This is an archive of the discontinued LLVM Phabricator instance.

Differential D156015

[lsan][Fuchsia] Fix bounds checking for thread_local allocator cache when scanning TLS regions
ClosedPublic

Authored by leonardchan on Jul 21 2023, 7:55 PM.

Details

Reviewers
mcgrathr
phosek
Commits
rG1abcf584023e: [lsan][Fuchsia] Fix bounds checking for thread_local allocator cache when…
Summary

When scanning over TLS regions, we attempt to check if one of the regions is one of the thread_local allocator caches which would be located in one of the TLS blocks pointer to by the DTV. This is to prevent marking a pointer that was allocated by the primary allocator (from a thread_local cache) as reachable. The check is a simple bounds check to see if the allocator cache is within the bounds of one of the TLS block we're iterating over, but it looks like the check for the end of the cache is slightly incorrect. Rather than checking end - cache_start <= cache_size, it should be something like cache_start + cache_size < end.

Diff Detail

Event Timeline

leonardchan created this revision.Jul 21 2023, 7:55 PM
Herald added a project: Restricted Project. · View Herald TranscriptJul 21 2023, 7:55 PM
Herald added subscribers: Enna1, abrachet. · View Herald Transcript
leonardchan requested review of this revision.EditedJul 21 2023, 7:55 PM

Prior to this, it looks like we'd unconditionally mark pointers in the allocator cache as reachable. So we may find more leaks after this.

Harbormaster completed remote builds in B247372: Diff 543140.Jul 22 2023, 12:54 AM
mcgrathr added a comment.Aug 1 2023, 5:05 PM

The pattern the code was using is the usual pattern to avoid potential overflow. It just should have been >= rather than <=. Even aside from the overflow avoidance, < end is not right but should be <= end AFAICT. But I think it's best to keep the overflow avoidance here and just fix the typo so it's <= end.

leonardchan updated this revision to Diff 546959.Aug 3 2023, 11:23 AM
Harbormaster completed remote builds in B250135: Diff 546959.Aug 3 2023, 12:08 PM
leonardchan added a comment.Aug 29 2023, 12:16 PM

ping

mcgrathr accepted this revision.Aug 29 2023, 12:42 PM

lgtm

This revision is now accepted and ready to land.Aug 29 2023, 12:42 PM
Closed by commit rG1abcf584023e: [lsan][Fuchsia] Fix bounds checking for thread_local allocator cache when… (authored by leonardchan). · Explain WhyAug 30 2023, 1:50 PM
This revision was automatically updated to reflect the committed changes.
leonardchan added a commit: rG1abcf584023e: [lsan][Fuchsia] Fix bounds checking for thread_local allocator cache when….

Revision Contents

PathSize
compiler-rt/
lib/
lsan/
2 lines

Diff 554823

compiler-rt/lib/lsan/lsan_common_fuchsia.cpp

Show First 20 LinesShow All 113 Lines▼ Show 20 Linesvoid LockStuffAndStopTheWorld(StopTheWorldCallback callback,
// variables as well as C11 tss_set and POSIX pthread_setspecific. // variables as well as C11 tss_set and POSIX pthread_setspecific.
auto tls = +[](void *chunk, size_t size, void *data) { auto tls = +[](void *chunk, size_t size, void *data) {
auto params = static_cast<const Params *>(data); auto params = static_cast<const Params *>(data);
uptr begin = reinterpret_cast<uptr>(chunk); uptr begin = reinterpret_cast<uptr>(chunk);
uptr end = begin + size; uptr end = begin + size;
auto i = __sanitizer::InternalLowerBound(params->allocator_caches, begin); auto i = __sanitizer::InternalLowerBound(params->allocator_caches, begin);
if (i < params->allocator_caches.size() && if (i < params->allocator_caches.size() &&
params->allocator_caches[i] >= begin && params->allocator_caches[i] >= begin &&
end - params->allocator_caches[i] <= sizeof(AllocatorCache)) { end - params->allocator_caches[i] >= sizeof(AllocatorCache)) {
// Split the range in two and omit the allocator cache within. // Split the range in two and omit the allocator cache within.
ScanRangeForPointers(begin, params->allocator_caches[i], ScanRangeForPointers(begin, params->allocator_caches[i],
&params->argument->frontier, "TLS", kReachable); &params->argument->frontier, "TLS", kReachable);
uptr begin2 = params->allocator_caches[i] + sizeof(AllocatorCache); uptr begin2 = params->allocator_caches[i] + sizeof(AllocatorCache);
ScanRangeForPointers(begin2, end, &params->argument->frontier, "TLS", ScanRangeForPointers(begin2, end, &params->argument->frontier, "TLS",
kReachable); kReachable);
} else { } else {
ScanRangeForPointers(begin, end, &params->argument->frontier, "TLS", ScanRangeForPointers(begin, end, &params->argument->frontier, "TLS",
Show All 37 Lines