This is an archive of the discontinued LLVM Phabricator instance.

Differential D98369

[sanitizer] Implement MapDynamicShadowAndAliases.
ClosedPublic

Authored by morehouse on Mar 10 2021, 1:13 PM.

Details

Reviewers
vitalybuka
eugenis
Commits
rGf85002d22c6b: [sanitizer] Implement MapDynamicShadowAndAliases.
Summary

The function works like MapDynamicShadow, except that it creates aliased
memory to the right of the shadow. The main use case is for HWASan
aliasing mode, which gets fast IsAlias() checks by exploiting the fact
that the upper bits of the shadow base and aliased memory match.

Diff Detail

Unit TestsFailed

TimeTest
100 msx64 debian > LLVM.tools/UpdateTestChecks/update_llc_test_checks::aarch64-function-name.test
100 msx64 debian > LLVM.tools/UpdateTestChecks/update_llc_test_checks::aarch64_generated_funcs.test
100 msx64 debian > LLVM.tools/UpdateTestChecks/update_llc_test_checks::amdgpu-function-name.test
110 msx64 debian > LLVM.tools/UpdateTestChecks/update_llc_test_checks::amdgpu_generated_funcs.test
100 msx64 debian > LLVM.tools/UpdateTestChecks/update_llc_test_checks::arm-function-name.test
View Full Test Results (30 Failed)

Event Timeline

morehouse requested review of this revision.Mar 10 2021, 1:13 PM
morehouse created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptMar 10 2021, 1:13 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
morehouse added a parent revision: D98293: [sanitizer] Support dynamic premapped R/W range in primary allocator..Mar 10 2021, 1:19 PM
eugenis added inline comments.Mar 10 2021, 1:52 PM
compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp
923

This should be internal_mremap, in case mremap in libc is instrumented.

morehouse updated this revision to Diff 329779.Mar 10 2021, 2:38 PM
morehouse marked an inline comment as done.
  • Use internal_mremap.
eugenis accepted this revision.Mar 10 2021, 3:05 PM

LGTM

compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp
188 ↗(On Diff #329779)

I do not think this check is necessary. You can simply pass all the argument to the kernel.

This revision is now accepted and ready to land.Mar 10 2021, 3:05 PM
morehouse added a child revision: D98373: [HWASan] Refactor in preparation for x86 aliasing mode. NFC.Mar 10 2021, 3:57 PM
vitalybuka accepted this revision.Mar 10 2021, 10:19 PM
vitalybuka added inline comments.
compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp
958

Maybe :)

Harbormaster completed remote builds in B93158: Diff 329758.Mar 11 2021, 12:44 AM
Harbormaster completed remote builds in B93172: Diff 329779.Mar 11 2021, 1:54 AM
morehouse updated this revision to Diff 329986.Mar 11 2021, 9:15 AM
morehouse marked 2 inline comments as done.
  • Simplify and improve readability.
compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp
958

I think it is less readable, though doing ~0 is also not super clear. I've changed it to cast -1 to uptr, since this is what mmap(2) says MAP_FAILED is.

Harbormaster completed remote builds in B93323: Diff 329986.Mar 11 2021, 3:22 PM
Closed by commit rGf85002d22c6b: [sanitizer] Implement MapDynamicShadowAndAliases. (authored by morehouse). · Explain WhyMar 23 2021, 11:52 AM
This revision was automatically updated to reflect the committed changes.
morehouse added a commit: rGf85002d22c6b: [sanitizer] Implement MapDynamicShadowAndAliases..
ro added a subscriber: ro.Mar 24 2021, 5:21 AM

This patch broke the Solaris buildbots (Solaris/sparcv9 and Solaris/amd64:

FAILED: projects/compiler-rt/lib/sanitizer_common/CMakeFiles/RTSanitizerCommonLibc.i386.dir/sanitizer_linux_libcdep.cpp.o
[...]
/vol/llvm/src/llvm-project/dist/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp: In function ‘__sanitizer::uptr __sanitizer::MremapCreateAlias(__sanitizer::uptr, __sanitizer::uptr, __sanitizer::uptr)’:
/vol/llvm/src/llvm-project/dist/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp:928:26: error: ‘MREMAP_MAYMOVE’ was not declared in this scope
  928 |                          MREMAP_MAYMOVE | MREMAP_FIXED,
      |                          ^~~~~~~~~~~~~~
/vol/llvm/src/llvm-project/dist/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp:928:43: error: ‘MREMAP_FIXED’ was not declared in this scope; did you mean ‘MAP_FIXED’?
  928 |                          MREMAP_MAYMOVE | MREMAP_FIXED,
      |                                           ^~~~~~~~~~~~
      |                                           MAP_FIXED

