From d961f66b28c592d3d34664b613c193cb3f75dd79 Mon Sep 17 00:00:00 2001 From: Enna1 Date: Fri, 28 Apr 2023 16:59:41 +0800 Subject: [PATCH] [hwasan] fix false positive when hwasan-match-all-tag flag is enabled and short granules are used When hwasan-match-all-tag flag is enabled and short granules are used, at the point checking if this is a short tag case, the tag from pointer is stored in X16 register, which breaks the assumption that tag from shadow memory is stored in X16 register, this will cause a false positive. Reviewed By: vitalybuka Differential Revision: https://reviews.llvm.org/D149252 --- .../hwasan/TestCases/short-granule-and-match-all-tag.cpp | 12 ++++++++++++ llvm/lib/Target/AArch64/AArch64AsmPrinter.cpp | 4 ++-- llvm/test/CodeGen/AArch64/hwasan-check-memaccess.ll | 8 ++++---- 3 files changed, 18 insertions(+), 6 deletions(-) create mode 100644 compiler-rt/test/hwasan/TestCases/short-granule-and-match-all-tag.cpp diff --git a/compiler-rt/test/hwasan/TestCases/short-granule-and-match-all-tag.cpp b/compiler-rt/test/hwasan/TestCases/short-granule-and-match-all-tag.cpp new file mode 100644 index 0000000..5d23ecc --- /dev/null +++ b/compiler-rt/test/hwasan/TestCases/short-granule-and-match-all-tag.cpp @@ -0,0 +1,12 @@ +// RUN: %clang_hwasan -mllvm -hwasan-match-all-tag=0 %s -o %t && %run %t + +#include +#include + +int main() { + __hwasan_enable_allocator_tagging(); + char *x = (char *)malloc(40); + char volatile z = *x; + free(x); + return 0; +} diff --git a/llvm/lib/Target/AArch64/AArch64AsmPrinter.cpp b/llvm/lib/Target/AArch64/AArch64AsmPrinter.cpp index 1c9a790..9e433db 100644 --- a/llvm/lib/Target/AArch64/AArch64AsmPrinter.cpp +++ b/llvm/lib/Target/AArch64/AArch64AsmPrinter.cpp @@ -531,14 +531,14 @@ void AArch64AsmPrinter::emitHwasanMemaccessSymbols(Module &M) { if (HasMatchAllTag) { OutStreamer->emitInstruction(MCInstBuilder(AArch64::UBFMXri) - .addReg(AArch64::X16) + .addReg(AArch64::X17) .addReg(Reg) .addImm(56) .addImm(63), *STI); OutStreamer->emitInstruction(MCInstBuilder(AArch64::SUBSXri) .addReg(AArch64::XZR) - .addReg(AArch64::X16) + .addReg(AArch64::X17) .addImm(MatchAllTag) .addImm(0), *STI); diff --git a/llvm/test/CodeGen/AArch64/hwasan-check-memaccess.ll b/llvm/test/CodeGen/AArch64/hwasan-check-memaccess.ll index 3aff1c2..f5f31e79 100644 --- a/llvm/test/CodeGen/AArch64/hwasan-check-memaccess.ll +++ b/llvm/test/CodeGen/AArch64/hwasan-check-memaccess.ll @@ -104,8 +104,8 @@ declare void @llvm.hwasan.check.memaccess.shortgranules(ptr, ptr, i32) ; CHECK-NEXT: .Ltmp6: ; CHECK-NEXT: ret ; CHECK-NEXT: .Ltmp5: -; CHECK-NEXT: lsr x16, x1, #56 -; CHECK-NEXT: cmp x16, #255 +; CHECK-NEXT: lsr x17, x1, #56 +; CHECK-NEXT: cmp x17, #255 ; CHECK-NEXT: b.eq .Ltmp6 ; CHECK-NEXT: stp x0, x1, [sp, #-256]! ; CHECK-NEXT: stp x29, x30, [sp, #232] @@ -121,8 +121,8 @@ declare void @llvm.hwasan.check.memaccess.shortgranules(ptr, ptr, i32) ; CHECK-NEXT: .Ltmp8: ; CHECK-NEXT: ret ; CHECK-NEXT: .Ltmp7: -; CHECK-NEXT: lsr x16, x1, #56 -; CHECK-NEXT: cmp x16, #0 +; CHECK-NEXT: lsr x17, x1, #56 +; CHECK-NEXT: cmp x17, #0 ; CHECK-NEXT: b.eq .Ltmp8 ; CHECK-NEXT: cmp w16, #15 ; CHECK-NEXT: b.hi .Ltmp9 -- 2.7.4