[compiler-rt] 395f737 - msan: check that ucontext_t is initialized on signal return
Dmitry Vyukov via llvm-commits
llvm-commits at lists.llvm.org
Wed Jan 5 04:20:54 PST 2022
Author: Dmitry Vyukov
Date: 2022-01-05T13:20:50+01:00
New Revision: 395f737c338c39b892d3ccdd8366dea4fc51c305
URL: https://github.com/llvm/llvm-project/commit/395f737c338c39b892d3ccdd8366dea4fc51c305
DIFF: https://github.com/llvm/llvm-project/commit/395f737c338c39b892d3ccdd8366dea4fc51c305.diff
LOG: msan: check that ucontext_t is initialized on signal return
A signal handler can alter ucontext_t to affect execution after
the signal returns. Check that the contents are initialized.
Restoring unitialized values in registers can't be good.
Reviewed By: vitalybuka
Differential Revision: https://reviews.llvm.org/D116209
Added:
compiler-rt/test/msan/Linux/signal_mcontext2.cpp
Modified:
compiler-rt/lib/msan/msan_interceptors.cpp
Removed:
################################################################################
diff --git a/compiler-rt/lib/msan/msan_interceptors.cpp b/compiler-rt/lib/msan/msan_interceptors.cpp
index 63887e4c6f9ec..d1b858930a7f5 100644
--- a/compiler-rt/lib/msan/msan_interceptors.cpp
+++ b/compiler-rt/lib/msan/msan_interceptors.cpp
@@ -996,6 +996,7 @@ static void SignalAction(int signo, void *si, void *uc) {
sigaction_cb cb =
(sigaction_cb)atomic_load(&sigactions[signo], memory_order_relaxed);
cb(signo, si, uc);
+ CHECK_UNPOISONED(uc, ucontext_t_sz(uc));
}
static void read_sigaction(const __sanitizer_sigaction *act) {
diff --git a/compiler-rt/test/msan/Linux/signal_mcontext2.cpp b/compiler-rt/test/msan/Linux/signal_mcontext2.cpp
new file mode 100644
index 0000000000000..8edf62d1f53a2
--- /dev/null
+++ b/compiler-rt/test/msan/Linux/signal_mcontext2.cpp
@@ -0,0 +1,27 @@
+// RUN: %clangxx_msan -fsanitize-memory-track-origins=2 -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+#include <pthread.h>
+#include <signal.h>
+#include <ucontext.h>
+
+void handler(int sig, siginfo_t *info, void *uctx) {
+ volatile int uninit;
+ auto *mctx = &static_cast<ucontext_t *>(uctx)->uc_mcontext;
+ auto *fpregs = mctx->fpregs;
+ if (fpregs && fpregs->__glibc_reserved1[12] == FP_XSTATE_MAGIC1)
+ reinterpret_cast<_xstate *>(mctx->fpregs)->ymmh.ymmh_space[0] = uninit;
+ else
+ mctx->gregs[REG_RAX] = uninit;
+}
+
+int main(int argc, char **argv) {
+ struct sigaction act = {};
+ act.sa_sigaction = handler;
+ act.sa_flags = SA_SIGINFO;
+ sigfillset(&act.sa_mask);
+ sigaction(SIGPROF, &act, 0);
+ pthread_kill(pthread_self(), SIGPROF);
+ return 0;
+}
+
+// CHECK: WARNING: MemorySanitizer:
More information about the llvm-commits
mailing list