[PATCH] D69051: Handle libhwasan system allocator fallback during thread initialisation

Wed Oct 16 09:32:10 PDT 2019

mmalcomson created this revision.
mmalcomson added reviewers: eugenis, kcc, pcc, Sanitizers.
mmalcomson added a project: Sanitizers.
Herald added subscribers: llvm-commits, jfb, kristof.beyls.
Herald added a project: LLVM.

The system allocator fallback added in https://reviews.llvm.org/D55986
(llvm-svn: 350427) introduces the assumption that all allocations with a zero
tag have been allocated by the system allocator.

During thread initialisation this assumption no longer holds.
`Thread::Init` disables tagging using the `ScopedTaggingDisabler`, until its
internal data structures have been initialised so that
`Thread::GenerateRandomTag` can generate a random tag.

While libhwasan finds the stack bounds using pthread attributes, libc allocates
and frees an object at the time that stack tagging is disabled.  Hence the
allocation is handled by libhwasan and the free is given to the system
allocator.

I have attached a patch here that makes the hwasan allocation routine pass
allocation off to the system allocator if tagging is disabled in the current
thread.

Another approach I considered was to make GenerateRandomTag return a known
non-zero tag when tagging is disabled for the current thread.
I decided against this since the tags of other pointers seem to be zero when
tagging is disabled (e.g. for flags->disable_allocator_tagging).

Testing done manually on an AArch64 VM using both GCC and clang.

I intend to put a test in the testsuite but since that will take a while (don't
yet understand the testsuite format and my VM doesn't have enough space free to
hold all the llvm binaries) I'm putting this upstream for feedback in the
meantime.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D69051

Files:
  compiler-rt/lib/hwasan/hwasan_allocator.cpp
  compiler-rt/lib/hwasan/hwasan_allocator.h
  compiler-rt/lib/hwasan/hwasan_interceptors.cpp


Index: compiler-rt/lib/hwasan/hwasan_interceptors.cpp
===================================================================

--- compiler-rt/lib/hwasan/hwasan_interceptors.cpp
+++ compiler-rt/lib/hwasan/hwasan_interceptors.cpp
@@ -359,6 +359,8 @@
 #endif  // __aarch64__
   INTERCEPT_FUNCTION(realloc);
   INTERCEPT_FUNCTION(free);
+  INTERCEPT_FUNCTION(malloc);
+  INTERCEPT_FUNCTION(calloc);
 #endif
 
   inited = 1;
Index: compiler-rt/lib/hwasan/hwasan_allocator.h
===================================================================
--- compiler-rt/lib/hwasan/hwasan_allocator.h
+++ compiler-rt/lib/hwasan/hwasan_allocator.h
@@ -29,6 +29,8 @@
 #if HWASAN_WITH_INTERCEPTORS
 DECLARE_REAL(void *, realloc, void *ptr, uptr size)
 DECLARE_REAL(void, free, void *ptr)
+DECLARE_REAL(void *, malloc, SIZE_T size);
+DECLARE_REAL(void *, calloc, SIZE_T nmemb, SIZE_T size);
 #endif
 
 namespace __hwasan {
Index: compiler-rt/lib/hwasan/hwasan_allocator.cpp
===================================================================
--- compiler-rt/lib/hwasan/hwasan_allocator.cpp
+++ compiler-rt/lib/hwasan/hwasan_allocator.cpp
@@ -25,6 +25,8 @@
 #if HWASAN_WITH_INTERCEPTORS
 DEFINE_REAL(void *, realloc, void *ptr, uptr size)
 DEFINE_REAL(void, free, void *ptr)
+DEFINE_REAL(void *, malloc, SIZE_T size);
+DEFINE_REAL(void *, calloc, SIZE_T nmemb, SIZE_T size);
 #endif
 
 namespace __hwasan {
@@ -120,6 +122,13 @@
   Thread *t = GetCurrentThread();
   void *allocated;
   if (t) {
+#if HWASAN_WITH_INTERCEPTORS
+    if (t->TaggingIsDisabled() && !flags()->disable_allocator_tagging)
+      if (zeroise)
+        return REAL(calloc)(1, orig_size);
+      else
+	return REAL(malloc)(orig_size);
+#endif
     allocated = allocator.Allocate(t->allocator_cache(), size, alignment);
   } else {
     SpinMutexLock l(&fallback_mutex);


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D69051.225245.patch
Type: text/x-patch
Size: 1815 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20191016/deb35cb7/attachment.bin>
