Commit Graph

373 Commits

Author SHA1 Message Date
Walter Lee 6c529f7e96 [sanitizers] Add init function to set alignment of low level allocator
ASan requires that the min alignment be at least the shadow
granularity, so add an init function to do that.

Differential Revision: https://reviews.llvm.org/D39473

llvm-svn: 318717
2017-11-21 01:01:32 +00:00
Evgeniy Stepanov 0379d3f844 (NFC) Rename GetMax{,User}VirtualAddress.
Future change will introduce GetMaxVirtualAddress that will not take
the kernel area into account.

llvm-svn: 317638
2017-11-07 23:51:22 +00:00
Maxim Ostapenko 9d016b773b [asan/lsan] Make LSan compliant with recovery mode when running on top of ASan
Don't overwrite exit code in LSan when running on top of ASan in recovery mode
to avoid breakage of users code due to found leaks.

Patch by Slava Barinov.

Differential Revision: https://reviews.llvm.org/D38026

llvm-svn: 313966
2017-09-22 07:11:43 +00:00
Vitaly Buka 7030354744 [asan] Refactor thread creation bookkeeping
Summary:
This is a pure refactoring change.  It paves the way for OS-specific
implementations, such as Fuchsia's, that can do most of the
per-thread bookkeeping work in the creator thread before the new
thread actually starts.  This model is simpler and cleaner, avoiding
some race issues that the interceptor code for thread creation has
to do for the existing OS-specific implementations.

Submitted on behalf of Roland McGrath.

Reviewers: vitalybuka, alekseyshl, kcc

Reviewed By: alekseyshl

Subscribers: phosek, filcab, llvm-commits, kubamracek

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D36385

llvm-svn: 310432
2017-08-09 00:38:57 +00:00
Vitaly Buka 83832fe7db [asan] Complete the Fuchsia port
Submitted on behalf of Roland McGrath.

Reviewers: kcc, eugenis, alekseyshl, vitalybuka

Reviewed By: vitalybuka

Subscribers: filcab, vitalybuka, srhines, kubamracek, mgorny, phosek, llvm-commits

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D35865

llvm-svn: 310431
2017-08-09 00:21:45 +00:00
Kostya Serebryany 1ca948a2b4 Add new ASAN_OPTION: sleep_after_init.
Summary: As mentioned in https://github.com/google/sanitizers/issues/834, suggested option can be handy for debugging.

Reviewers: kcc

Reviewed By: kcc

Subscribers: llvm-commits, kubamracek

Differential Revision: https://reviews.llvm.org/D35409

llvm-svn: 309854
2017-08-02 18:48:45 +00:00
Vitaly Buka 0aeb0fe2ab [asan] Move shadow memory setup into its own file
Submitted on behalf of Roland McGrath.

Reviewers: vitalybuka, alekseyshl, kcc

Subscribers: kubamracek, mgorny, phosek, filcab, llvm-commits

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D36037

llvm-svn: 309542
2017-07-31 06:48:34 +00:00
Kuba Mracek c1e903be19 [asan] For iOS/AArch64, if the dynamic shadow doesn't fit, restrict the VM space
On iOS/AArch64, the address space is very limited and has a dynamic maximum address based on the configuration of the device. We're already using a dynamic shadow, and we find a large-enough "gap" in the VM where we place the shadow memory. In some cases and some device configuration, we might not be able to find a large-enough gap: E.g. if the main executable is linked against a large number of libraries that are not part of the system, these libraries can fragment the address space, and this happens before ASan starts initializing.

This patch has a solution, where we have a "backup plan" when we cannot find a large-enough gap: We will restrict the address space (via MmapFixedNoAccess) to a limit, for which the shadow limit will fit.

Differential Revision: https://reviews.llvm.org/D35098

llvm-svn: 307865
2017-07-12 23:29:21 +00:00
Kuba Mracek b6c6eaf226 [sanitizer] Add a 'print_module_map' flag which prints modules with UUIDs on Darwin
This patch add a new sanitizer flag, print_module_map, which enables printing a module map when the process exits, or after each report (for TSan). The output format is very similar to what Crash Reporter produces on Darwin (e.g. the format of module UUIDs). This enables users to use the existing symbol servers to offline symbolicate and aggregate reports.

