Download Raw Diff

Details

Reviewers

Commits

rG1128db8fe1c1: [asan] Add exception handler to map memory on demand on Win64. Memory will be…
rCRT275107: [asan] Add exception handler to map memory on demand on Win64.
rL275107: [asan] Add exception handler to map memory on demand on Win64.

Summary

[asan] Add exception handler to map memory on demand on Win64.
Memory will be committed on demand when exception happens while accessing
shadow memeory region.

Diff Detail

Event Timeline

wang0109 updated this revision to Diff 62554.Jul 1 2016, 3:42 PM

wang0109 retitled this revision from to [asan] Add exception handler to map memory on demand on Win64..

wang0109 updated this object.

wang0109 added reviewers: etienneb, • chrisha.

Herald added a subscriber: kubamracek. · View Herald TranscriptJul 1 2016, 3:42 PM

etienneb edited reviewers, added: rnk; removed: • chrisha, etienneb.Jul 1 2016, 3:45 PM

etienneb added subscribers: etienneb, • chrisha.

etienneb added inline comments.Jul 1 2016, 3:51 PM

lib/asan/asan_win.cc
227	Does this can be done into: InitializeExceptionHandlerOnWindows64
244	no { } here
265	'auto' here won't comply with the common coding style in llvm. The type is not on the rhs, so use char* instead.
271	ditto 'auto'
280	rewrite the following list has a single line. if (AddVectoredExceptionHandler(TRUE, &ShadowExceptionHandler) != nullptr) or if (!AddVectoredExceptionHandler(TRUE, &ShadowExceptionHandler))

update diff: format and minor styling

etienneb added inline comments.Jul 4 2016, 8:17 AM

lib/asan/asan_win.cc
257	As I get it, for the shadow memory this should never happens??? The whole memory space used by the shadow must be already reserved.

etienneb added inline comments.Jul 4 2016, 8:46 AM

lib/asan/asan_internal.h
65	I'm not a fan of these #ifdef Should we use something similar than: void InitializePlatformInterceptors(); but for the shadow.

wang0109 added inline comments.Jul 4 2016, 8:48 AM

lib/asan/asan_internal.h
65	Sounds reasonable. Could be called InitializePlatformExceptionHandlers() ?

update diff: remove several ifdefs, rename to InitializePlatformExceptionHandlers

rnk added inline comments.Jul 6 2016, 9:20 AM

lib/asan/asan_win.cc
223–231	Use GetPageSizeCached() and GetMmapGranularity() instead.
249–250	Use RoundDownTo instead of the bitmath
257	Yeah, what's the story here? We're going with up-front reservation first, and that succeeds in Win8.1+, right?
260–261	RoundDownTo

update diff: cleanup code regarding RoundDownTo, GetPageSize

• chrisha added inline comments.Jul 6 2016, 2:13 PM

lib/asan/asan_win.cc
257	This is cut and paste from a small test harness I wrote. Because of the page table overhead on Win7, I was tinkering with not even reserving the shadow at all, and had added this support. I think it simpler if we just say only Win8+ is recommended for x64, and document the page table overhead for Win7. This is better than the potential correctness problem that can result if somebody else gets memory where we think we have the shadow.

wang0109 added inline comments.Jul 6 2016, 2:14 PM

lib/asan/asan_win.cc
257	Yes. This piece of code was ported from a test program (credits to chrisha). I thought for a while and it should be not useful in the case of windows 10, apart from being defensive code. For window 7, I am not quite sure what's the behavior. One thing that I would like to test is, VirtualAlloc() seems to have alignment requirement of allocation granularity for any flag involving MEM_RESERVE, if I understand correctly. For MEM_COMMIT only flag, address only have to be aligned with page size.

