This is an archive of the discontinued LLVM Phabricator instance.

[asan] Don't assert that a target is within 2GB on 32-bit Windows
ClosedPublic

Authored by rnk on Nov 14 2016, 4:46 PM.

Download Raw Diff

Details

Reviewers

Commits

rG0d7c42c7abb3: [asan] Don't assert that a target is within 2GB on 32-bit Windows
rCRT286997: [asan] Don't assert that a target is within 2GB on 32-bit Windows
rL286997: [asan] Don't assert that a target is within 2GB on 32-bit Windows

Summary

In a 32-bit address space, PC-relative jump targets are wrapped, so a
direct branch at 0x90000001 can reach address 0x10000000 with a
displacement of 0x7FFFFFFFF. This can happen in applications, such as
Chrome, that are linked with /LARGEADDRESSAWARE.

Diff Detail

Repository: rL LLVM

Event Timeline

rnk updated this revision to Diff 77917.Nov 14 2016, 4:46 PM

rnk retitled this revision from to [asan] Don't assert that a target is within 2GB on 32-bit Windows.

rnk updated this object.

rnk added a reviewer: etienneb.

rnk added a subscriber: llvm-commits.

Herald added a subscriber: mgorny. · View Herald TranscriptNov 14 2016, 4:46 PM

lg, thanks for the fix

lib/interception/tests/interception_win_test.cc
220 ↗	(On Diff #77917)	nit: coding style is {} instead of {0} ?

This revision is now accepted and ready to land.Nov 15 2016, 7:56 AM

rnk added inline comments.Nov 15 2016, 10:38 AM

lib/interception/tests/interception_win_test.cc
220 ↗	(On Diff #77917)	Sure, done.

Closed by commit rL286997: [asan] Don't assert that a target is within 2GB on 32-bit Windows (authored by rnk). · Explain WhyNov 15 2016, 10:39 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

compiler-rt/

trunk/

lib/

interception/

interception_win.cc

6 lines

tests/

CMakeLists.txt

1 line

interception_win_test.cc

31 lines

Diff 78027

compiler-rt/trunk/lib/interception/interception_win.cc

	Show First 20 Lines • Show All 142 Lines • ▼ Show 20 Lines
	static const int kDirectBranchLength = kBranchLength + kAddressLength;			static const int kDirectBranchLength = kBranchLength + kAddressLength;

	static void InterceptionFailed() {			static void InterceptionFailed() {
	// Do we have a good way to abort with an error message here?			// Do we have a good way to abort with an error message here?
	__debugbreak();			__debugbreak();
	}			}

	static bool DistanceIsWithin2Gig(uptr from, uptr target) {			static bool DistanceIsWithin2Gig(uptr from, uptr target) {
				#if SANITIZER_WINDOWS64
	if (from < target)			if (from < target)
	return target - from <= (uptr)0x7FFFFFFFU;			return target - from <= (uptr)0x7FFFFFFFU;
	else			else
	return from - target <= (uptr)0x80000000U;			return from - target <= (uptr)0x80000000U;
				#else
				// In a 32-bit address space, the address calculation will wrap, so this check
				// is unnecessary.
				return true;
				#endif
	}			}

	static uptr GetMmapGranularity() {			static uptr GetMmapGranularity() {
	SYSTEM_INFO si;			SYSTEM_INFO si;
	GetSystemInfo(&si);			GetSystemInfo(&si);
	return si.dwAllocationGranularity;			return si.dwAllocationGranularity;
	}			}

