This is an archive of the discontinued LLVM Phabricator instance.

Differential D15447

[compiler-rt] [tsan] Add support for PIE build on AArch64
ClosedPublic

Authored by zatrazz on Dec 11 2015, 5:27 AM.

Details

Reviewers
kcc
rengolin
dvyukov
samsonov
eugenis
Summary

This patch adds PIE executable support for aarch64-linux. It adds
two more segments:

  • 0x05500000000-0x05600000000: 39-bits PIE program segments
  • 0x2aa00000000-0x2ab00000000: 42-bits PIE program segments

Fortunately it is possible to use the same transformation formula for
the new segments range with some adjustments in shadow to memory
formula (it adds a constant offset based on the VMA size).

I checked by running the testcase build with and without PIE flags.
No regressions found.

This closes the concerns raised in [1] and [2] regarding PIE support
to tsan on aarch64-linux-gnu.

[1] http://reviews.llvm.org/D14199
[2] http://reviews.llvm.org/D15308

Diff Detail

Event Timeline

zatrazz updated this revision to Diff 42515.Dec 11 2015, 5:27 AM
zatrazz retitled this revision from to [compiler-rt] [tsan] Add support for PIE build on AArch64.
zatrazz updated this object.
zatrazz added reviewers: dvyukov, eugenis, samsonov, rengolin, kcc.
zatrazz added a subscriber: llvm-commits.
Herald added subscribers: rengolin, aemerson. · View Herald TranscriptDec 11 2015, 5:27 AM
zatrazz added a comment.Dec 17 2015, 5:03 AM

Ping.

dvyukov edited edge metadata.Dec 17 2015, 5:43 AM

Are there any existing tests that fail without this change? If not, please add a test with -pie.

zatrazz added a comment.Dec 17 2015, 6:43 AM

Currently no tests actually fail, to test the patch I changed the lit for testcases to build all with PIE. I will add a testcase for this.

zatrazz updated this revision to Diff 43169.Dec 17 2015, 12:12 PM
zatrazz edited edge metadata.

Changes from previous version:

  • Added a simple test to check if tsan works with PIE programs.
dvyukov accepted this revision.Dec 18 2015, 2:03 AM
dvyukov edited edge metadata.
This revision is now accepted and ready to land.Dec 18 2015, 2:03 AM
zatrazz added a comment.Dec 21 2015, 5:46 AM

I am seeing on x86_64:

FATAL: ThreadSanitizer: unexpected memory mapping 0x560d6052a000-0x560d605fc000

Should I XFAIL it for x86?

dvyukov added a comment.Dec 21 2015, 6:06 AM

Do you have 4.1+ linux kernel?
If yes, then this is https://github.com/google/sanitizers/issues/503. And yes, I guess, we need to XFAIL it on linux until the issue is resolved.
If no, then I would like to understand why it fails first.

zatrazz added a comment.Dec 21 2015, 8:26 AM

I am using the updated 3.19 kernel from Ubuntu 14.04, which does have the "mm: split ET_DYN ASLR from mmap ASLR" patch backported (I checked on the package source code).

So now I am not sure which would be the best option to add the PIE test, marking it as XFAIL might not fail with a kernel without this patch and I also do not think the best would be mark X86 as unstable (to check for stable-required).

dvyukov added a comment.Dec 21 2015, 8:31 AM

There must be some annotation that prevents a test from building. Probably it is:
// UNSUPPORTED: linux

dvyukov added a comment.Dec 21 2015, 8:31 AM

But please add a comment as to why it is unsupported on linux.

zatrazz added a comment.Dec 21 2015, 9:08 AM

I think we can only disable for x86, as:

// UNSUPPORTED: x86

And add a comment explaining some kernel might map PIE segments outside of current defined TSAN segments for x86.

