Commit Graph

82 Commits

Author SHA1 Message Date
Dominic Chen 7abd6837a0 [scudo] Use nullptr instead of integer-to-pointer cast
Differential Revision: https://reviews.llvm.org/D121856
2022-03-17 10:17:36 -07:00
Kostya Kortchinsky b2aaafb837 [scudo] Use stdint types for internal types (redo)
This is a redo of D108089 that broke some 32-bit builds.

`scudo::uptr` was defined as an `unsigned long` on 32-b platform,
while a `uintptr_t` is usually defined as an `unsigned int`.
This worked, this was not consistent, particularly with regard to
format string specifiers.

As suggested by Vitaly, since we are including `stdint.h`, define
the internal scudo integer types to those.

Differential Revision: https://reviews.llvm.org/D108152
2021-08-16 14:46:42 -07:00
Mitch Phillips 32adf108c8 [scudo] Add GWP-ASan state/metadata pointer proxies.
Provide accessor proxies for the gwp-asan regions that are useful in
symbolizing dumps offline. Should be useful for Fuchsia to be able to
locate these internal pointers to stash the data in a minidump.

Reviewed By: cryptoad

Differential Revision: https://reviews.llvm.org/D107909
2021-08-11 09:21:48 -07:00
Vitaly Buka fe30963600 [scudo] Untag BlockEnd in reallocate
If we get here from reallocate, BlockEnd is tagged. Then we
will storeTag(UntaggedEnd) into the header of the next chunk.

Luckily header tag is 0 so unpatched code still works.

Reviewed By: pcc

Differential Revision: https://reviews.llvm.org/D105261
2021-07-01 13:02:58 -07:00
Vitaly Buka b1fd009aab [scudo] GWP_ASAN runs on untagged pointers
It's already covered by multiple tests, but to trigger
this path we need MTE+GWP which disabled.

Reviewed By: hctim, pcc

Differential Revision: https://reviews.llvm.org/D105232
2021-06-30 20:41:30 -07:00
Vitaly Buka 1e6d135325 [scudo] Untag pointer in iterateOverChunks
Pointer comparison in Lambda will not work on tagged pointers.

Reviewed By: pcc

Differential Revision: https://reviews.llvm.org/D103496
2021-06-04 12:45:07 -07:00
Kostya Kortchinsky 868317b3fd [scudo] Rework Vector/String
Some platforms (eg: Trusty) are extremelly memory constrained, which
doesn't necessarily work well with some of Scudo's current assumptions.

`Vector` by default (and as such `String` and `ScopedString`) maps a
page, which is a bit of a waste. This CL changes `Vector` to use a
buffer local to the class first, then potentially map more memory if
needed (`ScopedString` currently are all stack based so it would be
stack data). We also want to allow a platform to prevent any dynamic
resizing, so I added a `CanGrow` templated parameter that for now is
always `true` but would be set to `false` on Trusty.

Differential Revision: https://reviews.llvm.org/D103641
2021-06-03 18:12:24 -07:00
Kostya Kortchinsky a45877eea8 [scudo] Get rid of initLinkerInitialized
Now that everything is forcibly linker initialized, it feels like a
good time to get rid of the `init`/`initLinkerInitialized` split.

This allows to get rid of various `memset` construct in `init` that
gcc complains about (this fixes a Fuchsia open issue).

I added various `DCHECK`s to ensure that we would get a zero-inited
object when entering `init`, which required ensuring that
`unmapTestOnly` leaves the object in a good state (tests are currently
the only location where an allocator can be "de-initialized").

Running the tests with `--gtest_repeat=` showed no issue.

Differential Revision: https://reviews.llvm.org/D103119
2021-05-26 09:53:40 -07:00
Mitch Phillips 1fb6a03072 [scudo] Add unmapTestOnly() to secondary.
When trying to track down a vaddr-poisoning bug, I found that that the
secondary cache isn't emptied on test teardown. We should probably do
that to make the tests hermetic. Otherwise, repeating the tests lots of
times using --gtest_repeat fails after the mmap vaddr space is
exhausted.