	▲ Show 20 Lines • Show All 838 Lines • Show Last 20 Lines

compiler-rt/trunk/lib/interception/tests/CMakeLists.txt

	Show All 23 Lines
	# -gline-tables-only must be enough for these tests, so use it if possible.			# -gline-tables-only must be enough for these tests, so use it if possible.
	if(COMPILER_RT_TEST_COMPILER_ID MATCHES "Clang")			if(COMPILER_RT_TEST_COMPILER_ID MATCHES "Clang")
	list(APPEND INTERCEPTION_TEST_CFLAGS_COMMON -gline-tables-only)			list(APPEND INTERCEPTION_TEST_CFLAGS_COMMON -gline-tables-only)
	else()			else()
	list(APPEND INTERCEPTION_TEST_CFLAGS_COMMON -g)			list(APPEND INTERCEPTION_TEST_CFLAGS_COMMON -g)
	endif()			endif()
	if(MSVC)			if(MSVC)
	list(APPEND INTERCEPTION_TEST_CFLAGS_COMMON -gcodeview)			list(APPEND INTERCEPTION_TEST_CFLAGS_COMMON -gcodeview)
				list(APPEND INTERCEPTION_TEST_LINK_FLAGS_COMMON -Wl,-largeaddressaware)
	endif()			endif()
	list(APPEND INTERCEPTION_TEST_LINK_FLAGS_COMMON -g)			list(APPEND INTERCEPTION_TEST_LINK_FLAGS_COMMON -g)

	if(NOT MSVC)			if(NOT MSVC)
	list(APPEND INTERCEPTION_TEST_LINK_FLAGS_COMMON --driver-mode=g++)			list(APPEND INTERCEPTION_TEST_LINK_FLAGS_COMMON --driver-mode=g++)
	endif()			endif()

	if(ANDROID)			if(ANDROID)
	▲ Show 20 Lines • Show All 103 Lines • Show Last 20 Lines

compiler-rt/trunk/lib/interception/tests/interception_win_test.cc

	Show First 20 Lines • Show All 198 Lines • ▼ Show 20 Lines

	const u8 kUnpatchableCode6[] = {			const u8 kUnpatchableCode6[] = {
	0xE8, 0xCC, 0xCC, 0xCC, 0xCC, // call <func>			0xE8, 0xCC, 0xCC, 0xCC, 0xCC, // call <func>
	0x90, 0x90, 0x90, 0x90,			0x90, 0x90, 0x90, 0x90,
	};			};

	// A buffer holding the dynamically generated code under test.			// A buffer holding the dynamically generated code under test.
	u8* ActiveCode;			u8* ActiveCode;
	size_t ActiveCodeLength = 4096;			const size_t ActiveCodeLength = 4096;

				int InterceptorFunction(int x);

				/// Allocate code memory more than 2GB away from Base.
				u8 AllocateCode2GBAway(u8 Base) {
				// Find a 64K aligned location after Base plus 2GB.
				size_t TwoGB = 0x80000000;
				size_t AllocGranularity = 0x10000;
				Base = (u8 *)((((uptr)Base + TwoGB + AllocGranularity)) & ~(AllocGranularity - 1));

				// Check if that location is free, and if not, loop over regions until we find
				// one that is.
				MEMORY_BASIC_INFORMATION mbi = {};
				while (sizeof(mbi) == VirtualQuery(Base, &mbi, sizeof(mbi))) {
				if (mbi.State & MEM_FREE) break;
				Base += mbi.RegionSize;
				}

				// Allocate one RWX page at the free location.
				return (u8 *)::VirtualAlloc(Base, ActiveCodeLength, MEM_COMMIT \| MEM_RESERVE,
				PAGE_EXECUTE_READWRITE);
				}

	template<class T>			template<class T>
	static void LoadActiveCode(			static void LoadActiveCode(
	const T &code,			const T &code,
	uptr *entry_point,			uptr *entry_point,
	FunctionPrefixKind prefix_kind = FunctionPrefixNone) {			FunctionPrefixKind prefix_kind = FunctionPrefixNone) {
	if (ActiveCode == nullptr) {			if (ActiveCode == nullptr) {
	ActiveCode =			ActiveCode = AllocateCode2GBAway((u8*)&InterceptorFunction);
	(u8*)::VirtualAlloc(nullptr, ActiveCodeLength,			ASSERT_NE(ActiveCode, nullptr) << "failed to allocate RWX memory 2GB away";
	MEM_COMMIT \| MEM_RESERVE,
	PAGE_EXECUTE_READWRITE);
	ASSERT_NE(ActiveCode, nullptr);
	}			}

	size_t position = 0;			size_t position = 0;

	// Add padding to avoid memory violation when scanning the prefix.			// Add padding to avoid memory violation when scanning the prefix.
	for (int i = 0; i < 16; ++i)			for (int i = 0; i < 16; ++i)
	ActiveCode[position++] = 0xC3; // Instruction 'ret'.			ActiveCode[position++] = 0xC3; // Instruction 'ret'.

	▲ Show 20 Lines • Show All 373 Lines • Show Last 20 Lines