2019-02-27 23:44:03 +08:00
|
|
|
//===-- hwasan.cpp --------------------------------------------------------===//
|
2017-12-09 09:31:51 +08:00
|
|
|
//
|
2019-01-19 16:50:56 +08:00
|
|
|
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
|
|
|
|
// See https://llvm.org/LICENSE.txt for license information.
|
|
|
|
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
|
2017-12-09 09:31:51 +08:00
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
//
|
|
|
|
// This file is a part of HWAddressSanitizer.
|
|
|
|
//
|
|
|
|
// HWAddressSanitizer runtime.
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
#include "hwasan.h"
|
2020-06-10 02:57:24 +08:00
|
|
|
|
2018-12-20 17:10:03 +08:00
|
|
|
#include "hwasan_checks.h"
|
2019-02-01 07:37:12 +08:00
|
|
|
#include "hwasan_dynamic_shadow.h"
|
2020-06-10 02:57:24 +08:00
|
|
|
#include "hwasan_globals.h"
|
2021-11-02 22:59:16 +08:00
|
|
|
#include "hwasan_mapping.h"
|
2017-12-09 09:31:51 +08:00
|
|
|
#include "hwasan_poisoning.h"
|
2018-06-08 07:33:33 +08:00
|
|
|
#include "hwasan_report.h"
|
|
|
|
#include "hwasan_thread.h"
|
2018-09-25 07:03:34 +08:00
|
|
|
#include "hwasan_thread_list.h"
|
2017-12-09 09:31:51 +08:00
|
|
|
#include "sanitizer_common/sanitizer_atomic.h"
|
|
|
|
#include "sanitizer_common/sanitizer_common.h"
|
|
|
|
#include "sanitizer_common/sanitizer_flag_parser.h"
|
2018-12-20 17:10:03 +08:00
|
|
|
#include "sanitizer_common/sanitizer_flags.h"
|
2017-12-09 09:31:51 +08:00
|
|
|
#include "sanitizer_common/sanitizer_libc.h"
|
|
|
|
#include "sanitizer_common/sanitizer_procmaps.h"
|
2018-12-20 17:10:03 +08:00
|
|
|
#include "sanitizer_common/sanitizer_stackdepot.h"
|
2017-12-09 09:31:51 +08:00
|
|
|
#include "sanitizer_common/sanitizer_stacktrace.h"
|
|
|
|
#include "sanitizer_common/sanitizer_symbolizer.h"
|
|
|
|
#include "ubsan/ubsan_flags.h"
|
|
|
|
#include "ubsan/ubsan_init.h"
|
|
|
|
|
|
|
|
// ACHTUNG! No system header includes in this file.
|
|
|
|
|
|
|
|
using namespace __sanitizer;
|
|
|
|
|
|
|
|
namespace __hwasan {
|
|
|
|
|
|
|
|
static Flags hwasan_flags;
|
|
|
|
|
|
|
|
Flags *flags() {
|
|
|
|
return &hwasan_flags;
|
|
|
|
}
|
|
|
|
|
|
|
|
int hwasan_inited = 0;
|
2019-02-01 07:37:12 +08:00
|
|
|
int hwasan_instrumentation_inited = 0;
|
2017-12-09 09:31:51 +08:00
|
|
|
bool hwasan_init_is_running;
|
|
|
|
|
|
|
|
int hwasan_report_count = 0;
|
|
|
|
|
2021-07-10 06:14:20 +08:00
|
|
|
uptr kLowShadowStart;
|
|
|
|
uptr kLowShadowEnd;
|
|
|
|
uptr kHighShadowStart;
|
|
|
|
uptr kHighShadowEnd;
|
|
|
|
|
2017-12-09 09:31:51 +08:00
|
|
|
void Flags::SetDefaults() {
|
|
|
|
#define HWASAN_FLAG(Type, Name, DefaultValue, Description) Name = DefaultValue;
|
|
|
|
#include "hwasan_flags.inc"
|
|
|
|
#undef HWASAN_FLAG
|
|
|
|
}
|
|
|
|
|
|
|
|
static void RegisterHwasanFlags(FlagParser *parser, Flags *f) {
|
|
|
|
#define HWASAN_FLAG(Type, Name, DefaultValue, Description) \
|
|
|
|
RegisterFlag(parser, #Name, Description, &f->Name);
|
|
|
|
#include "hwasan_flags.inc"
|
|
|
|
#undef HWASAN_FLAG
|
|
|
|
}
|
|
|
|
|
|
|
|
static void InitializeFlags() {
|
|
|
|
SetCommonFlagsDefaults();
|
|
|
|
{
|
|
|
|
CommonFlags cf;
|
|
|
|
cf.CopyFrom(*common_flags());
|
|
|
|
cf.external_symbolizer_path = GetEnv("HWASAN_SYMBOLIZER_PATH");
|
|
|
|
cf.malloc_context_size = 20;
|
|
|
|
cf.handle_ioctl = true;
|
|
|
|
// FIXME: test and enable.
|
|
|
|
cf.check_printf = false;
|
|
|
|
cf.intercept_tls_get_addr = true;
|
|
|
|
cf.exitcode = 99;
|
2019-01-19 09:54:09 +08:00
|
|
|
// 8 shadow pages ~512kB, small enough to cover common stack sizes.
|
|
|
|
cf.clear_shadow_mmap_threshold = 4096 * (SANITIZER_ANDROID ? 2 : 8);
|
2018-09-06 06:46:19 +08:00
|
|
|
// Sigtrap is used in error reporting.
|
2018-02-22 03:52:23 +08:00
|
|
|
cf.handle_sigtrap = kHandleSignalExclusive;
|
2018-09-06 06:46:19 +08:00
|
|
|
|
|
|
|
#if SANITIZER_ANDROID
|
|
|
|
// Let platform handle other signals. It is better at reporting them then we
|
|
|
|
// are.
|
|
|
|
cf.handle_segv = kHandleSignalNo;
|
|
|
|
cf.handle_sigbus = kHandleSignalNo;
|
|
|
|
cf.handle_abort = kHandleSignalNo;
|
|
|
|
cf.handle_sigill = kHandleSignalNo;
|
|
|
|
cf.handle_sigfpe = kHandleSignalNo;
|
|
|
|
#endif
|
2017-12-09 09:31:51 +08:00
|
|
|
OverrideCommonFlags(cf);
|
|
|
|
}
|
|
|
|
|
|
|
|
Flags *f = flags();
|
|
|
|
f->SetDefaults();
|
|
|
|
|
|
|
|
FlagParser parser;
|
|
|
|
RegisterHwasanFlags(&parser, f);
|
|
|
|
RegisterCommonFlags(&parser);
|
|
|
|
|
|
|
|
#if HWASAN_CONTAINS_UBSAN
|
|
|
|
__ubsan::Flags *uf = __ubsan::flags();
|
|
|
|
uf->SetDefaults();
|
|
|
|
|
|
|
|
FlagParser ubsan_parser;
|
|
|
|
__ubsan::RegisterUbsanFlags(&ubsan_parser, uf);
|
|
|
|
RegisterCommonFlags(&ubsan_parser);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
// Override from user-specified string.
|
|
|
|
if (__hwasan_default_options)
|
|
|
|
parser.ParseString(__hwasan_default_options());
|
|
|
|
#if HWASAN_CONTAINS_UBSAN
|
2020-09-05 10:19:20 +08:00
|
|
|
const char *ubsan_default_options = __ubsan_default_options();
|
2017-12-09 09:31:51 +08:00
|
|
|
ubsan_parser.ParseString(ubsan_default_options);
|
|
|
|
#endif
|
|
|
|
|
2019-06-15 09:37:14 +08:00
|
|
|
parser.ParseStringFromEnv("HWASAN_OPTIONS");
|
2017-12-09 09:31:51 +08:00
|
|
|
#if HWASAN_CONTAINS_UBSAN
|
2019-06-15 09:37:14 +08:00
|
|
|
ubsan_parser.ParseStringFromEnv("UBSAN_OPTIONS");
|
2017-12-09 09:31:51 +08:00
|
|
|
#endif
|
|
|
|
|
|
|
|
InitializeCommonFlags();
|
|
|
|
|
|
|
|
if (Verbosity()) ReportUnrecognizedFlags();
|
|
|
|
|
|
|
|
if (common_flags()->help) parser.PrintFlagDescriptions();
|
|
|
|
}
|
|
|
|
|
2021-05-11 16:18:48 +08:00
|
|
|
static void CheckUnwind() {
|
|
|
|
GET_FATAL_STACK_TRACE_PC_BP(StackTrace::GetCurrentPc(), GET_CURRENT_FRAME());
|
|
|
|
stack.Print();
|
[HWASan] Port HWASan to Linux x86-64 (compiler-rt)
Summary:
Porting HWASan to Linux x86-64, first of the three patches, compiler-rt part.
The approach is similar to ARM case, trap signal is used to communicate
memory tag check failure. int3 instruction is used to generate a signal,
access parameters are stored in nop [eax + offset] instruction immediately
following the int3 one
Had to add HWASan init on malloc because, due to much less interceptors
defined (most other sanitizers intercept much more and get initalized
via one of those interceptors or don't care about malloc), HWASan was not
initialized yet when libstdc++ was trying to allocate memory for its own
fixed-size heap, which led to CHECK-fail in AllocateFromLocalPool.
Also added the CHECK() failure handler with more detailed message and
stack reporting.
Reviewers: eugenis
Subscribers: kubamracek, dberris, mgorny, kristof.beyls, delcypher, #sanitizers, llvm-commits
Differential Revision: https://reviews.llvm.org/D44705
llvm-svn: 328385
2018-03-24 07:38:04 +08:00
|
|
|
}
|
|
|
|
|
2018-09-08 08:11:12 +08:00
|
|
|
static void HwasanFormatMemoryUsage(InternalScopedString &s) {
|
2018-09-25 07:03:34 +08:00
|
|
|
HwasanThreadList &thread_list = hwasanThreadList();
|
|
|
|
auto thread_stats = thread_list.GetThreadStats();
|
2021-09-29 02:20:18 +08:00
|
|
|
auto sds = StackDepotGetStats();
|
2018-09-07 06:08:41 +08:00
|
|
|
AllocatorStatCounters asc;
|
|
|
|
GetAllocatorStats(asc);
|
2018-09-08 08:11:12 +08:00
|
|
|
s.append(
|
2018-09-07 06:08:41 +08:00
|
|
|
"HWASAN pid: %d rss: %zd threads: %zd stacks: %zd"
|
|
|
|
" thr_aux: %zd stack_depot: %zd uniq_stacks: %zd"
|
2018-09-08 08:11:12 +08:00
|
|
|
" heap: %zd",
|
2018-09-07 06:08:41 +08:00
|
|
|
internal_getpid(), GetRSS(), thread_stats.n_live_threads,
|
|
|
|
thread_stats.total_stack_size,
|
2018-09-25 07:03:34 +08:00
|
|
|
thread_stats.n_live_threads * thread_list.MemoryUsedPerThread(),
|
2021-09-29 02:20:18 +08:00
|
|
|
sds.allocated, sds.n_uniq_ids, asc[AllocatorStatMapped]);
|
2018-09-08 08:11:12 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
#if SANITIZER_ANDROID
|
2021-03-17 07:33:04 +08:00
|
|
|
static constexpr uptr kMemoryUsageBufferSize = 4096;
|
|
|
|
|
2018-09-08 08:11:12 +08:00
|
|
|
static char *memory_usage_buffer = nullptr;
|
|
|
|
|
|
|
|
static void InitMemoryUsage() {
|
|
|
|
memory_usage_buffer =
|
|
|
|
(char *)MmapOrDie(kMemoryUsageBufferSize, "memory usage string");
|
|
|
|
CHECK(memory_usage_buffer);
|
|
|
|
memory_usage_buffer[0] = '\0';
|
2019-02-06 09:14:50 +08:00
|
|
|
DecorateMapping((uptr)memory_usage_buffer, kMemoryUsageBufferSize,
|
|
|
|
memory_usage_buffer);
|
2018-09-07 06:08:41 +08:00
|
|
|
}
|
|
|
|
|
2018-09-08 08:11:12 +08:00
|
|
|
void UpdateMemoryUsage() {
|
|
|
|
if (!flags()->export_memory_stats)
|
|
|
|
return;
|
|
|
|
if (!memory_usage_buffer)
|
|
|
|
InitMemoryUsage();
|
2021-03-17 07:33:04 +08:00
|
|
|
InternalScopedString s;
|
2018-09-08 08:11:12 +08:00
|
|
|
HwasanFormatMemoryUsage(s);
|
|
|
|
internal_strncpy(memory_usage_buffer, s.data(), kMemoryUsageBufferSize - 1);
|
|
|
|
memory_usage_buffer[kMemoryUsageBufferSize - 1] = '\0';
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
void UpdateMemoryUsage() {}
|
|
|
|
#endif
|
|
|
|
|
2021-06-04 05:22:37 +08:00
|
|
|
void HwasanAtExit() {
|
|
|
|
if (common_flags()->print_module_map)
|
|
|
|
DumpProcessMap();
|
|
|
|
if (flags()->print_stats && (flags()->atexit || hwasan_report_count > 0))
|
|
|
|
ReportStats();
|
|
|
|
if (hwasan_report_count > 0) {
|
|
|
|
// ReportAtExitStatistics();
|
|
|
|
if (common_flags()->exitcode)
|
|
|
|
internal__exit(common_flags()->exitcode);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void HandleTagMismatch(AccessInfo ai, uptr pc, uptr frame, void *uc,
|
|
|
|
uptr *registers_frame) {
|
|
|
|
InternalMmapVector<BufferedStackTrace> stack_buffer(1);
|
|
|
|
BufferedStackTrace *stack = stack_buffer.data();
|
|
|
|
stack->Reset();
|
|
|
|
stack->Unwind(pc, frame, uc, common_flags()->fast_unwind_on_fatal);
|
|
|
|
|
|
|
|
// The second stack frame contains the failure __hwasan_check function, as
|
|
|
|
// we have a stack frame for the registers saved in __hwasan_tag_mismatch that
|
|
|
|
// we wish to ignore. This (currently) only occurs on AArch64, as x64
|
|
|
|
// implementations use SIGTRAP to implement the failure, and thus do not go
|
|
|
|
// through the stack saver.
|
|
|
|
if (registers_frame && stack->trace && stack->size > 0) {
|
|
|
|
stack->trace++;
|
|
|
|
stack->size--;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool fatal = flags()->halt_on_error || !ai.recover;
|
|
|
|
ReportTagMismatch(stack, ai.addr, ai.size, ai.is_store, fatal,
|
|
|
|
registers_frame);
|
|
|
|
}
|
|
|
|
|
|
|
|
void HwasanTagMismatch(uptr addr, uptr access_info, uptr *registers_frame,
|
|
|
|
size_t outsize) {
|
|
|
|
__hwasan::AccessInfo ai;
|
|
|
|
ai.is_store = access_info & 0x10;
|
|
|
|
ai.is_load = !ai.is_store;
|
|
|
|
ai.recover = access_info & 0x20;
|
|
|
|
ai.addr = addr;
|
|
|
|
if ((access_info & 0xf) == 0xf)
|
|
|
|
ai.size = outsize;
|
|
|
|
else
|
|
|
|
ai.size = 1 << (access_info & 0xf);
|
|
|
|
|
|
|
|
HandleTagMismatch(ai, (uptr)__builtin_return_address(0),
|
|
|
|
(uptr)__builtin_frame_address(0), nullptr, registers_frame);
|
|
|
|
__builtin_unreachable();
|
|
|
|
}
|
|
|
|
|
2021-06-24 07:18:44 +08:00
|
|
|
Thread *GetCurrentThread() {
|
|
|
|
uptr *ThreadLongPtr = GetCurrentThreadLongPtr();
|
|
|
|
if (UNLIKELY(*ThreadLongPtr == 0))
|
|
|
|
return nullptr;
|
|
|
|
auto *R = (StackAllocationsRingBuffer *)ThreadLongPtr;
|
|
|
|
return hwasanThreadList().GetThreadByBufferAddress((uptr)R->Next());
|
|
|
|
}
|
|
|
|
|
2019-02-01 07:37:12 +08:00
|
|
|
} // namespace __hwasan
|
|
|
|
|
2019-08-07 06:07:29 +08:00
|
|
|
using namespace __hwasan;
|
|
|
|
|
2019-03-02 06:10:49 +08:00
|
|
|
void __sanitizer::BufferedStackTrace::UnwindImpl(
|
|
|
|
uptr pc, uptr bp, void *context, bool request_fast, u32 max_depth) {
|
2019-02-28 06:16:02 +08:00
|
|
|
Thread *t = GetCurrentThread();
|
|
|
|
if (!t) {
|
2020-05-08 07:22:21 +08:00
|
|
|
// The thread is still being created, or has already been destroyed.
|
2019-03-02 06:10:49 +08:00
|
|
|
size = 0;
|
2019-02-28 06:16:02 +08:00
|
|
|
return;
|
|
|
|
}
|
2020-01-17 10:10:03 +08:00
|
|
|
Unwind(max_depth, pc, bp, context, t->stack_top(), t->stack_bottom(),
|
|
|
|
request_fast);
|
2019-02-28 06:16:02 +08:00
|
|
|
}
|
|
|
|
|
2020-06-10 02:57:24 +08:00
|
|
|
static bool InitializeSingleGlobal(const hwasan_global &global) {
|
|
|
|
uptr full_granule_size = RoundDownTo(global.size(), 16);
|
|
|
|
TagMemoryAligned(global.addr(), full_granule_size, global.tag());
|
|
|
|
if (global.size() % 16)
|
|
|
|
TagMemoryAligned(global.addr() + full_granule_size, 16, global.size() % 16);
|
|
|
|
return false;
|
2019-08-07 06:07:29 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void InitLoadedGlobals() {
|
|
|
|
dl_iterate_phdr(
|
2020-06-10 02:57:24 +08:00
|
|
|
[](dl_phdr_info *info, size_t /* size */, void * /* data */) -> int {
|
|
|
|
for (const hwasan_global &global : HwasanGlobalsFor(
|
|
|
|
info->dlpi_addr, info->dlpi_phdr, info->dlpi_phnum))
|
|
|
|
InitializeSingleGlobal(global);
|
2019-08-07 06:07:29 +08:00
|
|
|
return 0;
|
|
|
|
},
|
|
|
|
nullptr);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Prepare to run instrumented code on the main thread.
|
|
|
|
static void InitInstrumentation() {
|
|
|
|
if (hwasan_instrumentation_inited) return;
|
|
|
|
|
2021-07-09 06:32:20 +08:00
|
|
|
InitializeOsSupport();
|
2019-10-18 04:32:54 +08:00
|
|
|
|
2019-08-07 06:07:29 +08:00
|
|
|
if (!InitShadow()) {
|
|
|
|
Printf("FATAL: HWAddressSanitizer cannot mmap the shadow memory.\n");
|
|
|
|
DumpProcessMap();
|
|
|
|
Die();
|
|
|
|
}
|
|
|
|
|
|
|
|
InitThreads();
|
|
|
|
|
|
|
|
hwasan_instrumentation_inited = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Interface.
|
2019-02-01 07:37:12 +08:00
|
|
|
|
|
|
|
uptr __hwasan_shadow_memory_dynamic_address; // Global interface symbol.
|
|
|
|
|
2019-06-28 07:16:13 +08:00
|
|
|
// This function was used by the old frame descriptor mechanism. We keep it
|
|
|
|
// around to avoid breaking ABI.
|
|
|
|
void __hwasan_init_frames(uptr beg, uptr end) {}
|
2018-10-23 08:50:40 +08:00
|
|
|
|
2019-02-01 07:37:12 +08:00
|
|
|
void __hwasan_init_static() {
|
|
|
|
InitShadowGOT();
|
|
|
|
InitInstrumentation();
|
2019-08-07 06:07:29 +08:00
|
|
|
|
|
|
|
// In the non-static code path we call dl_iterate_phdr here. But at this point
|
|
|
|
// libc might not have been initialized enough for dl_iterate_phdr to work.
|
|
|
|
// Fortunately, since this is a statically linked executable we can use the
|
|
|
|
// linker-defined symbol __ehdr_start to find the only relevant set of phdrs.
|
|
|
|
extern ElfW(Ehdr) __ehdr_start;
|
2020-06-10 02:57:24 +08:00
|
|
|
for (const hwasan_global &global : HwasanGlobalsFor(
|
|
|
|
/* base */ 0,
|
|
|
|
reinterpret_cast<const ElfW(Phdr) *>(
|
|
|
|
reinterpret_cast<const char *>(&__ehdr_start) +
|
|
|
|
__ehdr_start.e_phoff),
|
|
|
|
__ehdr_start.e_phnum))
|
|
|
|
InitializeSingleGlobal(global);
|
2019-02-01 07:37:12 +08:00
|
|
|
}
|
|
|
|
|
2021-08-05 02:03:24 +08:00
|
|
|
__attribute__((constructor(0))) void __hwasan_init() {
|
2017-12-09 09:31:51 +08:00
|
|
|
CHECK(!hwasan_init_is_running);
|
|
|
|
if (hwasan_inited) return;
|
|
|
|
hwasan_init_is_running = 1;
|
|
|
|
SanitizerToolName = "HWAddressSanitizer";
|
|
|
|
|
2021-04-06 07:00:18 +08:00
|
|
|
InitTlsSize();
|
|
|
|
|
2017-12-09 09:31:51 +08:00
|
|
|
CacheBinaryName();
|
|
|
|
InitializeFlags();
|
|
|
|
|
[HWASan] Port HWASan to Linux x86-64 (compiler-rt)
Summary:
Porting HWASan to Linux x86-64, first of the three patches, compiler-rt part.
The approach is similar to ARM case, trap signal is used to communicate
memory tag check failure. int3 instruction is used to generate a signal,
access parameters are stored in nop [eax + offset] instruction immediately
following the int3 one
Had to add HWASan init on malloc because, due to much less interceptors
defined (most other sanitizers intercept much more and get initalized
via one of those interceptors or don't care about malloc), HWASan was not
initialized yet when libstdc++ was trying to allocate memory for its own
fixed-size heap, which led to CHECK-fail in AllocateFromLocalPool.
Also added the CHECK() failure handler with more detailed message and
stack reporting.
Reviewers: eugenis
Subscribers: kubamracek, dberris, mgorny, kristof.beyls, delcypher, #sanitizers, llvm-commits
Differential Revision: https://reviews.llvm.org/D44705
llvm-svn: 328385
2018-03-24 07:38:04 +08:00
|
|
|
// Install tool-specific callbacks in sanitizer_common.
|
2021-05-11 16:18:48 +08:00
|
|
|
SetCheckUnwindCallback(CheckUnwind);
|
[HWASan] Port HWASan to Linux x86-64 (compiler-rt)
Summary:
Porting HWASan to Linux x86-64, first of the three patches, compiler-rt part.
The approach is similar to ARM case, trap signal is used to communicate
memory tag check failure. int3 instruction is used to generate a signal,
access parameters are stored in nop [eax + offset] instruction immediately
following the int3 one
Had to add HWASan init on malloc because, due to much less interceptors
defined (most other sanitizers intercept much more and get initalized
via one of those interceptors or don't care about malloc), HWASan was not
initialized yet when libstdc++ was trying to allocate memory for its own
fixed-size heap, which led to CHECK-fail in AllocateFromLocalPool.
Also added the CHECK() failure handler with more detailed message and
stack reporting.
Reviewers: eugenis
Subscribers: kubamracek, dberris, mgorny, kristof.beyls, delcypher, #sanitizers, llvm-commits
Differential Revision: https://reviews.llvm.org/D44705
llvm-svn: 328385
2018-03-24 07:38:04 +08:00
|
|
|
|
2017-12-09 09:31:51 +08:00
|
|
|
__sanitizer_set_report_path(common_flags()->log_path);
|
|
|
|
|
2018-12-13 06:10:52 +08:00
|
|
|
AndroidTestTlsSlot();
|
|
|
|
|
2017-12-09 09:31:51 +08:00
|
|
|
DisableCoreDumperIfNecessary();
|
2018-09-25 07:03:34 +08:00
|
|
|
|
2019-02-01 07:37:12 +08:00
|
|
|
InitInstrumentation();
|
2019-08-07 06:07:29 +08:00
|
|
|
InitLoadedGlobals();
|
2018-09-25 07:03:34 +08:00
|
|
|
|
2019-02-01 07:37:12 +08:00
|
|
|
// Needs to be called here because flags()->random_tags might not have been
|
|
|
|
// initialized when InitInstrumentation() was called.
|
[HWASan] Ensure RNG is initialized in GenerateRandomTag
Fixes a CHECK-failure caused by glibc's pthread_getattr_np
implementation calling realloc. Essentially, Thread::GenerateRandomTag
gets called during Thread::Init and before Thread::InitRandomState:
HWAddressSanitizer: CHECK failed: hwasan_thread.cpp:134 "((random_buffer_)) != (0)" (0x0, 0x0) (tid=314)
#0 0x55845475a662 in __hwasan::CheckUnwind()
#1 0x558454778797 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long)
#2 0x558454766461 in __hwasan::Thread::GenerateRandomTag(unsigned long)
#3 0x55845475c58b in __hwasan::HwasanAllocate(__sanitizer::StackTrace*, unsigned long, unsigned long, bool)
#4 0x55845475c80a in __hwasan::hwasan_realloc(void*, unsigned long, __sanitizer::StackTrace*)
#5 0x5584547608aa in realloc
#6 0x7f6f3a3d8c2c in pthread_getattr_np
#7 0x5584547790dc in __sanitizer::GetThreadStackTopAndBottom(bool, unsigned long*, unsigned long*)
#8 0x558454779651 in __sanitizer::GetThreadStackAndTls(bool, unsigned long*, unsigned long*, unsigned long*, unsigned long*)
#9 0x558454761bca in __hwasan::Thread::InitStackAndTls(__hwasan::Thread::InitState const*)
#10 0x558454761e5c in __hwasan::HwasanThreadList::CreateCurrentThread(__hwasan::Thread::InitState const*)
#11 0x55845476184f in __hwasan_thread_enter
#12 0x558454760def in HwasanThreadStartFunc(void*)
#13 0x7f6f3a3d6fa2 in start_thread
#14 0x7f6f3a15b4ce in __clone
Also reverts 7a3fb71c3cbdd80666335fa8f6f071b43f0b922a, as it's now
unneeded.
