This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/trunk/lib/
-
trunk/
-
lib/
-
asan/
-
asan_mac.cc
-
sanitizer_common/
-
sanitizer_common.h
-
sanitizer_linux.cc
-
sanitizer_mac.cc
-
sanitizer_win.cc

Differential D43318

[asan] Be more careful and verbose when allocating dynamic shadow memory
ClosedPublic

Authored by kubamracek on Feb 14 2018, 2:34 PM.

Download Raw Diff

Details

Reviewers

delcypher
kcc
george.karpenkov
eugenis
filcab
fjricci

Commits

rG061f3589ccae: [asan] Be more careful and verbose when allocating dynamic shadow memory
rCRT326106: [asan] Be more careful and verbose when allocating dynamic shadow memory
rL326106: [asan] Be more careful and verbose when allocating dynamic shadow memory

Summary

FindAvailableMemoryRange can currently overwrite existing memory (by restricting the VM below addresses that are already used). This patch adds a check to make sure we don't restrict the VM space too much. We are also now more explicit about why the lookup failed and print out verbose values.

Diff Detail

Repository: rL LLVM

Event Timeline

kubamracek created this revision.Feb 14 2018, 2:34 PM

Herald added a subscriber: Restricted Project. · View Herald TranscriptFeb 14 2018, 2:34 PM

george.karpenkov added inline comments.Feb 23 2018, 5:26 PM

lib/asan/asan_mac.cc
66 ↗	(On Diff #134316)	yay logging yay!
75 ↗	(On Diff #134316)	I don't quite understand semantics here. `max_occupied_vm` to me means "maximal size of occupied virtual memory". Then why it's a problem if a new maximal size is smaller? Shouldn't it be a problem if it's larger?
lib/sanitizer_common/sanitizer_mac.cc
901 ↗	(On Diff #134316)	Is this assignment necessary? Maximum size is zero unless set otherwise?

kubamracek added inline comments.Feb 23 2018, 5:30 PM

lib/asan/asan_mac.cc
75 ↗	(On Diff #134316)	`max_occupied_vm` is the largest address that it already occupied by something. We're trying to restrict the VM space with `new_max_vm` being the new VM limit. This check is to make sure we don't restrict too much (which would overwrite memory that is already used). Suggestions for better name of `max_occupied_vm`?
lib/sanitizer_common/sanitizer_mac.cc
901 ↗	(On Diff #134316)	I'd rather not leave garbage in `max_vm_address` if for some reason the loop below doesn't find any regions at all.

kubamracek added inline comments.Feb 23 2018, 5:31 PM

lib/sanitizer_common/sanitizer_mac.cc
901 ↗	(On Diff #134316)	I mean, I don't want the semantics of this (or any) function to only partially (on some paths) initialize pointer-passed values...

george.karpenkov added inline comments.Feb 23 2018, 5:48 PM

lib/asan/asan_mac.cc
75 ↗	(On Diff #134316)	`largest_occupied_vm`? Almost the same, but at least to me does quite have same connotation, but that's a not important nit.. In any case, maybe this should be explained in a doxygen comment for `FindAvailableMemoryRange`?

fjricci added inline comments.Feb 24 2018, 8:39 AM

lib/asan/asan_mac.cc
75 ↗	(On Diff #134316)	`max_occupied_addr` or `max_occupied_vm_addr`, perhaps?

