This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/lib/scudo/standalone/
-
lib/
-
scudo/
-
standalone/
-
chunk.h
8/19
combined.h
-
common.h
-
include/scudo/
-
scudo/
-
interface.h
-
tests/
-
chunk_test.cpp
1
combined_test.cpp
-
tsd_exclusive.h
-
tsd_shared.h
-
wrappers_c.inc

Differential D87739

scudo: Add an API for disabling memory initialization per-thread.
ClosedPublic

Authored by pcc on Sep 15 2020, 8:59 PM.

Download Raw Diff

Details

Reviewers

eugenis
hctim
cryptoad

Commits

rG7bd75b630144: scudo: Add an API for disabling memory initialization per-thread.

Summary

Here "memory initialization" refers to zero- or pattern-init on
non-MTE hardware, or (where possible to avoid) memory tagging on MTE
hardware. With shared TSD the per-thread memory initialization state
is stored in bit 0 of the TLS slot, similar to PointerIntPair in LLVM.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

pcc created this revision.Sep 15 2020, 8:59 PM

Herald added a project: Restricted Project. · View Herald TranscriptSep 15 2020, 8:59 PM

Herald added a subscriber: Restricted Project. · View Herald Transcript

pcc requested review of this revision.Sep 15 2020, 8:59 PM

This is the patch that I've been using to stress test my implementation:

diff --git a/compiler-rt/lib/scudo/standalone/combined.h b/compiler-rt/lib/scudo/standalone/combined.h
index 6c39b8f361e7..54ea5f487ac9 100644
--- a/compiler-rt/lib/scudo/standalone/combined.h
+++ b/compiler-rt/lib/scudo/standalone/combined.h
@@ -9,6 +9,8 @@
 #ifndef SCUDO_COMBINED_H_
 #define SCUDO_COMBINED_H_
 
+#include <stdlib.h>
+
 #include "chunk.h"
 #include "common.h"
 #include "flags.h"
@@ -268,6 +270,14 @@ public:
                           bool ZeroContents = false) {
     initThreadMaybe();
 
+    {
+      int R = rand();
+      if (R % 16 == 0)
+        TSDRegistry.setOption(Option::ThreadDisableMemInit, 0);
+      if (R % 16 == 1)
+        TSDRegistry.setOption(Option::ThreadDisableMemInit, 1);
+    }
+
 #ifdef GWP_ASAN_HOOKS
     if (UNLIKELY(GuardedAlloc.shouldSample())) {
       if (void *Ptr = GuardedAlloc.allocate(roundUpTo(Size, Alignment)))

With this applied and booting Android on FVP I sometimes get an application crash in com.android.settings or com.android.systemui. The tombstone starts like this:

Build fingerprint: 'Android/fvp/fvpbase:S/AOSP.MASTER/eng.pcc.20200813.203906:eng/test-keys'
Revision: '0'
ABI: 'arm64'
Timestamp: 2020-09-15 23:35:00.120584420+0000
pid: 1366, tid: 1707, name: RenderThread  >>> com.android.systemui <<<
uid: 10100
tagged_addr_ctrl: 000000000007fff5
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x35338100000010
    x0  0000007a599b10b0  x1  0a00007b9dcb2210  x2  0000000000000003  x3  0000000000000003
    x4  0000000000000000  x5  0000007a599b1400  x6  00000000000003ff  x7  0000000000000400
    x8  0000000000000002  x9  0000000000000003  x10 0000000000000002  x11 0000000000000013
    x12 0600007afdd915a0  x13 0000000000000002  x14 0035338100000000  x15 0000000000000007
    x16 0000007d6f9db4a0  x17 0000007d6f76c7c4  x18 0000007a50878000  x19 0a00007b9dcb2210
    x20 0000007a599b10b0  x21 0000007a599b0e40  x22 0000000000000003  x23 0000000000000003
    x24 0000007a599b0d78  x25 0000007a599b3000  x26 0000000000000000  x27 0d00007b9dcc7578
    x28 0000000000000000  x29 0000007a599b0cf0
    lr  0000007d6f814f38  sp  0000007a599b0ce0  pc  0000007d6f7e3e04  pst 0000000020001000

backtrace:
      #00 pc 00000000003e1e04  /system/lib64/libhwui.so (GrResourceAllocator::addInterval(GrSurfaceProxy*, unsigned int, unsigned int)+132) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
      #01 pc 0000000000412f34  /system/lib64/libhwui.so (GrProcessorSet::visitProxies(std::__1::function<void (GrSurfaceProxy*)> const&) const+304) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
      #02 pc 00000000003ded90  /system/lib64/libhwui.so (GrRenderTargetOpList::OpChain::visitProxies(std::__1::function<void (GrSurfaceProxy*)> const&, GrOp::VisitorType) const+76) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
      #03 pc 00000000003e0c60  /system/lib64/libhwui.so (GrRenderTargetOpList::gatherProxyIntervals(GrResourceAllocator*) const+296) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
      #04 pc 00000000003b9988  /system/lib64/libhwui.so (GrDrawingManager::flush(GrSurfaceProxy*, SkSurface::BackendSurfaceAccess, GrFlushFlags, int, GrBackendSemaphore*, void (*)(void*), void*)+1980) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
      #05 pc 00000000003ba2b8  /system/lib64/libhwui.so (GrDrawingManager::prepareSurfaceForExternalIO(GrSurfaceProxy*, SkSurface::BackendSurfaceAccess, GrFlushFlags, int, GrBackendSemaphore*, void (*)(void*), void*)+244) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
      #06 pc 00000000003dd038  /system/lib64/libhwui.so (GrRenderTargetContext::prepareForExternalIO(SkSurface::BackendSurfaceAccess, GrFlushFlags, int, GrBackendSemaphore*, void (*)(void*), void*)+252) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
      #07 pc 000000000018b0f4  /system/lib64/libhwui.so (android::uirenderer::skiapipeline::SkiaPipeline::renderFrame(android::uirenderer::LayerUpdateQueue const&, SkRect const&, std::__1::vector<android::sp<android::uirenderer::RenderNode>, std::__1::allocator<android::sp<android::uirenderer::RenderNode> > > const&, bool, android::uirenderer::Rect const&, sk_sp<SkSurface>, SkMatrix const&)+208) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
      #08 pc 0000000000188d04  /system/lib64/libhwui.so (android::uirenderer::skiapipeline::SkiaOpenGLPipeline::draw(android::uirenderer::renderthread::Frame const&, SkRect const&, SkRect const&, android::uirenderer::LightGeometry const&, android::uirenderer::LayerUpdateQueue*, android::uirenderer::Rect const&, bool, android::uirenderer::LightInfo const&, std::__1::vector<android::sp<android::uirenderer::RenderNode>, std::__1::allocator<android::sp<android::uirenderer::RenderNode> > > const&, android::uirenderer::FrameInfoVisualizer*)+496) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
      #09 pc 00000000001943e4  /system/lib64/libhwui.so (android::uirenderer::renderthread::CanvasContext::draw()+392) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
      #10 pc 000000000019636c  /system/lib64/libhwui.so (android::uirenderer::renderthread::DrawFrameTask::run()+428) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
      #11 pc 0000000000179dfc  /system/lib64/libhwui.so (android::uirenderer::WorkQueue::process()+400) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
      #12 pc 00000000001a56a8  /system/lib64/libhwui.so (android::uirenderer::renderthread::RenderThread::threadLoop()+128) (BuildId: ecfd2fad5f2e390ec6cf7b8577e85b87)
      #13 pc 0000000000014444  /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+260) (BuildId: dfc95e0a7c124e5bf890590bb0f3c55f)
      #14 pc 0000000000013cf8  /system/lib64/libutils.so (thread_data_t::trampoline(void*)+424) (BuildId: dfc95e0a7c124e5bf890590bb0f3c55f)
      #15 pc 00000000000af5fc  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+344) (BuildId: 6cd1bc2d17bd5e5999e53add462790e2)
      #16 pc 000000000004f448  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 6cd1bc2d17bd5e5999e53add462790e2)

