This is an archive of the discontinued LLVM Phabricator instance.

Differential D80355

compiler-rt: decommit asan memory for unmaps in fuchsia.
ClosedPublic

Authored by charco on May 20 2020, 9:27 PM.

Details

Reviewers
mcgrathr
phosek
vitalybuka
Commits
rGdb00fac2a2b8: [compiler-rt][asan] decommit shadow memory for unmaps in fuchsia.
Summary

This CL allows asan allocator in fuchsia to decommit shadow memory
for memory allocated using mmap.

Big allocations in asan end up being allocated via mmap and freed with
munmap. However, when that memory is freed, asan returns the
corresponding shadow memory back to the OS via a call to
ReleaseMemoryPagesToOs.

In fuchsia, ReleaseMemoryPagesToOs is a no-op: to be able to free
memory back to the OS, you have to hold a handle to the vmo you want to
modify, which is tricky at the ReleaseMemoryPagesToOs level as that
function is not exclusively used for shadow memory.

The function __sanitizer_fill_shadow fills a given shadow memory range
with a specific value, and if that value is 0 (unpoison) and the memory
range is bigger than a threshold parameter, it will decommit that memory
if it is all zeroes.

This CL modifies the FlushUnneededASanShadowMemory function in
asan_poisoning.cpp to add a call to __sanitizer_fill_shadow with
value and threshold = 0. This way, all the unneeded shadow memory gets
returned back to the OS.

A test for this behavior can be found in fxrev.dev/391974

Diff Detail

Event Timeline

charco created this revision.May 20 2020, 9:27 PM
Herald added a project: Restricted Project. · View Herald TranscriptMay 20 2020, 9:27 PM
Herald added subscribers: Restricted Project, dberris. · View Herald Transcript
Harbormaster failed remote builds in B57479: Diff 265415!May 20 2020, 10:01 PM
mcgrathr added inline comments.May 20 2020, 10:11 PM
compiler-rt/lib/asan/asan_poisoning.cpp
70

It would more consistent with how most of the OS support is handled to define this function separately in OS-specific files instead. I don't have strong opinions about separate files vs #if in this codebase, but its maintainers might.

If we're going to use #if let's put the other call in the #else branch instead of commenting that it's a no-op.
There's no reason to think it should necessarily be a no-op forever if it has other uses. The reason to call Fuchsia's API here is that Fuchsia offers an optimal and explicit API for doing exactly what needs to be done here, not that the way it's implemented on other systems hasn't been implemented for Fuchsia.

charco added a reviewer: vitalybuka.May 20 2020, 10:17 PM
charco updated this revision to Diff 265531.May 21 2020, 9:54 AM

Move FlushUnneededASanShadowMemory into asan_fuchsia.cpp

charco marked an inline comment as done.May 21 2020, 9:58 AM
charco added inline comments.
compiler-rt/lib/asan/asan_poisoning.cpp
70

Moved the code to asan_fuchsia.cpp.

Harbormaster failed remote builds in B57543: Diff 265531!May 21 2020, 10:48 AM
vitalybuka added inline comments.Jun 23 2020, 5:08 PM
compiler-rt/lib/asan/asan_fuchsia.cpp
201

Can you override empty ReleaseMemoryPagesToOS?

charco marked an inline comment as done.Jun 23 2020, 7:06 PM
charco added inline comments.
compiler-rt/lib/asan/asan_fuchsia.cpp
201

In Fuchsia, you can't return memory back to the OS if you don't have the corresponding handle of the object that you are releasing. We only hold the handle to the shadow VMO, so "ReleaseMemoryPagesToOS" would only work with the shadow memory.

If we use sanitizer_fill_shadow in ReleaseMemoryPagesToOs, we would need to go back from asan shadow memory to regular memory so we can call sanitizer_fill_shadow.

vitalybuka added inline comments.Jun 23 2020, 10:15 PM
compiler-rt/lib/asan/asan_poisoning.cpp
65

Can you do that without #if
like AsanApplyToGlobals

charco updated this revision to Diff 273590.Jun 25 2020, 9:55 PM

Create platform-specific versions of FlushUnneededASanShadowMemory.

Harbormaster failed remote builds in B61864: Diff 273590!Jun 25 2020, 10:22 PM
vitalybuka added a comment.Jun 26 2020, 12:08 AM

do you need empty version in _fuchsia.cpp ?

charco updated this revision to Diff 273757.Jun 26 2020, 9:18 AM
  • Move FlushUnneededASanShadowMemory into asan_fuchsia.cpp
  • Fork FlushUnneededASanShadowMemory for all platforms.
charco added a comment.Jun 26 2020, 9:24 AM
In D80355#2116122, @vitalybuka wrote:

do you need empty version in _fuchsia.cpp ?

