Magic-Mirror/llvm-capstone
1
0
Fork 0
mirror of https://github.com/capstone-engine/llvm-capstone.git synced 2024-12-02 18:58:15 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Revert "[NFC][hwasan] Store shadow bytes early (#66682)"

Browse Source 
InvalidFreeReport prints invalid ptr/mem.

This reverts commit 7641c220a0.
This commit is contained in:
Vitaly Buka 2023-09-20 22:08:40 -07:00
parent b8f056de02
commit 6d9857167a
1 changed files with 48 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
compiler-rt/lib/hwasan/hwasan_report.cpp
View File

@ -25,7 +25,6 @@
#include "sanitizer_common/sanitizer_array_ref.h"
#include "sanitizer_common/sanitizer_common.h"
#include "sanitizer_common/sanitizer_flags.h"
#include "sanitizer_common/sanitizer_internal_defs.h"
#include "sanitizer_common/sanitizer_mutex.h"
#include "sanitizer_common/sanitizer_report_decorator.h"
#include "sanitizer_common/sanitizer_stackdepot.h"
@ -322,61 +321,56 @@ static uptr GetGlobalSizeFromDescriptor(uptr ptr) {
void ReportStats() {}
template <typename PrintTag>
static void PrintTagInfoAroundAddr(uptr addr, uptr num_rows,
InternalScopedString &s,
PrintTag print_tag) {
static void PrintTagInfoAroundAddr(tag_t *tag_ptr, uptr num_rows,
void (*print_tag)(InternalScopedString &s,
tag_t *tag)) {
const uptr row_len = 16; // better be power of two.
uptr center_row_beg = RoundDownTo(addr, row_len);
uptr beg_row = center_row_beg - row_len * (num_rows / 2);
uptr end_row = center_row_beg + row_len * ((num_rows + 1) / 2);
for (uptr row = beg_row; row < end_row; row += row_len) {
tag_t *center_row_beg = reinterpret_cast<tag_t *>(
RoundDownTo(reinterpret_cast<uptr>(tag_ptr), row_len));
tag_t *beg_row = center_row_beg - row_len * (num_rows / 2);
tag_t *end_row = center_row_beg + row_len * ((num_rows + 1) / 2);
InternalScopedString s;
for (tag_t *row = beg_row; row < end_row; row += row_len) {
s.Append(row == center_row_beg ? "=>" : " ");
s.AppendF("%p:", (void *)ShadowToMem(row));
s.AppendF("%p:", (void *)ShadowToMem(reinterpret_cast<uptr>(row)));
for (uptr i = 0; i < row_len; i++) {
s.Append(row + i == addr ? "[" : " ");
print_tag(s, row + i);
s.Append(row + i == addr ? "]" : " ");
s.Append(row + i == tag_ptr ? "[" : " ");
print_tag(s, &row[i]);
s.Append(row + i == tag_ptr ? "]" : " ");
}
s.AppendF("\n");
}
Printf("%s", s.data());
}
template <typename GetTag, typename GetShortTag>
static void PrintTagsAroundAddr(uptr addr, GetTag get_tag,
GetShortTag get_short_tag) {
InternalScopedString s;
addr = MemToShadow(addr);
s.AppendF(
static void PrintTagsAroundAddr(tag_t *tag_ptr) {
Printf(
"Memory tags around the buggy address (one tag corresponds to %zd "
"bytes):\n",
kShadowAlignment);
PrintTagInfoAroundAddr(addr, 17, s,
[&](InternalScopedString &s, uptr tag_addr) {
tag_t tag = get_tag(tag_addr);
s.AppendF("%02x", tag);
});
PrintTagInfoAroundAddr(tag_ptr, 17, [](InternalScopedString &s, tag_t *tag) {
s.AppendF("%02x", *tag);
});
s.AppendF(
Printf(
"Tags for short granules around the buggy address (one tag corresponds "
"to %zd bytes):\n",
kShadowAlignment);
PrintTagInfoAroundAddr(addr, 3, s,
[&](InternalScopedString &s, uptr tag_addr) {
tag_t tag = get_tag(tag_addr);
if (tag >= 1 && tag <= kShadowAlignment) {
tag_t short_tag = get_short_tag(tag_addr);
s.AppendF("%02x", short_tag);
} else {
s.AppendF("..");
}
});
s.AppendF(
PrintTagInfoAroundAddr(tag_ptr, 3, [](InternalScopedString &s, tag_t *tag) {
uptr granule_addr = ShadowToMem(reinterpret_cast<uptr>(tag));
if (*tag >= 1 && *tag <= kShadowAlignment &&
IsAccessibleMemoryRange(granule_addr, kShadowAlignment)) {
s.AppendF("%02x",
*reinterpret_cast<u8 *>(granule_addr + kShadowAlignment - 1));
} else {
s.AppendF("..");
}
});
Printf(
"See "
"https://clang.llvm.org/docs/"
"HardwareAssistedAddressSanitizerDesign.html#short-granules for a "
"description of short granule tags\n");