Reviewed By: vitalybuka
Differential Revision: https://reviews.llvm.org/D113045
2021-11-09 22:52:32 +08:00
|
|
|
GetCurrentThread()->EnsureRandomStateInited();
|
2018-09-25 07:03:34 +08:00
|
|
|
|
2018-11-10 05:54:03 +08:00
|
|
|
SetPrintfAndReportCallback(AppendToErrorMessageBuffer);
|
2018-08-17 05:56:04 +08:00
|
|
|
// This may call libc -> needs initialized shadow.
|
|
|
|
AndroidLogInit();
|
|
|
|
|
2018-06-26 01:27:13 +08:00
|
|
|
InitializeInterceptors();
|
|
|
|
InstallDeadlySignalHandlers(HwasanOnDeadlySignal);
|
|
|
|
InstallAtExitHandler(); // Needs __cxa_atexit interceptor.
|
|
|
|
|
2017-12-09 09:31:51 +08:00
|
|
|
InitializeCoverage(common_flags()->coverage, common_flags()->coverage_dir);
|
|
|
|
|
[hwasan] Add a (almost) no-interceptor mode.
Summary:
The idea behind this change is to allow sanitization of libc. We are prototyping on Bionic,
but the tool interface will be general enough (or at least generalizable) to support any other libc.
When libc depends on libclang_rt.hwasan, the latter can not interpose libc functions.
In fact, majority of interceptors become unnecessary when libc code is instrumented.
This change gets rid of most hwasan interceptors and provides interface for libc to notify
hwasan about thread creation and destruction events. Some interceptors (pthread_create)
are kept under #ifdef to enable testing with uninstrumented libc. They are expressed in
terms of the new libc interface.
The new cmake switch, COMPILER_RT_HWASAN_WITH_INTERCEPTORS, ON by default, builds testing
version of the library with the aforementioned pthread_create interceptor.
With the OFF setting, the library becomes more of a libc plugin.
Reviewers: vitalybuka, kcc, jfb
Subscribers: srhines, kubamracek, mgorny, jfb, llvm-commits
Differential Revision: https://reviews.llvm.org/D50922
llvm-svn: 340216
2018-08-21 05:49:15 +08:00
|
|
|
HwasanTSDInit();
|
2018-09-25 07:03:34 +08:00
|
|
|
HwasanTSDThreadInit();
|
2017-12-09 09:31:51 +08:00
|
|
|
|
|
|
|
HwasanAllocatorInit();
|
2021-08-14 08:09:10 +08:00
|
|
|
HwasanInstallAtForkHandler();
|
2017-12-09 09:31:51 +08:00
|
|
|
|
|
|
|
#if HWASAN_CONTAINS_UBSAN
|
|
|
|
__ubsan::InitAsPlugin();
|
|
|
|
#endif
|
|
|
|
|
|
|
|
VPrintf(1, "HWAddressSanitizer init done\n");
|
|
|
|
|
|
|
|
hwasan_init_is_running = 0;
|
|
|
|
hwasan_inited = 1;
|
|
|
|
}
|
|
|
|
|
2019-08-07 06:07:29 +08:00
|
|
|
void __hwasan_library_loaded(ElfW(Addr) base, const ElfW(Phdr) * phdr,
|
|
|
|
ElfW(Half) phnum) {
|
2020-06-10 02:57:24 +08:00
|
|
|
for (const hwasan_global &global : HwasanGlobalsFor(base, phdr, phnum))
|
|
|
|
InitializeSingleGlobal(global);
|
2019-08-07 06:07:29 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void __hwasan_library_unloaded(ElfW(Addr) base, const ElfW(Phdr) * phdr,
|
|
|
|
ElfW(Half) phnum) {
|
|
|
|
for (; phnum != 0; ++phdr, --phnum)
|
|
|
|
if (phdr->p_type == PT_LOAD)
|
|
|
|
TagMemory(base + phdr->p_vaddr, phdr->p_memsz, 0);
|
|
|
|
}
|
|
|
|
|
2018-08-15 08:39:35 +08:00
|
|
|
void __hwasan_print_shadow(const void *p, uptr sz) {
|
2018-08-30 06:21:22 +08:00
|
|
|
uptr ptr_raw = UntagAddr(reinterpret_cast<uptr>(p));
|
2018-08-30 06:42:16 +08:00
|
|
|
uptr shadow_first = MemToShadow(ptr_raw);
|
|
|
|
uptr shadow_last = MemToShadow(ptr_raw + sz - 1);
|
2018-08-15 08:39:35 +08:00
|
|
|
Printf("HWASan shadow map for %zx .. %zx (pointer tag %x)\n", ptr_raw,
|
|
|
|
ptr_raw + sz, GetTagFromPointer((uptr)p));
|
2021-11-02 22:59:16 +08:00
|
|
|
for (uptr s = shadow_first; s <= shadow_last; ++s) {
|
|
|
|
tag_t mem_tag = *reinterpret_cast<tag_t *>(s);
|
|
|
|
uptr granule_addr = ShadowToMem(s);
|
|
|
|
if (mem_tag && mem_tag < kShadowAlignment)
|
|
|
|
Printf(" %zx: %02x(%02x)\n", granule_addr, mem_tag,
|
|
|
|
*reinterpret_cast<tag_t *>(granule_addr + kShadowAlignment - 1));
|
|
|
|
else
|
|
|
|
Printf(" %zx: %02x\n", granule_addr, mem_tag);
|
|
|
|
}
|
2017-12-09 09:31:51 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
sptr __hwasan_test_shadow(const void *p, uptr sz) {
|
|
|
|
if (sz == 0)
|
|
|
|
return -1;
|
|
|
|
tag_t ptr_tag = GetTagFromPointer((uptr)p);
|
2018-08-30 06:21:22 +08:00
|
|
|
uptr ptr_raw = UntagAddr(reinterpret_cast<uptr>(p));
|
2018-08-30 06:42:16 +08:00
|
|
|
uptr shadow_first = MemToShadow(ptr_raw);
|
|
|
|
uptr shadow_last = MemToShadow(ptr_raw + sz - 1);
|
2017-12-09 09:31:51 +08:00
|
|
|
for (uptr s = shadow_first; s <= shadow_last; ++s)
|
2019-01-21 17:51:10 +08:00
|
|
|
if (*(tag_t *)s != ptr_tag) {
|
|
|
|
sptr offset = ShadowToMem(s) - ptr_raw;
