-
Notifications
You must be signed in to change notification settings - Fork 13.6k
[msan] Support prctl PR_GET_NAME call #98951
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
@llvm/pr-subscribers-compiler-rt-sanitizer Author: Chris Cotter (ccotter) ChangesPer the man page, PR_GET_NAME stores a null terminated string into the input This also adds prctl support in ASAN to detect freed memory being passed to Full diff: https://github.com/llvm/llvm-project/pull/98951.diff 2 Files Affected:
diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
index 1df61e79f7d84..cc5f0f3c8bc33 100644
--- a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
@@ -1251,6 +1251,7 @@ INTERCEPTOR(int, prctl, int option, unsigned long arg2, unsigned long arg3,
void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, prctl, option, arg2, arg3, arg4, arg5);
static const int PR_SET_NAME = 15;
+ static const int PR_GET_NAME = 16;
static const int PR_SET_VMA = 0x53564d41;
static const int PR_SCHED_CORE = 62;
static const int PR_SCHED_CORE_GET = 0;
@@ -1264,6 +1265,16 @@ INTERCEPTOR(int, prctl, int option, unsigned long arg2, unsigned long arg3,
internal_strncpy(buff, (char *)arg2, 15);
buff[15] = 0;
COMMON_INTERCEPTOR_SET_THREAD_NAME(ctx, buff);
+ } else if (res != 1 && option == PR_GET_NAME) {
+ unsigned long null_index = 0;
+ char* name = (char*)arg2;
+ while (name[null_index] && null_index < 16) {
+ ++null_index;
+ }
+ if (null_index > 15) {
+ null_index = 15;
+ }
+ COMMON_INTERCEPTOR_WRITE_RANGE(ctx, (u64*)arg2, null_index+1);
} else if (res != -1 && option == PR_SCHED_CORE && arg2 == PR_SCHED_CORE_GET) {
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, (u64*)(arg5), sizeof(u64));
}
diff --git a/compiler-rt/test/msan/prctl.cpp b/compiler-rt/test/msan/prctl.cpp
new file mode 100644
index 0000000000000..7b8e60c98c13b
--- /dev/null
+++ b/compiler-rt/test/msan/prctl.cpp
@@ -0,0 +1,24 @@
+// RUN: %clangxx_msan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// REQUIRES: linux
+
+#include <linux/prctl.h>
+#include <sys/prctl.h>
+
+int main(void) {
+ prctl(PR_SET_NAME, "tname");
+ char name[16];
+ prctl(PR_GET_NAME, name);
+
+ if (name[0] == 'A') {
+ return 0;
+ }
+ if (name[5] != '\0') {
+ return 0;
+ }
+ if (name[6] != '\0') {
+ return 0;
+ }
+ // CHECK: SUMMARY: MemorySanitizer: use-of-uninitialized-value {{.*prctl.cpp}}:[[@LINE-3]]
+
+ return 0;
+}
|
✅ With the latest revision this PR passed the C/C++ code formatter. |
5f35f71
to
77e2591
Compare
Per the man page, PR_GET_NAME stores a null terminated string into the input `char name[16]`. This also adds prctl support in ASAN to detect freed memory being passed to `prctl(PR_GET_NAME, ...)`:
compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
Outdated
Show resolved
Hide resolved
compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the patch!
It's needs a few small improvements.
Please don't forget to click "re-request review" after updating.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Thanks for the quick review! |
I'll wait checks completion and land after that, likely tomorrow. |
Summary: Per the man page, PR_GET_NAME stores a null terminated string into the input `char name[16]`. This also adds prctl support in ASAN to detect freed memory being passed to `prctl(PR_GET_NAME, ...)`: Test Plan: Reviewers: Subscribers: Tasks: Tags: Differential Revision: https://phabricator.intern.facebook.com/D60251534
Per the man page, PR_GET_NAME stores a null terminated string into the input
char name[16]
.This also adds prctl support in ASAN to detect freed memory being passed to
prctl(PR_GET_NAME, ...)
: