This is an archive of the discontinued LLVM Phabricator instance.

Differential D52091

[winasan] Unpoison the stack in NtTerminateThread
ClosedPublic

Authored by dmajor on Sep 14 2018, 5:58 AM.

Download Raw Diff

Details

Reviewers

Commits

rG6d6c9150f935: Reland r342652 "[winasan] Unpoison the stack in NtTerminateThread"
rG468f53b58c62: [winasan] Unpoison the stack in NtTerminateThread
rCRT343606: Reland r342652 "[winasan] Unpoison the stack in NtTerminateThread"
rL343606: Reland r342652 "[winasan] Unpoison the stack in NtTerminateThread"
rL342652: [winasan] Unpoison the stack in NtTerminateThread
rCRT342652: [winasan] Unpoison the stack in NtTerminateThread

Summary

In long-running builds we've seen some ASan complaints during thread creation that we suspect are due to leftover poisoning from previous threads whose stacks occupied that memory. This patch adds a hook that unpoisons the stack just before the NtTerminateThread syscall.

Diff Detail

Repository: rCRT Compiler Runtime

Event Timeline

dmajor created this revision.Sep 14 2018, 5:58 AM

Herald added subscribers: Restricted Project, llvm-commits, kubamracek. · View Herald TranscriptSep 14 2018, 5:58 AM

lgtm

This revision is now accepted and ready to land.Sep 19 2018, 1:40 PM

Closed by commit rCRT342652: [winasan] Unpoison the stack in NtTerminateThread (authored by dmajor). · Explain WhySep 20 2018, 8:00 AM

This revision was automatically updated to reflect the committed changes.

This appears to have caused the thread exit code to get clobbered, as shown by some Chromium test failures: https://bugs.chromium.org/p/chromium/issues/detail?id=890310

I've reverted in r343322.

I think NtTerminateThread has a richer prototype:
NTEXPORT NTSTATUS NTAPI
NtTerminateThread(IN HANDLE ThreadHandle OPTIONAL, IN NTSTATUS ExitStatus)
https://github.com/DynamoRIO/dynamorio/blob/f1713ec4a9a856d1038c6095da67a5bd95b6a1c7/core/win32/ntdll_imports.c#L154
http://codewarrior.cn/ntdoc/win2k/ps/NtTerminateThread.htm

It should be fine to recommit with a better prototype.

Relanded in r343606.

Revision Contents

Path

Size

lib/

asan/

asan_win.cc

12 lines

Diff 166295

lib/asan/asan_win.cc

Show First 20 Lines • Show All 148 Lines • ▼ Show 20 Lines	INTERCEPTOR_WINAPI(DWORD, CreateThread,
bool detached = false; // FIXME: how can we determine it on Windows?		bool detached = false; // FIXME: how can we determine it on Windows?
u32 current_tid = GetCurrentTidOrInvalid();		u32 current_tid = GetCurrentTidOrInvalid();
AsanThread *t =		AsanThread *t =
AsanThread::Create(start_routine, arg, current_tid, &stack, detached);		AsanThread::Create(start_routine, arg, current_tid, &stack, detached);
return REAL(CreateThread)(security, stack_size,		return REAL(CreateThread)(security, stack_size,
asan_thread_start, t, thr_flags, tid);		asan_thread_start, t, thr_flags, tid);
}		}

		INTERCEPTOR_WINAPI(void, NtTerminateThread, void *rcx) {
		// Unpoison the terminating thread's stack because the memory may be re-used.
		NT_TIB tib = (NT_TIB )NtCurrentTeb();
		uptr stackSize = (uptr)tib->StackBase - (uptr)tib->StackLimit;
		__asan_unpoison_memory_region(tib->StackLimit, stackSize);
		return REAL(NtTerminateThread(rcx));
		}

// }}}		// }}}

namespace __asan {		namespace __asan {

void InitializePlatformInterceptors() {		void InitializePlatformInterceptors() {
ASAN_INTERCEPT_FUNC(CreateThread);		ASAN_INTERCEPT_FUNC(CreateThread);
ASAN_INTERCEPT_FUNC(SetUnhandledExceptionFilter);		ASAN_INTERCEPT_FUNC(SetUnhandledExceptionFilter);
		CHECK(::__interception::OverrideFunction("NtTerminateThread",
		(uptr)WRAP(NtTerminateThread),
		(uptr *)&REAL(NtTerminateThread)));
#ifdef _WIN64		#ifdef _WIN64
ASAN_INTERCEPT_FUNC(__C_specific_handler);		ASAN_INTERCEPT_FUNC(__C_specific_handler);
#else		#else
ASAN_INTERCEPT_FUNC(_except_handler3);		ASAN_INTERCEPT_FUNC(_except_handler3);
ASAN_INTERCEPT_FUNC(_except_handler4);		ASAN_INTERCEPT_FUNC(_except_handler4);
#endif		#endif

// Try to intercept kernel32!RaiseException, and if that fails, intercept		// Try to intercept kernel32!RaiseException, and if that fails, intercept
▲ Show 20 Lines • Show All 176 Lines • Show Last 20 Lines