This is an archive of the discontinued LLVM Phabricator instance.

hwasan: enable mmap interception (no tagging used)
ClosedPublic

Authored by thurston on May 23 2023, 3:02 PM.

Details

Summary

This enables HWASan interception for mmap, to prevent users from allocating in the shadow memory regions. For compatibility, it does not use pointer tagging, nor does it allow MAP_FIXED with a tagged address.

This patch initializes the common interceptors, but that should be a no-op (except for the mmap interceptor), due to the disable-by-default nature of hwasan_platform_interceptors.h (from D150708). As the first patch to utilize this common interceptor machinery for HWASan, it also defines some macros (e.g., COMMON_INTERCEPT_FUNCTION) that will be useful as future interceptors are enabled.

TestCases/Posix/mmap_write_exec.cpp now passes for HWASan.

Diff Detail

Event Timeline

thurston created this revision.May 23 2023, 3:02 PM
Herald added a project: Restricted Project. · View Herald TranscriptMay 23 2023, 3:02 PM
thurston requested review of this revision.May 23 2023, 3:02 PM
Herald added a project: Restricted Project. · View Herald TranscriptMay 23 2023, 3:02 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
thurston updated this revision to Diff 524927.May 23 2023, 4:19 PM

Allow using tagged pointer (from mmap) as parameter to another mmap call

Relax assumption about mmap alignment when tagging

thurston planned changes to this revision.May 23 2023, 4:20 PM

I need to add support for 'hwasan_allocator_tagging_enabled'.

thurston updated this revision to Diff 525265.May 24 2023, 10:52 AM

Added mmap support for hwasan_allocator_tagging_enabled

Added test case that checks whether mmap pointers are tagged

thurston updated this revision to Diff 525271.May 24 2023, 11:01 AM

Removed unused macro

thurston updated this revision to Diff 525776.May 25 2023, 1:39 PM

Changed mmap interceptor to use tagging only if given a tagged address plus MAP_FIXED.

Also add munmap interceptor.

thurston edited the summary of this revision. (Show Details)May 25 2023, 1:39 PM
thurston added a reviewer: pcc.
vitalybuka added inline comments.May 25 2023, 2:14 PM
compiler-rt/lib/hwasan/hwasan_allocator.cpp
31

Instead of making them extern, please add getter function

but with the recent discussion, we don't need to change this at all?

compiler-rt/lib/hwasan/hwasan_interceptors.h
12

Move this into hwasan_interceptors.cpp

we don't need this outsize of the cpp

thurston updated this revision to Diff 525810.May 25 2023, 2:26 PM

Disallow MAP_FIXED with a tagged pointer, which is an odd usecase. This simplifies the code greatly, since an invariant
is that mmap will no longer return any tagged pointers, hence there is no need to intercept munmap.

Also moved hwasan_interceptors.h into hwasan_interceptors.cpp.

thurston retitled this revision from hwasan: enable mmap interception and tag mmap allocations to hwasan: enable mmap interception (no tagging used).May 25 2023, 2:26 PM
thurston edited the summary of this revision. (Show Details)
thurston marked 2 inline comments as done.
thurston added inline comments.
compiler-rt/lib/hwasan/hwasan_allocator.cpp
31

Yes, this is no longer needed.

compiler-rt/lib/hwasan/hwasan_interceptors.h
12

Done

vitalybuka accepted this revision.May 25 2023, 2:29 PM
This revision is now accepted and ready to land.May 25 2023, 2:29 PM
kstoimenov added inline comments.May 25 2023, 2:37 PM
compiler-rt/lib/hwasan/hwasan_interceptors.cpp
154

Space after 'if'.

155

Should this be upper case?

157

Should we return an error instead?

164

The line is too long, please split.

177

Probably split here also.

compiler-rt/lib/hwasan/hwasan_platform_interceptors.h
256–257

Remove dead code.

vitalybuka added inline comments.May 25 2023, 2:45 PM
compiler-rt/lib/hwasan/hwasan_interceptors.cpp
154

just clangformat the thing

155

hm, how this compiles?

157

CHECK_EQ(tag, 0);

Also maybe CHECK_EQ(addr, addr_untagger); is nicer to read.

We agreed on CHECK to get from users if this is a valid usecase.

thurston marked 2 inline comments as done.May 25 2023, 3:00 PM
thurston added inline comments.
compiler-rt/lib/hwasan/hwasan_interceptors.cpp
155

map_fixed is defined in compiler-rt/lib/sanitizer_common/sanitizer_platform_limits_posix.cpp

'int map_fixed = MAP_FIXED;'
thurston added inline comments.May 25 2023, 3:04 PM
compiler-rt/lib/hwasan/hwasan_platform_interceptors.h
256–257

I deliberately leave in the dead code to show that this is intentionally re-enabling the interceptor, not an accidental omission.

For example, suppose we notice that sanitizer_common has SANITIZER_INTERCEPT_FOO, but SANITIZER_INTERCEPT_FOO doesn't appear in hwasan_platform_interceptors.h. Did someone add SANITIZER_INTERCEPT_FOO recently to sanitizer_common and forget to add it to hwasan_platform_interceptors, or was it deliberately removed from hwasan?

thurston updated this revision to Diff 525833.May 25 2023, 3:05 PM
thurston edited the summary of this revision. (Show Details)

clang-format'ed

thurston marked 4 inline comments as done.May 25 2023, 3:05 PM
thurston updated this revision to Diff 525835.May 25 2023, 3:13 PM

For readability, change CHECK(tag == 0) to CHECK_EQ(addr, UntagPtr(addr));

thurston added inline comments.May 25 2023, 3:14 PM
compiler-rt/lib/hwasan/hwasan_interceptors.cpp
157

I changed it to

CHECK_EQ(addr, UntagPtr(addr));

to avoid needing to change the rest of the code to use 'addr_untagged'.

kstoimenov accepted this revision.May 25 2023, 3:55 PM
kstoimenov added inline comments.
compiler-rt/lib/hwasan/hwasan_interceptors.cpp
155

Makes sense. Unrelated to this patch, but shouldn't those be constexpr?

vitalybuka accepted this revision.May 25 2023, 4:29 PM
vitalybuka added inline comments.
compiler-rt/lib/hwasan/hwasan_interceptors.cpp
297

we don't use {} around oneliners

thurston updated this revision to Diff 525875.May 25 2023, 4:39 PM

Remove unnecessary braces

thurston marked an inline comment as done.May 25 2023, 4:40 PM
This revision was landed with ongoing or failed builds.May 26 2023, 9:34 AM
This revision was automatically updated to reflect the committed changes.