Renamed variable.

george.karpenkov accepted this revision.Feb 26 2018, 10:13 AM

This revision is now accepted and ready to land.Feb 26 2018, 10:13 AM

Closed by commit rL326106: [asan] Be more careful and verbose when allocating dynamic shadow memory (authored by kuba.brecka). · Explain WhyFeb 26 2018, 10:36 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

compiler-rt/

trunk/

lib/

asan/

asan_mac.cc

28 lines

sanitizer_common/

2 lines

3 lines

12 lines

3 lines

Diff 135924

compiler-rt/trunk/lib/asan/asan_mac.cc

	Show First 20 Lines • Show All 56 Lines • ▼ Show 20 Lines

	uptr FindDynamicShadowStart() {			uptr FindDynamicShadowStart() {
	uptr granularity = GetMmapGranularity();			uptr granularity = GetMmapGranularity();
	uptr alignment = 8 * granularity;			uptr alignment = 8 * granularity;
	uptr left_padding = granularity;			uptr left_padding = granularity;
	uptr space_size = kHighShadowEnd + left_padding;			uptr space_size = kHighShadowEnd + left_padding;

	uptr largest_gap_found = 0;			uptr largest_gap_found = 0;
	uptr shadow_start = FindAvailableMemoryRange(space_size, alignment,			uptr max_occupied_addr = 0;
	granularity, &largest_gap_found);			VReport(2, "FindDynamicShadowStart, space_size = %p\n", space_size);
				uptr shadow_start =
				FindAvailableMemoryRange(space_size, alignment, granularity,
				&largest_gap_found, &max_occupied_addr);
	// If the shadow doesn't fit, restrict the address space to make it fit.			// If the shadow doesn't fit, restrict the address space to make it fit.
	if (shadow_start == 0) {			if (shadow_start == 0) {
				VReport(
				2,
				"Shadow doesn't fit, largest_gap_found = %p, max_occupied_addr = %p\n",
				largest_gap_found, max_occupied_addr);
	uptr new_max_vm = RoundDownTo(largest_gap_found << SHADOW_SCALE, alignment);			uptr new_max_vm = RoundDownTo(largest_gap_found << SHADOW_SCALE, alignment);
				if (new_max_vm < max_occupied_addr) {
				Report("Unable to find a memory range for dynamic shadow.\n");
				Report(
				"space_size = %p, largest_gap_found = %p, max_occupied_addr = %p, "
				"new_max_vm = %p\n",
				space_size, largest_gap_found, max_occupied_addr, new_max_vm);
				CHECK(0 && "cannot place shadow");
				}
	RestrictMemoryToMaxAddress(new_max_vm);			RestrictMemoryToMaxAddress(new_max_vm);
	kHighMemEnd = new_max_vm - 1;			kHighMemEnd = new_max_vm - 1;
	space_size = kHighShadowEnd + left_padding;			space_size = kHighShadowEnd + left_padding;
	shadow_start =			VReport(2, "FindDynamicShadowStart, space_size = %p\n", space_size);
	FindAvailableMemoryRange(space_size, alignment, granularity, nullptr);			shadow_start = FindAvailableMemoryRange(space_size, alignment, granularity,
				nullptr, nullptr);
				if (shadow_start == 0) {
				Report("Unable to find a memory range after restricting VM.\n");
				CHECK(0 && "cannot place shadow after restricting vm");
				}
	}			}
	CHECK_NE((uptr)0, shadow_start);			CHECK_NE((uptr)0, shadow_start);
	CHECK(IsAligned(shadow_start, alignment));			CHECK(IsAligned(shadow_start, alignment));
	return shadow_start;			return shadow_start;
	}			}

	// No-op. Mac does not support static linkage anyway.			// No-op. Mac does not support static linkage anyway.
	void AsanCheckDynamicRTPrereqs() {}			void AsanCheckDynamicRTPrereqs() {}
	▲ Show 20 Lines • Show All 230 Lines • Show Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_common.h

Show First 20 Lines • Show All 106 Lines • ▼ Show 20 Lines	void *MmapAlignedOrDieOnFatalError(uptr size, uptr alignment,
const char *mem_type);		const char *mem_type);
// Disallow access to a memory range. Use MmapFixedNoAccess to allocate an		// Disallow access to a memory range. Use MmapFixedNoAccess to allocate an
// unaccessible memory.		// unaccessible memory.
bool MprotectNoAccess(uptr addr, uptr size);		bool MprotectNoAccess(uptr addr, uptr size);
bool MprotectReadOnly(uptr addr, uptr size);		bool MprotectReadOnly(uptr addr, uptr size);