zatrazz closed this revision.Dec 22 2015, 4:56 AM

Revision Contents

PathSize
lib/
tsan/
rtl/
57 lines
5 lines
test/
tsan/
6 lines

Diff 43169

lib/tsan/rtl/tsan_platform.h

Show First 20 LinesShow All 95 Lines▼ Show 20 Lines
// runtime for AArch64 uses an external memory read (vmaSize) to select which // runtime for AArch64 uses an external memory read (vmaSize) to select which
// mapping to use. Although slower, it make a same instrumented binary run on // mapping to use. Although slower, it make a same instrumented binary run on
// multiple kernels. // multiple kernels.
/* /*
C/C++ on linux/aarch64 (39-bit VMA) C/C++ on linux/aarch64 (39-bit VMA)
0000 0010 00 - 0100 0000 00: main binary 0000 0010 00 - 0100 0000 00: main binary
0100 0000 00 - 0800 0000 00: - 0100 0000 00 - 0800 0000 00: -
0800 0000 00 - 1F00 0000 00: shadow memory 0800 0000 00 - 2000 0000 00: shadow memory
1C00 0000 00 - 3100 0000 00: - 2000 0000 00 - 3100 0000 00: -
3100 0000 00 - 3400 0000 00: metainfo 3100 0000 00 - 3400 0000 00: metainfo
3400 0000 00 - 6000 0000 00: - 3400 0000 00 - 5500 0000 00: -
5500 0000 00 - 5600 0000 00: main binary (PIE)
5600 0000 00 - 6000 0000 00: -
6000 0000 00 - 6200 0000 00: traces 6000 0000 00 - 6200 0000 00: traces
6200 0000 00 - 7d00 0000 00: - 6200 0000 00 - 7d00 0000 00: -
7c00 0000 00 - 7d00 0000 00: heap 7c00 0000 00 - 7d00 0000 00: heap
7d00 0000 00 - 7fff ffff ff: modules and main thread stack 7d00 0000 00 - 7fff ffff ff: modules and main thread stack
*/ */
struct Mapping39 { struct Mapping39 {
static const uptr kLoAppMemBeg = 0x0000001000ull; static const uptr kLoAppMemBeg = 0x0000001000ull;
static const uptr kLoAppMemEnd = 0x0100000000ull; static const uptr kLoAppMemEnd = 0x0100000000ull;
static const uptr kShadowBeg = 0x0800000000ull; static const uptr kShadowBeg = 0x0800000000ull;
static const uptr kShadowEnd = 0x1F00000000ull; static const uptr kShadowEnd = 0x2000000000ull;
static const uptr kMetaShadowBeg = 0x3100000000ull; static const uptr kMetaShadowBeg = 0x3100000000ull;
static const uptr kMetaShadowEnd = 0x3400000000ull; static const uptr kMetaShadowEnd = 0x3400000000ull;
static const uptr kMidAppMemBeg = 0x5500000000ull;
static const uptr kMidAppMemEnd = 0x5600000000ull;
static const uptr kMidShadowOff = 0x5000000000ull;
static const uptr kTraceMemBeg = 0x6000000000ull; static const uptr kTraceMemBeg = 0x6000000000ull;
static const uptr kTraceMemEnd = 0x6200000000ull; static const uptr kTraceMemEnd = 0x6200000000ull;
static const uptr kHeapMemBeg = 0x7c00000000ull; static const uptr kHeapMemBeg = 0x7c00000000ull;
static const uptr kHeapMemEnd = 0x7d00000000ull; static const uptr kHeapMemEnd = 0x7d00000000ull;
static const uptr kHiAppMemBeg = 0x7d00000000ull; static const uptr kHiAppMemBeg = 0x7e00000000ull;
static const uptr kHiAppMemEnd = 0x7fffffffffull; static const uptr kHiAppMemEnd = 0x7fffffffffull;
static const uptr kAppMemMsk = 0x7800000000ull; static const uptr kAppMemMsk = 0x7800000000ull;
static const uptr kAppMemXor = 0x0200000000ull; static const uptr kAppMemXor = 0x0200000000ull;
static const uptr kVdsoBeg = 0x7f00000000ull; static const uptr kVdsoBeg = 0x7f00000000ull;
}; };
/* /*
