This is an archive of the discontinued LLVM Phabricator instance.

Differential D90195

[GWP-ASan] Abstract the thread local variables access
ClosedPublic

Authored by cryptoad on Oct 26 2020, 2:54 PM.

Details

Reviewers
hctim
eugenis
mcgrathr
Commits
rG90678f65ae47: [GWP-ASan] Abstract the thread local variables access
Summary

In a similar fashion to D87420 for Scudo, this CL introduces a way to
get thread local variables via a platform-specific reserved TLS slot,
since Fuchsia doesn't support ELF TLS from the libc itself.

If needing to use this, a platform will have to define
GWP_ASAN_HAS_PLATFORM_TLS_SLOT and provide gwp_asan_platform_tls_slot.h
which will define a uint64_t *getPlatformGwpAsanTlsSlot() function
that will return the TLS word of storage.

I snuck in a couple of cleanup items as well, moving some static
functions to anonymous namespace for consistency.

Diff Detail

Event Timeline

cryptoad created this revision.Oct 26 2020, 2:54 PM
Herald added a project: Restricted Project. · View Herald TranscriptOct 26 2020, 2:54 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
cryptoad requested review of this revision.Oct 26 2020, 2:54 PM
Harbormaster completed remote builds in B76471: Diff 300799.Oct 26 2020, 3:36 PM
mcgrathr accepted this revision.Oct 26 2020, 4:23 PM

This is fine as is but there's really no need to carefully pack it into a uint64_t. It would be fine for Fuchsia's special header to have to meet some less trivial API. The main complexity there would be just figuring out the header arrangement so that Fuchsia's header could #include something to define the types it's supposed to use. But AFAICT it doesn't really need to be in guarded_pool_allocator.h like this. That generic header could just declare static ThreadLocalPackedVariables *getThreadLocals();. Then the platform header can provide the inline defn outside the class scope, and that header only needs to be used in guarded_pool_allocator.cpp itself.

compiler-rt/lib/gwp_asan/guarded_pool_allocator.h
210

Seems like this should be static since it can never return something that's actually specific to the instance.

This revision is now accepted and ready to land.Oct 26 2020, 4:23 PM
hctim added inline comments.Oct 27 2020, 2:38 PM
compiler-rt/lib/gwp_asan/guarded_pool_allocator.h
211

Prefer not to have #ifdefs in generic code.

Can you instead have:

>> here:
#include "gwp_asan/platform_specific/guarded_pool_allocator_tls.h"

>> gwp_asan/platform_specific/guarded_pool_allocator_tls.h:
struct ThreadLocalPackedVariables { ... }
#if defined(__Fuchsia__)
#include "gwp_asan/platform_specific/guarded_pool_allocator_tls_fuchsia.h"
#else if defined(__unix__)
#include "gwp_asan/platform_specific/guarded_pool_allocator_tls_posix.h"
#endif

>> gwp_asan/platform_specific/guarded_pool_allocator_tls_fuchsia.h
static ThreadLocalPackedVariables *getThreadLocals() {
  return reinterpret_cast<ThreadLocalPackedVariables *>(
        getPlatformGwpAsanTlsSlot());
}

>> gwp_asan/platform_specific/guarded_pool_allocator_tls_posix.h:
static ThreadLocalPackedVariables *getThreadLocals() {
    alignas(8) static GWP_ASAN_TLS_INITIAL_EXEC ThreadLocalPackedVariables Locals;
    return &Locals;
}

I think that if we could rely on LTO to inline things correctly then just the implementation would go in a platform-specific cpp file - but unfortunately we don't have that luxury everywhere, so it seems to me like the best solution to ensure inlining is platform-specific headers. In future, I'd like to give mutex.h the same treatment, as I'm really unhappy about the platform ifdefs there as well.

mcgrathr added inline comments.Oct 27 2020, 2:52 PM
compiler-rt/lib/gwp_asan/guarded_pool_allocator.h
211

I think that's fine, but the Fuchsia header would just be a trivial wrapper around yet another header, since the real implementation will not be in the gwp_asan source tree at all. So it would be most convenient if we could make it:

#ifdef GWP_ASAN_PLATFORM_TLS_HEADER
#include GWP_ASAN_PLATFORM_TLS_HEADER
#else
inline ThreadLocalPackedVariables *GuardedPoolAllocator::getThreadLocals() {
    alignas(8) static GWP_ASAN_TLS_INITIAL_EXEC ThreadLocalPackedVariables Locals;
    return &Locals;
}
#endif

Then the Fuchsia case can just provide the header directly instead of adding yet another layer.

hctim added inline comments.Oct 27 2020, 3:10 PM
compiler-rt/lib/gwp_asan/guarded_pool_allocator.h
211

This sounds reasonable to me.

cryptoad updated this revision to Diff 301297.Oct 28 2020, 8:31 AM

Address review comments.

