Leaves the implementation and tests files in-place for right now, but
deletes the ability to build the old sanitizer-common based scudo. This
has been on life-support for a long time, and the newer scudo_standalone
is much better supported and maintained.
Also patches up some GWP-ASan wording, primarily related to the fact
that -fsanitize=scudo now is scudo_standalone, and therefore the way to
reference the GWP-ASan options through the environment variable has
changed.
Future follow-up patches will delete the original scudo, and migrate all
its tests over to be part of the scudo_standalone test suite.
Reviewed By: vitalybuka
Differential Revision: https://reviews.llvm.org/D138157
The main thing that needed changing was excluding functionality that
isn't supported on armv4t. So excluding Arm specific builtin assembly files.
In the process some files were renamed and the source was annotated where
appropriate, so it's a bit easier to follow what group of files are meant for
what purpose.
Reviewed By: peter.smith, nickdesaulniers
Differential Revision: https://reviews.llvm.org/D138725
This is needed for LSAN integration work. LSAN uses context to store thread_id << 32 + stack_id. In order to fit both we would need thread_id to be 32 bit.
Reviewed By: vitalybuka
Differential Revision: https://reviews.llvm.org/D139060
The recent change (https://reviews.llvm.org/D137136) to unconditionally
choose the 64 bit allocator on aarch64 breaks Apple iOS family of devices
which purposely use a smaller address space than is used with macOS.
rdar://102527313
Reviewed By: thetruestblue, yln
Differential Revision: https://reviews.llvm.org/D139030
D137666 changed the memory mappings for msan on aarch64.
This patch updates two more tests to match the new
mappings.
Differential Revision: https://reviews.llvm.org/D139033
strlen_of_shadow hardcodes the mem-to-shadow
constant. That constant was changed in D137666;
this CL updates the test accordingly.
(Other tests will be updated separately.)
Differential Revision: https://reviews.llvm.org/D139027
epoll_pwait2 is new and may not be present in libc and/or kernel.
Since we effectively add it to libc (as will be probed by the program
using dlsym or a weak function pointer) we need to handle the case
when it's not present in the actual libc.
Reviewed By: melver
Differential Revision: https://reviews.llvm.org/D138929
We already know that there are no free blocks above Region->AllocatedUser.
This results in a smaller RegionPageMap and faster releaseFreeMemoryToOS.
Patch By: fabio-d
Differential Revision: https://reviews.llvm.org/D138794
msan's app memory mappings for aarch64 are constrained by
the MEM_TO_SHADOW constant to 64GB or less, and some app
memory mappings (in kMemoryLayout) are even smaller in
practice. This will lead to a crash with the error message
"MemorySanitizer can not mmap the shadow memory" if the
executable's memory mappings (e.g., libraries) extend
beyond msan's app memory mappings.
This patch makes the app/shadow/origin memory mappings
considerably larger, along with corresponding changes to
the MEM_TO_SHADOW and SHADOW_TO_ORIGIN constants.
Note that this deprecates compatibility with 39- and 42-bit
VMAs.
Differential Revision: https://reviews.llvm.org/D137666
SED differs between GNU and BSD in handling semicolon and the use of
'\n' in regex patterns. For macOS we can't use these GNU extensions.
rdar://102686948
Differential Revision: https://reviews.llvm.org/D138824
This variable is derived from LLVM_DEFAULT_TARGET_TRIPLE by default,
but using a separate variable allows additional normalization to be
performed if needed.
Differential Revision: https://reviews.llvm.org/D137451
This reverts commit ea1826ee57.
This change is breaking the ability of tests to override the profile
output file. Need to add a mechanism to do that before resubmitting.
It's a new syscall similar to epoll_pwait.
Add a similar interceptor for it and add synchronization
annotations in epoll_wait* syscall wrappers.
Testing this is problematic b/c it's not present in glibc
and the syscall itself may not be supported by the kernel.
Reviewed By: melver
Differential Revision: https://reviews.llvm.org/D138574
For the RAII lock usage we need to create a local var. There were some headers which clang-tidy identified as unused.
