MDEV-21239 ASAN use-after-poison in a server shutdown in innodb.innodb_buffer_pool_resize

If we manually poison memory region, ASAN requires that we manually unpoison it too. We didn't do it and munmap() didn't do it too. That was the issue. os_mem_free_large(): unpoison memory region. Just in case. https://github.com/google/sanitizers/issues/182 https://github.com/llvm/llvm-project/blob/86acaa9457d3957cbe303e1e801f1e727f66ca89/compiler-rt/include/sanitizer/asan_interface.h#L21

MDEV-21239 ASAN use-after-poison in a server shutdown in innodb.innodb_buffer_pool_resize
If we manually poison memory region, ASAN requires that we manually unpoison it too. We didn't do it and munmap() didn't do it too. That was the issue. os_mem_free_large(): unpoison memory region. Just in case. https://github.com/google/sanitizers/issues/182 https://github.com/llvm/llvm-project/blob/86acaa9457d3957cbe303e1e801f1e727f66ca89/compiler-rt/include/sanitizer/asan_interface.h#L21
f6b58d29 · Eugene Kosov · c3824766 · f6b58d29
Commit f6b58d29 authored Dec 20, 2019 by Eugene Kosov
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

storage/innobase/os/os0proc.cc storage/innobase/os/os0proc.cc +6 -0

No files found.
--- a/storage/innobase/os/os0proc.cc
+++ b/storage/innobase/os/os0proc.cc
@@ -157,6 +157,12 @@ os_mem_free_large(
 {
 	ut_a(os_total_large_mem_allocated >= size);

+	// We could have manually poisoned that memory for ASAN.
+	// And we must unpoison it by ourself as specified in documentation
+	// for __asan_poison_memory_region() in sanitizer/asan_interface.h
+	// munmap() doesn't do it for us automatically.
+	UNIV_MEM_ALLOC(ptr, size);
+
 #ifdef HAVE_LINUX_LARGE_PAGES
 	if (my_use_large_pages && opt_large_page_size && !shmdt(ptr)) {
 		my_atomic_addlint(