This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/lib/scudo/standalone/
-
lib/
-
scudo/
-
standalone/
-
combined.h
-
tests/
-
combined_test.cpp

Differential D82070

[scudo][standalone] Allow Primary allocations to fail up multiple times.
ClosedPublic

Authored by cferris on Jun 17 2020, 11:46 PM.

Download Raw Diff

Details

Reviewers

cryptoad

Commits

rGe7ac984dc055: [scudo][standalone] Allow Primary allocations to fail up multiple times.

Summary

When enabling some malloc debug features on Android, multiple 32 bit
regions become exhausted, and the allocations fail. Allow allocations
to keep trying each bigger class in the Primary until it finds a fit.
In addition, some Android tests running on 32 bit fail sometimes due
to a running out of space in two regions, and then fail the allocation.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

cferris created this revision.Jun 17 2020, 11:46 PM

Herald added a project: Restricted Project. · View Herald TranscriptJun 17 2020, 11:46 PM

Herald added a subscriber: Restricted Project. · View Herald Transcript

Harbormaster failed remote builds in B60761: Diff 271589!Jun 18 2020, 12:30 AM

One of the things with this behavior is that it could have security repercussions, in the sense that we can lose the property of the separation per class size.
eg: by filling in all the previous class sizes, one could end up in another, allowing to properly exploit a UAF or overflow.
This is probably more theoretical than practical, but something to keep in mind for the future.

This revision is now accepted and ready to land.Jun 18 2020, 7:58 AM

Closed by commit rGe7ac984dc055: [scudo][standalone] Allow Primary allocations to fail up multiple times. (authored by cferris, committed by cryptoad). · Explain WhyJun 18 2020, 12:01 PM

This revision was automatically updated to reflect the committed changes.

@cferris

Hi, you can drop Reviewers: Subscribers: Tags: and the text Summary: from the git commit with the following script:

arcfilter () {
        arc amend
        git log -1 --pretty=%B | awk '/Reviewers:|Subscribers:/{p=1} /Reviewed By:|Differential Revision:/{p=0} !p && !/^Summary:$/ {sub(/^Summary: /,"");print}' | git commit --amend --date=now -F -
}

Reviewed By: is considered important by some people. Please keep the tag. (I have updated my script to use --date=now (setting author date to committer date))

https://reviews.llvm.org/D80978 contains a git pre-push hook to automate this.

I did the commit and followed the instructions @ https://llvm.org/docs/Phabricator.html#committing-someone-s-change-from-phabricator.
Let me know if they are no longer relevant.

In D82070#2102280, @MaskRay wrote:
@cferris

Hi, you can drop Reviewers: Subscribers: Tags: and the text Summary: from the git commit with the following script:
arcfilter () {
        arc amend
        git log -1 --pretty=%B | awk '/Reviewers:|Subscribers:/{p=1} /Reviewed By:|Differential Revision:/{p=0} !p && !/^Summary:$/ {sub(/^Summary: /,"");print}' | git commit --amend --date=now -F -
}
Reviewed By: is considered important by some people. Please keep the tag. (I have updated my script to use --date=now (setting author date to committer date))

https://reviews.llvm.org/D80978 contains a git pre-push hook to automate this.

Revision Contents

Path

Size

compiler-rt/

lib/

scudo/

standalone/

combined.h

18 lines

tests/

combined_test.cpp

17 lines

Diff 271804

compiler-rt/lib/scudo/standalone/combined.h

Show First 20 Lines • Show All 291 Lines • ▼ Show 20 Lines	#endif // GWP_ASAN_HOOKS
uptr ClassId = 0;		uptr ClassId = 0;
uptr SecondaryBlockEnd;		uptr SecondaryBlockEnd;
if (LIKELY(PrimaryT::canAllocate(NeededSize))) {		if (LIKELY(PrimaryT::canAllocate(NeededSize))) {
ClassId = SizeClassMap::getClassIdBySize(NeededSize);		ClassId = SizeClassMap::getClassIdBySize(NeededSize);
DCHECK_NE(ClassId, 0U);		DCHECK_NE(ClassId, 0U);
bool UnlockRequired;		bool UnlockRequired;
auto *TSD = TSDRegistry.getTSDAndLock(&UnlockRequired);		auto *TSD = TSDRegistry.getTSDAndLock(&UnlockRequired);
Block = TSD->Cache.allocate(ClassId);		Block = TSD->Cache.allocate(ClassId);
// If the allocation failed, the most likely reason with a 64-bit primary		// If the allocation failed, the most likely reason with a 32-bit primary
// is the region being full. In that event, retry once using the		// is the region being full. In that event, retry in each successively
// immediately larger class (except if the failing class was already the		// larger class until it fits. If it fails to fit in the largest class,
// largest). This will waste some memory but will allow the application to		// fallback to the Secondary.
// not fail. If dealing with the largest class, fallback to the Secondary.
if (UNLIKELY(!Block)) {		if (UNLIKELY(!Block)) {
if (ClassId < SizeClassMap::LargestClassId)		while (ClassId < SizeClassMap::LargestClassId) {
Block = TSD->Cache.allocate(++ClassId);		Block = TSD->Cache.allocate(++ClassId);
else		if (LIKELY(Block)) {
		break;
		}
		}
		if (UNLIKELY(!Block)) {
ClassId = 0;		ClassId = 0;
}		}
		}
if (UnlockRequired)		if (UnlockRequired)
TSD->unlock();		TSD->unlock();
}		}
if (UNLIKELY(ClassId == 0))		if (UNLIKELY(ClassId == 0))
Block = Secondary.allocate(NeededSize, Alignment, &SecondaryBlockEnd,		Block = Secondary.allocate(NeededSize, Alignment, &SecondaryBlockEnd,
FillContents);		FillContents);

