| Age | Commit message (Collapse) | Author |
|---|
|
Summary:
ASan/MSan/LSan allocators set errno on allocation failures according to
malloc/calloc/etc. expected behavior.
MSan allocator was refactored a bit to make its structure more similar
with other allocators.
Also switch Scudo allocator to the internal errno definitions.
TSan allocator changes will follow.
Reviewers: eugenis
Subscribers: llvm-commits, kubamracek
Differential Revision: https://reviews.llvm.org/D35275
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@308344 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary: For platforms which support slow unwinder only, we restrict the store context size to 1, basically only storing the current pc. We do this because the slow unwinder which is based on libunwind is not async signal safe and causes random freezes in forking applications as well as in signal handlers.
Reviewed by eugenis.
Differential: D23107
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@289027 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This patch adds 48-bits VMA support for msan on aarch64. As current
mappings for aarch64, 48-bit VMA also supports PIE executable. The
48-bits segments only cover the usual PIE/default segments plus some
more segments (262144GB total, 0.39% total VMA). Memory avaliability
can be increase by adding multiple application segments like 39 and
42 mapping (some mappings were added on this patch as well).
Tested on 39 and 48-bit VMA kernels on aarch64.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@279752 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Reviewed by eugenis
Differential: D22993
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@278793 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
__sanitizer_install_malloc_and_free_hooks
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@272943 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D19542
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@267586 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
MSan runtime is not itself instrumented, so we need to explicitly
clear shadow for function arguments before calling user-provided
functions from runtime (e.g. we already do this for several
interceptors).
I'm still crafting a test case that would demonstrate this issue
reliably, and will commit it later today.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@258339 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This patch unify the 39-bit and 42-bit mapping for aarch64 to use only
one instrumentation algorithm. A runtime check avoid mapping 42-bit
only segments for 39-bit kernels.
The mapping to use now is for 39 and 42-bits:
0x00000000000ULL-0x01000000000ULL MappingDesc::INVALID
0x01000000000ULL-0x02000000000ULL MappingDesc::SHADOW
0x02000000000ULL-0x03000000000ULL MappingDesc::ORIGIN
0x03000000000ULL-0x04000000000ULL MappingDesc::SHADOW
0x04000000000ULL-0x05000000000ULL MappingDesc::ORIGIN
0x05000000000ULL-0x06000000000ULL MappingDesc::APP
0x06000000000ULL-0x07000000000ULL MappingDesc::INVALID
0x07000000000ULL-0x08000000000ULL MappingDesc::APP
And only for 42-bits:
0x08000000000ULL-0x09000000000ULL MappingDesc::INVALID
0x09000000000ULL-0x0A000000000ULL MappingDesc::SHADOW
0x0A000000000ULL-0x0B000000000ULL MappingDesc::ORIGIN
0x0B000000000ULL-0x0F000000000ULL MappingDesc::INVALID
0x0F000000000ULL-0x10000000000ULL MappingDesc::APP
0x10000000000ULL-0x11000000000ULL MappingDesc::INVALID
0x11000000000ULL-0x12000000000ULL MappingDesc::APP
0x12000000000ULL-0x17000000000ULL MappingDesc::INVALID
0x17000000000ULL-0x18000000000ULL MappingDesc::SHADOW
0x18000000000ULL-0x19000000000ULL MappingDesc::ORIGIN
0x19000000000ULL-0x20000000000ULL MappingDesc::INVALID
0x20000000000ULL-0x21000000000ULL MappingDesc::APP
0x21000000000ULL-0x26000000000ULL MappingDesc::INVALID
0x26000000000ULL-0x27000000000ULL MappingDesc::SHADOW
0x27000000000ULL-0x28000000000ULL MappingDesc::ORIGIN
0x28000000000ULL-0x29000000000ULL MappingDesc::SHADOW
0x29000000000ULL-0x2A000000000ULL MappingDesc::ORIGIN
0x2A000000000ULL-0x2B000000000ULL MappingDesc::APP
0x2B000000000ULL-0x2C000000000ULL MappingDesc::INVALID
0x2C000000000ULL-0x2D000000000ULL MappingDesc::SHADOW
0x2D000000000ULL-0x2E000000000ULL MappingDesc::ORIGIN
0x2E000000000ULL-0x2F000000000ULL MappingDesc::APP
0x2F000000000ULL-0x39000000000ULL MappingDesc::INVALID
0x39000000000ULL-0x3A000000000ULL MappingDesc::SHADOW
0x3A000000000ULL-0x3B000000000ULL MappingDesc::ORIGIN
0x3B000000000ULL-0x3C000000000ULL MappingDesc::APP
0x3C000000000ULL-0x3D000000000ULL MappingDesc::INVALID
0x3D000000000ULL-0x3E000000000ULL MappingDesc::SHADOW
0x3E000000000ULL-0x3F000000000ULL MappingDesc::ORIGIN
0x3F000000000ULL-0x40000000000ULL MappingDesc::APP
And although complex it provides a better memory utilization that
previous one.
[1] http://reviews.llvm.org/D13817
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@251625 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This is an implementation of
https://github.com/google/sanitizers/issues/579
It has a number of advantages over the current mapping:
* Works for non-PIE executables.
* Does not require ASLR; as a consequence, debugging MSan programs in
gdb no longer requires "set disable-randomization off".
* Supports linux kernels >=4.1.2.
* The code is marginally faster and smaller.
This is an ABI break. We never really promised ABI stability, but
this patch includes a courtesy escape hatch: a compile-time macro
that reverts back to the old mapping layout.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@249754 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Map MSan heap space early (in __msan_init) so that user code can not
accidentally (i.e. w/o MAP_FIXED) create a conflicting mapping.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@248829 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This patch enabled msan for aarch64 with 39-bit VMA and 42-bit VMA.
As defined by lib/msan/msan.h the memory layout used is for 39-bit is:
00 0000 0000 - 40 0000 0000: invalid
40 0000 0000 - 43 0000 0000: shadow
43 0000 0000 - 46 0000 0000: origin
46 0000 0000 - 55 0000 0000: invalid
55 0000 0000 - 56 0000 0000: app (low)
56 0000 0000 - 70 0000 0000: invalid
70 0000 0000 - 80 0000 0000: app (high)
And for 42-bit VMA:
000 0000 0000 - 100 0000 0000: invalid
100 0000 0000 - 11b 0000 0000: shadow
11b 0000 0000 - 120 0000 0000: invalid
120 0000 0000 - 13b 0000 0000: origin
13b 0000 0000 - 2aa 0000 0000: invalid
2aa 0000 0000 - 2ab 0000 0000: app (low)
2ab 0000 0000 - 3f0 0000 0000: invalid
3f0 0000 0000 - 400 0000 0000: app (high)
Most of tests are passing with exception of:
* Linux/mallinfo.cc
* chained_origin_limits.cc
* dlerror.cc
* param_tls_limit.cc
* signal_stress_test.cc
* nonnull-arg.cpp
The 'Linux/mallinfo.cc' is due the fact AArch64 returns the sret in 'x8'
instead of default first argument 'x1'. So a function prototype that
aims to mimic (by using first argument as the return of function) won't
work. For GCC one can make a register alias (register var asm ("r8")), but
for clang it detects is an unused variable and generate wrong code.
The 'chained_origin_limits' is probably due a wrong code generation,
since it fails only when origin memory is used
(-fsanitize-memory-track-origins=2) and only in the returned code
(return buf[50]).
The 'signal_streess_test' and 'nonnull-arg' are due currently missing variadic
argument handling in memory sanitizer code instrumentation on LLVM side.
Both 'dlerror' and 'param_tls_test' are unknown failures that require
further investigation.
All the failures are XFAIL for aarch64 for now.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@247809 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Previously we had to call __sanitizer_cov_dump() from tool-specific
callbacks - instead, let sanitizer_common library handle this in a
single place.
This is a re-application of r245770, with slightly different approach
taken.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@245890 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
These changes break both autoconf Mac OS X buildbot (linker errors
due to wrong Makefiles) and CMake buildbot (safestack test failures).
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@245784 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Previously we had to call __sanitizer_cov_dump() from tool-specific
callbacks - instead, let sanitizer_common library handle this in a single place.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@245770 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
__sanitizer_set_death_callback().
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@245754 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
This patch adds basic memory sanitizer support for PPC64. PR23219.
I have further patches ready to enable it in LLVM and Clang, and to fix
most of the many failing tests in check-msan.
Reviewers: kcc, willschm, samsonov, wschmidt, eugenis
Reviewed By: eugenis
Subscribers: wschmidt, llvm-commits
Differential Revision: http://reviews.llvm.org/D10648
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@240623 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Fix 2 bugs in memory mapping setup:
- the invalid region at offset 0 was not protected because mmap at
address 0 fails with EPERM on most Linux systems. We did not
notice this because the check condition was flipped: the code was
checking that mprotect has failed. And the test that was supposed
to catch this was weakened by the mitigations in the mmap
interceptor.
- when running without origins, the origin shadow range was left
unprotected.
The new test ensures that mmap w/o MAP_FIXED always returns valid
application addresses.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@238109 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Embed UBSan runtime into TSan and MSan runtimes in the same as we do
in ASan. Extend UBSan test suite to also run tests for these
combinations.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@235954 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@235926 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
A flexible way of describing MSan memory layout details on various
platforms. No significant functional changes, but the memory layout
description that you get at verbosity=1 looks slightly different.
This change includes stronger sanity checks than before.
The goal of this change is to allow more than 2 application memory
ranges for https://code.google.com/p/memory-sanitizer/issues/detail?id=76.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@227192 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
By attaching an extra integer tag to heap origins, we are able
to distinguish between uninits
- created by heap allocation,
- created by heap deallocation (i.e. use-after-free),
- created by __msan_allocated_memory call,
- etc.
See https://code.google.com/p/memory-sanitizer/issues/detail?id=35.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@226821 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Move a bunch of functions to a new source file and rename some of them for
consistency. No functional changes.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@226673 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Turn "allocator_may_return_null" common flag into an
Allocator::may_return_null bool flag. We want to make sure
that common flags are immutable after initialization. There
are cases when we want to change this flag in the allocator
at runtime: e.g. in unit tests and during ASan activation
on Android.
Test Plan: regression test suite, real-life applications
Reviewers: kcc, eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6623
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@224148 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D6387
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@222919 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Reviewed at http://reviews.llvm.org/D5906
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@222388 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
MSanDR is a dynamic instrumentation tool that can instrument the code
(prebuilt libraries and such) that could not be instrumented at compile time.
This code is unused (to the best of our knowledge) and unmaintained, and
starting to bit-rot.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@222232 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
introduce a BufferedStackTrace class, which owns this array.
Summary:
This change splits __sanitizer::StackTrace class into a lightweight
__sanitizer::StackTrace, which doesn't own array of PCs, and BufferedStackTrace,
which owns it. This would allow us to simplify the interface of StackDepot,
and eventually merge __sanitizer::StackTrace with __tsan::StackTrace.
Test Plan: regression test suite.
Reviewers: kcc, dvyukov
Reviewed By: dvyukov
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D5985
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@220635 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
ParamTLS (shadow for function arguments) is of limited size. This change
makes all arguments that do not fit unpoisoned, and avoids writing
past the end of a TLS buffer.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@220351 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
favor of
a unified interface in <sanitizer/allocator_interface.h>.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@215469 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Introduce new public header <sanitizer/allocator_interface.h> and a set
of functions __sanitizer_get_ownership(), __sanitizer_malloc_hook() etc.
that will eventually replace their tool-specific equivalents
(__asan_get_ownership(), __msan_get_ownership() etc.). Tool-specific
functions are now deprecated and implemented as stubs redirecting
to __sanitizer_ versions (which are implemented differently in each tool).
Replace all uses of __xsan_ versions with __sanitizer_ versions in unit
and lit tests.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@212469 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
A new flag to control stack trace size for store event (in
track-origins=2 mode) independently of malloc_context_size.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@211896 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@209625 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@209287 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Generalize StackDepot and create a new specialized instance of it to
efficiently (i.e. without duplicating stack trace data) store the
origin history tree.
This reduces memory usage for chained origins roughly by an order of
magnitude.
Most importantly, this new design allows us to put two limits on
stored history data (exposed in MSAN_OPTIONS) that help avoid
exponential growth in used memory on certain workloads.
See comments in lib/msan/msan_origin.h for more details.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@209284 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@208195 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Makes __msan_print_shadow output much more readable, adds origin info.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@207622 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This reduces .tbss from 109K down to almost nothing.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@205618 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@205412 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@205192 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@204926 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Compiler-rt part of MSan implementation of advanced origin tracking,
when we record not only creation point, but all locations where
an uninitialized value was stored to memory, too.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@204152 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@197156 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Before we did it lazily on the first stack unwind in the thread.
It resulted in deadlock when the unwind was caused by memory allocation
inside pthread_getattr_np:
pthread_getattr_np <<< not reentable
GetThreadStackTopAndBottom
__interceptor_realloc
pthread_getattr_np
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@197026 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@194196 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Origin copying may destroy valid origin info. This is caused by
__msan_copy_origin widening the address range to the nearest 4-byte aligned
addresses both on the left and on the right. If the target buffer is
uninitialized and the source is fully initialized, this will result in
overriding valid origin of target buffer with stale (possibly 0) origin of the
source buffer.
With this change the widened origin is copied only if corresponding shadow
values are non zero.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@193338 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@193163 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
MSan poisons deallocated memory but it used to give it an invalid origin value,
resulting in confusing reports. This change associates deallocation stack trace
with such memory.
Note that MSan does not have quarantine, and use-after-free detection is very
limited.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@190781 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Runtime library part.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@190686 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@189474 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@189351 91177308-0d34-0410-b5e6-96231b3b80d8
|
