[compiler-rt] [HWASAN]Implement memcmp interceptor in HWASAN (PR #67204)

Kirill Stoimenov via llvm-commits llvm-commits at lists.llvm.org
Thu Sep 28 14:06:14 PDT 2023


https://github.com/kstoimenov updated https://github.com/llvm/llvm-project/pull/67204

>From 07c005c4110854fe66f5c126c54bb45c2fffb137 Mon Sep 17 00:00:00 2001
From: Kirill Stoimenov <kstoimenov at google.com>
Date: Fri, 22 Sep 2023 22:57:55 +0000
Subject: [PATCH 1/3] [HWASAN] Implement memcmp interceptor in HWASAN

DON NOT SUBMIT - NEED TO TEST ON ARM
---
 .../lib/hwasan/hwasan_interceptors.cpp        | 23 +++++++++++++++----
 .../lib/hwasan/hwasan_platform_interceptors.h |  2 +-
 .../sanitizer_common_interceptors.inc         |  4 +++-
 compiler-rt/test/hwasan/TestCases/memcmp.cpp  | 17 ++++++++++++++
 4 files changed, 39 insertions(+), 7 deletions(-)
 create mode 100644 compiler-rt/test/hwasan/TestCases/memcmp.cpp

diff --git a/compiler-rt/lib/hwasan/hwasan_interceptors.cpp b/compiler-rt/lib/hwasan/hwasan_interceptors.cpp
index 92c8ec7cf55f412..f9af154ef2dcab2 100644
--- a/compiler-rt/lib/hwasan/hwasan_interceptors.cpp
+++ b/compiler-rt/lib/hwasan/hwasan_interceptors.cpp
@@ -31,6 +31,21 @@
 
 using namespace __hwasan;
 
+struct HWAsanInterceptorContext {
+  const char *interceptor_name;
+};
+
+#  define ACCESS_MEMORY_RANGE(ctx, offset, size, access)                    \
+    do {                                                                    \
+      __hwasan::CheckAddressSized<ErrorAction::Abort, access>((uptr)offset, \
+                                                              size);        \
+    } while (0)
+
+#define HWASAN_READ_RANGE(ctx, offset, size) \
+  ACCESS_MEMORY_RANGE(ctx, offset, size, AccessType::Load)
+#define HWASAN_WRITE_RANGE(ctx, offset, size) \
+  ACCESS_MEMORY_RANGE(ctx, offset, size, AccessType::Store)
+
 #  if !SANITIZER_APPLE
 #    define HWASAN_INTERCEPT_FUNC(name)                                        \
       do {                                                                     \
@@ -79,13 +94,11 @@ using namespace __hwasan;
       } while (false)
 
 #    define COMMON_INTERCEPTOR_READ_RANGE(ctx, ptr, size) \
-      do {                                                \
-        (void)(ctx);                                      \
-        (void)(ptr);                                      \
-        (void)(size);                                     \
-      } while (false)
+      HWASAN_READ_RANGE(ctx, ptr, size)
 
 #    define COMMON_INTERCEPTOR_ENTER(ctx, func, ...) \
+      HWAsanInterceptorContext _ctx = {#func};       \
+      ctx = (void *)&_ctx;                           \
       do {                                           \
         (void)(ctx);                                 \
         (void)(func);                                \
diff --git a/compiler-rt/lib/hwasan/hwasan_platform_interceptors.h b/compiler-rt/lib/hwasan/hwasan_platform_interceptors.h
index 33ae70a4ded90e5..9cc53201b2a800c 100644
--- a/compiler-rt/lib/hwasan/hwasan_platform_interceptors.h
+++ b/compiler-rt/lib/hwasan/hwasan_platform_interceptors.h
@@ -66,7 +66,7 @@
 #define SANITIZER_INTERCEPT_MEMCPY 0
 
 #undef SANITIZER_INTERCEPT_MEMCMP
-#define SANITIZER_INTERCEPT_MEMCMP 0
+#define SANITIZER_INTERCEPT_MEMCMP 1
 
 #undef SANITIZER_INTERCEPT_BCMP
 #define SANITIZER_INTERCEPT_BCMP 0
diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
index 0e563fa12022a3e..80efaf54a0607f6 100644
--- a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
@@ -445,11 +445,13 @@ INTERCEPTOR(char*, textdomain, const char *domainname) {
 #define INIT_TEXTDOMAIN
 #endif
 
-#if SANITIZER_INTERCEPT_STRCMP
+#if SANITIZER_INTERCEPT_STRCMP || SANITIZER_INTERCEPT_MEMCMP
 static inline int CharCmpX(unsigned char c1, unsigned char c2) {
   return (c1 == c2) ? 0 : (c1 < c2) ? -1 : 1;
 }
+#endif
 
