This is an archive of the discontinued LLVM Phabricator instance.

[MSAN][MIPS] Changed memory mapping to support pie executable.
ClosedPublic

Authored by slthakur on Jul 30 2016, 4:28 AM.

Download Raw Diff

Details

Reviewers

kcc
samsonov
eugenis

Diff Detail

Repository: rL LLVM

Event Timeline

slthakur updated this revision to Diff 66223.Jul 30 2016, 4:28 AM

slthakur retitled this revision from to [MSAN][MIPS] Changed memory mapping to support pie executable..

slthakur updated this object.

slthakur added reviewers: eugenis, kcc, samsonov.

slthakur set the repository for this revision to rL LLVM.

slthakur added a project: Restricted Project.

slthakur added subscribers: mohit.bhakkad, jaydeep, llvm-commits.

lgtm

lib/msan/msan.h
46	Is that for a non-PIE executable? So, the new mapping requires PIE?

This revision is now accepted and ready to land.Aug 1 2016, 11:10 AM

slthakur added inline comments.Aug 2 2016, 9:42 AM

lib/msan/msan.h
46	Yes, this is for non-PIE executable. And the new mapping requires PIE executable.

vkalintiris added a subscriber: vkalintiris.Aug 3 2016, 2:05 AM

This LGTM, but you may want to try and fit both PIE and non-PIE in one mapping the way it's done for Linux x86_64.
Should be possible as long as you can narrow one of these down to carve space for shadow/origin region of the non-PIE app mapping space:
- 0xa000000000-0xc000000000: PIE program segments
- 0xe000000000-0xffffffffff: libraries segments.

Addressed review comment

How about this:
MEM_TO_SHADOW = x ^ 0x800...
SHADOW_TO_ORIGIN = x + 0x200...
and
0x0000000000-0x0200000000: Program own segments
0xa200000000-0xc000000000: PIE program segments
0xe200000000-0xffffffffff: libraries segments.

That's about 2x more address space, and I don't see any overlaps.

Changed Memory mapping as per suggestion

slthakur mentioned this in rL278793: [MSAN][MIPS] Changed memory mapping to support pie executable..Aug 16 2016, 5:57 AM

Committed in rL278793

Revision Contents

Path

Size

lib/

msan/

msan.h

21 lines

test/

msan/

mmap.cc

3 lines

strlen_of_shadow.cc

2 lines

Diff 66223

lib/msan/msan.h

Show All 36 Lines	enum Type {
INVALID, APP, SHADOW, ORIGIN		INVALID, APP, SHADOW, ORIGIN
} type;		} type;
const char *name;		const char *name;
};		};


#if SANITIZER_LINUX && defined(__mips64)		#if SANITIZER_LINUX && defined(__mips64)

// Everything is above 0x00e000000000.		// MIPS64 maps:
		// - 0x0100000000-0x0200000000: Program own segments
		eugenisUnsubmitted Not Done Reply Inline Actions Is that for a non-PIE executable? So, the new mapping requires PIE? eugenis: Is that for a non-PIE executable? So, the new mapping requires PIE?
		slthakurAuthorUnsubmitted Not Done Reply Inline Actions Yes, this is for non-PIE executable. And the new mapping requires PIE executable. slthakur: Yes, this is for non-PIE executable. And the new mapping requires PIE executable.
		// - 0xa000000000-0xc000000000: PIE program segments
		// - 0xe000000000-0xffffffffff: libraries segments.
const MappingDesc kMemoryLayout[] = {		const MappingDesc kMemoryLayout[] = {
{0x000000000000ULL, 0x00a000000000ULL, MappingDesc::INVALID, "invalid"},		{0x000000000000ULL, 0x002000000000ULL, MappingDesc::INVALID, "invalid"},
{0x00a000000000ULL, 0x00c000000000ULL, MappingDesc::SHADOW, "shadow"},		{0x002000000000ULL, 0x004000000000ULL, MappingDesc::SHADOW, "shadow-1"},
{0x00c000000000ULL, 0x00e000000000ULL, MappingDesc::ORIGIN, "origin"},		{0x004000000000ULL, 0x006000000000ULL, MappingDesc::ORIGIN, "origin-1"},
{0x00e000000000ULL, 0x010000000000ULL, MappingDesc::APP, "app"}};		{0x006000000000ULL, 0x008000000000ULL, MappingDesc::SHADOW, "shadow-2"},
		{0x008000000000ULL, 0x00a000000000ULL, MappingDesc::ORIGIN, "origin-2"},
		{0x00a000000000ULL, 0x00c000000000ULL, MappingDesc::APP, "app-1"},
		{0x00c000000000ULL, 0x00e000000000ULL, MappingDesc::INVALID, "invalid"},
		{0x00e000000000ULL, 0x00ffffffffffULL, MappingDesc::APP, "app-2"}};

