[PATCH] D150742: [HWASan] Ignore shortgranules for global tag selection
Mitch Phillips via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed May 17 17:05:26 PDT 2023
hctim updated this revision to Diff 523221.
hctim marked an inline comment as done.
hctim added a comment.
Herald added a project: Sanitizers.
Herald added a subscriber: Sanitizers.
Update from Vitaly's comments.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D150742/new/
https://reviews.llvm.org/D150742
Files:
compiler-rt/test/hwasan/TestCases/globals-no-shortgranule.c
llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
Index: llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
===================================================================
--- llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
+++ llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
@@ -1585,11 +1585,15 @@
Hasher.final(Hash);
uint8_t Tag = Hash[0];
+ if (TagMaskByte < 16)
+ report_fatal_error("tag space for -hwasan-globals must be at least 4 bits");
+
for (GlobalVariable *GV : Globals) {
- Tag &= TagMaskByte;
- // Skip tag 0 in order to avoid collisions with untagged memory.
- if (Tag == 0)
- Tag = 1;
+ // Don't allow globals to be tagged with something that looks like a
+ // short-granule tag, otherwise we lose inter-granule overflow detection, as
+ // the fast path shadow-vs-address check succeeds.
+ if (Tag < 16 || Tag > TagMaskByte)
+ Tag = 16;
instrumentGlobal(GV, Tag++);
}
}
Index: compiler-rt/test/hwasan/TestCases/globals-no-shortgranule.c
===================================================================
--- /dev/null
+++ compiler-rt/test/hwasan/TestCases/globals-no-shortgranule.c
@@ -0,0 +1,32 @@
+// RUN: %clang_hwasan -shared %s -o %t.so
+// RUN: llvm-nm %t.so | FileCheck %s
+
+// REQUIRES: pointer-tagging
+
+// CHECK-NOT: {{^0[0-f].*D g_}}
+
+// Ensure that globals never end up with tags that could be confused with short
+// granules.
+int g_1, g_2, g_3, g_4, g_5, g_6, g_7, g_8, g_9, g_10, g_11, g_12, g_13, g_14,
+ g_15, g_16, g_17, g_18, g_19, g_20, g_21, g_22, g_23, g_24, g_25, g_26,
+ g_27, g_28, g_29, g_30, g_31, g_32, g_33, g_34, g_35, g_36, g_37, g_38,
+ g_39, g_40, g_41, g_42, g_43, g_44, g_45, g_46, g_47, g_48, g_49, g_50,
+ g_51, g_52, g_53, g_54, g_55, g_56, g_57, g_58, g_59, g_60, g_61, g_62,
+ g_63, g_64, g_65, g_66, g_67, g_68, g_69, g_70, g_71, g_72, g_73, g_74,
+ g_75, g_76, g_77, g_78, g_79, g_80, g_81, g_82, g_83, g_84, g_85, g_86,
+ g_87, g_88, g_89, g_90, g_91, g_92, g_93, g_94, g_95, g_96, g_97, g_98,
+ g_99, g_100, g_101, g_102, g_103, g_104, g_105, g_106, g_107, g_108, g_109,
+ g_110, g_111, g_112, g_113, g_114, g_115, g_116, g_117, g_118, g_119, g_120,
+ g_121, g_122, g_123, g_124, g_125, g_126, g_127, g_128, g_129, g_130, g_131,
+ g_132, g_133, g_134, g_135, g_136, g_137, g_138, g_139, g_140, g_141, g_142,
+ g_143, g_144, g_145, g_146, g_147, g_148, g_149, g_150, g_151, g_152, g_153,
+ g_154, g_155, g_156, g_157, g_158, g_159, g_160, g_161, g_162, g_163, g_164,
+ g_165, g_166, g_167, g_168, g_169, g_170, g_171, g_172, g_173, g_174, g_175,
+ g_176, g_177, g_178, g_179, g_180, g_181, g_182, g_183, g_184, g_185, g_186,
+ g_187, g_188, g_189, g_190, g_191, g_192, g_193, g_194, g_195, g_196, g_197,
+ g_198, g_199, g_200, g_201, g_202, g_203, g_204, g_205, g_206, g_207, g_208,
+ g_209, g_210, g_211, g_212, g_213, g_214, g_215, g_216, g_217, g_218, g_219,
+ g_220, g_221, g_222, g_223, g_224, g_225, g_226, g_227, g_228, g_229, g_230,
+ g_231, g_232, g_233, g_234, g_235, g_236, g_237, g_238, g_239, g_240, g_241,
+ g_242, g_243, g_244, g_245, g_246, g_247, g_248, g_249, g_250, g_251, g_252,
+ g_253, g_254, g_255;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D150742.523221.patch
Type: text/x-patch
Size: 3192 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20230518/2ad649d8/attachment.bin>
More information about the llvm-commits
mailing list