[compiler-rt] 2613c77 - [HWASAN] Prevent SEGV in report near inaccessible memory (#66861)

via llvm-commits llvm-commits at lists.llvm.org
Wed Sep 20 14:07:33 PDT 2023 

Author: Vitaly Buka
Date: 2023-09-20T14:07:30-07:00
New Revision: 2613c77cbaa0cdf166626271e103d9af0f8ff9d3

URL: https://github.com/llvm/llvm-project/commit/2613c77cbaa0cdf166626271e103d9af0f8ff9d3
DIFF: https://github.com/llvm/llvm-project/commit/2613c77cbaa0cdf166626271e103d9af0f8ff9d3.diff

LOG: [HWASAN] Prevent SEGV in report near inaccessible memory (#66861)

We can't use IsAccessibleMemoryRange on short granule check because of
performance impact. However we can prevent crashing if report prints out
"Tags for short granules around the buggy address".

Added: 
    compiler-rt/test/hwasan/TestCases/report-unmapped.cpp

Modified: 
    compiler-rt/lib/hwasan/hwasan_report.cpp

Removed: 
    


################################################################################
diff  --git a/compiler-rt/lib/hwasan/hwasan_report.cpp b/compiler-rt/lib/hwasan/hwasan_report.cpp
index 442c5b736611dfb..2a6055a49a706b7 100644
--- a/compiler-rt/lib/hwasan/hwasan_report.cpp
+++ b/compiler-rt/lib/hwasan/hwasan_report.cpp
@@ -357,8 +357,9 @@ static void PrintTagsAroundAddr(tag_t *tag_ptr) {
       "to %zd bytes):\n",
       kShadowAlignment);
   PrintTagInfoAroundAddr(tag_ptr, 3, [](InternalScopedString &s, tag_t *tag) {
-    if (*tag >= 1 && *tag <= kShadowAlignment) {
-      uptr granule_addr = ShadowToMem(reinterpret_cast<uptr>(tag));
+    uptr granule_addr = ShadowToMem(reinterpret_cast<uptr>(tag));
+    if (*tag >= 1 && *tag <= kShadowAlignment &&
+        IsAccessibleMemoryRange(granule_addr, kShadowAlignment)) {
       s.AppendF("%02x",
                 *reinterpret_cast<u8 *>(granule_addr + kShadowAlignment - 1));
     } else {

diff  --git a/compiler-rt/test/hwasan/TestCases/report-unmapped.cpp b/compiler-rt/test/hwasan/TestCases/report-unmapped.cpp
new file mode 100644
index 000000000000000..a58e50a78d87504
--- /dev/null
+++ b/compiler-rt/test/hwasan/TestCases/report-unmapped.cpp
@@ -0,0 +1,39 @@
+// RUN: %clangxx_hwasan %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+#include <sanitizer/hwasan_interface.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/mman.h>
+#include <unistd.h>
+
+int main(int argc, char **argv) {
+  const size_t kPS = sysconf(_SC_PAGESIZE);
+
+  void *r = nullptr;
+  int res = posix_memalign(&r, kPS, 2 * kPS);
+  if (res) {
+    perror("Failed to mmap: ");
+    abort();
+  }
+  
+  r = __hwasan_tag_pointer(r, 0);
+  __hwasan_tag_memory(r, 1,  2 * kPS);
+  
+  // Disable access to the page just after tag-mismatch report address.
+  res = mprotect((char*)r + kPS, kPS, PROT_NONE);
+  if (res) {
+    perror("Failed to mprotect: ");
+    abort();
+  }
+
+  // Trigger tag-mismatch report.
+  return *((char*)r + kPS - 1);
+}
+
+// CHECK: ERROR: HWAddressSanitizer: tag-mismatch on address
+// CHECK: Memory tags around the buggy address
+// CHECK: Tags for short granules around
+
+// Check that report is complete.
+// CHECK: SUMMARY: HWAddressSanitizer

More information about the llvm-commits mailing list