[compiler-rt] r270255 - [esan] Extend shadow mapping to cover low libraries
Derek Bruening via llvm-commits
llvm-commits at lists.llvm.org
Fri May 20 12:19:19 PDT 2016
Author: bruening
Date: Fri May 20 14:19:06 2016
New Revision: 270255
URL: http://llvm.org/viewvc/llvm-project?rev=270255&view=rev
Log:
[esan] Extend shadow mapping to cover low libraries
Summary:
Adds support for app libraries starting slightly below 0x7f00'00000000 (the
mmap ASLR range extends down to 0x7efb'f8000000 for reasonable stack
limits) by switching to a shadow mapping offset of 0x1300'00000000.
Reviewers: aizatsky
Subscribers: vitalybuka, zhaoqin, kcc, eugenis, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D20479
Modified:
compiler-rt/trunk/lib/esan/esan.cpp
compiler-rt/trunk/lib/esan/esan_shadow.h
compiler-rt/trunk/test/esan/TestCases/mmap-shadow-conflict.c
compiler-rt/trunk/test/esan/TestCases/verbose-simple.c
Modified: compiler-rt/trunk/lib/esan/esan.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/esan/esan.cpp?rev=270255&r1=270254&r2=270255&view=diff
==============================================================================
--- compiler-rt/trunk/lib/esan/esan.cpp (original)
+++ compiler-rt/trunk/lib/esan/esan.cpp Fri May 20 14:19:06 2016
@@ -64,9 +64,27 @@ void processRangeAccess(uptr PC, uptr Ad
#if SANITIZER_DEBUG
static bool verifyShadowScheme() {
// Sanity checks for our shadow mapping scheme.
+ uptr AppStart, AppEnd;
+ if (Verbosity() >= 3) {
+ for (int i = 0; getAppRegion(i, &AppStart, &AppEnd); ++i) {
+ VPrintf(3, "App #%d: [%zx-%zx) (%zuGB)\n", i, AppStart, AppEnd,
+ (AppEnd - AppStart) >> 30);
+ }
+ }
for (int Scale = 0; Scale < 8; ++Scale) {
Mapping.initialize(Scale);
- uptr AppStart, AppEnd;
+ if (Verbosity() >= 3) {
+ VPrintf(3, "\nChecking scale %d\n", Scale);
+ uptr ShadowStart, ShadowEnd;
+ for (int i = 0; getShadowRegion(i, &ShadowStart, &ShadowEnd); ++i) {
+ VPrintf(3, "Shadow #%d: [%zx-%zx) (%zuGB)\n", i, ShadowStart,
+ ShadowEnd, (ShadowEnd - ShadowStart) >> 30);
+ }
+ for (int i = 0; getShadowRegion(i, &ShadowStart, &ShadowEnd); ++i) {
+ VPrintf(3, "Shadow(Shadow) #%d: [%zx-%zx)\n", i,
+ appToShadow(ShadowStart), appToShadow(ShadowEnd - 1)+1);
+ }
+ }
for (int i = 0; getAppRegion(i, &AppStart, &AppEnd); ++i) {
DCHECK(isAppMem(AppStart));
DCHECK(!isAppMem(AppStart - 1));
Modified: compiler-rt/trunk/lib/esan/esan_shadow.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/esan/esan_shadow.h?rev=270255&r1=270254&r2=270255&view=diff
==============================================================================
--- compiler-rt/trunk/lib/esan/esan_shadow.h (original)
+++ compiler-rt/trunk/lib/esan/esan_shadow.h Fri May 20 14:19:06 2016
@@ -31,7 +31,7 @@ namespace __esan {
//
// [0x00000000'00000000, 0x00000100'00000000) non-PIE + heap
// [0x00005500'00000000, 0x00005700'00000000) PIE
-// [0x00007f00'00000000, 0x00007fff'ff600000) libraries + stack, part 1
+// [0x00007e00'00000000, 0x00007fff'ff600000) libraries + stack, part 1
// [0x00007fff'ff601000, 0x00008000'00000000) libraries + stack, part 2
// [0xffffffff'ff600000, 0xffffffff'ff601000) vsyscall
//
@@ -39,7 +39,6 @@ namespace __esan {
// references there (other sanitizers ignore it), we enforce a gap inside the
// library region to distinguish the vsyscall's shadow, considering this gap to
// be an invalid app region.
-//
// We disallow application memory outside of those 5 regions.
//
// Our shadow memory is scaled from a 1:1 mapping and supports a scale
@@ -57,34 +56,34 @@ namespace __esan {
//
// shadow(app) = ((app & 0x00000fff'ffffffff) + offset) >> scale
//
-// Where the offset for 1:1 is 0x00001200'00000000. For other scales, the
+// Where the offset for 1:1 is 0x00001300'00000000. For other scales, the
// offset is shifted left by the scale, except for scales of 1 and 2 where
// it must be tweaked in order to pass the double-shadow test
// (see the "shadow(shadow)" comments below):
-// scale == 0: 0x0000120'000000000
-// scale == 1: 0x0000220'000000000
-// scale == 2: 0x0000440'000000000
-// scale >= 3: (0x0000120'000000000 << scale)
+// scale == 0: 0x00001300'000000000
+// scale == 1: 0x00002200'000000000
+// scale == 2: 0x00004400'000000000
+// scale >= 3: (0x00001300'000000000 << scale)
//
// Do not pass in the open-ended end value to the formula as it will fail.
