summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRussell Gallop <russell.gallop@gmail.com>2019-10-10 10:56:52 +0000
committerRussell Gallop <russell.gallop@gmail.com>2019-10-10 10:56:52 +0000
commitfe7f65b081d5d0b32270cb1a82e2ee9a0391a6d1 (patch)
tree539951269a99d4d5fd5a3194400a4fe61d451fec
parent640d7e0a87981f53799ad7394c4cb93c928338c4 (diff)
downloadcompiler-rt-fe7f65b081d5d0b32270cb1a82e2ee9a0391a6d1.tar.gz
Revert "[ASan] Do not misrepresent high value address dereferences as null dereferences"
As it was breaking bots running sanitizer lint check This reverts r374265 (git b577efe4567f1f6a711ad36e1d17280dd1c4f009) git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@374308 91177308-0d34-0410-b5e6-96231b3b80d8
-rw-r--r--lib/asan/asan_errors.h3
-rw-r--r--lib/sanitizer_common/sanitizer_common.h9
-rw-r--r--lib/sanitizer_common/sanitizer_linux.cpp6
-rw-r--r--lib/sanitizer_common/sanitizer_mac.cpp6
-rw-r--r--lib/sanitizer_common/sanitizer_symbolizer_report.cpp17
-rw-r--r--lib/sanitizer_common/sanitizer_win.cpp5
-rw-r--r--test/asan/TestCases/Posix/high-address-dereference.c50
7 files changed, 6 insertions, 90 deletions
diff --git a/lib/asan/asan_errors.h b/lib/asan/asan_errors.h
index a7fda2fd9..b84f56c18 100644
--- a/lib/asan/asan_errors.h
+++ b/lib/asan/asan_errors.h
@@ -48,8 +48,7 @@ struct ErrorDeadlySignal : ErrorBase {
scariness.Scare(10, "stack-overflow");
} else if (!signal.is_memory_access) {
scariness.Scare(10, "signal");
- } else if (signal.is_true_faulting_addr &&
- signal.addr < GetPageSizeCached()) {
+ } else if (signal.addr < GetPageSizeCached()) {
scariness.Scare(10, "null-deref");
} else if (signal.addr == signal.pc) {
scariness.Scare(60, "wild-jump");
diff --git a/lib/sanitizer_common/sanitizer_common.h b/lib/sanitizer_common/sanitizer_common.h
index 87b8f02b5..ad056df38 100644
--- a/lib/sanitizer_common/sanitizer_common.h
+++ b/lib/sanitizer_common/sanitizer_common.h
@@ -881,11 +881,6 @@ struct SignalContext {
bool is_memory_access;
enum WriteFlag { UNKNOWN, READ, WRITE } write_flag;
- // In some cases the kernel cannot provide the true faulting address; `addr`
- // will be zero then. This field allows to distinguish between these cases
- // and dereferences of null.
- bool is_true_faulting_addr;
-
// VS2013 doesn't implement unrestricted unions, so we need a trivial default
// constructor
SignalContext() = default;
@@ -898,8 +893,7 @@ struct SignalContext {
context(context),
addr(GetAddress()),
is_memory_access(IsMemoryAccess()),
- write_flag(GetWriteFlag()),
- is_true_faulting_addr(IsTrueFaultingAddress()) {
+ write_flag(GetWriteFlag()) {
InitPcSpBp();
}
@@ -920,7 +914,6 @@ struct SignalContext {
uptr GetAddress() const;
WriteFlag GetWriteFlag() const;
bool IsMemoryAccess() const;
- bool IsTrueFaultingAddress() const;
};
void InitializePlatformEarly();
diff --git a/lib/sanitizer_common/sanitizer_linux.cpp b/lib/sanitizer_common/sanitizer_linux.cpp
index 0b53da6c3..d23009075 100644
--- a/lib/sanitizer_common/sanitizer_linux.cpp
+++ b/lib/sanitizer_common/sanitizer_linux.cpp
@@ -1849,12 +1849,6 @@ SignalContext::WriteFlag SignalContext::GetWriteFlag() const {
#endif
}
-bool SignalContext::IsTrueFaultingAddress() const {
- auto si = static_cast<const siginfo_t *>(siginfo);
- // SIGSEGV signals without a true fault address have si_code set to 128.
- return si->si_signo == SIGSEGV && si->si_code != 128;
-}
-
void SignalContext::DumpAllRegisters(void *context) {
// FIXME: Implement this.
}
diff --git a/lib/sanitizer_common/sanitizer_mac.cpp b/lib/sanitizer_common/sanitizer_mac.cpp
index ea4bd02aa..8eb1dfbde 100644
--- a/lib/sanitizer_common/sanitizer_mac.cpp
+++ b/lib/sanitizer_common/sanitizer_mac.cpp
@@ -754,12 +754,6 @@ SignalContext::WriteFlag SignalContext::GetWriteFlag() const {
#endif
}
-bool SignalContext::IsTrueFaultingAddress() const {
- auto si = static_cast<const siginfo_t *>(siginfo);
- // "Real" SIGSEGV codes (e.g., SEGV_MAPERR, SEGV_MAPERR) are non-zero.
- return si->si_signo == SIGSEGV && si->si_code != 0;
-}
-
static void GetPcSpBp(void *context, uptr *pc, uptr *sp, uptr *bp) {
ucontext_t *ucontext = (ucontext_t*)context;
# if defined(__aarch64__)
diff --git a/lib/sanitizer_common/sanitizer_symbolizer_report.cpp b/lib/sanitizer_common/sanitizer_symbolizer_report.cpp
index fe9ea1a82..d6699f3ed 100644
--- a/lib/sanitizer_common/sanitizer_symbolizer_report.cpp
+++ b/lib/sanitizer_common/sanitizer_symbolizer_report.cpp
@@ -191,14 +191,9 @@ static void ReportDeadlySignalImpl(const SignalContext &sig, u32 tid,
SanitizerCommonDecorator d;
Printf("%s", d.Warning());
const char *description = sig.Describe();
- if (sig.is_memory_access && !sig.is_true_faulting_addr)
- Report("ERROR: %s: %s on unknown address (pc %p bp %p sp %p T%d)\n",
- SanitizerToolName, description, (void *)sig.pc, (void *)sig.bp,
- (void *)sig.sp, tid);
- else
- Report("ERROR: %s: %s on unknown address %p (pc %p bp %p sp %p T%d)\n",
- SanitizerToolName, description, (void *)sig.addr, (void *)sig.pc,
- (void *)sig.bp, (void *)sig.sp, tid);
+ Report("ERROR: %s: %s on unknown address %p (pc %p bp %p sp %p T%d)\n",
+ SanitizerToolName, description, (void *)sig.addr, (void *)sig.pc,
+ (void *)sig.bp, (void *)sig.sp, tid);
Printf("%s", d.Default());
if (sig.pc < GetPageSizeCached())
Report("Hint: pc points to the zero page.\n");
@@ -208,11 +203,7 @@ static void ReportDeadlySignalImpl(const SignalContext &sig, u32 tid,
? "WRITE"
: (sig.write_flag == SignalContext::READ ? "READ" : "UNKNOWN");
Report("The signal is caused by a %s memory access.\n", access_type);
- if (!sig.is_true_faulting_addr)
- Report("Hint: this fault was caused by a dereference of a high value "
- "address (see registers below). Dissassemble the provided pc "
- "to learn which register value was used.\n");
- else if (sig.addr < GetPageSizeCached())
+ if (sig.addr < GetPageSizeCached())
Report("Hint: address points to the zero page.\n");
}
MaybeReportNonExecRegion(sig.pc);
diff --git a/lib/sanitizer_common/sanitizer_win.cpp b/lib/sanitizer_common/sanitizer_win.cpp
index 95e788217..ce2a4314a 100644
--- a/lib/sanitizer_common/sanitizer_win.cpp
+++ b/lib/sanitizer_common/sanitizer_win.cpp
@@ -945,11 +945,6 @@ bool SignalContext::IsMemoryAccess() const {
return GetWriteFlag() != SignalContext::UNKNOWN;
}
-bool SignalContext::IsTrueFaultingAddress() const {
- // TODO: Provide real implementation for this. See Linux and Mac variants.
