[compiler-rt] [compiler-rt][hwasan] Add fiber switch for HwASan (PR #153822)
via llvm-commits
llvm-commits at lists.llvm.org
Tue Aug 19 07:33:09 PDT 2025
================
@@ -0,0 +1,212 @@
+// Test hwasan __sanitizer_start_switch_fiber and __sanitizer_finish_switch_fiber interface.
+
+// RUN: %clangxx_hwasan -std=c++11 -lpthread -ldl -O0 %s -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_hwasan -std=c++11 -lpthread -ldl -O1 %s -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_hwasan -std=c++11 -lpthread -ldl -O2 %s -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_hwasan -std=c++11 -lpthread -ldl -O3 %s -o %t && %run %t 2>&1 | FileCheck %s
+// RUN: seq 30 | xargs -i -- grep LOOPCHECK %s > %t.checks
+// RUN: %clangxx_hwasan -std=c++11 -lpthread -ldl -O0 %s -o %t && %run %t 2>&1 | FileCheck %t.checks --check-prefix LOOPCHECK
+// RUN: %clangxx_hwasan -std=c++11 -lpthread -ldl -O1 %s -o %t && %run %t 2>&1 | FileCheck %t.checks --check-prefix LOOPCHECK
+// RUN: %clangxx_hwasan -std=c++11 -lpthread -ldl -O2 %s -o %t && %run %t 2>&1 | FileCheck %t.checks --check-prefix LOOPCHECK
+// RUN: %clangxx_hwasan -std=c++11 -lpthread -ldl -O3 %s -o %t && %run %t 2>&1 | FileCheck %t.checks --check-prefix LOOPCHECK
+
+//
+// Android and musl do not support swapcontext.
+// REQUIRES: glibc-2.27
+
+#include <pthread.h>
+#include <setjmp.h>
+#include <signal.h>
+#include <stdio.h>
+#include <sys/time.h>
+#include <ucontext.h>
+#include <unistd.h>
+#include <dlfcn.h>
+
+#include <sanitizer/common_interface_defs.h>
+
+ucontext_t orig_context;
+ucontext_t child_context;
+ucontext_t next_child_context;
+
+char *next_child_stack;
+
+const int kStackSize = 1 << 20;
+
+const void *main_thread_stack;
+size_t main_thread_stacksize;
+
+const void *from_stack;
+size_t from_stacksize;
+
+__attribute__((noinline, noreturn)) void LongJump(jmp_buf env) {
+ longjmp(env, 1);
+ _exit(1);
+}
+
+// Simulate __asan_handle_no_return().
+__attribute__((noinline)) void CallNoReturn() {
+ jmp_buf env;
+ if (setjmp(env) != 0)
+ return;
+
+ LongJump(env);
+ _exit(1);
+}
+
+void NextChild() {
+ CallNoReturn();
+ __sanitizer_finish_switch_fiber(nullptr, &from_stack, &from_stacksize);
+
+ printf("NextChild from: %p %zu\n", from_stack, from_stacksize);
+
+ char x[32] = {0}; // Stack gets poisoned.
+ printf("NextChild: %p\n", x);
+
+ CallNoReturn();
+
+ __sanitizer_start_switch_fiber(nullptr, main_thread_stack,
+ main_thread_stacksize);
+ CallNoReturn();
+ if (swapcontext(&next_child_context, &orig_context) < 0) {
+ perror("swapcontext");
+ _exit(1);
+ }
+}
+
+void Child(int mode) {
+ CallNoReturn();
+ __sanitizer_finish_switch_fiber(nullptr, &main_thread_stack,
+ &main_thread_stacksize);
+ char x[32] = {0}; // Stack gets poisoned.
+ printf("Child: %p\n", x);
+ CallNoReturn();
+ // (a) Do nothing, just return to parent function.
+ // (b) Jump into the original function. Stack remains poisoned unless we do
+ // something.