//
// The resulting shadow memory regions for a 0 scaling are:
//
-// [0x00001200'00000000, 0x00001300'00000000)
-// [0x00001700'00000000, 0x00001900'00000000)
-// [0x00002100'00000000, 0x000021ff'ff600000)
-// [0x000021ff'ff601000, 0x00002200'00000000)
-// [0x000021ff'ff600000, 0x000021ff'ff601000]
+// [0x00001300'00000000, 0x00001400'00000000)
+// [0x00001800'00000000, 0x00001a00'00000000)
+// [0x00002100'00000000, 0x000022ff'ff600000)
+// [0x000022ff'ff601000, 0x00002300'00000000)
+// [0x000022ff'ff600000, 0x000022ff'ff601000]
//
// We also want to ensure that a wild access by the application into the shadow
// regions will not corrupt our own shadow memory. shadow(shadow) ends up
// disjoint from shadow(app):
//
-// [0x00001400'00000000, 0x00001500'00000000)
-// [0x00001900'00000000, 0x00001b00'00000000)
-// [0x00001300'00000000, 0x000013ff'ff600000]
-// [0x000013ff'ff601000, 0x00001400'00000000]
-// [0x000013ff'ff600000, 0x000013ff'ff601000]
+// [0x00001600'00000000, 0x00001700'00000000)
+// [0x00001b00'00000000, 0x00001d00'00000000)
+// [0x00001400'00000000, 0x000015ff'ff600000]
+// [0x000015ff'ff601000, 0x00001600'00000000]
+// [0x000015ff'ff600000, 0x000015ff'ff601000]
struct ApplicationRegion {
uptr Start;
@@ -98,7 +97,7 @@ static const struct ApplicationRegion Ap
// We make one shadow mapping to hold the shadow regions for all 3 of these
// app regions, as the mappings interleave, and the gap between the 3rd and
// 4th scales down below a page.
- {0x00007f0000000000u, 0x00007fffff600000u, false},
+ {0x00007e0000000000u, 0x00007fffff600000u, false},
{0x00007fffff601000u, 0x0000800000000000u, true},
{0xffffffffff600000u, 0xffffffffff601000u, true},
};
@@ -112,7 +111,7 @@ public:
uptr Offset;
void initialize(uptr ShadowScale) {
static const uptr OffsetArray[3] = {
- 0x0000120000000000u,
+ 0x0000130000000000u,
0x0000220000000000u,
0x0000440000000000u,
};
Modified: compiler-rt/trunk/test/esan/TestCases/mmap-shadow-conflict.c
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/esan/TestCases/mmap-shadow-conflict.c?rev=270255&r1=270254&r2=270255&view=diff
==============================================================================
--- compiler-rt/trunk/test/esan/TestCases/mmap-shadow-conflict.c (original)
+++ compiler-rt/trunk/test/esan/TestCases/mmap-shadow-conflict.c Fri May 20 14:19:06 2016
@@ -19,7 +19,7 @@ int main(int argc, char **argv) {
// CHECK-NEXT: Shadow scale=2 offset=0x440000000000
// CHECK-NEXT: Shadow #0: [110000000000-114000000000) (256GB)
// CHECK-NEXT: Shadow #1: [124000000000-12c000000000) (512GB)
- // CHECK-NEXT: Shadow #2: [14c000000000-150000000000) (256GB)
+ // CHECK-NEXT: Shadow #2: [148000000000-150000000000) (512GB)
// CHECK-NEXT: mmap conflict: {{.*}}
// CHECK-NEXT: map failed
// CHECK-NEXT: mmap conflict: {{.*}}
Modified: compiler-rt/trunk/test/esan/TestCases/verbose-simple.c
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/esan/TestCases/verbose-simple.c?rev=270255&r1=270254&r2=270255&view=diff
==============================================================================
--- compiler-rt/trunk/test/esan/TestCases/verbose-simple.c (original)
+++ compiler-rt/trunk/test/esan/TestCases/verbose-simple.c Fri May 20 14:19:06 2016
@@ -6,7 +6,7 @@ int main(int argc, char **argv) {
// CHECK-NEXT: Shadow scale=2 offset=0x440000000000
// CHECK-NEXT: Shadow #0: [110000000000-114000000000) (256GB)
// CHECK-NEXT: Shadow #1: [124000000000-12c000000000) (512GB)
- // CHECK-NEXT: Shadow #2: [14c000000000-150000000000) (256GB)
+ // CHECK-NEXT: Shadow #2: [148000000000-150000000000) (512GB)
// CHECK-NEXT: in esan::finalizeLibrary
// CHECK-NEXT: {{.*}}EfficiencySanitizer is not finished: nothing yet to report
return 0;
More information about the llvm-commits
mailing list