Merge "Fix a few bionic test failures caused by hwasan global instrumentation."

am: 3952113d90

Change-Id: I17d6e9c5448b081c6833af6fc1ec247c997bfc59

libc/private/WriteProtected.h

@@ -47,11 +47,11 @@ class WriteProtected {
   WriteProtectedContents<T> contents;
 
   int set_protection(int prot) {
-    auto addr = reinterpret_cast<uintptr_t>(&contents);
+    auto addr = &contents;
 #if __has_feature(hwaddress_sanitizer)
     // The mprotect system call does not currently untag pointers, so do it
     // ourselves.
-    addr &= (1ULL << 56) - 1;
+    addr = untag_address(addr);
 #endif
     return mprotect(reinterpret_cast<void*>(addr), PAGE_SIZE, prot);
   }

libc/private/bionic_macros.h

@@ -87,3 +87,12 @@ char (&ArraySizeHelper(T (&array)[N]))[N];  // NOLINT(readability/casting)
 #else
 #define __BIONIC_FALLTHROUGH
 #endif
+
+template <typename T>
+static inline T* untag_address(T* p) {
+#if defined(__aarch64__)
+  return reinterpret_cast<T*>(reinterpret_cast<uintptr_t>(p) & ((1ULL << 56) - 1));
+#else
+  return p;
+#endif
+}

libdl/libdl_cfi.cpp

@@ -44,11 +44,8 @@ extern "C" size_t __cfi_shadow_size() {
 }
 
 static uint16_t shadow_load(void* p) {
-  uintptr_t addr = reinterpret_cast<uintptr_t>(p);
-#ifdef __aarch64__
   // Untag the pointer to move it into the address space covered by the shadow.
-  addr &= (1ULL << 56) - 1;
-#endif
+  uintptr_t addr = reinterpret_cast<uintptr_t>(untag_address(p));
   uintptr_t ofs = CFIShadow::MemToShadowOffset(addr);
   if (ofs > CFIShadow::kShadowSize) return CFIShadow::kInvalidShadow;
   return *reinterpret_cast<uint16_t*>(shadow_base_storage.v + ofs);

linker/linker.cpp

@@ -952,7 +952,9 @@ static const ElfW(Sym)* dlsym_linear_lookup(android_namespace_t* ns,
 }
 
 soinfo* find_containing_library(const void* p) {
-  ElfW(Addr) address = reinterpret_cast<ElfW(Addr)>(p);
+  // Addresses within a library may be tagged if they point to globals. Untag
+  // them so that the bounds check succeeds.
+  ElfW(Addr) address = reinterpret_cast<ElfW(Addr)>(untag_address(p));
   for (soinfo* si = solist_get_head(); si != nullptr; si = si->next) {
     if (address < si->base || address - si->base >= si->size) {
       continue;
@@ -1902,13 +1904,13 @@ bool find_libraries(android_namespace_t* ns,
           // flag is set.
           link_extinfo = extinfo;
         }
+        if (__libc_shared_globals()->load_hook) {
+          __libc_shared_globals()->load_hook(si->load_bias, si->phdr, si->phnum);
+        }
         if (!si->link_image(global_group, local_group, link_extinfo, &relro_fd_offset) ||
             !get_cfi_shadow()->AfterLoad(si, solist_get_head())) {
           return false;
         }
-        if (__libc_shared_globals()->load_hook) {
-          __libc_shared_globals()->load_hook(si->load_bias, si->phdr, si->phnum);
-        }
       }
 
       return true;

tests/dlext_test.cpp

@@ -361,8 +361,10 @@ TEST_F(DlExtTest, ReservedRecursive) {
 
   uint32_t* taxicab_number = reinterpret_cast<uint32_t*>(dlsym(handle_, "dlopen_testlib_taxicab_number"));
   ASSERT_DL_NOTNULL(taxicab_number);
-  EXPECT_GE(reinterpret_cast<void*>(taxicab_number), start);
-  EXPECT_LT(reinterpret_cast<void*>(taxicab_number), reinterpret_cast<char*>(start) + kLibSize);
+  // Untag the pointer so that it can be compared with start, which will be untagged.
+  void* addr = reinterpret_cast<void*>(untag_address(taxicab_number));
+  EXPECT_GE(addr, start);
+  EXPECT_LT(addr, reinterpret_cast<char*>(start) + kLibSize);
   EXPECT_EQ(1729U, *taxicab_number);
 }
 

tests/libs/segment_gap_outer.lds

@@ -22,6 +22,6 @@ SECTIONS {
   # Place end_of_gap at the end of the gap.
   . = 0x1000000;
   .bss.end_of_gap : {
-    *(.bss.end_of_gap);
+    *(.bss.*end_of_gap*);
   }
 }