To repro:
$ ninja check-scudo_standalone # build
$ ./projects/compiler-rt/lib/scudo/standalone/tests/ScudoUnitTest-x86_64-Test \
--gtest_filter=ScudoSecondaryTest.*:-ScudoSecondaryTest.SecondaryCombinations \
--gtest_repeat=10000

Reviewed By: cryptoad

Differential Revision: https://reviews.llvm.org/D102874
2021-05-24 16:09:02 -07:00
Peter Collingbourne f79929acea scudo: Fix MTE error reporting for zero-sized allocations.
With zero-sized allocations we don't actually end up storing the
address tag to the memory tag space, so store it in the first byte of
the chunk instead so that we can find it later in getInlineErrorInfo().

Differential Revision: https://reviews.llvm.org/D102442
2021-05-13 18:14:03 -07:00
Peter Collingbourne 9567131d03 scudo: Check for UAF in ring buffer before OOB in more distant blocks.
It's more likely that we have a UAF than an OOB in blocks that are
more than 1 block away from the fault address, so the UAF should
appear first in the error report.

Differential Revision: https://reviews.llvm.org/D102379
2021-05-13 18:14:02 -07:00
Peter Collingbourne 6732a5328c scudo: Require fault address to be in bounds for UAF.
The bounds check that we previously had here was suitable for secondary
allocations but not for UAF on primary allocations, where it is likely
to result in false positives. Fix it by using a different bounds check
for UAF that requires the fault address to be in bounds.

Differential Revision: https://reviews.llvm.org/D102376
2021-05-12 18:02:10 -07:00
Mitch Phillips e78b64df98 [Scudo] Use GWP-ASan's aligned allocations and fixup postalloc hooks.
This patch does a few cleanup things:
 1. The non-standalone scudo has a problem where GWP-ASan allocations
 may not meet alignment requirements where Scudo was requested to have
 alignment >= 16. Use the new GWP-ASan API to fix this.
 2. The standalone variant loses some debugging information inside of
 GWP-ASan because we ask GWP-ASan to allocate an aligned size in the
 frontend. This means reports end up with 'UaF on a 16-byte allocation'
 for a 1-byte allocation with 16-byte alignment. Also use the new API to
 fix this.
 3. Add post-alloc hooks for GWP-ASan intercepted allocations, and add
 stats tracking for GWP-ASan allocations.
 4. Add a small test that checks the alignment of the frontend
 allocator, so that it can be used under GWP-ASan torture mode.
 5. Add GWP-ASan torture mode as a testing configuration to catch these
 regressions.

Depends on D94830, D95889.

Reviewed By: cryptoad

Differential Revision: https://reviews.llvm.org/D95884
2021-05-10 12:56:18 -07:00
Mitch Phillips 8936608e6f [scudo] [GWP-ASan] Add GWP-ASan variant of scudo benchmarks.
GWP-ASan is the "production" variant as compiled by compiler-rt, and it's useful to be able to benchmark changes in GWP-ASan or Scudo's GWP-ASan hooks across versions. GWP-ASan is sampled, and sampled allocations are much slower, but given the amount of allocations that happen under test here - we actually get a reasonable representation of GWP-ASan's negligent performance impact between runs.

Reviewed By: cryptoad

Differential Revision: https://reviews.llvm.org/D101865
2021-05-10 12:14:48 -07:00
Vitaly Buka d56ef8523c [scudo] Use require_constant_initialization
Attribute guaranties safe static initialization of globals.

Reviewed By: hctim

Differential Revision: https://reviews.llvm.org/D101514
2021-05-01 01:46:47 -07:00
Vitaly Buka ea7618684c Revert "[scudo] Use require_constant_initialization"
This reverts commit 7ad4dee3e7.
2021-04-29 09:55:54 -07:00
Vitaly Buka 7ad4dee3e7 [scudo] Use require_constant_initialization
Attribute guaranties safe static initialization of globals.

Differential Revision: https://reviews.llvm.org/D101514
2021-04-29 09:47:59 -07:00
Mitch Phillips 643ccf6e4b Revert "[Scudo] Use GWP-ASan's aligned allocations and fixup postalloc hooks."
This reverts commit a683abe5c0.

