[compiler-rt] r274074 - [msan] Fix handling of padding in sendmsg control data.
Manman Ren via llvm-commits
llvm-commits at lists.llvm.org
Tue Jun 28 17:16:58 PDT 2016
The bot magically recovered at the next run with an unrelated NFC change.
Sorry for the false alarm.
Manman
> On Jun 28, 2016, at 5:07 PM, Evgenii Stepanov <eugeni.stepanov at gmail.com> wrote:
>
> Are you sure you've got the right commit? I can not imagine how it
> would cause this failure in an unrelated test.
>
> Does your internal bot configure compiler-rt in some unusual way? How
> can I reproduce this?
>
> On Tue, Jun 28, 2016 at 5:02 PM, Manman Ren <mren at apple.com> wrote:
>> This seems to cause our internal bot to fail
>> Command Output (stderr):
>> --
>> /Users/buildslave/jenkins/sharedspace/apple-clang-stage1 at 2/clang/src/projects/compiler-rt/test/asan/TestCases/Darwin/atos-symbolizer.cc:17:12: error: expected string not found in input
>> // CHECK: #1 0x{{.*}} in main {{.*}}atos-symbolizer.cc:[[@LINE-4]]
>> ^
>> <stdin>:36:26: note: scanning from here
>> #0 0x8afc7 in wrap_free (/Users/buildslave/jenkins/sharedspace/apple-clang-stage1 at 2/clang.roots/BuildRecords/clang-9999.99_install/Build/lib/clang/3.9.99/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x4efc7)
>> ^
>> <stdin>:36:26: note: with expression "@LINE-4" equal to "13"
>> #0 0x8afc7 in wrap_free (/Users/buildslave/jenkins/sharedspace/apple-clang-stage1 at 2/clang.roots/BuildRecords/clang-9999.99_install/Build/lib/clang/3.9.99/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x4efc7)
>> ^
>> <stdin>:37:198: note: possible intended match here
>> #1 0x36f20 in main (/Users/buildslave/jenkins/sharedspace/apple-clang-stage1 at 2/clang.roots/BuildRecords/clang-9999.99_install/Build/tools/clang/runtime/compiler-rt-bins/test/asan/I386DarwinConfig/TestCases/Darwin/Output/atos-symbolizer.cc.tmp+0x1f20)
>> ^
>> Can you take a look? If it is caused by your commit, can you either revert it or provide a fix soon?
>>
>> Thanks,
>> Manman
>>
>>> On Jun 28, 2016, at 3:42 PM, Evgeniy Stepanov via llvm-commits <llvm-commits at lists.llvm.org> wrote:
>>>
>>> Author: eugenis
>>> Date: Tue Jun 28 17:42:31 2016
>>> New Revision: 274074
>>>
>>> URL: http://llvm.org/viewvc/llvm-project?rev=274074&view=rev
>>> Log:
>>> [msan] Fix handling of padding in sendmsg control data.
>>>
>>> Added:
>>> compiler-rt/trunk/test/msan/Linux/cmsghdr.cc
>>> Modified:
>>> compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc
>>>
>>> Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc
>>> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc?rev=274074&r1=274073&r2=274074&view=diff
>>> ==============================================================================
>>> --- compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc (original)
>>> +++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc Tue Jun 28 17:42:31 2016
>>> @@ -2499,6 +2499,34 @@ INTERCEPTOR(SSIZE_T, recvmsg, int fd, st
>>> #endif
>>>
>>> #if SANITIZER_INTERCEPT_SENDMSG
>>> +static void read_msghdr_control(void *ctx, void *control, uptr controllen) {
>>> + const unsigned kCmsgDataOffset =
>>> + RoundUpTo(sizeof(__sanitizer_cmsghdr), sizeof(uptr));
>>> +
>>> + char *p = (char *)control;
>>> + char *const control_end = p + controllen;
>>> + while (true) {
>>> + if (p + sizeof(__sanitizer_cmsghdr) > control_end) break;
>>> + __sanitizer_cmsghdr *cmsg = (__sanitizer_cmsghdr *)p;
>>> + COMMON_INTERCEPTOR_READ_RANGE(ctx, &cmsg->cmsg_len, sizeof(cmsg->cmsg_len));
>>> +
>>> + if (p + RoundUpTo(cmsg->cmsg_len, sizeof(uptr)) > control_end) break;
>>> +
>>> + COMMON_INTERCEPTOR_READ_RANGE(ctx, &cmsg->cmsg_level,
>>> + sizeof(cmsg->cmsg_level));
>>> + COMMON_INTERCEPTOR_READ_RANGE(ctx, &cmsg->cmsg_type,
>>> + sizeof(cmsg->cmsg_type));
>>> +
>>> + if (cmsg->cmsg_len > kCmsgDataOffset) {
>>> + char *data = p + kCmsgDataOffset;
>>> + unsigned data_len = cmsg->cmsg_len - kCmsgDataOffset;
>>> + if (data_len > 0) COMMON_INTERCEPTOR_READ_RANGE(ctx, data, data_len);
>>> + }
>>> +
>>> + p += RoundUpTo(cmsg->cmsg_len, sizeof(uptr));
>>> + }
>>> +}
>>> +
>>> static void read_msghdr(void *ctx, struct __sanitizer_msghdr *msg,
>>> SSIZE_T maxlen) {
>>> #define R(f) \
>>> @@ -2518,7 +2546,7 @@ static void read_msghdr(void *ctx, struc
>>> sizeof(*msg->msg_iov) * msg->msg_iovlen);
>>> read_iovec(ctx, msg->msg_iov, msg->msg_iovlen, maxlen);
>>> if (msg->msg_control && msg->msg_controllen)
>>> - COMMON_INTERCEPTOR_READ_RANGE(ctx, msg->msg_control, msg->msg_controllen);
>>> + read_msghdr_control(ctx, msg->msg_control, msg->msg_controllen);
>>> }
>>>