This moves the thread local definitions and access wrapper in a
platform specific header, which should capture Mitch's and Roland's
suggestions.

Herald added a subscriber: mgorny. · View Herald TranscriptOct 28 2020, 8:31 AM
Harbormaster completed remote builds in B76735: Diff 301297.Oct 28 2020, 9:02 AM
hctim accepted this revision.Oct 28 2020, 10:23 AM

LGTM w/ nits.

compiler-rt/lib/gwp_asan/platform_specific/guarded_pool_allocator_tls.h
46

Any ideas why clang-tidy is reporting this?

compiler-rt/lib/gwp_asan/platform_specific/utilities_posix.cpp
27

using old clang-format instead of new?

compiler-rt/lib/gwp_asan/utilities.cpp
40

same thing - need new clang-format?

cryptoad added inline comments.Oct 28 2020, 10:51 AM
compiler-rt/lib/gwp_asan/platform_specific/guarded_pool_allocator_tls.h
46

Maybe because it doesn't have stdint.h in this file so it doesn't know it's constant.

compiler-rt/lib/gwp_asan/platform_specific/utilities_posix.cpp
27

Actually using the tot one :/
I think it's aligning this comment with the #endif one.

cryptoad updated this revision to Diff 301335.Oct 28 2020, 10:54 AM

Adding stdint.h to try and quell some clang-tidy warnings.

hctim accepted this revision.Oct 28 2020, 11:02 AM
Harbormaster completed remote builds in B76758: Diff 301335.Oct 28 2020, 11:46 AM
Closed by commit rG90678f65ae47: [GWP-ASan] Abstract the thread local variables access (authored by cryptoad). · Explain WhyOct 28 2020, 3:06 PM
This revision was automatically updated to reflect the committed changes.
cryptoad added a commit: rG90678f65ae47: [GWP-ASan] Abstract the thread local variables access.

Revision Contents

Diff 301452

compiler-rt/lib/gwp_asan/CMakeLists.txt

Show All 16 Lines
set(GWP_ASAN_HEADERS set(GWP_ASAN_HEADERS
common.h common.h
crash_handler.h crash_handler.h
definitions.h definitions.h
guarded_pool_allocator.h guarded_pool_allocator.h
mutex.h mutex.h
options.h options.h
options.inc options.inc
platform_specific/guarded_pool_allocator_tls.h
stack_trace_compressor.h stack_trace_compressor.h
utilities.h utilities.h
) )
# Ensure that GWP-ASan meets the delegated requirements of some supporting # Ensure that GWP-ASan meets the delegated requirements of some supporting
# allocators. Some supporting allocators (e.g. scudo standalone) cannot use any # allocators. Some supporting allocators (e.g. scudo standalone) cannot use any
# parts of the C++ standard library. # parts of the C++ standard library.
set(GWP_ASAN_CFLAGS ${SANITIZER_COMMON_CFLAGS} -fno-rtti -fno-exceptions set(GWP_ASAN_CFLAGS ${SANITIZER_COMMON_CFLAGS} -fno-rtti -fno-exceptions
▲ Show 20 LinesShow All 86 LinesShow Last 20 Lines

compiler-rt/lib/gwp_asan/guarded_pool_allocator.h

//===-- guarded_pool_allocator.h --------------------------------*- C++ -*-===// //===-- guarded_pool_allocator.h --------------------------------*- C++ -*-===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef GWP_ASAN_GUARDED_POOL_ALLOCATOR_H_ #ifndef GWP_ASAN_GUARDED_POOL_ALLOCATOR_H_
#define GWP_ASAN_GUARDED_POOL_ALLOCATOR_H_ #define GWP_ASAN_GUARDED_POOL_ALLOCATOR_H_
#include "gwp_asan/common.h" #include "gwp_asan/common.h"
#include "gwp_asan/definitions.h" #include "gwp_asan/definitions.h"
#include "gwp_asan/mutex.h" #include "gwp_asan/mutex.h"
#include "gwp_asan/options.h" #include "gwp_asan/options.h"
#include "gwp_asan/platform_specific/guarded_pool_allocator_tls.h"
#include "gwp_asan/stack_trace_compressor.h" #include "gwp_asan/stack_trace_compressor.h"
#include <stddef.h> #include <stddef.h>
#include <stdint.h> #include <stdint.h>
namespace gwp_asan { namespace gwp_asan {
// This class is the primary implementation of the allocator portion of GWP- // This class is the primary implementation of the allocator portion of GWP-
// ASan. It is the sole owner of the pool of sequentially allocated guarded // ASan. It is the sole owner of the pool of sequentially allocated guarded
▲ Show 20 LinesShow All 48 Lines▼ Show 20 Linespublic:
// Return whether the allocation should be randomly chosen for sampling. // Return whether the allocation should be randomly chosen for sampling.
GWP_ASAN_ALWAYS_INLINE bool shouldSample() { GWP_ASAN_ALWAYS_INLINE bool shouldSample() {
// NextSampleCounter == 0 means we "should regenerate the counter". // NextSampleCounter == 0 means we "should regenerate the counter".
// == 1 means we "should sample this allocation". // == 1 means we "should sample this allocation".
// AdjustedSampleRatePlusOne is designed to intentionally underflow. This // AdjustedSampleRatePlusOne is designed to intentionally underflow. This
// class must be valid when zero-initialised, and we wish to sample as // class must be valid when zero-initialised, and we wish to sample as
// infrequently as possible when this is the case, hence we underflow to // infrequently as possible when this is the case, hence we underflow to
// UINT32_MAX. // UINT32_MAX.
if (GWP_ASAN_UNLIKELY(ThreadLocals.NextSampleCounter == 0)) if (GWP_ASAN_UNLIKELY(getThreadLocals()->NextSampleCounter == 0))
ThreadLocals.NextSampleCounter = getThreadLocals()->NextSampleCounter =
((getRandomUnsigned32() % (AdjustedSampleRatePlusOne - 1)) + 1) & ((getRandomUnsigned32() % (AdjustedSampleRatePlusOne - 1)) + 1) &
ThreadLocalPackedVariables::NextSampleCounterMask; ThreadLocalPackedVariables::NextSampleCounterMask;
return GWP_ASAN_UNLIKELY(--ThreadLocals.NextSampleCounter == 0); return GWP_ASAN_UNLIKELY(--getThreadLocals()->NextSampleCounter == 0);
} }
// Returns whether the provided pointer is a current sampled allocation that // Returns whether the provided pointer is a current sampled allocation that
// is owned by this pool. // is owned by this pool.
GWP_ASAN_ALWAYS_INLINE bool pointerIsMine(const void *Ptr) const { GWP_ASAN_ALWAYS_INLINE bool pointerIsMine(const void *Ptr) const {
return State.pointerIsMine(Ptr); return State.pointerIsMine(Ptr);
} }
▲ Show 20 LinesShow All 107 Lines▼ Show 20 Linesprivate:
// The adjusted sample rate for allocation sampling. Default *must* be // The adjusted sample rate for allocation sampling. Default *must* be
// nonzero, as dynamic initialisation may call malloc (e.g. from libstdc++) // nonzero, as dynamic initialisation may call malloc (e.g. from libstdc++)
// before GPA::init() is called. This would cause an error in shouldSample(), // before GPA::init() is called. This would cause an error in shouldSample(),
// where we would calculate modulo zero. This value is set UINT32_MAX, as when // where we would calculate modulo zero. This value is set UINT32_MAX, as when
// GWP-ASan is disabled, we wish to never spend wasted cycles recalculating // GWP-ASan is disabled, we wish to never spend wasted cycles recalculating
// the sample rate. // the sample rate.
uint32_t AdjustedSampleRatePlusOne = 0; uint32_t AdjustedSampleRatePlusOne = 0;
// Pack the thread local variables into a struct to ensure that they're in
// the same cache line for performance reasons. These are the most touched
// variables in GWP-ASan.
struct alignas(8) ThreadLocalPackedVariables {
constexpr ThreadLocalPackedVariables()
: RandomState(0xff82eb50), NextSampleCounter(0), RecursiveGuard(false) {
}
// Initialised to a magic constant so that an uninitialised GWP-ASan won't
// regenerate its sample counter for as long as possible. The xorshift32()
// algorithm used below results in getRandomUnsigned32(0xff82eb50) ==
// 0xfffffea4.
uint32_t RandomState;
// Thread-local decrementing counter that indicates that a given allocation
// should be sampled when it reaches zero.
uint32_t NextSampleCounter : 31;
// The mask is needed to silence conversion errors.
static const uint32_t NextSampleCounterMask = (1U << 31) - 1;
// Guard against recursivity. Unwinders often contain complex behaviour that
// may not be safe for the allocator (i.e. the unwinder calls dlopen(),
// which calls malloc()). When recursive behaviour is detected, we will
// automatically fall back to the supporting allocator to supply the
// allocation.
bool RecursiveGuard : 1;
};
static_assert(sizeof(ThreadLocalPackedVariables) == sizeof(uint64_t),
"thread local data does not fit in a uint64_t");
class ScopedRecursiveGuard { class ScopedRecursiveGuard {
mcgrathrUnsubmitted
Not Done
ReplyInline Actions

Seems like this should be static since it can never return something that's actually specific to the instance.

mcgrathr: Seems like this should be static since it can never return something that's actually specific…
public: public:
hctimUnsubmitted
Not Done
ReplyInline Actions

Prefer not to have #ifdefs in generic code.

Can you instead have:

>> here:
#include "gwp_asan/platform_specific/guarded_pool_allocator_tls.h"

>> gwp_asan/platform_specific/guarded_pool_allocator_tls.h:
struct ThreadLocalPackedVariables { ... }
#if defined(__Fuchsia__)
#include "gwp_asan/platform_specific/guarded_pool_allocator_tls_fuchsia.h"
#else if defined(__unix__)
#include "gwp_asan/platform_specific/guarded_pool_allocator_tls_posix.h"
#endif

>> gwp_asan/platform_specific/guarded_pool_allocator_tls_fuchsia.h
static ThreadLocalPackedVariables *getThreadLocals() {
  return reinterpret_cast<ThreadLocalPackedVariables *>(
        getPlatformGwpAsanTlsSlot());
}

>> gwp_asan/platform_specific/guarded_pool_allocator_tls_posix.h:
static ThreadLocalPackedVariables *getThreadLocals() {
    alignas(8) static GWP_ASAN_TLS_INITIAL_EXEC ThreadLocalPackedVariables Locals;
    return &Locals;
}

I think that if we could rely on LTO to inline things correctly then just the implementation would go in a platform-specific cpp file - but unfortunately we don't have that luxury everywhere, so it seems to me like the best solution to ensure inlining is platform-specific headers. In future, I'd like to give mutex.h the same treatment, as I'm really unhappy about the platform ifdefs there as well.

hctim: Prefer not to have #ifdefs in generic code. Can you instead have: ``` >> here: #include…
mcgrathrUnsubmitted
Not Done
ReplyInline Actions

I think that's fine, but the Fuchsia header would just be a trivial wrapper around yet another header, since the real implementation will not be in the gwp_asan source tree at all. So it would be most convenient if we could make it:

#ifdef GWP_ASAN_PLATFORM_TLS_HEADER
#include GWP_ASAN_PLATFORM_TLS_HEADER
#else
inline ThreadLocalPackedVariables *GuardedPoolAllocator::getThreadLocals() {
    alignas(8) static GWP_ASAN_TLS_INITIAL_EXEC ThreadLocalPackedVariables Locals;
    return &Locals;
}
#endif

Then the Fuchsia case can just provide the header directly instead of adding yet another layer.

mcgrathr: I think that's fine, but the Fuchsia header would just be a trivial wrapper around yet another…
hctimUnsubmitted
Not Done
ReplyInline Actions

This sounds reasonable to me.

hctim: This sounds reasonable to me.
ScopedRecursiveGuard() { ThreadLocals.RecursiveGuard = true; } ScopedRecursiveGuard() { getThreadLocals()->RecursiveGuard = true; }
~ScopedRecursiveGuard() { ThreadLocals.RecursiveGuard = false; } ~ScopedRecursiveGuard() { getThreadLocals()->RecursiveGuard = false; }
}; };
// Initialise the PRNG, platform-specific. // Initialise the PRNG, platform-specific.
void initPRNG(); void initPRNG();
// xorshift (32-bit output), extremely fast PRNG that uses arithmetic // xorshift (32-bit output), extremely fast PRNG that uses arithmetic
// operations only. Seeded using platform-specific mechanisms by initPRNG(). // operations only. Seeded using platform-specific mechanisms by initPRNG().
uint32_t getRandomUnsigned32(); uint32_t getRandomUnsigned32();
static GWP_ASAN_TLS_INITIAL_EXEC ThreadLocalPackedVariables ThreadLocals;
}; };
} // namespace gwp_asan } // namespace gwp_asan
#endif // GWP_ASAN_GUARDED_POOL_ALLOCATOR_H_ #endif // GWP_ASAN_GUARDED_POOL_ALLOCATOR_H_

