[all-commits] [llvm/llvm-project] 4052de: [tsan] Fix calculation of shadow end address in Me...

Thurston Dang via All-commits all-commits at lists.llvm.org
Wed Jul 10 19:34:35 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 4052de6cb52e2d902a10b49ffc13bb4085ca092a
      https://github.com/llvm/llvm-project/commit/4052de6cb52e2d902a10b49ffc13bb4085ca092a
  Author: Thurston Dang <thurston at google.com>
  Date:   2024-07-10 (Wed, 10 Jul 2024)

  Changed paths:
    M compiler-rt/lib/tsan/rtl/tsan_rtl_access.cpp

  Log Message:
  -----------
  [tsan] Fix calculation of shadow end address in MemoryAccessRangeT (#98404)

MemoryAccessRangeT overestimates the size of the shadow region by 8x,
occasionally leading to assertion failure:
```
  RawShadow* shadow_mem = MemToShadow(addr);
  ...
  // Check that end of shadow is valid
  if (!IsShadowMem(shadow_mem + size * kShadowCnt - 1)) {
    DCHECK(IsShadowMem(shadow_mem + size * kShadowCnt - 1));
```
It is erroneous for two separate reasons:
- it uses kShadowCnt (== 4) instead of kShadowMultiplier (== 2)
- since shadow_mem is a RawShadow*, pointer arithmetic is multiplied by
sizeof(RawShadow) == 4

This patch fixes the calculation, and also improves the debugging
information.

The assertion error was observed on a buildbot
(https://lab.llvm.org/staging/#/builders/89/builds/656/steps/13/logs/stdio):
```
Bad shadow addr 0x3000000190bc (7fffffffe85f)
ThreadSanitizer: CHECK failed: tsan_rtl_access.cpp:690 "((IsShadowMem(shadow_mem + size * kShadowCnt - 1))) != (0)" (0x0, 0x0) (tid=2202676)
```
Notice that 0x3000000190bc is not the correct shadow for the end address
0x7fffffffe85f.

This error is more commonly observed on high-entropy ASLR systems, since
ASLR may be disabled (if the randomized memory layout is incompatible),
leading to an allocation near the boundaries of the high app memory
region (and therefore a shadow end that may be erroneously calculated to
be past the end of the shadow region). Also note that the assertion is
guarded by SANITIZER_DEBUG.

---------

Co-authored-by: Vitaly Buka <vitalybuka at gmail.com>



To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications

More information about the All-commits mailing list