This is an archive of the discontinued LLVM Phabricator instance.

Differential D89993

[GWP-ASan] Refactor memory mapping functions
ClosedPublic

Authored by cryptoad on Oct 22 2020, 3:54 PM.

Details

Reviewers
hctim
eugenis
mcgrathr
Commits
rG612e02ee8c3e: [GWP-ASan] Refactor memory mapping functions
Summary

In preparation for Fuchsia support, this CL refactors the memory
mapping functions.

The new functions are as follows:

  • for Freeslots and Metadata: void *map(size_t Size, const char *Name) const; void unmap(void *Ptr, size_t Size) const;
  • for the Pool: void *reservePool(size_t Size); void commitPool(void *Ptr, size_t Size) const; void decommitPool(void *Ptr, size_t Size) const; void unreservePool(); Note that those don't need a Name parameter as those are fixed per function. {reserve,unreserve}Pool are not const because they will modify platform specific class member on Fuchsia.

I added a plethora of assert() as the initial code was not enforcing
page alignment for sizes and addresses, which caused problem in the
initial Fuchsia draft. All sizes should now be properly rounded up to
a page.

Diff Detail

Event Timeline

cryptoad created this revision.Oct 22 2020, 3:54 PM
Herald added a project: Restricted Project. · View Herald TranscriptOct 22 2020, 3:54 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
cryptoad requested review of this revision.Oct 22 2020, 3:54 PM
cryptoad updated this revision to Diff 300120.Oct 22 2020, 4:11 PM

Correcting a potential conversion warning.

Harbormaster completed remote builds in B76102: Diff 300118.Oct 22 2020, 4:20 PM
Harbormaster completed remote builds in B76103: Diff 300120.Oct 22 2020, 4:38 PM
hctim accepted this revision.Oct 23 2020, 10:32 AM
hctim added inline comments.
compiler-rt/lib/gwp_asan/guarded_pool_allocator.h
128

nits just to be really clear/descriptive with the function names.

mapWithRW()

reserveGuardedPool()
commitGuardedPoolRegionWithRW()
decommitGuardedPoolRegion()
unreserveGuardedPool()

Also can you add a comment above why the pool is special? Something like:

The pool is managed separately, as some platforms (particularly Fuchsia) manage virtual memory regions as a chunk where individual pages can still have separate permissions. These platforms maintain metadata about the region in order to perform operations. The pool is unique as it's the only thing in GWP-ASan that treats pages in a single VM region on an individual basis for page protection.
This revision is now accepted and ready to land.Oct 23 2020, 10:32 AM
mcgrathr accepted this revision.Oct 23 2020, 2:26 PM

LGTM. Different names and more comments would be preferable.

compiler-rt/lib/gwp_asan/guarded_pool_allocator.h
128

I'm not in favor of the "decommit" name because the semantics on Fuchsia are to unmap the region so that later accesses will fault. "decommit" usually means "restore to lazy zero-fill state", not "make potentially inaccessible".

I'm certainly in favor of any clarifying comments that anyone thinks help.

135

I'd like to see some explicit comments here about the API contract: the returned ptr is the reserved address range of (at least) Size bytes; a Ptr/Size in commitPool must be a subrange of that range; a Ptr/Size in decommitPool must be an exact pair previously passed to commitPool.

136

How about allocateInPool and deallocateInPool?

compiler-rt/lib/gwp_asan/platform_specific/guarded_pool_allocator_posix.cpp
29

Google style is to prefer anonymous namespace, I don't know about LLVM style.

49

could use the name in the error

cryptoad updated this revision to Diff 300679.Oct 26 2020, 8:11 AM
cryptoad marked 5 inline comments as done.

Addressing review comments:

  • tried to strike a middle ground between name suggestions, settled on: `void *reserveGuardedPool(size_t Size);

void allocateInGuardedPool(void *Ptr, size_t Size) const;
void deallocateInGuardedPool(void *Ptr, size_t Size) const;
void unreserveGuardedPool();`

  • added comments and clarifications about API contracts
  • used anonymous namespace instead of static
Herald added a subscriber: phosek. · View Herald TranscriptOct 26 2020, 8:11 AM
Harbormaster completed remote builds in B76408: Diff 300679.Oct 26 2020, 8:40 AM
cryptoad updated this revision to Diff 300701.Oct 26 2020, 9:35 AM

clang-format a file that was missed.

Harbormaster completed remote builds in B76426: Diff 300701.Oct 26 2020, 10:08 AM
hctim accepted this revision.Oct 26 2020, 11:38 AM

LGTM

mcgrathr accepted this revision.Oct 26 2020, 1:06 PM

Thanks!

compiler-rt/lib/gwp_asan/guarded_pool_allocator.h
130–131

Fuchsia supports it too and doesn't have this constraint.

This revision was landed with ongoing or failed builds.Oct 26 2020, 1:32 PM
Closed by commit rG612e02ee8c3e: [GWP-ASan] Refactor memory mapping functions (authored by cryptoad). · Explain Why
This revision was automatically updated to reflect the committed changes.
cryptoad added a commit: rG612e02ee8c3e: [GWP-ASan] Refactor memory mapping functions.

Revision Contents

PathSize
compiler-rt/
lib/
gwp_asan/
33 lines
52 lines
platform_specific/
52 lines

Diff 300778

compiler-rt/lib/gwp_asan/guarded_pool_allocator.h

Show First 20 LinesShow All 118 Lines▼ Show 20 Linesprivate:
static constexpr const char *kGwpAsanFreeSlotsName = "GWP-ASan Metadata"; static constexpr const char *kGwpAsanFreeSlotsName = "GWP-ASan Metadata";
static constexpr size_t kInvalidSlotID = SIZE_MAX; static constexpr size_t kInvalidSlotID = SIZE_MAX;
// These functions anonymously map memory or change the permissions of mapped // These functions anonymously map memory or change the permissions of mapped
// memory into this process in a platform-specific way. Pointer and size // memory into this process in a platform-specific way. Pointer and size
// arguments are expected to be page-aligned. These functions will never // arguments are expected to be page-aligned. These functions will never
// return on error, instead electing to kill the calling process on failure. // return on error, instead electing to kill the calling process on failure.
// Note that memory is initially mapped inaccessible. In order for RW // The pool memory is initially reserved and inaccessible, and RW mappings are
// mappings, call mapMemory() followed by markReadWrite() on the returned // subsequently created and destroyed via allocateInGuardedPool() and
hctimUnsubmitted
Done
ReplyInline Actions

nits just to be really clear/descriptive with the function names.

mapWithRW()

reserveGuardedPool()
commitGuardedPoolRegionWithRW()
decommitGuardedPoolRegion()
unreserveGuardedPool()

Also can you add a comment above why the pool is special? Something like:

The pool is managed separately, as some platforms (particularly Fuchsia) manage virtual memory regions as a chunk where individual pages can still have separate permissions. These platforms maintain metadata about the region in order to perform operations. The pool is unique as it's the only thing in GWP-ASan that treats pages in a single VM region on an individual basis for page protection.
hctim: nits just to be really clear/descriptive with the function names. `mapWithRW()`…
mcgrathrUnsubmitted
Done
ReplyInline Actions

I'm not in favor of the "decommit" name because the semantics on Fuchsia are to unmap the region so that later accesses will fault. "decommit" usually means "restore to lazy zero-fill state", not "make potentially inaccessible".

I'm certainly in favor of any clarifying comments that anyone thinks help.

mcgrathr: I'm not in favor of the "decommit" name because the semantics on Fuchsia are to unmap the…
// pointer. Each mapping is named on platforms that support it, primarily // deallocateInGuardedPool(). Each mapping is named on platforms that support
// Android. This name must be a statically allocated string, as the Android // it, primarily Android. This name must be a statically allocated string, as
// kernel uses the string pointer directly. // the Android kernel uses the string pointer directly.
mcgrathrUnsubmitted
Not Done
ReplyInline Actions

Fuchsia supports it too and doesn't have this constraint.

mcgrathr: Fuchsia supports it too and doesn't have this constraint.
void *mapMemory(size_t Size, const char *Name) const; void *map(size_t Size, const char *Name) const;
void unmapMemory(void *Ptr, size_t Size, const char *Name) const; void unmap(void *Ptr, size_t Size) const;
void markReadWrite(void *Ptr, size_t Size, const char *Name) const;
void markInaccessible(void *Ptr, size_t Size, const char *Name) const; // The pool is managed separately, as some platforms (particularly Fuchsia)
mcgrathrUnsubmitted
Done
ReplyInline Actions

I'd like to see some explicit comments here about the API contract: the returned ptr is the reserved address range of (at least) Size bytes; a Ptr/Size in commitPool must be a subrange of that range; a Ptr/Size in decommitPool must be an exact pair previously passed to commitPool.

mcgrathr: I'd like to see some explicit comments here about the API contract: the returned ptr is the…
// manage virtual memory regions as a chunk where individual pages can still
mcgrathrUnsubmitted
Done
ReplyInline Actions

How about allocateInPool and deallocateInPool?

mcgrathr: How about allocateInPool and deallocateInPool?
// have separate permissions. These platforms maintain metadata about the
// region in order to perform operations. The pool is unique as it's the only
// thing in GWP-ASan that treats pages in a single VM region on an individual
// basis for page protection.
// The pointer returned by reserveGuardedPool() is the reserved address range
// of (at least) Size bytes.
void *reserveGuardedPool(size_t Size);
// allocateInGuardedPool() Ptr and Size must be a subrange of the previously
// reserved pool range.
void allocateInGuardedPool(void *Ptr, size_t Size) const;
// deallocateInGuardedPool() Ptr and Size must be an exact pair previously
// passed to allocateInGuardedPool().
void deallocateInGuardedPool(void *Ptr, size_t Size) const;
void unreserveGuardedPool();
// Get the page size from the platform-specific implementation. Only needs to // Get the page size from the platform-specific implementation. Only needs to
// be called once, and the result should be cached in PageSize in this class. // be called once, and the result should be cached in PageSize in this class.
static size_t getPlatformPageSize(); static size_t getPlatformPageSize();
// Returns a pointer to the metadata for the owned pointer. If the pointer is // Returns a pointer to the metadata for the owned pointer. If the pointer is
// not owned by this pool, the result is undefined. // not owned by this pool, the result is undefined.
AllocationMetadata *addrToMetadata(uintptr_t Ptr) const; AllocationMetadata *addrToMetadata(uintptr_t Ptr) const;
▲ Show 20 LinesShow All 95 LinesShow Last 20 Lines