Differential Revision: https://reviews.llvm.org/D27400

llvm-svn: 291277
2017-01-06 20:57:47 +00:00
Evgeniy Stepanov 37db58e9eb Expose thread local quarantine size as ASAN option.
Summary: Make thread local quarantine size an option so it can be turned off to save memory.

Reviewers: eugenis

Patch by Alex Shlyapnikov.

Subscribers: kubabrecka, llvm-commits

Differential Revision: https://reviews.llvm.org/D28027

llvm-svn: 290373
2016-12-22 21:43:22 +00:00
Kuba Mracek 87b3634615 [asan] Refactor shadow memory initialization out of AsanInitInternal [NFC]
Differential Revision: https://reviews.llvm.org/D27137

llvm-svn: 288072
2016-11-28 21:40:41 +00:00
Reid Kleckner 3137c81e56 Make __asan_handle_no_return a no-op during initialization
Some of our existing tests hang on the new Windows bot with this stack:

770, clang_rt.asan_dynamic-i386.dll!__asan::AsanTSDGet+0x3e
771, clang_rt.asan_dynamic-i386.dll!__asan::GetCurrentThread+0x9
772, clang_rt.asan_dynamic-i386.dll!__asan_handle_no_return+0xe
773, clang_rt.asan_dynamic-i386.dll!__asan_wrap__except_handler4_common+0x12
774, ntdll.dll!wcstombs+0xb0 (No unwind info)
775, ntdll.dll!ZwWow64CallFunction64+0x2001 (No unwind info)
776, ntdll.dll!ZwWow64CallFunction64+0x1fd3 (No unwind info)
777, ntdll.dll!KiUserExceptionDispatcher+0xf (No unwind info)
778, clang_rt.asan_dynamic-i386.dll!destroy_fls+0x13
779, ntdll.dll!RtlLockHeap+0xea (No unwind info)
780, ntdll.dll!LdrShutdownProcess+0x7f (No unwind info)
781, ntdll.dll!RtlExitUserProcess+0x81 (No unwind info)
782, kernel32.dll!ExitProcess+0x13 (No unwind info)
783, clang_rt.asan_dynamic-i386.dll!__sanitizer::internal__exit+0xc
784, clang_rt.asan_dynamic-i386.dll!__sanitizer::Die+0x3d
785, clang_rt.asan_dynamic-i386.dll!__asan::AsanInitInternal+0x50b
786, clang_rt.asan_dynamic-i386.dll!__asan::Allocator::Allocate+0x1c
787, clang_rt.asan_dynamic-i386.dll!__asan::Allocator::Calloc+0x43

We hang because AsanDie tries to defend against multi-threaded death by
infinite looping if someone is already exiting. We might want to
reconsider that, but one easy way to avoid getting here is not to let
our noreturn interceptors call back into fragile parts of ASan.

llvm-svn: 284067
2016-10-12 22:33:57 +00:00
Kostya Serebryany 3aacfafaad [asan] When protect_shadow_gap=0, set up the shadow for the shadow gap. This is needed to support NVIDIA CUDA drivers. Unfortunately, I don't know how to test it properly with CUDA on a public build bot, so adding a test that emulates the CUDA behavior.
llvm-svn: 283270
2016-10-04 23:39:58 +00:00
Etienne Bergeron c07e576968 [compiler-rt] Add support for the dynamic shadow allocation
Summary:
This patch is adding support for dynamic shadow allocation.

This is a merge and re-commit of the following patches.

```
[compiler-rt] Fix Asan build on Android
  https://reviews.llvm.org/D24768
[compiler-rt] Add support for the dynamic shadow allocation
  https://reviews.llvm.org/D23363
```

This patch needed to re-land at the same time:
```
[asan] Support dynamic shadow address instrumentation
  https://reviews.llvm.org/D23354
```

Reviewers: rnk, zaks.anna

Subscribers: tberghammer, danalbert, kubabrecka, dberris, chrisha, llvm-commits

Differential Revision: https://reviews.llvm.org/D25104

llvm-svn: 282882
2016-09-30 17:47:34 +00:00
Nico Weber b097c8fa2b revert 282085, 281909, they broke 32-bit dynamic ASan and the sanitizer-windows bot
llvm-svn: 282096
2016-09-21 18:22:43 +00:00
Etienne Bergeron d34ee76993 [compiler-rt] Fix Asan build on Android
Summary:
The dynamic shadow code is not detected correctly on Android.
The android shadow seems to start at address zero.