// Find an available address space.		// Find an available address space.
uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding,		uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding,
uptr *largest_gap_found);		uptr largest_gap_found, uptr max_occupied_addr);

// Used to check if we can map shadow memory to a fixed location.		// Used to check if we can map shadow memory to a fixed location.
bool MemoryRangeIsAvailable(uptr range_start, uptr range_end);		bool MemoryRangeIsAvailable(uptr range_start, uptr range_end);
// Releases memory pages entirely within the [beg, end] address range. Noop if		// Releases memory pages entirely within the [beg, end] address range. Noop if
// the provided range does not contain at least one entire page.		// the provided range does not contain at least one entire page.
void ReleaseMemoryPagesToOS(uptr beg, uptr end);		void ReleaseMemoryPagesToOS(uptr beg, uptr end);
void IncreaseTotalMmap(uptr size);		void IncreaseTotalMmap(uptr size);
void DecreaseTotalMmap(uptr size);		void DecreaseTotalMmap(uptr size);
▲ Show 20 Lines • Show All 830 Lines • Show Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_linux.cc

Show First 20 Lines • Show All 1,853 Lines • ▼ Show 20 Lines	Report(
"RTLD_DEEPBIND from dlopen flags.\n",		"RTLD_DEEPBIND from dlopen flags.\n",
filename, filename);		filename, filename);
Die();		Die();
}		}
#endif		#endif
}		}

uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding,		uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding,
uptr *largest_gap_found) {		uptr *largest_gap_found,
		uptr *max_occupied_addr) {
UNREACHABLE("FindAvailableMemoryRange is not available");		UNREACHABLE("FindAvailableMemoryRange is not available");
return 0;		return 0;
}		}

bool GetRandom(void *buffer, uptr length, bool blocking) {		bool GetRandom(void *buffer, uptr length, bool blocking) {
if (!buffer \|\| !length \|\| length > 256)		if (!buffer \|\| !length \|\| length > 256)
return false;		return false;
#if SANITIZER_USE_GETRANDOM		#if SANITIZER_USE_GETRANDOM
Show All 28 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_mac.cc

Show First 20 Lines • Show All 881 Lines • ▼ Show 20 Lines	#else // SANITIZER_WORDSIZE == 32
return (1ULL << 32) - 1; // 0xffffffff;		return (1ULL << 32) - 1; // 0xffffffff;
#endif // SANITIZER_WORDSIZE		#endif // SANITIZER_WORDSIZE
}		}

uptr GetMaxVirtualAddress() {		uptr GetMaxVirtualAddress() {
return GetMaxUserVirtualAddress();		return GetMaxUserVirtualAddress();
}		}

uptr FindAvailableMemoryRange(uptr shadow_size,		uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding,
uptr alignment,		uptr *largest_gap_found,
uptr left_padding,		uptr *max_occupied_addr) {
uptr *largest_gap_found) {
typedef vm_region_submap_short_info_data_64_t RegionInfo;		typedef vm_region_submap_short_info_data_64_t RegionInfo;
enum { kRegionInfoSize = VM_REGION_SUBMAP_SHORT_INFO_COUNT_64 };		enum { kRegionInfoSize = VM_REGION_SUBMAP_SHORT_INFO_COUNT_64 };
// Start searching for available memory region past PAGEZERO, which is		// Start searching for available memory region past PAGEZERO, which is
// 4KB on 32-bit and 4GB on 64-bit.		// 4KB on 32-bit and 4GB on 64-bit.
mach_vm_address_t start_address =		mach_vm_address_t start_address =
(SANITIZER_WORDSIZE == 32) ? 0x000000001000 : 0x000100000000;		(SANITIZER_WORDSIZE == 32) ? 0x000000001000 : 0x000100000000;

