This is an archive of the discontinued LLVM Phabricator instance.

Differential D57720

[sanitizer] Decorate /proc/self/maps on Android.
ClosedPublic

Authored by eugenis on Feb 4 2019, 3:55 PM.

Details

Reviewers
pcc
vitalybuka
Commits
rG443c034391a2: [sanitizer] Decorate /proc/self/maps better.
rCRT353255: [sanitizer] Decorate /proc/self/maps better.
rL353255: [sanitizer] Decorate /proc/self/maps better.
Summary

Refactor the way /proc/self/maps entries are annotated to support most
(all?) posix platforms, with a special implementation for Android.
Extend the set of decorated Mmap* calls.

Generic implementation has limits (max number of files under /dev/shm is
64K on my machine), which can be conceivably reached when sanitizing
multiple programs at once. Android implemenation is essentially free, and
enabled by default.

The test in sanitizer_common is copied to hwasan and not reused directly
because hwasan fails way too many common tests at the moment.

Diff Detail

Event Timeline

eugenis created this revision.Feb 4 2019, 3:55 PM
Herald added subscribers: jfb, kubamracek, srhines. · View Herald TranscriptFeb 4 2019, 3:55 PM
Harbormaster completed remote builds in B27702: Diff 185180.Feb 4 2019, 3:55 PM
eugenis updated this revision to Diff 185210.Feb 4 2019, 6:15 PM

.

Harbormaster completed remote builds in B27714: Diff 185210.Feb 4 2019, 6:15 PM
vitalybuka accepted this revision.Feb 5 2019, 2:04 PM
This revision is now accepted and ready to land.Feb 5 2019, 2:04 PM
eugenis updated this revision to Diff 185413.Feb 5 2019, 2:35 PM
eugenis marked an inline comment as done.

.

Harbormaster completed remote builds in B27773: Diff 185413.Feb 5 2019, 2:35 PM
eugenis added a subscriber: flowerhack.Feb 5 2019, 2:35 PM
eugenis added inline comments.
compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cc
353

@flowerhack FYI this is resolved by internal_open-ing /dev/shm instead of relying on shm_open.

pcc added a comment.Feb 5 2019, 2:38 PM

The GetNamedMappingFd and DecorateMapping APIs seem a little awkwards to me. Everyone is using them as GetNamedMappingFd/mmap/DecorateMapping except for one place in hwasan. Would it make more sense to have a single function that does GetNamedMappingFd/mmap/DecorateMapping and continue using PR_SET_VMA_ANON_NAME in hwasan?

eugenis updated this revision to Diff 185425.Feb 5 2019, 3:21 PM

.

eugenis added a comment.Feb 5 2019, 3:21 PM
In D57720#1386140, @pcc wrote:

The GetNamedMappingFd and DecorateMapping APIs seem a little awkwards to me. Everyone is using them as GetNamedMappingFd/mmap/DecorateMapping except for one place in hwasan. Would it make more sense to have a single function that does GetNamedMappingFd/mmap/DecorateMapping and continue using PR_SET_VMA_ANON_NAME in hwasan?

Yes, this is way better.

Harbormaster completed remote builds in B27781: Diff 185425.Feb 5 2019, 3:21 PM
pcc accepted this revision.Feb 5 2019, 4:54 PM

LGTM

eugenis added a comment.Feb 5 2019, 5:11 PM

Btw, I've pushed the RSS utility here:
https://github.com/google/sanitizers/blob/master/hwaddress-sanitizer/scan.cc
It depends on this change to find the shadow region. It is hwasan-specific, but can be easily adapted to other sanitizers if needed.
It's also really ugly, but I don't want to invest time in beautifying it.

Closed by commit rL353255: [sanitizer] Decorate /proc/self/maps better. (authored by eugenis). · Explain WhyFeb 5 2019, 5:16 PM
This revision was automatically updated to reflect the committed changes.
Herald added a project: Restricted Project. · View Herald TranscriptFeb 5 2019, 5:16 PM
Herald added a subscriber: delcypher. · View Herald Transcript

Revision Contents

PathSize
compiler-rt/
lib/
cfi/
2 lines
hwasan/
8 lines
sanitizer_common/
19 lines
9 lines
6 lines
8 lines
85 lines
58 lines
4 lines
test/
hwasan/
TestCases/
Linux/
59 lines

Diff 185180

compiler-rt/lib/cfi/cfi.cc

Show First 20 LinesShow All 180 Lines▼ Show 20 Lines#if SANITIZER_LINUX
void *res = mremap((void *)shadow_, GetShadowSize(), GetShadowSize(), void *res = mremap((void *)shadow_, GetShadowSize(), GetShadowSize(),
MREMAP_MAYMOVE | MREMAP_FIXED, (void *)main_shadow); MREMAP_MAYMOVE | MREMAP_FIXED, (void *)main_shadow);
CHECK(res != MAP_FAILED); CHECK(res != MAP_FAILED);
#elif SANITIZER_NETBSD #elif SANITIZER_NETBSD
void *res = mremap((void *)shadow_, GetShadowSize(), (void *)main_shadow, void *res = mremap((void *)shadow_, GetShadowSize(), (void *)main_shadow,
GetShadowSize(), MAP_FIXED); GetShadowSize(), MAP_FIXED);
CHECK(res != MAP_FAILED); CHECK(res != MAP_FAILED);
#else #else
void *res = MmapFixedOrDie(shadow_, GetShadowSize()); void *res = MmapFixedOrDie(shadow_, GetShadowSize(), "cfi shadow");
CHECK(res != MAP_FAILED); CHECK(res != MAP_FAILED);
::memcpy(&shadow_, &main_shadow, GetShadowSize()); ::memcpy(&shadow_, &main_shadow, GetShadowSize());
#endif #endif
} else { } else {
// Initial setup. // Initial setup.
CHECK_EQ(kCfiShadowLimitsStorageSize, GetPageSizeCached()); CHECK_EQ(kCfiShadowLimitsStorageSize, GetPageSizeCached());
CHECK_EQ(0, GetShadow()); CHECK_EQ(0, GetShadow());
cfi_shadow_limits_storage.limits.start = shadow_; cfi_shadow_limits_storage.limits.start = shadow_;
▲ Show 20 LinesShow All 279 LinesShow Last 20 Lines

