MSan used to insert the shadow check of the store pointer operand
_after_ the shadow of the value operand has been written.
This happens to work in the userspace, as the whole shadow range is
always mapped. However in the kernel the shadow page may not exist, so
the bug may cause a crash.
This patch moves the address check in front of the shadow access.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@318901
91177308-0d34-0410-b5e6-
96231b3b80d8
StoreInst *NewSI =
IRB.CreateAlignedStore(Shadow, ShadowPtr, SI->getAlignment());
DEBUG(dbgs() << " STORE: " << *NewSI << "\n");
- (void)NewSI;
if (ClCheckAccessAddress)
- insertShadowCheck(Addr, SI);
+ insertShadowCheck(Addr, NewSI);
if (SI->isAtomic())
SI->setOrdering(addReleaseOrdering(SI->getOrdering()));
; CHECK-LABEL: @ByValArgumentShadowSmallAlignment
; CHECK: call void @llvm.memcpy.p0i8.p0i8.i64(i8* {{.*}}, i8* {{.*}}, i64 2, i32 2, i1 false)
; CHECK: ret i16
+
+
+; Check instrumentation of stores. The check must precede the shadow store.
+
+define void @Store(i32* nocapture %p, i32 %x) nounwind uwtable sanitize_memory {
+entry:
+ store i32 %x, i32* %p, align 4
+ ret void
+}
+
+; CHECK-LABEL: @Store
+; CHECK: load {{.*}} @__msan_param_tls
+; CHECK: icmp
+; CHECK: br i1
+; CHECK: <label>
+; CHECK: call void @__msan_warning_noreturn
+; CHECK: <label>
+; CHECK: store
+; CHECK: store i32 %x
+; CHECK: ret void
+
+
projects / llvm / commitdiff