mach_vm_address_t address = start_address;		mach_vm_address_t address = start_address;
mach_vm_address_t free_begin = start_address;		mach_vm_address_t free_begin = start_address;
kern_return_t kr = KERN_SUCCESS;		kern_return_t kr = KERN_SUCCESS;
if (largest_gap_found) *largest_gap_found = 0;		if (largest_gap_found) *largest_gap_found = 0;
		if (max_occupied_addr) *max_occupied_addr = 0;
while (kr == KERN_SUCCESS) {		while (kr == KERN_SUCCESS) {
mach_vm_size_t vmsize = 0;		mach_vm_size_t vmsize = 0;
natural_t depth = 0;		natural_t depth = 0;
RegionInfo vminfo;		RegionInfo vminfo;
mach_msg_type_number_t count = kRegionInfoSize;		mach_msg_type_number_t count = kRegionInfoSize;
kr = mach_vm_region_recurse(mach_task_self(), &address, &vmsize, &depth,		kr = mach_vm_region_recurse(mach_task_self(), &address, &vmsize, &depth,
(vm_region_info_t)&vminfo, &count);		(vm_region_info_t)&vminfo, &count);
if (kr == KERN_INVALID_ADDRESS) {		if (kr == KERN_INVALID_ADDRESS) {
// No more regions beyond "address", consider the gap at the end of VM.		// No more regions beyond "address", consider the gap at the end of VM.
address = GetMaxVirtualAddress() + 1;		address = GetMaxVirtualAddress() + 1;
vmsize = 0;		vmsize = 0;
		} else {
		if (max_occupied_addr) *max_occupied_addr = address + vmsize;
}		}
if (free_begin != address) {		if (free_begin != address) {
// We found a free region [free_begin..address-1].		// We found a free region [free_begin..address-1].
uptr gap_start = RoundUpTo((uptr)free_begin + left_padding, alignment);		uptr gap_start = RoundUpTo((uptr)free_begin + left_padding, alignment);
uptr gap_end = RoundDownTo((uptr)address, alignment);		uptr gap_end = RoundDownTo((uptr)address, alignment);
uptr gap_size = gap_end > gap_start ? gap_end - gap_start : 0;		uptr gap_size = gap_end > gap_start ? gap_end - gap_start : 0;
if (shadow_size < gap_size) {		if (size < gap_size) {
return gap_start;		return gap_start;
}		}

if (largest_gap_found && *largest_gap_found < gap_size) {		if (largest_gap_found && *largest_gap_found < gap_size) {
*largest_gap_found = gap_size;		*largest_gap_found = gap_size;
}		}
}		}
// Move to the next region.		// Move to the next region.
▲ Show 20 Lines • Show All 108 Lines • Show Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_win.cc

	Show First 20 Lines • Show All 325 Lines • ▼ Show 20 Lines
	}			}

	void DontDumpShadowMemory(uptr addr, uptr length) {			void DontDumpShadowMemory(uptr addr, uptr length) {
	// This is almost useless on 32-bits.			// This is almost useless on 32-bits.
	// FIXME: add madvise-analog when we move to 64-bits.			// FIXME: add madvise-analog when we move to 64-bits.
	}			}

	uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding,			uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding,
	uptr *largest_gap_found) {			uptr *largest_gap_found,
				uptr *max_occupied_addr) {
	uptr address = 0;			uptr address = 0;
	while (true) {			while (true) {
	MEMORY_BASIC_INFORMATION info;			MEMORY_BASIC_INFORMATION info;
	if (!::VirtualQuery((void*)address, &info, sizeof(info)))			if (!::VirtualQuery((void*)address, &info, sizeof(info)))
	return 0;			return 0;

	if (info.State == MEM_FREE) {			if (info.State == MEM_FREE) {
	uptr shadow_address = RoundUpTo((uptr)info.BaseAddress + left_padding,			uptr shadow_address = RoundUpTo((uptr)info.BaseAddress + left_padding,
	▲ Show 20 Lines • Show All 785 Lines • Show Last 20 Lines