[all-commits] [llvm/llvm-project] 90a9be: [GWP-ASan] Add recoverable mode.
Mitch Phillips via All-commits
all-commits at lists.llvm.org
Wed Jan 11 13:11:51 PST 2023
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: 90a9beb7cc9755791caa23dfc4e36bc544e98ed3
https://github.com/llvm/llvm-project/commit/90a9beb7cc9755791caa23dfc4e36bc544e98ed3
Author: Mitch Phillips <31459023+hctim at users.noreply.github.com>
Date: 2023-01-11 (Wed, 11 Jan 2023)
Changed paths:
M compiler-rt/lib/gwp_asan/common.cpp
M compiler-rt/lib/gwp_asan/common.h
M compiler-rt/lib/gwp_asan/crash_handler.cpp
M compiler-rt/lib/gwp_asan/crash_handler.h
M compiler-rt/lib/gwp_asan/guarded_pool_allocator.cpp
M compiler-rt/lib/gwp_asan/guarded_pool_allocator.h
M compiler-rt/lib/gwp_asan/optional/segv_handler.h
M compiler-rt/lib/gwp_asan/optional/segv_handler_fuchsia.cpp
M compiler-rt/lib/gwp_asan/optional/segv_handler_posix.cpp
M compiler-rt/lib/gwp_asan/options.inc
M compiler-rt/lib/gwp_asan/tests/CMakeLists.txt
M compiler-rt/lib/gwp_asan/tests/backtrace.cpp
M compiler-rt/lib/gwp_asan/tests/crash_handler_api.cpp
M compiler-rt/lib/gwp_asan/tests/harness.h
A compiler-rt/lib/gwp_asan/tests/recoverable.cpp
M compiler-rt/lib/scudo/standalone/combined.h
Log Message:
-----------
[GWP-ASan] Add recoverable mode.
The GWP-ASan recoverable mode allows a process to continue to function
after a GWP-ASan error is detected. The error will continue to be
dumped, but GWP-ASan now has APIs that a signal handler (like the
example optional crash handler) can call in order to allow the
continuation of a process.
When an error occurs with an allocation, the slot used for that
allocation will be permanently disabled. This means that free() of that
pointer is a no-op, and use-after-frees will succeed (writing and
reading the data present in the page).
For heap-buffer-overflow/underflow, the guard page is marked as accessible
and buffer-overflows will succeed (writing and reading the data present
in the now-accessible guard page). This does impact adjacent
allocations, buffer-underflow and buffer-overflows from adjacent
allocations will no longer touch an inaccessible guard page. This could
be improved in future by having two guard pages between each adjacent
allocation, but that's out of scope of this patch.
Each allocation only ever has a single error report generated. It's
whatever came first between invalid-free, double-free, use-after-free or
heap-buffer-overflow, but only one.
Reviewed By: eugenis, fmayer
Differential Revision: https://reviews.llvm.org/D140173
More information about the All-commits
mailing list