[compiler-rt] r220351 - [msan] Handle param-tls overflow.
Evgeniy Stepanov
eugeni.stepanov at gmail.com
Tue Oct 21 17:12:40 PDT 2014
Author: eugenis
Date: Tue Oct 21 19:12:40 2014
New Revision: 220351
URL: http://llvm.org/viewvc/llvm-project?rev=220351&view=rev
Log:
[msan] Handle param-tls overflow.
ParamTLS (shadow for function arguments) is of limited size. This change
makes all arguments that do not fit unpoisoned, and avoids writing
past the end of a TLS buffer.
Added:
compiler-rt/trunk/test/msan/param_tls_limit.cc (with props)
Modified:
compiler-rt/trunk/lib/msan/msan.cc
compiler-rt/trunk/lib/msan/msan.h
Modified: compiler-rt/trunk/lib/msan/msan.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/msan/msan.cc?rev=220351&r1=220350&r2=220351&view=diff
==============================================================================
--- compiler-rt/trunk/lib/msan/msan.cc (original)
+++ compiler-rt/trunk/lib/msan/msan.cc Tue Oct 21 19:12:40 2014
@@ -39,22 +39,22 @@ static bool msan_running_under_dr;
// Function argument shadow. Each argument starts at the next available 8-byte
// aligned address.
SANITIZER_INTERFACE_ATTRIBUTE
-THREADLOCAL u64 __msan_param_tls[kMsanParamTlsSizeInWords];
+THREADLOCAL u64 __msan_param_tls[kMsanParamTlsSize / sizeof(u64)];
// Function argument origin. Each argument starts at the same offset as the
// corresponding shadow in (__msan_param_tls). Slightly weird, but changing this
// would break compatibility with older prebuilt binaries.
SANITIZER_INTERFACE_ATTRIBUTE
-THREADLOCAL u32 __msan_param_origin_tls[kMsanParamTlsSizeInWords];
+THREADLOCAL u32 __msan_param_origin_tls[kMsanParamTlsSize / sizeof(u32)];
SANITIZER_INTERFACE_ATTRIBUTE
-THREADLOCAL u64 __msan_retval_tls[kMsanRetvalTlsSizeInWords];
+THREADLOCAL u64 __msan_retval_tls[kMsanRetvalTlsSize / sizeof(u64)];
SANITIZER_INTERFACE_ATTRIBUTE
THREADLOCAL u32 __msan_retval_origin_tls;
SANITIZER_INTERFACE_ATTRIBUTE
-THREADLOCAL u64 __msan_va_arg_tls[kMsanParamTlsSizeInWords];
+THREADLOCAL u64 __msan_va_arg_tls[kMsanParamTlsSize / sizeof(u64)];
SANITIZER_INTERFACE_ATTRIBUTE
THREADLOCAL u64 __msan_va_arg_overflow_size_tls;
Modified: compiler-rt/trunk/lib/msan/msan.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/msan/msan.h?rev=220351&r1=220350&r2=220351&view=diff
==============================================================================
--- compiler-rt/trunk/lib/msan/msan.h (original)
+++ compiler-rt/trunk/lib/msan/msan.h Tue Oct 21 19:12:40 2014
@@ -32,8 +32,9 @@
#define MEM_IS_SHADOW(mem) \
((uptr)mem >= 0x200000000000ULL && (uptr)mem <= 0x400000000000ULL)
-const int kMsanParamTlsSizeInWords = 100;
-const int kMsanRetvalTlsSizeInWords = 100;
+// These constants must be kept in sync with the ones in MemorySanitizer.cc.
+const int kMsanParamTlsSize = 800;
+const int kMsanRetvalTlsSize = 800;
namespace __msan {
extern int msan_inited;
Added: compiler-rt/trunk/test/msan/param_tls_limit.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/msan/param_tls_limit.cc?rev=220351&view=auto
==============================================================================
--- compiler-rt/trunk/test/msan/param_tls_limit.cc (added)
+++ compiler-rt/trunk/test/msan/param_tls_limit.cc Tue Oct 21 19:12:40 2014
@@ -0,0 +1,74 @@
+// ParamTLS has limited size. Everything that does not fit is considered fully
+// initialized.
+
+// RUN: %clangxx_msan -m64 -O0 %s -o %t && %run %t
+// RUN: %clangxx_msan -fsanitize-memory-track-origins -m64 -O0 %s -o %t && %run %t
+// RUN: %clangxx_msan -fsanitize-memory-track-origins=2 -m64 -O0 %s -o %t && %run %t
+
+#include <sanitizer/msan_interface.h>
+#include <assert.h>
+
+// This test assumes that ParamTLS size is 800 bytes.
+
+// This test passes poisoned values through function argument list.
+// In case of overflow, argument is unpoisoned.
+#define OVERFLOW(x) assert(__msan_test_shadow(&x, sizeof(x)) == -1)
+// In case of no overflow, it is still poisoned.
+#define NO_OVERFLOW(x) assert(__msan_test_shadow(&x, sizeof(x)) == 0)
+
+template<int N>
+struct S {
+ char x[N];
+};
+
+void f100(S<100> s) {
+ NO_OVERFLOW(s);
+}
+
+void f800(S<800> s) {
+ NO_OVERFLOW(s);
+}
+
+void f801(S<801> s) {
+ OVERFLOW(s);
+}
+
+void f1000(S<1000> s) {
+ OVERFLOW(s);
+}
+
+void f_many(int a, double b, S<800> s, int c, double d) {
+ NO_OVERFLOW(a);
+ NO_OVERFLOW(b);
+ OVERFLOW(s);
+ OVERFLOW(c);
+ OVERFLOW(d);
+}
+
+// -8 bytes for "int a", aligned by 8
+// -2 to make "int c" a partial fit
+void f_many2(int a, S<800 - 8 - 2> s, int c, double d) {
+ NO_OVERFLOW(a);
+ NO_OVERFLOW(s);
+ OVERFLOW(c);
+ OVERFLOW(d);
+}
+
+int main(void) {
+ S<100> s100;
+ S<800> s800;
+ S<801> s801;
+ S<1000> s1000;
+ f100(s100);
+ f800(s800);
+ f801(s801);
+ f1000(s1000);
+
+ int i;
+ double d;
+ f_many(i, d, s800, i, d);
+
+ S<800 - 8 - 2> s788;
+ f_many2(i, s788, i, d);
+ return 0;
+}
Propchange: compiler-rt/trunk/test/msan/param_tls_limit.cc
------------------------------------------------------------------------------
svn:eol-style = LF
More information about the llvm-commits
mailing list