[compiler-rt] r363636 - hwasan: Use bits [3..11) of the ring buffer entry address as the base stack tag.
Peter Collingbourne via llvm-commits
llvm-commits at lists.llvm.org
Mon Jun 17 16:39:51 PDT 2019
Author: pcc
Date: Mon Jun 17 16:39:51 2019
New Revision: 363636
URL: http://llvm.org/viewvc/llvm-project?rev=363636&view=rev
Log:
hwasan: Use bits [3..11) of the ring buffer entry address as the base stack tag.
This saves roughly 32 bytes of instructions per function with stack objects
and causes us to preserve enough information that we can recover the original
tags of all stack variables.
Now that stack tags are deterministic, we no longer need to pass
-hwasan-generate-tags-with-calls during check-hwasan. This also means that
the new stack tag generation mechanism is exercised by check-hwasan.
Differential Revision: https://reviews.llvm.org/D63360
Modified:
compiler-rt/trunk/lib/hwasan/hwasan_thread.cpp
compiler-rt/trunk/test/hwasan/TestCases/random-align-right.c
compiler-rt/trunk/test/hwasan/TestCases/stack-history-length.c
compiler-rt/trunk/test/hwasan/lit.cfg
Modified: compiler-rt/trunk/lib/hwasan/hwasan_thread.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/hwasan/hwasan_thread.cpp?rev=363636&r1=363635&r2=363636&view=diff
==============================================================================
--- compiler-rt/trunk/lib/hwasan/hwasan_thread.cpp (original)
+++ compiler-rt/trunk/lib/hwasan/hwasan_thread.cpp Mon Jun 17 16:39:51 2019
@@ -27,6 +27,11 @@ static u32 RandomSeed() {
void Thread::InitRandomState() {
random_state_ = flags()->random_tags ? RandomSeed() : unique_id_;
+
+ // Push a random number of zeros onto the ring buffer so that the first stack
+ // tag base will be random.
+ for (tag_t i = 0, e = GenerateRandomTag(); i != e; ++i)
+ stack_allocations_->push(0);
}
void Thread::Init(uptr stack_buffer_start, uptr stack_buffer_size) {
Modified: compiler-rt/trunk/test/hwasan/TestCases/random-align-right.c
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/hwasan/TestCases/random-align-right.c?rev=363636&r1=363635&r2=363636&view=diff
==============================================================================
--- compiler-rt/trunk/test/hwasan/TestCases/random-align-right.c (original)
+++ compiler-rt/trunk/test/hwasan/TestCases/random-align-right.c Mon Jun 17 16:39:51 2019
@@ -1,9 +1,11 @@
// Tests malloc_align_right=1 and 8 (randomly aligning right).
// RUN: %clang_hwasan %s -o %t
//
-// RUN: %run %t
-// RUN: %env_hwasan_opts=malloc_align_right=1 not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1
-// RUN: %env_hwasan_opts=malloc_align_right=8 not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK8
+// RUN: %run %t 20
+// RUN: %run %t 30
+// RUN: %env_hwasan_opts=malloc_align_right=1 not %run %t 20 2>&1 | FileCheck %s --check-prefix=CHECK20
+// RUN: %env_hwasan_opts=malloc_align_right=1 not %run %t 30 2>&1 | FileCheck %s --check-prefix=CHECK30
+// RUN: %env_hwasan_opts=malloc_align_right=8 not %run %t 30 2>&1 | FileCheck %s --check-prefix=CHECK30
// REQUIRES: stable-runtime
@@ -15,6 +17,7 @@ static volatile void *sink;
int main(int argc, char **argv) {
__hwasan_enable_allocator_tagging();
+ int index = atoi(argv[1]);
// Perform 1000 buffer overflows within the 16-byte granule,
// so that random right-alignment has a very high chance of
@@ -22,14 +25,11 @@ int main(int argc, char **argv) {
for (int i = 0; i < 1000; i++) {
char *p = (char*)malloc(20);
sink = p;
- fprintf(stderr, "[%d] p: %p; accessing p[20]:\n", i, p);
- p[20 * argc] = 0; // requires malloc_align_right=1 to catch
- fprintf(stderr, "[%d] p: %p; accessing p[30]:\n", i, p);
- p[30 * argc] = 0; // requires malloc_align_right={1,8} to catch
-// CHECK1: accessing p[20]
-// CHECK1-NEXT: HWAddressSanitizer: tag-mismatch
-// CHECK8: accessing p[30]:
-// CHECK8-NEXT: HWAddressSanitizer: tag-mismatch
+ p[index] = 0;
+// index=20 requires malloc_align_right=1 to catch
+// CHECK20: HWAddressSanitizer: tag-mismatch
+// index=30 requires malloc_align_right={1,8} to catch
+// CHECK30: HWAddressSanitizer: tag-mismatch
}
}
Modified: compiler-rt/trunk/test/hwasan/TestCases/stack-history-length.c
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/hwasan/TestCases/stack-history-length.c?rev=363636&r1=363635&r2=363636&view=diff
==============================================================================
--- compiler-rt/trunk/test/hwasan/TestCases/stack-history-length.c (original)
+++ compiler-rt/trunk/test/hwasan/TestCases/stack-history-length.c Mon Jun 17 16:39:51 2019
@@ -1,5 +1,5 @@
// RUN: %clang_hwasan -O1 %s -o %t
-// RUN: %env_hwasan_opts=stack_history_size=2048 not %run %t 2046 2>&1 | FileCheck %s --check-prefix=YES
+// RUN: %env_hwasan_opts=stack_history_size=2048 not %run %t 2045 2>&1 | FileCheck %s --check-prefix=YES
// RUN: %env_hwasan_opts=stack_history_size=2048 not %run %t 2047 2>&1 | FileCheck %s --check-prefix=NO
// REQUIRES: stable-runtime
@@ -22,6 +22,9 @@ int main(int argc, char **argv) {
FUNC0();
for (int i = 0; i < X; ++i)
FUNC();
+ // Make at least one call to OOB where base tag != 0 so that the bug is caught
+ // at least once.
+ OOB();
OOB();
}
Modified: compiler-rt/trunk/test/hwasan/lit.cfg
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/hwasan/lit.cfg?rev=363636&r1=363635&r2=363636&view=diff
==============================================================================
--- compiler-rt/trunk/test/hwasan/lit.cfg (original)
+++ compiler-rt/trunk/test/hwasan/lit.cfg Mon Jun 17 16:39:51 2019
@@ -11,7 +11,7 @@ config.test_source_root = os.path.dirnam
# Setup default compiler flags used with -fsanitize=memory option.
clang_cflags = [config.target_cflags] + config.debug_info_flags
clang_cxxflags = config.cxx_mode_flags + clang_cflags
-clang_hwasan_cflags = ["-fsanitize=hwaddress", "-mllvm", "-hwasan-generate-tags-with-calls"] + clang_cflags
+clang_hwasan_cflags = ["-fsanitize=hwaddress"] + clang_cflags
clang_hwasan_cxxflags = config.cxx_mode_flags + clang_hwasan_cflags
def build_invocation(compile_flags):
More information about the llvm-commits
mailing list