And the top frame symbolizes to this line of code:
https://cs.android.com/android/platform/superproject/+/master:external/skia/src/core/SkTDynamicHash.h;l=98
which is accessing a pointer from a calloc'd region and expecting it to either be zero or a stored value, indicating that the memory was not zero initialized correctly.

Harbormaster completed remote builds in B71816: Diff 292083.Sep 15 2020, 9:30 PM

hctim added inline comments.Sep 16 2020, 11:07 AM

compiler-rt/lib/scudo/standalone/combined.h
498	Isn't this now broken under `dealloc_type_mismatch` and MTE?
556	same here, broken under dealloc_type_mismatch when memory is zeroed?

pcc added inline comments.Sep 16 2020, 11:51 AM

compiler-rt/lib/scudo/standalone/combined.h
498	No, because the field is intended to only have the "was zeroed" meaning while the chunk is not allocated. Note that the field is read before the call to `quarantineOrDeallocateChunk` later in this function causes it to take the "was zeroed" meaning.
556	This is before the call to `quarantineOrDeallocateChunk`.

hctim added inline comments.Sep 16 2020, 12:32 PM

compiler-rt/lib/scudo/standalone/combined.h
498	I see - thanks for the clarification. Maybe `OriginIfAliveOrWasZeroedIfDead`? A bit wordy (can't think of anything more concise right now), but otherwise it's a little hard to infer this which meaning applies at which time (especially given that `SizeOrUnusedBytes` has different semantics). Either that or a comment in the declaration explaining the semantics would probably suffice.

eugenis added inline comments.Sep 16 2020, 4:20 PM

compiler-rt/lib/scudo/standalone/combined.h
417	resizeTaggedChunk does not zero memory. I think this memset needs to cover the entire allocation?
417	Ah no, I misread. Ignore this.
428	Rename setRandomTag to setRandomTagAndZeroData ?

pcc added inline comments.Sep 16 2020, 5:01 PM

compiler-rt/lib/scudo/standalone/combined.h
417	I think the problem is related to this line actually. `resizeTaggedChunk` rounds up to 16 before it starts zeroing, so the memset needs to stop at the rounded-up original bound, otherwise it can leave the end of the original last granule uninitialized. I am testing this diff: @@ -414,12 +424,18 @@ public: // UAF tag. But if tagging was disabled per-thread when the memory // was freed, it would not have been retagged and thus zeroed, and // therefore it needs to be zeroed now. - memset(TaggedPtr, 0, Min(Size, PrevEnd - TaggedUserPtr)); + memset(TaggedPtr, 0, + Min(Size, roundUpTo(PrevEnd - TaggedUserPtr, + archMemoryTagGranuleSize()))); } else if (Size) { // Clear any stack metadata that may have previously been stored in // the chunk data.
428	Does that really need to be in the name of the function or would a comment be enough? I think most of the functions in memtag.h end up zeroing parts of the memory that they touch.

Fix bug, add test, address review comment

pcc added inline comments.Sep 16 2020, 7:26 PM

compiler-rt/lib/scudo/standalone/combined.h
417	Okay, this looks like this fixed the problem (stress tested on Android/FVP with a more rigorous version of my stress testing patch that verifies that calloc allocations are zeroed at allocation time). Also added a test case that fails with the previous version of my patch.
498	Added a comment in the declaration.

Harbormaster completed remote builds in B71968: Diff 292400.Sep 16 2020, 7:42 PM

eugenis added inline comments.Sep 17 2020, 12:42 PM

compiler-rt/lib/scudo/standalone/combined.h
410–420	This implies that MTE mode does not support pattern init - and it's also clear from the rest of the code. Should we have setFillContents do something about that? It does not have a return value, but it could complain in stderr (not sure it's a good idea) or fall back to zero-init.
428	Thanks. Does not have to be in the function name - it's just was something that made me go and look at the implementation.

pcc added inline comments.Sep 17 2020, 2:47 PM

compiler-rt/lib/scudo/standalone/combined.h
410–420	I think it would be fine to allow setting it to `PatternOrZeroFill` to go through without warning. As the name implies, it would be valid to implement it using zero init.

LGTM

compiler-rt/lib/scudo/standalone/combined.h
410–420	Yes, good point.
compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
535	make it a named constant, or use Ptrs.size()

This revision is now accepted and ready to land.Sep 17 2020, 3:13 PM

cryptoad added inline comments.Sep 17 2020, 3:28 PM

compiler-rt/lib/scudo/standalone/combined.h
1034	Looks like some tabs snuck in maybe? You might want to clang-format -style=llvm

eugenis added inline comments.Sep 17 2020, 3:31 PM

compiler-rt/lib/scudo/standalone/combined.h
1034	No, it's a new thing that Phabricator is doing when the code is re-indented :)

cryptoad added inline comments.Sep 17 2020, 3:39 PM

compiler-rt/lib/scudo/standalone/combined.h
1034	Ack!

This revision was landed with ongoing or failed builds.Sep 18 2020, 12:11 PM

Closed by commit rG7bd75b630144: scudo: Add an API for disabling memory initialization per-thread. (authored by pcc). · Explain Why

This revision was automatically updated to reflect the committed changes.

pcc added a commit: rG7bd75b630144: scudo: Add an API for disabling memory initialization per-thread..

