This is an archive of the discontinued LLVM Phabricator instance.

[ASan] Improved stack overflow detection for PowerPC64
ClosedPublic

Authored by foad on Nov 13 2014, 9:20 AM.

Download Raw Diff

Details

Reviewers

kcc
samsonov
eugenis

Commits

rG1180c05db258: [ASan] Improved stack overflow detection for PowerPC64
rCRT222001: [ASan] Improved stack overflow detection for PowerPC64
rL222001: [ASan] Improved stack overflow detection for PowerPC64

Summary

AsanOnSIGSEGV has some heuristics for detecting stack overflow, but
they don't cope with a PowerPC store-with-update instruction which
modifies sp and stores to the modified address in one instruction.

This patch adds some PowerPC-specific code to check for this case.

This fixes the last few cases of the stack-overflow test.

Diff Detail

Event Timeline

foad updated this revision to Diff 16164.Nov 13 2014, 9:20 AM

foad retitled this revision from to [ASan] Improved stack overflow detection for PowerPC64.

foad updated this object.

foad edited the test plan for this revision. (Show Details)

foad added reviewers: kcc, samsonov, eugenis.

foad added a subscriber: Unknown Object (MLST).

stack-overflow test actually catches this? Nice.

lib/asan/asan_posix.cc
57	Please make it u32 instead of unsigned.
61	It may be helpful to list or somehow characterize instructions that match this condition (I mean, there is obviously more than 1 opcode listed here). I assume these "xo" checks limit it to instructions operating on SP register?

This revision is now accepted and ready to land.Nov 14 2014, 6:52 AM

foad added inline comments.Nov 14 2014, 7:00 AM

lib/asan/asan_posix.cc
61	I characterized them as "store-with-update to r1" instructions, but I will be more explicit!

foad added inline comments.Nov 14 2014, 7:23 AM

lib/asan/asan_posix.cc
61	opcd is "opcode" and xo is "extended opcode". These field names are taken directly from the POWER architecture manual.

Use u32 instead of unsigned. Add comments about which instructions
we match.

foad closed this revision.Nov 14 2014, 7:30 AM

LGTM

Revision Contents

Path

Size

lib/

asan/

asan_posix.cc

30 lines

Diff 16210

lib/asan/asan_posix.cc

Show All 38 Lines	void AsanOnSIGSEGV(int, void siginfo, void context) {
// Write the first message using the bullet-proof write.		// Write the first message using the bullet-proof write.
if (13 != internal_write(2, "ASAN:SIGSEGV\n", 13)) Die();		if (13 != internal_write(2, "ASAN:SIGSEGV\n", 13)) Die();
uptr pc, sp, bp;		uptr pc, sp, bp;
GetPcSpBp(context, &pc, &sp, &bp);		GetPcSpBp(context, &pc, &sp, &bp);

// Access at a reasonable offset above SP, or slightly below it (to account		// Access at a reasonable offset above SP, or slightly below it (to account
// for x86_64 or PowerPC redzone, ARM push of multiple registers, etc) is		// for x86_64 or PowerPC redzone, ARM push of multiple registers, etc) is
// probably a stack overflow.		// probably a stack overflow.
		bool IsStackAccess = addr + 512 > sp && addr < sp + 0xFFFF;

		#if __powerpc64__
		// Large stack frames can be allocated with e.g.
		// lis r0,-10000
		// stdux r1,r1,r0 # store sp to [sp-10000] and update sp by -10000
		// If the store faults then sp will not have been updated, so test above
		// will not work, becase the fault address will be more than just "slightly"
		// below sp.
		if (!IsStackAccess && IsAccessibleMemoryRange(pc, 4)) {
		u32 inst = (unsigned )pc;
		eugenisUnsubmitted Not Done Reply Inline Actions Please make it u32 instead of unsigned. eugenis: Please make it u32 instead of unsigned.
		u32 ra = (inst >> 16) & 0x1F;
		u32 opcd = inst >> 26;
		u32 xo = (inst >> 1) & 0x3FF;
		// Check for store-with-update to sp. The instructions we accept are:
		eugenisUnsubmitted Not Done Reply Inline Actions It may be helpful to list or somehow characterize instructions that match this condition (I mean, there is obviously more than 1 opcode listed here). I assume these "xo" checks limit it to instructions operating on SP register? eugenis: It may be helpful to list or somehow characterize instructions that match this condition (I…
		foadAuthorUnsubmitted Not Done Reply Inline Actions I characterized them as "store-with-update to r1" instructions, but I will be more explicit! foad: I characterized them as "store-with-update to r1" instructions, but I will be more explicit!
		foadAuthorUnsubmitted Not Done Reply Inline Actions opcd is "opcode" and xo is "extended opcode". These field names are taken directly from the POWER architecture manual. foad: opcd is "opcode" and xo is "extended opcode". These field names are taken directly from the…
		// stbu rs,d(ra) stbux rs,ra,rb
		// sthu rs,d(ra) sthux rs,ra,rb
		// stwu rs,d(ra) stwux rs,ra,rb
		// stdu rs,ds(ra) stdux rs,ra,rb
		// where ra is r1 (the stack pointer).
		if (ra == 1 &&
		(opcd == 39 \|\| opcd == 45 \|\| opcd == 37 \|\| opcd == 62 \|\|
		(opcd == 31 && (xo == 247 \|\| xo == 439 \|\| xo == 183 \|\| xo == 181))))
		IsStackAccess = true;
		}
		#endif // __powerpc64__

// We also check si_code to filter out SEGV caused by something else other		// We also check si_code to filter out SEGV caused by something else other
// then hitting the guard page or unmapped memory, like, for example,		// then hitting the guard page or unmapped memory, like, for example,
// unaligned memory access.		// unaligned memory access.
if (addr + 512 > sp && addr < sp + 0xFFFF &&		if (IsStackAccess && (code == si_SEGV_MAPERR \|\| code == si_SEGV_ACCERR))
(code == si_SEGV_MAPERR \|\| code == si_SEGV_ACCERR))
ReportStackOverflow(pc, sp, bp, context, addr);		ReportStackOverflow(pc, sp, bp, context, addr);
else		else
ReportSIGSEGV("SEGV", pc, sp, bp, context, addr);		ReportSIGSEGV("SEGV", pc, sp, bp, context, addr);
}		}

// ---------------------- TSD ---------------- {{{1		// ---------------------- TSD ---------------- {{{1

static pthread_key_t tsd_key;		static pthread_key_t tsd_key;
Show All 29 Lines