDesc::APP);
if (map) { if (map) {
▲ Show 20 LinesShow All 74 LinesShow Last 20 Lines

test/msan/chained_origin_limits.cc

Show First 20 LinesShow All 55 Lines▼ Show 20 Lines
// RUN: MSAN_OPTIONS=origin_history_size=2 not %run %t >%t.out 2>&1 // RUN: MSAN_OPTIONS=origin_history_size=2 not %run %t >%t.out 2>&1
// RUN: FileCheck %s --check-prefix=CHECK2 < %t.out // RUN: FileCheck %s --check-prefix=CHECK2 < %t.out
// RUN: MSAN_OPTIONS=origin_history_per_stack_limit=1 not %run %t >%t.out 2>&1 // RUN: MSAN_OPTIONS=origin_history_per_stack_limit=1 not %run %t >%t.out 2>&1
// RUN: FileCheck %s --check-prefix=CHECK-PER-STACK < %t.out // RUN: FileCheck %s --check-prefix=CHECK-PER-STACK < %t.out
// RUN: MSAN_OPTIONS=origin_history_size=7,origin_history_per_stack_limit=0 not %run %t >%t.out 2>&1 // RUN: MSAN_OPTIONS=origin_history_size=7,origin_history_per_stack_limit=0 not %run %t >%t.out 2>&1
// RUN: FileCheck %s --check-prefix=CHECK7 < %t.out // RUN: FileCheck %s --check-prefix=CHECK7 < %t.out
//
// AArch64 fails with -fsanitize-memory-track-origins=2 with and invalid access
// on 'return buf[50]'.
// XFAIL: aarch64
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <unistd.h> #include <unistd.h>
static char *buf, *cur, *end; static char *buf, *cur, *end;
void init() { void init() {
▲ Show 20 LinesShow All 107 LinesShow Last 20 Lines

test/msan/mmap.cc

Show All 17 Lines#elif defined(__x86_64__)
return (addr >= 0x000000000000ULL && addr < 0x010000000000ULL) || return (addr >= 0x000000000000ULL && addr < 0x010000000000ULL) ||
(addr >= 0x510000000000ULL && addr < 0x600000000000ULL) || (addr >= 0x510000000000ULL && addr < 0x600000000000ULL) ||
(addr >= 0x700000000000ULL && addr < 0x800000000000ULL); (addr >= 0x700000000000ULL && addr < 0x800000000000ULL);
#elif defined(__mips64) #elif defined(__mips64)
return addr >= 0x00e000000000ULL; return addr >= 0x00e000000000ULL;
#elif defined(__powerpc64__) #elif defined(__powerpc64__)
return addr < 0x000100000000ULL || addr >= 0x300000000000ULL; return addr < 0x000100000000ULL || addr >= 0x300000000000ULL;
#elif defined(__aarch64__) #elif defined(__aarch64__)
unsigned long vma = SystemVMA();
if (vma == 39) struct AddrMapping {
return (addr >= 0x5500000000ULL && addr < 0x5600000000ULL) || uintptr_t start;
(addr > 0x7000000000ULL); uintptr_t end;
else if (vma == 42) } mappings[] = {
return (addr >= 0x2aa00000000ULL && addr < 0x2ab00000000ULL) || {0x05000000000ULL, 0x06000000000ULL},
(addr > 0x3f000000000ULL); {0x07000000000ULL, 0x08000000000ULL},
else { {0x0F000000000ULL, 0x10000000000ULL},
fprintf(stderr, "unsupported vma: %lu\n", vma); {0x11000000000ULL, 0x12000000000ULL},
exit(1); {0x20000000000ULL, 0x21000000000ULL},
} {0x2A000000000ULL, 0x2B000000000ULL},
{0x2E000000000ULL, 0x2F000000000ULL},
{0x3B000000000ULL, 0x3C000000000ULL},
{0x3F000000000ULL, 0x40000000000ULL},
};
const size_t mappingsSize = sizeof (mappings) / sizeof (mappings[0]);
for (int i=0; i<mappingsSize; ++i)
if (addr >= mappings[i].start && addr < mappings[i].end)
return true;
return false;
#endif #endif
} }
int main() { int main() {
// Large enough to quickly exhaust the entire address space. // Large enough to quickly exhaust the entire address space.
#if defined(__mips64) || defined(__aarch64__) #if defined(__mips64) || defined(__aarch64__)
const size_t kMapSize = 0x100000000ULL; const size_t kMapSize = 0x100000000ULL;
#else #else
Show All 17 Lines

test/msan/strlen_of_shadow.cc

Show All 14 Lines#if defined(__x86_64__)
return (char *)((uintptr_t)p ^ 0x500000000000ULL); return (char *)((uintptr_t)p ^ 0x500000000000ULL);
#elif defined (__mips64) #elif defined (__mips64)
return (char *)((uintptr_t)p & ~0x4000000000ULL); return (char *)((uintptr_t)p & ~0x4000000000ULL);
#elif defined(__powerpc64__) #elif defined(__powerpc64__)
#define LINEARIZE_MEM(mem) \ #define LINEARIZE_MEM(mem) \
(((uintptr_t)(mem) & ~0x200000000000ULL) ^ 0x100000000000ULL) (((uintptr_t)(mem) & ~0x200000000000ULL) ^ 0x100000000000ULL)
return (char *)(LINEARIZE_MEM(p) + 0x080000000000ULL); return (char *)(LINEARIZE_MEM(p) + 0x080000000000ULL);
#elif defined(__aarch64__) #elif defined(__aarch64__)
unsigned long vma = SystemVMA(); return (char *)((uintptr_t)p ^ 0x6000000000ULL);
#define LINEARIZE_MEM_39(mem) \
(((uintptr_t)(mem) & ~0x7C00000000ULL) ^ 0x100000000ULL)
#define LINEARIZE_MEM_42(mem) \
(((uintptr_t)(mem) & ~0x3E000000000ULL) ^ 0x1000000000ULL)
if (vma == 39)
return (char *)(LINEARIZE_MEM_39(p) + 0x4000000000ULL);
else if (vma == 42)
return (char *)(LINEARIZE_MEM_42(p) + 0x10000000000ULL);
else {
fprintf(stderr, "unsupported vma: %lu\n", vma);
exit(1);
}
#endif #endif
} }
int main(void) { int main(void) {
const char *s = "abcdef"; const char *s = "abcdef";
assert(strlen(s) == 6); assert(strlen(s) == 6);
assert(strlen(mem_to_shadow(s)) == 0); assert(strlen(mem_to_shadow(s)) == 0);
char *t = new char[42]; char *t = new char[42];
t[41] = 0; t[41] = 0;
assert(strlen(mem_to_shadow(t)) == 41); assert(strlen(mem_to_shadow(t)) == 41);
return 0; return 0;
} }