[compiler-rt] [HWASAN] Prevent SEGV in report near inacceccible memory (PR #66861)
Vitaly Buka via llvm-commits
llvm-commits at lists.llvm.org
Tue Sep 19 23:42:52 PDT 2023
https://github.com/vitalybuka created https://github.com/llvm/llvm-project/pull/66861
We can't use IsAccessibleMemoryRange on short granule check because of
performance impact. However we can prevent crashing if report prints out
"Tags for short granules around the buggy address".
>From c40f833d5f0d1664c4e5e01d76ed849a0d671eea Mon Sep 17 00:00:00 2001
From: Vitaly Buka <vitalybuka at google.com>
Date: Tue, 19 Sep 2023 23:38:50 -0700
Subject: [PATCH] [HWASAN] Prevent SEGV in report near inacceccible memory
We can't use IsAccessibleMemoryRange on short granule check because of
performance impact. However we can prevent crashing if report prints out
"Tags for short granules around the buggy address".
---
compiler-rt/lib/hwasan/hwasan_report.cpp | 5 ++-
.../test/hwasan/TestCases/report-unmapped.cpp | 39 +++++++++++++++++++
2 files changed, 42 insertions(+), 2 deletions(-)
create mode 100644 compiler-rt/test/hwasan/TestCases/report-unmapped.cpp
diff --git a/compiler-rt/lib/hwasan/hwasan_report.cpp b/compiler-rt/lib/hwasan/hwasan_report.cpp
index 442c5b736611dfb..2a6055a49a706b7 100644
--- a/compiler-rt/lib/hwasan/hwasan_report.cpp
+++ b/compiler-rt/lib/hwasan/hwasan_report.cpp
@@ -357,8 +357,9 @@ static void PrintTagsAroundAddr(tag_t *tag_ptr) {
"to %zd bytes):\n",
kShadowAlignment);
PrintTagInfoAroundAddr(tag_ptr, 3, [](InternalScopedString &s, tag_t *tag) {
- if (*tag >= 1 && *tag <= kShadowAlignment) {
- uptr granule_addr = ShadowToMem(reinterpret_cast<uptr>(tag));
+ uptr granule_addr = ShadowToMem(reinterpret_cast<uptr>(tag));
+ if (*tag >= 1 && *tag <= kShadowAlignment &&
+ IsAccessibleMemoryRange(granule_addr, kShadowAlignment)) {
s.AppendF("%02x",
*reinterpret_cast<u8 *>(granule_addr + kShadowAlignment - 1));
} else {
diff --git a/compiler-rt/test/hwasan/TestCases/report-unmapped.cpp b/compiler-rt/test/hwasan/TestCases/report-unmapped.cpp
new file mode 100644
index 000000000000000..9314d46085deb5a
--- /dev/null
+++ b/compiler-rt/test/hwasan/TestCases/report-unmapped.cpp
@@ -0,0 +1,39 @@
+// RUN: %clangxx_hwasan %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+#include <sanitizer/hwasan_interface.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/mman.h>
+#include <unistd.h>
+
+int main(int argc, char **argv) {
+ const size_t kPS = sysconf(_SC_PAGESIZE);
+
+ void *r = nullptr;
+ int res = posix_memalign(&r, kPS, 2 * kPS);
+ if (res) {
+ perror("Failed to mmap: ");
+ abort();
+ }
+
+ r = __hwasan_tag_pointer(r, 0);
+ __hwasan_tag_memory(r, 1, 2 * kPS);
+
+ // Disable access to the page just after tag-mismatch report address.
+ res = mprotect((char*)r + kPS, kPS, PROT_NONE);
+ if (res) {
+ perror("Failed to mprotect: ");
+ abort();
+ }
+
+ // Trigger tag-mismatch report address.
+ return *((char*)r + kPS - 1);
+}
+
+// CHECK: ERROR: HWAddressSanitizer: tag-mismatch on address
+// CHECK: Memory tags around the buggy address
+// CHECK: Tags for short granules around
+
+// Check that report is complete.
+// CHECK: SUMMARY: HWAddressSanitizer
\ No newline at end of file
More information about the llvm-commits
mailing list