This is an archive of the discontinued LLVM Phabricator instance.

[scudo] Fix a bug in the new Secondary Allocator
ClosedPublic

Authored by cryptoad on Sep 20 2016, 3:02 PM.

Download Raw Diff

Details

Reviewers

Commits

rG1da3ea561ac6: [scudo] Fix a bug in the new Secondary Allocator
rCRT282030: [scudo] Fix a bug in the new Secondary Allocator
rL282030: [scudo] Fix a bug in the new Secondary Allocator

Summary

GetActuallyAllocatedSize() was not accounting for the last page of the mapping
being a guard page, and was returning the wrong number of actually allocated
bytes, which in turn would mess up with the realloc logic. Current tests didn't
find this as the size exercised was only serviced by the Primary.

Correct the issue by subtracting PageSize, and update the realloc test to
exercise paths in both the Primary and the Secondary.

Diff Detail

Event Timeline

cryptoad updated this revision to Diff 71991.Sep 20 2016, 3:02 PM

cryptoad retitled this revision from to [scudo] Fix a bug in the new Secondary Allocator GetActuallyAllocatedSize() was not accounting for the last page of the mapping being a guard page, and was returning the wrong number of actually allocated bytes, which in turn would mess up with....

cryptoad updated this object.

cryptoad retitled this revision from [scudo] Fix a bug in the new Secondary Allocator GetActuallyAllocatedSize() was not accounting for the last page of the mapping being a guard page, and was returning the wrong number of actually allocated bytes, which in turn would mess up with... to [scudo] Fix a bug in the new Secondary Allocator .Sep 20 2016, 3:02 PM

cryptoad updated this object.

cryptoad added a reviewer: kcc.

cryptoad added a subscriber: llvm-commits.

LGTM

This revision is now accepted and ready to land.Sep 20 2016, 3:24 PM

cryptoad closed this revision.Sep 20 2016, 3:26 PM

Revision Contents

Path

Size

lib/

scudo/

scudo_allocator_secondary.h

5 lines

test/

scudo/

realloc.cpp

89 lines

Diff 71991

lib/scudo/scudo_allocator_secondary.h

Show All 36 Lines	void Allocate(AllocatorStats Stats, uptr Size, uptr Alignment) {
// A page-aligned pointer is assumed after that, so check it now.		// A page-aligned pointer is assumed after that, so check it now.
CHECK(IsAligned(MapBeg, PageSize));		CHECK(IsAligned(MapBeg, PageSize));
MapBeg += PageSize;		MapBeg += PageSize;
CHECK_EQ(MapBeg, reinterpret_cast<uptr>(MmapFixedOrDie(MapBeg, MapSize)));		CHECK_EQ(MapBeg, reinterpret_cast<uptr>(MmapFixedOrDie(MapBeg, MapSize)));
uptr MapEnd = MapBeg + MapSize;		uptr MapEnd = MapBeg + MapSize;
uptr Ptr = MapBeg + sizeof(SecondaryHeader);		uptr Ptr = MapBeg + sizeof(SecondaryHeader);
// TODO(kostyak): add a random offset to Ptr.		// TODO(kostyak): add a random offset to Ptr.
CHECK_GT(Ptr + Size, MapBeg);		CHECK_GT(Ptr + Size, MapBeg);
CHECK_LE(Ptr + Size, MapEnd);		CHECK_LT(Ptr + Size, MapEnd);
SecondaryHeader *Header = getHeader(Ptr);		SecondaryHeader *Header = getHeader(Ptr);
Header->MapBeg = MapBeg - PageSize;		Header->MapBeg = MapBeg - PageSize;
Header->MapSize = MapSize + 2 * PageSize;		Header->MapSize = MapSize + 2 * PageSize;
Stats->Add(AllocatorStatAllocated, MapSize);		Stats->Add(AllocatorStatAllocated, MapSize);
Stats->Add(AllocatorStatMapped, MapSize);		Stats->Add(AllocatorStatMapped, MapSize);
return reinterpret_cast<void *>(Ptr);		return reinterpret_cast<void *>(Ptr);
}		}

Show All 19 Lines	public:
}		}

bool PointerIsMine(const void *Ptr) {		bool PointerIsMine(const void *Ptr) {
UNIMPLEMENTED();		UNIMPLEMENTED();
}		}

uptr GetActuallyAllocatedSize(void *Ptr) {		uptr GetActuallyAllocatedSize(void *Ptr) {
SecondaryHeader *Header = getHeader(Ptr);		SecondaryHeader *Header = getHeader(Ptr);
uptr MapEnd = Header->MapBeg + Header->MapSize;		// Deduct PageSize as MapEnd includes the trailing guard page.
		uptr MapEnd = Header->MapBeg + Header->MapSize - PageSize;
return MapEnd - reinterpret_cast<uptr>(Ptr);		return MapEnd - reinterpret_cast<uptr>(Ptr);
}		}

