[compiler-rt] r201074 - [msan] Return EINVAL instead of crashing from mmap of an invalid address.
Evgeniy Stepanov
eugeni.stepanov at gmail.com
Mon Feb 10 01:37:03 PST 2014
Author: eugenis
Date: Mon Feb 10 03:37:03 2014
New Revision: 201074
URL: http://llvm.org/viewvc/llvm-project?rev=201074&view=rev
Log:
[msan] Return EINVAL instead of crashing from mmap of an invalid address.
Modified:
compiler-rt/trunk/lib/msan/lit_tests/mmap_below_shadow.cc
compiler-rt/trunk/lib/msan/msan_interceptors.cc
compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.cc
compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.h
Modified: compiler-rt/trunk/lib/msan/lit_tests/mmap_below_shadow.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/msan/lit_tests/mmap_below_shadow.cc?rev=201074&r1=201073&r2=201074&view=diff
==============================================================================
--- compiler-rt/trunk/lib/msan/lit_tests/mmap_below_shadow.cc (original)
+++ compiler-rt/trunk/lib/msan/lit_tests/mmap_below_shadow.cc Mon Feb 10 03:37:03 2014
@@ -1,22 +1,26 @@
// Test mmap behavior when map address is below shadow range.
-// With MAP_FIXED, we crash.
+// With MAP_FIXED, we return EINVAL.
// Without MAP_FIXED, we ignore the address hint and map somewhere in
// application range.
// RUN: %clangxx_msan -m64 -O0 -DFIXED=0 %s -o %t && %t
-// RUN: %clangxx_msan -m64 -O0 -DFIXED=1 %s -o %t && not %t
+// RUN: %clangxx_msan -m64 -O0 -DFIXED=1 %s -o %t && %t
#include <assert.h>
+#include <errno.h>
#include <stdint.h>
#include <sys/mman.h>
int main(void) {
// Hint address just below shadow.
- uintptr_t hint = 0x1f0000000000ULL;
+ uintptr_t hint = 0x4f0000000000ULL;
const uintptr_t app_start = 0x600000000000ULL;
uintptr_t p = (uintptr_t)mmap(
- (void *)hint, 4096, PROT_READ | PROT_WRITE,
- MAP_PRIVATE | MAP_ANONYMOUS | (FIXED ? MAP_FIXED : 0), 0, 0);
- assert(p >= app_start);
+ (void *)hint, 4096, PROT_WRITE,
+ MAP_PRIVATE | MAP_ANONYMOUS | (FIXED ? MAP_FIXED : 0), -1, 0);
+ if (FIXED)
+ assert(p == (uintptr_t)-1 && errno == EINVAL);
+ else
+ assert(p >= app_start);
return 0;
}
Modified: compiler-rt/trunk/lib/msan/msan_interceptors.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/msan/msan_interceptors.cc?rev=201074&r1=201073&r2=201074&view=diff
==============================================================================
--- compiler-rt/trunk/lib/msan/msan_interceptors.cc (original)
+++ compiler-rt/trunk/lib/msan/msan_interceptors.cc Mon Feb 10 03:37:03 2014
@@ -42,6 +42,8 @@ static unsigned g_thread_finalize_key;
// True if this is a nested interceptor.
static THREADLOCAL int in_interceptor_scope;
+extern "C" int *__errno_location(void);
+
struct InterceptorScope {
InterceptorScope() { ++in_interceptor_scope; }
~InterceptorScope() { --in_interceptor_scope; }
@@ -796,9 +798,12 @@ INTERCEPTOR(void *, mmap, void *addr, SI
int fd, OFF_T offset) {
ENSURE_MSAN_INITED();
if (addr && !MEM_IS_APP(addr)) {
- CHECK(!(flags & map_fixed) &&
- "mmap(..., MAP_FIXED) outside of application memory range.");
- addr = 0;
+ if (flags & map_fixed) {
+ *__errno_location() = errno_EINVAL;
+ return (void *)-1;
+ } else {
+ addr = 0;
+ }
}
void *res = REAL(mmap)(addr, length, prot, flags, fd, offset);
if (res != (void*)-1)
@@ -1171,8 +1176,6 @@ int OnExit() {
} // namespace __msan
-extern "C" int *__errno_location(void);
-
// A version of CHECK_UNPOISONED using a saved scope value. Used in common
// interceptors.
#define CHECK_UNPOISONED_CTX(ctx, x, n) \
Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.cc?rev=201074&r1=201073&r2=201074&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.cc (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.cc Mon Feb 10 03:37:03 2014
@@ -769,6 +769,7 @@ namespace __sanitizer {
unsigned IOCTL_TIOCSSERIAL = TIOCSSERIAL;
#endif
+ const int errno_EINVAL = EINVAL;
// EOWNERDEAD is not present in some older platforms.
#if defined(EOWNERDEAD)
extern const int errno_EOWNERDEAD = EOWNERDEAD;
Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.h?rev=201074&r1=201073&r2=201074&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.h (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_limits_posix.h Mon Feb 10 03:37:03 2014
@@ -1048,6 +1048,7 @@ namespace __sanitizer {
extern unsigned IOCTL_TIOCSSERIAL;
#endif
+ extern const int errno_EINVAL;
extern const int errno_EOWNERDEAD;
} // namespace __sanitizer
More information about the llvm-commits
mailing list