This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
lib/asan/
-
asan/
6/7
asan_malloc_linux.cc
-
test/asan/TestCases/Linux/
-
asan/
-
TestCases/
-
Linux/
1/3
calloc-preload.c

Differential D14979

[asan] Correctly release memory allocated during early startup.
ClosedPublic

Authored by ygribov on Nov 25 2015, 2:55 AM.

Download Raw Diff

Details

Reviewers

kcc
samsonov

Commits

rG67a001fd17d6: [asan] Correctly release memory allocated during early startup.
rCRT254395: [asan] Correctly release memory allocated during early startup.
rL254395: [asan] Correctly release memory allocated during early startup.

Summary

Inspired by https://github.com/google/sanitizers/issues/626

Calloc interceptor initially allocates memory from temp buffer (to serve dlsyms called during asan_init). There is a chance that some non-instrumented library (or executable) has allocated memory with calloc before asan_init and got pointer from the same temporary buffer which later caused problems with free.

Diff Detail

Event Timeline

ygribov updated this revision to Diff 41121.Nov 25 2015, 2:55 AM

ygribov retitled this revision from to [asan] Correctly release memory allocated during early startup..

ygribov updated this object.

ygribov added reviewers: kcc, samsonov.

ygribov set the repository for this revision to rL LLVM.

ygribov added subscribers: eugenis, dvyukov, llvm-commits.

Herald added subscribers: srhines, danalbert, tberghammer. · View Herald TranscriptNov 25 2015, 2:55 AM

Added UNLIKELY hints.

samsonov added inline comments.Nov 25 2015, 11:25 AM

lib/asan/asan_malloc_linux.cc
33	Wait, why is it not ptr - calloc_memory_for_dlsym?
74	It's not that hard to keep sizes of the allocations from calloc_memory_for_dlsym. E.g. when you return `&calloc_memory_for_dlsym[allocated]` you can store `size_in_words` in `calloc_memory_for_dlsym_sizes[allocated]`.
test/asan/TestCases/Linux/calloc-preload.c
10	UNSUPPORTED: android ?

Fixed Alexey's remarks.

ygribov added inline comments.Nov 25 2015, 11:13 PM

lib/asan/asan_malloc_linux.cc
33	Right, shame on me. This worked because ptr was equal to calloc_memory_for_dlsym.
74	Sure, but is it worth it? We do not expect pool pointers to sneak into normal allocator very often.
test/asan/TestCases/Linux/calloc-preload.c
12	That's Evgeniy's code, also used in other tests. Perhaps fix this in separate commit?

eugenis added inline comments.Nov 30 2015, 11:18 AM

test/asan/TestCases/Linux/calloc-preload.c
12	Yes, this should be replaced with UNSUPPORTED. Other occurrencies could be fixed in a separate commit, but there no reason to use not-android in newly added tests.

Looks OK, but please fix the bug pointed out below.

lib/asan/asan_malloc_linux.cc
73	ptr - calloc_memory_for_dlsym here as well
74	Okay

This revision is now accepted and ready to land.Nov 30 2015, 11:37 AM

Closed by commit rL254395: [asan] Correctly release memory allocated during early startup. (authored by ygribov). · Explain WhyDec 1 2015, 1:25 AM

This revision was automatically updated to reflect the committed changes.

ygribov marked 3 inline comments as done.Dec 1 2015, 1:26 AM

ygribov added inline comments.

lib/asan/asan_malloc_linux.cc
73	Done.

jevinskie added a subscriber: jevinskie.Dec 1 2015, 12:38 PM

Revision Contents

Path

Size

lib/

asan/

asan_malloc_linux.cc

21 lines

test/

asan/

TestCases/

Linux/

calloc-preload.c

36 lines

Diff 41122

lib/asan/asan_malloc_linux.cc

	Show All 20 Lines
	#include "asan_allocator.h"			#include "asan_allocator.h"
	#include "asan_interceptors.h"			#include "asan_interceptors.h"
	#include "asan_internal.h"			#include "asan_internal.h"
	#include "asan_stack.h"			#include "asan_stack.h"

	// ---------------------- Replacement functions ---------------- {{{1			// ---------------------- Replacement functions ---------------- {{{1
	using namespace __asan; // NOLINT			using namespace __asan; // NOLINT

				static const uptr kCallocPoolSize = 1024;
				static uptr calloc_memory_for_dlsym[kCallocPoolSize];

				static bool IsInCallocPool(const void *ptr) {
				sptr off = (sptr)calloc_memory_for_dlsym - (sptr)ptr;
				samsonovUnsubmitted Done Reply Inline Actions Wait, why is it not ptr - calloc_memory_for_dlsym? samsonov: Wait, why is it not ptr - calloc_memory_for_dlsym?
				ygribovAuthorUnsubmitted Done Reply Inline Actions Right, shame on me. This worked because ptr was equal to calloc_memory_for_dlsym. ygribov: Right, shame on me. This worked because ptr was equal to calloc_memory_for_dlsym.
				return 0 <= off && off < (sptr)kCallocPoolSize;
				}

	INTERCEPTOR(void, free, void *ptr) {			INTERCEPTOR(void, free, void *ptr) {
	GET_STACK_TRACE_FREE;			GET_STACK_TRACE_FREE;
				if (UNLIKELY(IsInCallocPool(ptr)))
				return;
	asan_free(ptr, &stack, FROM_MALLOC);			asan_free(ptr, &stack, FROM_MALLOC);
	}			}

	INTERCEPTOR(void, cfree, void *ptr) {			INTERCEPTOR(void, cfree, void *ptr) {
	GET_STACK_TRACE_FREE;			GET_STACK_TRACE_FREE;
				if (UNLIKELY(IsInCallocPool(ptr)))
				return;
	asan_free(ptr, &stack, FROM_MALLOC);			asan_free(ptr, &stack, FROM_MALLOC);
	}			}

