llvm-project/compiler-rt/test/msan/mmap.cc

// Test that mmap (without MAP_FIXED) always returns valid application addresses.
// RUN: %clangxx_msan -O0 %s -o %t && %run %t
// RUN: %clangxx_msan -O0 -fsanitize-memory-track-origins %s -o %t && %run %t

#include <assert.h>
#include <errno.h>
#include <stdint.h>
#include <sys/mman.h>
#include <stdio.h>
#include <stdlib.h>
#include "test.h"

bool AddrIsApp(void *p) {
  uintptr_t addr = (uintptr_t)p;
#if defined(__FreeBSD__) && defined(__x86_64__)
  return addr < 0x010000000000ULL || addr >= 0x600000000000ULL;
#elif defined(__x86_64__)
  return addr >= 0x600000000000ULL;
#elif defined(__mips64)
  return addr >= 0x00e000000000ULL;
#elif defined(__powerpc64__)
  return addr < 0x000100000000ULL || addr >= 0x300000000000ULL;
#elif defined(__aarch64__)
  unsigned long vma = SystemVMA();
  if (vma == 39)
    return (addr >= 0x5500000000ULL && addr < 0x5600000000ULL) ||
           (addr > 0x7000000000ULL);
  else if (vma == 42)
    return (addr >= 0x2aa00000000ULL && addr < 0x2ab00000000ULL) ||
           (addr > 0x3f000000000ULL);
  else {
    fprintf(stderr, "unsupported vma: %lu\n", vma);
    exit(1);
  }
#endif
}

int main() {
  // Large enough to quickly exhaust the entire address space.
#if defined(__mips64) || defined(__aarch64__)
  const size_t kMapSize = 0x100000000ULL;
#else
  const size_t kMapSize = 0x1000000000ULL;
#endif
  int success_count = 0;
  while (true) {
    void *p = mmap(0, kMapSize, PROT_WRITE,
                   MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE, -1, 0);
    printf("%p\n", p);
    if (p == MAP_FAILED) {
      assert(errno == ENOMEM);
      break;
    }
    assert(AddrIsApp(p));
    success_count++;
  }
  printf("successful mappings: %d\n", success_count);
  assert(success_count > 5);
}
[msan] Mprotect all inaccessible memory regions. Fix 2 bugs in memory mapping setup: - the invalid region at offset 0 was not protected because mmap at address 0 fails with EPERM on most Linux systems. We did not notice this because the check condition was flipped: the code was checking that mprotect has failed. And the test that was supposed to catch this was weakened by the mitigations in the mmap interceptor. - when running without origins, the origin shadow range was left unprotected. The new test ensures that mmap w/o MAP_FIXED always returns valid application addresses. llvm-svn: 238109 2015-05-24 10:47:59 +08:00			`// Test that mmap (without MAP_FIXED) always returns valid application addresses.`
			`// RUN: %clangxx_msan -O0 %s -o %t && %run %t`
			`// RUN: %clangxx_msan -O0 -fsanitize-memory-track-origins %s -o %t && %run %t`

