[compiler-rt] r220351 - [msan] Handle param-tls overflow.

Evgeniy Stepanov eugeni.stepanov at gmail.com
Tue Oct 21 17:12:40 PDT 2014 

Author: eugenis
Date: Tue Oct 21 19:12:40 2014
New Revision: 220351

URL: http://llvm.org/viewvc/llvm-project?rev=220351&view=rev
Log:
[msan] Handle param-tls overflow.

ParamTLS (shadow for function arguments) is of limited size. This change
makes all arguments that do not fit unpoisoned, and avoids writing
past the end of a TLS buffer.

Added:
    compiler-rt/trunk/test/msan/param_tls_limit.cc   (with props)
Modified:
    compiler-rt/trunk/lib/msan/msan.cc
    compiler-rt/trunk/lib/msan/msan.h

Modified: compiler-rt/trunk/lib/msan/msan.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/msan/msan.cc?rev=220351&r1=220350&r2=220351&view=diff
==============================================================================
--- compiler-rt/trunk/lib/msan/msan.cc (original)
+++ compiler-rt/trunk/lib/msan/msan.cc Tue Oct 21 19:12:40 2014
@@ -39,22 +39,22 @@ static bool msan_running_under_dr;
 // Function argument shadow. Each argument starts at the next available 8-byte
 // aligned address.
 SANITIZER_INTERFACE_ATTRIBUTE
-THREADLOCAL u64 __msan_param_tls[kMsanParamTlsSizeInWords];
+THREADLOCAL u64 __msan_param_tls[kMsanParamTlsSize / sizeof(u64)];
 
 // Function argument origin. Each argument starts at the same offset as the
 // corresponding shadow in (__msan_param_tls). Slightly weird, but changing this
 // would break compatibility with older prebuilt binaries.
 SANITIZER_INTERFACE_ATTRIBUTE
-THREADLOCAL u32 __msan_param_origin_tls[kMsanParamTlsSizeInWords];
+THREADLOCAL u32 __msan_param_origin_tls[kMsanParamTlsSize / sizeof(u32)];
 
 SANITIZER_INTERFACE_ATTRIBUTE
-THREADLOCAL u64 __msan_retval_tls[kMsanRetvalTlsSizeInWords];
+THREADLOCAL u64 __msan_retval_tls[kMsanRetvalTlsSize / sizeof(u64)];
 
 SANITIZER_INTERFACE_ATTRIBUTE
 THREADLOCAL u32 __msan_retval_origin_tls;
 
 SANITIZER_INTERFACE_ATTRIBUTE
-THREADLOCAL u64 __msan_va_arg_tls[kMsanParamTlsSizeInWords];
+THREADLOCAL u64 __msan_va_arg_tls[kMsanParamTlsSize / sizeof(u64)];
 
 SANITIZER_INTERFACE_ATTRIBUTE
 THREADLOCAL u64 __msan_va_arg_overflow_size_tls;

Modified: compiler-rt/trunk/lib/msan/msan.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/msan/msan.h?rev=220351&r1=220350&r2=220351&view=diff
==============================================================================
--- compiler-rt/trunk/lib/msan/msan.h (original)
+++ compiler-rt/trunk/lib/msan/msan.h Tue Oct 21 19:12:40 2014
@@ -32,8 +32,9 @@
 #define MEM_IS_SHADOW(mem) \
   ((uptr)mem >= 0x200000000000ULL && (uptr)mem <= 0x400000000000ULL)
 
-const int kMsanParamTlsSizeInWords = 100;
-const int kMsanRetvalTlsSizeInWords = 100;
+// These constants must be kept in sync with the ones in MemorySanitizer.cc.
+const int kMsanParamTlsSize = 800;
+const int kMsanRetvalTlsSize = 800;
 
 namespace __msan {
 extern int msan_inited;

Added: compiler-rt/trunk/test/msan/param_tls_limit.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/msan/param_tls_limit.cc?rev=220351&view=auto
==============================================================================
--- compiler-rt/trunk/test/msan/param_tls_limit.cc (added)
+++ compiler-rt/trunk/test/msan/param_tls_limit.cc Tue Oct 21 19:12:40 2014
@@ -0,0 +1,74 @@
+// ParamTLS has limited size. Everything that does not fit is considered fully
+// initialized.
+
+// RUN: %clangxx_msan -m64 -O0 %s -o %t && %run %t
+// RUN: %clangxx_msan -fsanitize-memory-track-origins -m64 -O0 %s -o %t && %run %t
+// RUN: %clangxx_msan -fsanitize-memory-track-origins=2 -m64 -O0 %s -o %t && %run %t
+
+#include <sanitizer/msan_interface.h>
+#include <assert.h>
+
+// This test assumes that ParamTLS size is 800 bytes.
+
+// This test passes poisoned values through function argument list.
+// In case of overflow, argument is unpoisoned.
+#define OVERFLOW(x) assert(__msan_test_shadow(&x, sizeof(x)) == -1)
+// In case of no overflow, it is still poisoned.
+#define NO_OVERFLOW(x) assert(__msan_test_shadow(&x, sizeof(x)) == 0)
+
+template<int N>
+struct S {
+  char x[N];
+};
+
+void f100(S<100> s) {
+  NO_OVERFLOW(s);
+}
+
+void f800(S<800> s) {
+  NO_OVERFLOW(s);
+}
+
+void f801(S<801> s) {
+  OVERFLOW(s);
+}
+
+void f1000(S<1000> s) {
+  OVERFLOW(s);
+}
+
+void f_many(int a, double b, S<800> s, int c, double d) {
+  NO_OVERFLOW(a);
+  NO_OVERFLOW(b);
+  OVERFLOW(s);
+  OVERFLOW(c);
+  OVERFLOW(d);
+}
+
+// -8 bytes for "int a", aligned by 8
+// -2 to make "int c" a partial fit
+void f_many2(int a, S<800 - 8 - 2> s, int c, double d) {
+  NO_OVERFLOW(a);
+  NO_OVERFLOW(s);
+  OVERFLOW(c);
+  OVERFLOW(d);
+}
+
+int main(void) {
+  S<100> s100;
+  S<800> s800;
+  S<801> s801;
+  S<1000> s1000;
+  f100(s100);
+  f800(s800);
+  f801(s801);
+  f1000(s1000);
+
+  int i;
+  double d;
+  f_many(i, d, s800, i, d);
+
+  S<800 - 8 - 2> s788;
+  f_many2(i, s788, i, d);
+  return 0;
+}

Propchange: compiler-rt/trunk/test/msan/param_tls_limit.cc
------------------------------------------------------------------------------
    svn:eol-style = LF

More information about the llvm-commits mailing list