Skip to content

[scudo] Avoid accessing inaccessible pages in unmap() in secondary #102367

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 7, 2024
Merged

[scudo] Avoid accessing inaccessible pages in unmap() in secondary #102367

merged 1 commit into from
Aug 7, 2024

Conversation

ChiaHungDuan
Copy link
Contributor

No description provided.

@llvmbot
Copy link
Member

llvmbot commented Aug 7, 2024

@llvm/pr-subscribers-compiler-rt-sanitizer

Author: None (ChiaHungDuan)

Changes

Full diff: https://github.com/llvm/llvm-project/pull/102367.diff

1 Files Affected:

  • (modified) compiler-rt/lib/scudo/standalone/secondary.h (+5-1)
diff --git a/compiler-rt/lib/scudo/standalone/secondary.h b/compiler-rt/lib/scudo/standalone/secondary.h
index a9a7c2c8ea8618..27d11dce646dc3 100644
--- a/compiler-rt/lib/scudo/standalone/secondary.h
+++ b/compiler-rt/lib/scudo/standalone/secondary.h
@@ -823,7 +823,11 @@ void MapAllocator<Config>::deallocate(const Options &Options, void *Ptr)
     Cache.store(Options, H->CommitBase, H->CommitSize,
                 reinterpret_cast<uptr>(H + 1), H->MemMap);
   } else {
-    unmap(H->MemMap);
+    // Note that the `H->MapMap` is stored on the pages managed by itself. Take
+    // over the ownership before unmap() so that any operation along with
+    // unmap() won't touch inaccessible pages.
+    MemMapT MemMap = H->MemMap;
+    unmap(MemMap);
   }
 }

@ChiaHungDuan
Copy link
Contributor Author

@Caslyn , could you help verify if this fixes the problem on Fuchsia?

cferris1000
cferris1000 reviewed Aug 7, 2024
View reviewed changes
Copy link
Contributor

@cferris1000 cferris1000 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment nit.

compiler-rt/lib/scudo/standalone/secondary.h Outdated
@@ -823,7 +823,11 @@ void MapAllocator<Config>::deallocate(const Options &Options, void *Ptr)
Cache.store(Options, H->CommitBase, H->CommitSize,
reinterpret_cast<uptr>(H + 1), H->MemMap);
} else {
unmap(H->MemMap);
// Note that the `H->MapMap` is stored on the pages managed by itself. Take
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MemMap

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

Caslyn
Caslyn approved these changes Aug 7, 2024
View reviewed changes
Copy link
Contributor

@Caslyn Caslyn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirming this clears up issues in Fuchsia - thanks for this fix!

@ChiaHungDuan ChiaHungDuan merged commit e9c9fde into llvm:main Aug 7, 2024
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cferris1000 cferris1000 cferris1000 left review comments

@Caslyn Caslyn Caslyn approved these changes

Assignees
No one assigned
Labels
compiler-rt:sanitizer compiler-rt:scudo Scudo Hardened Allocator compiler-rt
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ChiaHungDuan @llvmbot @Caslyn @cferris1000