			`#include <assert.h>`
			`#include <errno.h>`
			`#include <stdint.h>`
			`#include <sys/mman.h>`
			`#include <stdio.h>`
[MSan] Enable MSAN for aarch64 This patch enabled msan for aarch64 with 39-bit VMA and 42-bit VMA. As defined by lib/msan/msan.h the memory layout used is for 39-bit is: 00 0000 0000 - 40 0000 0000: invalid 40 0000 0000 - 43 0000 0000: shadow 43 0000 0000 - 46 0000 0000: origin 46 0000 0000 - 55 0000 0000: invalid 55 0000 0000 - 56 0000 0000: app (low) 56 0000 0000 - 70 0000 0000: invalid 70 0000 0000 - 80 0000 0000: app (high) And for 42-bit VMA: 000 0000 0000 - 100 0000 0000: invalid 100 0000 0000 - 11b 0000 0000: shadow 11b 0000 0000 - 120 0000 0000: invalid 120 0000 0000 - 13b 0000 0000: origin 13b 0000 0000 - 2aa 0000 0000: invalid 2aa 0000 0000 - 2ab 0000 0000: app (low) 2ab 0000 0000 - 3f0 0000 0000: invalid 3f0 0000 0000 - 400 0000 0000: app (high) Most of tests are passing with exception of: * Linux/mallinfo.cc * chained_origin_limits.cc * dlerror.cc * param_tls_limit.cc * signal_stress_test.cc * nonnull-arg.cpp The 'Linux/mallinfo.cc' is due the fact AArch64 returns the sret in 'x8' instead of default first argument 'x1'. So a function prototype that aims to mimic (by using first argument as the return of function) won't work. For GCC one can make a register alias (register var asm ("r8")), but for clang it detects is an unused variable and generate wrong code. The 'chained_origin_limits' is probably due a wrong code generation, since it fails only when origin memory is used (-fsanitize-memory-track-origins=2) and only in the returned code (return buf[50]). The 'signal_streess_test' and 'nonnull-arg' are due currently missing variadic argument handling in memory sanitizer code instrumentation on LLVM side. Both 'dlerror' and 'param_tls_test' are unknown failures that require further investigation. All the failures are XFAIL for aarch64 for now. llvm-svn: 247809 2015-09-16 23:12:25 +08:00			`#include <stdlib.h>`
			`#include "test.h"`
[msan] Mprotect all inaccessible memory regions. Fix 2 bugs in memory mapping setup: - the invalid region at offset 0 was not protected because mmap at address 0 fails with EPERM on most Linux systems. We did not notice this because the check condition was flipped: the code was checking that mprotect has failed. And the test that was supposed to catch this was weakened by the mitigations in the mmap interceptor. - when running without origins, the origin shadow range was left unprotected. The new test ensures that mmap w/o MAP_FIXED always returns valid application addresses. llvm-svn: 238109 2015-05-24 10:47:59 +08:00
			`bool AddrIsApp(void *p) {`
			`uintptr_t addr = (uintptr_t)p;`
			`#if defined(__FreeBSD__) && defined(__x86_64__)`
			`return addr < 0x010000000000ULL \|\| addr >= 0x600000000000ULL;`
			`#elif defined(__x86_64__)`
			`return addr >= 0x600000000000ULL;`
			`#elif defined(__mips64)`
			`return addr >= 0x00e000000000ULL;`
Enable memory sanitizer for PPC64 Summary: This patch adds basic memory sanitizer support for PPC64. PR23219. I have further patches ready to enable it in LLVM and Clang, and to fix most of the many failing tests in check-msan. Reviewers: kcc, willschm, samsonov, wschmidt, eugenis Reviewed By: eugenis Subscribers: wschmidt, llvm-commits Differential Revision: http://reviews.llvm.org/D10648 llvm-svn: 240623 2015-06-25 14:22:31 +08:00			`#elif defined(__powerpc64__)`
			`return addr < 0x000100000000ULL \|\| addr >= 0x300000000000ULL;`
[MSan] Enable MSAN for aarch64 This patch enabled msan for aarch64 with 39-bit VMA and 42-bit VMA. As defined by lib/msan/msan.h the memory layout used is for 39-bit is: 00 0000 0000 - 40 0000 0000: invalid 40 0000 0000 - 43 0000 0000: shadow 43 0000 0000 - 46 0000 0000: origin 46 0000 0000 - 55 0000 0000: invalid 55 0000 0000 - 56 0000 0000: app (low) 56 0000 0000 - 70 0000 0000: invalid 70 0000 0000 - 80 0000 0000: app (high) And for 42-bit VMA: 000 0000 0000 - 100 0000 0000: invalid 100 0000 0000 - 11b 0000 0000: shadow 11b 0000 0000 - 120 0000 0000: invalid 120 0000 0000 - 13b 0000 0000: origin 13b 0000 0000 - 2aa 0000 0000: invalid 2aa 0000 0000 - 2ab 0000 0000: app (low) 2ab 0000 0000 - 3f0 0000 0000: invalid 3f0 0000 0000 - 400 0000 0000: app (high) Most of tests are passing with exception of: * Linux/mallinfo.cc * chained_origin_limits.cc * dlerror.cc * param_tls_limit.cc * signal_stress_test.cc * nonnull-arg.cpp The 'Linux/mallinfo.cc' is due the fact AArch64 returns the sret in 'x8' instead of default first argument 'x1'. So a function prototype that aims to mimic (by using first argument as the return of function) won't work. For GCC one can make a register alias (register var asm ("r8")), but for clang it detects is an unused variable and generate wrong code. The 'chained_origin_limits' is probably due a wrong code generation, since it fails only when origin memory is used (-fsanitize-memory-track-origins=2) and only in the returned code (return buf[50]). The 'signal_streess_test' and 'nonnull-arg' are due currently missing variadic argument handling in memory sanitizer code instrumentation on LLVM side. Both 'dlerror' and 'param_tls_test' are unknown failures that require further investigation. All the failures are XFAIL for aarch64 for now. llvm-svn: 247809 2015-09-16 23:12:25 +08:00			`#elif defined(__aarch64__)`
			`unsigned long vma = SystemVMA();`
			`if (vma == 39)`
			`return (addr >= 0x5500000000ULL && addr < 0x5600000000ULL) \|\|`
			`(addr > 0x7000000000ULL);`
			`else if (vma == 42)`
			`return (addr >= 0x2aa00000000ULL && addr < 0x2ab00000000ULL) \|\|`
			`(addr > 0x3f000000000ULL);`
			`else {`
			`fprintf(stderr, "unsupported vma: %lu\n", vma);`
			`exit(1);`
			`}`
[msan] Mprotect all inaccessible memory regions. Fix 2 bugs in memory mapping setup: - the invalid region at offset 0 was not protected because mmap at address 0 fails with EPERM on most Linux systems. We did not notice this because the check condition was flipped: the code was checking that mprotect has failed. And the test that was supposed to catch this was weakened by the mitigations in the mmap interceptor. - when running without origins, the origin shadow range was left unprotected. The new test ensures that mmap w/o MAP_FIXED always returns valid application addresses. llvm-svn: 238109 2015-05-24 10:47:59 +08:00			`#endif`
			`}`

