[PATCH] D92881: scudo: Fix quarantine allocation when MTE enabled.
Peter Collingbourne via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Dec 8 12:52:25 PST 2020
pcc created this revision.
pcc added reviewers: cryptoad, hctim, eugenis.
pcc requested review of this revision.
Herald added a project: Sanitizers.
Herald added a subscriber: Sanitizers.
Quarantines have always been broken when MTE is enabled because the
quarantine batch allocator fails to reset tags that may have been
left behind by a user allocation.
This was only noticed when running the Scudo unit tests with Scudo
as the system allocator because quarantines are turned off by
default on Android and the test binary turns them on by defining
__scudo_default_options, which affects the system allocator as well.
Depends on D92880 <https://reviews.llvm.org/D92880>
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D92881
Files:
compiler-rt/lib/scudo/standalone/combined.h
Index: compiler-rt/lib/scudo/standalone/combined.h
===================================================================
--- compiler-rt/lib/scudo/standalone/combined.h
+++ compiler-rt/lib/scudo/standalone/combined.h
@@ -98,6 +98,12 @@
Header.State = Chunk::State::Allocated;
Chunk::storeHeader(Allocator.Cookie, Ptr, &Header);
+ // Reset tag to 0 as this chunk may have been previously used for a tagged
+ // user allocation.
+ if (UNLIKELY(Allocator.useMemoryTagging()))
+ storeTags(reinterpret_cast<uptr>(Ptr),
+ reinterpret_cast<uptr>(Ptr) + sizeof(QuarantineBatch));
+
return Ptr;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D92881.310323.patch
Type: text/x-patch
Size: 655 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20201208/087549e1/attachment.bin>
More information about the llvm-commits
mailing list