[PATCH] D98875: [HWASan] Use page aliasing on x86_64.

Xiang Zhang via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Fri Apr 23 00:33:35 PDT 2021 

xiangzhangllvm added inline comments.


================
Comment at: compiler-rt/lib/hwasan/hwasan.h:41
+// Tags are done in middle bits using userspace aliasing.
+constexpr unsigned kAddressTagShift = 39;
+constexpr unsigned kTagBits = 3;
----------------
morehouse wrote:
> xiangzhangllvm wrote:
> > Hello @morehouse, I have some questions here:
> > 1) Does the "page alias" in your patch mean "tagged address and untagged address map to same place" ?
> > 2) "The alias region is placed **next **to the shadow", what does the "alias region" here mean?
> > 3) Why kAddressTagShift = 39 , kTagBits = 3 ? Does it mean the "alias region" size is 2^39Bytes ?  It seems to me that the ""alias region is placed **inside** the shadow? 
> > 
> > Thank you !
> > Hello @morehouse, I have some questions here:
> > 1) Does the "page alias" in your patch mean "tagged address and untagged address map to same place" ?
> 
> Yes, the virtual addresses map to the same physical addresses.
> 
> > 2) "The alias region is placed **next **to the shadow", what does the "alias region" here mean?
> 
> We preallocate address space for the entire heap and create aliases for that region at startup.  So "alias region" == heap and aliases.
> 
> > 3) Why kAddressTagShift = 39 , kTagBits = 3 ?
> 
> kTagBits = 3 is due to some preliminary performance benchmarks.  Anything higher than that seems to greatly increase overhead.  kAddressTagShift = 39 is to allow a contiguous heap of 512GB, which should be plenty in practice.
> 
> > Does it mean the "alias region" size is 2^39Bytes ?
> 
> Heap is 2^39 == 512GB.  Then we have 7 other aliases of that memory, for a total alias region size of 2^42 == 4TB.
> 
> > It seems to me that the ""alias region is placed **inside** the shadow? 
> 
> The shadow region on x86_64 is 8TB starting at a dynamic offset.  We dynamically place the alias region (heap and aliases) immediately following the shadow region.
> 
> 
> > 
> > Thank you !
> 
> 
Thank you! 
I think I understand:
We "pre-allocate" 4TB for heap, but we just really used in 512GB, so the bit 39-42 can be use as tag for a heap point! 


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D98875/new/

https://reviews.llvm.org/D98875

More information about the llvm-commits mailing list