This is an archive of the discontinued LLVM Phabricator instance.

Differential D110575

[gwp-asan] Initialize AllocatorVersionMagic at runtime
ClosedPublic

Authored by cryptoad on Sep 27 2021, 12:32 PM.

Details

Reviewers
hctim
mcgrathr
eugenis
Commits
rG04f5913395de: [gwp-asan] Initialize AllocatorVersionMagic at runtime
Summary

GWP-ASan's AllocatorState was recently extended with a
AllocatorVersionMagic structure required so that GWP-ASan bug reports
can be understood by tools at different versions.

On Fuchsia, this in included in the scudo::Allocator structure, and
by having non-zero initializers, this effectively moved the static
allocator structure from the .bss segment to the .data segment, thus
increasing (significantly) the size of the libc.

This CL proposes to initialize the structure with its magic numbers at
runtime, allowing for the allocator to go back into the .bss segment.

I will work on adding a test on the Scudo side to ensure that this type
of changes get detected early on. Additional work is also needed to
reduce the footprint of the (large) memory-tagging related structures
that are currently part of the allocator.

Diff Detail

Event Timeline

cryptoad created this revision.Sep 27 2021, 12:32 PM
Herald added a subscriber: phosek. · View Herald TranscriptSep 27 2021, 12:32 PM
cryptoad requested review of this revision.Sep 27 2021, 12:32 PM
Herald added a project: Restricted Project. · View Herald TranscriptSep 27 2021, 12:32 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
Harbormaster completed remote builds in B125944: Diff 375368.Sep 27 2021, 12:45 PM
hctim added inline comments.Sep 27 2021, 1:14 PM
compiler-rt/lib/gwp_asan/common.h
44

Can you hoist these inside the struct (next to their declarations), and add a note that the values are copied into the struct at runtime, during GuardedPoolAllocator::initialize() so that GWP-ASan remains completely in the .bss segment?

cryptoad updated this revision to Diff 375394.Sep 27 2021, 1:43 PM
cryptoad marked an inline comment as done.

Addressing Mitch's request.

hctim accepted this revision.Sep 27 2021, 1:44 PM

LGTM

This revision is now accepted and ready to land.Sep 27 2021, 1:44 PM
This revision was landed with ongoing or failed builds.Sep 27 2021, 1:50 PM
Closed by commit rG04f5913395de: [gwp-asan] Initialize AllocatorVersionMagic at runtime (authored by cryptoad). · Explain Why
This revision was automatically updated to reflect the committed changes.
cryptoad added a commit: rG04f5913395de: [gwp-asan] Initialize AllocatorVersionMagic at runtime.
Harbormaster completed remote builds in B125965: Diff 375394.Sep 27 2021, 1:57 PM

Revision Contents

PathSize
compiler-rt/
lib/
gwp_asan/
18 lines
7 lines

Diff 375396

compiler-rt/lib/gwp_asan/common.h

Show All 16 Lines
#include <stddef.h> #include <stddef.h>
#include <stdint.h> #include <stdint.h>
namespace gwp_asan { namespace gwp_asan {
// Magic header that resides in the AllocatorState so that GWP-ASan bugreports // Magic header that resides in the AllocatorState so that GWP-ASan bugreports
// can be understood by tools at different versions. Out-of-process crash // can be understood by tools at different versions. Out-of-process crash
// handlers, like crashpad on Fuchsia, take the raw conents of the // handlers, like crashpad on Fuchsia, take the raw contents of the
// AllocationMetatada array and the AllocatorState, and shove them into the // AllocationMetatada array and the AllocatorState, and shove them into the
// minidump. Online unpacking of these structs needs to know from which version // minidump. Online unpacking of these structs needs to know from which version
// of GWP-ASan its extracting the information, as the structures are not stable. // of GWP-ASan it's extracting the information, as the structures are not
// stable.
struct AllocatorVersionMagic { struct AllocatorVersionMagic {
const uint8_t Magic[4] = {'A', 'S', 'A', 'N'}; // The values are copied into the structure at runtime, during
// `GuardedPoolAllocator::init()` so that GWP-ASan remains completely in the
// `.bss` segment.
static constexpr uint8_t kAllocatorVersionMagic[4] = {'A', 'S', 'A', 'N'};
uint8_t Magic[4] = {};
// Update the version number when the AllocatorState or AllocationMetadata // Update the version number when the AllocatorState or AllocationMetadata
// change. // change.
const uint16_t Version = 1; static constexpr uint16_t kAllocatorVersion = 1;
const uint16_t Reserved = 0; uint16_t Version = 0;
uint16_t Reserved = 0;
}; };
enum class Error : uint8_t { enum class Error : uint8_t {
UNKNOWN, UNKNOWN,
hctimUnsubmitted
Done
ReplyInline Actions

