[PATCH] D60593: [GwpAsan] Introduce GWP-ASan.
Mitch Phillips via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Apr 11 17:34:31 PDT 2019
hctim created this revision.
hctim added reviewers: vlad.tsyrklevich, morehouse, eugenis, cryptoad.
Herald added subscribers: Sanitizers, jfb, aprantl, mgorny, kubamracek, srhines.
Herald added a reviewer: jfb.
Herald added projects: Sanitizers, LLVM.
This patch introduces GWP-ASan, a sampled allocator framework that assists in finding use-after-free and heap-buffer-overflows bugs in production environments.
GWP-ASan supplements a traditional allocator (e.g. Scudo), and chooses random allocations to 'sample'. These sampled allocations are placed into a special guarded pool, which is based upon the traditional 'Electric Fence Malloc Debugger'. We surround the allocation with inaccessible pages, such that buffer under/overflows trap on the page fault. We also mark the allocation's page as inaccessible on free, meaning that any use-after-free bugs also cause a page fault trap, which we capture. For more implementation details, please see `docs/GWPASan.rst`.
Please note that this patch is quite large. The patchset contains the basic functionality of GWP-ASan (stack trace dumping and other debug information will be added shortly), the unit tests, and allocator shims into Scudo. This allows any code compiled with `-fsanitize=scudo` to have GWP-ASan enabled-by-default (including the unit tests). I've tried to slice out as much as possible for follow up patches but there isn't much left here to carve off.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D60593
Files:
compiler-rt/cmake/config-ix.cmake
compiler-rt/lib/gwp_asan/CMakeLists.txt
compiler-rt/lib/gwp_asan/allocation_metadata.h
compiler-rt/lib/gwp_asan/definitions.h
compiler-rt/lib/gwp_asan/guarded_pool_allocator.cpp
compiler-rt/lib/gwp_asan/guarded_pool_allocator.h
compiler-rt/lib/gwp_asan/guarded_pool_allocator_posix.cpp
compiler-rt/lib/gwp_asan/mutex.h
compiler-rt/lib/gwp_asan/mutex_posix.cpp
compiler-rt/lib/gwp_asan/optional/runtime_env_flag_parser.cpp
compiler-rt/lib/gwp_asan/optional/runtime_env_flag_parser.h
compiler-rt/lib/gwp_asan/options.h
compiler-rt/lib/gwp_asan/options.inc
compiler-rt/lib/gwp_asan/random.cpp
compiler-rt/lib/gwp_asan/random.h
compiler-rt/lib/sanitizer_common/sanitizer_common.h
compiler-rt/lib/sanitizer_common/sanitizer_printf.cc
compiler-rt/lib/scudo/CMakeLists.txt
compiler-rt/lib/scudo/scudo_allocator.cpp
compiler-rt/test/gwp_asan/CMakeLists.txt
compiler-rt/test/gwp_asan/alignment_power_of_two.cpp
compiler-rt/test/gwp_asan/alignment_static.cpp
compiler-rt/test/gwp_asan/allocator_fallback.cpp
compiler-rt/test/gwp_asan/double_delete.cpp
compiler-rt/test/gwp_asan/double_deletea.cpp
compiler-rt/test/gwp_asan/double_free.cpp
compiler-rt/test/gwp_asan/heap_buffer_overflow.cpp
compiler-rt/test/gwp_asan/heap_buffer_underflow.cpp
compiler-rt/test/gwp_asan/invalid_free_left.cpp
compiler-rt/test/gwp_asan/invalid_free_right.cpp
compiler-rt/test/gwp_asan/lit.cfg
compiler-rt/test/gwp_asan/lit.site.cfg.in
compiler-rt/test/gwp_asan/pattern_calloc_free.cpp
compiler-rt/test/gwp_asan/pattern_malloc_free.cpp
compiler-rt/test/gwp_asan/pattern_new_delete.cpp
compiler-rt/test/gwp_asan/pattern_newa_deletea.cpp
compiler-rt/test/gwp_asan/pattern_realloc_free.cpp
compiler-rt/test/gwp_asan/reuse_quarantine.cpp
compiler-rt/test/gwp_asan/use_after_delete.cpp
compiler-rt/test/gwp_asan/use_after_deletea.cpp
compiler-rt/test/gwp_asan/use_after_free.cpp
compiler-rt/test/scudo/lit.cfg
llvm/docs/GWPASan.rst
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D60593.194791.patch
Type: text/x-patch
Size: 91084 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20190412/46554ad7/attachment.bin>
More information about the llvm-commits
mailing list