C/C++ on linux/aarch64 (42-bit VMA) C/C++ on linux/aarch64 (42-bit VMA)
00000 0010 00 - 01000 0000 00: main binary 00000 0010 00 - 01000 0000 00: main binary
01000 0000 00 - 10000 0000 00: - 01000 0000 00 - 10000 0000 00: -
10000 0000 00 - 20000 0000 00: shadow memory 10000 0000 00 - 20000 0000 00: shadow memory
20000 0000 00 - 26000 0000 00: - 20000 0000 00 - 26000 0000 00: -
26000 0000 00 - 28000 0000 00: metainfo 26000 0000 00 - 28000 0000 00: metainfo
28000 0000 00 - 36200 0000 00: - 28000 0000 00 - 2aa00 0000 00: -
2aa00 0000 00 - 2ab00 0000 00: main binary (PIE)
2ab00 0000 00 - 36200 0000 00: -
36200 0000 00 - 36240 0000 00: traces 36200 0000 00 - 36240 0000 00: traces
36240 0000 00 - 3e000 0000 00: - 36240 0000 00 - 3e000 0000 00: -
3e000 0000 00 - 3f000 0000 00: heap 3e000 0000 00 - 3f000 0000 00: heap
3f000 0000 00 - 3ffff ffff ff: modules and main thread stack 3f000 0000 00 - 3ffff ffff ff: modules and main thread stack
*/ */
struct Mapping42 { struct Mapping42 {
static const uptr kLoAppMemBeg = 0x00000001000ull; static const uptr kLoAppMemBeg = 0x00000001000ull;
static const uptr kLoAppMemEnd = 0x01000000000ull; static const uptr kLoAppMemEnd = 0x01000000000ull;
static const uptr kShadowBeg = 0x10000000000ull; static const uptr kShadowBeg = 0x10000000000ull;
static const uptr kShadowEnd = 0x20000000000ull; static const uptr kShadowEnd = 0x20000000000ull;
static const uptr kMetaShadowBeg = 0x26000000000ull; static const uptr kMetaShadowBeg = 0x26000000000ull;
static const uptr kMetaShadowEnd = 0x28000000000ull; static const uptr kMetaShadowEnd = 0x28000000000ull;
static const uptr kMidAppMemBeg = 0x2aa00000000ull;
static const uptr kMidAppMemEnd = 0x2ab00000000ull;
static const uptr kMidShadowOff = 0x28000000000ull;
static const uptr kTraceMemBeg = 0x36200000000ull; static const uptr kTraceMemBeg = 0x36200000000ull;
static const uptr kTraceMemEnd = 0x36400000000ull; static const uptr kTraceMemEnd = 0x36400000000ull;
static const uptr kHeapMemBeg = 0x3e000000000ull; static const uptr kHeapMemBeg = 0x3e000000000ull;
static const uptr kHeapMemEnd = 0x3f000000000ull; static const uptr kHeapMemEnd = 0x3f000000000ull;
static const uptr kHiAppMemBeg = 0x3f000000000ull; static const uptr kHiAppMemBeg = 0x3f000000000ull;
static const uptr kHiAppMemEnd = 0x3ffffffffffull; static const uptr kHiAppMemEnd = 0x3ffffffffffull;
static const uptr kAppMemMsk = 0x3c000000000ull; static const uptr kAppMemMsk = 0x3c000000000ull;
static const uptr kAppMemXor = 0x04000000000ull; static const uptr kAppMemXor = 0x04000000000ull;
static const uptr kVdsoBeg = 0x37f00000000ull; static const uptr kVdsoBeg = 0x37f00000000ull;
}; };
// Indicates the runtime will define the memory regions at runtime. // Indicates the runtime will define the memory regions at runtime.
#define TSAN_RUNTIME_VMA 1 #define TSAN_RUNTIME_VMA 1
// Indicates that mapping defines a mid range memory segment.
#define TSAN_MID_APP_RANGE 1
#elif defined(__powerpc64__) #elif defined(__powerpc64__)
// PPC64 supports multiple VMA which leads to multiple address transformation // PPC64 supports multiple VMA which leads to multiple address transformation
