Page MenuHomePhabricator

[sanitizer] Implement MapDynamicShadowAndAliases.
ClosedPublic

Authored by morehouse on Mar 10 2021, 1:13 PM.

Details

Summary

The function works like MapDynamicShadow, except that it creates aliased
memory to the right of the shadow. The main use case is for HWASan
aliasing mode, which gets fast IsAlias() checks by exploiting the fact
that the upper bits of the shadow base and aliased memory match.

Diff Detail

Event Timeline

morehouse requested review of this revision.Mar 10 2021, 1:13 PM
morehouse created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptMar 10 2021, 1:13 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
eugenis added inline comments.Mar 10 2021, 1:52 PM
compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp
927

This should be internal_mremap, in case mremap in libc is instrumented.

morehouse updated this revision to Diff 329779.Mar 10 2021, 2:38 PM
morehouse marked an inline comment as done.
  • Use internal_mremap.
eugenis accepted this revision.Mar 10 2021, 3:05 PM

LGTM

compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp
188

I do not think this check is necessary. You can simply pass all the argument to the kernel.

This revision is now accepted and ready to land.Mar 10 2021, 3:05 PM
vitalybuka accepted this revision.Mar 10 2021, 10:19 PM
vitalybuka added inline comments.
compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp
962

Maybe :)

morehouse updated this revision to Diff 329986.Mar 11 2021, 9:15 AM
morehouse marked 2 inline comments as done.
  • Simplify and improve readability.
compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp
962

I think it is less readable, though doing ~0 is also not super clear. I've changed it to cast -1 to uptr, since this is what mmap(2) says MAP_FAILED is.

This revision was automatically updated to reflect the committed changes.
ro added a subscriber: ro.Mar 24 2021, 5:21 AM

This patch broke the Solaris buildbots (Solaris/sparcv9 and Solaris/amd64:

FAILED: projects/compiler-rt/lib/sanitizer_common/CMakeFiles/RTSanitizerCommonLibc.i386.dir/sanitizer_linux_libcdep.cpp.o
[...]
/vol/llvm/src/llvm-project/dist/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp: In function ‘__sanitizer::uptr __sanitizer::MremapCreateAlias(__sanitizer::uptr, __sanitizer::uptr, __sanitizer::uptr)’:
/vol/llvm/src/llvm-project/dist/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp:928:26: error: ‘MREMAP_MAYMOVE’ was not declared in this scope
  928 |                          MREMAP_MAYMOVE | MREMAP_FIXED,
      |                          ^~~~~~~~~~~~~~
/vol/llvm/src/llvm-project/dist/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp:928:43: error: ‘MREMAP_FIXED’ was not declared in this scope; did you mean ‘MAP_FIXED’?
  928 |                          MREMAP_MAYMOVE | MREMAP_FIXED,
      |                                           ^~~~~~~~~~~~
      |                                           MAP_FIXED

Despite its name, sanitizer_linux_libcdep.cpp is shared between FreeBSD, Linux, NetBSD, and Solaris, while according to the Linux manpage, mremap is Linux-only.

In D98369#2647334, @ro wrote:

This patch broke the Solaris buildbots (Solaris/sparcv9 and Solaris/amd64:

FAILED: projects/compiler-rt/lib/sanitizer_common/CMakeFiles/RTSanitizerCommonLibc.i386.dir/sanitizer_linux_libcdep.cpp.o
[...]
/vol/llvm/src/llvm-project/dist/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp: In function ‘__sanitizer::uptr __sanitizer::MremapCreateAlias(__sanitizer::uptr, __sanitizer::uptr, __sanitizer::uptr)’:
/vol/llvm/src/llvm-project/dist/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp:928:26: error: ‘MREMAP_MAYMOVE’ was not declared in this scope
  928 |                          MREMAP_MAYMOVE | MREMAP_FIXED,
      |                          ^~~~~~~~~~~~~~
/vol/llvm/src/llvm-project/dist/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp:928:43: error: ‘MREMAP_FIXED’ was not declared in this scope; did you mean ‘MAP_FIXED’?
  928 |                          MREMAP_MAYMOVE | MREMAP_FIXED,
      |                                           ^~~~~~~~~~~~
      |                                           MAP_FIXED

Despite its name, sanitizer_linux_libcdep.cpp is shared between FreeBSD, Linux, NetBSD, and Solaris, while according to the Linux manpage, mremap is Linux-only.

That's confusing... I've submitted https://github.com/llvm/llvm-project/commit/643d87ebab7882442400fbb983f2b6a268012b50 to fix the build.

ro added a comment.Mar 25 2021, 2:44 AM

Indeed. However, the misleading filenames are just the tip of the iceberg. Hardcoding every feature check with platform macros instead of feature tests (preferably detected at build time) feels so 90ies...

Once I'd pulled in an unrelated fix for another unrelated build-breaking bug, the bots are back to normal. Thanks!