compiler-rt/lib/gwp_asan/guarded_pool_allocator.cpp

Show All 39 Lines
} // anonymous namespace } // anonymous namespace
// Gets the singleton implementation of this class. Thread-compatible until // Gets the singleton implementation of this class. Thread-compatible until
// init() is called, thread-safe afterwards. // init() is called, thread-safe afterwards.
GuardedPoolAllocator *GuardedPoolAllocator::getSingleton() { GuardedPoolAllocator *GuardedPoolAllocator::getSingleton() {
return SingletonPtr; return SingletonPtr;
} }
static size_t roundUpTo(size_t Size, size_t Boundary) {
return (Size + Boundary - 1) & ~(Boundary - 1);
}
void GuardedPoolAllocator::init(const options::Options &Opts) { void GuardedPoolAllocator::init(const options::Options &Opts) {
// Note: We return from the constructor here if GWP-ASan is not available. // Note: We return from the constructor here if GWP-ASan is not available.
// This will stop heap-allocation of class members, as well as mmap() of the // This will stop heap-allocation of class members, as well as mmap() of the
// guarded slots. // guarded slots.
if (!Opts.Enabled || Opts.SampleRate == 0 || if (!Opts.Enabled || Opts.SampleRate == 0 ||
Opts.MaxSimultaneousAllocations == 0) Opts.MaxSimultaneousAllocations == 0)
return; return;
Check(Opts.SampleRate >= 0, "GWP-ASan Error: SampleRate is < 0."); Check(Opts.SampleRate >= 0, "GWP-ASan Error: SampleRate is < 0.");
Check(Opts.SampleRate < (1 << 30), "GWP-ASan Error: SampleRate is >= 2^30."); Check(Opts.SampleRate < (1 << 30), "GWP-ASan Error: SampleRate is >= 2^30.");
Check(Opts.MaxSimultaneousAllocations >= 0, Check(Opts.MaxSimultaneousAllocations >= 0,
"GWP-ASan Error: MaxSimultaneousAllocations is < 0."); "GWP-ASan Error: MaxSimultaneousAllocations is < 0.");
SingletonPtr = this; SingletonPtr = this;
Backtrace = Opts.Backtrace; Backtrace = Opts.Backtrace;
State.MaxSimultaneousAllocations = Opts.MaxSimultaneousAllocations; State.MaxSimultaneousAllocations = Opts.MaxSimultaneousAllocations;
State.PageSize = getPlatformPageSize(); const size_t PageSize = getPlatformPageSize();
// getPageAddr() and roundUpTo() assume the page size to be a power of 2.
assert((PageSize & (PageSize - 1)) == 0);
State.PageSize = PageSize;
PerfectlyRightAlign = Opts.PerfectlyRightAlign; PerfectlyRightAlign = Opts.PerfectlyRightAlign;
size_t PoolBytesRequired = size_t PoolBytesRequired =
State.PageSize * (1 + State.MaxSimultaneousAllocations) + PageSize * (1 + State.MaxSimultaneousAllocations) +
State.MaxSimultaneousAllocations * State.maximumAllocationSize(); State.MaxSimultaneousAllocations * State.maximumAllocationSize();
void *GuardedPoolMemory = mapMemory(PoolBytesRequired, kGwpAsanGuardPageName); assert(PoolBytesRequired % PageSize == 0);
void *GuardedPoolMemory = reserveGuardedPool(PoolBytesRequired);
size_t BytesRequired = State.MaxSimultaneousAllocations * sizeof(*Metadata); size_t BytesRequired =
roundUpTo(State.MaxSimultaneousAllocations * sizeof(*Metadata), PageSize);
Metadata = reinterpret_cast<AllocationMetadata *>( Metadata = reinterpret_cast<AllocationMetadata *>(
mapMemory(BytesRequired, kGwpAsanMetadataName)); map(BytesRequired, kGwpAsanMetadataName));
markReadWrite(Metadata, BytesRequired, kGwpAsanMetadataName);
// Allocate memory and set up the free pages queue. // Allocate memory and set up the free pages queue.
BytesRequired = State.MaxSimultaneousAllocations * sizeof(*FreeSlots); BytesRequired = roundUpTo(
FreeSlots = reinterpret_cast<size_t *>( State.MaxSimultaneousAllocations * sizeof(*FreeSlots), PageSize);
mapMemory(BytesRequired, kGwpAsanFreeSlotsName)); FreeSlots =
markReadWrite(FreeSlots, BytesRequired, kGwpAsanFreeSlotsName); reinterpret_cast<size_t *>(map(BytesRequired, kGwpAsanFreeSlotsName));
// Multiply the sample rate by 2 to give a good, fast approximation for (1 / // Multiply the sample rate by 2 to give a good, fast approximation for (1 /
// SampleRate) chance of sampling. // SampleRate) chance of sampling.
if (Opts.SampleRate != 1) if (Opts.SampleRate != 1)
AdjustedSampleRatePlusOne = static_cast<uint32_t>(Opts.SampleRate) * 2 + 1; AdjustedSampleRatePlusOne = static_cast<uint32_t>(Opts.SampleRate) * 2 + 1;