Broke the upstream buildbots:
https://lab.llvm.org/buildbot/#/builders/37/builds/3731/steps/16/logs/stdio
2021-04-23 15:40:38 -07:00
Peter Collingbourne f2819ee6cc scudo: Work around gcc 8 conversion warning.
Should fix:
https://lab.llvm.org/buildbot#builders/99/builds/2953
2021-04-23 11:26:12 -07:00
Mitch Phillips a683abe5c0 [Scudo] Use GWP-ASan's aligned allocations and fixup postalloc hooks.
This patch does a few cleanup things:
 1. The non-standalone scudo has a problem where GWP-ASan allocations
 may not meet alignment requirements where Scudo was requested to have
 alignment >= 16. Use the new GWP-ASan API to fix this.
 2. The standalone variant loses some debugging information inside of
 GWP-ASan because we ask GWP-ASan to allocate an aligned size in the
 frontend. This means reports end up with 'UaF on a 16-byte allocation'
 for a 1-byte allocation with 16-byte alignment. Also use the new API to
 fix this.
 3. Add post-alloc hooks for GWP-ASan intercepted allocations, and add
 stats tracking for GWP-ASan allocations.
 4. Add a small test that checks the alignment of the frontend
 allocator, so that it can be used under GWP-ASan torture mode.
 5. Add GWP-ASan torture mode as a testing configuration to catch these
 regressions.

Depends on D94830, D95889.

Reviewed By: cryptoad

Differential Revision: https://reviews.llvm.org/D95884
2021-04-23 10:07:36 -07:00
Peter Collingbourne 0a5576ecf0 scudo: Store header on deallocation before retagging memory.
From a cache perspective it's better to store the header immediately
after loading it. If we delay this operation until after we've
retagged it's more likely that our header will have been evicted from
the cache and we'll need to fetch it again in order to perform the
compare-exchange operation.

For similar reasons, store the deallocation stack before retagging
instead of afterwards.

Differential Revision: https://reviews.llvm.org/D101137
2021-04-23 09:32:16 -07:00
Peter Collingbourne 4e88e5877c scudo: Use a table to look up the LSB for computing the odd/even mask. NFCI.
In the most common case we call computeOddEvenMaskForPointerMaybe()
from quarantineOrDeallocateChunk(), in which case we need to look up
the class size from the SizeClassMap in order to compute the LSB. Since
we need to do a lookup anyway, we may as well look up the LSB itself
and avoid computing it every time.

While here, switch to a slightly more efficient way of computing the
odd/even mask.

Differential Revision: https://reviews.llvm.org/D101018
2021-04-22 11:19:55 -07:00
Peter Collingbourne e4fa0b307f scudo: Obtain tag from pointer instead of loading it from memory. NFCI.
Since we already have a tagged pointer available to us, we can just
extract the tag from it and avoid an LDG instruction.

Differential Revision: https://reviews.llvm.org/D101014
2021-04-21 21:47:49 -07:00
Peter Collingbourne 3d47e003e9 scudo: Make prepareTaggedChunk() and resizeTaggedChunk() generic.
Now that we have a more efficient implementation of storeTags(),
we should start using it from resizeTaggedChunk(). With that, plus
a new storeTag() function, resizeTaggedChunk() can be made generic,
and so can prepareTaggedChunk(). Make it so.

Now that the functions are generic, move them to combined.h so that
memtag.h no longer needs to know about chunks.

Differential Revision: https://reviews.llvm.org/D100911
2021-04-21 13:53:39 -07:00
Peter Collingbourne 1f55fa0b99 scudo: Add support for tracking stack traces of secondary allocations.
There is no centralized store of information related to secondary
allocations. Moreover the allocations themselves become inaccessible
when the allocation is freed in order to implement UAF detection,
so we can't store information there to be used in case of UAF
anyway.

Therefore our storage location for tracking stack traces of secondary
allocations is a ring buffer. The ring buffer is copied to the process
creating the crash dump when a fault occurs.

The ring buffer is also used to store stack traces for primary
deallocations. Stack traces for primary allocations continue to be
stored inline.

In order to support the scenario where an access to the ring buffer
is interrupted by a concurrently occurring crash, the ring buffer is
accessed in a lock-free manner.

