[scudo] Add hooks to mark the range of realloc (#74353)

`realloc` may involve both allocation and deallocation. Given that the
reporting the events is not atomic and which may lead the hook user to

[scudo] Add hooks to mark the range of realloc (#74353)

`realloc` may involve both allocation and deallocation. Given that the
reporting the events is not atomic and which may lead the hook user to a
false case that the double-use pattern happens. In general, this can be
resolved on the hook side. To alleviate the task of handling it, we add
two new hooks to mark the range so that the hook user can combine those
calls together.

show more ...

[scudo] Fix realloc hooks behavior (#74149)

`realloc` may involve both allocation and deallocation. Given that the
reporting the events is not atomic and which may lead the hook user to a
false ca

[scudo] Fix realloc hooks behavior (#74149)

`realloc` may involve both allocation and deallocation. Given that the
reporting the events is not atomic and which may lead the hook user to a
false case that the double-use pattern happens, we always report the old
pointer is released and report the new allocation afterward (even it's
the same pointer).

This also fixes that we didn't report the new size when it doesn't need
to allocate a new space.

show more ...

Fix-forward a -Wconversion scudo bug.

Related to fd1721d8609791c89102bd7f922fe92056535157, fix up a
signed-unsigned type comparison bug.

[scudo] Add -Wconversion for tests and clean-up warnings. (#66147)

Fix all the places where the tests are doing implicit conversions.

[scudo] Add SCUDO_ENABLE_HOOKS to enable hooks at compilation time

Accessing the PLT entries of hooks can lead a certain amount of
performance overhead. This is observed on certain tasks which will

[scudo] Add SCUDO_ENABLE_HOOKS to enable hooks at compilation time

Accessing the PLT entries of hooks can lead a certain amount of
performance overhead. This is observed on certain tasks which will do a
bunch of malloc/free and their throughputs are impacted by the null
check of hooks.

Also add SCUDO_ENABLE_HOOKS_TESTS to select if we want to run the hook
tests. On some platforms they may have different ways to run the
wrappers tests (end-to-end tests) and test the hooks along with the
wrappers tests may not be feasible. Provide an option to turn it ON/OFF.

By default, we only verify the hook behavior in the scudo standalone
tests if SCUDO_ENABLE_HOOKS is defined or COMPILER_RT_DEBUG is true.

Reviewed By: cferris, fabio-d

Differential Revision: https://reviews.llvm.org/D158784

show more ...

[scudo] Detach the hooks from Scudo's internal implementation

Move the invocation of hooks from Scudo internal to wrapper_c.cpp and
wrapper_c_bionic.cpp respectively. Therefore, Scudo's core algorit

[scudo] Detach the hooks from Scudo's internal implementation

Move the invocation of hooks from Scudo internal to wrapper_c.cpp and
wrapper_c_bionic.cpp respectively. Therefore, Scudo's core algorithm
doesnt need to worry about the reentrant of hooks and leave the caring
of reentrant to the hook users.

Reviewed By: hctim, cferris, chelfi

Differential Revision: https://reviews.llvm.org/D152188

show more ...

[scudo] Clean up tests.

Modify the tests so that all clang warnings can be turned up to high.

Fix all places flagged by -Wconversion.

Fix a few unused variables not marked with UNUSED.

For the me

[scudo] Clean up tests.

Modify the tests so that all clang warnings can be turned up to high.

Fix all places flagged by -Wconversion.

Fix a few unused variables not marked with UNUSED.

For the memtag testing, only compile some tests for 64 bit since
compiling them on 32 bit leads to warnings/errors. All of the tests
are already skipped on 32 bit OSes, so this will not affect any
real tests.

Reviewed By: Chia-hungDuan

Differential Revision: https://reviews.llvm.org/D155749

show more ...

[scudo] Fix data leak in wrappers_c_test.cpp

In SmallAlign implemented deallocation for the pointers

Reviewed By: cferris, Chia-hungDuan

Differential Revision: https://reviews.llvm.org/D153480

[scudo] Fix MallocIterateBoundary test on 32 bit Android.

On Android, the min alignment is 16 bytes. This test needs
the BlockDelta to match the min alignment, so set this value
differently for Andr

[scudo] Fix MallocIterateBoundary test on 32 bit Android.

On Android, the min alignment is 16 bytes. This test needs
the BlockDelta to match the min alignment, so set this value
differently for Android.

Update the comment in to explain these details.

Reviewed By: Chia-hungDuan

Differential Revision: https://reviews.llvm.org/D152884

show more ...

Revert "[scudo] Fix MallocIterateBoundary on 32 bit."

This reverts commit 5e691a1c9b0ad22689d4a434ddf4fed940e58dec.

Reviewed By: cferris

Differential Revision: https://reviews.llvm.org/D152779

[scudo] Fix MallocIterateBoundary on 32 bit.