#define MEM_TO_SHADOW(mem) (((uptr)(mem)) & ~0x4000000000ULL)		#define MEM_TO_SHADOW(mem) (((uptr)(mem)) ^ 0x8000000000ULL)
#define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x002000000000)		#define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x002000000000)

#elif SANITIZER_LINUX && defined(__aarch64__)		#elif SANITIZER_LINUX && defined(__aarch64__)

// The mapping describes both 39-bits and 42-bits. AArch64 maps:		// The mapping describes both 39-bits and 42-bits. AArch64 maps:
// - 0x00000000000-0x00010000000: 39/42-bits program own segments		// - 0x00000000000-0x00010000000: 39/42-bits program own segments
// - 0x05500000000-0x05600000000: 39-bits PIE program segments		// - 0x05500000000-0x05600000000: 39-bits PIE program segments
// - 0x07f80000000-0x07fffffffff: 39-bits libraries segments		// - 0x07f80000000-0x07fffffffff: 39-bits libraries segments
▲ Show 20 Lines • Show All 269 Lines • Show Last 20 Lines

test/msan/mmap.cc

Show All 13 Lines	bool AddrIsApp(void *p) {
uintptr_t addr = (uintptr_t)p;		uintptr_t addr = (uintptr_t)p;
#if defined(__FreeBSD__) && defined(__x86_64__)		#if defined(__FreeBSD__) && defined(__x86_64__)
return addr < 0x010000000000ULL \|\| addr >= 0x600000000000ULL;		return addr < 0x010000000000ULL \|\| addr >= 0x600000000000ULL;
#elif defined(__x86_64__)		#elif defined(__x86_64__)
return (addr >= 0x000000000000ULL && addr < 0x010000000000ULL) \|\|		return (addr >= 0x000000000000ULL && addr < 0x010000000000ULL) \|\|
(addr >= 0x510000000000ULL && addr < 0x600000000000ULL) \|\|		(addr >= 0x510000000000ULL && addr < 0x600000000000ULL) \|\|
(addr >= 0x700000000000ULL && addr < 0x800000000000ULL);		(addr >= 0x700000000000ULL && addr < 0x800000000000ULL);
#elif defined(__mips64)		#elif defined(__mips64)
return addr >= 0x00e000000000ULL;		return addr >= 0x00e000000000ULL \|\|
		addr >= 0x00a000000000ULL && addr <= 0x00c000000000ULL;
#elif defined(__powerpc64__)		#elif defined(__powerpc64__)
return addr < 0x000100000000ULL \|\| addr >= 0x300000000000ULL;		return addr < 0x000100000000ULL \|\| addr >= 0x300000000000ULL;
#elif defined(__aarch64__)		#elif defined(__aarch64__)

struct AddrMapping {		struct AddrMapping {
uintptr_t start;		uintptr_t start;
uintptr_t end;		uintptr_t end;
} mappings[] = {		} mappings[] = {
▲ Show 20 Lines • Show All 41 Lines • Show Last 20 Lines

test/msan/strlen_of_shadow.cc

	// RUN: %clangxx_msan -O0 %s -o %t && %run %t			// RUN: %clangxx_msan -O0 %s -o %t && %run %t

	// Check that strlen() and similar intercepted functions can be called on shadow			// Check that strlen() and similar intercepted functions can be called on shadow
	// memory.			// memory.

	#include <assert.h>			#include <assert.h>
	#include <stdint.h>			#include <stdint.h>
	#include <stdio.h>			#include <stdio.h>
	#include <string.h>			#include <string.h>
	#include <stdlib.h>			#include <stdlib.h>
	#include "test.h"			#include "test.h"

	const char mem_to_shadow(const char p) {			const char mem_to_shadow(const char p) {
	#if defined(__x86_64__)			#if defined(__x86_64__)
	return (char *)((uintptr_t)p ^ 0x500000000000ULL);			return (char *)((uintptr_t)p ^ 0x500000000000ULL);
	#elif defined (__mips64)			#elif defined (__mips64)
	return (char *)((uintptr_t)p & ~0x4000000000ULL);			return (char *)((uintptr_t)p ^ 0x8000000000ULL);
	#elif defined(__powerpc64__)			#elif defined(__powerpc64__)
	#define LINEARIZE_MEM(mem) \			#define LINEARIZE_MEM(mem) \
	(((uintptr_t)(mem) & ~0x200000000000ULL) ^ 0x100000000000ULL)			(((uintptr_t)(mem) & ~0x200000000000ULL) ^ 0x100000000000ULL)
	return (char *)(LINEARIZE_MEM(p) + 0x080000000000ULL);			return (char *)(LINEARIZE_MEM(p) + 0x080000000000ULL);
	#elif defined(__aarch64__)			#elif defined(__aarch64__)
	return (char *)((uintptr_t)p ^ 0x6000000000ULL);			return (char *)((uintptr_t)p ^ 0x6000000000ULL);
	#endif			#endif
	}			}
	Show All 11 Lines