+#if SANITIZER_INTERCEPT_STRCMP
 DECLARE_WEAK_INTERCEPTOR_HOOK(__sanitizer_weak_hook_strcmp, uptr called_pc,
                               const char *s1, const char *s2, int result)
 
diff --git a/compiler-rt/test/hwasan/TestCases/memcmp.cpp b/compiler-rt/test/hwasan/TestCases/memcmp.cpp
new file mode 100644
index 000000000000000..231b17393b5684c
--- /dev/null
+++ b/compiler-rt/test/hwasan/TestCases/memcmp.cpp
@@ -0,0 +1,17 @@
+// RUN: %clangxx_hwasan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_hwasan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_hwasan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_hwasan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+// REQUIRES: arm
+
+#include <string.h>
+int main(int argc, char **argv) {
+  char a1[] = {static_cast<char>(argc), 2, 3, 4};
+  char a2[] = {1, static_cast<char>(2*argc), 3, 4};
+  int res = memcmp(a1, a2, 4 + argc);  // BOOM
+  // CHECK: AddressSanitizer: stack-buffer-overflow
+  // CHECK: {{#[0-9]+ .*memcmp}}
+  // CHECK: {{#[0-9]+ .*main}}
+  return res;
+}

>From 0f8281fe909d8ececbbeda2c840f069daa7d89b9 Mon Sep 17 00:00:00 2001
From: Kirill Stoimenov <kstoimenov at google.com>
Date: Tue, 26 Sep 2023 17:35:42 +0000
Subject: [PATCH 2/3] Fixed test to pass on ARM.

---
 compiler-rt/test/hwasan/TestCases/memcmp.cpp | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/compiler-rt/test/hwasan/TestCases/memcmp.cpp b/compiler-rt/test/hwasan/TestCases/memcmp.cpp
index 231b17393b5684c..2c22983b781f09e 100644
--- a/compiler-rt/test/hwasan/TestCases/memcmp.cpp
+++ b/compiler-rt/test/hwasan/TestCases/memcmp.cpp
@@ -3,15 +3,13 @@
 // RUN: %clangxx_hwasan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
 // RUN: %clangxx_hwasan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
 
-// REQUIRES: arm
+// REQUIRES: pointer-tagging
 
 #include <string.h>
 int main(int argc, char **argv) {
   char a1[] = {static_cast<char>(argc), 2, 3, 4};
   char a2[] = {1, static_cast<char>(2*argc), 3, 4};
   int res = memcmp(a1, a2, 4 + argc);  // BOOM
-  // CHECK: AddressSanitizer: stack-buffer-overflow
-  // CHECK: {{#[0-9]+ .*memcmp}}
-  // CHECK: {{#[0-9]+ .*main}}
+  // CHECK: HWAddressSanitizer: tag-mismatch on address
   return res;
 }

>From 3cf5f0c2b4a3433d75fde74c89b7357eeb00165a Mon Sep 17 00:00:00 2001
From: Kirill Stoimenov <kstoimenov at google.com>
Date: Tue, 26 Sep 2023 17:39:37 +0000
Subject: [PATCH 3/3] Address comments.

---
 .../lib/hwasan/hwasan_platform_interceptors.h     |  4 ++--
 compiler-rt/test/hwasan/TestCases/memcmp.cpp      | 15 +++++++++------
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/compiler-rt/lib/hwasan/hwasan_platform_interceptors.h b/compiler-rt/lib/hwasan/hwasan_platform_interceptors.h
index 9cc53201b2a800c..390c9d80c38edd9 100644
--- a/compiler-rt/lib/hwasan/hwasan_platform_interceptors.h
+++ b/compiler-rt/lib/hwasan/hwasan_platform_interceptors.h
@@ -65,8 +65,8 @@
 #undef SANITIZER_INTERCEPT_MEMCPY
 #define SANITIZER_INTERCEPT_MEMCPY 0
 
-#undef SANITIZER_INTERCEPT_MEMCMP
-#define SANITIZER_INTERCEPT_MEMCMP 1
+// #undef SANITIZER_INTERCEPT_MEMCMP
+// #define SANITIZER_INTERCEPT_MEMCMP 0
 
 #undef SANITIZER_INTERCEPT_BCMP
 #define SANITIZER_INTERCEPT_BCMP 0
diff --git a/compiler-rt/test/hwasan/TestCases/memcmp.cpp b/compiler-rt/test/hwasan/TestCases/memcmp.cpp
index 2c22983b781f09e..e58e260047f908e 100644
--- a/compiler-rt/test/hwasan/TestCases/memcmp.cpp
+++ b/compiler-rt/test/hwasan/TestCases/memcmp.cpp
@@ -3,13 +3,16 @@
 // RUN: %clangxx_hwasan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
 // RUN: %clangxx_hwasan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
 
-// REQUIRES: pointer-tagging
-
 #include <string.h>
+#include <stdlib.h>
+#include <sanitizer/hwasan_interface.h>
+
 int main(int argc, char **argv) {
-  char a1[] = {static_cast<char>(argc), 2, 3, 4};
-  char a2[] = {1, static_cast<char>(2*argc), 3, 4};
-  int res = memcmp(a1, a2, 4 + argc);  // BOOM
+  __hwasan_enable_allocator_tagging();
+  char a[] = {static_cast<char>(argc), 2, 3, 4};
+  char *p = (char *)malloc(sizeof(a));
+  free(p);
+  memcpy(p, a, sizeof(a));
   // CHECK: HWAddressSanitizer: tag-mismatch on address
-  return res;
+  return memcmp(p, a, sizeof(a));
 }



More information about the llvm-commits mailing list