Revision Contents

Path

Size

compiler-rt/

lib/

scudo/

standalone/

chunk.h

3 lines

combined.h

50 lines

common.h

2 lines

include/

scudo/

interface.h

8 lines

tests/

2 lines

41 lines

23 lines

16 lines

3 lines

Diff 292865

compiler-rt/lib/scudo/standalone/chunk.h

	Show First 20 Lines • Show All 59 Lines • ▼ Show 20 Lines

	enum State : u8 { Available = 0, Allocated = 1, Quarantined = 2 };			enum State : u8 { Available = 0, Allocated = 1, Quarantined = 2 };

	typedef u64 PackedHeader;			typedef u64 PackedHeader;
	// Update the 'Mask' constants to reflect changes in this structure.			// Update the 'Mask' constants to reflect changes in this structure.
	struct UnpackedHeader {			struct UnpackedHeader {
	uptr ClassId : 8;			uptr ClassId : 8;
	u8 State : 2;			u8 State : 2;
	u8 Origin : 2;			// Origin if State == Allocated, or WasZeroed otherwise.
				u8 OriginOrWasZeroed : 2;
	uptr SizeOrUnusedBytes : 20;			uptr SizeOrUnusedBytes : 20;
	uptr Offset : 16;			uptr Offset : 16;
	uptr Checksum : 16;			uptr Checksum : 16;
	};			};
	typedef atomic_u64 AtomicPackedHeader;			typedef atomic_u64 AtomicPackedHeader;
	static_assert(sizeof(UnpackedHeader) == sizeof(PackedHeader), "");			static_assert(sizeof(UnpackedHeader) == sizeof(PackedHeader), "");

	// Those constants are required to silence some -Werror=conversion errors when			// Those constants are required to silence some -Werror=conversion errors when
	▲ Show 20 Lines • Show All 78 Lines • Show Last 20 Lines

compiler-rt/lib/scudo/standalone/combined.h

Show First 20 Lines • Show All 269 Lines • ▼ Show 20 Lines

#ifdef GWP_ASAN_HOOKS		#ifdef GWP_ASAN_HOOKS
if (UNLIKELY(GuardedAlloc.shouldSample())) {		if (UNLIKELY(GuardedAlloc.shouldSample())) {
if (void *Ptr = GuardedAlloc.allocate(roundUpTo(Size, Alignment)))		if (void *Ptr = GuardedAlloc.allocate(roundUpTo(Size, Alignment)))
return Ptr;		return Ptr;
}		}
#endif // GWP_ASAN_HOOKS		#endif // GWP_ASAN_HOOKS

const FillContentsMode FillContents =		const FillContentsMode FillContents = ZeroContents ? ZeroFill
ZeroContents ? ZeroFill : Options.FillContents;		: TSDRegistry.getDisableMemInit()
		? NoFill
		: Options.FillContents;

if (UNLIKELY(Alignment > MaxAlignment)) {		if (UNLIKELY(Alignment > MaxAlignment)) {
if (Options.MayReturnNull)		if (Options.MayReturnNull)
return nullptr;		return nullptr;
reportAlignmentTooBig(Alignment, MaxAlignment);		reportAlignmentTooBig(Alignment, MaxAlignment);
}		}
if (UNLIKELY(Alignment < MinAlignment))		if (UNLIKELY(Alignment < MinAlignment))
Alignment = MinAlignment;		Alignment = MinAlignment;
▲ Show 20 Lines • Show All 112 Lines • ▼ Show 20 Lines	if (LIKELY(ClassId)) {
PrevUserPtr == UserPtr &&		PrevUserPtr == UserPtr &&
(TaggedUserPtr = loadTag(UserPtr)) != UserPtr) {		(TaggedUserPtr = loadTag(UserPtr)) != UserPtr) {
uptr PrevEnd = TaggedUserPtr + Header.SizeOrUnusedBytes;		uptr PrevEnd = TaggedUserPtr + Header.SizeOrUnusedBytes;
const uptr NextPage = roundUpTo(TaggedUserPtr, getPageSizeCached());		const uptr NextPage = roundUpTo(TaggedUserPtr, getPageSizeCached());
if (NextPage < PrevEnd && loadTag(NextPage) != NextPage)		if (NextPage < PrevEnd && loadTag(NextPage) != NextPage)
PrevEnd = NextPage;		PrevEnd = NextPage;
TaggedPtr = reinterpret_cast<void *>(TaggedUserPtr);		TaggedPtr = reinterpret_cast<void *>(TaggedUserPtr);
resizeTaggedChunk(PrevEnd, TaggedUserPtr + Size, BlockEnd);		resizeTaggedChunk(PrevEnd, TaggedUserPtr + Size, BlockEnd);
if (Size) {		if (UNLIKELY(FillContents != NoFill && !Header.OriginOrWasZeroed)) {
		// If an allocation needs to be zeroed (i.e. calloc) we can normally
		// avoid zeroing the memory now since we can rely on memory having
		// been zeroed on free, as this is normally done while setting the
		// UAF tag. But if tagging was disabled per-thread when the memory
		// was freed, it would not have been retagged and thus zeroed, and
		// therefore it needs to be zeroed now.
		memset(TaggedPtr, 0,
		eugenisUnsubmitted Not Done Reply Inline Actions resizeTaggedChunk does not zero memory. I think this memset needs to cover the entire allocation? eugenis: resizeTaggedChunk does not zero memory. I think this memset needs to cover the entire…
		eugenisUnsubmitted Not Done Reply Inline Actions Ah no, I misread. Ignore this. eugenis: Ah no, I misread. Ignore this.
		pccAuthorUnsubmitted Done Reply Inline Actions I think the problem is related to this line actually. `resizeTaggedChunk` rounds up to 16 before it starts zeroing, so the memset needs to stop at the rounded-up original bound, otherwise it can leave the end of the original last granule uninitialized. I am testing this diff: @@ -414,12 +424,18 @@ public: // UAF tag. But if tagging was disabled per-thread when the memory // was freed, it would not have been retagged and thus zeroed, and // therefore it needs to be zeroed now. - memset(TaggedPtr, 0, Min(Size, PrevEnd - TaggedUserPtr)); + memset(TaggedPtr, 0, + Min(Size, roundUpTo(PrevEnd - TaggedUserPtr, + archMemoryTagGranuleSize()))); } else if (Size) { // Clear any stack metadata that may have previously been stored in // the chunk data. pcc: I think the problem is related to this line actually. `resizeTaggedChunk` rounds up to 16…
		pccAuthorUnsubmitted Done Reply Inline Actions Okay, this looks like this fixed the problem (stress tested on Android/FVP with a more rigorous version of my stress testing patch that verifies that calloc allocations are zeroed at allocation time). Also added a test case that fails with the previous version of my patch. pcc: Okay, this looks like this fixed the problem (stress tested on Android/FVP with a more rigorous…
		Min(Size, roundUpTo(PrevEnd - TaggedUserPtr,
		archMemoryTagGranuleSize())));
		} else if (Size) {
		eugenisUnsubmitted Not Done Reply Inline Actions This implies that MTE mode does not support pattern init - and it's also clear from the rest of the code. Should we have setFillContents do something about that? It does not have a return value, but it could complain in stderr (not sure it's a good idea) or fall back to zero-init. eugenis: This implies that MTE mode does not support pattern init - and it's also clear from the rest of…
		pccAuthorUnsubmitted Done Reply Inline Actions I think it would be fine to allow setting it to `PatternOrZeroFill` to go through without warning. As the name implies, it would be valid to implement it using zero init. pcc: I think it would be fine to allow setting it to `PatternOrZeroFill` to go through without…
		eugenisUnsubmitted Not Done Reply Inline Actions Yes, good point. eugenis: Yes, good point.
// Clear any stack metadata that may have previously been stored in		// Clear any stack metadata that may have previously been stored in
// the chunk data.		// the chunk data.
memset(TaggedPtr, 0, archMemoryTagGranuleSize());		memset(TaggedPtr, 0, archMemoryTagGranuleSize());
}		}
} else {		} else {
const uptr OddEvenMask =		const uptr OddEvenMask =
computeOddEvenMaskForPointerMaybe(BlockUptr, BlockSize);		computeOddEvenMaskForPointerMaybe(BlockUptr, BlockSize);
TaggedPtr = prepareTaggedChunk(Ptr, Size, OddEvenMask, BlockEnd);		TaggedPtr = prepareTaggedChunk(Ptr, Size, OddEvenMask, BlockEnd);
		eugenisUnsubmitted Not Done Reply Inline Actions Rename setRandomTag to setRandomTagAndZeroData ? eugenis: Rename setRandomTag to setRandomTagAndZeroData ?
		pccAuthorUnsubmitted Done Reply Inline Actions Does that really need to be in the name of the function or would a comment be enough? I think most of the functions in memtag.h end up zeroing parts of the memory that they touch. pcc: Does that really need to be in the name of the function or would a comment be enough? I think…
		eugenisUnsubmitted Not Done Reply Inline Actions Thanks. Does not have to be in the function name - it's just was something that made me go and look at the implementation. eugenis: Thanks. Does not have to be in the function name - it's just was something that made me go and…
}		}
storeAllocationStackMaybe(Ptr);		storeAllocationStackMaybe(Ptr);
} else if (UNLIKELY(FillContents != NoFill)) {		} else if (UNLIKELY(FillContents != NoFill)) {
// This condition is not necessarily unlikely, but since memset is		// This condition is not necessarily unlikely, but since memset is
// costly, we might as well mark it as such.		// costly, we might as well mark it as such.
memset(Block, FillContents == ZeroFill ? 0 : PatternFillByte,		memset(Block, FillContents == ZeroFill ? 0 : PatternFillByte,
PrimaryT::getSizeByClassId(ClassId));		PrimaryT::getSizeByClassId(ClassId));
}		}
}		}

Chunk::UnpackedHeader Header = {};		Chunk::UnpackedHeader Header = {};
if (UNLIKELY(UnalignedUserPtr != UserPtr)) {		if (UNLIKELY(UnalignedUserPtr != UserPtr)) {
const uptr Offset = UserPtr - UnalignedUserPtr;		const uptr Offset = UserPtr - UnalignedUserPtr;
DCHECK_GE(Offset, 2 * sizeof(u32));		DCHECK_GE(Offset, 2 * sizeof(u32));
// The BlockMarker has no security purpose, but is specifically meant for		// The BlockMarker has no security purpose, but is specifically meant for
// the chunk iteration function that can be used in debugging situations.		// the chunk iteration function that can be used in debugging situations.
// It is the only situation where we have to locate the start of a chunk		// It is the only situation where we have to locate the start of a chunk
// based on its block address.		// based on its block address.
reinterpret_cast<u32 *>(Block)[0] = BlockMarker;		reinterpret_cast<u32 *>(Block)[0] = BlockMarker;
reinterpret_cast<u32 *>(Block)[1] = static_cast<u32>(Offset);		reinterpret_cast<u32 *>(Block)[1] = static_cast<u32>(Offset);
Header.Offset = (Offset >> MinAlignmentLog) & Chunk::OffsetMask;		Header.Offset = (Offset >> MinAlignmentLog) & Chunk::OffsetMask;
}		}
Header.ClassId = ClassId & Chunk::ClassIdMask;		Header.ClassId = ClassId & Chunk::ClassIdMask;
Header.State = Chunk::State::Allocated;		Header.State = Chunk::State::Allocated;
Header.Origin = Origin & Chunk::OriginMask;		Header.OriginOrWasZeroed = Origin & Chunk::OriginMask;
Header.SizeOrUnusedBytes =		Header.SizeOrUnusedBytes =
(ClassId ? Size : SecondaryBlockEnd - (UserPtr + Size)) &		(ClassId ? Size : SecondaryBlockEnd - (UserPtr + Size)) &
Chunk::SizeOrUnusedBytesMask;		Chunk::SizeOrUnusedBytesMask;
Chunk::storeHeader(Cookie, Ptr, &Header);		Chunk::storeHeader(Cookie, Ptr, &Header);

if (&__scudo_allocate_hook)		if (&__scudo_allocate_hook)
__scudo_allocate_hook(TaggedPtr, Size);		__scudo_allocate_hook(TaggedPtr, Size);

Show All 28 Lines	#endif // GWP_ASAN_HOOKS
Ptr = untagPointerMaybe(Ptr);		Ptr = untagPointerMaybe(Ptr);

Chunk::UnpackedHeader Header;		Chunk::UnpackedHeader Header;
Chunk::loadHeader(Cookie, Ptr, &Header);		Chunk::loadHeader(Cookie, Ptr, &Header);

if (UNLIKELY(Header.State != Chunk::State::Allocated))		if (UNLIKELY(Header.State != Chunk::State::Allocated))
reportInvalidChunkState(AllocatorAction::Deallocating, Ptr);		reportInvalidChunkState(AllocatorAction::Deallocating, Ptr);
if (Options.DeallocTypeMismatch) {		if (Options.DeallocTypeMismatch) {
if (Header.Origin != Origin) {		if (Header.OriginOrWasZeroed != Origin) {
		hctimUnsubmitted Not Done Reply Inline Actions Isn't this now broken under `dealloc_type_mismatch` and MTE? hctim: Isn't this now broken under `dealloc_type_mismatch` and MTE?
		pccAuthorUnsubmitted Done Reply Inline Actions No, because the field is intended to only have the "was zeroed" meaning while the chunk is not allocated. Note that the field is read before the call to `quarantineOrDeallocateChunk` later in this function causes it to take the "was zeroed" meaning. pcc: No, because the field is intended to only have the "was zeroed" meaning while the chunk is not…
		hctimUnsubmitted Not Done Reply Inline Actions I see - thanks for the clarification. Maybe `OriginIfAliveOrWasZeroedIfDead`? A bit wordy (can't think of anything more concise right now), but otherwise it's a little hard to infer this which meaning applies at which time (especially given that `SizeOrUnusedBytes` has different semantics). Either that or a comment in the declaration explaining the semantics would probably suffice. hctim: I see - thanks for the clarification. Maybe `OriginIfAliveOrWasZeroedIfDead`? A bit wordy…
		pccAuthorUnsubmitted Done Reply Inline Actions Added a comment in the declaration. pcc: Added a comment in the declaration.
// With the exception of memalign'd chunks, that can be still be free'd.		// With the exception of memalign'd chunks, that can be still be free'd.
if (UNLIKELY(Header.Origin != Chunk::Origin::Memalign \|\|		if (UNLIKELY(Header.OriginOrWasZeroed != Chunk::Origin::Memalign \|\|
Origin != Chunk::Origin::Malloc))		Origin != Chunk::Origin::Malloc))
reportDeallocTypeMismatch(AllocatorAction::Deallocating, Ptr,		reportDeallocTypeMismatch(AllocatorAction::Deallocating, Ptr,
Header.Origin, Origin);		Header.OriginOrWasZeroed, Origin);
}		}
}		}

const uptr Size = getSize(Ptr, &Header);		const uptr Size = getSize(Ptr, &Header);
if (DeleteSize && Options.DeleteSizeMismatch) {		if (DeleteSize && Options.DeleteSizeMismatch) {
if (UNLIKELY(DeleteSize != Size))		if (UNLIKELY(DeleteSize != Size))
reportDeleteSizeMismatch(Ptr, DeleteSize, Size);		reportDeleteSizeMismatch(Ptr, DeleteSize, Size);
}		}
Show All 36 Lines	#endif // GWP_ASAN_HOOKS

if (UNLIKELY(OldHeader.State != Chunk::State::Allocated))		if (UNLIKELY(OldHeader.State != Chunk::State::Allocated))
reportInvalidChunkState(AllocatorAction::Reallocating, OldPtr);		reportInvalidChunkState(AllocatorAction::Reallocating, OldPtr);

// Pointer has to be allocated with a malloc-type function. Some		// Pointer has to be allocated with a malloc-type function. Some
// applications think that it is OK to realloc a memalign'ed pointer, which		// applications think that it is OK to realloc a memalign'ed pointer, which
// will trigger this check. It really isn't.		// will trigger this check. It really isn't.
if (Options.DeallocTypeMismatch) {		if (Options.DeallocTypeMismatch) {
if (UNLIKELY(OldHeader.Origin != Chunk::Origin::Malloc))		if (UNLIKELY(OldHeader.OriginOrWasZeroed != Chunk::Origin::Malloc))
		hctimUnsubmitted Not Done Reply Inline Actions same here, broken under dealloc_type_mismatch when memory is zeroed? hctim: same here, broken under dealloc_type_mismatch when memory is zeroed?
		pccAuthorUnsubmitted Done Reply Inline Actions This is before the call to `quarantineOrDeallocateChunk`. pcc: This is before the call to `quarantineOrDeallocateChunk`.
reportDeallocTypeMismatch(AllocatorAction::Reallocating, OldPtr,		reportDeallocTypeMismatch(AllocatorAction::Reallocating, OldPtr,
OldHeader.Origin, Chunk::Origin::Malloc);		OldHeader.OriginOrWasZeroed,
		Chunk::Origin::Malloc);
}		}

void *BlockBegin = getBlockBegin(OldPtr, &OldHeader);		void *BlockBegin = getBlockBegin(OldPtr, &OldHeader);
uptr BlockEnd;		uptr BlockEnd;
uptr OldSize;		uptr OldSize;
const uptr ClassId = OldHeader.ClassId;		const uptr ClassId = OldHeader.ClassId;
if (LIKELY(ClassId)) {		if (LIKELY(ClassId)) {
BlockEnd = reinterpret_cast<uptr>(BlockBegin) +		BlockEnd = reinterpret_cast<uptr>(BlockBegin) +
▲ Show 20 Lines • Show All 457 Lines • ▼ Show 20 Lines	return SecondaryT::getBlockEnd(getBlockBegin(Ptr, Header)) -
reinterpret_cast<uptr>(Ptr) - SizeOrUnusedBytes;		reinterpret_cast<uptr>(Ptr) - SizeOrUnusedBytes;
}		}

void quarantineOrDeallocateChunk(void Ptr, Chunk::UnpackedHeader Header,		void quarantineOrDeallocateChunk(void Ptr, Chunk::UnpackedHeader Header,
uptr Size) {		uptr Size) {
Chunk::UnpackedHeader NewHeader = *Header;		Chunk::UnpackedHeader NewHeader = *Header;
if (UNLIKELY(NewHeader.ClassId && useMemoryTagging())) {		if (UNLIKELY(NewHeader.ClassId && useMemoryTagging())) {
u8 PrevTag = extractTag(loadTag(reinterpret_cast<uptr>(Ptr)));		u8 PrevTag = extractTag(loadTag(reinterpret_cast<uptr>(Ptr)));
		if (!TSDRegistry.getDisableMemInit()) {
uptr TaggedBegin, TaggedEnd;		uptr TaggedBegin, TaggedEnd;
		cryptoadUnsubmitted Not Done Reply Inline Actions Looks like some tabs snuck in maybe? You might want to clang-format -style=llvm cryptoad: Looks like some tabs snuck in maybe? You might want to clang-format -style=llvm
		eugenisUnsubmitted Not Done Reply Inline Actions No, it's a new thing that Phabricator is doing when the code is re-indented :) eugenis: No, it's a new thing that Phabricator is doing when the code is re-indented :)
		cryptoadUnsubmitted Done Reply Inline Actions Ack! cryptoad: Ack!
const uptr OddEvenMask = computeOddEvenMaskForPointerMaybe(		const uptr OddEvenMask = computeOddEvenMaskForPointerMaybe(
reinterpret_cast<uptr>(getBlockBegin(Ptr, &NewHeader)),		reinterpret_cast<uptr>(getBlockBegin(Ptr, &NewHeader)),
SizeClassMap::getSizeByClassId(NewHeader.ClassId));		SizeClassMap::getSizeByClassId(NewHeader.ClassId));
// Exclude the previous tag so that immediate use after free is detected		// Exclude the previous tag so that immediate use after free is detected
// 100% of the time.		// 100% of the time.
setRandomTag(Ptr, Size, OddEvenMask \| (1UL << PrevTag), &TaggedBegin,		setRandomTag(Ptr, Size, OddEvenMask \| (1UL << PrevTag), &TaggedBegin,
&TaggedEnd);		&TaggedEnd);
		}
		NewHeader.OriginOrWasZeroed = !TSDRegistry.getDisableMemInit();
storeDeallocationStackMaybe(Ptr, PrevTag);		storeDeallocationStackMaybe(Ptr, PrevTag);
}		}
// If the quarantine is disabled, the actual size of a chunk is 0 or larger		// If the quarantine is disabled, the actual size of a chunk is 0 or larger
// than the maximum allowed, we return a chunk directly to the backend.		// than the maximum allowed, we return a chunk directly to the backend.
// Logical Or can be short-circuited, which introduces unnecessary		// Logical Or can be short-circuited, which introduces unnecessary
// conditional jumps, so use bitwise Or and let the compiler be clever.		// conditional jumps, so use bitwise Or and let the compiler be clever.
const bool BypassQuarantine = !Quarantine.getCacheSize() \| !Size \|		const bool BypassQuarantine = !Quarantine.getCacheSize() \| !Size \|
(Size > Options.QuarantineMaxChunkSize);		(Size > Options.QuarantineMaxChunkSize);
▲ Show 20 Lines • Show All 72 Lines • Show Last 20 Lines