update diff: remove unneeded code, avoid commit limit error 1455

drive-by

lib/asan/asan_win.cc
262	Change this for a CHECK(...)
lib/sanitizer_common/sanitizer_win.cc
171	IIRC, this function is used at other place. (MmapFixedNoReserve). We should probably do a variant of that fonction, showing the "on-demand" behavior in the name.
178	nit: execption -> exeception

update diff: fix typo, use CHECK() to replace __debugbreak

wang0109 added inline comments.Jul 10 2016, 5:12 PM

lib/sanitizer_common/sanitizer_win.cc
171	I see, this function also used in dfsan, esan etc. The name is already confusing.. It says "NoReserve" yet we are passing MEM_RESERVE flag..

lgtm

lib/sanitizer_common/sanitizer_win.cc
171	The name reflects the flags that you would pass to mmap on unix.
178	still need to fix this

This revision is now accepted and ready to land.Jul 11 2016, 12:53 PM

update diff: fix typo

This CL is not compiling.
Please fix:

../llvm/llvm/projects/compiler-rt/lib/asan/asan_win.cc:232:  Lines should be <= 80 characters long  [whitespace/line_length] [2]
../llvm/llvm/projects/compiler-rt/lib/asan/asan_win.cc:249:  Lines should be <= 80 characters long  [whitespace/line_length] [2]

and this

projects/compiler-rt/lib/asan/CMakeFiles/RTAsan_dynamic.x86_64.dir/asan_rtl.cc.o: In function `AsanInitInternal':
/usr/local/google/home/etienneb/llvm/llvm/projects/compiler-rt/lib/asan/asan_rtl.cc:423: undefined reference to `__asan::InitializePlatformExceptionHandlers()'
collect2: error: ld returned 1 exit status

update diff: fix compile for linux/mac
update diff: coding style

Closed by commit rL275107: [asan] Add exception handler to map memory on demand on Win64. (authored by etienneb). · Explain WhyJul 11 2016, 2:48 PM

This revision was automatically updated to reflect the committed changes.

FYI, this broke tsan. Only asan installs vectored SEH handler. I fixed it in:
http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_win.cc?r1=276112&r2=276111&pathrev=276112

alvinhochun mentioned this in D149020: [sanitizer][asan][win] Enable commit on demand for i686.Apr 23 2023, 8:33 AM

alvinhochun mentioned this in D149025: [sanitizer][asan][win] Only unmap unneeded shadow memory on x86_64.Apr 23 2023, 9:25 AM

alvinhochun mentioned this in rG0d5b51e0ac88: [sanitizer][asan][win] Only unmap unneeded shadow memory on x86_64.May 2 2023, 9:23 AM

Diff 63557

lib/asan/asan_internal.h

Show First 20 Lines • Show All 56 Lines • ▼ Show 20 Lines
// functions from the instrumented user code in a profile.		// functions from the instrumented user code in a profile.
namespace __asan {		namespace __asan {

class AsanThread;		class AsanThread;
using __sanitizer::StackTrace;		using __sanitizer::StackTrace;

void AsanInitFromRtl();		void AsanInitFromRtl();

		// asan_win.cc
		etiennebUnsubmitted Not Done Reply Inline Actions I'm not a fan of these #ifdef Should we use something similar than: void InitializePlatformInterceptors(); but for the shadow. etienneb: I'm not a fan of these #ifdef Should we use something similar than: void…
		wang0109AuthorUnsubmitted Not Done Reply Inline Actions Sounds reasonable. Could be called InitializePlatformExceptionHandlers() ? wang0109: Sounds reasonable. Could be called InitializePlatformExceptionHandlers() ?
		void InitializePlatformExceptionHandlers();

// asan_rtl.cc		// asan_rtl.cc
void NORETURN ShowStatsAndAbort();		void NORETURN ShowStatsAndAbort();

// asan_malloc_linux.cc / asan_malloc_mac.cc		// asan_malloc_linux.cc / asan_malloc_mac.cc
void ReplaceSystemMalloc();		void ReplaceSystemMalloc();

