[compiler-rt] 8add770 - Revert "[scudo] Detect double free when running with MTE."

Evgenii Stepanov via llvm-commits llvm-commits at lists.llvm.org
Mon Nov 21 16:58:08 PST 2022 

Author: Evgenii Stepanov
Date: 2022-11-21T16:57:14-08:00
New Revision: 8add770417cad13f7fb4f5bbb6212d6cf2a3249b

URL: https://github.com/llvm/llvm-project/commit/8add770417cad13f7fb4f5bbb6212d6cf2a3249b
DIFF: https://github.com/llvm/llvm-project/commit/8add770417cad13f7fb4f5bbb6212d6cf2a3249b.diff

LOG: Revert "[scudo] Detect double free when running with MTE."

Mysterious failures on the x86_64-linux-qemu, to be debugged.

This reverts commit 1dd54691b20d8bf65156cdf35d241cfcd684cb54.

Added: 
    

Modified: 
    compiler-rt/lib/scudo/standalone/combined.h
    compiler-rt/lib/scudo/standalone/tests/combined_test.cpp

Removed: 
    


################################################################################
diff  --git a/compiler-rt/lib/scudo/standalone/combined.h b/compiler-rt/lib/scudo/standalone/combined.h
index 6b0cf879ccf0b..365720d4a5f4f 100644
--- a/compiler-rt/lib/scudo/standalone/combined.h
+++ b/compiler-rt/lib/scudo/standalone/combined.h
@@ -560,16 +560,7 @@ class Allocator {
       }
     }
 
-    // Try to detect deallocation with a wrong MTE tag by touching the first
-    // byte with a correctly tagged pointer. Skip zero-sized allocations that do
-    // not always store the correct tag value anywhere (for example, a zero
-    // size, 32 byte aligned allocation in a 32-byte size class will end up with
-    // header at offset 16 in the block, payload at offset 32, and no space to
-    // store the tag).
     const uptr Size = getSize(Ptr, &Header);
-    if (useMemoryTagging<Params>(Options) && Size != 0)
-      *reinterpret_cast<volatile char *>(TaggedPtr);
-
     if (DeleteSize && Options.get(OptionBit::DeleteSizeMismatch)) {
       if (UNLIKELY(DeleteSize != Size))
         reportDeleteSizeMismatch(Ptr, DeleteSize, Size);

diff  --git a/compiler-rt/lib/scudo/standalone/tests/combined_test.cpp b/compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
index 58d444d63793d..7d5cacd4c9766 100644
--- a/compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
+++ b/compiler-rt/lib/scudo/standalone/tests/combined_test.cpp
@@ -395,27 +395,6 @@ SCUDO_TYPED_TEST(ScudoCombinedDeathTest, UseAfterFree) {
   }
 }
 
-SCUDO_TYPED_TEST(ScudoCombinedDeathTest, FreeWithTagMismatch) {
-  auto *Allocator = this->Allocator.get();
-
-  if (!Allocator->useMemoryTaggingTestOnly())
-    return;
-
-  // Check that double free is detected.
-  for (scudo::uptr SizeLog = 0U; SizeLog <= 20U; SizeLog++) {
-    const scudo::uptr Size = 1U << SizeLog;
-    EXPECT_DEATH(
-        {
-          disableDebuggerdMaybe();
-          void *P = Allocator->allocate(Size, Origin);
-          scudo::uptr NewTag = (scudo::extractTag(reinterpret_cast<scudo::uptr>(P)) + 1) % 16;
-          void *Q = scudo::addFixedTag(scudo::untagPointer(P), NewTag);
-          Allocator->deallocate(Q, Origin);
-        },
-        "");
-  }
-}
-
 SCUDO_TYPED_TEST(ScudoCombinedDeathTest, DisableMemoryTagging) {
   auto *Allocator = this->Allocator.get();

More information about the llvm-commits mailing list