[MSan] Move the access address check before the shadow access for that address

MSan used to insert the shadow check of the store pointer operand
_after_ the shadow of the value operand has been written.
This happens to work in the userspace, as the whole shadow range is
always mapped. However in the kernel the shadow page may not exist, so
the bug may cause a crash.

This patch moves the address check in front of the shadow access.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@318901 91177308-0d34-0410-b5e6-96231b3b80d8

lib/Transforms/Instrumentation/MemorySanitizer.cpp

@@ -830,10 +830,9 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> {
       StoreInst *NewSI =
           IRB.CreateAlignedStore(Shadow, ShadowPtr, SI->getAlignment());
       DEBUG(dbgs() << "  STORE: " << *NewSI << "\n");
-      (void)NewSI;
 
       if (ClCheckAccessAddress)
-        insertShadowCheck(Addr, SI);
+        insertShadowCheck(Addr, NewSI);
 
       if (SI->isAtomic())
         SI->setOrdering(addReleaseOrdering(SI->getOrdering()));

test/Instrumentation/MemorySanitizer/check_access_address.ll

@@ -26,3 +26,25 @@ entry:
 ; CHECK-LABEL: @ByValArgumentShadowSmallAlignment
 ; CHECK: call void @llvm.memcpy.p0i8.p0i8.i64(i8* {{.*}}, i8* {{.*}}, i64 2, i32 2, i1 false)
 ; CHECK: ret i16
+
+
+; Check instrumentation of stores. The check must precede the shadow store.
+
+define void @Store(i32* nocapture %p, i32 %x) nounwind uwtable sanitize_memory {
+entry:
+  store i32 %x, i32* %p, align 4
+  ret void
+}
+
+; CHECK-LABEL: @Store
+; CHECK: load {{.*}} @__msan_param_tls
+; CHECK: icmp
+; CHECK: br i1
+; CHECK: <label>
+; CHECK: call void @__msan_warning_noreturn
+; CHECK: <label>
+; CHECK: store
+; CHECK: store i32 %x
+; CHECK: ret void
+
+