| 1 | // RUN: %clang %s -pie -fPIE -o %t && %run %t |
|---|
| 2 | // REQUIRES: x86_64-target-arch |
|---|
| 3 | |
|---|
| 4 | // FIXME: Fails Asan, as expected, with 5lvl page tables. |
|---|
| 5 | // UNSUPPORTED: x86_64-target-arch |
|---|
| 6 | |
|---|
| 7 | #include <assert.h> |
|---|
| 8 | #include <stdio.h> |
|---|
| 9 | #include <sys/mman.h> |
|---|
| 10 | |
|---|
| 11 | int main() { |
|---|
| 12 | for (int j = 0; j < 1024; j++) { |
|---|
| 13 | // Try 1TB offsets. This attempts to find memory addresses where the |
|---|
| 14 | // shadow mappings - which assume a 47-bit address space - are invalid. |
|---|
| 15 | unsigned long long target = (1ULL << 56) - (2 * 4096) - (j * (1ULL << 40)); |
|---|
| 16 | |
|---|
| 17 | // Since we don't use MAP_FIXED, mmap might return an address that is |
|---|
| 18 | // lower in the address space (due to sanitizer and/or kernel limits). |
|---|
| 19 | // That is fine - if the app is also restricted from making high |
|---|
| 20 | // allocations, then they are safe. |
|---|
| 21 | char* ptr = (char*) mmap (addr: (void*) target, len: 4096, PROT_READ | PROT_WRITE, |
|---|
| 22 | MAP_PRIVATE | MAP_ANONYMOUS, fd: -1, offset: 0); |
|---|
| 23 | printf (format: "Allocated at %p\n" , ptr); |
|---|
| 24 | |
|---|
| 25 | assert (ptr != MAP_FAILED); |
|---|
| 26 | for (int i = 0; i < 100; i++) { |
|---|
| 27 | ptr [i] = 0; |
|---|
| 28 | } |
|---|
| 29 | munmap (addr: ptr, len: 4096); |
|---|
| 30 | } |
|---|
| 31 | |
|---|
| 32 | return 0; |
|---|
| 33 | } |
|---|
| 34 | |
|---|