compiler-rt/lib/gwp_asan/guarded_pool_allocator.cpp

Show All 31 Lines
namespace gwp_asan { namespace gwp_asan {
namespace { namespace {
// Forward declare the pointer to the singleton version of this class. // Forward declare the pointer to the singleton version of this class.
// Instantiated during initialisation, this allows the signal handler // Instantiated during initialisation, this allows the signal handler
// to find this class in order to deduce the root cause of failures. Must not be // to find this class in order to deduce the root cause of failures. Must not be
// referenced by users outside this translation unit, in order to avoid // referenced by users outside this translation unit, in order to avoid
// init-order-fiasco. // init-order-fiasco.
GuardedPoolAllocator *SingletonPtr = nullptr; GuardedPoolAllocator *SingletonPtr = nullptr;
size_t roundUpTo(size_t Size, size_t Boundary) {
return (Size + Boundary - 1) & ~(Boundary - 1);
}
uintptr_t getPageAddr(uintptr_t Ptr, uintptr_t PageSize) {
return Ptr & ~(PageSize - 1);
}
} // anonymous namespace } // anonymous namespace
// Gets the singleton implementation of this class. Thread-compatible until // Gets the singleton implementation of this class. Thread-compatible until
// init() is called, thread-safe afterwards. // init() is called, thread-safe afterwards.
GuardedPoolAllocator *GuardedPoolAllocator::getSingleton() { GuardedPoolAllocator *GuardedPoolAllocator::getSingleton() {
return SingletonPtr; return SingletonPtr;
} }
static size_t roundUpTo(size_t Size, size_t Boundary) {
return (Size + Boundary - 1) & ~(Boundary - 1);
}
void GuardedPoolAllocator::init(const options::Options &Opts) { void GuardedPoolAllocator::init(const options::Options &Opts) {
// Note: We return from the constructor here if GWP-ASan is not available. // Note: We return from the constructor here if GWP-ASan is not available.
// This will stop heap-allocation of class members, as well as mmap() of the // This will stop heap-allocation of class members, as well as mmap() of the
// guarded slots. // guarded slots.
if (!Opts.Enabled || Opts.SampleRate == 0 || if (!Opts.Enabled || Opts.SampleRate == 0 ||
Opts.MaxSimultaneousAllocations == 0) Opts.MaxSimultaneousAllocations == 0)
return; return;
Show All 34 Linesvoid GuardedPoolAllocator::init(const options::Options &Opts) {
// Multiply the sample rate by 2 to give a good, fast approximation for (1 / // Multiply the sample rate by 2 to give a good, fast approximation for (1 /
// SampleRate) chance of sampling. // SampleRate) chance of sampling.
if (Opts.SampleRate != 1) if (Opts.SampleRate != 1)
AdjustedSampleRatePlusOne = static_cast<uint32_t>(Opts.SampleRate) * 2 + 1; AdjustedSampleRatePlusOne = static_cast<uint32_t>(Opts.SampleRate) * 2 + 1;
else else
AdjustedSampleRatePlusOne = 2; AdjustedSampleRatePlusOne = 2;
initPRNG(); initPRNG();
ThreadLocals.NextSampleCounter = getThreadLocals()->NextSampleCounter =
((getRandomUnsigned32() % (AdjustedSampleRatePlusOne - 1)) + 1) & ((getRandomUnsigned32() % (AdjustedSampleRatePlusOne - 1)) + 1) &
ThreadLocalPackedVariables::NextSampleCounterMask; ThreadLocalPackedVariables::NextSampleCounterMask;
State.GuardedPagePool = reinterpret_cast<uintptr_t>(GuardedPoolMemory); State.GuardedPagePool = reinterpret_cast<uintptr_t>(GuardedPoolMemory);
State.GuardedPagePoolEnd = State.GuardedPagePoolEnd =
reinterpret_cast<uintptr_t>(GuardedPoolMemory) + PoolBytesRequired; reinterpret_cast<uintptr_t>(GuardedPoolMemory) + PoolBytesRequired;
if (Opts.InstallForkHandlers) if (Opts.InstallForkHandlers)
Show All 30 Linesvoid GuardedPoolAllocator::uninitTestOnly() {
if (FreeSlots) { if (FreeSlots) {
unmap(FreeSlots, unmap(FreeSlots,
roundUpTo(State.MaxSimultaneousAllocations * sizeof(*FreeSlots), roundUpTo(State.MaxSimultaneousAllocations * sizeof(*FreeSlots),
State.PageSize)); State.PageSize));
FreeSlots = nullptr; FreeSlots = nullptr;
} }
} }
static uintptr_t getPageAddr(uintptr_t Ptr, uintptr_t PageSize) {
return Ptr & ~(PageSize - 1);
}
void *GuardedPoolAllocator::allocate(size_t Size) { void *GuardedPoolAllocator::allocate(size_t Size) {