void GetMetaData(const void Ptr) {		void GetMetaData(const void Ptr) {
UNIMPLEMENTED();		UNIMPLEMENTED();
}		}

void GetBlockBegin(const void Ptr) {		void GetBlockBegin(const void Ptr) {
▲ Show 20 Lines • Show All 49 Lines • Show Last 20 Lines

test/scudo/realloc.cpp

	// RUN: %clang_scudo %s -o %t			// RUN: %clang_scudo %s -o %t
	// RUN: %run %t pointers 2>&1			// RUN: %run %t pointers 2>&1
	// RUN: %run %t contents 2>&1			// RUN: %run %t contents 2>&1
	// RUN: not %run %t memalign 2>&1 \| FileCheck %s			// RUN: not %run %t memalign 2>&1 \| FileCheck %s

	// Tests that our reallocation function returns the same pointer when the			// Tests that our reallocation function returns the same pointer when the
	// requested size can fit into the previously allocated chunk. Also tests that			// requested size can fit into the previously allocated chunk. Also tests that
	// a new chunk is returned if the size is greater, and that the contents of the			// a new chunk is returned if the size is greater, and that the contents of the
	// chunk are left unchanged.			// chunk are left unchanged.
	// As a final test, make sure that a chunk allocated by memalign cannot be			// As a final test, make sure that a chunk allocated by memalign cannot be
	// reallocated.			// reallocated.

	#include <assert.h>			#include <assert.h>
	#include <malloc.h>			#include <malloc.h>
	#include <string.h>			#include <string.h>

				#include <vector>

	int main(int argc, char **argv)			int main(int argc, char **argv)
	{			{
	void p, old_p;			void p, old_p;
	size_t size = 32;			// Those sizes will exercise both allocators (Primary & Secondary).
				std::vector<size_t> sizes{1 << 5, 1 << 17};

	assert(argc == 2);			assert(argc == 2);
				for (size_t size : sizes) {
	if (!strcmp(argv[1], "pointers")) {			if (!strcmp(argv[1], "pointers")) {
	old_p = p = realloc(nullptr, size);			old_p = p = realloc(nullptr, size);
	if (!p)			if (!p)
	return 1;			return 1;
	size = malloc_usable_size(p);			size = malloc_usable_size(p);
	// Our realloc implementation will return the same pointer if the size			// Our realloc implementation will return the same pointer if the size
	// requested is lower or equal to the usable size of the associated chunk.			// requested is lower or equal to the usable size of the associated chunk.
	p = realloc(p, size - 1);			p = realloc(p, size - 1);
	if (p != old_p)			if (p != old_p)
	return 1;			return 1;
	p = realloc(p, size);			p = realloc(p, size);
	if (p != old_p)			if (p != old_p)
	return 1;			return 1;
	// And a new one if the size is greater.			// And a new one if the size is greater.
	p = realloc(p, size + 1);			p = realloc(p, size + 1);
	if (p == old_p)			if (p == old_p)
	return 1;			return 1;
	// A size of 0 will free the chunk and return nullptr.			// A size of 0 will free the chunk and return nullptr.
	p = realloc(p, 0);			p = realloc(p, 0);
	if (p)			if (p)
	return 1;			return 1;
	old_p = nullptr;			old_p = nullptr;
	}			}
	if (!strcmp(argv[1], "contents")) {			if (!strcmp(argv[1], "contents")) {
	p = realloc(nullptr, size);			p = realloc(nullptr, size);
	if (!p)			if (!p)
	return 1;			return 1;
	for (int i = 0; i < size; i++)			for (int i = 0; i < size; i++)
	reinterpret_cast<char *>(p)[i] = 'A';			reinterpret_cast<char *>(p)[i] = 'A';
	p = realloc(p, size + 1);			p = realloc(p, size + 1);
	// The contents of the reallocated chunk must match the original one.			// The contents of the reallocated chunk must match the original one.
	for (int i = 0; i < size; i++)			for (int i = 0; i < size; i++)
	if (reinterpret_cast<char *>(p)[i] != 'A')			if (reinterpret_cast<char *>(p)[i] != 'A')
	return 1;			return 1;
	}			}
	if (!strcmp(argv[1], "memalign")) {			if (!strcmp(argv[1], "memalign")) {
	// A chunk coming from memalign cannot be reallocated.			// A chunk coming from memalign cannot be reallocated.
	p = memalign(16, size);			p = memalign(16, size);
	if (!p)			if (!p)
	return 1;			return 1;
	p = realloc(p, size);			p = realloc(p, size);
	free(p);			free(p);
	}			}
				}
	return 0;			return 0;
	}			}

	// CHECK: ERROR: invalid chunk type when reallocating address			// CHECK: ERROR: invalid chunk type when reallocating address