diff options
| author | Kostya Serebryany <kcc@google.com> | 2018-08-30 23:22:26 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2018-08-30 23:22:26 +0000 |
| commit | 347b989cefdca2bd0272086ce3923199a5667aa3 (patch) | |
| tree | d49ea75396553cb674b6155851c55be0391954e6 | |
| parent | fc934cd916fa44fb439dae50c1dbcef1c58588cd (diff) | |
| download | bcm5719-llvm-347b989cefdca2bd0272086ce3923199a5667aa3.tar.gz bcm5719-llvm-347b989cefdca2bd0272086ce3923199a5667aa3.zip | |
[hwasan] fix the linux-only pthread_create interceptor and reinstate the two threaded tests
llvm-svn: 341143
| -rw-r--r-- | compiler-rt/lib/hwasan/hwasan_interceptors.cc | 15 | ||||
| -rw-r--r-- | compiler-rt/lib/hwasan/hwasan_thread.h | 11 | ||||
| -rw-r--r-- | compiler-rt/test/hwasan/TestCases/many-threads-uaf.c | 37 | ||||
| -rw-r--r-- | compiler-rt/test/hwasan/TestCases/thread-uaf.c | 26 |
4 files changed, 77 insertions, 12 deletions
diff --git a/compiler-rt/lib/hwasan/hwasan_interceptors.cc b/compiler-rt/lib/hwasan/hwasan_interceptors.cc index 3c892c5c693..8512c049c57 100644 --- a/compiler-rt/lib/hwasan/hwasan_interceptors.cc +++ b/compiler-rt/lib/hwasan/hwasan_interceptors.cc @@ -292,14 +292,6 @@ INTERCEPTOR(void *, malloc, SIZE_T size) { extern "C" int pthread_attr_init(void *attr); extern "C" int pthread_attr_destroy(void *attr); -struct ThreadStartArg { - thread_callback_t callback; - void *param; - // TODO: something crazy is going on with pthread_create overwriting parts - // of the stack, hense the padding. - char padding[1000]; -}; - static void *HwasanThreadStartFunc(void *arg) { __hwasan_thread_enter(); ThreadStartArg *A = reinterpret_cast<ThreadStartArg*>(arg); @@ -309,11 +301,10 @@ static void *HwasanThreadStartFunc(void *arg) { INTERCEPTOR(int, pthread_create, void *th, void *attr, void *(*callback)(void*), void * param) { ScopedTaggingDisabler disabler; - ThreadStartArg A; - A.callback = callback; - A.param = param; + ThreadStartArg *A = GetCurrentThread()->thread_start_arg(); + *A = {callback, param}; int res = REAL(pthread_create)(UntagPtr(th), UntagPtr(attr), - &HwasanThreadStartFunc, &A); + &HwasanThreadStartFunc, A); return res; } #endif // HWASAN_WITH_INTERCEPTORS diff --git a/compiler-rt/lib/hwasan/hwasan_thread.h b/compiler-rt/lib/hwasan/hwasan_thread.h index 16df85e6a69..11ecf2f10ce 100644 --- a/compiler-rt/lib/hwasan/hwasan_thread.h +++ b/compiler-rt/lib/hwasan/hwasan_thread.h @@ -19,6 +19,11 @@ namespace __hwasan { +struct ThreadStartArg { + thread_callback_t callback; + void *param; +}; + class Thread { public: static Thread *Create(thread_callback_t start_routine, void *arg); @@ -70,6 +75,10 @@ class Thread { } } + // Return a scratch ThreadStartArg object to be used in + // pthread_create interceptor. + ThreadStartArg *thread_start_arg() { return &thread_start_arg_; } + private: // NOTE: There is no Thread constructor. It is allocated // via mmap() and *must* be valid in zero-initialized state. @@ -99,6 +108,8 @@ class Thread { static Thread *main_thread; u32 tagging_disabled_; // if non-zero, malloc uses zero tag in this thread. + + ThreadStartArg thread_start_arg_; }; Thread *GetCurrentThread(); diff --git a/compiler-rt/test/hwasan/TestCases/many-threads-uaf.c b/compiler-rt/test/hwasan/TestCases/many-threads-uaf.c new file mode 100644 index 00000000000..7ee35541e03 --- /dev/null +++ b/compiler-rt/test/hwasan/TestCases/many-threads-uaf.c @@ -0,0 +1,37 @@ +// RUN: %clang_hwasan %s -o %t && not %run %t 2>&1 | FileCheck %s +// REQUIRES: stable-runtime + +#include <pthread.h> +#include <stdlib.h> +#include <stdio.h> + +#include <sanitizer/hwasan_interface.h> + +void *BoringThread(void *arg) { + char * volatile x = (char*)malloc(10); + x[5] = 0; + free(x); + return NULL; +} + +void *UAFThread(void *arg) { + char * volatile x = (char*)malloc(10); + fprintf(stderr, "ZZZ %p\n", x); + free(x); + x[5] = 42; + // CHECK: ERROR: HWAddressSanitizer: tag-mismatch on address + // CHECK: WRITE of size 1 + // CHECK: many-threads-uaf.c:[[@LINE-3]] + return NULL; +} + +int main() { + __hwasan_enable_allocator_tagging(); + pthread_t t; + for (int i = 0; i < 1100; i++) { + pthread_create(&t, NULL, BoringThread, NULL); + pthread_join(t, NULL); + } + pthread_create(&t, NULL, UAFThread, NULL); + pthread_join(t, NULL); +} diff --git a/compiler-rt/test/hwasan/TestCases/thread-uaf.c b/compiler-rt/test/hwasan/TestCases/thread-uaf.c new file mode 100644 index 00000000000..f64cebaab0c --- /dev/null +++ b/compiler-rt/test/hwasan/TestCases/thread-uaf.c @@ -0,0 +1,26 @@ +// RUN: %clang_hwasan %s -o %t && not %run %t 2>&1 | FileCheck %s +// REQUIRES: stable-runtime + +#include <pthread.h> +#include <stdlib.h> +#include <stdio.h> + +#include <sanitizer/hwasan_interface.h> + +void *Thread(void *arg) { + char * volatile x = (char*)malloc(10); + fprintf(stderr, "ZZZ %p\n", x); + free(x); + x[5] = 42; + // CHECK: ERROR: HWAddressSanitizer: tag-mismatch on address + // CHECK: WRITE of size 1 + // CHECK: thread-uaf.c:[[@LINE-3]] + return NULL; +} + +int main() { + __hwasan_enable_allocator_tagging(); + pthread_t t; + pthread_create(&t, NULL, Thread, NULL); + pthread_join(t, NULL); +} |