I'm not very good at using arcanist/phabricator. I think I screwed up in the last arc diff, but I think I fixed it now.

Harbormaster failed remote builds in B61948: Diff 273757!Jun 26 2020, 10:23 AM
charco added a comment.Jun 26 2020, 11:07 AM

I'm not sure what the harbormaster errors are about, is there a way to see the error logs?

vitalybuka accepted this revision.Jul 6 2020, 10:45 PM
This revision is now accepted and ready to land.Jul 6 2020, 10:45 PM
charco updated this revision to Diff 277537.Jul 13 2020, 12:34 PM

Rebase.

Harbormaster failed remote builds in B64032: Diff 277537!Jul 13 2020, 12:34 PM
charco updated this revision to Diff 277556.Jul 13 2020, 1:37 PM

Rebase

Harbormaster failed remote builds in B64040: Diff 277556!Jul 13 2020, 1:37 PM
vitalybuka added a comment.Jul 13 2020, 1:54 PM

Do you need someone to land it for you?

charco added a comment.Jul 13 2020, 2:43 PM
In D80355#2148419, @vitalybuka wrote:

Do you need someone to land it for you?

I have access, I'm trying to understand why it is failing the build... Harbormaster says that it is failing to apply the patch, even though I rebased it recently.

charco updated this revision to Diff 277589.Jul 13 2020, 3:22 PM

Rebase... Third try.

charco updated this revision to Diff 277591.Jul 13 2020, 3:23 PM

Rebase.

Harbormaster failed remote builds in B64059: Diff 277589!Jul 13 2020, 3:23 PM
Harbormaster failed remote builds in B64061: Diff 277591!Jul 13 2020, 4:19 PM
vitalybuka added a comment.Jul 13 2020, 7:02 PM

protoent.cpp?
it's definitely unrelated

charco updated this revision to Diff 279355.Jul 20 2020, 3:25 PM
  • Move FlushUnneededASanShadowMemory into asan_fuchsia.cpp
  • Fork FlushUnneededASanShadowMemory for all platforms.
Harbormaster failed remote builds in B64996: Diff 279355!Jul 20 2020, 11:55 PM
Closed by commit rGdb00fac2a2b8: [compiler-rt][asan] decommit shadow memory for unmaps in fuchsia. (authored by charco). · Explain WhyJul 21 2020, 11:08 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
compiler-rt/
lib/
asan/
4 lines
6 lines
6 lines
6 lines
6 lines
6 lines

Diff 279587

compiler-rt/lib/asan/asan_fuchsia.cpp

Show First 20 LinesShow All 192 Lines▼ Show 20 Lines
bool HandleDlopenInit() { bool HandleDlopenInit() {
// Not supported on this platform. // Not supported on this platform.
static_assert(!SANITIZER_SUPPORTS_INIT_FOR_DLOPEN, static_assert(!SANITIZER_SUPPORTS_INIT_FOR_DLOPEN,
"Expected SANITIZER_SUPPORTS_INIT_FOR_DLOPEN to be false"); "Expected SANITIZER_SUPPORTS_INIT_FOR_DLOPEN to be false");
return false; return false;
} }
void FlushUnneededASanShadowMemory(uptr p, uptr size) {
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

Can you override empty ReleaseMemoryPagesToOS?

vitalybuka: Can you override empty ReleaseMemoryPagesToOS?
charcoAuthorUnsubmitted
Done
ReplyInline Actions

In Fuchsia, you can't return memory back to the OS if you don't have the corresponding handle of the object that you are releasing. We only hold the handle to the shadow VMO, so "ReleaseMemoryPagesToOS" would only work with the shadow memory.

If we use sanitizer_fill_shadow in ReleaseMemoryPagesToOs, we would need to go back from asan shadow memory to regular memory so we can call sanitizer_fill_shadow.

charco: In Fuchsia, you can't return memory back to the OS if you don't have the corresponding handle…
__sanitizer_fill_shadow(p, size, 0, 0);
}
} // namespace __asan } // namespace __asan
// These are declared (in extern "C") by <zircon/sanitizer.h>. // These are declared (in extern "C") by <zircon/sanitizer.h>.
// The system runtime will call our definitions directly. // The system runtime will call our definitions directly.
void *__sanitizer_before_thread_create_hook(thrd_t thread, bool detached, void *__sanitizer_before_thread_create_hook(thrd_t thread, bool detached,
const char *name, void *stack_base, const char *name, void *stack_base,
size_t stack_size) { size_t stack_size) {
Show All 18 Lines

compiler-rt/lib/asan/asan_linux.cpp

Show First 20 LinesShow All 108 Lines▼ Show 20 Lines#endif
return MapDynamicShadow(shadow_size_bytes, SHADOW_SCALE, return MapDynamicShadow(shadow_size_bytes, SHADOW_SCALE,
/*min_shadow_base_alignment*/ 0, kHighMemEnd); /*min_shadow_base_alignment*/ 0, kHighMemEnd);
} }
void AsanApplyToGlobals(globals_op_fptr op, const void *needle) { void AsanApplyToGlobals(globals_op_fptr op, const void *needle) {
UNIMPLEMENTED(); UNIMPLEMENTED();
} }
void FlushUnneededASanShadowMemory(uptr p, uptr size) {
// Since asan's mapping is compacting, the shadow chunk may be
// not page-aligned, so we only flush the page-aligned portion.
ReleaseMemoryPagesToOS(MemToShadow(p), MemToShadow(p + size));
}
#if SANITIZER_ANDROID #if SANITIZER_ANDROID
// FIXME: should we do anything for Android? // FIXME: should we do anything for Android?
void AsanCheckDynamicRTPrereqs() {} void AsanCheckDynamicRTPrereqs() {}
void AsanCheckIncompatibleRT() {} void AsanCheckIncompatibleRT() {}
#else #else
static int FindFirstDSOCallback(struct dl_phdr_info *info, size_t size, static int FindFirstDSOCallback(struct dl_phdr_info *info, size_t size,
void *data) { void *data) {
VReport(2, "info->dlpi_name = %s\tinfo->dlpi_addr = %p\n", VReport(2, "info->dlpi_name = %s\tinfo->dlpi_addr = %p\n",
▲ Show 20 LinesShow All 112 LinesShow Last 20 Lines

compiler-rt/lib/asan/asan_mac.cpp

Show First 20 LinesShow All 83 Lines▼ Show 20 Lines __asan_global *globals = (__asan_global *)getsectiondata(
"__DATA", "__asan_globals", "__DATA", "__asan_globals",
&size); &size);
if (!globals) return; if (!globals) return;
if (size % sizeof(__asan_global) != 0) return; if (size % sizeof(__asan_global) != 0) return;
op(globals, size / sizeof(__asan_global)); op(globals, size / sizeof(__asan_global));
} }
void FlushUnneededASanShadowMemory(uptr p, uptr size) {
// Since asan's mapping is compacting, the shadow chunk may be
// not page-aligned, so we only flush the page-aligned portion.
ReleaseMemoryPagesToOS(MemToShadow(p), MemToShadow(p + size));
}
void ReadContextStack(void *context, uptr *stack, uptr *ssize) { void ReadContextStack(void *context, uptr *stack, uptr *ssize) {
UNIMPLEMENTED(); UNIMPLEMENTED();
} }
// Support for the following functions from libdispatch on Mac OS: // Support for the following functions from libdispatch on Mac OS:
// dispatch_async_f() // dispatch_async_f()
// dispatch_async() // dispatch_async()
// dispatch_sync_f() // dispatch_sync_f()
▲ Show 20 LinesShow All 194 LinesShow Last 20 Lines

compiler-rt/lib/asan/asan_poisoning.cpp

Show First 20 LinesShow All 56 Lines▼ Show 20 Linesstruct ShadowSegmentEndpoint {
explicit ShadowSegmentEndpoint(uptr address) { explicit ShadowSegmentEndpoint(uptr address) {
chunk = (u8*)MemToShadow(address); chunk = (u8*)MemToShadow(address);
offset = address & (SHADOW_GRANULARITY - 1); offset = address & (SHADOW_GRANULARITY - 1);
value = *chunk; value = *chunk;
} }
}; };
void FlushUnneededASanShadowMemory(uptr p, uptr size) {
// Since asan's mapping is compacting, the shadow chunk may be
// not page-aligned, so we only flush the page-aligned portion.
ReleaseMemoryPagesToOS(MemToShadow(p), MemToShadow(p + size));
}
void AsanPoisonOrUnpoisonIntraObjectRedzone(uptr ptr, uptr size, bool poison) { void AsanPoisonOrUnpoisonIntraObjectRedzone(uptr ptr, uptr size, bool poison) {
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

Can you do that without #if
like AsanApplyToGlobals

vitalybuka: Can you do that without #if like AsanApplyToGlobals
uptr end = ptr + size; uptr end = ptr + size;
if (Verbosity()) { if (Verbosity()) {
Printf("__asan_%spoison_intra_object_redzone [%p,%p) %zd\n", Printf("__asan_%spoison_intra_object_redzone [%p,%p) %zd\n",
poison ? "" : "un", ptr, end, size); poison ? "" : "un", ptr, end, size);
if (Verbosity() >= 2) if (Verbosity() >= 2)
mcgrathrUnsubmitted
Not Done
ReplyInline Actions

It would more consistent with how most of the OS support is handled to define this function separately in OS-specific files instead. I don't have strong opinions about separate files vs #if in this codebase, but its maintainers might.

