From b4b5006be54e8f87b690e1ef3eda47b5d52a6128 Mon Sep 17 00:00:00 2001 From: Kirill Stoimenov Date: Sat, 18 Feb 2023 00:02:06 +0000 Subject: [PATCH] [LSAN] Mask out tags from pointers on ARM in MaybeUserPointer heuristic This caused false positives because the existing logic was not taking into account that pointers could have a tag in them. Reviewed By: vitalybuka Differential Revision: https://reviews.llvm.org/D144305 --- compiler-rt/lib/lsan/lsan_common.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/compiler-rt/lib/lsan/lsan_common.cpp b/compiler-rt/lib/lsan/lsan_common.cpp index e1eb31a..8c7195a 100644 --- a/compiler-rt/lib/lsan/lsan_common.cpp +++ b/compiler-rt/lib/lsan/lsan_common.cpp @@ -270,13 +270,17 @@ static inline bool MaybeUserPointer(uptr p) { if (p < kMinAddress) return false; # if defined(__x86_64__) + // TODO: add logic similar to ARM when Intel LAM is available. // Accept only canonical form user-space addresses. return ((p >> 47) == 0); # elif defined(__mips64) return ((p >> 40) == 0); # elif defined(__aarch64__) + // TBI (Top Byte Ignore) feature of AArch64: bits [63:56] are ignored in + // address translation and can be used to store a tag. + constexpr uptr kPointerMask = 255ULL << 48; // Accept up to 48 bit VMA. - return ((p >> 48) == 0); + return ((p & kPointerMask) == 0); # elif defined(__loongarch_lp64) // Allow 47-bit user-space VMA at current. return ((p >> 47) == 0); -- 2.7.4