// functions. To support these multiple VMAS transformations and mappings TSAN // functions. To support these multiple VMAS transformations and mappings TSAN
// runtime for PPC64 uses an external memory read (vmaSize) to select which // runtime for PPC64 uses an external memory read (vmaSize) to select which
// mapping to use. Although slower, it make a same instrumented binary run on // mapping to use. Although slower, it make a same instrumented binary run on
// multiple kernels. // multiple kernels.
/* /*
▲ Show 20 LinesShow All 125 Lines▼ Show 20 Lines
#endif #endif
enum MappingType { enum MappingType {
MAPPING_LO_APP_BEG, MAPPING_LO_APP_BEG,
MAPPING_LO_APP_END, MAPPING_LO_APP_END,
MAPPING_HI_APP_BEG, MAPPING_HI_APP_BEG,
MAPPING_HI_APP_END, MAPPING_HI_APP_END,
#ifdef TSAN_MID_APP_RANGE
MAPPING_MID_APP_BEG,
MAPPING_MID_APP_END,
#endif
MAPPING_HEAP_BEG, MAPPING_HEAP_BEG,
MAPPING_HEAP_END, MAPPING_HEAP_END,
MAPPING_APP_BEG, MAPPING_APP_BEG,
MAPPING_APP_END, MAPPING_APP_END,
MAPPING_SHADOW_BEG, MAPPING_SHADOW_BEG,
MAPPING_SHADOW_END, MAPPING_SHADOW_END,
MAPPING_META_SHADOW_BEG, MAPPING_META_SHADOW_BEG,
MAPPING_META_SHADOW_END, MAPPING_META_SHADOW_END,
MAPPING_TRACE_BEG, MAPPING_TRACE_BEG,
MAPPING_TRACE_END, MAPPING_TRACE_END,
MAPPING_VDSO_BEG, MAPPING_VDSO_BEG,
}; };
template<typename Mapping, int Type> template<typename Mapping, int Type>
uptr MappingImpl(void) { uptr MappingImpl(void) {
switch (Type) { switch (Type) {
#ifndef SANITIZER_GO #ifndef SANITIZER_GO
case MAPPING_LO_APP_BEG: return Mapping::kLoAppMemBeg; case MAPPING_LO_APP_BEG: return Mapping::kLoAppMemBeg;
case MAPPING_LO_APP_END: return Mapping::kLoAppMemEnd; case MAPPING_LO_APP_END: return Mapping::kLoAppMemEnd;
# ifdef TSAN_MID_APP_RANGE
case MAPPING_MID_APP_BEG: return Mapping::kMidAppMemBeg;
case MAPPING_MID_APP_END: return Mapping::kMidAppMemEnd;
# endif
case MAPPING_HI_APP_BEG: return Mapping::kHiAppMemBeg; case MAPPING_HI_APP_BEG: return Mapping::kHiAppMemBeg;
case MAPPING_HI_APP_END: return Mapping::kHiAppMemEnd; case MAPPING_HI_APP_END: return Mapping::kHiAppMemEnd;
case MAPPING_HEAP_BEG: return Mapping::kHeapMemBeg; case MAPPING_HEAP_BEG: return Mapping::kHeapMemBeg;
case MAPPING_HEAP_END: return Mapping::kHeapMemEnd; case MAPPING_HEAP_END: return Mapping::kHeapMemEnd;
case MAPPING_VDSO_BEG: return Mapping::kVdsoBeg; case MAPPING_VDSO_BEG: return Mapping::kVdsoBeg;
#else #else
case MAPPING_APP_BEG: return Mapping::kAppMemBeg; case MAPPING_APP_BEG: return Mapping::kAppMemBeg;
case MAPPING_APP_END: return Mapping::kAppMemEnd; case MAPPING_APP_END: return Mapping::kAppMemEnd;
Show All 31 Lines
uptr LoAppMemBeg(void) { uptr LoAppMemBeg(void) {
return MappingArchImpl<MAPPING_LO_APP_BEG>(); return MappingArchImpl<MAPPING_LO_APP_BEG>();
} }
ALWAYS_INLINE ALWAYS_INLINE
uptr LoAppMemEnd(void) { uptr LoAppMemEnd(void) {
return MappingArchImpl<MAPPING_LO_APP_END>(); return MappingArchImpl<MAPPING_LO_APP_END>();
} }
#ifdef TSAN_MID_APP_RANGE
ALWAYS_INLINE
uptr MidAppMemBeg(void) {
return MappingArchImpl<MAPPING_MID_APP_BEG>();
}
ALWAYS_INLINE
uptr MidAppMemEnd(void) {
return MappingArchImpl<MAPPING_MID_APP_END>();
}
#endif
ALWAYS_INLINE ALWAYS_INLINE
uptr HeapMemBeg(void) { uptr HeapMemBeg(void) {