// asan_linux.cc / asan_mac.cc / asan_win.cc		// asan_linux.cc / asan_mac.cc / asan_win.cc
void *AsanDoesNotSupportStaticLinkage();		void *AsanDoesNotSupportStaticLinkage();
▲ Show 20 Lines • Show All 49 Lines • ▼ Show 20 Lines	#define ASAN_FREE_HOOK(ptr) \
} while (false)		} while (false)
#define ASAN_ON_ERROR() \		#define ASAN_ON_ERROR() \
if (&__asan_on_error) __asan_on_error()		if (&__asan_on_error) __asan_on_error()

extern int asan_inited;		extern int asan_inited;
// Used to avoid infinite recursion in __asan_init().		// Used to avoid infinite recursion in __asan_init().
extern bool asan_init_is_running;		extern bool asan_init_is_running;
extern void (*death_callback)(void);		extern void (*death_callback)(void);

// These magic values are written to shadow for better error reporting.		// These magic values are written to shadow for better error reporting.
const int kAsanHeapLeftRedzoneMagic = 0xfa;		const int kAsanHeapLeftRedzoneMagic = 0xfa;
const int kAsanHeapRightRedzoneMagic = 0xfb;		const int kAsanHeapRightRedzoneMagic = 0xfb;
const int kAsanHeapFreeMagic = 0xfd;		const int kAsanHeapFreeMagic = 0xfd;
const int kAsanStackLeftRedzoneMagic = 0xf1;		const int kAsanStackLeftRedzoneMagic = 0xf1;
const int kAsanStackMidRedzoneMagic = 0xf2;		const int kAsanStackMidRedzoneMagic = 0xf2;
const int kAsanStackRightRedzoneMagic = 0xf3;		const int kAsanStackRightRedzoneMagic = 0xf3;
const int kAsanStackPartialRedzoneMagic = 0xf4;		const int kAsanStackPartialRedzoneMagic = 0xf4;
Show All 18 Lines

lib/asan/asan_rtl.cc

Show First 20 Lines • Show All 414 Lines • ▼ Show 20 Lines	static void AsanInitInternal() {

AsanCheckIncompatibleRT();		AsanCheckIncompatibleRT();
AsanCheckDynamicRTPrereqs();		AsanCheckDynamicRTPrereqs();
AvoidCVE_2016_2143();		AvoidCVE_2016_2143();

SetCanPoisonMemory(flags()->poison_heap);		SetCanPoisonMemory(flags()->poison_heap);
SetMallocContextSize(common_flags()->malloc_context_size);		SetMallocContextSize(common_flags()->malloc_context_size);

		InitializePlatformExceptionHandlers();

InitializeHighMemEnd();		InitializeHighMemEnd();

// Make sure we are not statically linked.		// Make sure we are not statically linked.
AsanDoesNotSupportStaticLinkage();		AsanDoesNotSupportStaticLinkage();

// Install tool-specific callbacks in sanitizer_common.		// Install tool-specific callbacks in sanitizer_common.
AddDieCallback(AsanDie);		AddDieCallback(AsanDie);
SetCheckFailedCallback(AsanCheckFailed);		SetCheckFailedCallback(AsanCheckFailed);
▲ Show 20 Lines • Show All 216 Lines • Show Last 20 Lines

lib/asan/asan_win.cc

	Show All 18 Lines

	#include <stdlib.h>			#include <stdlib.h>

	#include "asan_interceptors.h"			#include "asan_interceptors.h"
	#include "asan_internal.h"			#include "asan_internal.h"
	#include "asan_report.h"			#include "asan_report.h"
	#include "asan_stack.h"			#include "asan_stack.h"
	#include "asan_thread.h"			#include "asan_thread.h"
				#include "asan_mapping.h"
	#include "sanitizer_common/sanitizer_libc.h"			#include "sanitizer_common/sanitizer_libc.h"
	#include "sanitizer_common/sanitizer_mutex.h"			#include "sanitizer_common/sanitizer_mutex.h"

	using namespace __asan; // NOLINT			using namespace __asan; // NOLINT

	extern "C" {			extern "C" {
	SANITIZER_INTERFACE_ATTRIBUTE			SANITIZER_INTERFACE_ATTRIBUTE
	int __asan_should_detect_stack_use_after_return() {			int __asan_should_detect_stack_use_after_return() {
	▲ Show 20 Lines • Show All 175 Lines • ▼ Show 20 Lines
	void ReadContextStack(void context, uptr stack, uptr *ssize) {			void ReadContextStack(void context, uptr stack, uptr *ssize) {
	UNIMPLEMENTED();			UNIMPLEMENTED();
	}			}

	void AsanOnDeadlySignal(int, void siginfo, void context) {			void AsanOnDeadlySignal(int, void siginfo, void context) {
	UNIMPLEMENTED();			UNIMPLEMENTED();
	}			}

				#if SANITIZER_WINDOWS64
				// Exception handler for dealing with shadow memory.
				static LONG CALLBACK
				ShadowExceptionHandler(PEXCEPTION_POINTERS exception_pointers) {
				static uptr page_size = GetPageSizeCached();
				static uptr alloc_granularity = GetMmapGranularity();
				// Only handle access violations.
				if (exception_pointers->ExceptionRecord->ExceptionCode !=
				EXCEPTION_ACCESS_VIOLATION) {
				etiennebUnsubmitted Not Done Reply Inline Actions Does this can be done into: InitializeExceptionHandlerOnWindows64 etienneb: Does this can be done into: InitializeExceptionHandlerOnWindows64
				return EXCEPTION_CONTINUE_SEARCH;
				}

				// Only handle access violations that land within the shadow memory.
				rnkUnsubmitted Not Done Reply Inline Actions Use GetPageSizeCached() and GetMmapGranularity() instead. rnk: Use GetPageSizeCached() and GetMmapGranularity() instead.
				uptr addr = (uptr)(exception_pointers->ExceptionRecord->ExceptionInformation[1]);

				// Check valid shadow range.
				if (!AddrIsInShadow(addr)) return EXCEPTION_CONTINUE_SEARCH;

				// This is an access violation while trying to read from the shadow. Commit
				// the relevant page and let execution continue.

				// Determine the address of the page that is being accessed.
				uptr page = RoundDownTo(addr, page_size);

				// Query the existing page.
				MEMORY_BASIC_INFORMATION mem_info = {};
				etiennebUnsubmitted Not Done Reply Inline Actions no { } here etienneb: no { } here
				if (::VirtualQuery((LPVOID)page, &mem_info, sizeof(mem_info)) == 0)
				return EXCEPTION_CONTINUE_SEARCH;

				// Commit the page.
				uptr result = (uptr)::VirtualAlloc((LPVOID)page, page_size, MEM_COMMIT, PAGE_READWRITE);
				if (result != page) return EXCEPTION_CONTINUE_SEARCH;
				rnkUnsubmitted Not Done Reply Inline Actions Use RoundDownTo instead of the bitmath rnk: Use RoundDownTo instead of the bitmath

				// The page mapping succeeded, so continue execution as usual.
				return EXCEPTION_CONTINUE_EXECUTION;
				}

				#endif

				etiennebUnsubmitted Not Done Reply Inline Actions As I get it, for the shadow memory this should never happens??? The whole memory space used by the shadow must be already reserved. etienneb: As I get it, for the shadow memory this should never happens??? The whole memory space used by…
				rnkUnsubmitted Not Done Reply Inline Actions Yeah, what's the story here? We're going with up-front reservation first, and that succeeds in Win8.1+, right? rnk: Yeah, what's the story here? We're going with up-front reservation first, and that succeeds in…
				chrishaUnsubmitted Not Done Reply Inline Actions This is cut and paste from a small test harness I wrote. Because of the page table overhead on Win7, I was tinkering with not even reserving the shadow at all, and had added this support. I think it simpler if we just say only Win8+ is recommended for x64, and document the page table overhead for Win7. This is better than the potential correctness problem that can result if somebody else gets memory where we think we have the shadow. chrisha: This is cut and paste from a small test harness I wrote. Because of the page table overhead on…
				wang0109AuthorUnsubmitted Not Done Reply Inline Actions Yes. This piece of code was ported from a test program (credits to chrisha). I thought for a while and it should be not useful in the case of windows 10, apart from being defensive code. For window 7, I am not quite sure what's the behavior. One thing that I would like to test is, VirtualAlloc() seems to have alignment requirement of allocation granularity for any flag involving MEM_RESERVE, if I understand correctly. For MEM_COMMIT only flag, address only have to be aligned with page size. wang0109: Yes. This piece of code was ported from a test program (credits to chrisha). I thought for a…
				void InitializePlatformExceptionHandlers() {
				#if SANITIZER_WINDOWS64
				// On Win64, we map memory on demand with access violation handler.
				// Install our exception handler.
				rnkUnsubmitted Not Done Reply Inline Actions RoundDownTo rnk: RoundDownTo
				CHECK(AddVectoredExceptionHandler(TRUE, &ShadowExceptionHandler));
				etiennebUnsubmitted Not Done Reply Inline Actions Change this for a CHECK(...) etienneb: Change this for a CHECK(...)
				#endif
				}

