[all-commits] [llvm/llvm-project] c71a5b: [msan] Unpoison indirect outputs for userspace whe...
Fangrui Song via All-commits
all-commits at lists.llvm.org
Fri Jan 19 16:18:41 PST 2024
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: c71a5bf940d2246c53d4cbb32cff21e52cc5635d
https://github.com/llvm/llvm-project/commit/c71a5bf940d2246c53d4cbb32cff21e52cc5635d
Author: Fangrui Song <i at maskray.me>
Date: 2024-01-19 (Fri, 19 Jan 2024)
Changed paths:
M llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
M llvm/test/Instrumentation/MemorySanitizer/msan_asm_conservative.ll
Log Message:
-----------
[msan] Unpoison indirect outputs for userspace when -msan-handle-asm-conservative is specified (#77393)
KMSAN defaults to `msan-handle-asm-conservative`, which inserts
`__msan_instrument_asm_store` calls to unpoison indirect outputs in
inline assembly (e.g. `=m` constraints in source).
```c
unsigned f() {
unsigned v;
// __msan_instrument_asm_store unpoisons v before invoking the asm.
asm("movl $1,%0" : "=m"(v));
return v;
}
```
Extend the mechanism to userspace, but require explicit
`-mllvm -msan-handle-asm-conservative` for experiments for now.
As
https://docs.kernel.org/dev-tools/kmsan.html#inline-assembly-instrumentation
says, this approach may mask certain errors (an indirect output may not
actually be initialized), but it also helps to avoid a lot of false
positives.
Link: https://github.com/google/sanitizers/issues/192
More information about the All-commits
mailing list