This is an archive of the discontinued LLVM Phabricator instance.

Differential D152984

[scudo] Disable OddEvenTags by default.
ClosedPublic

Authored by eugenis on Jun 14 2023, 5:05 PM.

Download Raw Diff

Details

Reviewers

pcc
fmayer
hctim
cferris

Commits

rGed552f2151ac: [scudo] Disable OddEvenTags by default.

Summary

Scudo has zero-tagged headers between any two allocation that will catch
a linear buffer overflow of up to 16 bytes. OddEvenTags extends this
guarantee to one chunk of the given SizeClass at the cost of the reduced
entropy for all heap tags (i.e. lower chance to catch use-after-free and
large overflows).

Given that the first 16 bytes are already deterministic, I feel this is
a bad tradeoff.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

eugenis created this revision.Jun 14 2023, 5:05 PM

Herald added a project: Restricted Project. · View Herald TranscriptJun 14 2023, 5:05 PM

Herald added subscribers: yaneury, Chia-hungDuan, Enna1, cryptoad. · View Herald Transcript

eugenis requested review of this revision.Jun 14 2023, 5:05 PM

Herald added a project: Restricted Project. · View Herald TranscriptJun 14 2023, 5:05 PM

Herald added a subscriber: Restricted Project. · View Herald Transcript

fmayer accepted this revision.Jun 14 2023, 5:07 PM

This revision is now accepted and ready to land.Jun 14 2023, 5:07 PM

Harbormaster completed remote builds in B239004: Diff 531577.Jun 14 2023, 5:29 PM

Yeah, I agree.

This revision was landed with ongoing or failed builds.Jun 15 2023, 4:37 PM

Closed by commit rGed552f2151ac: [scudo] Disable OddEvenTags by default. (authored by eugenis). · Explain Why

This revision was automatically updated to reflect the committed changes.

eugenis added a commit: rGed552f2151ac: [scudo] Disable OddEvenTags by default..

Revision Contents

Path

Size

compiler-rt/

lib/

scudo/

standalone/

1 line

tests/

combined_test.cpp

1 line

Diff 531940

compiler-rt/lib/scudo/standalone/combined.h

	Show First 20 Lines • Show All 160 Lines • ▼ Show 20 Lines		else if (getFlags()->pattern_fill_contents)
	Primary.Options.setFillContentsMode(PatternOrZeroFill);			Primary.Options.setFillContentsMode(PatternOrZeroFill);
	if (getFlags()->dealloc_type_mismatch)			if (getFlags()->dealloc_type_mismatch)
	Primary.Options.set(OptionBit::DeallocTypeMismatch);			Primary.Options.set(OptionBit::DeallocTypeMismatch);
	if (getFlags()->delete_size_mismatch)			if (getFlags()->delete_size_mismatch)
	Primary.Options.set(OptionBit::DeleteSizeMismatch);			Primary.Options.set(OptionBit::DeleteSizeMismatch);
	if (allocatorSupportsMemoryTagging<Config>() &&			if (allocatorSupportsMemoryTagging<Config>() &&
	systemSupportsMemoryTagging())			systemSupportsMemoryTagging())
	Primary.Options.set(OptionBit::UseMemoryTagging);			Primary.Options.set(OptionBit::UseMemoryTagging);
	Primary.Options.set(OptionBit::UseOddEvenTags);

	QuarantineMaxChunkSize =			QuarantineMaxChunkSize =
	static_cast<u32>(getFlags()->quarantine_max_chunk_size);			static_cast<u32>(getFlags()->quarantine_max_chunk_size);

	Stats.init();			Stats.init();
	const s32 ReleaseToOsIntervalMs = getFlags()->release_to_os_interval_ms;			const s32 ReleaseToOsIntervalMs = getFlags()->release_to_os_interval_ms;
	Primary.init(ReleaseToOsIntervalMs);			Primary.init(ReleaseToOsIntervalMs);
	Secondary.init(&Stats, ReleaseToOsIntervalMs);			Secondary.init(&Stats, ReleaseToOsIntervalMs);
	▲ Show 20 Lines • Show All 1,371 Lines • Show Last 20 Lines

compiler-rt/lib/scudo/standalone/tests/combined_test.cpp

	Show First 20 Lines • Show All 635 Lines • ▼ Show 20 Lines
	// operation without issue.			// operation without issue.
	SCUDO_TYPED_TEST(ScudoCombinedTest, ReleaseToOS) {			SCUDO_TYPED_TEST(ScudoCombinedTest, ReleaseToOS) {
	auto *Allocator = this->Allocator.get();			auto *Allocator = this->Allocator.get();
	Allocator->releaseToOS(scudo::ReleaseToOS::Force);			Allocator->releaseToOS(scudo::ReleaseToOS::Force);
	}			}

	SCUDO_TYPED_TEST(ScudoCombinedTest, OddEven) {			SCUDO_TYPED_TEST(ScudoCombinedTest, OddEven) {
	auto *Allocator = this->Allocator.get();			auto *Allocator = this->Allocator.get();
				Allocator->setOption(scudo::Option::MemtagTuning, M_MEMTAG_TUNING_BUFFER_OVERFLOW);

	if (!Allocator->useMemoryTaggingTestOnly())			if (!Allocator->useMemoryTaggingTestOnly())
	return;			return;

	auto CheckOddEven = [](scudo::uptr P1, scudo::uptr P2) {			auto CheckOddEven = [](scudo::uptr P1, scudo::uptr P2) {
	scudo::uptr Tag1 = scudo::extractTag(scudo::loadTag(P1));			scudo::uptr Tag1 = scudo::extractTag(scudo::loadTag(P1));
	scudo::uptr Tag2 = scudo::extractTag(scudo::loadTag(P2));			scudo::uptr Tag2 = scudo::extractTag(scudo::loadTag(P2));
	EXPECT_NE(Tag1 % 2, Tag2 % 2);			EXPECT_NE(Tag1 % 2, Tag2 % 2);
	▲ Show 20 Lines • Show All 169 Lines • Show Last 20 Lines