				etiennebUnsubmitted Not Done Reply Inline Actions 'auto' here won't comply with the common coding style in llvm. The type is not on the rhs, so use char* instead. etienneb: 'auto' here won't comply with the common coding style in llvm. The type is not on the rhs, so…
	static LPTOP_LEVEL_EXCEPTION_FILTER default_seh_handler;			static LPTOP_LEVEL_EXCEPTION_FILTER default_seh_handler;

	static long WINAPI SEHHandler(EXCEPTION_POINTERS *info) {			static long WINAPI SEHHandler(EXCEPTION_POINTERS *info) {
	EXCEPTION_RECORD *exception_record = info->ExceptionRecord;			EXCEPTION_RECORD *exception_record = info->ExceptionRecord;
	CONTEXT *context = info->ContextRecord;			CONTEXT *context = info->ContextRecord;

				etiennebUnsubmitted Not Done Reply Inline Actions ditto 'auto' etienneb: ditto 'auto'
	if (exception_record->ExceptionCode == EXCEPTION_ACCESS_VIOLATION \|\|			if (exception_record->ExceptionCode == EXCEPTION_ACCESS_VIOLATION \|\|
	exception_record->ExceptionCode == EXCEPTION_IN_PAGE_ERROR) {			exception_record->ExceptionCode == EXCEPTION_IN_PAGE_ERROR) {
	const char *description =			const char *description =
	(exception_record->ExceptionCode == EXCEPTION_ACCESS_VIOLATION)			(exception_record->ExceptionCode == EXCEPTION_ACCESS_VIOLATION)
	? "access-violation"			? "access-violation"
	: "in-page-error";			: "in-page-error";
	SignalContext sig = SignalContext::Create(exception_record, context);			SignalContext sig = SignalContext::Create(exception_record, context);
	ReportDeadlySignal(description, sig);			ReportDeadlySignal(description, sig);
	}			}
				etiennebUnsubmitted Not Done Reply Inline Actions rewrite the following list has a single line. if (AddVectoredExceptionHandler(TRUE, &ShadowExceptionHandler) != nullptr) or if (!AddVectoredExceptionHandler(TRUE, &ShadowExceptionHandler)) etienneb: rewrite the following list has a single line. ``` if (AddVectoredExceptionHandler(TRUE…

	// FIXME: Handle EXCEPTION_STACK_OVERFLOW here.			// FIXME: Handle EXCEPTION_STACK_OVERFLOW here.

	return default_seh_handler(info);			return default_seh_handler(info);
	}			}

	// We want to install our own exception handler (EH) to print helpful reports			// We want to install our own exception handler (EH) to print helpful reports
	// on access violations and whatnot. Unfortunately, the CRT initializers assume			// on access violations and whatnot. Unfortunately, the CRT initializers assume
	▲ Show 20 Lines • Show All 41 Lines • Show Last 20 Lines

lib/sanitizer_common/sanitizer_win.cc

Show First 20 Lines • Show All 162 Lines • ▼ Show 20 Lines	void MmapAlignedOrDie(uptr size, uptr alignment, const char mem_type) {

