[compiler-rt] r341143 - [hwasan] fix the linux-only pthread_create interceptor and reinstate the two threaded tests
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Thu Aug 30 16:22:27 PDT 2018
Author: kcc
Date: Thu Aug 30 16:22:26 2018
New Revision: 341143
URL: http://llvm.org/viewvc/llvm-project?rev=341143&view=rev
Log:
[hwasan] fix the linux-only pthread_create interceptor and reinstate the two threaded tests
Added:
compiler-rt/trunk/test/hwasan/TestCases/many-threads-uaf.c
compiler-rt/trunk/test/hwasan/TestCases/thread-uaf.c
Modified:
compiler-rt/trunk/lib/hwasan/hwasan_interceptors.cc
compiler-rt/trunk/lib/hwasan/hwasan_thread.h
Modified: compiler-rt/trunk/lib/hwasan/hwasan_interceptors.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/hwasan/hwasan_interceptors.cc?rev=341143&r1=341142&r2=341143&view=diff
==============================================================================
--- compiler-rt/trunk/lib/hwasan/hwasan_interceptors.cc (original)
+++ compiler-rt/trunk/lib/hwasan/hwasan_interceptors.cc Thu Aug 30 16:22:26 2018
@@ -292,14 +292,6 @@ INTERCEPTOR(void *, malloc, SIZE_T size)
extern "C" int pthread_attr_init(void *attr);
extern "C" int pthread_attr_destroy(void *attr);
-struct ThreadStartArg {
- thread_callback_t callback;
- void *param;
- // TODO: something crazy is going on with pthread_create overwriting parts
- // of the stack, hense the padding.
- char padding[1000];
-};
-
static void *HwasanThreadStartFunc(void *arg) {
__hwasan_thread_enter();
ThreadStartArg *A = reinterpret_cast<ThreadStartArg*>(arg);
@@ -309,11 +301,10 @@ static void *HwasanThreadStartFunc(void
INTERCEPTOR(int, pthread_create, void *th, void *attr, void *(*callback)(void*),
void * param) {
ScopedTaggingDisabler disabler;
- ThreadStartArg A;
- A.callback = callback;
- A.param = param;
+ ThreadStartArg *A = GetCurrentThread()->thread_start_arg();
+ *A = {callback, param};
int res = REAL(pthread_create)(UntagPtr(th), UntagPtr(attr),
- &HwasanThreadStartFunc, &A);
+ &HwasanThreadStartFunc, A);
return res;
}
#endif // HWASAN_WITH_INTERCEPTORS
Modified: compiler-rt/trunk/lib/hwasan/hwasan_thread.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/hwasan/hwasan_thread.h?rev=341143&r1=341142&r2=341143&view=diff
==============================================================================
--- compiler-rt/trunk/lib/hwasan/hwasan_thread.h (original)
+++ compiler-rt/trunk/lib/hwasan/hwasan_thread.h Thu Aug 30 16:22:26 2018
@@ -19,6 +19,11 @@
namespace __hwasan {
+struct ThreadStartArg {
+ thread_callback_t callback;
+ void *param;
+};
+
class Thread {
public:
static Thread *Create(thread_callback_t start_routine, void *arg);
@@ -70,6 +75,10 @@ class Thread {
}
}
+ // Return a scratch ThreadStartArg object to be used in
+ // pthread_create interceptor.
+ ThreadStartArg *thread_start_arg() { return &thread_start_arg_; }
+
private:
// NOTE: There is no Thread constructor. It is allocated
// via mmap() and *must* be valid in zero-initialized state.
@@ -99,6 +108,8 @@ class Thread {
static Thread *main_thread;
u32 tagging_disabled_; // if non-zero, malloc uses zero tag in this thread.
+
+ ThreadStartArg thread_start_arg_;
};
Thread *GetCurrentThread();
Added: compiler-rt/trunk/test/hwasan/TestCases/many-threads-uaf.c
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/hwasan/TestCases/many-threads-uaf.c?rev=341143&view=auto
==============================================================================
--- compiler-rt/trunk/test/hwasan/TestCases/many-threads-uaf.c (added)
+++ compiler-rt/trunk/test/hwasan/TestCases/many-threads-uaf.c Thu Aug 30 16:22:26 2018
@@ -0,0 +1,37 @@
+// RUN: %clang_hwasan %s -o %t && not %run %t 2>&1 | FileCheck %s
+// REQUIRES: stable-runtime
+
+#include <pthread.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <sanitizer/hwasan_interface.h>
+
+void *BoringThread(void *arg) {
+ char * volatile x = (char*)malloc(10);
+ x[5] = 0;
+ free(x);
+ return NULL;
+}
+
+void *UAFThread(void *arg) {
+ char * volatile x = (char*)malloc(10);
+ fprintf(stderr, "ZZZ %p\n", x);
+ free(x);
+ x[5] = 42;
+ // CHECK: ERROR: HWAddressSanitizer: tag-mismatch on address
+ // CHECK: WRITE of size 1
+ // CHECK: many-threads-uaf.c:[[@LINE-3]]
+ return NULL;
+}
+
+int main() {
+ __hwasan_enable_allocator_tagging();
+ pthread_t t;
+ for (int i = 0; i < 1100; i++) {
+ pthread_create(&t, NULL, BoringThread, NULL);
+ pthread_join(t, NULL);
+ }
+ pthread_create(&t, NULL, UAFThread, NULL);
+ pthread_join(t, NULL);
+}
Added: compiler-rt/trunk/test/hwasan/TestCases/thread-uaf.c
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/hwasan/TestCases/thread-uaf.c?rev=341143&view=auto
==============================================================================
--- compiler-rt/trunk/test/hwasan/TestCases/thread-uaf.c (added)
+++ compiler-rt/trunk/test/hwasan/TestCases/thread-uaf.c Thu Aug 30 16:22:26 2018
@@ -0,0 +1,26 @@
+// RUN: %clang_hwasan %s -o %t && not %run %t 2>&1 | FileCheck %s
+// REQUIRES: stable-runtime
+
+#include <pthread.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <sanitizer/hwasan_interface.h>
+
+void *Thread(void *arg) {
+ char * volatile x = (char*)malloc(10);
+ fprintf(stderr, "ZZZ %p\n", x);
+ free(x);
+ x[5] = 42;
+ // CHECK: ERROR: HWAddressSanitizer: tag-mismatch on address
+ // CHECK: WRITE of size 1
+ // CHECK: thread-uaf.c:[[@LINE-3]]
+ return NULL;
+}
+
+int main() {
+ __hwasan_enable_allocator_tagging();
+ pthread_t t;
+ pthread_create(&t, NULL, Thread, NULL);
+ pthread_join(t, NULL);
+}
More information about the llvm-commits
mailing list