Cleanup bionic tests with hwasan.
The tests were patched earlier to run with tagging heap allocator.
This change enables hwasan code instrumentation in the tests themselves,
and fixes the issues that arise, mainly in the code that:
* compares addresses of unrelated stack variables
* compares address of a stack variable with stack limits as found in
/proc/self/maps
* writes address of a stack variable to a hardware watchpoint register
etc.
Note that static tests are broken at the moment, like all static
binaries. Dynamic tests pass 100% with this change.
Bug: 114279110, 124007027
Test: SANITIZE_TARGET=hwaddress; run dynamic bionic tests
Change-Id: I68b8df9dd3e30b47734ddc083811a75a7f27deaa
diff --git a/tests/Android.bp b/tests/Android.bp
index beed07a..ffbf2dd 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -40,7 +40,7 @@
],
stl: "libc++",
sanitize: {
- never: true,
+ address: false,
},
bootstrap: true,
}
diff --git a/tests/buffer_tests.cpp b/tests/buffer_tests.cpp
index 7563448..fb0b6d8 100644
--- a/tests/buffer_tests.cpp
+++ b/tests/buffer_tests.cpp
@@ -20,6 +20,7 @@
#include <gtest/gtest.h>
#include "buffer_tests.h"
+#include "utils.h"
// For the comparison buffer tests, the maximum length to test for the
// miscompare checks.
@@ -227,16 +228,11 @@
}
}
-// Malloc can return a tagged pointer, which is not accepted in mm system calls like mprotect.
-// Clear top 8 bits of the address on 64-bit platforms.
+// Malloc can return a tagged pointer, which is not accepted in mm system calls like mprotect
+// in the preliminary version of the syscall tagging support in the current Pixel 2 kernel.
+// Note: the final version of the kernel patchset may relax this requirement.
static int MprotectHeap(void* addr, size_t len, int prot) {
-#if defined(__LP64__)
- constexpr uintptr_t mask = (static_cast<uintptr_t>(1) << 56) - 1;
- void* untagged_addr = reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(addr) & mask);
-#else
- void* untagged_addr = addr;
-#endif
- return mprotect(untagged_addr, len, prot);
+ return mprotect(untag_address(addr), len, prot);
}
void RunSingleBufferAlignTest(
diff --git a/tests/dl_test.cpp b/tests/dl_test.cpp
index aea92b4..468ce3d 100644
--- a/tests/dl_test.cpp
+++ b/tests/dl_test.cpp
@@ -138,7 +138,7 @@
TEST(dl, preinit_system_calls) {
#if defined(__BIONIC__)
- SKIP_WITH_HWASAN; // hwasan not initialized in preinit_array
+ SKIP_WITH_HWASAN; // hwasan not initialized in preinit_array, b/124007027
std::string helper = GetTestlibRoot() +
"/preinit_syscall_test_helper/preinit_syscall_test_helper";
chmod(helper.c_str(), 0755); // TODO: "x" lost in CTS, b/34945607
@@ -150,6 +150,7 @@
TEST(dl, preinit_getauxval) {
#if defined(__BIONIC__)
+ SKIP_WITH_HWASAN; // hwasan not initialized in preinit_array, b/124007027
std::string helper = GetTestlibRoot() +
"/preinit_getauxval_test_helper/preinit_getauxval_test_helper";
chmod(helper.c_str(), 0755); // TODO: "x" lost in CTS, b/34945607
diff --git a/tests/malloc_test.cpp b/tests/malloc_test.cpp
index 4a01278..06a7cf3 100644
--- a/tests/malloc_test.cpp
+++ b/tests/malloc_test.cpp
@@ -514,6 +514,7 @@
TEST(malloc, mallopt_decay) {
#if defined(__BIONIC__)
+ SKIP_WITH_HWASAN; // hwasan does not implement mallopt
errno = 0;
ASSERT_EQ(1, mallopt(M_DECAY_TIME, 1));
ASSERT_EQ(1, mallopt(M_DECAY_TIME, 0));
@@ -526,6 +527,7 @@
TEST(malloc, mallopt_purge) {
#if defined(__BIONIC__)
+ SKIP_WITH_HWASAN; // hwasan does not implement mallopt
errno = 0;
ASSERT_EQ(1, mallopt(M_PURGE, 0));
#else
@@ -563,6 +565,7 @@
TEST(malloc, mallinfo) {
#if defined(__BIONIC__)
+ SKIP_WITH_HWASAN; // hwasan does not implement mallinfo
static size_t sizes[] = {
8, 32, 128, 4096, 32768, 131072, 1024000, 10240000, 20480000, 300000000
};
diff --git a/tests/pthread_test.cpp b/tests/pthread_test.cpp
index 0918d0e..347810e 100644
--- a/tests/pthread_test.cpp
+++ b/tests/pthread_test.cpp
@@ -1543,7 +1543,7 @@
void* maps_stack_hi = nullptr;
std::vector<map_record> maps;
ASSERT_TRUE(Maps::parse_maps(&maps));
- uintptr_t stack_address = reinterpret_cast<uintptr_t>(&maps_stack_hi);
+ uintptr_t stack_address = reinterpret_cast<uintptr_t>(untag_address(&maps_stack_hi));
for (const auto& map : maps) {
if (map.addr_start <= stack_address && map.addr_end > stack_address){
maps_stack_hi = reinterpret_cast<void*>(map.addr_end);
@@ -1622,9 +1622,9 @@
// Verify if the stack used by the signal handler is the alternate stack just registered.
