diff options
author | Evgeniy Stepanov <eugeni.stepanov@gmail.com> | 2013-10-29 02:48:49 +0000 |
---|---|---|
committer | Evgeniy Stepanov <eugeni.stepanov@gmail.com> | 2013-10-29 02:48:49 +0000 |
commit | f3603890015c130420def39d67a02c2fdafc6f84 (patch) | |
tree | 61101f89f370946c082997dc6f6fe83363955ee0 | |
parent | 1767ec1c0d56bf9a4a5470ec5b28905e23892753 (diff) | |
download | compiler-rt-f3603890015c130420def39d67a02c2fdafc6f84.tar.gz compiler-rt-f3603890015c130420def39d67a02c2fdafc6f84.tar.bz2 compiler-rt-f3603890015c130420def39d67a02c2fdafc6f84.tar.xz |
[msan] Intercept shmat.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@193581 91177308-0d34-0410-b5e6-96231b3b80d8
-rw-r--r-- | lib/msan/msan_interceptors.cc | 17 | ||||
-rw-r--r-- | lib/msan/tests/msan_test.cc | 28 | ||||
-rw-r--r-- | lib/sanitizer_common/sanitizer_common_interceptors.inc | 2 | ||||
-rw-r--r-- | lib/sanitizer_common/sanitizer_common_syscalls.inc | 2 | ||||
-rw-r--r-- | lib/sanitizer_common/sanitizer_platform_limits_posix.cc | 22 | ||||
-rw-r--r-- | lib/sanitizer_common/sanitizer_platform_limits_posix.h | 39 |
6 files changed, 105 insertions, 5 deletions
diff --git a/lib/msan/msan_interceptors.cc b/lib/msan/msan_interceptors.cc index 842270dc..0c42e047 100644 --- a/lib/msan/msan_interceptors.cc +++ b/lib/msan/msan_interceptors.cc @@ -1157,6 +1157,22 @@ INTERCEPTOR(int, __cxa_atexit, void (*func)(void *), void *arg, return REAL(__cxa_atexit)(MSanAtExitWrapper, r, dso_handle); } +DECLARE_REAL(int, shmctl, int shmid, int cmd, void *buf) + +INTERCEPTOR(void *, shmat, int shmid, const void *shmaddr, int shmflg) { + ENSURE_MSAN_INITED(); + void *p = REAL(shmat)(shmid, shmaddr, shmflg); + if (p != (void *)-1) { + __sanitizer_shmid_ds ds; + int res = REAL(shmctl)(shmid, shmctl_ipc_stat, &ds); + if (!res) { + __msan_unpoison(p, ds.shm_segsz); + } + } + return p; +} + + struct MSanInterceptorContext { bool in_interceptor_scope; }; @@ -1459,6 +1475,7 @@ void InitializeInterceptors() { INTERCEPT_FUNCTION(pthread_join); INTERCEPT_FUNCTION(tzset); INTERCEPT_FUNCTION(__cxa_atexit); + INTERCEPT_FUNCTION(shmat); if (REAL(pthread_key_create)(&g_thread_finalize_key, &thread_finalize)) { Printf("MemorySanitizer: failed to create thread key\n"); diff --git a/lib/msan/tests/msan_test.cc b/lib/msan/tests/msan_test.cc index e6923828..dd9669be 100644 --- a/lib/msan/tests/msan_test.cc +++ b/lib/msan/tests/msan_test.cc @@ -1146,6 +1146,34 @@ TEST(MemorySanitizer, shmctl) { ASSERT_GT(res, -1); } +TEST(MemorySanitizer, shmat) { + void *p = mmap(NULL, 4096, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS, 0, 0); + ASSERT_NE(MAP_FAILED, p); + + ((char *)p)[10] = *GetPoisoned<U1>(); + ((char *)p)[4095] = *GetPoisoned<U1>(); + + int res = munmap(p, 4096); + ASSERT_EQ(0, res); + + int id = shmget(IPC_PRIVATE, 4096, 0644 | IPC_CREAT); + ASSERT_GT(id, -1); + + void *q = shmat(id, p, 0); + ASSERT_EQ(p, q); + + EXPECT_NOT_POISONED(((char *)q)[0]); + EXPECT_NOT_POISONED(((char *)q)[10]); + EXPECT_NOT_POISONED(((char *)q)[4095]); + + res = shmdt(q); + ASSERT_EQ(0, res); + + res = shmctl(id, IPC_RMID, 0); + ASSERT_GT(res, -1); +} + TEST(MemorySanitizer, random_r) { int32_t x; char z[64]; diff --git a/lib/sanitizer_common/sanitizer_common_interceptors.inc b/lib/sanitizer_common/sanitizer_common_interceptors.inc index e13df5c2..f5179e24 100644 --- a/lib/sanitizer_common/sanitizer_common_interceptors.inc +++ b/lib/sanitizer_common/sanitizer_common_interceptors.inc @@ -2512,7 +2512,7 @@ INTERCEPTOR(int, shmctl, int shmid, int cmd, void *buf) { if (res >= 0) { unsigned sz = 0; if (cmd == shmctl_ipc_stat || cmd == shmctl_shm_stat) - sz = struct_shmid_ds_sz; + sz = sizeof(__sanitizer_shmid_ds); else