mmap at fixed addresses fails with asan
868 views
Skip to first unread message
David Barto
Oct 13, 2015, 10:56:48 AM10/13/15
to address-sanitizer
When mapping to fixed addresses address sanitizer fails to recognize the mapped address.
If I remove the MAP_FIXED and pass NULL as the kMappedAt value this works as expected.
Ubuntu Linux, gcc 4.8.4, compiled as:
g++ -fsanitize=address -DLINUX -g test.cpp -o test
also fails on Clang (MacOS 10.10)
Apple LLVM version 7.0.0 (clang-700.0.72)
Target: x86_64-apple-darwin14.5.0
Thread model: posix
Compiled as:
g++ -fsanitize=address -ULINUX -g test.cpp -o test
David
ba...@cambridgesemantics.com
#include <sys/mman.h>
#include <sys/types.h>
static const u_int64_t kMappedAt = 0x100000000000;
static int const MAP_ACQUIRE
= MAP_ANONYMOUS // Not backed
#ifdef LINUX
| MAP_NORESERVE // omit swap space
#endif
| MAP_PRIVATE // Copy-on-write / not shared
;
static int const PROT_BACK
= PROT_READ // Allow all forms of access
| PROT_WRITE
| PROT_EXEC
;
static const u_int64_t kMaxMmapSize = 16LL * 1024 * 1024 * 1024; // 16 Gig avail
int
main(int argc, char **argv)
{
char *base = reinterpret_cast<char *>(mmap(
reinterpret_cast<void *>(kMappedAt),
kMaxMmapSize,
PROT_NONE,
MAP_ACQUIRE | MAP_FIXED,
-1,
0));
mprotect(base, 10, PROT_BACK); // back first 10 bytes
*base = 1;
return(0);
}
If I remove the MAP_FIXED and pass NULL as the kMappedAt value this works as expected.
Ubuntu Linux, gcc 4.8.4, compiled as:
g++ -fsanitize=address -DLINUX -g test.cpp -o test
also fails on Clang (MacOS 10.10)
Apple LLVM version 7.0.0 (clang-700.0.72)
Target: x86_64-apple-darwin14.5.0
Thread model: posix
Compiled as:
g++ -fsanitize=address -ULINUX -g test.cpp -o test
David
ba...@cambridgesemantics.com
#include <sys/mman.h>
#include <sys/types.h>
static const u_int64_t kMappedAt = 0x100000000000;
static int const MAP_ACQUIRE
= MAP_ANONYMOUS // Not backed
#ifdef LINUX
| MAP_NORESERVE // omit swap space
#endif
| MAP_PRIVATE // Copy-on-write / not shared
;
static int const PROT_BACK
= PROT_READ // Allow all forms of access
| PROT_WRITE
| PROT_EXEC
;
static const u_int64_t kMaxMmapSize = 16LL * 1024 * 1024 * 1024; // 16 Gig avail
int
main(int argc, char **argv)
{
char *base = reinterpret_cast<char *>(mmap(
reinterpret_cast<void *>(kMappedAt),
kMaxMmapSize,
PROT_NONE,
MAP_ACQUIRE | MAP_FIXED,
-1,
0));
mprotect(base, 10, PROT_BACK); // back first 10 bytes
*base = 1;
return(0);
}
Evgenii Stepanov
Oct 13, 2015, 1:49:12 PM10/13/15
to address-sanitizer
If you run with ASAN_OPTIONS=verbosity=1, you'll see
|| `[0x10007fff8000, 0x7fffffffffff]` || HighMem ||
|| `[0x02008fff7000, 0x10007fff7fff]` || HighShadow ||
|| `[0x00008fff7000, 0x02008fff6fff]` || ShadowGap ||
|| `[0x00007fff8000, 0x00008fff6fff]` || LowShadow ||
|| `[0x000000000000, 0x00007fff7fff]` || LowMem ||
Only "HighMem" and "LowMem" can be used, the rest is reserved by ASan.
We should've intercepted this mmap and crashed earlier. I believe MSan
does this already.
> --
> You received this message because you are subscribed to the Google Groups
> "address-sanitizer" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to address-saniti...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
|| `[0x10007fff8000, 0x7fffffffffff]` || HighMem ||
|| `[0x02008fff7000, 0x10007fff7fff]` || HighShadow ||
|| `[0x00008fff7000, 0x02008fff6fff]` || ShadowGap ||
|| `[0x00007fff8000, 0x00008fff6fff]` || LowShadow ||
|| `[0x000000000000, 0x00007fff7fff]` || LowMem ||
Only "HighMem" and "LowMem" can be used, the rest is reserved by ASan.
We should've intercepted this mmap and crashed earlier. I believe MSan
does this already.
> You received this message because you are subscribed to the Google Groups
> "address-sanitizer" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to address-saniti...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
David Barto
Oct 14, 2015, 2:07:08 PM10/14/15
to address-sanitizer
Ah, thanks. I'll make a note of it in the code.
David
Reply all
Reply to author
Forward
0 new messages