[compiler-rt] [hwasan] Add fixed_shadow_base flag (PR #73980)

Thurston Dang via llvm-commits llvm-commits at lists.llvm.org
Wed Dec 6 13:28:32 PST 2023 

================
@@ -0,0 +1,62 @@
+// Test fixed shadow base functionality.
+//
+// Default compiler instrumentation works with any shadow base (dynamic or fixed).
+// RUN: %clang_hwasan %s -o %t && %run %t
+// RUN: %clang_hwasan %s -o %t && HWASAN_OPTIONS=fixed_shadow_base=263878495698944 %run %t
+// RUN: %clang_hwasan %s -o %t && HWASAN_OPTIONS=fixed_shadow_base=4398046511104 %run %t
+//
+// If -hwasan-mapping-offset is set, then the fixed_shadow_base needs to match.
+// RUN: %clang_hwasan %s -mllvm -hwasan-mapping-offset=263878495698944 -o %t && HWASAN_OPTIONS=fixed_shadow_base=263878495698944 %run %t
+// RUN: %clang_hwasan %s -mllvm -hwasan-mapping-offset=4398046511104 -o %t && HWASAN_OPTIONS=fixed_shadow_base=4398046511104 %run %t
+// RUN: %clang_hwasan %s -mllvm -hwasan-mapping-offset=263878495698944 -o %t && HWASAN_OPTIONS=fixed_shadow_base=4398046511104 not %run %t
+// RUN: %clang_hwasan %s -mllvm -hwasan-mapping-offset=4398046511104 -o %t && HWASAN_OPTIONS=fixed_shadow_base=263878495698944 not %run %t
+//
+// Note: if fixed_shadow_base is not set, compiler-rt will dynamically choose a
+// shadow base, which has a tiny but non-zero probability of matching the
+// compiler instrumentation. To avoid test flake, we do not test this case.
+//
+// Assume 48-bit VMA
+// REQUIRES: aarch64-target-arch
+//
+// UNSUPPORTED: android
+
+#include <assert.h>
+#include <sanitizer/allocator_interface.h>
+#include <sanitizer/hwasan_interface.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/mman.h>
+
+int main() {
+  __hwasan_enable_allocator_tagging();
+
+  void **mmaps[256];
+  // 48-bit VMA
+  for (int i = 0; i < 256; i++) {
+    unsigned long long addr = (i * (1ULL << 40));
+
+    void *p = mmap((void *)addr, 4096, PROT_READ | PROT_WRITE,
----------------
thurstond wrote:

> there is possibility to re-map critical pages with FIXED and crash the process. Would in't be enough to do the same without FIXED and use addr is a hint?

I've removed MAP_FIXED.

(My concern was that mmap might return addresses that are consecutive pages. In that case, this test will be useless at verifying that the entire address space can be correctly mapped to shadow memory.)

> Alternative trivial approach?
> 
> ```
> print `extern uptr __hwasan_shadow_memory_dynamic_address;`
> //CHECK: expected value
> ```

This will show that compiler-rt has the correct shadow address, but it doesn't prove that the compiler instrumentation is using the specified shadow base.
i.e., we want to test that `-hwasan-mapping-offset` and `HWASAN_OPTIONS=fixed_shadow_base` work together

https://github.com/llvm/llvm-project/pull/73980

More information about the llvm-commits mailing list