Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
1401483002:
Fix PartitionAlloc randomization on 32-bit systems (Closed)
DescriptionFix PartitionAlloc randomization on 32-bit systems
Make PartitionAlloc reduce churn on Windows system
allocations, and use less aggressive randomization on
32-bit systems in general.
Updated version of:
https://codereview.chromium.org/1383153002/
BUG=538479, 394591
Committed: https://crrev.com/bae4e6fc3d968bd444f793e4fc821ba1078070be
Cr-Commit-Position: refs/heads/master@{#353881}
Patch Set 1 #Patch Set 2 : cleanup #Patch Set 3 : uninit fix + align #Patch Set 4 : build fix #Patch Set 5 : setSystemPagesAccessible #Patch Set 6 : posix_memalign #Patch Set 7 : posix_memalign #Patch Set 8 : remove memory tool ifdefs #Patch Set 9 : return null base address for memory tools #
Total comments: 2
Patch Set 10 : carve out tsan's range in getRandomPageBase #
Total comments: 4
Messages
Total messages: 42 (23 generated)
Patchset #2 (id:20001) has been deleted
Patchset #2 (id:40001) has been deleted
The CQ bit was checked by jschuh@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1401483002/60001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1401483002/60001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: android_arm64_dbg_recipe on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/android_arm64_d...)
Patchset #3 (id:80001) has been deleted
The CQ bit was checked by jschuh@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1401483002/120001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1401483002/120001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: android_clang_dbg_recipe on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/android_clang_d...)
Patchset #5 (id:140001) has been deleted
Patchset #5 (id:160001) has been deleted
Patchset #5 (id:180001) has been deleted
Patchset #5 (id:200001) has been deleted
Patchset #6 (id:240001) has been deleted
Patchset #6 (id:260001) has been deleted
Patchset #4 (id:120001) has been deleted
Patchset #6 (id:300001) has been deleted
The CQ bit was checked by jschuh@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1401483002/340001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1401483002/340001
jschuh@chromium.org changed reviewers: + glider@chromium.org
glider@ - Mind taking a look? TSan seems fine at this point, but there are a whole lot of ASan errors in there.
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_asan_rel_ng on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
jschuh@chromium.org changed reviewers: + haraken@chromium.org
glider@ - ping haraken@ - This is an updated version of my earlier patch that bounced. It includes your proposed changes from the last round, and fixes some additional quirks for Windows.
LGTM
https://codereview.chromium.org/1401483002/diff/370001/third_party/WebKit/Sou... File third_party/WebKit/Source/wtf/AddressSpaceRandomization.cpp (right): https://codereview.chromium.org/1401483002/diff/370001/third_party/WebKit/Sou... third_party/WebKit/Source/wtf/AddressSpaceRandomization.cpp:89: #if defined(MEMORY_TOOL_REPLACES_ALLOCATOR) You also need "if !defined(MEMORY_TOOL_REPLACES_ALLOCATOR)" around the anonymous namespace above.
https://codereview.chromium.org/1401483002/diff/370001/third_party/WebKit/Sou... File third_party/WebKit/Source/wtf/AddressSpaceRandomization.cpp (right): https://codereview.chromium.org/1401483002/diff/370001/third_party/WebKit/Sou... third_party/WebKit/Source/wtf/AddressSpaceRandomization.cpp:89: #if defined(MEMORY_TOOL_REPLACES_ALLOCATOR) On 2015/10/13 16:02:42, Alexander Potapenko wrote: > You also need "if !defined(MEMORY_TOOL_REPLACES_ALLOCATOR)" around the anonymous > namespace above. I dropped this approach and just added a custom range as we discussed over chat.
https://codereview.chromium.org/1401483002/diff/390001/third_party/WebKit/Sou... File third_party/WebKit/Source/wtf/AddressSpaceRandomization.cpp (right): https://codereview.chromium.org/1401483002/diff/390001/third_party/WebKit/Sou... third_party/WebKit/Source/wtf/AddressSpaceRandomization.cpp:103: // This range is copied from the TSan source, but works for all tools. Should be fine. The acceptable ranges for ASan on x86_64 are [0x000000000000, 0x00007fff7fff] + [0x10007fff8000, 0x7fffffffffff] \ [0x600000000000, 0x640000000000] (see http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_mapping.h...) , for MSan: [0x5500000000, 0x5600000000] + [0x7000000000, 0x8000000000] (see http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/msan/msan.h?revisio...) https://codereview.chromium.org/1401483002/diff/390001/third_party/WebKit/Sou... third_party/WebKit/Source/wtf/AddressSpaceRandomization.cpp:111: // ARM64 on Linux has 39-bit user space. Note that we do have ASan (but not TSan or MSan) on 32-bit x86, ARM and ARM64. Looks like your ranges overlap with the shadow or shadow gap ranges here: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_mapping.h...
https://codereview.chromium.org/1401483002/diff/390001/third_party/WebKit/Sou... File third_party/WebKit/Source/wtf/AddressSpaceRandomization.cpp (right): https://codereview.chromium.org/1401483002/diff/390001/third_party/WebKit/Sou... third_party/WebKit/Source/wtf/AddressSpaceRandomization.cpp:103: // This range is copied from the TSan source, but works for all tools. On 2015/10/13 18:00:46, Alexander Potapenko wrote: > Should be fine. The acceptable ranges for ASan on x86_64 are [0x000000000000, > 0x00007fff7fff] + [0x10007fff8000, 0x7fffffffffff] \ [0x600000000000, > 0x640000000000] > (see > http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_mapping.h...) > , for MSan: > [0x5500000000, 0x5600000000] + [0x7000000000, 0x8000000000] > (see > http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/msan/msan.h?revisio...) Okay, sounds like this has enough room to play in. https://codereview.chromium.org/1401483002/diff/390001/third_party/WebKit/Sou... third_party/WebKit/Source/wtf/AddressSpaceRandomization.cpp:111: // ARM64 on Linux has 39-bit user space. On 2015/10/13 18:00:46, Alexander Potapenko wrote: > Note that we do have ASan (but not TSan or MSan) on 32-bit x86, ARM and ARM64. > Looks like your ranges overlap with the shadow or shadow gap ranges here: > http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_mapping.h... For this one I'm just going to rely on the retry logic eventually landing in the right spot. In practice it might be a bit slower, but I doubt enough to matter.
The CQ bit was checked by jschuh@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from haraken@chromium.org Link to the patchset: https://codereview.chromium.org/1401483002/#ps390001 (title: "carve out tsan's range in getRandomPageBase")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1401483002/390001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1401483002/390001
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: win_chromium_rel_ng on tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)
The CQ bit was checked by jschuh@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1401483002/390001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1401483002/390001
Message was sent while issue was closed.
Committed patchset #10 (id:390001)
Message was sent while issue was closed.
Patchset 10 (id:??) landed as https://crrev.com/bae4e6fc3d968bd444f793e4fc821ba1078070be Cr-Commit-Position: refs/heads/master@{#353881}
Message was sent while issue was closed.
LGTM |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