Differential Revision: https://reviews.llvm.org/D94212
2021-03-09 11:43:03 -08:00
Peter Collingbourne 3f71ce8589 scudo: Support memory tagging in the secondary allocator.
This patch enhances the secondary allocator to be able to detect buffer
overflow, and (on hardware supporting memory tagging) use-after-free
and buffer underflow.

Use-after-free detection is implemented by setting memory page
protection to PROT_NONE on free. Because this must be done immediately
rather than after the memory has been quarantined, we no longer use the
combined allocator quarantine for secondary allocations. Instead, a
quarantine has been added to the secondary allocator cache.

Buffer overflow detection is implemented by aligning the allocation
to the right of the writable pages, so that any overflows will
spill into the guard page to the right of the allocation, which
will have PROT_NONE page protection. Because this would require the
secondary allocator to produce a header at the correct position,
the responsibility for ensuring chunk alignment has been moved to
the secondary allocator.

Buffer underflow detection has been implemented on hardware supporting
memory tagging by tagging the memory region between the start of the
mapping and the start of the allocation with a non-zero tag. Due to
the cost of pre-tagging secondary allocations and the memory bandwidth
cost of tagged accesses, the allocation itself uses a tag of 0 and
only the first four pages have memory tagging enabled.

This is a reland of commit 7a0da88943 which was reverted in commit
9678b07e42. This reland includes the following changes:

- Fix the calculation of BlockSize which led to incorrect statistics
  returned by mallinfo().
- Add -Wno-pedantic to silence GCC warning.
- Optionally add some slack at the end of secondary allocations to help
  work around buggy applications that read off the end of their
  allocation.

Differential Revision: https://reviews.llvm.org/D93731
2021-03-08 14:39:33 -08:00
Peter Collingbourne 9678b07e42 Revert 7a0da88943, "scudo: Support memory tagging in the secondary allocator."
We measured a 2.5 seconds (17.5%) regression in Android boot time
performance with this change.
2021-02-25 16:50:02 -08:00
Peter Collingbourne 7a0da88943 scudo: Support memory tagging in the secondary allocator.
This patch enhances the secondary allocator to be able to detect buffer
overflow, and (on hardware supporting memory tagging) use-after-free
and buffer underflow.

Use-after-free detection is implemented by setting memory page
protection to PROT_NONE on free. Because this must be done immediately
rather than after the memory has been quarantined, we no longer use the
combined allocator quarantine for secondary allocations. Instead, a
quarantine has been added to the secondary allocator cache.

Buffer overflow detection is implemented by aligning the allocation
to the right of the writable pages, so that any overflows will
spill into the guard page to the right of the allocation, which
will have PROT_NONE page protection. Because this would require the
secondary allocator to produce a header at the correct position,
the responsibility for ensuring chunk alignment has been moved to
the secondary allocator.

Buffer underflow detection has been implemented on hardware supporting
memory tagging by tagging the memory region between the start of the
mapping and the start of the allocation with a non-zero tag. Due to
the cost of pre-tagging secondary allocations and the memory bandwidth
cost of tagged accesses, the allocation itself uses a tag of 0 and
only the first four pages have memory tagging enabled.

Differential Revision: https://reviews.llvm.org/D93731
2021-02-22 14:35:39 -08:00
Mitch Phillips 3d8823b8e4 [GWP-ASan] Add aligned allocations.
Adds a new allocation API to GWP-ASan that handles size+alignment
restrictions.

Reviewed By: cryptoad, eugenis

Differential Revision: https://reviews.llvm.org/D94830
2021-02-08 11:22:29 -08:00
Kostya Kortchinsky ba379fe527 [scudo][standalone] Restore GWP-ASan flag parsing
With D92696, the Scudo Standalone GWP-ASan flag parsing was changed to
the new GWP-ASan optional one. We do not necessarily want this, as this
duplicates flag parsing code in Scudo Standalone when using the
GWP-ASan integration.

This CL reverts the changes within Scudo Standalone, and increases
`MaxFlags` to 20 as an addionnal option got us to the current max.