Despite its name, sanitizer_linux_libcdep.cpp is shared between FreeBSD, Linux, NetBSD, and Solaris, while according to the Linux manpage, mremap is Linux-only.

morehouse added a comment.Mar 24 2021, 8:46 AM
In D98369#2647334, @ro wrote:

This patch broke the Solaris buildbots (Solaris/sparcv9 and Solaris/amd64:

FAILED: projects/compiler-rt/lib/sanitizer_common/CMakeFiles/RTSanitizerCommonLibc.i386.dir/sanitizer_linux_libcdep.cpp.o
[...]
/vol/llvm/src/llvm-project/dist/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp: In function ‘__sanitizer::uptr __sanitizer::MremapCreateAlias(__sanitizer::uptr, __sanitizer::uptr, __sanitizer::uptr)’:
/vol/llvm/src/llvm-project/dist/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp:928:26: error: ‘MREMAP_MAYMOVE’ was not declared in this scope
  928 |                          MREMAP_MAYMOVE | MREMAP_FIXED,
      |                          ^~~~~~~~~~~~~~
/vol/llvm/src/llvm-project/dist/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp:928:43: error: ‘MREMAP_FIXED’ was not declared in this scope; did you mean ‘MAP_FIXED’?
  928 |                          MREMAP_MAYMOVE | MREMAP_FIXED,
      |                                           ^~~~~~~~~~~~
      |                                           MAP_FIXED

Despite its name, sanitizer_linux_libcdep.cpp is shared between FreeBSD, Linux, NetBSD, and Solaris, while according to the Linux manpage, mremap is Linux-only.

That's confusing... I've submitted https://github.com/llvm/llvm-project/commit/643d87ebab7882442400fbb983f2b6a268012b50 to fix the build.

ro added a comment.Mar 25 2021, 2:44 AM

Indeed. However, the misleading filenames are just the tip of the iceberg. Hardcoding every feature check with platform macros instead of feature tests (preferably detected at build time) feels so 90ies...

Once I'd pulled in an unrelated fix for another unrelated build-breaking bug, the bots are back to normal. Thanks!

Revision Contents

PathSize
compiler-rt/
lib/
sanitizer_common/
9 lines
55 lines
6 lines
6 lines

Diff 329758

compiler-rt/lib/sanitizer_common/sanitizer_common.h

Show First 20 LinesShow All 129 Lines▼ Show 20 Lines
// be aligned to the mmap granularity * 2^shadow_scale, or to // be aligned to the mmap granularity * 2^shadow_scale, or to
// 2^min_shadow_base_alignment if that is larger. The returned address will // 2^min_shadow_base_alignment if that is larger. The returned address will
// have max(2^min_shadow_base_alignment, mmap granularity) on the left, and // have max(2^min_shadow_base_alignment, mmap granularity) on the left, and
// shadow_size_bytes bytes on the right, which on linux is mapped no access. // shadow_size_bytes bytes on the right, which on linux is mapped no access.
// The high_mem_end may be updated if the original shadow size doesn't fit. // The high_mem_end may be updated if the original shadow size doesn't fit.
uptr MapDynamicShadow(uptr shadow_size_bytes, uptr shadow_scale, uptr MapDynamicShadow(uptr shadow_size_bytes, uptr shadow_scale,
uptr min_shadow_base_alignment, uptr &high_mem_end); uptr min_shadow_base_alignment, uptr &high_mem_end);
// Let S = max(shadow_size, num_aliases * alias_size, ring_buffer_size).
// Reserves 2*S bytes of address space to the right of the returned address and
// ring_buffer_size bytes to the left. The returned address is aligned to 2*S.
// Also creates num_aliases regions of accessible memory starting at offset S
// from the returned address. Each region has size alias_size and is backed by
// the same physical memory.
uptr MapDynamicShadowAndAliases(uptr shadow_size, uptr alias_size,
uptr num_aliases, uptr ring_buffer_size);
// Reserve memory range [beg, end]. If madvise_shadow is true then apply // Reserve memory range [beg, end]. If madvise_shadow is true then apply
// madvise (e.g. hugepages, core dumping) requested by options. // madvise (e.g. hugepages, core dumping) requested by options.
void ReserveShadowMemoryRange(uptr beg, uptr end, const char *name, void ReserveShadowMemoryRange(uptr beg, uptr end, const char *name,
bool madvise_shadow = true); bool madvise_shadow = true);
// Protect size bytes of memory starting at addr. Also try to protect // Protect size bytes of memory starting at addr. Also try to protect
// several pages at the start of the address space as specified by // several pages at the start of the address space as specified by
// zero_base_shadow_start, at most up to the size or zero_base_max_shadow_start. // zero_base_shadow_start, at most up to the size or zero_base_max_shadow_start.
▲ Show 20 LinesShow All 911 LinesShow Last 20 Lines

compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp

Show All 30 Lines
#if SANITIZER_NETBSD #if SANITIZER_NETBSD
#define _RTLD_SOURCE // for __lwp_gettcb_fast() / __lwp_getprivate_fast() #define _RTLD_SOURCE // for __lwp_gettcb_fast() / __lwp_getprivate_fast()
#endif #endif
#include <dlfcn.h> // for dlsym() #include <dlfcn.h> // for dlsym()
#include <link.h> #include <link.h>
#include <pthread.h> #include <pthread.h>
#include <signal.h> #include <signal.h>
#include <sys/mman.h>
#include <sys/resource.h> #include <sys/resource.h>
#include <syslog.h> #include <syslog.h>
#if !defined(ElfW) #if !defined(ElfW)
#define ElfW(type) Elf_##type #define ElfW(type) Elf_##type
#endif #endif
#if SANITIZER_FREEBSD #if SANITIZER_FREEBSD
▲ Show 20 LinesShow All 859 Lines▼ Show 20 Linesuptr MapDynamicShadow(uptr shadow_size_bytes, uptr shadow_scale,
const uptr shadow_start = RoundUpTo(map_start + left_padding, alignment); const uptr shadow_start = RoundUpTo(map_start + left_padding, alignment);
UnmapFromTo(map_start, shadow_start - left_padding); UnmapFromTo(map_start, shadow_start - left_padding);
UnmapFromTo(shadow_start + shadow_size, map_start + map_size); UnmapFromTo(shadow_start + shadow_size, map_start + map_size);
return shadow_start; return shadow_start;
} }
static uptr MmapSharedNoReserve(uptr addr, uptr size) {
return internal_mmap(
reinterpret_cast<void *>(addr), size, PROT_READ | PROT_WRITE,
MAP_FIXED | MAP_SHARED | MAP_ANONYMOUS | MAP_NORESERVE, -1, 0);
}
static uptr MremapCreateAlias(uptr base_addr, uptr alias_addr,
uptr alias_size) {
return reinterpret_cast<uptr>(mremap(
eugenisUnsubmitted
Done
ReplyInline Actions

This should be internal_mremap, in case mremap in libc is instrumented.

eugenis: This should be internal_mremap, in case mremap in libc is instrumented.
reinterpret_cast<void *>(base_addr), 0, alias_size,
MREMAP_MAYMOVE | MREMAP_FIXED, reinterpret_cast<void *>(alias_addr)));
}
static void CreateAliases(uptr start_addr, uptr alias_size, uptr num_aliases) {
uptr total_size = alias_size * num_aliases;
uptr mapped = MmapSharedNoReserve(start_addr, total_size);
CHECK_EQ(mapped, start_addr);
for (uptr i = 1; i < num_aliases; ++i) {
uptr alias_addr = start_addr + i * alias_size;
CHECK_EQ(MremapCreateAlias(start_addr, alias_addr, alias_size), alias_addr);
}
}
uptr MapDynamicShadowAndAliases(uptr shadow_size, uptr alias_size,
uptr num_aliases, uptr ring_buffer_size) {
CHECK_EQ(alias_size & (alias_size - 1), 0);
CHECK_EQ(num_aliases & (num_aliases - 1), 0);
CHECK_EQ(ring_buffer_size & (ring_buffer_size - 1), 0);
const uptr granularity = GetMmapGranularity();
shadow_size = RoundUpTo(shadow_size, granularity);
CHECK_EQ(shadow_size & (shadow_size - 1), 0);
const uptr alias_region_size = alias_size * num_aliases;
const uptr alignment =
2 * Max(Max(shadow_size, alias_region_size), ring_buffer_size);
const uptr left_padding = ring_buffer_size;
const uptr right_size = alignment;
const uptr map_size = left_padding + 2 * alignment;
const uptr map_start = reinterpret_cast<uptr>(MmapNoAccess(map_size));
CHECK_NE(map_start, ~static_cast<uptr>(0));
vitalybukaUnsubmitted
Done
ReplyInline Actions
const uptr map_start = reinterpret_cast<uptr>(MmapNoAccess(map_size));
- CHECK_NE(map_start, ~static_cast<uptr>(0));
+ CHECK_NE(map_start+1, 0);
const uptr right_start = RoundUpTo(map_start + left_padding, alignment);

Maybe :)

vitalybuka: Maybe :)
morehouseAuthorUnsubmitted
Done
ReplyInline Actions

I think it is less readable, though doing ~0 is also not super clear. I've changed it to cast -1 to uptr, since this is what mmap(2) says MAP_FAILED is.

morehouse: I think it is less readable, though doing ~0 is also not super clear. I've changed it to cast…
const uptr right_start = RoundUpTo(map_start + left_padding, alignment);
UnmapFromTo(map_start, right_start - left_padding);
UnmapFromTo(right_start + right_size, map_start + map_size);
CreateAliases(right_start + right_size / 2, alias_size, num_aliases);
return right_start;
}
void InitializePlatformCommonFlags(CommonFlags *cf) { void InitializePlatformCommonFlags(CommonFlags *cf) {
#if SANITIZER_ANDROID #if SANITIZER_ANDROID
if (&__libc_get_static_tls_bounds == nullptr) if (&__libc_get_static_tls_bounds == nullptr)
cf->detect_leaks = false; cf->detect_leaks = false;
#endif #endif
} }
} // namespace __sanitizer } // namespace __sanitizer
#endif #endif

compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp

Show First 20 LinesShow All 1,246 Lines▼ Show 20 Lines if (shadow_start == 0) {
CHECK(0 && "cannot place shadow after restricting vm"); CHECK(0 && "cannot place shadow after restricting vm");
} }
} }
CHECK_NE((uptr)0, shadow_start); CHECK_NE((uptr)0, shadow_start);
CHECK(IsAligned(shadow_start, alignment)); CHECK(IsAligned(shadow_start, alignment));
return shadow_start; return shadow_start;
} }
uptr MapDynamicShadowAndAliases(uptr shadow_size, uptr alias_size,
uptr num_aliases, uptr ring_buffer_size) {
CHECK(false && "HWASan aliasing is unimplemented on Mac");
return 0;
}
uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding, uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding,
uptr *largest_gap_found, uptr *largest_gap_found,
uptr *max_occupied_addr) { uptr *max_occupied_addr) {
typedef vm_region_submap_short_info_data_64_t RegionInfo; typedef vm_region_submap_short_info_data_64_t RegionInfo;
enum { kRegionInfoSize = VM_REGION_SUBMAP_SHORT_INFO_COUNT_64 }; enum { kRegionInfoSize = VM_REGION_SUBMAP_SHORT_INFO_COUNT_64 };
// Start searching for available memory region past PAGEZERO, which is // Start searching for available memory region past PAGEZERO, which is
// 4KB on 32-bit and 4GB on 64-bit. // 4KB on 32-bit and 4GB on 64-bit.
mach_vm_address_t start_address = mach_vm_address_t start_address =
▲ Show 20 LinesShow All 150 LinesShow Last 20 Lines

compiler-rt/lib/sanitizer_common/sanitizer_win.cpp

Show First 20 LinesShow All 384 Lines▼ Show 20 Lines while (true) {
} }
// Move to the next region. // Move to the next region.
address = (uptr)info.BaseAddress + info.RegionSize; address = (uptr)info.BaseAddress + info.RegionSize;
} }
return 0; return 0;
} }
uptr MapDynamicShadowAndAliases(uptr shadow_size, uptr alias_size,
uptr num_aliases, uptr ring_buffer_size) {
CHECK(false && "HWASan aliasing is unimplemented on Windows");
return 0;
}
bool MemoryRangeIsAvailable(uptr range_start, uptr range_end) { bool MemoryRangeIsAvailable(uptr range_start, uptr range_end) {
MEMORY_BASIC_INFORMATION mbi; MEMORY_BASIC_INFORMATION mbi;
CHECK(VirtualQuery((void *)range_start, &mbi, sizeof(mbi))); CHECK(VirtualQuery((void *)range_start, &mbi, sizeof(mbi)));
return mbi.Protect == PAGE_NOACCESS && return mbi.Protect == PAGE_NOACCESS &&
(uptr)mbi.BaseAddress + mbi.RegionSize >= range_end; (uptr)mbi.BaseAddress + mbi.RegionSize >= range_end;
} }
void *MapFileToMemory(const char *file_name, uptr *buff_size) { void *MapFileToMemory(const char *file_name, uptr *buff_size) {
▲ Show 20 LinesShow All 774 LinesShow Last 20 Lines