// GuardedPagePoolEnd == 0 when GWP-ASan is disabled. If we are disabled, fall // GuardedPagePoolEnd == 0 when GWP-ASan is disabled. If we are disabled, fall
// back to the supporting allocator. // back to the supporting allocator.
if (State.GuardedPagePoolEnd == 0) { if (State.GuardedPagePoolEnd == 0) {
ThreadLocals.NextSampleCounter = getThreadLocals()->NextSampleCounter =
(AdjustedSampleRatePlusOne - 1) & (AdjustedSampleRatePlusOne - 1) &
ThreadLocalPackedVariables::NextSampleCounterMask; ThreadLocalPackedVariables::NextSampleCounterMask;
return nullptr; return nullptr;
} }
// Protect against recursivity. // Protect against recursivity.
if (ThreadLocals.RecursiveGuard) if (getThreadLocals()->RecursiveGuard)
return nullptr; return nullptr;
ScopedRecursiveGuard SRG; ScopedRecursiveGuard SRG;
if (Size == 0 || Size > State.maximumAllocationSize()) if (Size == 0 || Size > State.maximumAllocationSize())
return nullptr; return nullptr;
size_t Index; size_t Index;
{ {
Show All 34 Linesvoid GuardedPoolAllocator::trapOnAddress(uintptr_t Address, Error E) {
// Raise a SEGV by touching first guard page. // Raise a SEGV by touching first guard page.
volatile char *p = reinterpret_cast<char *>(State.GuardedPagePool); volatile char *p = reinterpret_cast<char *>(State.GuardedPagePool);
*p = 0; *p = 0;
__builtin_unreachable(); __builtin_unreachable();
} }
void GuardedPoolAllocator::stop() { void GuardedPoolAllocator::stop() {
ThreadLocals.RecursiveGuard = true; getThreadLocals()->RecursiveGuard = true;
PoolMutex.tryLock(); PoolMutex.tryLock();
} }
void GuardedPoolAllocator::deallocate(void *Ptr) { void GuardedPoolAllocator::deallocate(void *Ptr) {
assert(pointerIsMine(Ptr) && "Pointer is not mine!"); assert(pointerIsMine(Ptr) && "Pointer is not mine!");
uintptr_t UPtr = reinterpret_cast<uintptr_t>(Ptr); uintptr_t UPtr = reinterpret_cast<uintptr_t>(Ptr);
size_t Slot = State.getNearestSlot(UPtr); size_t Slot = State.getNearestSlot(UPtr);
uintptr_t SlotStart = State.slotToAddr(Slot); uintptr_t SlotStart = State.slotToAddr(Slot);
Show All 14 Lines // pool during the expensive markInaccessible() call.
// Ensure that the deallocation is recorded before marking the page as // Ensure that the deallocation is recorded before marking the page as
// inaccessible. Otherwise, a racy use-after-free will have inconsistent // inaccessible. Otherwise, a racy use-after-free will have inconsistent
// metadata. // metadata.
Meta->RecordDeallocation(); Meta->RecordDeallocation();
// Ensure that the unwinder is not called if the recursive flag is set, // Ensure that the unwinder is not called if the recursive flag is set,
// otherwise non-reentrant unwinders may deadlock. // otherwise non-reentrant unwinders may deadlock.
if (!ThreadLocals.RecursiveGuard) { if (!getThreadLocals()->RecursiveGuard) {
ScopedRecursiveGuard SRG; ScopedRecursiveGuard SRG;
Meta->DeallocationTrace.RecordBacktrace(Backtrace); Meta->DeallocationTrace.RecordBacktrace(Backtrace);
} }
} }
deallocateInGuardedPool(reinterpret_cast<void *>(SlotStart), deallocateInGuardedPool(reinterpret_cast<void *>(SlotStart),
State.maximumAllocationSize()); State.maximumAllocationSize());
Show All 30 Lines
} }
void GuardedPoolAllocator::freeSlot(size_t SlotIndex) { void GuardedPoolAllocator::freeSlot(size_t SlotIndex) {
assert(FreeSlotsLength < State.MaxSimultaneousAllocations); assert(FreeSlotsLength < State.MaxSimultaneousAllocations);
FreeSlots[FreeSlotsLength++] = SlotIndex; FreeSlots[FreeSlotsLength++] = SlotIndex;
} }
uint32_t GuardedPoolAllocator::getRandomUnsigned32() { uint32_t GuardedPoolAllocator::getRandomUnsigned32() {
uint32_t RandomState = ThreadLocals.RandomState; uint32_t RandomState = getThreadLocals()->RandomState;
RandomState ^= RandomState << 13; RandomState ^= RandomState << 13;
RandomState ^= RandomState >> 17; RandomState ^= RandomState >> 17;
RandomState ^= RandomState << 5; RandomState ^= RandomState << 5;
ThreadLocals.RandomState = RandomState; getThreadLocals()->RandomState = RandomState;
return RandomState; return RandomState;
} }
GWP_ASAN_TLS_INITIAL_EXEC
GuardedPoolAllocator::ThreadLocalPackedVariables
GuardedPoolAllocator::ThreadLocals;
} // namespace gwp_asan } // namespace gwp_asan

compiler-rt/lib/gwp_asan/platform_specific/guarded_pool_allocator_posix.cpp

Show All 32 Lines#endif // ANDROID
// Anonymous mapping names are only supported on Android. // Anonymous mapping names are only supported on Android.
return; return;
} }
} // anonymous namespace } // anonymous namespace
namespace gwp_asan { namespace gwp_asan {
void GuardedPoolAllocator::initPRNG() { void GuardedPoolAllocator::initPRNG() {
ThreadLocals.RandomState = getThreadLocals()->RandomState =
static_cast<uint32_t>(time(nullptr) + getThreadID()); static_cast<uint32_t>(time(nullptr) + getThreadID());
} }
void *GuardedPoolAllocator::map(size_t Size, const char *Name) const { void *GuardedPoolAllocator::map(size_t Size, const char *Name) const {
assert((Size % State.PageSize) == 0); assert((Size % State.PageSize) == 0);
void *Ptr = mmap(nullptr, Size, PROT_READ | PROT_WRITE, void *Ptr = mmap(nullptr, Size, PROT_READ | PROT_WRITE,
MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
Check(Ptr != MAP_FAILED, "Failed to map guarded pool allocator memory"); Check(Ptr != MAP_FAILED, "Failed to map guarded pool allocator memory");
▲ Show 20 LinesShow All 62 LinesShow Last 20 Lines

compiler-rt/lib/gwp_asan/platform_specific/guarded_pool_allocator_tls.h

  • This file was added.
//===-- guarded_pool_allocator_tls.h ----------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#ifndef GWP_ASAN_GUARDED_POOL_ALLOCATOR_TLS_H_
#define GWP_ASAN_GUARDED_POOL_ALLOCATOR_TLS_H_
#include "gwp_asan/definitions.h"
#include <stdint.h>
namespace gwp_asan {
// Pack the thread local variables into a struct to ensure that they're in
// the same cache line for performance reasons. These are the most touched
// variables in GWP-ASan.
struct ThreadLocalPackedVariables {
constexpr ThreadLocalPackedVariables()
: RandomState(0xacd979ce), NextSampleCounter(0), RecursiveGuard(false) {}
// Initialised to a magic constant so that an uninitialised GWP-ASan won't
// regenerate its sample counter for as long as possible. The xorshift32()
// algorithm used below results in getRandomUnsigned32(0xacd979ce) ==
// 0xfffffffe.
uint32_t RandomState;
// Thread-local decrementing counter that indicates that a given allocation
// should be sampled when it reaches zero.
uint32_t NextSampleCounter : 31;
// The mask is needed to silence conversion errors.
static const uint32_t NextSampleCounterMask = (1U << 31) - 1;
// Guard against recursivity. Unwinders often contain complex behaviour that
// may not be safe for the allocator (i.e. the unwinder calls dlopen(),
// which calls malloc()). When recursive behaviour is detected, we will
// automatically fall back to the supporting allocator to supply the
// allocation.
bool RecursiveGuard : 1;
};
static_assert(sizeof(ThreadLocalPackedVariables) == sizeof(uint64_t),
"thread local data does not fit in a uint64_t");
#ifdef GWP_ASAN_PLATFORM_TLS_HEADER
#include GWP_ASAN_PLATFORM_TLS_HEADER
#else
inline ThreadLocalPackedVariables *getThreadLocals() {
hctimUnsubmitted
Not Done
ReplyInline Actions