On Android, the 32 bit value of 8 for BlockDelta results in a
failure because a valid pointer can never be found.

Change the code to always use 16 which

[scudo] Fix MallocIterateBoundary on 32 bit.

On Android, the 32 bit value of 8 for BlockDelta results in a
failure because a valid pointer can never be found.

Change the code to always use 16 which passes on both 32 bit
and 64 bit.

Verified that re-introducing the old bug causes the test to fail
on both 32 bit and 64 with the new BlockDelta value.

Reviewed By: Chia-hungDuan

Differential Revision: https://reviews.llvm.org/D152767

show more ...

[scudo] Check support for pvalloc/valloc tests.

Some platforms do not support pvalloc/valloc so add checks so
that these tests are only run on the appropriate platforms.

Reviewed By: Chia-hungDuan

[scudo] Check support for pvalloc/valloc tests.

Some platforms do not support pvalloc/valloc so add checks so
that these tests are only run on the appropriate platforms.

Reviewed By: Chia-hungDuan

Differential Revision: https://reviews.llvm.org/D152756

show more ...

[scudo] Handle mallinfo2

mallinfo is deprecated by GLIBC

Reviewed By: cryptoad

Differential Revision: https://reviews.llvm.org/D113951

Name all DEATH tests using 'DeathTest' suffix.

gtest highly recommends this prefix, and runs death tests first
(https://github.com/google/googletest/blob/master/docs/advanced.md#death-test-naming).

Name all DEATH tests using 'DeathTest' suffix.

gtest highly recommends this prefix, and runs death tests first
(https://github.com/google/googletest/blob/master/docs/advanced.md#death-test-naming).
This may help with some spurious bot failures like
https://lab.llvm.org/buildbot/#/builders/169/builds/1290/steps/25/logs/stdio.

Reviewed By: cryptoad, vitalybuka

Differential Revision: https://reviews.llvm.org/D105371

show more ...

[NFC][scudo] Print errno of fork failure

This fork fails sometime on sanitizer-x86_64-linux-qemu bot.

[scudo] Untag pointer in iterateOverChunks

Pointer comparison in Lambda will not work on tagged pointers.

Reviewed By: pcc

Differential Revision: https://reviews.llvm.org/D103496

[Scudo] Use GWP-ASan's aligned allocations and fixup postalloc hooks.

This patch does a few cleanup things:
1. The non-standalone scudo has a problem where GWP-ASan allocations
may not meet alignm

[Scudo] Use GWP-ASan's aligned allocations and fixup postalloc hooks.

This patch does a few cleanup things:
1. The non-standalone scudo has a problem where GWP-ASan allocations
may not meet alignment requirements where Scudo was requested to have
alignment >= 16. Use the new GWP-ASan API to fix this.
2. The standalone variant loses some debugging information inside of
GWP-ASan because we ask GWP-ASan to allocate an aligned size in the
frontend. This means reports end up with 'UaF on a 16-byte allocation'
for a 1-byte allocation with 16-byte alignment. Also use the new API to
fix this.
3. Add post-alloc hooks for GWP-ASan intercepted allocations, and add
stats tracking for GWP-ASan allocations.
4. Add a small test that checks the alignment of the frontend
allocator, so that it can be used under GWP-ASan torture mode.
5. Add GWP-ASan torture mode as a testing configuration to catch these
regressions.

Depends on D94830, D95889.

Reviewed By: cryptoad

Differential Revision: https://reviews.llvm.org/D95884

show more ...

Revert "[Scudo] Use GWP-ASan's aligned allocations and fixup postalloc hooks."

This reverts commit a683abe5c026cffff12a943564f4cb1b20972abf.

Broke the upstream buildbots:
https://lab.llvm.org/build

Revert "[Scudo] Use GWP-ASan's aligned allocations and fixup postalloc hooks."

This reverts commit a683abe5c026cffff12a943564f4cb1b20972abf.

Broke the upstream buildbots:
https://lab.llvm.org/buildbot/#/builders/37/builds/3731/steps/16/logs/stdio

show more ...

[Scudo] Use GWP-ASan's aligned allocations and fixup postalloc hooks.

This patch does a few cleanup things:
1. The non-standalone scudo has a problem where GWP-ASan allocations
may not meet alignm

[Scudo] Use GWP-ASan's aligned allocations and fixup postalloc hooks.