return MappingArchImpl<MAPPING_HEAP_BEG>(); return MappingArchImpl<MAPPING_HEAP_BEG>();
} }
ALWAYS_INLINE ALWAYS_INLINE
uptr HeapMemEnd(void) { uptr HeapMemEnd(void) {
return MappingArchImpl<MAPPING_HEAP_END>(); return MappingArchImpl<MAPPING_HEAP_END>();
} }
Show All 38 Lines#ifndef SANITIZER_GO
case 1: case 1:
*start = HiAppMemBeg(); *start = HiAppMemBeg();
*end = HiAppMemEnd(); *end = HiAppMemEnd();
return true; return true;
case 2: case 2:
*start = HeapMemBeg(); *start = HeapMemBeg();
*end = HeapMemEnd(); *end = HeapMemEnd();
return true; return true;
# ifdef TSAN_MID_APP_RANGE
case 3:
*start = MidAppMemBeg();
*end = MidAppMemEnd();
return true;
# endif
#else #else
case 0: case 0:
*start = AppMemBeg(); *start = AppMemBeg();
*end = AppMemEnd(); *end = AppMemEnd();
return true; return true;
#endif #endif
} }
} }
Show All 25 Linesuptr TraceMemEnd(void) {
return MappingArchImpl<MAPPING_TRACE_END>(); return MappingArchImpl<MAPPING_TRACE_END>();
} }
template<typename Mapping> template<typename Mapping>
bool IsAppMemImpl(uptr mem) { bool IsAppMemImpl(uptr mem) {
#ifndef SANITIZER_GO #ifndef SANITIZER_GO
return (mem >= Mapping::kHeapMemBeg && mem < Mapping::kHeapMemEnd) || return (mem >= Mapping::kHeapMemBeg && mem < Mapping::kHeapMemEnd) ||
# ifdef TSAN_MID_APP_RANGE
(mem >= Mapping::kMidAppMemBeg && mem < Mapping::kMidAppMemEnd) ||
# endif
(mem >= Mapping::kLoAppMemBeg && mem < Mapping::kLoAppMemEnd) || (mem >= Mapping::kLoAppMemBeg && mem < Mapping::kLoAppMemEnd) ||
(mem >= Mapping::kHiAppMemBeg && mem < Mapping::kHiAppMemEnd); (mem >= Mapping::kHiAppMemBeg && mem < Mapping::kHiAppMemEnd);
#else #else
return mem >= Mapping::kAppMemBeg && mem < Mapping::kAppMemEnd; return mem >= Mapping::kAppMemBeg && mem < Mapping::kAppMemEnd;
#endif #endif
} }
ALWAYS_INLINE ALWAYS_INLINE
▲ Show 20 LinesShow All 132 Lines▼ Show 20 Lines
template<typename Mapping> template<typename Mapping>
uptr ShadowToMemImpl(uptr s) { uptr ShadowToMemImpl(uptr s) {
DCHECK(IsShadowMem(s)); DCHECK(IsShadowMem(s));
#ifndef SANITIZER_GO #ifndef SANITIZER_GO
if (s >= MemToShadow(Mapping::kLoAppMemBeg) if (s >= MemToShadow(Mapping::kLoAppMemBeg)
&& s <= MemToShadow(Mapping::kLoAppMemEnd - 1)) && s <= MemToShadow(Mapping::kLoAppMemEnd - 1))
return (s / kShadowCnt) ^ Mapping::kAppMemXor; return (s / kShadowCnt) ^ Mapping::kAppMemXor;
# ifdef TSAN_MID_APP_RANGE
if (s >= MemToShadow(Mapping::kMidAppMemBeg)
&& s <= MemToShadow(Mapping::kMidAppMemEnd - 1))
return ((s / kShadowCnt) ^ Mapping::kAppMemXor) + Mapping::kMidShadowOff;
# endif
else else
return ((s / kShadowCnt) ^ Mapping::kAppMemXor) | Mapping::kAppMemMsk; return ((s / kShadowCnt) ^ Mapping::kAppMemXor) | Mapping::kAppMemMsk;
#else #else
# ifndef SANITIZER_WINDOWS # ifndef SANITIZER_WINDOWS
return (s & ~Mapping::kShadowBeg) / kShadowCnt; return (s & ~Mapping::kShadowBeg) / kShadowCnt;
# else # else
// FIXME(dvyukov): this is most likely wrong as the mapping is not bijection. // FIXME(dvyukov): this is most likely wrong as the mapping is not bijection.
return (s - Mapping::kShadowBeg) / kShadowCnt; return (s - Mapping::kShadowBeg) / kShadowCnt;
▲ Show 20 LinesShow All 106 LinesShow Last 20 Lines

lib/tsan/rtl/tsan_platform_posix.cc

Show First 20 LinesShow All 126 Lines▼ Show 20 Lines while (proc_maps.Next(&p, &end, 0, 0, 0, &prot)) {
if (p >= VdsoBeg()) // vdso if (p >= VdsoBeg()) // vdso
break; break;
Printf("FATAL: ThreadSanitizer: unexpected memory mapping %p-%p\n", p, end); Printf("FATAL: ThreadSanitizer: unexpected memory mapping %p-%p\n", p, end);
Die(); Die();
} }
ProtectRange(LoAppMemEnd(), ShadowBeg()); ProtectRange(LoAppMemEnd(), ShadowBeg());
ProtectRange(ShadowEnd(), MetaShadowBeg()); ProtectRange(ShadowEnd(), MetaShadowBeg());
#ifdef TSAN_MID_APP_RANGE
ProtectRange(MetaShadowEnd(), MidAppMemBeg());
ProtectRange(MidAppMemEnd(), TraceMemBeg());
#else
ProtectRange(MetaShadowEnd(), TraceMemBeg()); ProtectRange(MetaShadowEnd(), TraceMemBeg());
#endif
// Memory for traces is mapped lazily in MapThreadTrace. // Memory for traces is mapped lazily in MapThreadTrace.
// Protect the whole range for now, so that user does not map something here. // Protect the whole range for now, so that user does not map something here.
ProtectRange(TraceMemBeg(), TraceMemEnd()); ProtectRange(TraceMemBeg(), TraceMemEnd());
ProtectRange(TraceMemEnd(), HeapMemBeg()); ProtectRange(TraceMemEnd(), HeapMemBeg());
ProtectRange(HeapEnd(), HiAppMemBeg()); ProtectRange(HeapEnd(), HiAppMemBeg());
} }
#endif #endif
} // namespace __tsan } // namespace __tsan
#endif // SANITIZER_POSIX #endif // SANITIZER_POSIX

test/tsan/pie_test.cc

  • This file was added.
// Check if tsan work with PIE binaries.
// RUN: %clang_tsan %s -pie -o %t && %run %t
int main() {
return 0;
}