			`int main() {`
			`// Large enough to quickly exhaust the entire address space.`
[MSan] Enable MSAN for aarch64 This patch enabled msan for aarch64 with 39-bit VMA and 42-bit VMA. As defined by lib/msan/msan.h the memory layout used is for 39-bit is: 00 0000 0000 - 40 0000 0000: invalid 40 0000 0000 - 43 0000 0000: shadow 43 0000 0000 - 46 0000 0000: origin 46 0000 0000 - 55 0000 0000: invalid 55 0000 0000 - 56 0000 0000: app (low) 56 0000 0000 - 70 0000 0000: invalid 70 0000 0000 - 80 0000 0000: app (high) And for 42-bit VMA: 000 0000 0000 - 100 0000 0000: invalid 100 0000 0000 - 11b 0000 0000: shadow 11b 0000 0000 - 120 0000 0000: invalid 120 0000 0000 - 13b 0000 0000: origin 13b 0000 0000 - 2aa 0000 0000: invalid 2aa 0000 0000 - 2ab 0000 0000: app (low) 2ab 0000 0000 - 3f0 0000 0000: invalid 3f0 0000 0000 - 400 0000 0000: app (high) Most of tests are passing with exception of: * Linux/mallinfo.cc * chained_origin_limits.cc * dlerror.cc * param_tls_limit.cc * signal_stress_test.cc * nonnull-arg.cpp The 'Linux/mallinfo.cc' is due the fact AArch64 returns the sret in 'x8' instead of default first argument 'x1'. So a function prototype that aims to mimic (by using first argument as the return of function) won't work. For GCC one can make a register alias (register var asm ("r8")), but for clang it detects is an unused variable and generate wrong code. The 'chained_origin_limits' is probably due a wrong code generation, since it fails only when origin memory is used (-fsanitize-memory-track-origins=2) and only in the returned code (return buf[50]). The 'signal_streess_test' and 'nonnull-arg' are due currently missing variadic argument handling in memory sanitizer code instrumentation on LLVM side. Both 'dlerror' and 'param_tls_test' are unknown failures that require further investigation. All the failures are XFAIL for aarch64 for now. llvm-svn: 247809 2015-09-16 23:12:25 +08:00			`#if defined(__mips64) \|\| defined(__aarch64__)`
[msan] Mprotect all inaccessible memory regions. Fix 2 bugs in memory mapping setup: - the invalid region at offset 0 was not protected because mmap at address 0 fails with EPERM on most Linux systems. We did not notice this because the check condition was flipped: the code was checking that mprotect has failed. And the test that was supposed to catch this was weakened by the mitigations in the mmap interceptor. - when running without origins, the origin shadow range was left unprotected. The new test ensures that mmap w/o MAP_FIXED always returns valid application addresses. llvm-svn: 238109 2015-05-24 10:47:59 +08:00			`const size_t kMapSize = 0x100000000ULL;`
			`#else`
			`const size_t kMapSize = 0x1000000000ULL;`
			`#endif`
			`int success_count = 0;`
			`while (true) {`
[msan] Fix mmap test on Fedora. llvm-svn: 238226 2015-05-27 02:02:54 +08:00			`void *p = mmap(0, kMapSize, PROT_WRITE,`
			`MAP_PRIVATE \| MAP_ANONYMOUS \| MAP_NORESERVE, -1, 0);`
[msan] Mprotect all inaccessible memory regions. Fix 2 bugs in memory mapping setup: - the invalid region at offset 0 was not protected because mmap at address 0 fails with EPERM on most Linux systems. We did not notice this because the check condition was flipped: the code was checking that mprotect has failed. And the test that was supposed to catch this was weakened by the mitigations in the mmap interceptor. - when running without origins, the origin shadow range was left unprotected. The new test ensures that mmap w/o MAP_FIXED always returns valid application addresses. llvm-svn: 238109 2015-05-24 10:47:59 +08:00			`printf("%p\n", p);`
			`if (p == MAP_FAILED) {`
			`assert(errno == ENOMEM);`
			`break;`
			`}`
			`assert(AddrIsApp(p));`
			`success_count++;`
			`}`
			`printf("successful mappings: %d\n", success_count);`
			`assert(success_count > 5);`
			`}`