The bug is introduced here:
  https://reviews.llvm.org/D23363

Started here: https://build.chromium.org/p/chromium.fyi/builders/ClangToTAndroidASan/builds/4029
Likely due to an asan runtime change, filed https://llvm.org/bugs/show_bug.cgi?id=30462


From asan_mapping.h:
```
#if SANITIZER_WORDSIZE == 32
#  if SANITIZER_ANDROID
#    define SHADOW_OFFSET (0)   <<---- HERE
#  elif defined(__mips__)
```
Shadow address on android is 0.

From asan_rtl.c:
```
  if (shadow_start == 0) {
    [...]
    shadow_start = FindAvailableMemoryRange(space_size, alignment, granularity);
  }
```
We assumed that 0 is dynamic address.

On windows, the address was determined with:
```
#  elif SANITIZER_WINDOWS64
#   define SHADOW_OFFSET __asan_shadow_memory_dynamic_address
#  else
```
and __asan_shadow_memory_dynamic_address is initially zero.

Reviewers: rnk, eugenis, vitalybuka

Subscribers: kcc, tberghammer, danalbert, kubabrecka, dberris, llvm-commits, chrisha

Differential Revision: https://reviews.llvm.org/D24768

llvm-svn: 282085
2016-09-21 16:32:14 +00:00
Etienne Bergeron 130a190bf0 [compiler-rt] Add support for the dynamic shadow allocation
Summary:
This patch is adding the needed code to compiler-rt to support
dynamic shadow.

This is to support this patch:
  https://reviews.llvm.org/D23354

It's adding support for using a shadow placed at a dynamic address determined
at runtime.

The dynamic shadow is required to work on windows 64-bits.

Reviewers: rnk, kcc, vitalybuka

Subscribers: kubabrecka, dberris, llvm-commits, chrisha

Differential Revision: https://reviews.llvm.org/D23363

llvm-svn: 281909
2016-09-19 15:59:01 +00:00
Vitaly Buka ac644fa917 [asan] Remove runtime flag detect_stack_use_after_scope
Summary:
We are going to use store instructions to poison some allocas.
Runtime flag will require branching in instrumented code on every lifetime
intrinsic. We'd like to avoid that.

Reviewers: eugenis

Subscribers: llvm-commits, kubabrecka

Differential Revision: https://reviews.llvm.org/D23967

llvm-svn: 279981
2016-08-29 17:16:59 +00:00
Vitaly Buka 1396b9f072 [asan] Add __asan_set_shadow_*
Summary:
We are poisoning small allocas using store instruction from instrumented code.
For larger allocas we'd like to insert function calls instead of multiple stores.

PR27453

Reviewers: kcc, eugenis

Subscribers: llvm-commits, kubabrecka

Differential Revision: https://reviews.llvm.org/D23616

llvm-svn: 279019
2016-08-18 00:56:11 +00:00
Vitaly Buka 9f9c089fe2 Add detect_stack_use_after_scope runtime flag
Summary: This flag could be used to disable check in runtime.

Subscribers: kubabrecka

Differential Revision: https://reviews.llvm.org/D22495

llvm-svn: 276004
2016-07-19 18:11:08 +00:00
Etienne Bergeron 1128db8fe1 [asan] Add exception handler to map memory on demand on Win64.
Memory will be committed on demand when exception happens while accessing
shadow memeory region.

Patch by: Wei Wang
Differential Revision: http://reviews.llvm.org/D21942

llvm-svn: 275107
2016-07-11 21:40:59 +00:00
Kuba Brecka 688c3d3bf1 [asan] Turn LSan-related #if’s into regular if’s in ASan initializer
Removing some preprocessor #if’s in favor of regular if’s. However, we need to declare empty stub functions to avoid linker errors.