If we're going to use #if let's put the other call in the #else branch instead of commenting that it's a no-op.
There's no reason to think it should necessarily be a no-op forever if it has other uses. The reason to call Fuchsia's API here is that Fuchsia offers an optimal and explicit API for doing exactly what needs to be done here, not that the way it's implemented on other systems hasn't been implemented for Fuchsia.

mcgrathr: It would more consistent with how most of the OS support is handled to define this function…
charcoAuthorUnsubmitted
Done
ReplyInline Actions

Moved the code to asan_fuchsia.cpp.

charco: Moved the code to asan_fuchsia.cpp.
PRINT_CURRENT_STACK(); PRINT_CURRENT_STACK();
} }
CHECK(size); CHECK(size);
CHECK_LE(size, 4096); CHECK_LE(size, 4096);
CHECK(IsAligned(end, SHADOW_GRANULARITY)); CHECK(IsAligned(end, SHADOW_GRANULARITY));
if (!IsAligned(ptr, SHADOW_GRANULARITY)) { if (!IsAligned(ptr, SHADOW_GRANULARITY)) {
*(u8 *)MemToShadow(ptr) = *(u8 *)MemToShadow(ptr) =
poison ? static_cast<u8>(ptr % SHADOW_GRANULARITY) : 0; poison ? static_cast<u8>(ptr % SHADOW_GRANULARITY) : 0;
▲ Show 20 LinesShow All 376 LinesShow Last 20 Lines

compiler-rt/lib/asan/asan_rtems.cpp

Show First 20 LinesShow All 44 Lines▼ Show 20 Linesvoid InitializeShadowMemory() {
ResetShadowMemory(); ResetShadowMemory();
} }
void AsanApplyToGlobals(globals_op_fptr op, const void *needle) { void AsanApplyToGlobals(globals_op_fptr op, const void *needle) {
UNIMPLEMENTED(); UNIMPLEMENTED();
} }
void FlushUnneededASanShadowMemory(uptr p, uptr size) {
// Since asan's mapping is compacting, the shadow chunk may be
// not page-aligned, so we only flush the page-aligned portion.
ReleaseMemoryPagesToOS(MemToShadow(p), MemToShadow(p + size));
}
void AsanCheckDynamicRTPrereqs() {} void AsanCheckDynamicRTPrereqs() {}
void AsanCheckIncompatibleRT() {} void AsanCheckIncompatibleRT() {}
void InitializeAsanInterceptors() {} void InitializeAsanInterceptors() {}
void InitializePlatformInterceptors() {} void InitializePlatformInterceptors() {}
void InitializePlatformExceptionHandlers() {} void InitializePlatformExceptionHandlers() {}
// RTEMS only support static linking; it sufficies to return with no // RTEMS only support static linking; it sufficies to return with no
// error. // error.
▲ Show 20 LinesShow All 200 LinesShow Last 20 Lines

compiler-rt/lib/asan/asan_win.cpp

Show First 20 LinesShow All 185 Lines▼ Show 20 Lines CHECK(::__interception::OverrideFunction("RtlRaiseException",
(uptr *)&REAL(RtlRaiseException))); (uptr *)&REAL(RtlRaiseException)));
} }
} }
void AsanApplyToGlobals(globals_op_fptr op, const void *needle) { void AsanApplyToGlobals(globals_op_fptr op, const void *needle) {
UNIMPLEMENTED(); UNIMPLEMENTED();
} }
void FlushUnneededASanShadowMemory(uptr p, uptr size) {
// Since asan's mapping is compacting, the shadow chunk may be
// not page-aligned, so we only flush the page-aligned portion.
ReleaseMemoryPagesToOS(MemToShadow(p), MemToShadow(p + size));
}
// ---------------------- TSD ---------------- {{{ // ---------------------- TSD ---------------- {{{
static bool tsd_key_inited = false; static bool tsd_key_inited = false;
static __declspec(thread) void *fake_tsd = 0; static __declspec(thread) void *fake_tsd = 0;
// https://docs.microsoft.com/en-us/windows/desktop/api/winternl/ns-winternl-_teb // https://docs.microsoft.com/en-us/windows/desktop/api/winternl/ns-winternl-_teb
// "[This structure may be altered in future versions of Windows. Applications // "[This structure may be altered in future versions of Windows. Applications
// should use the alternate functions listed in this topic.]" // should use the alternate functions listed in this topic.]"
▲ Show 20 LinesShow All 195 LinesShow Last 20 Lines