if (UNLIKELY(!Block)) {		if (UNLIKELY(!Block)) {
▲ Show 20 Lines • Show All 750 Lines • Show Last 20 Lines

compiler-rt/lib/scudo/standalone/tests/combined_test.cpp

Show First 20 Lines • Show All 379 Lines • ▼ Show 20 Lines	#else
testAllocatorThreaded<scudo::AndroidConfig>();		testAllocatorThreaded<scudo::AndroidConfig>();
#endif		#endif
}		}

struct DeathSizeClassConfig {		struct DeathSizeClassConfig {
static const scudo::uptr NumBits = 1;		static const scudo::uptr NumBits = 1;
static const scudo::uptr MinSizeLog = 10;		static const scudo::uptr MinSizeLog = 10;
static const scudo::uptr MidSizeLog = 10;		static const scudo::uptr MidSizeLog = 10;
static const scudo::uptr MaxSizeLog = 11;		static const scudo::uptr MaxSizeLog = 13;
static const scudo::u32 MaxNumCachedHint = 4;		static const scudo::u32 MaxNumCachedHint = 4;
static const scudo::uptr MaxBytesCachedLog = 12;		static const scudo::uptr MaxBytesCachedLog = 12;
};		};

static const scudo::uptr DeathRegionSizeLog = 20U;		static const scudo::uptr DeathRegionSizeLog = 20U;
struct DeathConfig {		struct DeathConfig {
// Tiny allocator, its Primary only serves chunks of two sizes.		// Tiny allocator, its Primary only serves chunks of four sizes.
using DeathSizeClassMap = scudo::FixedSizeClassMap<DeathSizeClassConfig>;		using DeathSizeClassMap = scudo::FixedSizeClassMap<DeathSizeClassConfig>;
typedef scudo::SizeClassAllocator64<DeathSizeClassMap, DeathRegionSizeLog>		typedef scudo::SizeClassAllocator64<DeathSizeClassMap, DeathRegionSizeLog>
Primary;		Primary;
typedef scudo::MapAllocator<scudo::MapAllocatorNoCache> Secondary;		typedef scudo::MapAllocator<scudo::MapAllocatorNoCache> Secondary;
template <class A> using TSDRegistryT = scudo::TSDRegistrySharedT<A, 1U>;		template <class A> using TSDRegistryT = scudo::TSDRegistrySharedT<A, 1U>;
};		};

TEST(ScudoCombinedTest, DeathCombined) {		TEST(ScudoCombinedTest, DeathCombined) {
▲ Show 20 Lines • Show All 63 Lines • ▼ Show 20 Lines	TEST(ScudoCombinedTest, FullRegion) {
Allocator->reset();		Allocator->reset();

std::vector<void *> V;		std::vector<void *> V;
scudo::uptr FailedAllocationsCount = 0;		scudo::uptr FailedAllocationsCount = 0;
for (scudo::uptr ClassId = 1U;		for (scudo::uptr ClassId = 1U;
ClassId <= DeathConfig::DeathSizeClassMap::LargestClassId; ClassId++) {		ClassId <= DeathConfig::DeathSizeClassMap::LargestClassId; ClassId++) {
const scudo::uptr Size =		const scudo::uptr Size =
DeathConfig::DeathSizeClassMap::getSizeByClassId(ClassId);		DeathConfig::DeathSizeClassMap::getSizeByClassId(ClassId);
const scudo::uptr MaxNumberOfChunks = (1U << DeathRegionSizeLog) / Size;		// Allocate enough to fill all of the regions above this one.
		const scudo::uptr MaxNumberOfChunks =
		((1U << DeathRegionSizeLog) / Size) *
		(DeathConfig::DeathSizeClassMap::LargestClassId - ClassId + 1);
void *P;		void *P;
for (scudo::uptr I = 0; I <= MaxNumberOfChunks; I++) {		for (scudo::uptr I = 0; I <= MaxNumberOfChunks; I++) {
P = Allocator->allocate(Size - 64U, Origin);		P = Allocator->allocate(Size - 64U, Origin);
if (!P)		if (!P)
FailedAllocationsCount++;		FailedAllocationsCount++;
else		else
V.push_back(P);		V.push_back(P);
}		}
}
while (!V.empty()) {		while (!V.empty()) {
Allocator->deallocate(V.back(), Origin);		Allocator->deallocate(V.back(), Origin);
V.pop_back();		V.pop_back();
}		}
		}
EXPECT_EQ(FailedAllocationsCount, 0U);		EXPECT_EQ(FailedAllocationsCount, 0U);
}		}