[PATCH] Do not sanitize kernel area on 32-bit targets

Wed Mar 19 08:53:02 PDT 2014

Hi kcc, glider, samsonov,

http://llvm-reviews.chandlerc.com/D3119

Files:
  lib/sanitizer_common/sanitizer_posix.cc
  lib/asan/asan_mapping.h
  lib/asan/asan_rtl.cc

Index: lib/sanitizer_common/sanitizer_posix.cc
===================================================================

--- lib/sanitizer_common/sanitizer_posix.cc
+++ lib/sanitizer_common/sanitizer_posix.cc
@@ -22,31 +22,43 @@
 
 #include <sys/mman.h>
 
+#if SANITIZER_LINUX
+#include <sys/utsname.h>
+#endif
+
 namespace __sanitizer {
 
 // ------------- sanitizer_common.h
 uptr GetMmapGranularity() {
   return GetPageSize();
 }
 
 uptr GetMaxVirtualAddress() {
+  uptr res;
 #if SANITIZER_WORDSIZE == 64
 # if defined(__powerpc64__)
   // On PowerPC64 we have two different address space layouts: 44- and 46-bit.
   // We somehow need to figure our which one we are using now and choose
   // one of 0x00000fffffffffffUL and 0x00003fffffffffffUL.
   // Note that with 'ulimit -s unlimited' the stack is moved away from the top
   // of the address space, so simply checking the stack address is not enough.
-  return (1ULL << 44) - 1;  // 0x00000fffffffffffUL
+  res = (1ULL << 44) - 1;  // 0x00000fffffffffffUL
 # elif defined(__aarch64__)
-  return (1ULL << 39) - 1;
+  res = (1ULL << 39) - 1;
 # else
-  return (1ULL << 47) - 1;  // 0x00007fffffffffffUL;
+  res = (1ULL << 47) - 1;  // 0x00007fffffffffffUL;
 # endif
 #else  // SANITIZER_WORDSIZE == 32
-  // FIXME: We can probably lower this on Android?
-  return (1ULL << 32) - 1;  // 0xffffffff;
+  res = (1ULL << 32) - 1;  // 0xffffffff;
+# if SANITIZER_LINUX
+  // Take care of unusable kernel area in top gigabyte
+  // (note that 64-bit Linux provides 32-bit apps with full address space).
+  struct utsname uname_info;
+  if (0 == uname(&uname_info) && !internal_strstr(uname_info.machine, "64"))
+    res -= (1ULL << 30);
+# endif  // SANITIZER_LINUX
 #endif  // SANITIZER_WORDSIZE
+  return res;
 }
 
 void *MmapOrDie(uptr size, const char *mem_type) {
Index: lib/asan/asan_mapping.h
===================================================================
--- lib/asan/asan_mapping.h
+++ lib/asan/asan_mapping.h
@@ -109,7 +109,8 @@
 
 #define kShadowGapBeg   (kLowShadowEnd ? kLowShadowEnd + 1 \
                                        : kZeroBaseShadowStart)
-#define kShadowGapEnd   ((kMidMemBeg ? kMidShadowBeg : kHighShadowBeg) - 1)
+#define kShadowGapEnd   ((kMidMemBeg ? kMidShadowBeg \
+                                     : MEM_TO_SHADOW(kHighShadowEnd + 1)) - 1)
 
 #define kShadowGap2Beg (kMidMemBeg ? kMidShadowEnd + 1 : 0)
 #define kShadowGap2End (kMidMemBeg ? kMidMemBeg - 1 : 0)
Index: lib/asan/asan_rtl.cc
===================================================================
--- lib/asan/asan_rtl.cc
+++ lib/asan/asan_rtl.cc
@@ -482,6 +482,9 @@
     ReserveShadowMemoryRange(kHighShadowBeg, kHighShadowEnd);
     // protect the gap.
     ProtectGap(kShadowGapBeg, kShadowGapEnd - kShadowGapBeg + 1);
+    // Allow accesses to unprotected part of address space
+    if (kShadowGapEnd != kHighShadowBeg - 1)
+      ReserveShadowMemoryRange(kShadowGapEnd, kHighShadowBeg - 1);
   } else if (kMidMemBeg &&
       MemoryRangeIsAvailable(shadow_start, kMidMemBeg - 1) &&
       MemoryRangeIsAvailable(kMidMemEnd + 1, kHighShadowEnd)) {
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D3119.1.patch
Type: text/x-patch
Size: 3104 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20140319/75b8cd03/attachment.bin>