Reviewed By: tejohnson
Differential Revision: https://reviews.llvm.org/D138593
It broke the build, see comments on code review.
> Leaves the implementation and tests files in-place for right now, but
> deletes the ability to build the old sanitizer-common based scudo. This
> has been on life-support for a long time, and the newer scudo_standalone
> is much better supported and maintained.
>
> Also patches up some GWP-ASan wording, primarily related to the fact
> that -fsanitize=scudo now is scudo_standalone, and therefore the way to
> reference the GWP-ASan options through the environment variable has
> changed.
>
> Future follow-up patches will delete the original scudo, and migrate all
> its tests over to be part of the scudo_standalone test suite.
>
> Reviewed By: vitalybuka
>
> Differential Revision: https://reviews.llvm.org/D138157
This reverts commit ab1a5991fe.
Leaves the implementation and tests files in-place for right now, but
deletes the ability to build the old sanitizer-common based scudo. This
has been on life-support for a long time, and the newer scudo_standalone
is much better supported and maintained.
Also patches up some GWP-ASan wording, primarily related to the fact
that -fsanitize=scudo now is scudo_standalone, and therefore the way to
reference the GWP-ASan options through the environment variable has
changed.
Future follow-up patches will delete the original scudo, and migrate all
its tests over to be part of the scudo_standalone test suite.
Reviewed By: vitalybuka
Differential Revision: https://reviews.llvm.org/D138157
If `pathname` is an empty string and the AT_EMPTY_PATH flag is specified in `flags`,
statx `pathname` argument is of type `const char *restrict`, so it should be `""`
instead of `0`.
Reviewed By: SixWeining, xen0n, xry111, lixing-star
Differential Revision: https://reviews.llvm.org/D138414
This revision is a part of a series of patches extending
AddressSanitizer C++ container overflow detection capabilities by adding
annotations, similar to those existing in std::vector, to std::string
and std::deque collections. These changes allow ASan to detect cases
when the instrumented program accesses memory which is internally
allocated by the collection but is still not in-use (accesses before or
after the stored elements for std::deque, or between the size and
capacity bounds for std::string).
The motivation for the research and those changes was a bug, found by
Trail of Bits, in a real code where an out-of-bounds read could happen
as two strings were compared via a std::equals function that took
iter1_begin, iter1_end, iter2_begin iterators (with a custom comparison
function). When object iter1 was longer than iter2, read out-of-bounds
on iter2 could happen. Container sanitization would detect it.
This revision adds a new compiler-rt ASan sanitization API function
sanitizer_annotate_double_ended_contiguous_container necessary to
sanitize/annotate double ended contiguous containers. Note that that
function annotates a single contiguous memory buffer (for example the
std::deque's internal chunk). Such containers have the beginning of
allocated memory block, beginning of the container in-use data, end of
the container's in-use data and the end of the allocated memory block.
This also adds a new API function to verify if a double ended contiguous
container is correctly annotated
(__sanitizer_verify_double_ended_contiguous_container).
Since we do not modify the ASan's shadow memory encoding values, the
capability of sanitizing/annotating a prefix of the internal contiguous
memory buffer is limited – up to SHADOW_GRANULARITY-1 bytes may not be
poisoned before the container's in-use data. This can cause false
negatives (situations when ASan will not detect memory corruption in
those areas).
On the other hand, API function interfaces are designed to work even if
this caveat would not exist. Therefore implementations using those
functions will poison every byte correctly, if only ASan (and
compiler-rt) is extended to support it. In other words, if ASan was
modified to support annotating/poisoning of objects lying on addresses
unaligned to SHADOW_GRANULARITY (so e.g. prefixes of those blocks),
which would require changing its shadow memory encoding, this would not
require any changes in the libcxx std::string/deque code which is added
in further commits of this patch series.
If you have any questions, please email:
advenam.tacet@trailofbits.comdisconnect3d@trailofbits.com
Differential Revision: https://reviews.llvm.org/D132090
Aries Wu
Mitch Phillips