| 1 | // Emulate the behavior of the NVIDIA CUDA driver |
|---|
| 2 | // that mmaps memory inside the asan's shadow gap. |
|---|
| 3 | // |
|---|
| 4 | // REQUIRES: x86_64-target-arch, shadow-scale-3 |
|---|
| 5 | // |
|---|
| 6 | // RUN: %clangxx_asan %s -o %t |
|---|
| 7 | // RUN: not %env_asan_opts=protect_shadow_gap=1 %t 2>&1 | FileCheck %s --check-prefix=CHECK-PROTECT1 |
|---|
| 8 | // RUN: not %t 2>&1 | FileCheck %s --check-prefix=CHECK-PROTECT1 |
|---|
| 9 | // RUN: not %env_asan_opts=protect_shadow_gap=0 %t 2>&1 | FileCheck %s --check-prefix=CHECK-PROTECT0 |
|---|
| 10 | #include <assert.h> |
|---|
| 11 | #include <unistd.h> |
|---|
| 12 | #include <sys/mman.h> |
|---|
| 13 | #include <stdint.h> |
|---|
| 14 | |
|---|
| 15 | #include "sanitizer/asan_interface.h" |
|---|
| 16 | |
|---|
| 17 | int main(void) { |
|---|
| 18 | uintptr_t Base = 0x200000000; |
|---|
| 19 | uintptr_t Size = 0x1100000000; |
|---|
| 20 | void *addr = |
|---|
| 21 | mmap(addr: (void *)Base, len: Size, PROT_READ | PROT_WRITE, |
|---|
| 22 | MAP_NORESERVE | MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, fd: 0, offset: 0); |
|---|
| 23 | assert(addr == (void*)Base); |
|---|
| 24 | // Make sure we can access memory in shadow gap. |
|---|
| 25 | // W/o protect_shadow_gap=0 we should fail here. |
|---|
| 26 | for (uintptr_t Addr = Base; Addr < Base + Size; Addr += Size / 100) |
|---|
| 27 | *(char*)Addr = 1; |
|---|
| 28 | // CHECK-PROTECT1: AddressSanitizer: SEGV on unknown address 0x0000bfff8000 |
|---|
| 29 | |
|---|
| 30 | // Poison a part of gap's shadow: |
|---|
| 31 | __asan_poison_memory_region(addr: (void*)Base, size: 4096); |
|---|
| 32 | // Now we should fail with use-after-poison. |
|---|
| 33 | *(char*)(Base + 1234) = 1; |
|---|
| 34 | // CHECK-PROTECT0: AddressSanitizer: use-after-poison on address 0x0002000004d2 |
|---|
| 35 | } |
|---|
| 36 | |
|---|