Printf("%s", s.data());
}
static uptr GetTopPc(const StackTrace *stack) {
@ -396,8 +390,7 @@ class BaseReport {
ptr_tag(GetTagFromPointer(tagged_addr)),
heap(CopyHeapChunk()),
allocations(CopyAllocations()),
candidate(FindBufferOverflowCandidate()),
shadow(CopyShadow()) {}
candidate(FindBufferOverflowCandidate()) {}
protected:
struct OverflowCandidate {
@ -435,15 +428,6 @@ class BaseReport {
bool is_allocated = false;
};
struct Shadow {
uptr addr = 0;
tag_t tags[512] = {};
tag_t short_tags[ARRAY_SIZE(tags)] = {};
};
Shadow CopyShadow() const;
tag_t GetTagCopy(uptr addr) const;
tag_t GetShortTagCopy(uptr addr) const;
HeapChunk CopyHeapChunk() const;
Allocations CopyAllocations();
OverflowCandidate FindBufferOverflowCandidate() const;
@ -463,49 +447,8 @@ class BaseReport {
const HeapChunk heap;
const Allocations allocations;
const OverflowCandidate candidate;
const Shadow shadow;
};
BaseReport::Shadow BaseReport::CopyShadow() const {
Shadow result;
if (!MemIsApp(untagged_addr))
return result;
result.addr = MemToShadow(untagged_addr) - ARRAY_SIZE(result.tags) / 2;
for (uptr i = 0; i < ARRAY_SIZE(result.tags); ++i) {
uptr tag_addr = result.addr + i;
if (!MemIsShadow(tag_addr))
continue;
result.tags[i] = *reinterpret_cast<tag_t *>(tag_addr);
uptr granule_addr = ShadowToMem(tag_addr);
if (1 <= result.tags[i] && result.tags[i] <= kShadowAlignment &&
IsAccessibleMemoryRange(granule_addr, kShadowAlignment)) {
result.short_tags[i] =
*reinterpret_cast<tag_t *>(granule_addr + kShadowAlignment - 1);
}
}
return result;
}
tag_t BaseReport::GetTagCopy(uptr addr) const {
if (addr < shadow.addr)
return 0;
uptr idx = addr - shadow.addr;
if (idx >= ARRAY_SIZE(shadow.tags))
return 0;
return shadow.tags[idx];
}
tag_t BaseReport::GetShortTagCopy(uptr addr) const {
if (addr < shadow.addr)
return 0;
uptr idx = addr - shadow.addr;
if (idx >= ARRAY_SIZE(shadow.short_tags))
return 0;
return shadow.short_tags[idx];
}
BaseReport::HeapChunk BaseReport::CopyHeapChunk() const {
HeapChunk result = {};
if (MemIsShadow(untagged_addr))
@ -778,6 +721,15 @@ class InvalidFreeReport : public BaseReport {
};
InvalidFreeReport::~InvalidFreeReport() {
tag_t *tag_ptr = nullptr;
tag_t mem_tag = 0;
if (MemIsApp(untagged_addr)) {
tag_ptr = reinterpret_cast<tag_t *>(MemToShadow(untagged_addr));
if (MemIsShadow(reinterpret_cast<uptr>(tag_ptr)))
mem_tag = *tag_ptr;
else
tag_ptr = nullptr;
}
Decorator d;
Printf("%s", d.Error());
uptr pc = GetTopPc(stack);
@ -791,19 +743,16 @@ InvalidFreeReport::~InvalidFreeReport() {
SanitizerToolName, bug_type, untagged_addr, pc);
}
Printf("%s", d.Access());
if (shadow.addr)
Printf("tags: %02x/%02x (ptr/mem)\n", ptr_tag, GetTagCopy(untagged_addr));
if (tag_ptr)
Printf("tags: %02x/%02x (ptr/mem)\n", ptr_tag, mem_tag);
Printf("%s", d.Default());
stack->Print();
PrintAddressDescription();
if (shadow.addr) {
PrintTagsAroundAddr(
untagged_addr, [&](uptr addr) { return GetTagCopy(addr); },
[&](uptr addr) { return GetShortTagCopy(addr); });
}
if (tag_ptr)
PrintTagsAroundAddr(tag_ptr);
MaybePrintAndroidHelpUrl();
ReportErrorSummary(bug_type, stack);
@ -885,9 +834,8 @@ TailOverwrittenReport::~TailOverwrittenReport() {
Printf("%s", s.data());
GetCurrentThread()->Announce();
PrintTagsAroundAddr(
untagged_addr, [&](uptr addr) { return GetTagCopy(addr); },
[&](uptr addr) { return GetShortTagCopy(addr); });
tag_t *tag_ptr = reinterpret_cast<tag_t*>(MemToShadow(untagged_addr));
PrintTagsAroundAddr(tag_ptr);
MaybePrintAndroidHelpUrl();
ReportErrorSummary(bug_type, stack);
@ -964,9 +912,7 @@ TagMismatchReport::~TagMismatchReport() {
PrintAddressDescription();
t->Announce();
PrintTagsAroundAddr(
untagged_addr + offset, [&](uptr addr) { return GetTagCopy(addr); },
[&](uptr addr) { return GetShortTagCopy(addr); });
PrintTagsAroundAddr(tag_ptr);
if (registers_frame)
ReportRegisters(registers_frame, pc);