[hwasan] fix false positive when hwasan-match-all-tag flag is enabled and short granules are used

Enna1 · Enna1 · commit d961f66b28c5 · 2023-04-28T17:00:26.000+08:00
When hwasan-match-all-tag flag is enabled and short granules are used, at the point checking if this is a short tag case, the tag from pointer is stored in X16 register, which breaks the assumption that tag from shadow memory is stored in X16 register, this will cause a false positive. Reviewed By: vitalybuka Differential Revision: https://reviews.llvm.org/D149252
diff --git a/compiler-rt/test/hwasan/TestCases/short-granule-and-match-all-tag.cpp b/compiler-rt/test/hwasan/TestCases/short-granule-and-match-all-tag.cpp
@@ -0,0 +1,12 @@
+// RUN: %clang_hwasan -mllvm -hwasan-match-all-tag=0 %s -o %t && %run %t
+
+#include <sanitizer/hwasan_interface.h>
+#include <stdlib.h>
+
+int main() {
+  __hwasan_enable_allocator_tagging();
+  char *x = (char *)malloc(40);
+  char volatile z = *x;
+  free(x);
+  return 0;
+}
diff --git a/llvm/lib/Target/AArch64/AArch64AsmPrinter.cpp b/llvm/lib/Target/AArch64/AArch64AsmPrinter.cpp
@@ -531,14 +531,14 @@ void AArch64AsmPrinter::emitHwasanMemaccessSymbols(Module &M) {
 
     if (HasMatchAllTag) {
       OutStreamer->emitInstruction(MCInstBuilder(AArch64::UBFMXri)
-                                       .addReg(AArch64::X16)
+                                       .addReg(AArch64::X17)
                                        .addReg(Reg)
                                        .addImm(56)
                                        .addImm(63),
                                    *STI);
       OutStreamer->emitInstruction(MCInstBuilder(AArch64::SUBSXri)
                                        .addReg(AArch64::XZR)
-                                       .addReg(AArch64::X16)
+                                       .addReg(AArch64::X17)
                                        .addImm(MatchAllTag)
                                        .addImm(0),
                                    *STI);
diff --git a/llvm/test/CodeGen/AArch64/hwasan-check-memaccess.ll b/llvm/test/CodeGen/AArch64/hwasan-check-memaccess.ll
@@ -104,8 +104,8 @@ declare void @llvm.hwasan.check.memaccess.shortgranules(ptr, ptr, i32)
 ; CHECK-NEXT: .Ltmp6:
 ; CHECK-NEXT: ret
 ; CHECK-NEXT: .Ltmp5:
-; CHECK-NEXT: lsr x16, x1, #56
-; CHECK-NEXT: cmp x16, #255
+; CHECK-NEXT: lsr x17, x1, #56
+; CHECK-NEXT: cmp x17, #255
 ; CHECK-NEXT: b.eq .Ltmp6
 ; CHECK-NEXT: stp x0, x1, [sp, #-256]!
 ; CHECK-NEXT: stp x29, x30, [sp, #232]
@@ -121,8 +121,8 @@ declare void @llvm.hwasan.check.memaccess.shortgranules(ptr, ptr, i32)
 ; CHECK-NEXT: .Ltmp8:
 ; CHECK-NEXT: ret
 ; CHECK-NEXT: .Ltmp7:
-; CHECK-NEXT: lsr	x16, x1, #56
-; CHECK-NEXT: cmp	x16, #0
+; CHECK-NEXT: lsr	x17, x1, #56
+; CHECK-NEXT: cmp	x17, #0
 ; CHECK-NEXT: b.eq	.Ltmp8
 ; CHECK-NEXT: cmp	w16, #15
 ; CHECK-NEXT: b.hi	.Ltmp9