Can you hoist these inside the struct (next to their declarations), and add a note that the values are copied into the struct at runtime, during GuardedPoolAllocator::initialize() so that GWP-ASan remains completely in the .bss segment?

hctim: Can you hoist these inside the struct (next to their declarations), and add a note that the…
USE_AFTER_FREE, USE_AFTER_FREE,
DOUBLE_FREE, DOUBLE_FREE,
INVALID_FREE, INVALID_FREE,
BUFFER_OVERFLOW, BUFFER_OVERFLOW,
BUFFER_UNDERFLOW BUFFER_UNDERFLOW
}; };
const char *ErrorToString(const Error &E); const char *ErrorToString(const Error &E);
▲ Show 20 LinesShow All 47 Lines▼ Show 20 Linesstruct AllocationMetadata {
bool IsDeallocated = false; bool IsDeallocated = false;
}; };
// This holds the state that's shared between the GWP-ASan allocator and the // This holds the state that's shared between the GWP-ASan allocator and the
// crash handler. This, in conjunction with the Metadata array, forms the entire // crash handler. This, in conjunction with the Metadata array, forms the entire
// set of information required for understanding a GWP-ASan crash. // set of information required for understanding a GWP-ASan crash.
struct AllocatorState { struct AllocatorState {
constexpr AllocatorState() {} constexpr AllocatorState() {}
const AllocatorVersionMagic VersionMagic{}; AllocatorVersionMagic VersionMagic{};
// Returns whether the provided pointer is a current sampled allocation that // Returns whether the provided pointer is a current sampled allocation that
// is owned by this pool. // is owned by this pool.
GWP_ASAN_ALWAYS_INLINE bool pointerIsMine(const void *Ptr) const { GWP_ASAN_ALWAYS_INLINE bool pointerIsMine(const void *Ptr) const {
uintptr_t P = reinterpret_cast<uintptr_t>(Ptr); uintptr_t P = reinterpret_cast<uintptr_t>(Ptr);
return P < GuardedPagePoolEnd && GuardedPagePool <= P; return P < GuardedPagePoolEnd && GuardedPagePool <= P;
} }
▲ Show 20 LinesShow All 66 LinesShow Last 20 Lines

compiler-rt/lib/gwp_asan/guarded_pool_allocator.cpp

Show First 20 LinesShow All 53 Lines▼ Show 20 Linesvoid GuardedPoolAllocator::init(const options::Options &Opts) {
Check(Opts.SampleRate >= 0, "GWP-ASan Error: SampleRate is < 0."); Check(Opts.SampleRate >= 0, "GWP-ASan Error: SampleRate is < 0.");
Check(Opts.SampleRate < (1 << 30), "GWP-ASan Error: SampleRate is >= 2^30."); Check(Opts.SampleRate < (1 << 30), "GWP-ASan Error: SampleRate is >= 2^30.");
Check(Opts.MaxSimultaneousAllocations >= 0, Check(Opts.MaxSimultaneousAllocations >= 0,
"GWP-ASan Error: MaxSimultaneousAllocations is < 0."); "GWP-ASan Error: MaxSimultaneousAllocations is < 0.");
SingletonPtr = this; SingletonPtr = this;
Backtrace = Opts.Backtrace; Backtrace = Opts.Backtrace;
State.VersionMagic = {{AllocatorVersionMagic::kAllocatorVersionMagic[0],
AllocatorVersionMagic::kAllocatorVersionMagic[1],
AllocatorVersionMagic::kAllocatorVersionMagic[2],
AllocatorVersionMagic::kAllocatorVersionMagic[3]},
AllocatorVersionMagic::kAllocatorVersion,
0};
State.MaxSimultaneousAllocations = Opts.MaxSimultaneousAllocations; State.MaxSimultaneousAllocations = Opts.MaxSimultaneousAllocations;
const size_t PageSize = getPlatformPageSize(); const size_t PageSize = getPlatformPageSize();
// getPageAddr() and roundUpTo() assume the page size to be a power of 2. // getPageAddr() and roundUpTo() assume the page size to be a power of 2.
assert((PageSize & (PageSize - 1)) == 0); assert((PageSize & (PageSize - 1)) == 0);
State.PageSize = PageSize; State.PageSize = PageSize;
size_t PoolBytesRequired = size_t PoolBytesRequired =
▲ Show 20 LinesShow All 285 LinesShow Last 20 Lines