Summary:
Fixes Bug 32434
See https://bugs.llvm.org/show_bug.cgi?id=32434
Short summary:
std::rethrow_exception does not use __cxa_throw to rethrow the exception, so if
it is called from uninstrumented code, it will leave the stack poisoned. This
can lead to false positives.
Long description:
For functions which don't return normally (e.g. via exceptions), asan needs to
unpoison the entire stack. It is not known before a call to such a function
where execution will continue, some function which don't contain cleanup code
like destructors might be skipped. After stack unwinding, execution might
continue in uninstrumented code.
If the stack has been poisoned before such a function is called, but the stack
is unwound during the unconventional return, then zombie redzones (entries) for
no longer existing stack variables can remain in the shadow memory. Normally,
this is avoided by asan generating a call to asan_handle_no_return before all
functions marked as [[noreturn]]. This asan_handle_no_return unpoisons the
entire stack. Since these [[noreturn]] functions can be called from
uninstrumented code, asan also introduces interceptor functions which call
asan_handle_no_return before running the original [[noreturn]] function;
for example, cxa_throw is intercepted.
If a [[noreturn]] function is called from uninstrumented code (so the stack is
left poisoned) and additionally, execution continues in uninstrumented code, new
stack variables might be introduced and overlap with the stack variables
which have been removed during stack unwinding. Since the redzones are not
cleared nor overwritten by uninstrumented code, they remain but now contain
invalid data.
Now, if the redzones are checked against the new stack variables, false
positive reports can occur. This can happen for example by the uninstrumented
code calling an intercepted function such as memcpy, or an instrumented
function.
Intercepting std::rethrow_exception directly is not easily possible since it
depends on the C++ standard library implementation (e.g. libcxx vs libstdc++)
and the mangled name it produces for this function. As a rather simple
workaround, we're intercepting _Unwind_RaiseException for libstdc++. For
libcxxabi, we can intercept the ABI function __cxa_rethrow_primary_exception.
Patch by Robert Schneider.
Reviewers: kcc, eugenis, alekseyshl, vitalybuka
Reviewed By: vitalybuka
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D42644
llvm-svn: 326132
FindAvailableMemoryRange can currently overwrite existing memory (by restricting the VM below addresses that are already used). This patch adds a check to make sure we don't restrict the VM space too much. We are also now more explicit about why the lookup failed and print out verbose values.
Differential Revision: https://reviews.llvm.org/D43318
llvm-svn: 326106
Summary:
Print current stack on CHECK violation to aid debugging and
match other sanitizers functionality.
Reviewers: eugenis
Subscribers: delcypher, llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D43692
llvm-svn: 326105
Summary:
Start making the Scudo tests less Linux-y:
- `malloc_usable_size` doesn't exist everywhere, so replace them with
`__sanitizer_get_allocated_size` which we provide;
- move all the `memalign` related tests into `memalign.c` since it's also not
available everywhere.
I also noticed that the `memalign.c` was missing a line in one of the loops.
Reviewers: alekseyshl
Reviewed By: alekseyshl
Subscribers: delcypher, #sanitizers, llvm-commits
Differential Revision: https://reviews.llvm.org/D43393
llvm-svn: 326100
`ubsan_minimal` makes use of the `_sanitizer::atomic_load` function.
This function uses the `DCHECK` macro which in debug builds will use
the `_sanitizer::CheckFailed` function.
This function is part of `sanitizer_common` but `ubsan_minimal` doesn't
use this so the implementation is missing which leads to link failures
on macOS when trying to link `libclang_rt.ubsan_minimal_osx_dynamic.dylib`.
This is in contrast to the BFD linker on Linux which doesn't seem to care
about the missing symbol.
A basic implementation of `_sanitizer::CheckFailed` has been added to
the `ubsan_minimal` debug build to avoid the link error. The
implementation could definitely be improved but I don't know which
functions can be used in this context so I decided to restrict myself to
functions only being used in `ubsan_minimal` already.
llvm-svn: 326032
Summary:
Interceptors initialization may need to allocate memory. So if we initialize too
early we can crash in non initialized allocator.