compiler-rt/lib/hwasan/hwasan.cc

Show First 20 LinesShow All 184 Lines▼ Show 20 Lines s.append(
thread_stats.total_stack_size, thread_stats.total_stack_size,
thread_stats.n_live_threads * thread_list.MemoryUsedPerThread(), thread_stats.n_live_threads * thread_list.MemoryUsedPerThread(),
sds->allocated, sds->n_uniq_ids, asc[AllocatorStatMapped]); sds->allocated, sds->n_uniq_ids, asc[AllocatorStatMapped]);
} }
#if SANITIZER_ANDROID #if SANITIZER_ANDROID
static char *memory_usage_buffer = nullptr; static char *memory_usage_buffer = nullptr;
#define PR_SET_VMA 0x53564d41
#define PR_SET_VMA_ANON_NAME 0
static void InitMemoryUsage() { static void InitMemoryUsage() {
memory_usage_buffer = memory_usage_buffer =
(char *)MmapOrDie(kMemoryUsageBufferSize, "memory usage string"); (char *)MmapOrDie(kMemoryUsageBufferSize, "memory usage string");
CHECK(memory_usage_buffer); CHECK(memory_usage_buffer);
memory_usage_buffer[0] = '\0'; memory_usage_buffer[0] = '\0';
CHECK(internal_prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, DecorateMapping((uptr)memory_usage_buffer, kMemoryUsageBufferSize,
(uptr)memory_usage_buffer, kMemoryUsageBufferSize, memory_usage_buffer);
(uptr)memory_usage_buffer) == 0);
} }
void UpdateMemoryUsage() { void UpdateMemoryUsage() {
if (!flags()->export_memory_stats) if (!flags()->export_memory_stats)
return; return;
if (!memory_usage_buffer) if (!memory_usage_buffer)
InitMemoryUsage(); InitMemoryUsage();
InternalScopedString s(kMemoryUsageBufferSize); InternalScopedString s(kMemoryUsageBufferSize);
▲ Show 20 LinesShow All 300 LinesShow Last 20 Lines

compiler-rt/lib/sanitizer_common/sanitizer_allocator_primary64.h

Show First 20 LinesShow All 74 Lines▼ Show 20 Lines if (kUsingConstantSpaceBeg) {
CHECK_EQ(kSpaceBeg, address_range.Init(TotalSpaceSize, CHECK_EQ(kSpaceBeg, address_range.Init(TotalSpaceSize,
PrimaryAllocatorName, kSpaceBeg)); PrimaryAllocatorName, kSpaceBeg));
} else { } else {
NonConstSpaceBeg = address_range.Init(TotalSpaceSize, NonConstSpaceBeg = address_range.Init(TotalSpaceSize,
PrimaryAllocatorName); PrimaryAllocatorName);
CHECK_NE(NonConstSpaceBeg, ~(uptr)0); CHECK_NE(NonConstSpaceBeg, ~(uptr)0);
} }
SetReleaseToOSIntervalMs(release_to_os_interval_ms); SetReleaseToOSIntervalMs(release_to_os_interval_ms);
MapWithCallbackOrDie(SpaceEnd(), AdditionalSize()); MapWithCallbackOrDie(SpaceEnd(), AdditionalSize(),
"SizeClassAllocator: region info");
// Check that the RegionInfo array is aligned on the CacheLine size. // Check that the RegionInfo array is aligned on the CacheLine size.
DCHECK_EQ(SpaceEnd() % kCacheLineSize, 0); DCHECK_EQ(SpaceEnd() % kCacheLineSize, 0);
} }
s32 ReleaseToOSIntervalMs() const { s32 ReleaseToOSIntervalMs() const {
return atomic_load(&release_to_os_interval_ms_, memory_order_relaxed); return atomic_load(&release_to_os_interval_ms_, memory_order_relaxed);
} }
▲ Show 20 LinesShow All 536 Lines▼ Show 20 Lines if (offset >> (SANITIZER_WORDSIZE / 2))
return offset / size; return offset / size;
return (u32)offset / (u32)size; return (u32)offset / (u32)size;
} }
CompactPtrT *GetFreeArray(uptr region_beg) const { CompactPtrT *GetFreeArray(uptr region_beg) const {
return reinterpret_cast<CompactPtrT *>(GetMetadataEnd(region_beg)); return reinterpret_cast<CompactPtrT *>(GetMetadataEnd(region_beg));
} }
bool MapWithCallback(uptr beg, uptr size) { bool MapWithCallback(uptr beg, uptr size, const char *name) {
uptr mapped = address_range.Map(beg, size); uptr mapped = address_range.Map(beg, size, name);
if (UNLIKELY(!mapped)) if (UNLIKELY(!mapped))
return false; return false;
CHECK_EQ(beg, mapped); CHECK_EQ(beg, mapped);
MapUnmapCallback().OnMap(beg, size); MapUnmapCallback().OnMap(beg, size);
return true; return true;
} }
void MapWithCallbackOrDie(uptr beg, uptr size) { void MapWithCallbackOrDie(uptr beg, uptr size, const char *name) {
CHECK_EQ(beg, address_range.MapOrDie(beg, size)); CHECK_EQ(beg, address_range.MapOrDie(beg, size, name));
MapUnmapCallback().OnMap(beg, size); MapUnmapCallback().OnMap(beg, size);
} }
void UnmapWithCallbackOrDie(uptr beg, uptr size) { void UnmapWithCallbackOrDie(uptr beg, uptr size) {
MapUnmapCallback().OnUnmap(beg, size); MapUnmapCallback().OnUnmap(beg, size);
address_range.Unmap(beg, size); address_range.Unmap(beg, size);
} }
bool EnsureFreeArraySpace(RegionInfo *region, uptr region_beg, bool EnsureFreeArraySpace(RegionInfo *region, uptr region_beg,
uptr num_freed_chunks) { uptr num_freed_chunks) {
uptr needed_space = num_freed_chunks * sizeof(CompactPtrT); uptr needed_space = num_freed_chunks * sizeof(CompactPtrT);
if (region->mapped_free_array < needed_space) { if (region->mapped_free_array < needed_space) {
uptr new_mapped_free_array = RoundUpTo(needed_space, kFreeArrayMapSize); uptr new_mapped_free_array = RoundUpTo(needed_space, kFreeArrayMapSize);
CHECK_LE(new_mapped_free_array, kFreeArraySize); CHECK_LE(new_mapped_free_array, kFreeArraySize);
uptr current_map_end = reinterpret_cast<uptr>(GetFreeArray(region_beg)) + uptr current_map_end = reinterpret_cast<uptr>(GetFreeArray(region_beg)) +
region->mapped_free_array; region->mapped_free_array;
uptr new_map_size = new_mapped_free_array - region->mapped_free_array; uptr new_map_size = new_mapped_free_array - region->mapped_free_array;
if (UNLIKELY(!MapWithCallback(current_map_end, new_map_size))) if (UNLIKELY(!MapWithCallback(current_map_end, new_map_size,
"SizeClassAllocator: freearray")))
return false; return false;
region->mapped_free_array = new_mapped_free_array; region->mapped_free_array = new_mapped_free_array;
} }
return true; return true;
} }
// Check whether this size class is exhausted. // Check whether this size class is exhausted.
bool IsRegionExhausted(RegionInfo *region, uptr class_id, bool IsRegionExhausted(RegionInfo *region, uptr class_id,
Show All 34 Lines if (LIKELY(total_user_bytes > region->mapped_user)) {
region->rtoi.last_release_at_ns = MonotonicNanoTime(); region->rtoi.last_release_at_ns = MonotonicNanoTime();
} }
// Do the mmap for the user memory. // Do the mmap for the user memory.
const uptr user_map_size = const uptr user_map_size =
RoundUpTo(total_user_bytes - region->mapped_user, kUserMapSize); RoundUpTo(total_user_bytes - region->mapped_user, kUserMapSize);
if (UNLIKELY(IsRegionExhausted(region, class_id, user_map_size))) if (UNLIKELY(IsRegionExhausted(region, class_id, user_map_size)))
return false; return false;
if (UNLIKELY(!MapWithCallback(region_beg + region->mapped_user, if (UNLIKELY(!MapWithCallback(region_beg + region->mapped_user,
user_map_size))) user_map_size,
"SizeClassAllocator: region data")))
return false; return false;
stat->Add(AllocatorStatMapped, user_map_size); stat->Add(AllocatorStatMapped, user_map_size);
region->mapped_user += user_map_size; region->mapped_user += user_map_size;
} }
const uptr new_chunks_count = const uptr new_chunks_count =
(region->mapped_user - region->allocated_user) / size; (region->mapped_user - region->allocated_user) / size;
if (kMetadataSize) { if (kMetadataSize) {
// Calculate the required space for metadata. // Calculate the required space for metadata.
const uptr total_meta_bytes = const uptr total_meta_bytes =
region->allocated_meta + new_chunks_count * kMetadataSize; region->allocated_meta + new_chunks_count * kMetadataSize;
const uptr meta_map_size = (total_meta_bytes > region->mapped_meta) ? const uptr meta_map_size = (total_meta_bytes > region->mapped_meta) ?
RoundUpTo(total_meta_bytes - region->mapped_meta, kMetaMapSize) : 0; RoundUpTo(total_meta_bytes - region->mapped_meta, kMetaMapSize) : 0;
// Map more space for metadata, if necessary. // Map more space for metadata, if necessary.
if (meta_map_size) { if (meta_map_size) {
if (UNLIKELY(IsRegionExhausted(region, class_id, meta_map_size))) if (UNLIKELY(IsRegionExhausted(region, class_id, meta_map_size)))
return false; return false;
if (UNLIKELY(!MapWithCallback( if (UNLIKELY(!MapWithCallback(
GetMetadataEnd(region_beg) - region->mapped_meta - meta_map_size, GetMetadataEnd(region_beg) - region->mapped_meta - meta_map_size,
meta_map_size))) meta_map_size, "SizeClassAllocator: region metadata")))
return false; return false;
region->mapped_meta += meta_map_size; region->mapped_meta += meta_map_size;
} }
} }
// If necessary, allocate more space for the free array and populate it with // If necessary, allocate more space for the free array and populate it with
// newly allocated chunks. // newly allocated chunks.
const uptr total_freed_chunks = region->num_freed_chunks + new_chunks_count; const uptr total_freed_chunks = region->num_freed_chunks + new_chunks_count;
▲ Show 20 LinesShow All 113 LinesShow Last 20 Lines

compiler-rt/lib/sanitizer_common/sanitizer_common.h

Show First 20 LinesShow All 95 Lines▼ Show 20 Lines
} }
void UnmapOrDie(void *addr, uptr size); void UnmapOrDie(void *addr, uptr size);
// Behaves just like MmapOrDie, but tolerates out of memory condition, in that // Behaves just like MmapOrDie, but tolerates out of memory condition, in that
// case returns nullptr. // case returns nullptr.
void *MmapOrDieOnFatalError(uptr size, const char *mem_type); void *MmapOrDieOnFatalError(uptr size, const char *mem_type);
bool MmapFixedNoReserve(uptr fixed_addr, uptr size, const char *name = nullptr) bool MmapFixedNoReserve(uptr fixed_addr, uptr size, const char *name = nullptr)
WARN_UNUSED_RESULT; WARN_UNUSED_RESULT;
void *MmapNoReserveOrDie(uptr size, const char *mem_type); void *MmapNoReserveOrDie(uptr size, const char *mem_type);
void *MmapFixedOrDie(uptr fixed_addr, uptr size); void *MmapFixedOrDie(uptr fixed_addr, uptr size, const char *name = nullptr);
// Behaves just like MmapFixedOrDie, but tolerates out of memory condition, in // Behaves just like MmapFixedOrDie, but tolerates out of memory condition, in
// that case returns nullptr. // that case returns nullptr.
void *MmapFixedOrDieOnFatalError(uptr fixed_addr, uptr size); void *MmapFixedOrDieOnFatalError(uptr fixed_addr, uptr size,
const char *name = nullptr);
void *MmapFixedNoAccess(uptr fixed_addr, uptr size, const char *name = nullptr); void *MmapFixedNoAccess(uptr fixed_addr, uptr size, const char *name = nullptr);
void *MmapNoAccess(uptr size); void *MmapNoAccess(uptr size);
// Map aligned chunk of address space; size and alignment are powers of two. // Map aligned chunk of address space; size and alignment are powers of two.
// Dies on all but out of memory errors, in the latter case returns nullptr. // Dies on all but out of memory errors, in the latter case returns nullptr.
void *MmapAlignedOrDieOnFatalError(uptr size, uptr alignment, void *MmapAlignedOrDieOnFatalError(uptr size, uptr alignment,
const char *mem_type); const char *mem_type);
// Disallow access to a memory range. Use MmapFixedNoAccess to allocate an // Disallow access to a memory range. Use MmapFixedNoAccess to allocate an
// unaccessible memory. // unaccessible memory.
Show All 19 Lines
// Check if the built VMA size matches the runtime one. // Check if the built VMA size matches the runtime one.
void CheckVMASize(); void CheckVMASize();
void RunMallocHooks(const void *ptr, uptr size); void RunMallocHooks(const void *ptr, uptr size);
void RunFreeHooks(const void *ptr); void RunFreeHooks(const void *ptr);
class ReservedAddressRange { class ReservedAddressRange {
public: public:
uptr Init(uptr size, const char *name = nullptr, uptr fixed_addr = 0); uptr Init(uptr size, const char *name = nullptr, uptr fixed_addr = 0);
uptr Map(uptr fixed_addr, uptr size); uptr Map(uptr fixed_addr, uptr size, const char *name = nullptr);
uptr MapOrDie(uptr fixed_addr, uptr size); uptr MapOrDie(uptr fixed_addr, uptr size, const char *name = nullptr);
void Unmap(uptr addr, uptr size); void Unmap(uptr addr, uptr size);
void *base() const { return base_; } void *base() const { return base_; }
uptr size() const { return size_; } uptr size() const { return size_; }
private: private:
void* base_; void* base_;
uptr size_; uptr size_;
const char* name_; const char* name_;
▲ Show 20 LinesShow All 820 LinesShow Last 20 Lines

compiler-rt/lib/sanitizer_common/sanitizer_flags.inc

Show First 20 LinesShow All 212 Lines▼ Show 20 LinesCOMMON_FLAG(bool, intercept_intrin, true,
"If set, uses custom wrappers for memset/memcpy/memmove " "If set, uses custom wrappers for memset/memcpy/memmove "
"intrinsics to find more errors.") "intrinsics to find more errors.")
COMMON_FLAG(bool, intercept_stat, true, COMMON_FLAG(bool, intercept_stat, true,
"If set, uses custom wrappers for *stat functions " "If set, uses custom wrappers for *stat functions "
"to find more errors.") "to find more errors.")
COMMON_FLAG(bool, intercept_send, true, COMMON_FLAG(bool, intercept_send, true,
"If set, uses custom wrappers for send* functions " "If set, uses custom wrappers for send* functions "
"to find more errors.") "to find more errors.")
COMMON_FLAG(bool, decorate_proc_maps, false, "If set, decorate sanitizer " COMMON_FLAG(bool, decorate_proc_maps, (bool)SANITIZER_ANDROID,
"mappings in /proc/self/maps with " "If set, decorate sanitizer mappings in /proc/self/maps with "
"user-readable names") "user-readable names")
COMMON_FLAG(int, exitcode, 1, "Override the program exit status if the tool " COMMON_FLAG(int, exitcode, 1, "Override the program exit status if the tool "
"found an error") "found an error")
COMMON_FLAG( COMMON_FLAG(
bool, abort_on_error, (bool)SANITIZER_ANDROID || (bool)SANITIZER_MAC, bool, abort_on_error, (bool)SANITIZER_ANDROID || (bool)SANITIZER_MAC,
"If set, the tool calls abort() instead of _exit() after printing the " "If set, the tool calls abort() instead of _exit() after printing the "
"error report.") "error report.")
COMMON_FLAG(bool, suppress_equal_pcs, true, COMMON_FLAG(bool, suppress_equal_pcs, true,
"Deduplicate multiple reports for single source location in " "Deduplicate multiple reports for single source location in "
Show All 16 Lines

compiler-rt/lib/sanitizer_common/sanitizer_posix.h

Show First 20 LinesShow All 98 Lines▼ Show 20 Lines
bool IsStateDetached(int state); bool IsStateDetached(int state);
// Move the fd out of {0, 1, 2} range. // Move the fd out of {0, 1, 2} range.
fd_t ReserveStandardFds(fd_t fd); fd_t ReserveStandardFds(fd_t fd);
bool ShouldMockFailureToOpen(const char *path); bool ShouldMockFailureToOpen(const char *path);
// The following are two ways of decorating /proc/$pid/maps.
// Platforms should implement at most one of these.
// 1. Provide a pre-decorated file descriptor to use instead of an anonymous
// mapping.
int GetNamedMappingFd(const char *name, uptr size, unsigned *flags);
// 2. Add name to an existing anonymous mapping.
void DecorateMapping(uptr addr, uptr size, const char *name);
} // namespace __sanitizer } // namespace __sanitizer
#endif // SANITIZER_POSIX_H #endif // SANITIZER_POSIX_H

compiler-rt/lib/sanitizer_common/sanitizer_posix.cc

Show All 37 Lines
// ------------- sanitizer_common.h // ------------- sanitizer_common.h
uptr GetMmapGranularity() { uptr GetMmapGranularity() {
return GetPageSize(); return GetPageSize();
} }
void *MmapOrDie(uptr size, const char *mem_type, bool raw_report) { void *MmapOrDie(uptr size, const char *mem_type, bool raw_report) {
size = RoundUpTo(size, GetPageSizeCached()); size = RoundUpTo(size, GetPageSizeCached());
uptr res = internal_mmap(nullptr, size, unsigned flags = MAP_PRIVATE | MAP_ANON;
PROT_READ | PROT_WRITE, int fd = GetNamedMappingFd(mem_type, size, &flags);
MAP_PRIVATE | MAP_ANON, -1, 0); uptr res = internal_mmap(nullptr, size, PROT_READ | PROT_WRITE, flags, fd, 0);
int reserrno; int reserrno;
if (UNLIKELY(internal_iserror(res, &reserrno))) if (UNLIKELY(internal_iserror(res, &reserrno)))
ReportMmapFailureAndDie(size, mem_type, "allocate", reserrno, raw_report); ReportMmapFailureAndDie(size, mem_type, "allocate", reserrno, raw_report);
DecorateMapping(res, size, mem_type);
IncreaseTotalMmap(size); IncreaseTotalMmap(size);
return (void *)res; return (void *)res;
} }
void UnmapOrDie(void *addr, uptr size) { void UnmapOrDie(void *addr, uptr size) {
if (!addr || !size) return; if (!addr || !size) return;
uptr res = internal_munmap(addr, size); uptr res = internal_munmap(addr, size);
if (UNLIKELY(internal_iserror(res))) { if (UNLIKELY(internal_iserror(res))) {
Report("ERROR: %s failed to deallocate 0x%zx (%zd) bytes at address %p\n", Report("ERROR: %s failed to deallocate 0x%zx (%zd) bytes at address %p\n",
SanitizerToolName, size, size, addr); SanitizerToolName, size, size, addr);
CHECK("unable to unmap" && 0); CHECK("unable to unmap" && 0);
} }
DecreaseTotalMmap(size); DecreaseTotalMmap(size);
} }
void *MmapOrDieOnFatalError(uptr size, const char *mem_type) { void *MmapOrDieOnFatalError(uptr size, const char *mem_type) {
size = RoundUpTo(size, GetPageSizeCached()); size = RoundUpTo(size, GetPageSizeCached());
uptr res = internal_mmap(nullptr, size, unsigned flags = MAP_PRIVATE | MAP_ANON;
PROT_READ | PROT_WRITE, int fd = GetNamedMappingFd(mem_type, size, &flags);
MAP_PRIVATE | MAP_ANON, -1, 0); uptr res = internal_mmap(nullptr, size, PROT_READ | PROT_WRITE, flags, fd, 0);
int reserrno; int reserrno;
if (UNLIKELY(internal_iserror(res, &reserrno))) { if (UNLIKELY(internal_iserror(res, &reserrno))) {
if (reserrno == ENOMEM) if (reserrno == ENOMEM)
return nullptr; return nullptr;
ReportMmapFailureAndDie(size, mem_type, "allocate", reserrno); ReportMmapFailureAndDie(size, mem_type, "allocate", reserrno);
} }
DecorateMapping(res, size, mem_type);
IncreaseTotalMmap(size); IncreaseTotalMmap(size);
return (void *)res; return (void *)res;
} }
// We want to map a chunk of address space aligned to 'alignment'. // We want to map a chunk of address space aligned to 'alignment'.
// We do it by mapping a bit more and then unmapping redundant pieces. // We do it by mapping a bit more and then unmapping redundant pieces.
// We probably can do it with fewer syscalls in some OS-dependent way. // We probably can do it with fewer syscalls in some OS-dependent way.
void *MmapAlignedOrDieOnFatalError(uptr size, uptr alignment, void *MmapAlignedOrDieOnFatalError(uptr size, uptr alignment,
Show All 13 Linesvoid *MmapAlignedOrDieOnFatalError(uptr size, uptr alignment,
uptr end = res + size; uptr end = res + size;
if (end != map_end) if (end != map_end)
UnmapOrDie((void*)end, map_end - end); UnmapOrDie((void*)end, map_end - end);
return (void*)res; return (void*)res;
} }
void *MmapNoReserveOrDie(uptr size, const char *mem_type) { void *MmapNoReserveOrDie(uptr size, const char *mem_type) {
uptr PageSize = GetPageSizeCached(); uptr PageSize = GetPageSizeCached();
uptr p = internal_mmap(nullptr, unsigned flags = MAP_PRIVATE | MAP_ANON | MAP_NORESERVE;
RoundUpTo(size, PageSize), int fd = GetNamedMappingFd(mem_type, size, &flags);
PROT_READ | PROT_WRITE, uptr p = internal_mmap(nullptr, RoundUpTo(size, PageSize),
MAP_PRIVATE | MAP_ANON | MAP_NORESERVE, PROT_READ | PROT_WRITE, flags, fd, 0);
-1, 0);
int reserrno; int reserrno;
if (UNLIKELY(internal_iserror(p, &reserrno))) if (UNLIKELY(internal_iserror(p, &reserrno)))