Differential Revision: http://reviews.llvm.org/D20911

llvm-svn: 272047
2016-06-07 19:13:38 +00:00
Etienne Bergeron 7a1bafd6ae This patch attempts to primitive support for Win64 asan
Some known issues are:

When "head" include instructions that involve branching, the "cut and paste" approach may break down in a way that function interception still work but calling back the original function does not work.
The jmp [rip -8] saves some bytes in the "head" but finding the safe zone of 0xCC is not implemented yet. So it may stomp on preceding codes.
The shadow offset is not working yet on Win64. More complexity maybe involved since there are some differences regarding virtual address space between Window 8 and Windows 8.1/10.

Patch by: Wang Wei

Differential Revision: http://reviews.llvm.org/D20884

llvm-svn: 271915
2016-06-06 18:09:54 +00:00
Kuba Brecka 4087675948 Revert r270038 ("Change preprocessor `#if` to regular `if` for CAN_SANITIZE_LEAKS")
llvm-svn: 270044
2016-05-19 11:21:34 +00:00
Kuba Brecka b5cb227b98 [asan] Change preprocessor `#if` to regular `if` for CAN_SANITIZE_LEAKS
llvm-svn: 270038
2016-05-19 10:43:51 +00:00
Kuba Brecka daac6a0083 [sanitizer] Fix a crash when demangling Swift symbols, take 3
The previous patch (r269291) was reverted (commented out) because the patch caused leaks that
were detected by LSan and they broke some lit tests.  The actual reason was that dlsym allocates
an error string buffer in TLS, and some LSan lit tests are intentionally not scanning TLS for
root pointers.  This patch simply makes LSan ignore the allocation from dlsym, because it's
not interesting anyway.

llvm-svn: 269917
2016-05-18 13:00:20 +00:00
Mike Aizatsky 599eef49e5 [sanitizers] disabling LateInitialize call to fix the build.
http://reviews.llvm.org/rL269291 introduced a memory leak.
Disabling offending call temprorary rather than rolling back the chain
of CLs.

llvm-svn: 269799
2016-05-17 18:44:21 +00:00
Kuba Brecka 5bdf86ec7c [sanitizer] Fix a crash when demangling Swift symbols, take 2
To invoke the Swift demangler, we use dlsym to locate swift_demangle. However, dlsym malloc's storage and stores it in thread-local storage. Since allocations from the symbolizer are done with the system allocator (at least in TSan, interceptors are skipped when inside the symbolizer), we will crash when we try to deallocate later using the sanitizer allocator again.

To fix this, let's just not call dlsym from the demangler, and call it during initialization. The dlsym function calls malloc, so it needs to be only used after our allocator is initialized. Adding a Symbolizer::LateInitialize call that is only invoked after all other initializations.

Differential Revision: http://reviews.llvm.org/D20015

llvm-svn: 269291
2016-05-12 13:11:03 +00:00
Marcin Koscielnicki b7b5ac60c4 [sanitizer] [SystemZ] Abort if the kernel might be vulnerable to CVE-2016-2143.
In short, CVE-2016-2143 will crash the machine if a process uses both >4TB
virtual addresses and fork().  ASan, TSan, and MSan will, by necessity, map
a sizable chunk of virtual address space, which is much larger than 4TB.
Even worse, sanitizers will always use fork() for llvm-symbolizer when a bug
is detected.  Disable all three by aborting on process initialization if
the running kernel version is not known to contain a fix.

Unfortunately, there's no reliable way to detect the fix without crashing
the kernel.  So, we rely on whitelisting - I've included a list of upstream
kernel versions that will work.  In case someone uses a distribution kernel
or applied the fix themselves, an override switch is also included.