if (cmd == shmctl_ipc_info) sz = struct_shminfo_sz; else if (cmd == shmctl_shm_info) diff --git a/lib/sanitizer_common/sanitizer_common_syscalls.inc b/lib/sanitizer_common/sanitizer_common_syscalls.inc index 942ffc4c..0f500d63 100644 --- a/lib/sanitizer_common/sanitizer_common_syscalls.inc +++ b/lib/sanitizer_common/sanitizer_common_syscalls.inc @@ -2067,7 +2067,7 @@ PRE_SYSCALL(shmctl)(long shmid, long cmd, void *buf) {} POST_SYSCALL(shmctl)(long res, long shmid, long cmd, void *buf) { if (res >= 0) { - if (buf) POST_WRITE(buf, struct_shmid_ds_sz); + if (buf) POST_WRITE(buf, sizeof(__sanitizer_shmid_ds)); } } diff --git a/lib/sanitizer_common/sanitizer_platform_limits_posix.cc b/lib/sanitizer_common/sanitizer_platform_limits_posix.cc index 7aca7f7e..fb932bc1 100644 --- a/lib/sanitizer_common/sanitizer_platform_limits_posix.cc +++ b/lib/sanitizer_common/sanitizer_platform_limits_posix.cc @@ -168,7 +168,6 @@ namespace __sanitizer { unsigned struct_rlimit64_sz = sizeof(struct rlimit64); unsigned struct_timex_sz = sizeof(struct timex); unsigned struct_msqid_ds_sz = sizeof(struct msqid_ds); - unsigned struct_shmid_ds_sz = sizeof(struct shmid_ds); unsigned struct_mq_attr_sz = sizeof(struct mq_attr); unsigned struct_statvfs_sz = sizeof(struct statvfs); unsigned struct_statvfs64_sz = sizeof(struct statvfs64); @@ -927,4 +926,25 @@ CHECK_SIZE_AND_OFFSET(mntent, mnt_passno); CHECK_TYPE_SIZE(ether_addr); +#if SANITIZER_LINUX && !SANITIZER_ANDROID +CHECK_TYPE_SIZE(ipc_perm); +CHECK_SIZE_AND_OFFSET(ipc_perm, __key); +CHECK_SIZE_AND_OFFSET(ipc_perm, uid); +CHECK_SIZE_AND_OFFSET(ipc_perm, gid); +CHECK_SIZE_AND_OFFSET(ipc_perm, cuid); +CHECK_SIZE_AND_OFFSET(ipc_perm, cgid); +CHECK_SIZE_AND_OFFSET(ipc_perm, mode); +CHECK_SIZE_AND_OFFSET(ipc_perm, __seq); + +CHECK_TYPE_SIZE(shmid_ds); +CHECK_SIZE_AND_OFFSET(shmid_ds, shm_perm); +CHECK_SIZE_AND_OFFSET(shmid_ds, shm_segsz); +CHECK_SIZE_AND_OFFSET(shmid_ds, shm_atime); +CHECK_SIZE_AND_OFFSET(shmid_ds, shm_dtime); +CHECK_SIZE_AND_OFFSET(shmid_ds, shm_ctime); +CHECK_SIZE_AND_OFFSET(shmid_ds, shm_cpid); +CHECK_SIZE_AND_OFFSET(shmid_ds, shm_lpid); +CHECK_SIZE_AND_OFFSET(shmid_ds, shm_nattch); +#endif + #endif // SANITIZER_LINUX || SANITIZER_MAC diff --git a/lib/sanitizer_common/sanitizer_platform_limits_posix.h b/lib/sanitizer_common/sanitizer_platform_limits_posix.h index ae99403d..0b38d158 100644 --- a/lib/sanitizer_common/sanitizer_platform_limits_posix.h +++ b/lib/sanitizer_common/sanitizer_platform_limits_posix.h @@ -56,7 +56,6 @@ namespace __sanitizer { extern unsigned struct_old_utsname_sz; extern unsigned struct_oldold_utsname_sz; extern unsigned struct_msqid_ds_sz; - extern unsigned struct_shmid_ds_sz; extern unsigned struct_mq_attr_sz; extern unsigned struct_perf_event_attr_sz; extern unsigned struct_timex_sz; @@ -86,7 +85,43 @@ namespace __sanitizer { extern unsigned struct_rlimit64_sz; extern unsigned struct_statvfs_sz; extern unsigned struct_statvfs64_sz; -#endif // SANITIZER_LINUX && !SANITIZER_ANDROID + + struct __sanitizer_ipc_perm { + int __key; + int uid; + int gid; + int cuid; + int cgid; + unsigned short mode; + unsigned short __pad1; + unsigned short __seq; + unsigned short __pad2; + uptr __unused1; + uptr __unused2; + }; + + struct __sanitizer_shmid_ds { + __sanitizer_ipc_perm shm_perm; + uptr shm_segsz; + uptr shm_atime; + #ifndef _LP64 + uptr __unused1; + #endif + uptr shm_dtime; + #ifndef _LP64 + uptr __unused2; + #endif + uptr shm_ctime; + #ifndef _LP64 + uptr __unused3; + #endif + int shm_cpid; + int shm_lpid; + uptr shm_nattch; + uptr __unused4; + uptr __unused5; + }; + #endif // SANITIZER_LINUX && !SANITIZER_ANDROID struct __sanitizer_iovec { void *iov_base; |