Reviewers: pcc, eugenis
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D43669
llvm-svn: 326025
Summary:
The setlocale(3) function reloads the ctype(3) arrays from
external files. This happens behind the scenes in the internals
of libc (citrus library, runes functions etc).
ctype(3) functions like isspace(3) can be provided with two
variations on NetBSD: inlined or via a global symbol in libc:
```
#if defined(_NETBSD_SOURCE) && !defined(_CTYPE_NOINLINE) && \
!defined(__cplusplus)
#include <sys/ctype_inline.h>
#else
#include <sys/ctype_bits.h>
#endif
```
The in-lined versions are de-facto array lookup operations.
```
#define isspace(c) ((int)((_ctype_tab_ + 1)[(c)] & _CTYPE_S))
```
After setting setlocale(3) the ctype(3) arrays (_ctype_tab_,
_toupper_tab_, _tolower_tab_) are reload behind the scenes
and they are required to be marked as initialized.
Set them initialized inside the common setlocale(3) interceptor.
The arrays are of size of 257 elements: 0..255 + 1 (EOF).
This corrects errors on NetBSD/amd64 in applications
prebuilt with MSan.
Sponsored by <The NetBSD Foundation>
Reviewers: vitalybuka, dvyukov, joerg
Reviewed By: vitalybuka
Subscribers: llvm-commits, kubamracek, #sanitizers
Tags: #sanitizers
Differential Revision: https://reviews.llvm.org/D42020
llvm-svn: 326008
Summary:
There are applications out there which allocate more than 1 << 18 large chunks
of memory (those handled by LargeMmapAllocator, aka secondary allocator).
For 64 bits, secondary allocator stores allocated chunks in a growing on
demand region of memory, growing in blocks of 128K, up to 1 << 20 chunks total.
Sanitizer internal allocator's secondary uses fixed size array storing up
to 1 << 15 chunks (down to 256K from 2Mb of memory used for that array).
Nothing is changed for 32 bits, chunks are still stored in the fixed size
array (up to 1 << 15 chunks).
Reviewers: eugenis
Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits
Differential Revision: https://reviews.llvm.org/D43693
llvm-svn: 326007
Reported on a buildbot:
Error in XFAIL list:
couldn't parse text: '| arm || aarch64 || mips'
in expression: 'freebsd | arm || aarch64 || mips'
Add || in the place of |
Fallout from D43382
llvm-svn: 325751
Summary:
The Unix subdirectory mostly allows only on Linux x86_64 but now we can target x86_64 arch in general.
Patch by David CARLIER
Reviewers: krytarowski, dberris, emaste
Reviewed By: krytarowski, dberris, emaste
Subscribers: emaste, llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D43382
llvm-svn: 325743
This patch changes hwasan inline instrumentation:
Fixes address untagging for shadow address calculation (use 0xFF instead of 0x00 for the top byte).
Emits brk instruction instead of hlt for the kernel and user space.
Use 0x900 instead of 0x100 for brk immediate (0x100 - 0x800 are unavailable in the kernel).
Fixes and adds appropriate tests.
Patch by Andrey Konovalov.
Differential Revision: https://reviews.llvm.org/D43135
llvm-svn: 325711
Summary:
Child thread may finish before pthread_setname_np() and/or
pthread_getname_np() had a chance to run, which causes these functions
to fail with ENOENT (meaning /proc/self/task/[tid]/comm doesn't exist).
Fix by stalling child thread on a mutex.
Reviewers: eugenis
Reviewed By: eugenis
Subscribers: llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D43548
llvm-svn: 325703
Summary: No supported oses normally compiled that code (or not for a long time) probably never caught it.
Patch by: David CARLIER
Reviewers: vitalybuka, krytarowski
Reviewed By: vitalybuka
Subscribers: kubamracek, llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D43502
llvm-svn: 325664
Summary:
forkpty(3) and openpty(3) are part of `-lutil` and we don't intend to reimplement
this system library in sanitizers. Everybody using these functions will need to use
a precompiled library against MSan or other desired sanitizer.
Restrict these functions to Linux-only.