This patch does a few cleanup things:
1. The non-standalone scudo has a problem where GWP-ASan allocations
may not meet alignment requirements where Scudo was requested to have
alignment >= 16. Use the new GWP-ASan API to fix this.
2. The standalone variant loses some debugging information inside of
GWP-ASan because we ask GWP-ASan to allocate an aligned size in the
frontend. This means reports end up with 'UaF on a 16-byte allocation'
for a 1-byte allocation with 16-byte alignment. Also use the new API to
fix this.
3. Add post-alloc hooks for GWP-ASan intercepted allocations, and add
stats tracking for GWP-ASan allocations.
4. Add a small test that checks the alignment of the frontend
allocator, so that it can be used under GWP-ASan torture mode.
5. Add GWP-ASan torture mode as a testing configuration to catch these
regressions.

Depends on D94830, D95889.

Reviewed By: cryptoad

Differential Revision: https://reviews.llvm.org/D95884

show more ...

[scudo][test] Disable -Wfree-nonheap-object

As of 4f395db86b5cc11bb56853323d3cb1d4b6db5a0b which contains updates to
-Wfree-nonheap-object, a line in this test will trigger the warning. This
particu

[scudo][test] Disable -Wfree-nonheap-object

As of 4f395db86b5cc11bb56853323d3cb1d4b6db5a0b which contains updates to
-Wfree-nonheap-object, a line in this test will trigger the warning. This
particular line is ok though since it's meant to test a free on a bad pointer.

Differential Revision: https://reviews.llvm.org/D97516

show more ...

[scudo][standalone] Enable death tests on Fuchsia

zxtest doesn't have `EXPECT_DEATH` and the Scudo unit-tests were
defining it as a no-op.

This enables death tests on Fuchsia by using `ASSERT_DEATH

[scudo][standalone] Enable death tests on Fuchsia

zxtest doesn't have `EXPECT_DEATH` and the Scudo unit-tests were
defining it as a no-op.

This enables death tests on Fuchsia by using `ASSERT_DEATH` instead.
I used a lambda to wrap the expressions as this appears to not be
working the same way as `EXPECT_DEATH`.

Additionnally, a death test using `alarm` was failing with the change,
as it's currently not implemented in Fuchsia, so move that test within
a `!SCUDO_FUCHSIA` block.

Differential Revision: https://reviews.llvm.org/D94362

show more ...

[scudo][standalone] Add new mallopt options.

This adds the code to support calling mallopt and converting the
options to the internal Option enum.

Reviewed By: cryptoad

Differential Revision: http

[scudo][standalone] Add new mallopt options.

This adds the code to support calling mallopt and converting the
options to the internal Option enum.

Reviewed By: cryptoad

Differential Revision: https://reviews.llvm.org/D84806

show more ...

[scudo][standalone] mallopt runtime configuration options

Summary:
Partners have requested the ability to configure more parts of Scudo
at runtime, notably the Secondary cache options (maximum numbe

[scudo][standalone] mallopt runtime configuration options

Summary:
Partners have requested the ability to configure more parts of Scudo
at runtime, notably the Secondary cache options (maximum number of
blocks cached, maximum size) as well as the TSD registry options
(the maximum number of TSDs in use).

This CL adds a few more Scudo specific `mallopt` parameters that are
passed down to the various subcomponents of the Combined allocator.

- `M_CACHE_COUNT_MAX`: sets the maximum number of Secondary cached items
- `M_CACHE_SIZE_MAX`: sets the maximum size of a cacheable item in the Secondary
- `M_TSDS_COUNT_MAX`: sets the maximum number of TSDs that can be used (Shared Registry only)

Regarding the TSDs maximum count, this is a one way option, only
allowing to increase the count.

In order to allow for this, I rearranged the code to have some `setOption`
member function to the relevant classes, using the `scudo::Option` class
enum to determine what is to be set.

This also fixes an issue where a static variable (`Ready`) was used in
templated functions without being set back to `false` every time.

Reviewers: pcc, eugenis, hctim, cferris

Subscribers: jfb, llvm-commits, #sanitizers

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D84667

show more ...

scudo: Interleave odd and even tags for adjacent blocks.

This guarantees that we will detect a buffer overflow or underflow
that overwrites an adjacent block. This spatial guarantee is similar
to th

scudo: Interleave odd and even tags for adjacent blocks.

This guarantees that we will detect a buffer overflow or underflow
that overwrites an adjacent block. This spatial guarantee is similar
to the temporal guarantee that we provide for immediate use-after-free.

Enabling odd/even tags involves a tradeoff between use-after-free
detection and buffer overflow detection. Odd/even tags make it more
likely for buffer overflows to be detected by increasing the size of
the guaranteed "red zone" around the allocation, but on the other
hand use-after-free is less likely to be detected because the tag
space for any particular chunk is cut in half. Therefore we introduce
a tuning setting to control whether odd/even tags are enabled.

Differential Revision: https://reviews.llvm.org/D84361

show more ...

[scudo] Fix deadlock in ScudoWrappersCTest.DisableForkEnable test.

pthread_cond_wait needs a loop around it to handle spurious wake ups,
as well as the case when signal runs before wait.