[valgrind] [Bug 514297] Track madvise MADV_GUARD_INSTALL in address space manager

[bugzilla_noreply]

https://bugs.kde.org/show_bug.cgi?id=514297

--- Comment #9 from mcer...@redhat.com ---
(In reply to Mark Wielaard from comment #7)
>   What happens if we do the following (untested) in POST(sys_madvise):
> 
>      if (ARG3 == VKI_MADV_GUARD_INSTALL) { // XXX Figure out
> MADV_GUARD_REMOVE
>         Addr a    = ARG1;
>         SizeT len = ARG2;
>         Int  prot = VKI_PROT_NONE;
>         ML_(notify_core_and_tool_of_mprotect)(a, len, prot);
>      } 

My reproducer program triggers the check by attempting to access the guarded
address with the openat() syscall.  In syswrap-linux.c we have:

 6326 PRE(sys_openat)
 6327 {
 6328    HChar  name[30];   // large enough
 6329    SysRes sres;
 6330    Bool   proc_self_exe = False;
 6331 
 6332    /* Check for /proc/self/exe or /proc/<pid>/exe case
 6333     * first so that we can then use the later checks. */
 6334    VG_(sprintf)(name, "/proc/%d/exe", VG_(getpid)());
 6335    if (ML_(safe_to_deref)( (void*)(Addr)ARG2, 1 )
 6336        && (VG_(strcmp)((HChar *)(Addr)ARG2, name) == 0
 6337            || VG_(strcmp)((HChar *)(Addr)ARG2, "/proc/self/exe") == 0)) {
 6338       proc_self_exe = True;
 6339    }
 6340 
 6341    if (ARG3 & VKI_O_CREAT) {
 6342       // 4-arg version
 6343       PRINT("sys_openat ( %ld, %#" FMT_REGWORD "x(%s), %ld, %ld )",
 6344             SARG1, ARG2, (HChar*)(Addr)ARG2, SARG3, SARG4);
 6345       PRE_REG_READ4(long, "openat",
 6346                     int, dirfd, const char *, pathname, int, flags, int,
mode);
 6347    } else {
 6348       // 3-arg version
 6349       PRINT("sys_openat ( %ld, %#" FMT_REGWORD "x(%s), %ld )",
 6350             SARG1, ARG2, (HChar*)(Addr)ARG2, SARG3);
 6351       PRE_REG_READ3(long, "openat",
 6352                     int, dirfd, const char *, pathname, int, flags);
 6353    }
 6354 
 6355    PRE_MEM_RASCIIZ( "openat(pathname)", ARG2 );
 6356 

With no VKI_MADV_GUARD_INSTALL check in PRE(sys_madvise), the crash happens on
line 6336 above:

host stacktrace:
==936732==    at 0x58042540: vgPlain_strcmp (m_libcbase.c:354)
==936732==    by 0x5811EA62: vgSysWrap_linux_sys_openat_before
(syswrap-linux.c:6336)
==936732==    by 0x5809CD0A: vgPlain_client_syscall (syswrap-main.c:2400)

After adding the snippet you've suggested above, it will crash a few lines
later, specifically on line 6355.

host stacktrace:
==940603==    at 0x5800FFDD: mc_is_defined_asciiz (mc_main.c:4424)
==940603==    by 0x5800FFDD: check_mem_is_defined_asciiz (mc_main.c:4502)
==940603==    by 0x5811E855: vgSysWrap_linux_sys_openat_before
(syswrap-linux.c:6355)
==940603==    by 0x5809CD0A: vgPlain_client_syscall (syswrap-main.c:2400)

-- 
You are receiving this mail because:
You are watching all bug changes.