Differential Revision: https://reviews.llvm.org/D95542
2021-01-27 12:35:34 -08:00
Mitch Phillips 6a42cbf6d2 [GWP-ASan] Add inbuilt options parser.
Adds a modified options parser (shamefully pulled from Scudo, which
shamefully pulled it from sanitizer-common) to GWP-ASan. This allows
customers (Android) to parse options strings in a common way.

Depends on D94117.

AOSP side of these patches is staged at:

 - sepolicy (sysprops should only be settable by the shell, in both root and
 unrooted conditions):
 https://android-review.googlesource.com/c/platform/system/sepolicy/+/1517238

 - zygote updates:
 https://android-review.googlesource.com/c/platform/frameworks/base/+/1515009

 - bionic changes to add `gwp_asan.<process_name>` system property, and
 GWP_ASAN_OPTIONS environment variable:
 https://android-review.googlesource.com/c/platform/bionic/+/1514989

Reviewed By: eugenis

Differential Revision: https://reviews.llvm.org/D92696
2021-01-15 12:57:05 -08:00
Mitch Phillips a8520f6970 [GWP-ASan] Minor refactor of optional components.
In preparation for the inbuilt options parser, this is a minor refactor
of optional components including:
 - Putting certain optional elements in the right header files,
 according to their function and their dependencies.
 - Cleaning up some old and mostly-dead code.
 - Moving some functions into anonymous namespaces to prevent symbol
 export.

Reviewed By: cryptoad, eugenis

Differential Revision: https://reviews.llvm.org/D94117
2021-01-14 11:14:11 -08:00
Peter Collingbourne faac1c02c8 scudo: Move the management of the UseMemoryTagging bit out of the Primary. NFCI.
The primary and secondary allocators will need to share this bit,
so move the management of the bit to the combined allocator and
make useMemoryTagging() a free function.

Differential Revision: https://reviews.llvm.org/D93730
2020-12-22 16:52:54 -08:00
Peter Collingbourne e6b3db6309 scudo: Replace the Cache argument on MapAllocator with a Config argument. NFCI.
This will allow the secondary allocator to access the
MaySupportMemoryTagging bool.

Differential Revision: https://reviews.llvm.org/D93729
2020-12-22 16:52:48 -08:00
Peter Collingbourne f21f3339ba scudo: Remove positional template arguments for secondary cache. NFCI.
Make these arguments named constants in the Config class instead
of being positional arguments to MapAllocatorCache. This makes the
configuration easier to follow.

Eventually we should follow suit with the other classes but this is
a start.

Differential Revision: https://reviews.llvm.org/D93251
2020-12-14 15:40:07 -08:00
Kostya Kortchinsky 3f70987b35 [scudo][standalone] Small changes to the fastpath
There are a few things that I wanted to reorganize for a while:
- the loop that incrementally goes through classes on failure looked
  horrible in assembly, mostly because of `LIKELY`/`UNLIKELY` within
  the loop. So remove those, we are already in an unlikely scenario
- hooks are not used by default on Android/Fuchsia/etc so mark the
  tests for the existence of the weak functions as unlikely
- mark of couple of conditions as likely/unlikely
- in `reallocate`, the old size was computed again while we already
  have it in a variable. So just use the one we have.
- remove the bitwise AND trick and use a logical AND, that has one
  less test by using a purposeful underflow when `Size` is 0 (I
  actually looked at the assembly of the previous code to steal that
  trick)
- move the read of the options closer to where they are used, mark them
  as `const`

Overall this makes things a tiny bit faster, but cleaner.

Differential Revision: https://reviews.llvm.org/D92689
2020-12-10 10:25:59 -08:00
Peter Collingbourne e5a28e1261 scudo: Fix quarantine allocation when MTE enabled.
Quarantines have always been broken when MTE is enabled because the
quarantine batch allocator fails to reset tags that may have been
left behind by a user allocation.

This was only noticed when running the Scudo unit tests with Scudo
as the system allocator because quarantines are turned off by
default on Android and the test binary turns them on by defining
__scudo_default_options, which affects the system allocator as well.

