Index: lib/asan/asan_allocator.cc =================================================================== --- lib/asan/asan_allocator.cc +++ lib/asan/asan_allocator.cc @@ -414,7 +414,7 @@ if (!allocated) return allocator.ReturnNullOrDieOnOOM(); - if (*(u8 *)MEM_TO_SHADOW((uptr)allocated) == 0 && CanPoisonMemory()) { + if (*MEM_TO_PSHADOW((uptr)allocated) == 0 && CanPoisonMemory()) { // Heap poisoning is enabled, but the allocator provides an unpoisoned // chunk. This is possible if CanPoisonMemory() was false for some // time, for example, due to flags()->start_disabled. Index: lib/asan/asan_mapping.h =================================================================== --- lib/asan/asan_mapping.h +++ lib/asan/asan_mapping.h @@ -190,22 +190,33 @@ #endif #define SHADOW_GRANULARITY (1ULL << SHADOW_SCALE) -#define MEM_TO_SHADOW(mem) (((mem) >> SHADOW_SCALE) + (SHADOW_OFFSET)) -#define SHADOW_TO_MEM(shadow) (((shadow) - SHADOW_OFFSET) << SHADOW_SCALE) +#define MEM_TO_VSHADOW(mem) (((mem) >> SHADOW_SCALE) + (SHADOW_OFFSET)) + +// Translate a given virtual shadow address to a physical one and allocate +// the corresponding physical shadow page if it has not been allocated before. +// When the software memory manager is disabled, virtual shadow addresses work +// as physical ones. +#define VSHADOW_TO_PSHADOW(vs) (reinterpret_cast((vs))) + +#define MEM_TO_PSHADOW(mem) (VSHADOW_TO_PSHADOW(MEM_TO_VSHADOW((mem)))) + +// TODO(kosarev): Remove once all uses are rewritten with MEM_TO_VSHADOW() +// or MEM_TO_PSHADOW(). +#define MEM_TO_SHADOW(mem) (MEM_TO_VSHADOW((mem))) #define kLowMemBeg 0 #define kLowMemEnd (SHADOW_OFFSET ? SHADOW_OFFSET - 1 : 0) #define kLowShadowBeg SHADOW_OFFSET -#define kLowShadowEnd MEM_TO_SHADOW(kLowMemEnd) +#define kLowShadowEnd MEM_TO_VSHADOW(kLowMemEnd) -#define kHighMemBeg (MEM_TO_SHADOW(kHighMemEnd) + 1) +#define kHighMemBeg (MEM_TO_VSHADOW(kHighMemEnd) + 1) -#define kHighShadowBeg MEM_TO_SHADOW(kHighMemBeg) -#define kHighShadowEnd MEM_TO_SHADOW(kHighMemEnd) +#define kHighShadowBeg MEM_TO_VSHADOW(kHighMemBeg) +#define kHighShadowEnd MEM_TO_VSHADOW(kHighMemEnd) -# define kMidShadowBeg MEM_TO_SHADOW(kMidMemBeg) -# define kMidShadowEnd MEM_TO_SHADOW(kMidMemEnd) +#define kMidShadowBeg MEM_TO_VSHADOW(kMidMemBeg) +#define kMidShadowEnd MEM_TO_VSHADOW(kMidMemEnd) // With the zero shadow base we can not actually map pages starting from 0. // This constant is somewhat arbitrary. @@ -319,8 +330,7 @@ static inline bool AddressIsPoisoned(uptr a) { PROFILE_ASAN_MAPPING(); const uptr kAccessSize = 1; - u8 *shadow_address = (u8*)MEM_TO_SHADOW(a); - s8 shadow_value = *shadow_address; + s8 shadow_value = *MEM_TO_PSHADOW(a); if (shadow_value) { u8 last_accessed_byte = (a & (SHADOW_GRANULARITY - 1)) + kAccessSize - 1; Index: lib/asan/asan_poisoning.cc =================================================================== --- lib/asan/asan_poisoning.cc +++ lib/asan/asan_poisoning.cc @@ -260,16 +260,14 @@ void __asan_poison_cxx_array_cookie(uptr p) { if (SANITIZER_WORDSIZE != 64) return; if (!flags()->poison_array_cookie) return; - uptr s = MEM_TO_SHADOW(p); - *reinterpret_cast(s) = kAsanArrayCookieMagic; + *MEM_TO_PSHADOW(p) = kAsanArrayCookieMagic; } extern "C" SANITIZER_INTERFACE_ATTRIBUTE uptr __asan_load_cxx_array_cookie(uptr *p) { if (SANITIZER_WORDSIZE != 64) return *p; if (!flags()->poison_array_cookie) return *p; - uptr s = MEM_TO_SHADOW(reinterpret_cast(p)); - u8 sval = *reinterpret_cast(s); + u8 sval = *MEM_TO_PSHADOW(reinterpret_cast(p)); if (sval == kAsanArrayCookieMagic) return *p; // If sval is not kAsanArrayCookieMagic it can only be freed memory, // which means that we are going to get double-free. So, return 0 to avoid Index: lib/asan/asan_rtl.cc =================================================================== --- lib/asan/asan_rtl.cc +++ lib/asan/asan_rtl.cc @@ -398,14 +398,14 @@ (void*)kLowMemBeg, (void*)kLowMemEnd); } Printf("MemToShadow(shadow): %p %p %p %p", - (void*)MEM_TO_SHADOW(kLowShadowBeg), - (void*)MEM_TO_SHADOW(kLowShadowEnd), - (void*)MEM_TO_SHADOW(kHighShadowBeg), - (void*)MEM_TO_SHADOW(kHighShadowEnd)); + (void*)MEM_TO_VSHADOW(kLowShadowBeg), + (void*)MEM_TO_VSHADOW(kLowShadowEnd), + (void*)MEM_TO_VSHADOW(kHighShadowBeg), + (void*)MEM_TO_VSHADOW(kHighShadowEnd)); if (kMidMemBeg) { Printf(" %p %p", - (void*)MEM_TO_SHADOW(kMidShadowBeg), - (void*)MEM_TO_SHADOW(kMidShadowEnd)); + (void*)MEM_TO_VSHADOW(kMidShadowBeg), + (void*)MEM_TO_VSHADOW(kMidShadowEnd)); } Printf("\n"); Printf("redzone=%zu\n", (uptr)flags()->redzone);