|
|
|
|
return offset < 0 ? 0 : offset;
|
|
|
|
}
|
2017-12-09 09:31:51 +08:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
u16 __sanitizer_unaligned_load16(const uu16 *p) {
|
|
|
|
return *p;
|
|
|
|
}
|
|
|
|
u32 __sanitizer_unaligned_load32(const uu32 *p) {
|
|
|
|
return *p;
|
|
|
|
}
|
|
|
|
u64 __sanitizer_unaligned_load64(const uu64 *p) {
|
|
|
|
return *p;
|
|
|
|
}
|
|
|
|
void __sanitizer_unaligned_store16(uu16 *p, u16 x) {
|
|
|
|
*p = x;
|
|
|
|
}
|
|
|
|
void __sanitizer_unaligned_store32(uu32 *p, u32 x) {
|
|
|
|
*p = x;
|
|
|
|
}
|
|
|
|
void __sanitizer_unaligned_store64(uu64 *p, u64 x) {
|
|
|
|
*p = x;
|
|
|
|
}
|
|
|
|
|
2018-04-19 06:05:18 +08:00
|
|
|
void __hwasan_loadN(uptr p, uptr sz) {
|
2017-12-21 03:05:44 +08:00
|
|
|
CheckAddressSized<ErrorAction::Abort, AccessType::Load>(p, sz);
|
|
|
|
}
|
|
|
|
void __hwasan_load1(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Abort, AccessType::Load, 0>(p);
|
|
|
|
}
|
|
|
|
void __hwasan_load2(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Abort, AccessType::Load, 1>(p);
|
|
|
|
}
|
|
|
|
void __hwasan_load4(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Abort, AccessType::Load, 2>(p);
|
|
|
|
}
|
|
|
|
void __hwasan_load8(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Abort, AccessType::Load, 3>(p);
|
|
|
|
}
|
|
|
|
void __hwasan_load16(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Abort, AccessType::Load, 4>(p);
|
|
|
|
}
|
|
|
|
|
2018-04-19 06:05:18 +08:00
|
|
|
void __hwasan_loadN_noabort(uptr p, uptr sz) {
|
2017-12-21 03:05:44 +08:00
|
|
|
CheckAddressSized<ErrorAction::Recover, AccessType::Load>(p, sz);
|
|
|
|
}
|
|
|
|
void __hwasan_load1_noabort(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Recover, AccessType::Load, 0>(p);
|
|
|
|
}
|
|
|
|
void __hwasan_load2_noabort(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Recover, AccessType::Load, 1>(p);
|
|
|
|
}
|
|
|
|
void __hwasan_load4_noabort(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Recover, AccessType::Load, 2>(p);
|
|
|
|
}
|
|
|
|
void __hwasan_load8_noabort(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Recover, AccessType::Load, 3>(p);
|
|
|
|
}
|
|
|
|
void __hwasan_load16_noabort(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Recover, AccessType::Load, 4>(p);
|
|
|
|
}
|
|
|
|
|
2018-04-19 06:05:18 +08:00
|
|
|
void __hwasan_storeN(uptr p, uptr sz) {
|
2017-12-21 03:05:44 +08:00
|
|
|
CheckAddressSized<ErrorAction::Abort, AccessType::Store>(p, sz);
|
|
|
|
}
|
|
|
|
void __hwasan_store1(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Abort, AccessType::Store, 0>(p);
|
|
|
|
}
|
|
|
|
void __hwasan_store2(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Abort, AccessType::Store, 1>(p);
|
|
|
|
}
|
|
|
|
void __hwasan_store4(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Abort, AccessType::Store, 2>(p);
|
|
|
|
}
|
|
|
|
void __hwasan_store8(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Abort, AccessType::Store, 3>(p);
|
|
|
|
}
|
|
|
|
void __hwasan_store16(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Abort, AccessType::Store, 4>(p);
|
|
|
|
}
|
|
|
|
|
2018-04-19 06:05:18 +08:00
|
|
|
void __hwasan_storeN_noabort(uptr p, uptr sz) {
|
2017-12-21 03:05:44 +08:00
|
|
|
CheckAddressSized<ErrorAction::Recover, AccessType::Store>(p, sz);
|
|
|
|
}
|
|
|
|
void __hwasan_store1_noabort(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Recover, AccessType::Store, 0>(p);
|
|
|
|
}
|
|
|
|
void __hwasan_store2_noabort(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Recover, AccessType::Store, 1>(p);
|
|
|
|
}
|
|
|
|
void __hwasan_store4_noabort(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Recover, AccessType::Store, 2>(p);
|
|
|
|
}
|
|
|
|
void __hwasan_store8_noabort(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Recover, AccessType::Store, 3>(p);
|
|
|
|
}
|
|
|
|
void __hwasan_store16_noabort(uptr p) {
|
|
|
|
CheckAddress<ErrorAction::Recover, AccessType::Store, 4>(p);
|
|
|
|
}
|
2017-12-09 09:31:51 +08:00
|
|
|
|
2018-01-12 06:53:30 +08:00
|
|
|
void __hwasan_tag_memory(uptr p, u8 tag, uptr sz) {
|
|
|
|
TagMemoryAligned(p, sz, tag);
|
|
|
|
}
|
|
|
|
|
2018-08-15 08:39:35 +08:00
|
|
|
uptr __hwasan_tag_pointer(uptr p, u8 tag) {
|
|
|
|
return AddTagToPointer(p, tag);
|
|
|
|
}
|
|
|
|
|
2018-08-17 07:17:14 +08:00
|
|
|
void __hwasan_handle_longjmp(const void *sp_dst) {
|
|
|
|
uptr dst = (uptr)sp_dst;
|
|
|
|
// HWASan does not support tagged SP.