else else
AdjustedSampleRatePlusOne = 2; AdjustedSampleRatePlusOne = 2;
Show All 22 Lines for (size_t i = 0; i < State.MaxSimultaneousAllocations; ++i) {
if (Meta.Addr && !Meta.IsDeallocated && Meta.Addr >= Start && if (Meta.Addr && !Meta.IsDeallocated && Meta.Addr >= Start &&
Meta.Addr < Start + Size) Meta.Addr < Start + Size)
Cb(Meta.Addr, Meta.Size, Arg); Cb(Meta.Addr, Meta.Size, Arg);
} }
} }
void GuardedPoolAllocator::uninitTestOnly() { void GuardedPoolAllocator::uninitTestOnly() {
if (State.GuardedPagePool) { if (State.GuardedPagePool) {
unmapMemory(reinterpret_cast<void *>(State.GuardedPagePool), unreserveGuardedPool();
State.GuardedPagePoolEnd - State.GuardedPagePool,
kGwpAsanGuardPageName);
State.GuardedPagePool = 0; State.GuardedPagePool = 0;
State.GuardedPagePoolEnd = 0; State.GuardedPagePoolEnd = 0;
} }
if (Metadata) { if (Metadata) {
unmapMemory(Metadata, State.MaxSimultaneousAllocations * sizeof(*Metadata), unmap(Metadata,
kGwpAsanMetadataName); roundUpTo(State.MaxSimultaneousAllocations * sizeof(*Metadata),
State.PageSize));
Metadata = nullptr; Metadata = nullptr;
} }
if (FreeSlots) { if (FreeSlots) {
unmapMemory(FreeSlots, unmap(FreeSlots,
State.MaxSimultaneousAllocations * sizeof(*FreeSlots), roundUpTo(State.MaxSimultaneousAllocations * sizeof(*FreeSlots),
kGwpAsanFreeSlotsName); State.PageSize));
FreeSlots = nullptr; FreeSlots = nullptr;
} }
} }
static uintptr_t getPageAddr(uintptr_t Ptr, uintptr_t PageSize) { static uintptr_t getPageAddr(uintptr_t Ptr, uintptr_t PageSize) {
return Ptr & ~(PageSize - 1); return Ptr & ~(PageSize - 1);
} }
Show All 33 Lines if (getRandomUnsigned32() % 2 == 0) {
Ptr += Ptr +=
State.maximumAllocationSize() - rightAlignedAllocationSize(Size, Align); State.maximumAllocationSize() - rightAlignedAllocationSize(Size, Align);
} }
AllocationMetadata *Meta = addrToMetadata(Ptr); AllocationMetadata *Meta = addrToMetadata(Ptr);
// If a slot is multiple pages in size, and the allocation takes up a single // If a slot is multiple pages in size, and the allocation takes up a single
// page, we can improve overflow detection by leaving the unused pages as // page, we can improve overflow detection by leaving the unused pages as
// unmapped. // unmapped.
markReadWrite(reinterpret_cast<void *>(getPageAddr(Ptr, State.PageSize)), const size_t PageSize = State.PageSize;
Size, kGwpAsanAliveSlotName); allocateInGuardedPool(reinterpret_cast<void *>(getPageAddr(Ptr, PageSize)),
roundUpTo(Size, PageSize));
Meta->RecordAllocation(Ptr, Size); Meta->RecordAllocation(Ptr, Size);
Meta->AllocationTrace.RecordBacktrace(Backtrace); Meta->AllocationTrace.RecordBacktrace(Backtrace);
return reinterpret_cast<void *>(Ptr); return reinterpret_cast<void *>(Ptr);
} }
void GuardedPoolAllocator::trapOnAddress(uintptr_t Address, Error E) { void GuardedPoolAllocator::trapOnAddress(uintptr_t Address, Error E) {
Show All 39 Lines // pool during the expensive markInaccessible() call.
// Ensure that the unwinder is not called if the recursive flag is set, // Ensure that the unwinder is not called if the recursive flag is set,
// otherwise non-reentrant unwinders may deadlock. // otherwise non-reentrant unwinders may deadlock.
if (!ThreadLocals.RecursiveGuard) { if (!ThreadLocals.RecursiveGuard) {
ScopedRecursiveGuard SRG; ScopedRecursiveGuard SRG;
Meta->DeallocationTrace.RecordBacktrace(Backtrace); Meta->DeallocationTrace.RecordBacktrace(Backtrace);
} }
} }
markInaccessible(reinterpret_cast<void *>(SlotStart), deallocateInGuardedPool(reinterpret_cast<void *>(SlotStart),
State.maximumAllocationSize(), kGwpAsanGuardPageName); State.maximumAllocationSize());
// And finally, lock again to release the slot back into the pool. // And finally, lock again to release the slot back into the pool.
ScopedLock L(PoolMutex); ScopedLock L(PoolMutex);
freeSlot(Slot); freeSlot(Slot);
} }
size_t GuardedPoolAllocator::getSize(const void *Ptr) { size_t GuardedPoolAllocator::getSize(const void *Ptr) {
assert(pointerIsMine(Ptr)); assert(pointerIsMine(Ptr));
▲ Show 20 LinesShow All 43 LinesShow Last 20 Lines

compiler-rt/lib/gwp_asan/platform_specific/guarded_pool_allocator_posix.cpp

Show All 19 Lines
#include <unistd.h> #include <unistd.h>
#ifdef ANDROID #ifdef ANDROID
#include <sys/prctl.h> #include <sys/prctl.h>
#define PR_SET_VMA 0x53564d41 #define PR_SET_VMA 0x53564d41
#define PR_SET_VMA_ANON_NAME 0 #define PR_SET_VMA_ANON_NAME 0
#endif // ANDROID #endif // ANDROID
namespace {
void MaybeSetMappingName(void *Mapping, size_t Size, const char *Name) { void MaybeSetMappingName(void *Mapping, size_t Size, const char *Name) {
mcgrathrUnsubmitted
Done
ReplyInline Actions

Google style is to prefer anonymous namespace, I don't know about LLVM style.

mcgrathr: Google style is to prefer anonymous namespace, I don't know about LLVM style.
#ifdef ANDROID #ifdef ANDROID
prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, Mapping, Size, Name); prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, Mapping, Size, Name);
#endif // ANDROID #endif // ANDROID
// Anonymous mapping names are only supported on Android. // Anonymous mapping names are only supported on Android.
return; return;
} }
} // anonymous namespace
namespace gwp_asan { namespace gwp_asan {
void GuardedPoolAllocator::initPRNG() { void GuardedPoolAllocator::initPRNG() {
ThreadLocals.RandomState = time(nullptr) + getThreadID(); ThreadLocals.RandomState =
static_cast<uint32_t>(time(nullptr) + getThreadID());
} }
void *GuardedPoolAllocator::mapMemory(size_t Size, const char *Name) const { void *GuardedPoolAllocator::map(size_t Size, const char *Name) const {
void *Ptr = assert((Size % State.PageSize) == 0);
mmap(nullptr, Size, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); void *Ptr = mmap(nullptr, Size, PROT_READ | PROT_WRITE,
MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
Check(Ptr != MAP_FAILED, "Failed to map guarded pool allocator memory"); Check(Ptr != MAP_FAILED, "Failed to map guarded pool allocator memory");
mcgrathrUnsubmitted
Not Done
ReplyInline Actions

