This is an archive of the discontinued LLVM Phabricator instance.

Differential D79608

[hwasan] Reset current thread pointer on thread exit.
ClosedPublic

Authored by eugenis on May 7 2020, 4:27 PM.

Details

Reviewers
pcc
hctim
Commits
rGeaea9ed83509: [hwasan] Reset current thread pointer on thread exit.
Summary

This is necessary to handle calls to free() after __hwasan_thread_exit,
which is possible in glibc.

Also, add a null check to GetCurrentThread, otherwise the logic in
GetThreadByBufferAddress turns it into a non-null value. This means that
all of the checks for GetCurrentThread() != nullptr do not have any
effect at all right now!

Diff Detail

Event Timeline

eugenis created this revision.May 7 2020, 4:27 PM
Herald added a project: Restricted Project. · View Herald TranscriptMay 7 2020, 4:27 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
Harbormaster failed remote builds in B56118: Diff 262785!May 7 2020, 5:55 PM
hctim accepted this revision.May 8 2020, 9:38 AM
hctim added inline comments.
compiler-rt/test/hwasan/TestCases/libc_thread_freeres.c
22

nit: return 0;?

This revision is now accepted and ready to land.May 8 2020, 9:38 AM
eugenis updated this revision to Diff 262894.May 8 2020, 10:28 AM

fix the test

eugenis marked an inline comment as done.May 8 2020, 10:29 AM
eugenis added inline comments.
compiler-rt/test/hwasan/TestCases/libc_thread_freeres.c
22

not a nit - it's actually UB in C (but not in C++).
Fixed.

Closed by commit rGeaea9ed83509: [hwasan] Reset current thread pointer on thread exit. (authored by eugenis). · Explain WhyMay 8 2020, 10:43 AM
This revision was automatically updated to reflect the committed changes.
Harbormaster failed remote builds in B56169: Diff 262894!May 8 2020, 10:43 AM

Revision Contents

PathSize
compiler-rt/
lib/
hwasan/
2 lines
7 lines
6 lines
test/
hwasan/
TestCases/
22 lines

Diff 262898

compiler-rt/lib/hwasan/hwasan.cpp

Show First 20 LinesShow All 180 Lines▼ Show 20 Lines
} // namespace __hwasan } // namespace __hwasan
using namespace __hwasan; using namespace __hwasan;
void __sanitizer::BufferedStackTrace::UnwindImpl( void __sanitizer::BufferedStackTrace::UnwindImpl(
uptr pc, uptr bp, void *context, bool request_fast, u32 max_depth) { uptr pc, uptr bp, void *context, bool request_fast, u32 max_depth) {
Thread *t = GetCurrentThread(); Thread *t = GetCurrentThread();
if (!t) { if (!t) {
// the thread is still being created. // The thread is still being created, or has already been destroyed.
size = 0; size = 0;
return; return;
} }
Unwind(max_depth, pc, bp, context, t->stack_top(), t->stack_bottom(), Unwind(max_depth, pc, bp, context, t->stack_top(), t->stack_bottom(),
request_fast); request_fast);
} }
struct hwasan_global { struct hwasan_global {
▲ Show 20 LinesShow All 395 LinesShow Last 20 Lines

compiler-rt/lib/hwasan/hwasan_linux.cpp

Show First 20 LinesShow All 348 Lines▼ Show 20 Linesvoid AndroidTestTlsSlot() {
} }
*tls_ptr = old_value; *tls_ptr = old_value;
} }
#else #else
void AndroidTestTlsSlot() {} void AndroidTestTlsSlot() {}
#endif #endif
Thread *GetCurrentThread() { Thread *GetCurrentThread() {
auto *R = (StackAllocationsRingBuffer *)GetCurrentThreadLongPtr(); uptr *ThreadLongPtr = GetCurrentThreadLongPtr();
return hwasanThreadList().GetThreadByBufferAddress((uptr)(R->Next())); if (UNLIKELY(*ThreadLongPtr == 0))
return nullptr;
auto *R = (StackAllocationsRingBuffer *)ThreadLongPtr;
return hwasanThreadList().GetThreadByBufferAddress((uptr)R->Next());
} }
struct AccessInfo { struct AccessInfo {
uptr addr; uptr addr;
uptr size; uptr size;
bool is_store; bool is_store;
bool is_load; bool is_load;
bool recover; bool recover;
▲ Show 20 LinesShow All 130 LinesShow Last 20 Lines

compiler-rt/lib/hwasan/hwasan_thread.cpp

Show First 20 LinesShow All 84 Lines▼ Show 20 Lines
void Thread::Destroy() { void Thread::Destroy() {
if (flags()->verbose_threads) if (flags()->verbose_threads)
Print("Destroying: "); Print("Destroying: ");
AllocatorSwallowThreadLocalCache(allocator_cache()); AllocatorSwallowThreadLocalCache(allocator_cache());
ClearShadowForThreadStackAndTLS(); ClearShadowForThreadStackAndTLS();
if (heap_allocations_) if (heap_allocations_)
heap_allocations_->Delete(); heap_allocations_->Delete();
DTLS_Destroy(); DTLS_Destroy();
// Unregister this as the current thread.
// Instrumented code can not run on this thread from this point onwards, but
// malloc/free can still be served. Glibc may call free() very late, after all
// TSD destructors are done.
CHECK_EQ(GetCurrentThread(), this);
*GetCurrentThreadLongPtr() = 0;
} }
void Thread::Print(const char *Prefix) { void Thread::Print(const char *Prefix) {
Printf("%sT%zd %p stack: [%p,%p) sz: %zd tls: [%p,%p)\n", Prefix, Printf("%sT%zd %p stack: [%p,%p) sz: %zd tls: [%p,%p)\n", Prefix,
unique_id_, this, stack_bottom(), stack_top(), unique_id_, this, stack_bottom(), stack_top(),
stack_top() - stack_bottom(), stack_top() - stack_bottom(),
tls_begin(), tls_end()); tls_begin(), tls_end());
} }
Show All 27 Lines

compiler-rt/test/hwasan/TestCases/libc_thread_freeres.c

  • This file was added.
// RUN: %clang_hwasan %s -o %t && %env_hwasan_opts=random_tags=1 %run %t
// REQUIRES: stable-runtime
#include <pthread.h>
#include <sanitizer/hwasan_interface.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void *ThreadFn(void *) {
strerror_l(-1, 0);
__hwasan_enable_allocator_tagging();
// This will trigger memory deallocation in __strerror_thread_freeres,
// at a point when HwasanThread is already gone.
}
int main() {
pthread_t t;
pthread_create(&t, NULL, ThreadFn, NULL);
pthread_join(t, NULL);
return 0;
}
hctimUnsubmitted
Not Done
ReplyInline Actions

nit: return 0;?

hctim: nit: return 0;?
eugenisAuthorUnsubmitted
Done
ReplyInline Actions

not a nit - it's actually UB in C (but not in C++).
Fixed.

eugenis: not a nit - it's actually UB in C (but not in C++). Fixed.