Differential Revision: https://reviews.llvm.org/D92881
2020-12-09 11:48:41 -08:00
Peter Collingbourne 719ab7309e scudo: Make it thread-safe to set some runtime configuration flags.
Move some of the flags previously in Options, as well as the
UseMemoryTagging flag previously in the primary allocator, into an
atomic variable so that it can be updated while other threads are
running. Relaxed accesses are used because we only have the requirement
that the other threads see the new value eventually.

The code is set up so that the variable is generally loaded once per
allocation function call with the exception of some rarely used code
such as error handlers. The flag bits can generally stay in a register
during the execution of the allocation function which means that they
can be branched on with minimal overhead (e.g. TBZ on aarch64).

Differential Revision: https://reviews.llvm.org/D88523
2020-09-30 09:42:45 -07:00
Peter Collingbourne e851aeb0a5 scudo: Re-order Allocator fields for improved performance. NFCI.
Move smaller and frequently-accessed fields near the beginning
of the data structure in order to improve locality and reduce
the number of instructions required to form an access to those
fields. With this change I measured a ~5% performance improvement on
BM_malloc_sql_trace_default on aarch64 Android devices (Pixel 4 and
DragonBoard 845c).

Differential Revision: https://reviews.llvm.org/D88350
2020-09-28 11:51:45 -07:00
Peter Collingbourne 7bd75b6301 scudo: Add an API for disabling memory initialization per-thread.
Here "memory initialization" refers to zero- or pattern-init on
non-MTE hardware, or (where possible to avoid) memory tagging on MTE
hardware. With shared TSD the per-thread memory initialization state
is stored in bit 0 of the TLS slot, similar to PointerIntPair in LLVM.

Differential Revision: https://reviews.llvm.org/D87739
2020-09-18 12:04:27 -07:00
Kostya Kortchinsky 00d9907a7a [scudo][standalone] Enable secondary cache release on Fuchsia
I had left this as a TODO, but it turns out it wasn't complicated.
By specifying `MAP_RESIZABLE`, it allows us to keep the VMO which we
can then use for release purposes.
`releasePagesToOS` also had to be called the "proper" way, as Fuchsia
requires the `Offset` field to be correct. This has no impact on
non-Fuchsia platforms.

Differential Revision: https://reviews.llvm.org/D86800
2020-09-02 14:28:17 -07:00
Kostya Kortchinsky 6f00f3b56e [scudo][standalone] mallopt runtime configuration options
Summary:
Partners have requested the ability to configure more parts of Scudo
at runtime, notably the Secondary cache options (maximum number of
blocks cached, maximum size) as well as the TSD registry options
(the maximum number of TSDs in use).

This CL adds a few more Scudo specific `mallopt` parameters that are
passed down to the various subcomponents of the Combined allocator.

- `M_CACHE_COUNT_MAX`: sets the maximum number of Secondary cached items
- `M_CACHE_SIZE_MAX`: sets the maximum size of a cacheable item in the Secondary
- `M_TSDS_COUNT_MAX`: sets the maximum number of TSDs that can be used (Shared Registry only)

Regarding the TSDs maximum count, this is a one way option, only
allowing to increase the count.

In order to allow for this, I rearranged the code to have some `setOption`
member function to the relevant classes, using the `scudo::Option` class
enum to determine what is to be set.

This also fixes an issue where a static variable (`Ready`) was used in
templated functions without being set back to `false` every time.

Reviewers: pcc, eugenis, hctim, cferris

Subscribers: jfb, llvm-commits, #sanitizers

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D84667
2020-07-28 11:57:54 -07:00
Peter Collingbourne b83417aa7e scudo: Interleave odd and even tags for adjacent blocks.
This guarantees that we will detect a buffer overflow or underflow
that overwrites an adjacent block. This spatial guarantee is similar
to the temporal guarantee that we provide for immediate use-after-free.

Enabling odd/even tags involves a tradeoff between use-after-free
detection and buffer overflow detection. Odd/even tags make it more
likely for buffer overflows to be detected by increasing the size of
the guaranteed "red zone" around the allocation, but on the other
hand use-after-free is less likely to be detected because the tag
space for any particular chunk is cut in half. Therefore we introduce
a tuning setting to control whether odd/even tags are enabled.