ReportMmapFailureAndDie(size, mem_type, "allocate noreserve", reserrno); ReportMmapFailureAndDie(size, mem_type, "allocate noreserve", reserrno);
DecorateMapping(p, size, mem_type);
IncreaseTotalMmap(size); IncreaseTotalMmap(size);
return (void *)p; return (void *)p;
} }
void *MmapFixedImpl(uptr fixed_addr, uptr size, bool tolerate_enomem) { static void *MmapFixedImpl(uptr fixed_addr, uptr size, bool tolerate_enomem,
const char *name) {
uptr PageSize = GetPageSizeCached(); uptr PageSize = GetPageSizeCached();
unsigned flags = MAP_PRIVATE | MAP_ANON | MAP_FIXED;
int fd = GetNamedMappingFd(name, size, &flags);
uptr p = internal_mmap((void*)(fixed_addr & ~(PageSize - 1)), uptr p = internal_mmap((void *)(fixed_addr & ~(PageSize - 1)),
RoundUpTo(size, PageSize), RoundUpTo(size, PageSize), PROT_READ | PROT_WRITE,
PROT_READ | PROT_WRITE, flags, fd, 0);
MAP_PRIVATE | MAP_ANON | MAP_FIXED,
-1, 0);
int reserrno; int reserrno;
if (UNLIKELY(internal_iserror(p, &reserrno))) { if (UNLIKELY(internal_iserror(p, &reserrno))) {
if (tolerate_enomem && reserrno == ENOMEM) if (tolerate_enomem && reserrno == ENOMEM)
return nullptr; return nullptr;
char mem_type[40]; char mem_type[40];
internal_snprintf(mem_type, sizeof(mem_type), "memory at address 0x%zx", internal_snprintf(mem_type, sizeof(mem_type), "memory at address 0x%zx",
fixed_addr); fixed_addr);
ReportMmapFailureAndDie(size, mem_type, "allocate", reserrno); ReportMmapFailureAndDie(size, mem_type, "allocate", reserrno);
} }
DecorateMapping(p, size, name);
IncreaseTotalMmap(size); IncreaseTotalMmap(size);
return (void *)p; return (void *)p;
} }
void *MmapFixedOrDie(uptr fixed_addr, uptr size) { void *MmapFixedOrDie(uptr fixed_addr, uptr size, const char *name) {
return MmapFixedImpl(fixed_addr, size, false /*tolerate_enomem*/); return MmapFixedImpl(fixed_addr, size, false /*tolerate_enomem*/, name);
} }
void *MmapFixedOrDieOnFatalError(uptr fixed_addr, uptr size) { void *MmapFixedOrDieOnFatalError(uptr fixed_addr, uptr size, const char *name) {
return MmapFixedImpl(fixed_addr, size, true /*tolerate_enomem*/); return MmapFixedImpl(fixed_addr, size, true /*tolerate_enomem*/, name);
} }
bool MprotectNoAccess(uptr addr, uptr size) { bool MprotectNoAccess(uptr addr, uptr size) {
return 0 == internal_mprotect((void*)addr, size, PROT_NONE); return 0 == internal_mprotect((void*)addr, size, PROT_NONE);
} }
bool MprotectReadOnly(uptr addr, uptr size) { bool MprotectReadOnly(uptr addr, uptr size) {
return 0 == internal_mprotect((void *)addr, size, PROT_READ); return 0 == internal_mprotect((void *)addr, size, PROT_READ);
▲ Show 20 LinesShow All 185 Lines▼ Show 20 Linesfd_t ReserveStandardFds(fd_t fd) {
return fd; return fd;
} }
bool ShouldMockFailureToOpen(const char *path) { bool ShouldMockFailureToOpen(const char *path) {
return common_flags()->test_only_emulate_no_memorymap && return common_flags()->test_only_emulate_no_memorymap &&
internal_strncmp(path, "/proc/", 6) == 0; internal_strncmp(path, "/proc/", 6) == 0;
} }
#if SANITIZER_ANDROID || !SANITIZER_LINUX || SANITIZER_GO
int GetNamedMappingFd(const char *name, uptr size, unsigned *flags) {
return -1;
}
#else
int GetNamedMappingFd(const char *name, uptr size, unsigned *flags) {
if (!common_flags()->decorate_proc_maps || !name)
return -1;
char shmname[200];
CHECK(internal_strlen(name) < sizeof(shmname) - 10);
internal_snprintf(shmname, sizeof(shmname), "/dev/shm/%zu [%s]",
internal_getpid(), name);
int fd = ReserveStandardFds(
internal_open(shmname, O_RDWR | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRWXU));
CHECK_GE(fd, 0);
int res = internal_ftruncate(fd, size);
CHECK_EQ(0, res);
res = internal_unlink(shmname);
CHECK_EQ(0, res);
*flags &= ~(MAP_ANON | MAP_ANONYMOUS);
return fd;
}
#endif
#if SANITIZER_ANDROID
#define PR_SET_VMA 0x53564d41
#define PR_SET_VMA_ANON_NAME 0
void DecorateMapping(uptr addr, uptr size, const char *name) {
if (!common_flags()->decorate_proc_maps || !name || internal_iserror(addr))
return;
CHECK(internal_prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, addr, size,
(uptr)name) == 0);
}
#else
void DecorateMapping(uptr addr, uptr size, const char *name) {
}
#endif
} // namespace __sanitizer } // namespace __sanitizer
#endif // SANITIZER_POSIX #endif // SANITIZER_POSIX

compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cc

Show First 20 LinesShow All 301 Lines▼ Show 20 Lines
void PlatformPrepareForSandboxing(__sanitizer_sandbox_arguments *args) { void PlatformPrepareForSandboxing(__sanitizer_sandbox_arguments *args) {
// Some kinds of sandboxes may forbid filesystem access, so we won't be able // Some kinds of sandboxes may forbid filesystem access, so we won't be able
// to read the file mappings from /proc/self/maps. Luckily, neither the // to read the file mappings from /proc/self/maps. Luckily, neither the
// process will be able to load additional libraries, so it's fine to use the // process will be able to load additional libraries, so it's fine to use the
// cached mappings. // cached mappings.
MemoryMappingLayout::CacheMemoryMappings(); MemoryMappingLayout::CacheMemoryMappings();
} }
#if SANITIZER_ANDROID || SANITIZER_GO
int GetNamedMappingFd(const char *name, uptr size) {
return -1;
}
#else
int GetNamedMappingFd(const char *name, uptr size) {
if (!common_flags()->decorate_proc_maps)
return -1;
char shmname[200];
CHECK(internal_strlen(name) < sizeof(shmname) - 10);
internal_snprintf(shmname, sizeof(shmname), "%zu [%s]", internal_getpid(),
name);
int fd = shm_open(shmname, O_RDWR | O_CREAT | O_TRUNC, S_IRWXU);
CHECK_GE(fd, 0);
int res = internal_ftruncate(fd, size);
CHECK_EQ(0, res);
res = shm_unlink(shmname);
CHECK_EQ(0, res);
return fd;
}
#endif
bool MmapFixedNoReserve(uptr fixed_addr, uptr size, const char *name) { bool MmapFixedNoReserve(uptr fixed_addr, uptr size, const char *name) {
int fd = name ? GetNamedMappingFd(name, size) : -1; unsigned flags = MAP_PRIVATE | MAP_FIXED | MAP_NORESERVE | MAP_ANON;
unsigned flags = MAP_PRIVATE | MAP_FIXED | MAP_NORESERVE; int fd = GetNamedMappingFd(name, size, &flags);
if (fd == -1) flags |= MAP_ANON;
uptr PageSize = GetPageSizeCached(); uptr PageSize = GetPageSizeCached();
uptr p = internal_mmap((void *)(fixed_addr & ~(PageSize - 1)), uptr p = internal_mmap((void *)(fixed_addr & ~(PageSize - 1)),
RoundUpTo(size, PageSize), PROT_READ | PROT_WRITE, RoundUpTo(size, PageSize), PROT_READ | PROT_WRITE,
flags, fd, 0); flags, fd, 0);
int reserrno; int reserrno;
if (internal_iserror(p, &reserrno)) { if (internal_iserror(p, &reserrno)) {
Report("ERROR: %s failed to " Report("ERROR: %s failed to "
"allocate 0x%zx (%zd) bytes at address %zx (errno: %d)\n", "allocate 0x%zx (%zd) bytes at address %zx (errno: %d)\n",
SanitizerToolName, size, size, fixed_addr, reserrno); SanitizerToolName, size, size, fixed_addr, reserrno);
return false; return false;
} }
DecorateMapping(p, size, name);
IncreaseTotalMmap(size); IncreaseTotalMmap(size);
return true; return true;
} }
uptr ReservedAddressRange::Init(uptr size, const char *name, uptr fixed_addr) { uptr ReservedAddressRange::Init(uptr size, const char *name, uptr fixed_addr) {
// We don't pass `name` along because, when you enable `decorate_proc_maps` base_ = fixed_addr ? MmapFixedNoAccess(fixed_addr, size, name)
eugenisAuthorUnsubmitted
Done
ReplyInline Actions

@flowerhack FYI this is resolved by internal_open-ing /dev/shm instead of relying on shm_open.

eugenis: @flowerhack FYI this is resolved by internal_open-ing /dev/shm instead of relying on shm_open.
// AND actually use a named mapping AND are using a sanitizer intercepting : MmapNoAccess(size);
// `open` (e.g. TSAN, ESAN), then you'll get a failure during initialization.
// TODO(flowerhack): Fix the implementation of GetNamedMappingFd to solve
// this problem.
base_ = fixed_addr ? MmapFixedNoAccess(fixed_addr, size) : MmapNoAccess(size);
size_ = size; size_ = size;
name_ = name; name_ = name;
(void)os_handle_; // unsupported (void)os_handle_; // unsupported
return reinterpret_cast<uptr>(base_); return reinterpret_cast<uptr>(base_);
} }
// Uses fixed_addr for now. // Uses fixed_addr for now.
// Will use offset instead once we've implemented this function for real. // Will use offset instead once we've implemented this function for real.
uptr ReservedAddressRange::Map(uptr fixed_addr, uptr size) { uptr ReservedAddressRange::Map(uptr fixed_addr, uptr size, const char *name) {
return reinterpret_cast<uptr>(MmapFixedOrDieOnFatalError(fixed_addr, size)); return reinterpret_cast<uptr>(
MmapFixedOrDieOnFatalError(fixed_addr, size, name));
} }
uptr ReservedAddressRange::MapOrDie(uptr fixed_addr, uptr size) { uptr ReservedAddressRange::MapOrDie(uptr fixed_addr, uptr size,
return reinterpret_cast<uptr>(MmapFixedOrDie(fixed_addr, size)); const char *name) {
return reinterpret_cast<uptr>(MmapFixedOrDie(fixed_addr, size, name));
} }
void ReservedAddressRange::Unmap(uptr addr, uptr size) { void ReservedAddressRange::Unmap(uptr addr, uptr size) {
CHECK_LE(size, size_); CHECK_LE(size, size_);
if (addr == reinterpret_cast<uptr>(base_)) if (addr == reinterpret_cast<uptr>(base_))
// If we unmap the whole range, just null out the base. // If we unmap the whole range, just null out the base.
base_ = (size == size_) ? nullptr : reinterpret_cast<void*>(addr + size); base_ = (size == size_) ? nullptr : reinterpret_cast<void*>(addr + size);
else else
CHECK_EQ(addr + size, reinterpret_cast<uptr>(base_) + size_); CHECK_EQ(addr + size, reinterpret_cast<uptr>(base_) + size_);
size_ -= size; size_ -= size;
UnmapOrDie(reinterpret_cast<void*>(addr), size); UnmapOrDie(reinterpret_cast<void*>(addr), size);
} }
void *MmapFixedNoAccess(uptr fixed_addr, uptr size, const char *name) { void *MmapFixedNoAccess(uptr fixed_addr, uptr size, const char *name) {
int fd = name ? GetNamedMappingFd(name, size) : -1; unsigned flags = MAP_PRIVATE | MAP_FIXED | MAP_NORESERVE | MAP_ANON;
unsigned flags = MAP_PRIVATE | MAP_FIXED | MAP_NORESERVE; int fd = GetNamedMappingFd(name, size, &flags);
if (fd == -1) flags |= MAP_ANON; uptr p = internal_mmap((void *)fixed_addr, size, PROT_NONE, flags, fd, 0);
DecorateMapping(p, size, name);
return (void *)internal_mmap((void *)fixed_addr, size, PROT_NONE, flags, fd, return (void *)p;
0);
} }
void *MmapNoAccess(uptr size) { void *MmapNoAccess(uptr size) {
unsigned flags = MAP_PRIVATE | MAP_ANON | MAP_NORESERVE; unsigned flags = MAP_PRIVATE | MAP_ANON | MAP_NORESERVE;
return (void *)internal_mmap(nullptr, size, PROT_NONE, flags, -1, 0); return (void *)internal_mmap(nullptr, size, PROT_NONE, flags, -1, 0);
} }
// This function is defined elsewhere if we intercepted pthread_attr_getstack. // This function is defined elsewhere if we intercepted pthread_attr_getstack.
▲ Show 20 LinesShow All 121 LinesShow Last 20 Lines

compiler-rt/lib/sanitizer_common/sanitizer_win.cc

Show First 20 LinesShow All 223 Lines▼ Show 20 Lines Report("ERROR: %s failed to "
SanitizerToolName, size, size, fixed_addr, GetLastError()); SanitizerToolName, size, size, fixed_addr, GetLastError());
return false; return false;
} }
return true; return true;
} }
// Memory space mapped by 'MmapFixedOrDie' must have been reserved by // Memory space mapped by 'MmapFixedOrDie' must have been reserved by
// 'MmapFixedNoAccess'. // 'MmapFixedNoAccess'.
void *MmapFixedOrDie(uptr fixed_addr, uptr size) { void *MmapFixedOrDie(uptr fixed_addr, uptr size, const char *name) {
void *p = VirtualAlloc((LPVOID)fixed_addr, size, void *p = VirtualAlloc((LPVOID)fixed_addr, size,
MEM_COMMIT, PAGE_READWRITE); MEM_COMMIT, PAGE_READWRITE);
if (p == 0) { if (p == 0) {
char mem_type[30]; char mem_type[30];
internal_snprintf(mem_type, sizeof(mem_type), "memory at address 0x%zx", internal_snprintf(mem_type, sizeof(mem_type), "memory at address 0x%zx",
fixed_addr); fixed_addr);
ReportMmapFailureAndDie(size, mem_type, "allocate", GetLastError()); ReportMmapFailureAndDie(size, mem_type, "allocate", GetLastError());
} }
Show All 14 Linesvoid ReservedAddressRange::Unmap(uptr addr, uptr size) {
// Only unmap if it covers the entire range. // Only unmap if it covers the entire range.
CHECK((addr == reinterpret_cast<uptr>(base_)) && (size == size_)); CHECK((addr == reinterpret_cast<uptr>(base_)) && (size == size_));
// We unmap the whole range, just null out the base. // We unmap the whole range, just null out the base.
base_ = nullptr; base_ = nullptr;
size_ = 0; size_ = 0;
UnmapOrDie(reinterpret_cast<void*>(addr), size); UnmapOrDie(reinterpret_cast<void*>(addr), size);
} }
void *MmapFixedOrDieOnFatalError(uptr fixed_addr, uptr size) { void *MmapFixedOrDieOnFatalError(uptr fixed_addr, uptr size, const char *name) {
void *p = VirtualAlloc((LPVOID)fixed_addr, size, void *p = VirtualAlloc((LPVOID)fixed_addr, size,
MEM_COMMIT, PAGE_READWRITE); MEM_COMMIT, PAGE_READWRITE);
if (p == 0) { if (p == 0) {
char mem_type[30]; char mem_type[30];
internal_snprintf(mem_type, sizeof(mem_type), "memory at address 0x%zx", internal_snprintf(mem_type, sizeof(mem_type), "memory at address 0x%zx",
fixed_addr); fixed_addr);
return ReturnNullptrOnOOMOrDie(size, mem_type, "allocate"); return ReturnNullptrOnOOMOrDie(size, mem_type, "allocate");
} }
▲ Show 20 LinesShow All 797 LinesShow Last 20 Lines

compiler-rt/test/hwasan/TestCases/Linux/decorate-proc-maps.c

  • This file was added.
// RUN: %clang_hwasan -g %s -o %t
// RUN: %env_hwasan_opts=decorate_proc_maps=1 %run %t 2>&1 | FileCheck %s --check-prefix=A
// RUN: %env_hwasan_opts=decorate_proc_maps=1 %run %t 2>&1 | FileCheck %s --check-prefix=B
// A: rw-p {{.*}}hwasan threads]
// A-NEXT: ---p {{.*}}shadow gap]
// A-NEXT: rw-p {{.*}}low shadow]
// A-NEXT: ---p {{.*}}shadow gap]
// A-NEXT: rw-p {{.*}}high shadow]
// B-DAG: rw-p {{.*}}SizeClassAllocator: region data]
// B-DAG: rw-p {{.*}}SizeClassAllocator: region metadata]
// B-DAG: rw-p {{.*}}SizeClassAllocator: freearray]
// B-DAG: rw-p {{.*}}SizeClassAllocator: region info]
// B-DAG: rw-p {{.*}}LargeMmapAllocator]
// B-DAG: rw-p {{.*}}stack depot]
#include <errno.h>
#include <fcntl.h>
#include <pthread.h>
#include <stdio.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include <pthread.h>
#include <stdlib.h>
void CopyFdToFd(int in_fd, int out_fd) {
const size_t kBufSize = 0x10000;
static char buf[kBufSize];
while (1) {
ssize_t got = read(in_fd, buf, kBufSize);
if (got > 0) {
write(out_fd, buf, got);
} else if (got == 0) {
break;
} else if (errno != EAGAIN || errno != EWOULDBLOCK || errno != EINTR) {
fprintf(stderr, "error reading file, errno %d\n", errno);
abort();
}
}
}
void *ThreadFn(void *arg) {
(void)arg;
int fd = open("/proc/self/maps", O_RDONLY);
CopyFdToFd(fd, 2);
close(fd);
return NULL;
}
int main(void) {
pthread_t t;
void * volatile res = malloc(100);
void * volatile res2 = malloc(100000);
pthread_create(&t, 0, ThreadFn, 0);
pthread_join(t, 0);
return (int)(size_t)res;
}