Sponsored by <The NetBSD Foundation>
Reviewers: joerg, vitalybuka
Reviewed By: vitalybuka
Subscribers: llvm-commits, #sanitizers
Tags: #sanitizers
Differential Revision: https://reviews.llvm.org/D43490
llvm-svn: 325585
Summary:
Use uniform accessors for Program Pointer,
Stack Pointer and Frame Pointer.
Remove CPU check in UBSan supported platforms
and rely only on the OS type.
This adds NetBSD support in GetPcSpBp() for:
- ARM
- ARM64
- HPPA
- PowerPC/PowerPC64
- SPARC/SPARC64
- MIPS
- DEC Alpha AXP
- DEC VAX
- M68K and M68010
- SH3
- IA64
- OR1K
- RISCV
Sponsored by <The NetBSD Foundation>
Reviewers: joerg, vitalybuka, ro
Reviewed By: vitalybuka
Subscribers: aemerson, jyknight, sdardis, kubamracek, arichardson, llvm-commits, kristof.beyls, fedor.sergeev, #sanitizers
Tags: #sanitizers
Differential Revision: https://reviews.llvm.org/D43021
llvm-svn: 325431
The original change broke a llvm-clang-lld-x86_64-debian setup.
This change will be investigated and reintroduced in future.
Original commit:
"Add Xray instrumentation support to FreeBSD"
https://reviews.llvm.org/D43278
llvm-svn: 325309
It looks like get_bits_for_arch doesn't recognize "arm64" as a 64-bit architecture, and it actually matches the "arm" regexp, which marks it as 32-bit. Let's fix that by matching the 64-bit list first and addin "arm64" into the list.
Differential Revision: https://reviews.llvm.org/D43155
llvm-svn: 325300
NetBSD ships now with netbsd_syscall_hooks.h and requires support
for TSan specific features to be enabled.
This is follow up of:
D42048: Add NetBSD syscall hooks skeleton in sanitizers
Sponsored by <The NetBSD Foundation>
llvm-svn: 325245
Summary:
- Enabling the build.
- Using assembly for the cpuid parts.
- Using thr_self FreeBSD call to get the thread id
Patch by: David CARLIER
Reviewers: dberris, rnk, krytarowski
Reviewed By: dberris, krytarowski
Subscribers: emaste, stevecheckoway, nglevin, srhines, kubamracek, dberris, mgorny, krytarowski, llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D43278
llvm-svn: 325240
Summary:
Introduce handling of 1200 NetBSD specific ioctl(2) calls.
Over 100 operations are disabled as unavailable or conflicting
with the existing ones (the same operation number).
Add a script that generates the rules to detect ioctls on NetBSD.
The generate_netbsd_ioctls.awk script has been written
in NetBSD awk(1) (patched nawk) and is compatible with gawk.
Generate lib/sanitizer_common/sanitizer_interceptors_ioctl_netbsd.inc
with the awk(1) script.
Update sanitizer_platform_limits_netbsd accordingly to add the needed
definitions.
Sponsored by <The NetBSD Foundation>
Reviewers: joerg, vitalybuka, eugenis, dvyukov
Reviewed By: vitalybuka
Subscribers: kubamracek, llvm-commits, mgorny, fedor.sergeev, #sanitizers
Tags: #sanitizers
Differential Revision: https://reviews.llvm.org/D41636
llvm-svn: 325212
Summary:
Implement the skeleton of NetBSD syscall hooks for use with sanitizers.
Add a script that generates the rules to handle syscalls
on NetBSD: generate_netbsd_syscalls.awk. It has been written
in NetBSD awk(1) (patched nawk) and is compatible with gawk.
Generate lib/sanitizer_common/sanitizer_platform_limits_netbsd.h
that is a public header for applications, and included as:
<sanitizer_common/sanitizer_platform_limits_netbsd.h>.
Generate sanitizer_syscalls_netbsd.inc that defines all the
syscall rules for NetBSD. This file is modeled after the Linux
specific file: sanitizer_common_syscalls.inc.
Start recognizing NetBSD syscalls with existing sanitizers:
ASan, ESan, HWASan, TSan, MSan.
Sponsored by <The NetBSD Foundation>
Reviewers: joerg, vitalybuka, kcc, dvyukov, eugenis
Reviewed By: vitalybuka
Subscribers: hintonda, kubamracek, mgorny, llvm-commits, #sanitizers
Tags: #sanitizers
Differential Revision: https://reviews.llvm.org/D42048
llvm-svn: 325206
Summary:
Pretty straightforward, returning the `WorkingSetSize` of a
`PROCESS_MEMORY_COUNTERS` structure. AFAIU, `GetProcessMemoryInfo` is in
`kernel32.lib` for Windows 7 and above. Support for earlier Windows versions
would require `psapi.lib`, but I don't think those are supported by ASan?
Reviewers: alekseyshl, rnk, vitalybuka
Reviewed By: vitalybuka
Subscribers: vitalybuka, kubamracek, delcypher, llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D42822
llvm-svn: 325020
Summary:
- Reland rL324263, this time allowing for a compile-time decision as to whether
or not use the 32-bit division. A single test is using a class map covering
a maximum size greater than 4GB, this can be checked via the template
parameters, and allows SizeClassAllocator64PopulateFreeListOOM to pass;
- `MaxCachedHint` is always called on a class id for which we have already
computed the size, but we still recompute `Size(class_id)`. Change the
prototype of the function to work on sizes instead of class ids. This also
allows us to get rid of the `kBatchClassID` special case. Update the callers
accordingly;
- `InitCache` and `Drain` will start iterating at index 1: index 0 contents are
unused and can safely be left to be 0. Plus we do not pay the cost of going
through an `UNLIKELY` in `MaxCachedHint`, and touching memory that is
otherwise not used;
- `const` some variables in the areas modified;
- Remove an spurious extra line at the end of a file.
Reviewers: alekseyshl, tl0gic, dberris
Reviewed By: alekseyshl, dberris
Subscribers: dberris, kubamracek, delcypher, llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D43088
llvm-svn: 324906
Currently NanoTime() on Darwin is unimplemented and always returns 0. Looks like there's quite a few things broken because of that (TSan periodic memory flush, ASan allocator releasing pages back to the OS). Let's fix that.
Differential Revision: https://reviews.llvm.org/D40665
llvm-svn: 324847
On Darwin, we currently use forkpty to communicate with the "atos" symbolizer. There are several problems that fork or forkpty has, e.g. that after fork, interceptors are still active and this sometimes causes crashes or hangs. This is especially problematic for TSan, which uses interceptors for OS-provided locks and mutexes, and even Libc functions use those.
This patch replaces forkpty with posix_spawn. Since posix_spawn doesn't fork (at least on Darwin), the interceptors are not a problem. Additionally, this also fixes a latent threading problem with ptsname (it's unsafe to use this function in multithreaded programs). Yet another benefit is that we'll handle post-fork failures (e.g. sandbox disallows "exec") gracefully now.
Differential Revision: https://reviews.llvm.org/D40032
llvm-svn: 324846
textdomain is a part of -lintl on BSDs. In GLIBC it's in libc.
We assume that -lintl will need to be rebuilt with sanitizers
in order to sanitize programs using its features.
This is a proper continuation of D41013.
The original patch has been reverted (adding -lintl).
llvm-svn: 324810
Summary:
Allow for options to be defined at compile time, like is already the case for
other sanitizers, via `SCUDO_DEFAULT_OPTIONS`.
Reviewers: alekseyshl, dberris
Reviewed By: alekseyshl, dberris
Subscribers: kubamracek, delcypher, llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D42980
llvm-svn: 324620
gcc resolves `__builtin_c?z` to `__c?zdi2` which leads to infinite
recursion. This problem has been observed for sparc64, mips64 and riscv.
Presumably this happens whenever an arch without dedicated bit counting
instructions is targeted. This patch provides a workaround.
Differential revision: https://reviews.llvm.org/D42902
llvm-svn: 324593
The test expects to see the pattern "load add store" twice
in a row.
However the test contains actually several instances of this pattern.
Currently the first pattern appears in the output twice.
But after LLVM change https://reviews.llvm.org/D42691 some addtional
modification is done and one of another pattern has been hoisted in
function entry block.
As a result we have another order of meeting this pattern.
The test is updated to meet this change.
llvm-svn: 324571
Vitaly Buka