Differential Revision: https://reviews.llvm.org/D84361
2020-07-23 15:09:13 -07:00
Peter Collingbourne 9b2164063f scudo: Remove some boilerplate from the combined allocator tests. NFCI.
Differential Revision: https://reviews.llvm.org/D84454
2020-07-23 12:21:56 -07:00
Mitch Phillips 4f029d1be4 [GWP-ASan] Split the unwinder into segv/non-segv.
Note: Resubmission with frame pointers force-enabled to fix builds with
-DCOMPILER_RT_BUILD_BUILTINS=False

Summary:
Splits the unwinder into a non-segv (for allocation/deallocation traces) and a
segv unwinder. This ensures that implementations can select an accurate, slower
unwinder in the segv handler (if they choose to use the GWP-ASan provided one).
This is important as fast frame-pointer unwinders (like the sanitizer unwinder)
don't like unwinding through signal handlers.

Reviewers: morehouse, cryptoad

Reviewed By: morehouse, cryptoad

Subscribers: cryptoad, mgorny, eugenis, pcc, #sanitizers

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D83994
2020-07-21 08:25:37 -07:00
Hans Wennborg ab6263c925 Revert 502f0cc0e3 "[GWP-ASan] Split the unwinder into segv/non-segv."
It was causing tests to fail in -DCOMPILER_RT_BUILD_BUILTINS=OFF builds:

   GwpAsan-Unittest :: ./GwpAsan-x86_64-Test/BacktraceGuardedPoolAllocator.DoubleFree
   GwpAsan-Unittest :: ./GwpAsan-x86_64-Test/BacktraceGuardedPoolAllocator.UseAfterFree

see comment on the code review.

> Summary:
> Splits the unwinder into a non-segv (for allocation/deallocation traces) and a
> segv unwinder. This ensures that implementations can select an accurate, slower
> unwinder in the segv handler (if they choose to use the GWP-ASan provided one).
> This is important as fast frame-pointer unwinders (like the sanitizer unwinder)
> don't like unwinding through signal handlers.
>
> Reviewers: morehouse, cryptoad
>
> Reviewed By: morehouse, cryptoad
>
> Subscribers: cryptoad, mgorny, eugenis, pcc, #sanitizers
>
> Tags: #sanitizers
>
> Differential Revision: https://reviews.llvm.org/D83994

This reverts commit 502f0cc0e3.
2020-07-21 11:18:07 +02:00
Mitch Phillips 502f0cc0e3 [GWP-ASan] Split the unwinder into segv/non-segv.
Summary:
Splits the unwinder into a non-segv (for allocation/deallocation traces) and a
segv unwinder. This ensures that implementations can select an accurate, slower
unwinder in the segv handler (if they choose to use the GWP-ASan provided one).
This is important as fast frame-pointer unwinders (like the sanitizer unwinder)
don't like unwinding through signal handlers.

Reviewers: morehouse, cryptoad

Reviewed By: morehouse, cryptoad

Subscribers: cryptoad, mgorny, eugenis, pcc, #sanitizers

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D83994
2020-07-17 12:59:47 -07:00
Christopher Ferris e7ac984dc0 [scudo][standalone] Allow Primary allocations to fail up multiple times.
Summary:
When enabling some malloc debug features on Android, multiple 32 bit
regions become exhausted, and the allocations fail. Allow allocations
to keep trying each bigger class in the Primary until it finds a fit.
In addition, some Android tests running on 32 bit fail sometimes due
to a running out of space in two regions, and then fail the allocation.

Reviewers: cryptoad

Reviewed By: cryptoad

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D82070
2020-06-18 11:46:39 -07:00
Peter Collingbourne 8fac07a12a scudo: Exclude previous tag when retagging freed memory.
This means that immediate use after free will be detected 100% of
the time.

Differential Revision: https://reviews.llvm.org/D79216
2020-05-01 09:35:38 -07:00
Evgenii Stepanov 45b7d44ecb [scudo] Zero- and pattern-initialization of memory.
Summary:
Implement pattern initialization of memory (excluding the secondary
allocator because it already has predictable memory contents).
Expose both zero and pattern initialization through the C API.

Reviewers: pcc, cryptoad

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D79133
2020-04-30 15:00:55 -07:00