Author: Peter Collingbourne Date: 2020-12-09T11:48:41-08:00 New Revision: e5a28e1261a0c42821cb3bd4dc40092c458fadfb
URL: https://github.com/llvm/llvm-project/commit/e5a28e1261a0c42821cb3bd4dc40092c458fadfb DIFF: https://github.com/llvm/llvm-project/commit/e5a28e1261a0c42821cb3bd4dc40092c458fadfb.diff LOG: scudo: Fix quarantine allocation when MTE enabled. Quarantines have always been broken when MTE is enabled because the quarantine batch allocator fails to reset tags that may have been left behind by a user allocation. This was only noticed when running the Scudo unit tests with Scudo as the system allocator because quarantines are turned off by default on Android and the test binary turns them on by defining __scudo_default_options, which affects the system allocator as well. Differential Revision: https://reviews.llvm.org/D92881 Added: Modified: compiler-rt/lib/scudo/standalone/combined.h Removed: ################################################################################ diff --git a/compiler-rt/lib/scudo/standalone/combined.h b/compiler-rt/lib/scudo/standalone/combined.h index 2a891e44579a..95988443d5b3 100644 --- a/compiler-rt/lib/scudo/standalone/combined.h +++ b/compiler-rt/lib/scudo/standalone/combined.h @@ -98,6 +98,12 @@ class Allocator { Header.State = Chunk::State::Allocated; Chunk::storeHeader(Allocator.Cookie, Ptr, &Header); + // Reset tag to 0 as this chunk may have been previously used for a tagged + // user allocation. + if (UNLIKELY(Allocator.useMemoryTagging())) + storeTags(reinterpret_cast<uptr>(Ptr), + reinterpret_cast<uptr>(Ptr) + sizeof(QuarantineBatch)); + return Ptr; } _______________________________________________ llvm-branch-commits mailing list llvm-branch-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits