[compiler-rt] r200200 - [msan] Disable mmap outside of application address range.

Mon Jan 27 01:12:23 PST 2014

Author: eugenis
Date: Mon Jan 27 03:12:22 2014
New Revision: 200200

URL: http://llvm.org/viewvc/llvm-project?rev=200200&view=rev
Log:
[msan] Disable mmap outside of application address range.

Added:
    compiler-rt/trunk/lib/msan/lit_tests/mmap_below_shadow.cc   (with props)
Modified:
    compiler-rt/trunk/lib/msan/msan_interceptors.cc
    compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.cc
    compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.h

Added: compiler-rt/trunk/lib/msan/lit_tests/mmap_below_shadow.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/msan/lit_tests/mmap_below_shadow.cc?rev=200200&view=auto
==============================================================================

--- compiler-rt/trunk/lib/msan/lit_tests/mmap_below_shadow.cc (added)
+++ compiler-rt/trunk/lib/msan/lit_tests/mmap_below_shadow.cc Mon Jan 27 03:12:22 2014
@@ -0,0 +1,22 @@
+// Test mmap behavior when map address is below shadow range.
+// With MAP_FIXED, we crash.
+// Without MAP_FIXED, we ignore the address hint and map somewhere in
+// application range.
+
+// RUN: %clangxx_msan -m64 -O0 -DFIXED=0 %s -o %t && %t
+// RUN: %clangxx_msan -m64 -O0 -DFIXED=1 %s -o %t && not %t
+
+#include <assert.h>
+#include <stdint.h>
+#include <sys/mman.h>
+
+int main(void) {
+  // Hint address just below shadow.
+  uintptr_t hint = 0x1f0000000000ULL;
+  const uintptr_t app_start = 0x600000000000ULL;
+  uintptr_t p = (uintptr_t)mmap(
+      (void *)hint, 4096, PROT_READ | PROT_WRITE,
+      MAP_PRIVATE | MAP_ANONYMOUS | (FIXED ? MAP_FIXED : 0), 0, 0);
+  assert(p >= app_start);
+  return 0;
+}

Propchange: compiler-rt/trunk/lib/msan/lit_tests/mmap_below_shadow.cc
------------------------------------------------------------------------------
    svn:eol-style = LF

Modified: compiler-rt/trunk/lib/msan/msan_interceptors.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/msan/msan_interceptors.cc?rev=200200&r1=200199&r2=200200&view=diff
==============================================================================
--- compiler-rt/trunk/lib/msan/msan_interceptors.cc (original)
+++ compiler-rt/trunk/lib/msan/msan_interceptors.cc Mon Jan 27 03:12:22 2014
@@ -873,6 +873,11 @@ void __msan_allocated_memory(const void*
 INTERCEPTOR(void *, mmap, void *addr, SIZE_T length, int prot, int flags,
             int fd, OFF_T offset) {
   ENSURE_MSAN_INITED();
+  if (addr && !MEM_IS_APP(addr)) {
+    CHECK(!(flags & map_fixed) &&
+          "mmap(..., MAP_FIXED) outside of application memory range.");
+    addr = 0;
+  }
   void *res = REAL(mmap)(addr, length, prot, flags, fd, offset);
   if (res != (void*)-1)
     __msan_unpoison(res, RoundUpTo(length, GetPageSize()));

Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.cc?rev=200200&r1=200199&r2=200200&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.cc (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.cc Mon Jan 27 03:12:22 2014
@@ -33,6 +33,7 @@
 #include <pwd.h>
 #include <signal.h>
 #include <stddef.h>
+#include <sys/mman.h>
 #include <sys/resource.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
@@ -195,6 +196,8 @@ namespace __sanitizer {
   int shmctl_shm_stat = (int)SHM_INFO;
 #endif
 
+  int map_fixed = MAP_FIXED;
+
   int af_inet = (int)AF_INET;
   int af_inet6 = (int)AF_INET6;
 

Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.h?rev=200200&r1=200199&r2=200200&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.h (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.h Mon Jan 27 03:12:22 2014
@@ -501,6 +501,8 @@ namespace __sanitizer {
   extern int shmctl_shm_stat;
 #endif
 
+  extern int map_fixed;
+
   // ioctl arguments
   struct __sanitizer_ifconf {
     int ifc_len;