|
|
|
|
CHECK(GetTagFromPointer(dst) == 0);
|
|
|
|
|
|
|
|
uptr sp = (uptr)__builtin_frame_address(0);
|
|
|
|
static const uptr kMaxExpectedCleanupSize = 64 << 20; // 64M
|
|
|
|
if (dst < sp || dst - sp > kMaxExpectedCleanupSize) {
|
|
|
|
Report(
|
|
|
|
"WARNING: HWASan is ignoring requested __hwasan_handle_longjmp: "
|
|
|
|
"stack top: %p; target %p; distance: %p (%zd)\n"
|
|
|
|
"False positive error reports may follow\n",
|
|
|
|
(void *)sp, (void *)dst, dst - sp);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
TagMemory(sp, dst - sp, 0);
|
|
|
|
}
|
|
|
|
|
[hwasan, asan] Intercept vfork.
Summary:
Intercept vfork on arm, aarch64, i386 and x86_64.
Reviewers: pcc, vitalybuka
Subscribers: kubamracek, mgorny, javed.absar, krytarowski, kristof.beyls, #sanitizers, llvm-commits
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D58533
llvm-svn: 355030
2019-02-28 05:11:50 +08:00
|
|
|
void __hwasan_handle_vfork(const void *sp_dst) {
|
|
|
|
uptr sp = (uptr)sp_dst;
|
|
|
|
Thread *t = GetCurrentThread();
|
|
|
|
CHECK(t);
|
|
|
|
uptr top = t->stack_top();
|
|
|
|
uptr bottom = t->stack_bottom();
|
2019-03-01 04:43:24 +08:00
|
|
|
if (top == 0 || bottom == 0 || sp < bottom || sp >= top) {
|
[hwasan, asan] Intercept vfork.
Summary:
Intercept vfork on arm, aarch64, i386 and x86_64.
Reviewers: pcc, vitalybuka
Subscribers: kubamracek, mgorny, javed.absar, krytarowski, kristof.beyls, #sanitizers, llvm-commits
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D58533
llvm-svn: 355030
2019-02-28 05:11:50 +08:00
|
|
|
Report(
|
|
|
|
"WARNING: HWASan is ignoring requested __hwasan_handle_vfork: "
|
|
|
|
"stack top: %zx; current %zx; bottom: %zx \n"
|
|
|
|
"False positive error reports may follow\n",
|
|
|
|
top, sp, bottom);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
TagMemory(bottom, sp - bottom, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
extern "C" void *__hwasan_extra_spill_area() {
|
|
|
|
Thread *t = GetCurrentThread();
|
|
|
|
return &t->vfork_spill();
|
|
|
|
}
|
|
|
|
|
2018-09-08 08:11:12 +08:00
|
|
|
void __hwasan_print_memory_usage() {
|
2021-03-17 07:33:04 +08:00
|
|
|
InternalScopedString s;
|
2018-09-08 08:11:12 +08:00
|
|
|
HwasanFormatMemoryUsage(s);
|
|
|
|
Printf("%s\n", s.data());
|
|
|
|
}
|
2018-09-07 06:08:41 +08:00
|
|
|
|
2021-06-18 23:10:41 +08:00
|
|
|
static const u8 kFallbackTag = 0xBB & kTagMask;
|
2018-01-13 09:32:15 +08:00
|
|
|
|
|
|
|
u8 __hwasan_generate_tag() {
|
2018-08-30 08:13:20 +08:00
|
|
|
Thread *t = GetCurrentThread();
|
2018-01-13 09:32:15 +08:00
|
|
|
if (!t) return kFallbackTag;
|
|
|
|
return t->GenerateRandomTag();
|
|
|
|
}
|
|
|
|
|
2017-12-09 09:31:51 +08:00
|
|
|
#if !SANITIZER_SUPPORTS_WEAK_HOOKS
|
|
|
|
extern "C" {
|
|
|
|
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
|
|
|
|
const char* __hwasan_default_options() { return ""; }
|
|
|
|
} // extern "C"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
extern "C" {
|
|
|
|
SANITIZER_INTERFACE_ATTRIBUTE
|
|
|
|
void __sanitizer_print_stack_trace() {
|
|
|
|
GET_FATAL_STACK_TRACE_PC_BP(StackTrace::GetCurrentPc(), GET_CURRENT_FRAME());
|
|
|
|
stack.Print();
|
|
|
|
}
|
2021-07-09 06:49:04 +08:00
|
|
|
|
|
|
|
// Entry point for interoperability between __hwasan_tag_mismatch (ASM) and the
|
|
|
|
// rest of the mismatch handling code (C++).
|
|
|
|
void __hwasan_tag_mismatch4(uptr addr, uptr access_info, uptr *registers_frame,
|
|
|
|
size_t outsize) {
|
|
|
|
__hwasan::HwasanTagMismatch(addr, access_info, registers_frame, outsize);
|
|
|
|
}
|
|
|
|
|
2017-12-09 09:31:51 +08:00
|
|
|
} // extern "C"
|