[PATCH] D85947: [DFSan] Don't unmap during dfsan_flush().

Matt Morehouse via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Fri Aug 14 11:39:22 PDT 2020 

morehouse updated this revision to Diff 285715.
morehouse added a comment.
Herald added a subscriber: jfb.

- Add multithreaded dfsan_flush() test.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D85947/new/

https://reviews.llvm.org/D85947

Files:
  compiler-rt/include/sanitizer/dfsan_interface.h
  compiler-rt/lib/dfsan/dfsan.cpp
  compiler-rt/test/dfsan/threaded_flush.c


Index: compiler-rt/test/dfsan/threaded_flush.c
===================================================================
--- /dev/null
+++ compiler-rt/test/dfsan/threaded_flush.c
@@ -0,0 +1,36 @@
+// Tests that doing dfsan_flush() while another thread is executing doesn't
+// segfault.
+// RUN: %clang_dfsan %s -o %t && %run %t
+#include <assert.h>
+#include <pthread.h>
+#include <sanitizer/dfsan_interface.h>
+#include <stdlib.h>
+
+static unsigned char GlobalBuf[4096];
+static int ShutDownThread;
+static int StartFlush;
+
+// Access GlobalBuf continuously, causing its shadow to be touched as well.
+// When main() calls dfsan_flush(), no segfault should be triggered.
+static void *accessGlobalInBackground(void *Arg) {
+  __atomic_store_n(&StartFlush, 1, __ATOMIC_RELEASE);
+
+  while (!__atomic_load_n(&ShutDownThread, __ATOMIC_ACQUIRE))
+    for (unsigned I = 0; I < sizeof(GlobalBuf); ++I)
+      ++GlobalBuf[I];
+
+  return NULL;
+}
+
+int main() {
+  pthread_t Thread;
+  pthread_create(&Thread, NULL, accessGlobalInBackground, NULL);
+  while (!__atomic_load_n(&StartFlush, __ATOMIC_ACQUIRE))
+    ; // Spin
+
+  dfsan_flush();
+
+  __atomic_store_n(&ShutDownThread, 1, __ATOMIC_RELEASE);
+  pthread_join(Thread, NULL);
+  return 0;
+}
Index: compiler-rt/lib/dfsan/dfsan.cpp
===================================================================
--- compiler-rt/lib/dfsan/dfsan.cpp
+++ compiler-rt/lib/dfsan/dfsan.cpp
@@ -428,7 +428,6 @@
 }
 
 extern "C" void dfsan_flush() {
-  UnmapOrDie((void*)ShadowAddr(), UnusedAddr() - ShadowAddr());
   if (!MmapFixedNoReserve(ShadowAddr(), UnusedAddr() - ShadowAddr()))
     Die();
 }
Index: compiler-rt/include/sanitizer/dfsan_interface.h
===================================================================
--- compiler-rt/include/sanitizer/dfsan_interface.h
+++ compiler-rt/include/sanitizer/dfsan_interface.h
@@ -80,9 +80,11 @@
 size_t dfsan_get_label_count(void);
 
 /// Flushes the DFSan shadow, i.e. forgets about all labels currently associated
-/// with the application memory. Will work only if there are no other
-/// threads executing DFSan-instrumented code concurrently.
-/// Use this call to start over the taint tracking within the same procces.
+/// with the application memory.  Use this call to start over the taint tracking
+/// within the same process.
+///
+/// Note: If another thread is working with tainted data during the flush, that
+/// taint could still be written to shadow after the flush.
 void dfsan_flush(void);
 
 /// Sets a callback to be invoked on calls to write().  The callback is invoked


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D85947.285715.patch
Type: text/x-patch
Size: 2575 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20200814/503f424a/attachment.bin>

More information about the llvm-commits mailing list