>>> INTERCEPTOR(SSIZE_T, sendmsg, int fd, struct __sanitizer_msghdr *msg,
>>>
>>> Added: compiler-rt/trunk/test/msan/Linux/cmsghdr.cc
>>> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/msan/Linux/cmsghdr.cc?rev=274074&view=auto
>>> ==============================================================================
>>> --- compiler-rt/trunk/test/msan/Linux/cmsghdr.cc (added)
>>> +++ compiler-rt/trunk/test/msan/Linux/cmsghdr.cc Tue Jun 28 17:42:31 2016
>>> @@ -0,0 +1,101 @@
>>> +// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONFD -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
>>> +// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONCRED -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
>>> +// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONLEN -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
>>> +// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONLEVEL -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
>>> +// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONTYPE -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
>>> +// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONLEN2 -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
>>> +// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONLEVEL2 -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
>>> +// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -DPOISONTYPE2 -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=SENDMSG
>>> +// RUN: %clangxx_msan %s -std=c++11 -DSENDMSG -o %t && %run %t 2>&1 | FileCheck %s --check-prefix=NEGATIVE
>>> +
>>> +// UNSUPPORTED: android
>>> +
>>> +#include <assert.h>
>>> +#include <stdio.h>
>>> +#include <unistd.h>
>>> +#include <stdlib.h>
>>> +#include <string.h>
>>> +#include <errno.h>
>>> +#include <netdb.h>
>>> +#include <sys/types.h>
>>> +#include <sys/socket.h>
>>> +#include <sys/un.h>
>>> +#include <sanitizer/msan_interface.h>
>>> +
>>> +const int kBufSize = 10;
>>> +
>>> +int main() {
>>> + int ret;
>>> + char buf[kBufSize] = {0};
>>> + pthread_t client_thread;
>>> + struct sockaddr_un serveraddr;
>>> +
>>> + int sock[2];
>>> + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, sock);
>>> + assert(ret == 0);
>>> +
>>> + int sockfd = sock[0];
>>> +
>>> + struct iovec iov[] = {{buf, 10}};
>>> + struct msghdr msg = {0};
>>> + msg.msg_iov = iov;
>>> + msg.msg_iovlen = 1;
>>> + msg.msg_flags = 0;
>>> +
>>> + static const int kNumFds = 3;
>>> + char controlbuf[CMSG_SPACE(kNumFds * sizeof(int)) +
>>> + CMSG_SPACE(sizeof(struct ucred))];
>>> + msg.msg_control = &controlbuf;
>>> + msg.msg_controllen = sizeof(controlbuf);
>>> +
>>> + struct cmsghdr *cmsg = (struct cmsghdr *)&controlbuf;
>>> + assert(cmsg);
>>> + int myfds[kNumFds];
>>> + for (int &fd : myfds)
>>> + fd = sockfd;
>>> +#ifdef POISONFD
>>> + __msan_poison(&myfds[1], sizeof(int));
>>> +#endif
>>> + cmsg->cmsg_level = SOL_SOCKET;
>>> + cmsg->cmsg_type = SCM_RIGHTS;
>>> + cmsg->cmsg_len = CMSG_LEN(kNumFds * sizeof(int));
>>> + memcpy(CMSG_DATA(cmsg), myfds, kNumFds * sizeof(int));
>>> +#ifdef POISONLEVEL
>>> + __msan_poison(&cmsg->cmsg_level, sizeof(cmsg->cmsg_level));
>>> +#endif
>>> +#ifdef POISONTYPE
>>> + __msan_poison(&cmsg->cmsg_type, sizeof(cmsg->cmsg_type));
>>> +#endif
>>> +#ifdef POISONLEN
>>> + __msan_poison(&cmsg->cmsg_len, sizeof(cmsg->cmsg_len));
>>> +#endif
>>> +
>>> + cmsg = (struct cmsghdr *)(&controlbuf[CMSG_SPACE(kNumFds * sizeof(int))]);
>>> + assert(cmsg);
>>> + struct ucred cred = {getpid(), getuid(), getgid()};
>>> +#ifdef POISONCRED
>>> + __msan_poison(&cred.uid, sizeof(cred.uid));
>>> +#endif
>>> + cmsg->cmsg_level = SOL_SOCKET;
>>> + cmsg->cmsg_type = SCM_CREDENTIALS;
>>> + cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
>>> + memcpy(CMSG_DATA(cmsg), &cred, sizeof(struct ucred));
>>> +#ifdef POISONLEVEL2
>>> + __msan_poison(&cmsg->cmsg_level, sizeof(cmsg->cmsg_level));
>>> +#endif
>>> +#ifdef POISONTYPE2
>>> + __msan_poison(&cmsg->cmsg_type, sizeof(cmsg->cmsg_type));
>>> +#endif
>>> +#ifdef POISONLEN2
>>> + __msan_poison(&cmsg->cmsg_len, sizeof(cmsg->cmsg_len));
>>> +#endif
>>> +
>>> + ret = sendmsg(sockfd, &msg, 0);
>>> + // SENDMSG: MemorySanitizer: use-of-uninitialized-value
>>> + if (ret == -1) printf("%d: %s\n", errno, strerror(errno));
>>> + assert(ret > 0);
>>> +
>>> + fprintf(stderr, "== done\n");
>>> + // NEGATIVE: == done
>>> + return 0;
>>> +}
>>>
>>>
>>> _______________________________________________
>>> llvm-commits mailing list
>>> llvm-commits at lists.llvm.org
>>> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>>
More information about the llvm-commits
mailing list