could use the name in the error

mcgrathr: could use the name in the error
MaybeSetMappingName(Ptr, Size, Name); MaybeSetMappingName(Ptr, Size, Name);
return Ptr; return Ptr;
} }
void GuardedPoolAllocator::unmapMemory(void *Ptr, size_t Size, void GuardedPoolAllocator::unmap(void *Ptr, size_t Size) const {
const char *Name) const { assert((reinterpret_cast<uintptr_t>(Ptr) % State.PageSize) == 0);
assert((Size % State.PageSize) == 0);
Check(munmap(Ptr, Size) == 0, Check(munmap(Ptr, Size) == 0,
"Failed to unmap guarded pool allocator memory."); "Failed to unmap guarded pool allocator memory.");
MaybeSetMappingName(Ptr, Size, Name);
} }
void GuardedPoolAllocator::markReadWrite(void *Ptr, size_t Size, void *GuardedPoolAllocator::reserveGuardedPool(size_t Size) {
const char *Name) const { assert((Size % State.PageSize) == 0);
void *Ptr =
mmap(nullptr, Size, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
Check(Ptr != MAP_FAILED, "Failed to reserve guarded pool allocator memory");
MaybeSetMappingName(Ptr, Size, kGwpAsanGuardPageName);
return Ptr;
}
void GuardedPoolAllocator::unreserveGuardedPool() {
unmap(reinterpret_cast<void *>(State.GuardedPagePool),
State.GuardedPagePoolEnd - State.GuardedPagePool);
}
void GuardedPoolAllocator::allocateInGuardedPool(void *Ptr, size_t Size) const {
assert((reinterpret_cast<uintptr_t>(Ptr) % State.PageSize) == 0);
assert((Size % State.PageSize) == 0);
Check(mprotect(Ptr, Size, PROT_READ | PROT_WRITE) == 0, Check(mprotect(Ptr, Size, PROT_READ | PROT_WRITE) == 0,
"Failed to set guarded pool allocator memory at as RW."); "Failed to allocate in guarded pool allocator memory");
MaybeSetMappingName(Ptr, Size, Name); MaybeSetMappingName(Ptr, Size, kGwpAsanAliveSlotName);
} }
void GuardedPoolAllocator::markInaccessible(void *Ptr, size_t Size, void GuardedPoolAllocator::deallocateInGuardedPool(void *Ptr,
const char *Name) const { size_t Size) const {
assert((reinterpret_cast<uintptr_t>(Ptr) % State.PageSize) == 0);
assert((Size % State.PageSize) == 0);
// mmap() a PROT_NONE page over the address to release it to the system, if // mmap() a PROT_NONE page over the address to release it to the system, if
// we used mprotect() here the system would count pages in the quarantine // we used mprotect() here the system would count pages in the quarantine
// against the RSS. // against the RSS.
Check(mmap(Ptr, Size, PROT_NONE, MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, -1, Check(mmap(Ptr, Size, PROT_NONE, MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, -1,
0) != MAP_FAILED, 0) != MAP_FAILED,
"Failed to set guarded pool allocator memory as inaccessible."); "Failed to deallocate in guarded pool allocator memory");
MaybeSetMappingName(Ptr, Size, Name); MaybeSetMappingName(Ptr, Size, kGwpAsanGuardPageName);
} }
size_t GuardedPoolAllocator::getPlatformPageSize() { size_t GuardedPoolAllocator::getPlatformPageSize() {
return sysconf(_SC_PAGESIZE); return sysconf(_SC_PAGESIZE);
} }
void GuardedPoolAllocator::installAtFork() { void GuardedPoolAllocator::installAtFork() {
auto Disable = []() { auto Disable = []() {
if (auto *S = getSingleton()) if (auto *S = getSingleton())
S->disable(); S->disable();
}; };
auto Enable = []() { auto Enable = []() {
if (auto *S = getSingleton()) if (auto *S = getSingleton())
S->enable(); S->enable();
}; };
pthread_atfork(Disable, Enable, Enable); pthread_atfork(Disable, Enable, Enable);
} }
} // namespace gwp_asan } // namespace gwp_asan