+ // (c) Jump to another function which will then jump back to the main function
+ if (mode == 0) {
+ __sanitizer_start_switch_fiber(nullptr, main_thread_stack,
+ main_thread_stacksize);
+ CallNoReturn();
+ } else if (mode == 1) {
+ __sanitizer_start_switch_fiber(nullptr, main_thread_stack,
+ main_thread_stacksize);
+ CallNoReturn();
+ if (swapcontext(&child_context, &orig_context) < 0) {
+ perror("swapcontext");
+ _exit(1);
+ }
+ } else if (mode == 2) {
+ printf("NextChild stack: %p\n", next_child_stack);
+
+ getcontext(&next_child_context);
+ next_child_context.uc_stack.ss_sp = next_child_stack;
+ next_child_context.uc_stack.ss_size = kStackSize / 2;
+ makecontext(&next_child_context, (void (*)())NextChild, 0);
+ __sanitizer_start_switch_fiber(nullptr, next_child_context.uc_stack.ss_sp,
+ next_child_context.uc_stack.ss_size);
+ CallNoReturn();
+ if (swapcontext(&child_context, &next_child_context) < 0) {
+ perror("swapcontext");
+ _exit(1);
+ }
+ }
+}
+
+int Run(int arg, int mode, char *child_stack) {
+ printf("Child stack: %p\n", child_stack);
+ // Setup child context.
+ getcontext(&child_context);
+ child_context.uc_stack.ss_sp = child_stack;
+ child_context.uc_stack.ss_size = kStackSize / 2;
+ if (mode == 0) {
+ child_context.uc_link = &orig_context;
+ }
+ makecontext(&child_context, (void (*)())Child, 1, mode);
+ CallNoReturn();
+ __sanitizer_start_switch_fiber(nullptr, child_context.uc_stack.ss_sp,
+ child_context.uc_stack.ss_size);
+ CallNoReturn();
+ if (swapcontext(&orig_context, &child_context) < 0) {
+ perror("swapcontext");
+ _exit(1);
+ }
+ CallNoReturn();
+ __sanitizer_finish_switch_fiber(nullptr, &from_stack, &from_stacksize);
+ CallNoReturn();
+ printf("Main context from: %p %zu\n", from_stack, from_stacksize);
+
+ return child_stack[arg];
+}
+
+void handler(int sig) { CallNoReturn(); }
+
+int main(int argc, char **argv) {
+ // This testcase is copied from ASan's swapcontext_annotation.cpp testcase
+ // and adapted to HWASan:
+ // 1. removed huge stack test since hwasan has no huge stack limitations
+ // 2. stack allocations are now done with original malloc/free instead of
+ // hwasan interceptor, since HWASan does not support tagged stack pointer
+ // in longjmp (see __hwasan_handle_longjmp)
+
+ // set up a signal that will spam and trigger __hwasan_handle_vfork at
+ // tricky moments
+ struct sigaction act = {};
+ act.sa_handler = &handler;
+ if (sigaction(SIGPROF, &act, 0)) {
+ perror("sigaction");
+ _exit(1);
+ }
+
+ itimerval t;
+ t.it_interval.tv_sec = 0;
+ t.it_interval.tv_usec = 10;
+ t.it_value = t.it_interval;
+ if (setitimer(ITIMER_PROF, &t, 0)) {
+ perror("setitimer");
+ _exit(1);
+ }
+
+ // We search malloc/free here because the original symbol is intercepted.
+ // Unfortunately, hwasan does not support longjmp with tagged stack pointer,
+ // so we use RTLD_NEXT to search original symbols assuming hwasan is
+ // statically linked (default behavior currently).
+ void *(*malloc_func)(size_t) = (void *(*)(size_t)) dlsym(RTLD_NEXT, "malloc");
+ if (malloc_func == nullptr) {
+ perror("dlsym malloc");
+ _exit(1);
+ }
+ void (*free_func)(void *) = (void (*)(void *)) dlsym(RTLD_NEXT, "free");
+ if (free_func == nullptr) {
+ perror("dlsym free");
+ _exit(1);
+ }
+
+ char *heap = (char *)malloc_func(kStackSize + 1);
----------------
Tomahawkd wrote:
Fixed
https://github.com/llvm/llvm-project/pull/153822
More information about the llvm-commits
mailing list