ASSERT_LE(getstack_signal_handler_arg.signal_stack_base, &attr);
- ASSERT_LT(static_cast<void*>(&attr),
+ ASSERT_LT(static_cast<void*>(untag_address(&attr)),
static_cast<char*>(getstack_signal_handler_arg.signal_stack_base) +
- getstack_signal_handler_arg.signal_stack_size);
+ getstack_signal_handler_arg.signal_stack_size);
// Verify if the main thread's stack got in the signal handler is correct.
ASSERT_EQ(getstack_signal_handler_arg.main_stack_base, stack_base);
@@ -1683,7 +1683,7 @@
// Test whether &local_variable is in [stack_base, stack_base + stack_size).
ASSERT_LE(reinterpret_cast<char*>(stack_base), &local_variable);
- ASSERT_LT(&local_variable, reinterpret_cast<char*>(stack_base) + stack_size);
+ ASSERT_LT(untag_address(&local_variable), reinterpret_cast<char*>(stack_base) + stack_size);
}
// Check whether something on stack is in the range of
diff --git a/tests/stack_protector_test.cpp b/tests/stack_protector_test.cpp
index 34e3c11..7a85cc3 100644
--- a/tests/stack_protector_test.cpp
+++ b/tests/stack_protector_test.cpp
@@ -104,6 +104,11 @@
TEST_F(stack_protector_DeathTest, modify_stack_protector) {
// In another file to prevent inlining, which removes stack protection.
extern void modify_stack_protector_test();
+#if __has_feature(hwaddress_sanitizer)
+ ASSERT_EXIT(modify_stack_protector_test(),
+ testing::KilledBySignal(SIGABRT), "tag-mismatch");
+#else
ASSERT_EXIT(modify_stack_protector_test(),
testing::KilledBySignal(SIGABRT), "stack corruption detected");
+#endif
}
diff --git a/tests/sys_ptrace_test.cpp b/tests/sys_ptrace_test.cpp
index 83fd93b..04dcd4e 100644
--- a/tests/sys_ptrace_test.cpp
+++ b/tests/sys_ptrace_test.cpp
@@ -35,6 +35,8 @@
#include <android-base/macros.h>
#include <android-base/unique_fd.h>
+#include "utils.h"
+
using namespace std::chrono_literals;
using android::base::unique_fd;
@@ -193,7 +195,7 @@
return;
}
- set_watchpoint(child, uintptr_t(&data) + offset, size);
+ set_watchpoint(child, uintptr_t(untag_address(&data)) + offset, size);
ASSERT_EQ(0, ptrace(PTRACE_CONT, child, nullptr, nullptr)) << strerror(errno);
ASSERT_EQ(child, TEMP_FAILURE_RETRY(waitpid(child, &status, __WALL))) << strerror(errno);
diff --git a/tests/unistd_test.cpp b/tests/unistd_test.cpp
index f4a7f1f..cb94e45 100644
--- a/tests/unistd_test.cpp
+++ b/tests/unistd_test.cpp
@@ -538,7 +538,7 @@
static int CloneStartRoutine(int (*start_routine)(void*)) {
void* child_stack[1024];
- return clone(start_routine, &child_stack[1024], SIGCHLD, nullptr);
+ return clone(start_routine, untag_address(&child_stack[1024]), SIGCHLD, nullptr);
}
static int GetPidCachingCloneStartRoutine(void*) {
diff --git a/tests/utils.h b/tests/utils.h
index 5fc1d93..cc1aa8c 100644
--- a/tests/utils.h
+++ b/tests/utils.h
@@ -66,6 +66,16 @@
#define SKIP_WITH_HWASAN if (running_with_hwasan()) { return; }
+static inline void* untag_address(void* addr) {
+#if defined(__LP64__)
+ if (running_with_hwasan()) {
+ constexpr uintptr_t mask = (static_cast<uintptr_t>(1) << 56) - 1;
+ addr = reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(addr) & mask);
+ }
+#endif
+ return addr;
+}
+
#if defined(__linux__)
#include <sys/sysmacros.h>