Any ideas why clang-tidy is reporting this?

hctim: Any ideas why clang-tidy is reporting this?
cryptoadAuthorUnsubmitted
Not Done
ReplyInline Actions

Maybe because it doesn't have stdint.h in this file so it doesn't know it's constant.

cryptoad: Maybe because it doesn't have stdint.h in this file so it doesn't know it's constant.
alignas(8) static GWP_ASAN_TLS_INITIAL_EXEC ThreadLocalPackedVariables Locals;
return &Locals;
}
#endif
} // namespace gwp_asan
#endif // GWP_ASAN_GUARDED_POOL_ALLOCATOR_TLS_H_

compiler-rt/lib/gwp_asan/platform_specific/utilities_posix.cpp

Show All 18 Lines
#endif #endif
namespace gwp_asan { namespace gwp_asan {
void die(const char *Message) { void die(const char *Message) {
#ifdef __BIONIC__ #ifdef __BIONIC__
if (&android_set_abort_message != nullptr) if (&android_set_abort_message != nullptr)
android_set_abort_message(Message); android_set_abort_message(Message);
abort(); abort();
#else // __BIONIC__ #else // __BIONIC__
hctimUnsubmitted
Not Done
ReplyInline Actions

using old clang-format instead of new?

hctim: using old clang-format instead of new?
cryptoadAuthorUnsubmitted
Not Done
ReplyInline Actions

Actually using the tot one :/
I think it's aligning this comment with the #endif one.

cryptoad: Actually using the tot one :/ I think it's aligning this comment with the #endif one.
fprintf(stderr, "%s", Message); fprintf(stderr, "%s", Message);
__builtin_trap(); __builtin_trap();
#endif // __BIONIC__ #endif // __BIONIC__
} }
} // namespace gwp_asan } // namespace gwp_asan

compiler-rt/lib/gwp_asan/utilities.cpp

Show All 31 Linesstatic size_t alignPowerOfTwo(size_t RealAllocationSize) {
if (RealAllocationSize % 16 == 0) if (RealAllocationSize % 16 == 0)
return RealAllocationSize; return RealAllocationSize;
return RealAllocationSize + 16 - (RealAllocationSize % 16); return RealAllocationSize + 16 - (RealAllocationSize % 16);
} }
#ifdef __BIONIC__ #ifdef __BIONIC__
static constexpr AlignmentStrategy PlatformDefaultAlignment = static constexpr AlignmentStrategy PlatformDefaultAlignment =
AlignmentStrategy::BIONIC; AlignmentStrategy::BIONIC;
#else // __BIONIC__ #else // __BIONIC__
hctimUnsubmitted
Not Done
ReplyInline Actions

same thing - need new clang-format?

hctim: same thing - need new clang-format?
static constexpr AlignmentStrategy PlatformDefaultAlignment = static constexpr AlignmentStrategy PlatformDefaultAlignment =
AlignmentStrategy::POWER_OF_TWO; AlignmentStrategy::POWER_OF_TWO;
#endif // __BIONIC__ #endif // __BIONIC__
size_t rightAlignedAllocationSize(size_t RealAllocationSize, size_t rightAlignedAllocationSize(size_t RealAllocationSize,
AlignmentStrategy Align) { AlignmentStrategy Align) {
assert(RealAllocationSize > 0); assert(RealAllocationSize > 0);
if (Align == AlignmentStrategy::DEFAULT) if (Align == AlignmentStrategy::DEFAULT)
Show All 15 Lines