compiler-rt/lib/scudo/standalone/common.h

Show First 20 Lines • Show All 179 Lines • ▼ Show 20 Lines	struct BlockInfo {
uptr BlockSize;		uptr BlockSize;
uptr RegionBegin;		uptr RegionBegin;
uptr RegionEnd;		uptr RegionEnd;
};		};

enum class Option : u8 {		enum class Option : u8 {
ReleaseInterval, // Release to OS interval in milliseconds.		ReleaseInterval, // Release to OS interval in milliseconds.
MemtagTuning, // Whether to tune tagging for UAF or overflow.		MemtagTuning, // Whether to tune tagging for UAF or overflow.
		ThreadDisableMemInit, // Whether to disable automatic heap initialization and,
		// where possible, memory tagging, on this thread.
MaxCacheEntriesCount, // Maximum number of blocks that can be cached.		MaxCacheEntriesCount, // Maximum number of blocks that can be cached.
MaxCacheEntrySize, // Maximum size of a block that can be cached.		MaxCacheEntrySize, // Maximum size of a block that can be cached.
MaxTSDsCount, // Number of usable TSDs for the shared registry.		MaxTSDsCount, // Number of usable TSDs for the shared registry.
};		};

constexpr unsigned char PatternFillByte = 0xAB;		constexpr unsigned char PatternFillByte = 0xAB;

enum FillContentsMode {		enum FillContentsMode {
Show All 9 Lines

compiler-rt/lib/scudo/standalone/include/scudo/interface.h

	Show First 20 Lines • Show All 115 Lines • ▼ Show 20 Lines

	// Tune the allocator's choice of memory tags to make it more likely that			// Tune the allocator's choice of memory tags to make it more likely that
	// a certain class of memory errors will be detected. The value argument should			// a certain class of memory errors will be detected. The value argument should
	// be one of the enumerators of the scudo_memtag_tuning enum below.			// be one of the enumerators of the scudo_memtag_tuning enum below.
	#ifndef M_MEMTAG_TUNING			#ifndef M_MEMTAG_TUNING
	#define M_MEMTAG_TUNING -102			#define M_MEMTAG_TUNING -102
	#endif			#endif

				// Per-thread memory initialization tuning. The value argument should be one of:
				// 1: Disable automatic heap initialization and, where possible, memory tagging,
				// on this thread.
				// 0: Normal behavior.
				#ifndef M_THREAD_DISABLE_MEM_INIT
				#define M_THREAD_DISABLE_MEM_INIT -103
				#endif

	#ifndef M_CACHE_COUNT_MAX			#ifndef M_CACHE_COUNT_MAX
	#define M_CACHE_COUNT_MAX -200			#define M_CACHE_COUNT_MAX -200
	#endif			#endif

	#ifndef M_CACHE_SIZE_MAX			#ifndef M_CACHE_SIZE_MAX
	#define M_CACHE_SIZE_MAX -201			#define M_CACHE_SIZE_MAX -201
	#endif			#endif

	Show All 15 Lines

compiler-rt/lib/scudo/standalone/tests/chunk_test.cpp

Show All 35 Lines	TEST(ScudoChunkTest, ChunkBasic) {
EXPECT_DEATH(scudo::Chunk::loadHeader(InvalidCookie, P, &Header), "");		EXPECT_DEATH(scudo::Chunk::loadHeader(InvalidCookie, P, &Header), "");
free(Block);		free(Block);
}		}

TEST(ScudoChunkTest, ChunkCmpXchg) {		TEST(ScudoChunkTest, ChunkCmpXchg) {
initChecksum();		initChecksum();
const scudo::uptr Size = 0x100U;		const scudo::uptr Size = 0x100U;
scudo::Chunk::UnpackedHeader OldHeader = {};		scudo::Chunk::UnpackedHeader OldHeader = {};
OldHeader.Origin = scudo::Chunk::Origin::Malloc;		OldHeader.OriginOrWasZeroed = scudo::Chunk::Origin::Malloc;
OldHeader.ClassId = 0x42U;		OldHeader.ClassId = 0x42U;
OldHeader.SizeOrUnusedBytes = Size;		OldHeader.SizeOrUnusedBytes = Size;
OldHeader.State = scudo::Chunk::State::Allocated;		OldHeader.State = scudo::Chunk::State::Allocated;
void *Block = malloc(HeaderSize + Size);		void *Block = malloc(HeaderSize + Size);
void P = reinterpret_cast<void >(reinterpret_cast<scudo::uptr>(Block) +		void P = reinterpret_cast<void >(reinterpret_cast<scudo::uptr>(Block) +
HeaderSize);		HeaderSize);
scudo::Chunk::storeHeader(Cookie, P, &OldHeader);		scudo::Chunk::storeHeader(Cookie, P, &OldHeader);
memset(P, 'A', Size);		memset(P, 'A', Size);
Show All 28 Lines

compiler-rt/lib/scudo/standalone/tests/combined_test.cpp

Show First 20 Lines • Show All 506 Lines • ▼ Show 20 Lines	for (unsigned I = 0; I != 65536; ++I) {
CheckOddEven(P, P + Size);		CheckOddEven(P, P + Size);
break;		break;
}		}
Ptrs.insert(P);		Ptrs.insert(P);
}		}
EXPECT_TRUE(Found);		EXPECT_TRUE(Found);
}		}
}		}

		TEST(ScudoCombinedTest, DisableMemInit) {
		using AllocatorT = TestAllocator<scudo::AndroidConfig>;
		using SizeClassMap = AllocatorT::PrimaryT::SizeClassMap;
		auto Allocator = std::unique_ptr<AllocatorT>(new AllocatorT());

		std::vector<void *> Ptrs(65536, nullptr);

		Allocator->setOption(scudo::Option::ThreadDisableMemInit, 1);

		constexpr scudo::uptr MinAlignLog = FIRST_32_SECOND_64(3U, 4U);

		// Test that if mem-init is disabled on a thread, calloc should still work as
		// expected. This is tricky to ensure when MTE is enabled, so this test tries
		// to exercise the relevant code on our MTE path.
		for (scudo::uptr ClassId = 1U; ClassId <= 8; ClassId++) {
		const scudo::uptr Size =
		SizeClassMap::getSizeByClassId(ClassId) - scudo::Chunk::getHeaderSize();
		if (Size < 8)
		continue;
		for (unsigned I = 0; I != Ptrs.size(); ++I) {
		eugenisUnsubmitted Not Done Reply Inline Actions make it a named constant, or use Ptrs.size() eugenis: make it a named constant, or use Ptrs.size()
		Ptrs[I] = Allocator->allocate(Size, Origin);
		memset(Ptrs[I], 0xaa, Size);
		}
		for (unsigned I = 0; I != Ptrs.size(); ++I)
		Allocator->deallocate(Ptrs[I], Origin, Size);
		for (unsigned I = 0; I != Ptrs.size(); ++I) {
		Ptrs[I] = Allocator->allocate(Size - 8, Origin);
		memset(Ptrs[I], 0xbb, Size - 8);
		}
		for (unsigned I = 0; I != Ptrs.size(); ++I)
		Allocator->deallocate(Ptrs[I], Origin, Size - 8);
		for (unsigned I = 0; I != Ptrs.size(); ++I) {
		Ptrs[I] = Allocator->allocate(Size, Origin, 1U << MinAlignLog, true);
		for (scudo::uptr J = 0; J < Size; ++J)
		ASSERT_EQ((reinterpret_cast<char *>(Ptrs[I]))[J], 0);
		}
		}

		Allocator->setOption(scudo::Option::ThreadDisableMemInit, 0);
		}

compiler-rt/lib/scudo/standalone/tsd_exclusive.h

//===-- tsd_exclusive.h ------------------------------------------ C++ --===//		//===-- tsd_exclusive.h ------------------------------------------ C++ --===//
//		//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.		// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.		// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception		// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//		//
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//

#ifndef SCUDO_TSD_EXCLUSIVE_H_		#ifndef SCUDO_TSD_EXCLUSIVE_H_
#define SCUDO_TSD_EXCLUSIVE_H_		#define SCUDO_TSD_EXCLUSIVE_H_

#include "tsd.h"		#include "tsd.h"

namespace scudo {		namespace scudo {

enum class ThreadState : u8 {		struct ThreadState {
		bool DisableMemInit : 1;
		enum {
NotInitialized = 0,		NotInitialized = 0,
Initialized,		Initialized,
TornDown,		TornDown,
		} InitState : 2;
};		};

template <class Allocator> void teardownThread(void *Ptr);		template <class Allocator> void teardownThread(void *Ptr);

template <class Allocator> struct TSDRegistryExT {		template <class Allocator> struct TSDRegistryExT {
void initLinkerInitialized(Allocator *Instance) {		void initLinkerInitialized(Allocator *Instance) {
Instance->initLinkerInitialized();		Instance->initLinkerInitialized();
CHECK_EQ(pthread_key_create(&PThreadKey, teardownThread<Allocator>), 0);		CHECK_EQ(pthread_key_create(&PThreadKey, teardownThread<Allocator>), 0);
FallbackTSD.initLinkerInitialized(Instance);		FallbackTSD.initLinkerInitialized(Instance);
Initialized = true;		Initialized = true;
}		}
void init(Allocator *Instance) {		void init(Allocator *Instance) {
memset(this, 0, sizeof(*this));		memset(this, 0, sizeof(*this));
initLinkerInitialized(Instance);		initLinkerInitialized(Instance);
}		}

void unmapTestOnly() {}		void unmapTestOnly() {}

ALWAYS_INLINE void initThreadMaybe(Allocator *Instance, bool MinimalInit) {		ALWAYS_INLINE void initThreadMaybe(Allocator *Instance, bool MinimalInit) {
if (LIKELY(State != ThreadState::NotInitialized))		if (LIKELY(State.InitState != ThreadState::NotInitialized))
return;		return;
initThread(Instance, MinimalInit);		initThread(Instance, MinimalInit);
}		}

ALWAYS_INLINE TSD<Allocator> getTSDAndLock(bool UnlockRequired) {		ALWAYS_INLINE TSD<Allocator> getTSDAndLock(bool UnlockRequired) {
if (LIKELY(State == ThreadState::Initialized &&		if (LIKELY(State.InitState == ThreadState::Initialized &&
!atomic_load(&Disabled, memory_order_acquire))) {		!atomic_load(&Disabled, memory_order_acquire))) {
*UnlockRequired = false;		*UnlockRequired = false;
return &ThreadTSD;		return &ThreadTSD;
}		}
FallbackTSD.lock();		FallbackTSD.lock();
*UnlockRequired = true;		*UnlockRequired = true;
return &FallbackTSD;		return &FallbackTSD;
}		}

// To disable the exclusive TSD registry, we effectively lock the fallback TSD		// To disable the exclusive TSD registry, we effectively lock the fallback TSD
// and force all threads to attempt to use it instead of their local one.		// and force all threads to attempt to use it instead of their local one.
void disable() {		void disable() {
Mutex.lock();		Mutex.lock();
FallbackTSD.lock();		FallbackTSD.lock();
atomic_store(&Disabled, 1U, memory_order_release);		atomic_store(&Disabled, 1U, memory_order_release);
}		}

void enable() {		void enable() {
atomic_store(&Disabled, 0U, memory_order_release);		atomic_store(&Disabled, 0U, memory_order_release);
FallbackTSD.unlock();		FallbackTSD.unlock();
Mutex.unlock();		Mutex.unlock();
}		}

bool setOption(Option O, UNUSED sptr Value) {		bool setOption(Option O, UNUSED sptr Value) {
		if (O == Option::ThreadDisableMemInit)
		State.DisableMemInit = Value;
if (O == Option::MaxTSDsCount)		if (O == Option::MaxTSDsCount)
return false;		return false;
return true;		return true;
}		}

		bool getDisableMemInit() { return State.DisableMemInit; }

private:		private:
void initOnceMaybe(Allocator *Instance) {		void initOnceMaybe(Allocator *Instance) {
ScopedLock L(Mutex);		ScopedLock L(Mutex);
if (LIKELY(Initialized))		if (LIKELY(Initialized))
return;		return;
initLinkerInitialized(Instance); // Sets Initialized.		initLinkerInitialized(Instance); // Sets Initialized.
}		}

// Using minimal initialization allows for global initialization while keeping		// Using minimal initialization allows for global initialization while keeping
// the thread specific structure untouched. The fallback structure will be		// the thread specific structure untouched. The fallback structure will be
// used instead.		// used instead.
NOINLINE void initThread(Allocator *Instance, bool MinimalInit) {		NOINLINE void initThread(Allocator *Instance, bool MinimalInit) {
initOnceMaybe(Instance);		initOnceMaybe(Instance);
if (UNLIKELY(MinimalInit))		if (UNLIKELY(MinimalInit))
return;		return;
CHECK_EQ(		CHECK_EQ(
pthread_setspecific(PThreadKey, reinterpret_cast<void *>(Instance)), 0);		pthread_setspecific(PThreadKey, reinterpret_cast<void *>(Instance)), 0);
ThreadTSD.initLinkerInitialized(Instance);		ThreadTSD.initLinkerInitialized(Instance);
State = ThreadState::Initialized;		State.InitState = ThreadState::Initialized;
Instance->callPostInitCallback();		Instance->callPostInitCallback();
}		}

pthread_key_t PThreadKey;		pthread_key_t PThreadKey;
bool Initialized;		bool Initialized;
atomic_u8 Disabled;		atomic_u8 Disabled;
TSD<Allocator> FallbackTSD;		TSD<Allocator> FallbackTSD;
HybridMutex Mutex;		HybridMutex Mutex;
Show All 19 Lines	template <class Allocator> void teardownThread(void *Ptr) {
if (TSDRegistryT::ThreadTSD.DestructorIterations > 1) {		if (TSDRegistryT::ThreadTSD.DestructorIterations > 1) {
TSDRegistryT::ThreadTSD.DestructorIterations--;		TSDRegistryT::ThreadTSD.DestructorIterations--;
// If pthread_setspecific fails, we will go ahead with the teardown.		// If pthread_setspecific fails, we will go ahead with the teardown.
if (LIKELY(pthread_setspecific(Instance->getTSDRegistry()->PThreadKey,		if (LIKELY(pthread_setspecific(Instance->getTSDRegistry()->PThreadKey,
Ptr) == 0))		Ptr) == 0))
return;		return;
}		}
TSDRegistryT::ThreadTSD.commitBack(Instance);		TSDRegistryT::ThreadTSD.commitBack(Instance);
TSDRegistryT::State = ThreadState::TornDown;		TSDRegistryT::State.InitState = ThreadState::TornDown;
}		}

} // namespace scudo		} // namespace scudo

#endif // SCUDO_TSD_EXCLUSIVE_H_		#endif // SCUDO_TSD_EXCLUSIVE_H_

compiler-rt/lib/scudo/standalone/tsd_shared.h

Show First 20 Lines • Show All 77 Lines • ▼ Show 20 Lines	void enable() {
for (s32 I = static_cast<s32>(TSDsArraySize - 1); I >= 0; I--)		for (s32 I = static_cast<s32>(TSDsArraySize - 1); I >= 0; I--)
TSDs[I].unlock();		TSDs[I].unlock();
Mutex.unlock();		Mutex.unlock();
}		}

bool setOption(Option O, sptr Value) {		bool setOption(Option O, sptr Value) {
if (O == Option::MaxTSDsCount)		if (O == Option::MaxTSDsCount)
return setNumberOfTSDs(static_cast<u32>(Value));		return setNumberOfTSDs(static_cast<u32>(Value));
		if (O == Option::ThreadDisableMemInit)
		setDisableMemInit(Value);
// Not supported by the TSD Registry, but not an error either.		// Not supported by the TSD Registry, but not an error either.
return true;		return true;
}		}

		bool getDisableMemInit() const { return *getTlsPtr() & 1; }

private:		private:
ALWAYS_INLINE uptr *getTlsPtr() const {		ALWAYS_INLINE uptr *getTlsPtr() const {
#if SCUDO_HAS_PLATFORM_TLS_SLOT		#if SCUDO_HAS_PLATFORM_TLS_SLOT
return reinterpret_cast<uptr *>(getPlatformAllocatorTlsSlot());		return reinterpret_cast<uptr *>(getPlatformAllocatorTlsSlot());
#else		#else
static thread_local uptr ThreadTSD;		static thread_local uptr ThreadTSD;
return &ThreadTSD;		return &ThreadTSD;
#endif		#endif
}		}

		static_assert(alignof(TSD<Allocator>) >= 2, "");

ALWAYS_INLINE void setCurrentTSD(TSD<Allocator> *CurrentTSD) {		ALWAYS_INLINE void setCurrentTSD(TSD<Allocator> *CurrentTSD) {
*getTlsPtr() = reinterpret_cast<uptr>(CurrentTSD);		*getTlsPtr() &= 1;
		*getTlsPtr() \|= reinterpret_cast<uptr>(CurrentTSD);
}		}

ALWAYS_INLINE TSD<Allocator> *getCurrentTSD() {		ALWAYS_INLINE TSD<Allocator> *getCurrentTSD() {
return reinterpret_cast<TSD<Allocator> >(getTlsPtr());		return reinterpret_cast<TSD<Allocator> >(getTlsPtr() & ~1ULL);
}		}

bool setNumberOfTSDs(u32 N) {		bool setNumberOfTSDs(u32 N) {
ScopedLock L(MutexTSDs);		ScopedLock L(MutexTSDs);
if (N < NumberOfTSDs)		if (N < NumberOfTSDs)
return false;		return false;
if (N > TSDsArraySize)		if (N > TSDsArraySize)
N = TSDsArraySize;		N = TSDsArraySize;
Show All 12 Lines	for (u32 I = 0; I < N; I++) {
B = T % B;		B = T % B;
}		}
if (A == 1)		if (A == 1)
CoPrimes[NumberOfCoPrimes++] = I + 1;		CoPrimes[NumberOfCoPrimes++] = I + 1;
}		}
return true;		return true;
}		}

		void setDisableMemInit(bool B) {
		*getTlsPtr() &= ~1ULL;
		*getTlsPtr() \|= B;
		}

void initOnceMaybe(Allocator *Instance) {		void initOnceMaybe(Allocator *Instance) {
ScopedLock L(Mutex);		ScopedLock L(Mutex);
if (LIKELY(Initialized))		if (LIKELY(Initialized))
return;		return;
initLinkerInitialized(Instance); // Sets Initialized.		initLinkerInitialized(Instance); // Sets Initialized.
}		}

NOINLINE void initThread(Allocator *Instance) {		NOINLINE void initThread(Allocator *Instance) {
▲ Show 20 Lines • Show All 64 Lines • Show Last 20 Lines

compiler-rt/lib/scudo/standalone/wrappers_c.inc

Show First 20 Lines • Show All 173 Lines • ▼ Show 20 Lines	if (param == M_DECAY_TIME) {
SCUDO_ALLOCATOR.releaseToOS();		SCUDO_ALLOCATOR.releaseToOS();
return 1;		return 1;
} else {		} else {
scudo::Option option;		scudo::Option option;
switch (param) {		switch (param) {
case M_MEMTAG_TUNING:		case M_MEMTAG_TUNING:
option = scudo::Option::MemtagTuning;		option = scudo::Option::MemtagTuning;
break;		break;
		case M_THREAD_DISABLE_MEM_INIT:
		option = scudo::Option::ThreadDisableMemInit;
		break;
case M_CACHE_COUNT_MAX:		case M_CACHE_COUNT_MAX:
option = scudo::Option::MaxCacheEntriesCount;		option = scudo::Option::MaxCacheEntriesCount;
break;		break;
case M_CACHE_SIZE_MAX:		case M_CACHE_SIZE_MAX:
option = scudo::Option::MaxCacheEntrySize;		option = scudo::Option::MaxCacheEntrySize;
break;		break;
case M_TSDS_COUNT_MAX:		case M_TSDS_COUNT_MAX:
option = scudo::Option::MaxTSDsCount;		option = scudo::Option::MaxTSDsCount;
▲ Show 20 Lines • Show All 75 Lines • Show Last 20 Lines