- return IsMemoryAccess();
-}
-
SignalContext::WriteFlag SignalContext::GetWriteFlag() const {
EXCEPTION_RECORD *exception_record = (EXCEPTION_RECORD *)siginfo;
// The contents of this array are documented at
diff --git a/test/asan/TestCases/Posix/high-address-dereference.c b/test/asan/TestCases/Posix/high-address-dereference.c
deleted file mode 100644
index 785033028..000000000
--- a/test/asan/TestCases/Posix/high-address-dereference.c
+++ /dev/null
@@ -1,50 +0,0 @@
-// On x86_64, the kernel does not provide the faulting address for dereferences
-// of addresses greater than the 48-bit hardware addressable range, i.e.,
-// `siginfo.si_addr` is zero in ASan's SEGV signal handler. This test checks
-// that ASan does not misrepresent such cases as "NULL dereferences".
-
-// REQUIRES: x86_64-target-arch
-// RUN: %clang_asan %s -o %t
-// RUN: export %env_asan_opts=print_scariness=1
-// RUN: not %run %t 0x0000000000000000 2>&1 | FileCheck %s --check-prefixes=ZERO,HINT-PAGE0
-// RUN: not %run %t 0x0000000000000FFF 2>&1 | FileCheck %s --check-prefixes=LOW1,HINT-PAGE0
-// RUN: not %run %t 0x0000000000001000 2>&1 | FileCheck %s --check-prefixes=LOW2,HINT-NONE
-// RUN: not %run %t 0x4141414141414141 2>&1 | FileCheck %s --check-prefixes=HIGH,HINT-HIGHADDR
-// RUN: not %run %t 0xFFFFFFFFFFFFFFFF 2>&1 | FileCheck %s --check-prefixes=MAX,HINT-HIGHADDR
-
-#include <stdint.h>
-#include <stdlib.h>
-
-int main(int argc, const char *argv[]) {
- const char *hex = argv[1];
- uint64_t *addr = (uint64_t *)strtoull(hex, NULL, 16);
- uint64_t x = *addr; // segmentation fault
- return x;
-}
-
-// ZERO: SEGV on unknown address 0x000000000000 (pc
-// LOW1: SEGV on unknown address 0x000000000fff (pc
-// LOW2: SEGV on unknown address 0x000000001000 (pc
-// HIGH: SEGV on unknown address (pc
-// MAX: SEGV on unknown address (pc
-
-// HINT-PAGE0-NOT: Hint: this fault was caused by a dereference of a high value address
-// HINT-PAGE0: Hint: address points to the zero page.
-
-// HINT-NONE-NOT: Hint: this fault was caused by a dereference of a high value address
-// HINT-NONE-NOT: Hint: address points to the zero page.
-
-// HINT-HIGHADDR: Hint: this fault was caused by a dereference of a high value address
-// HINT-HIGHADDR-NOT: Hint: address points to the zero page.
-
-// ZERO: SCARINESS: 10 (null-deref)
-// LOW1: SCARINESS: 10 (null-deref)
-// LOW2: SCARINESS: 20 (wild-addr-read)
-// HIGH: SCARINESS: 20 (wild-addr-read)
-// MAX: SCARINESS: 20 (wild-addr-read)
-
-// TODO: Currently, register values are only printed on Mac. Once this changes,
-// remove the 'TODO_' prefix in the following lines.
-// TODO_HIGH,TODO_MAX: Register values:
-// TODO_HIGH: = 0x4141414141414141
-// TODO_MAX: = 0xffffffffffffffff