// Fail if we can't make this work quickly.		// Fail if we can't make this work quickly.
if (retries == kMaxRetries && mapped_addr == 0)		if (retries == kMaxRetries && mapped_addr == 0)
ReportMmapFailureAndDie(size, mem_type, "allocate aligned", GetLastError());		ReportMmapFailureAndDie(size, mem_type, "allocate aligned", GetLastError());

return (void *)mapped_addr;		return (void *)mapped_addr;
}		}

void MmapFixedNoReserve(uptr fixed_addr, uptr size, const char name) {		void MmapFixedNoReserve(uptr fixed_addr, uptr size, const char name) {
		etiennebUnsubmitted Not Done Reply Inline Actions IIRC, this function is used at other place. (MmapFixedNoReserve). We should probably do a variant of that fonction, showing the "on-demand" behavior in the name. etienneb: IIRC, this function is used at other place. (MmapFixedNoReserve). We should probably do a…
		wang0109AuthorUnsubmitted Not Done Reply Inline Actions I see, this function also used in dfsan, esan etc. The name is already confusing.. It says "NoReserve" yet we are passing MEM_RESERVE flag.. wang0109: I see, this function also used in dfsan, esan etc. The name is already confusing.. It says…
		rnkUnsubmitted Not Done Reply Inline Actions The name reflects the flags that you would pass to mmap on unix. rnk: The name reflects the flags that you would pass to mmap on unix.
// FIXME: is this really "NoReserve"? On Win32 this does not matter much,		// FIXME: is this really "NoReserve"? On Win32 this does not matter much,
// but on Win64 it does.		// but on Win64 it does.
(void)name; // unsupported		(void)name; // unsupported
void *p = VirtualAlloc((LPVOID)fixed_addr, size,		#if SANITIZER_WINDOWS64
MEM_RESERVE \| MEM_COMMIT, PAGE_READWRITE);		// On Windows64, use MEM_COMMIT would result in error
		// 1455:ERROR_COMMITMENT_LIMIT.
		// We use exception handler to commit page on demand.
		etiennebUnsubmitted Not Done Reply Inline Actions nit: execption -> exeception etienneb: nit: execption -> exeception
		rnkUnsubmitted Not Done Reply Inline Actions still need to fix this rnk: still need to fix this
		void *p = VirtualAlloc((LPVOID)fixed_addr, size, MEM_RESERVE, PAGE_READWRITE);
		#else
		void *p = VirtualAlloc((LPVOID)fixed_addr, size, MEM_RESERVE \| MEM_COMMIT,
		PAGE_READWRITE);
		#endif
if (p == 0)		if (p == 0)
Report("ERROR: %s failed to "		Report("ERROR: %s failed to "
"allocate %p (%zd) bytes at %p (error code: %d)\n",		"allocate %p (%zd) bytes at %p (error code: %d)\n",
SanitizerToolName, size, size, fixed_addr, GetLastError());		SanitizerToolName, size, size, fixed_addr, GetLastError());
return p;		return p;
}		}

void *MmapFixedOrDie(uptr fixed_addr, uptr size) {		void *MmapFixedOrDie(uptr fixed_addr, uptr size) {
▲ Show 20 Lines • Show All 692 Lines • Show Last 20 Lines

This is an archive of the discontinued LLVM Phabricator instance.

[asan] Add exception handler to map memory on demand on Win64.
ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 63557

lib/asan/asan_internal.h

lib/asan/asan_rtl.cc

lib/asan/asan_win.cc

lib/sanitizer_common/sanitizer_win.cc

This is an archive of the discontinued LLVM Phabricator instance.

[asan] Add exception handler to map memory on demand on Win64.ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 63557

lib/asan/asan_internal.h

lib/asan/asan_rtl.cc

lib/asan/asan_win.cc

lib/sanitizer_common/sanitizer_win.cc

[asan] Add exception handler to map memory on demand on Win64.
ClosedPublic