From 3d8f49a6bf6eb0912e66c43a2b3fe890ca385b74 Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Tue, 4 Sep 2018 23:26:08 +0000 Subject: [PATCH] [hwasan] add a unique id to a thread and add debug prints for thread creation/destruction llvm-svn: 341428 --- compiler-rt/lib/hwasan/hwasan_flags.inc | 2 ++ compiler-rt/lib/hwasan/hwasan_thread.cc | 11 +++++++++++ compiler-rt/lib/hwasan/hwasan_thread.h | 3 +++ compiler-rt/test/hwasan/TestCases/many-threads-uaf.c | 9 ++++++++- 4 files changed, 24 insertions(+), 1 deletion(-) diff --git a/compiler-rt/lib/hwasan/hwasan_flags.inc b/compiler-rt/lib/hwasan/hwasan_flags.inc index cd04f53..fa54242 100644 --- a/compiler-rt/lib/hwasan/hwasan_flags.inc +++ b/compiler-rt/lib/hwasan/hwasan_flags.inc @@ -17,6 +17,8 @@ // HWASAN_FLAG(Type, Name, DefaultValue, Description) // See COMMON_FLAG in sanitizer_flags.inc for more details. +HWASAN_FLAG(bool, verbose_threads, false, + "inform on thread creation/destruction") HWASAN_FLAG(bool, tag_in_malloc, true, "") HWASAN_FLAG(bool, tag_in_free, true, "") HWASAN_FLAG(bool, print_stats, false, "") diff --git a/compiler-rt/lib/hwasan/hwasan_thread.cc b/compiler-rt/lib/hwasan/hwasan_thread.cc index 653c99f..6bf3ad4 100644 --- a/compiler-rt/lib/hwasan/hwasan_thread.cc +++ b/compiler-rt/lib/hwasan/hwasan_thread.cc @@ -59,6 +59,7 @@ void Thread::RemoveFromThreadList(Thread *t) { Thread *Thread::Create(thread_callback_t start_routine, void *arg) { + static u64 unique_id; uptr PageSize = GetPageSizeCached(); uptr size = RoundUpTo(sizeof(Thread), PageSize); Thread *thread = (Thread*)MmapOrDie(size, __func__); @@ -68,6 +69,7 @@ Thread *Thread::Create(thread_callback_t start_routine, thread->random_state_ = flags()->random_tags ? RandomSeed() : 0; if (auto sz = flags()->heap_history_size) thread->heap_allocations_ = RingBuffer::New(sz); + thread->unique_id_ = unique_id++; InsertIntoThreadList(thread); return thread; } @@ -99,6 +101,8 @@ void Thread::Init() { CHECK(MemIsApp(stack_bottom_)); CHECK(MemIsApp(stack_top_ - 1)); } + if (flags()->verbose_threads) + Print("Creating "); } void Thread::ClearShadowForThreadStackAndTLS() { @@ -109,6 +113,8 @@ void Thread::ClearShadowForThreadStackAndTLS() { } void Thread::Destroy() { + if (flags()->verbose_threads) + Print("Destroying"); malloc_storage().CommitBack(); ClearShadowForThreadStackAndTLS(); RemoveFromThreadList(this); @@ -119,6 +125,11 @@ void Thread::Destroy() { DTLS_Destroy(); } +void Thread::Print(const char *Prefix) { + Printf("%s: thread %p id: %zd stack: [%p,%p) tls: [%p,%p)\n", Prefix, this, + unique_id_, stack_bottom(), stack_top(), tls_begin(), tls_end()); +} + static u32 xorshift(u32 state) { state ^= state << 13; state ^= state >> 17; diff --git a/compiler-rt/lib/hwasan/hwasan_thread.h b/compiler-rt/lib/hwasan/hwasan_thread.h index 11ecf2f..0172935 100644 --- a/compiler-rt/lib/hwasan/hwasan_thread.h +++ b/compiler-rt/lib/hwasan/hwasan_thread.h @@ -84,6 +84,7 @@ class Thread { // via mmap() and *must* be valid in zero-initialized state. void SetThreadStackAndTls(); void ClearShadowForThreadStackAndTLS(); + void Print(const char *prefix); thread_callback_t start_routine_; void *arg_; uptr stack_top_; @@ -107,6 +108,8 @@ class Thread { static SpinMutex thread_list_mutex; static Thread *main_thread; + u64 unique_id_; // counting from zero. + u32 tagging_disabled_; // if non-zero, malloc uses zero tag in this thread. ThreadStartArg thread_start_arg_; diff --git a/compiler-rt/test/hwasan/TestCases/many-threads-uaf.c b/compiler-rt/test/hwasan/TestCases/many-threads-uaf.c index 7ee3554..4f58b3e 100644 --- a/compiler-rt/test/hwasan/TestCases/many-threads-uaf.c +++ b/compiler-rt/test/hwasan/TestCases/many-threads-uaf.c @@ -1,4 +1,4 @@ -// RUN: %clang_hwasan %s -o %t && not %run %t 2>&1 | FileCheck %s +// RUN: %clang_hwasan %s -o %t && not %env_hwasan_opts=verbose_threads=1 %run %t 2>&1 | FileCheck %s // REQUIRES: stable-runtime #include @@ -14,6 +14,13 @@ void *BoringThread(void *arg) { return NULL; } +// CHECK: Creating : thread {{.*}} id: 0 +// CHECK: Creating : thread {{.*}} id: 1 +// CHECK: Destroying: thread {{.*}} id: 1 +// CHECK: Creating : thread {{.*}} id: 1100 +// CHECK: Destroying: thread {{.*}} id: 1100 +// CHECK: Creating : thread {{.*}} id: 1101 + void *UAFThread(void *arg) { char * volatile x = (char*)malloc(10); fprintf(stderr, "ZZZ %p\n", x); -- 2.7.4