This is an archive of the discontinued LLVM Phabricator instance.

tsan: tolerate munmap with invalid arguments
ClosedPublic

Authored by dvyukov on Dec 2 2021, 4:40 AM.

Details

Summary

We call UnmapShadow before the actual munmap, at that point we don't yet
know if the provided address/size are sane. We can't call UnmapShadow
after the actual munmap becuase at that point the memory range can
already be reused for something else, so we can't rely on the munmap
return value to understand is the values are sane.
While calling munmap with insane values (non-canonical address, negative
size, etc) is an error, the kernel won't crash. We must also try to not
crash as the failure mode is very confusing (paging fault inside of the
runtime on some derived shadow address).

Such invalid arguments are observed on Chromium tests:
https://bugs.chromium.org/p/chromium/issues/detail?id=1275581

Diff Detail

Event Timeline

dvyukov requested review of this revision.Dec 2 2021, 4:40 AM
dvyukov created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptDec 2 2021, 4:40 AM
Herald added a subscriber: Restricted Project. · View Herald Transcript
melver accepted this revision.Dec 2 2021, 4:52 AM
melver added inline comments.
compiler-rt/lib/tsan/rtl/tsan_rtl.cpp
295

why not 'ranges[][2]' ?

This revision is now accepted and ready to land.Dec 2 2021, 4:52 AM
dvyukov updated this revision to Diff 391343.Dec 2 2021, 8:49 AM

use ranges[][2]

dvyukov marked an inline comment as done.Dec 2 2021, 8:50 AM
dvyukov added inline comments.
compiler-rt/lib/tsan/rtl/tsan_rtl.cpp
295

Because I don't know C++.
Done. Thanks.

This revision was landed with ongoing or failed builds.Dec 2 2021, 8:50 AM
This revision was automatically updated to reflect the committed changes.
dvyukov marked an inline comment as done.