Skip to content

Commit 6d9705c

Browse files
thetruestbluethetruestblue
authored
Merge pull request #9991 from swiftlang/blue/cp-vm-restriction
[ASan]Fix logic bugs that break RestrictMemoryToMaxAddress (llvm#124712)
2 parents 9c662b1 + b7e4f73 commit 6d9705c

File tree

1 file changed

+11
-5
lines changed

1 file changed

+11
-5
lines changed

compiler-rt/lib/sanitizer_common/sanitizer_mac.cpp

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1195,13 +1195,14 @@ uptr MapDynamicShadow(uptr shadow_size_bytes, uptr shadow_scale,
11951195
const uptr left_padding =
11961196
Max<uptr>(granularity, 1ULL << min_shadow_base_alignment);
11971197

1198-
uptr space_size = shadow_size_bytes + left_padding;
1198+
uptr space_size = shadow_size_bytes;
11991199

12001200
uptr largest_gap_found = 0;
12011201
uptr max_occupied_addr = 0;
1202+
12021203
VReport(2, "FindDynamicShadowStart, space_size = %p\n", (void *)space_size);
12031204
uptr shadow_start =
1204-
FindAvailableMemoryRange(space_size, alignment, granularity,
1205+
FindAvailableMemoryRange(space_size, alignment, left_padding,
12051206
&largest_gap_found, &max_occupied_addr);
12061207
// If the shadow doesn't fit, restrict the address space to make it fit.
12071208
if (shadow_start == 0) {
@@ -1221,9 +1222,9 @@ uptr MapDynamicShadow(uptr shadow_size_bytes, uptr shadow_scale,
12211222
}
12221223
RestrictMemoryToMaxAddress(new_max_vm);
12231224
high_mem_end = new_max_vm - 1;
1224-
space_size = (high_mem_end >> shadow_scale) + left_padding;
1225+
space_size = (high_mem_end >> shadow_scale);
12251226
VReport(2, "FindDynamicShadowStart, space_size = %p\n", (void *)space_size);
1226-
shadow_start = FindAvailableMemoryRange(space_size, alignment, granularity,
1227+
shadow_start = FindAvailableMemoryRange(space_size, alignment, left_padding,
12271228
nullptr, nullptr);
12281229
if (shadow_start == 0) {
12291230
Report("Unable to find a memory range after restricting VM.\n");
@@ -1264,10 +1265,15 @@ uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding,
12641265
mach_msg_type_number_t count = kRegionInfoSize;
12651266
kr = mach_vm_region_recurse(mach_task_self(), &address, &vmsize, &depth,
12661267
(vm_region_info_t)&vminfo, &count);
1267-
if (kr == KERN_INVALID_ADDRESS) {
1268+
1269+
// There are cases where going beyond the processes' max vm does
1270+
// not return KERN_INVALID_ADDRESS so we check for going beyond that
1271+
// max address as well.
1272+
if (kr == KERN_INVALID_ADDRESS || address > max_vm_address) {
12681273
// No more regions beyond "address", consider the gap at the end of VM.
12691274
address = max_vm_address;
12701275
vmsize = 0;
1276+
kr = -1; // break after this iteration.
12711277
} else {
12721278
if (max_occupied_addr) *max_occupied_addr = address + vmsize;
12731279
}

0 commit comments

Comments
 (0)