[compiler-rt] r201074 - [msan] Return EINVAL instead of crashing from mmap of an invalid address.

Evgeniy Stepanov eugeni.stepanov at gmail.com
Mon Feb 10 01:37:03 PST 2014 

Author: eugenis
Date: Mon Feb 10 03:37:03 2014
New Revision: 201074

URL: http://llvm.org/viewvc/llvm-project?rev=201074&view=rev
Log:
[msan] Return EINVAL instead of crashing from mmap of an invalid address.

Modified:
    compiler-rt/trunk/lib/msan/lit_tests/mmap_below_shadow.cc
    compiler-rt/trunk/lib/msan/msan_interceptors.cc
    compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.cc
    compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.h

Modified: compiler-rt/trunk/lib/msan/lit_tests/mmap_below_shadow.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/msan/lit_tests/mmap_below_shadow.cc?rev=201074&r1=201073&r2=201074&view=diff
==============================================================================
--- compiler-rt/trunk/lib/msan/lit_tests/mmap_below_shadow.cc (original)
+++ compiler-rt/trunk/lib/msan/lit_tests/mmap_below_shadow.cc Mon Feb 10 03:37:03 2014
@@ -1,22 +1,26 @@
 // Test mmap behavior when map address is below shadow range.
-// With MAP_FIXED, we crash.
+// With MAP_FIXED, we return EINVAL.
 // Without MAP_FIXED, we ignore the address hint and map somewhere in
 // application range.
 
 // RUN: %clangxx_msan -m64 -O0 -DFIXED=0 %s -o %t && %t
-// RUN: %clangxx_msan -m64 -O0 -DFIXED=1 %s -o %t && not %t
+// RUN: %clangxx_msan -m64 -O0 -DFIXED=1 %s -o %t && %t
 
 #include <assert.h>
+#include <errno.h>
 #include <stdint.h>
 #include <sys/mman.h>
 
 int main(void) {
   // Hint address just below shadow.
-  uintptr_t hint = 0x1f0000000000ULL;
+  uintptr_t hint = 0x4f0000000000ULL;
   const uintptr_t app_start = 0x600000000000ULL;
   uintptr_t p = (uintptr_t)mmap(
-      (void *)hint, 4096, PROT_READ | PROT_WRITE,
-      MAP_PRIVATE | MAP_ANONYMOUS | (FIXED ? MAP_FIXED : 0), 0, 0);
-  assert(p >= app_start);
+      (void *)hint, 4096, PROT_WRITE,
+      MAP_PRIVATE | MAP_ANONYMOUS | (FIXED ? MAP_FIXED : 0), -1, 0);
+  if (FIXED)
+    assert(p == (uintptr_t)-1 && errno == EINVAL);
+  else
+    assert(p >= app_start);
   return 0;
 }

Modified: compiler-rt/trunk/lib/msan/msan_interceptors.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/msan/msan_interceptors.cc?rev=201074&r1=201073&r2=201074&view=diff
==============================================================================
--- compiler-rt/trunk/lib/msan/msan_interceptors.cc (original)
+++ compiler-rt/trunk/lib/msan/msan_interceptors.cc Mon Feb 10 03:37:03 2014
@@ -42,6 +42,8 @@ static unsigned g_thread_finalize_key;
 // True if this is a nested interceptor.
 static THREADLOCAL int in_interceptor_scope;
 
+extern "C" int *__errno_location(void);
+
 struct InterceptorScope {
   InterceptorScope() { ++in_interceptor_scope; }
   ~InterceptorScope() { --in_interceptor_scope; }
@@ -796,9 +798,12 @@ INTERCEPTOR(void *, mmap, void *addr, SI
             int fd, OFF_T offset) {
   ENSURE_MSAN_INITED();
   if (addr && !MEM_IS_APP(addr)) {
-    CHECK(!(flags & map_fixed) &&
-          "mmap(..., MAP_FIXED) outside of application memory range.");
-    addr = 0;
+    if (flags & map_fixed) {
+      *__errno_location() = errno_EINVAL;
+      return (void *)-1;
+    } else {
+      addr = 0;
+    }
   }
   void *res = REAL(mmap)(addr, length, prot, flags, fd, offset);
   if (res != (void*)-1)
@@ -1171,8 +1176,6 @@ int OnExit() {
 
 }  // namespace __msan
 
-extern "C" int *__errno_location(void);
-
 // A version of CHECK_UNPOISONED using a saved scope value. Used in common
 // interceptors.
 #define CHECK_UNPOISONED_CTX(ctx, x, n)                         \

Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.cc?rev=201074&r1=201073&r2=201074&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.cc (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.cc Mon Feb 10 03:37:03 2014
@@ -769,6 +769,7 @@ namespace __sanitizer {
   unsigned IOCTL_TIOCSSERIAL = TIOCSSERIAL;
 #endif
 
+  const int errno_EINVAL = EINVAL;
 // EOWNERDEAD is not present in some older platforms.
 #if defined(EOWNERDEAD)
   extern const int errno_EOWNERDEAD = EOWNERDEAD;

Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.h?rev=201074&r1=201073&r2=201074&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.h (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.h Mon Feb 10 03:37:03 2014
@@ -1048,6 +1048,7 @@ namespace __sanitizer {
   extern unsigned IOCTL_TIOCSSERIAL;
 #endif
 
+  extern const int errno_EINVAL;
   extern const int errno_EOWNERDEAD;
 }  // namespace __sanitizer

More information about the llvm-commits mailing list