	INTERCEPTOR(void*, malloc, uptr size) {			INTERCEPTOR(void*, malloc, uptr size) {
	GET_STACK_TRACE_MALLOC;			GET_STACK_TRACE_MALLOC;
	return asan_malloc(size, &stack);			return asan_malloc(size, &stack);
	}			}

	INTERCEPTOR(void*, calloc, uptr nmemb, uptr size) {			INTERCEPTOR(void*, calloc, uptr nmemb, uptr size) {
	if (UNLIKELY(!asan_inited)) {			if (UNLIKELY(!asan_inited)) {
	// Hack: dlsym calls calloc before REAL(calloc) is retrieved from dlsym.			// Hack: dlsym calls calloc before REAL(calloc) is retrieved from dlsym.
	const uptr kCallocPoolSize = 1024;
	static uptr calloc_memory_for_dlsym[kCallocPoolSize];
	static uptr allocated;			static uptr allocated;
	uptr size_in_words = ((nmemb * size) + kWordSize - 1) / kWordSize;			uptr size_in_words = ((nmemb * size) + kWordSize - 1) / kWordSize;
	void mem = (void)&calloc_memory_for_dlsym[allocated];			void mem = (void)&calloc_memory_for_dlsym[allocated];
	allocated += size_in_words;			allocated += size_in_words;
	CHECK(allocated < kCallocPoolSize);			CHECK(allocated < kCallocPoolSize);
	return mem;			return mem;
	}			}
	GET_STACK_TRACE_MALLOC;			GET_STACK_TRACE_MALLOC;
	return asan_calloc(nmemb, size, &stack);			return asan_calloc(nmemb, size, &stack);
	}			}

	INTERCEPTOR(void, realloc, void ptr, uptr size) {			INTERCEPTOR(void, realloc, void ptr, uptr size) {
	GET_STACK_TRACE_MALLOC;			GET_STACK_TRACE_MALLOC;
				if (UNLIKELY(IsInCallocPool(ptr))) {
				uptr offset = (uptr)calloc_memory_for_dlsym - (uptr)ptr;
				samsonovUnsubmitted Not Done Reply Inline Actions ptr - calloc_memory_for_dlsym here as well samsonov: ptr - calloc_memory_for_dlsym here as well
				ygribovAuthorUnsubmitted Not Done Reply Inline Actions Done. ygribov: Done.
				uptr copy_size = Min(size, kCallocPoolSize - offset);
				samsonovUnsubmitted Done Reply Inline Actions It's not that hard to keep sizes of the allocations from calloc_memory_for_dlsym. E.g. when you return `&calloc_memory_for_dlsym[allocated]` you can store `size_in_words` in `calloc_memory_for_dlsym_sizes[allocated]`. samsonov: It's not that hard to keep sizes of the allocations from calloc_memory_for_dlsym. E.g. when you…
				ygribovAuthorUnsubmitted Done Reply Inline Actions Sure, but is it worth it? We do not expect pool pointers to sneak into normal allocator very often. ygribov: Sure, but is it worth it? We do not expect pool pointers to sneak into normal allocator very…
				samsonovUnsubmitted Done Reply Inline Actions Okay samsonov: Okay
				void *new_ptr = asan_malloc(size, &stack);
				internal_memcpy(new_ptr, ptr, copy_size);
				return new_ptr;
				}
	return asan_realloc(ptr, size, &stack);			return asan_realloc(ptr, size, &stack);
	}			}

	INTERCEPTOR(void*, memalign, uptr boundary, uptr size) {			INTERCEPTOR(void*, memalign, uptr boundary, uptr size) {
	GET_STACK_TRACE_MALLOC;			GET_STACK_TRACE_MALLOC;
	return asan_memalign(boundary, size, &stack, FROM_MALLOC);			return asan_memalign(boundary, size, &stack, FROM_MALLOC);
	}			}

	▲ Show 20 Lines • Show All 117 Lines • Show Last 20 Lines

test/asan/TestCases/Linux/calloc-preload.c

This file was added.

				// Test that initially callocked memory is properly freed
				// (see https://github.com/google/sanitizers/issues/626).
				//
				// RUN: %clang %s -o %t
				// RUN: env LD_PRELOAD=%shared_libasan %run %t
				//
				// REQUIRES: asan-dynamic-runtime
				//
				// This way of setting LD_PRELOAD does not work with Android test runner.
				// REQUIRES: not-android
				samsonovUnsubmitted Done Reply Inline Actions UNSUPPORTED: android ? samsonov: UNSUPPORTED: android ?

				#include <stdio.h>
				ygribovAuthorUnsubmitted Not Done Reply Inline Actions That's Evgeniy's code, also used in other tests. Perhaps fix this in separate commit? ygribov: That's Evgeniy's code, also used in other tests. Perhaps fix this in separate commit?
				eugenisUnsubmitted Not Done Reply Inline Actions Yes, this should be replaced with UNSUPPORTED. Other occurrencies could be fixed in a separate commit, but there no reason to use not-android in newly added tests. eugenis: Yes, this should be replaced with UNSUPPORTED. Other occurrencies could be fixed in a separate…
				#include <stdlib.h>

				static void *ptr;

				// This constructor will run before __asan_init
				// so calloc will allocate memory from special pool.
				static void init() {
				ptr = calloc(10, 1);
				}

				__attribute__((section(".preinit_array"), used))
				void *dummy = init;

				void free_memory() {
				// This used to abort because
				// Asan's free didn't recognize ptr.
				free(ptr);
				}

				int main() {
				free_memory();
				return 0;
				}