Differential Revision: http://reviews.llvm.org/D19576

llvm-svn: 267747
2016-04-27 17:42:00 +00:00
Kostya Serebryany 99ed605799 [sanitizer] rename MmapNoAccess to MmapFixedNoAccess; NFC
llvm-svn: 267253
2016-04-22 23:46:53 +00:00
Marcin Koscielnicki 0a91cf8a84 Revert "[sanitizer] [SystemZ] Abort if the kernel might be vulnerable to CVE-2016-2143."
This reverts commit r266297.

llvm-svn: 266470
2016-04-15 20:00:12 +00:00
Marcin Koscielnicki c8dda336bb [sanitizer] [SystemZ] Abort if the kernel might be vulnerable to CVE-2016-2143.
In short, CVE-2016-2143 will crash the machine if a process uses both >4TB
virtual addresses and fork().  ASan, TSan, and MSan will, by necessity, map
a sizable chunk of virtual address space, which is much larger than 4TB.
Even worse, sanitizers will always use fork() for llvm-symbolizer when a bug
is detected.  Disable all three by aborting on process initialization if
the running kernel version is not known to contain a fix.

Unfortunately, there's no reliable way to detect the fix without crashing
the kernel.  So, we rely on whitelisting - I've included a list of upstream
kernel versions that will work.  In case someone uses a distribution kernel
or applied the fix themselves, an override switch is also included.

Differential Revision: http://reviews.llvm.org/D18915

llvm-svn: 266297
2016-04-14 12:56:24 +00:00
Reid Kleckner 0765fbc332 [WinASan] Fix page size and mmap granularity confusion
We were erroneously reporting 16K as the page size on Windows because
the code that does the shadow mapping was using page size instead of
allocation granularity. After fixing that, we can resolve the FIXMEs in
the Windows implementations of GetPageSize and GetMmapGranularity by
calling GetSystemInfo instead of returning hard-coded, incorrect
answers.

llvm-svn: 261233
2016-02-18 17:58:22 +00:00
Alexander Potapenko 00bddf6406 [ASan] Fix the links to bugs and wikipages.
llvm-svn: 254735
2015-12-04 17:37:40 +00:00
Kostya Serebryany fb484cedb4 [asan] add an experimental flag protect_shadow_gap. If set to false, the shadow gap will not be mprotect-ed and all hell may break loose. But this makes CUDA's cuInit() pass.
llvm-svn: 253108
2015-11-14 00:50:23 +00:00
Yury Gribov 468d955b98 [ASan] Enable optional ASan recovery.
Differential Revision: http://reviews.llvm.org/D12318

llvm-svn: 252723
2015-11-11 11:59:38 +00:00
Adhemerval Zanella 18b2258c92 [compiler-rt] [asan] Use same shadow offset for aarch64
This patch makes ASAN for aarch64 use the same shadow offset for all
currently supported VMAs (39 and 42 bits).  The shadow offset is the
same for 39-bit (36).

llvm-svn: 252497
2015-11-09 18:05:24 +00:00
Vedant Kumar 59ba7b8cd1 [compiler-rt] Apply modernize-use-nullptr fixes in sanitizers
- Trim spaces.
- Use nullptr in place of 0 for pointer variables.
- Use '!p' in place of 'p == 0' for null pointer checks.
- Add blank lines to separate function definitions.
- Add 'extern "C"' or 'namespace foo' comments after the appropriate
  closing brackets

This is a continuation of work from 409b7b82. The focus here is on the
various sanitizers (not sanitizer_common, as before).

Patch by Eugene Zelenko!

Differential Revision: http://reviews.llvm.org/D13225

llvm-svn: 248966
2015-10-01 00:22:21 +00:00
Adhemerval Zanella 172cc32ef3 [sanitizer] Move CheckVMASize after flag initialization
llvm-svn: 247684
2015-09-15 13:22:54 +00:00
Adhemerval Zanella 0563686a1c [compiler-rt] [sanitizers] Add VMA size check at runtime
This patch adds a runtime check for asan, dfsan, msan, and tsan for
architectures that support multiple VMA size (like aarch64).  Currently
the check only prints a warning indicating which is the VMA built and
expected against the one detected at runtime.

llvm-svn: 247413
2015-09-11 13:55:00 +00:00
Alexey Samsonov 53b8750e7d [Sanitizers] Make abort_on_error common flag.
Summary:
Teach all sanitizers to call abort() instead of _exit() after printing
an error report, if requested. This behavior is the default on Mac OS.

Reviewers: kcc, kubabrecka

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D12332

llvm-svn: 246205
2015-08-27 20:40:24 +00:00
Alexey Samsonov ab229c13a6 [Sanitizer] Dump coverage if we're killing the program with __sanitizer::Die().
Previously we had to call __sanitizer_cov_dump() from tool-specific
callbacks - instead, let sanitizer_common library handle this in a
single place.

This is a re-application of r245770, with slightly different approach
taken.

llvm-svn: 245890
2015-08-24 22:21:47 +00:00
Alexey Samsonov b92aa0fc3f [Sanitizers] Allow to install several internal Die callbacks.
This is required to properly re-apply r245770:
1) We should be able to dump coverage in __sanitizer::Die() if coverage
   collection is turned on.
2) We don't want to explicitly do this in every single
   sanitizer that supports it.
3) We don't want to link in coverage (and therefore symbolization) bits
   into small sanitizers that don't support it (safestack).

The solution is to make InitializeCoverage() register its own Die()
callback that would call __sanitizer_cov_dump(). This callback should be
executed in addition to another tool-specific die callbacks (if there
are any).

llvm-svn: 245889
2015-08-24 22:21:44 +00:00
Alexey Samsonov 4369a3f4ad Revert r245770 and r245777.
These changes break both autoconf Mac OS X buildbot (linker errors
due to wrong Makefiles) and CMake buildbot (safestack test failures).

llvm-svn: 245784
2015-08-22 05:15:55 +00:00
Alexey Samsonov 8e38c71cb7 [Sanitizer] Dump coverage if we're killing the program with __sanitizer::Die().
Previously we had to call __sanitizer_cov_dump() from tool-specific
callbacks - instead, let sanitizer_common library handle this in a single place.

llvm-svn: 245770
2015-08-22 00:28:12 +00:00
Alexey Samsonov bb79b06f4e [Sanitizers] Unify the semantics and usage of "exitcode" runtime flag across all sanitizers.
Summary:
Merge "exitcode" flag from ASan, LSan, TSan and "exit_code" from MSan
into one entity. Additionally, make sure sanitizer_common now uses the
value of common_flags()->exitcode when dying on error, so that this
flag will automatically work for other sanitizers (UBSan and DFSan) as
well.

User-visible changes:
* "exit_code" MSan runtime flag is now deprecated. If explicitly
  specified, this flag will take precedence over "exitcode".
  The users are encouraged to migrate to the new version.
* __asan_set_error_exit_code() and __msan_set_exit_code() functions
  are removed. With few exceptions, we don't support changing runtime
  flags during program execution - we can't make them thread-safe.
  The users should use __sanitizer_set_death_callback()
  that would call _exit() with proper exit code instead.
* Plugin tools (LSan and UBSan) now inherit the exit code of the parent
  tool. In particular, this means that ASan would now crash the program
  with exit code "1" instead of "23" if it detects leaks.

Reviewers: kcc, eugenis

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D12120

llvm-svn: 245734
2015-08-21 20:49:37 +00:00
Evgeniy Stepanov aa91588b6c [asan] Try different values of the shadow gap start.
The number of unaccessible pages at the beginning of the address
space can differ between processes on the same machine. Try different
values at runtime to protect as much memory as possible.

llvm-svn: 244364
2015-08-07 22:38:44 +00:00
Kostya Serebryany cc9fd3cbe9 [sanitizer] 2-nd attempt. Add the flag handle_sigfpe that is default true to handle SIGFPE crashes same as SIGSEV crashes, patch by Karl Skomski. This time the test is enabled only on x86-64 (it broke on ARM)
llvm-svn: 244234
2015-08-06 17:52:54 +00:00
Renato Golin 4ae2e1f575 Revert "[sanitizer] Add the flag handle_sigfpe that is default true to handle SIGFPE crashes same as SIGSEV crashes, patch by Karl Skomski"
This reverts commit r244136, it was breaking the ARM bots for too long. We should investigate it offline.

llvm-svn: 244210
2015-08-06 12:42:46 +00:00
Kostya Serebryany ce1799a83f [sanitizer] Add the flag handle_sigfpe that is default true to handle SIGFPE crashes same as SIGSEV crashes, patch by Karl Skomski
llvm-svn: 244136
2015-08-05 21:19:11 +00:00