Commit Graph

784 Commits

Author SHA1 Message Date
Ilya Leoshkevich 5f5fb56c68 [compiler-rt] Intercept the uname() function
Summary:
Move interceptor from msan to sanitizer_common_interceptors.inc, so that
other sanitizers could benefit.

Adjust FixedCVE_2016_2143() to deal with the intercepted uname().

Patch by Ilya Leoshkevich.

Reviewers: eugenis, vitalybuka, uweigand, jonpa

Reviewed By: eugenis, vitalybuka

Subscribers: dberris, krytarowski, #sanitizers, stefansf, Andreas-Krebbel

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D76578
2020-03-23 12:59:38 -07:00
Ilya Leoshkevich c985b244ee [MSan] Simulate OOM in mmap_interceptor()
Summary:
Some kernels can provide 16EiB worth of mappings to each process, which
causes mmap test to run for a very long time. In order to make it stop
after a few seconds, make mmap_interceptor() fail when the original
mmap() returns an address which is outside of the application range.

Reviewers: eugenis

Reviewed By: eugenis

Subscribers: #sanitizers, Andreas-Krebbel, stefansf, jonpa, uweigand

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D76426
2020-03-19 13:33:45 -07:00
Dan Liew 4c39f34199 [SanitizerCommon] Print the current value of options when printing out help.
Summary:
Previously it wasn't obvious what the default value of various sanitizer
options were. A very close approximation of the "default values" for the
options are the current value of the options at the time of printing the
help output.

In the case that no other options are provided then the current values
are the default values (apart from `help`).

```
ASAN_OPTIONS=help=1 ./program
```

This patch causes the current option values to be printed when the
`help` output is enabled. The original intention for this patch was to append
`(Default: <value>)` to an option's help text. However because this
is technically wrong (and misleading) I've opted to append
`(Current Value: <value>)` instead.

When trying to implement a way of displaying the default value of the
options I tried another solution where the default value used in `*.inc` files
were used to create compile time strings that where used when printing
the help output. This solution was not satisfactory for several reasons:

* Stringifying the default values with the preprocessor did not work very
well in several cases.  Some options contain boolean operators which no
amount of macro expansion can get rid of.
* It was much more invasive than this patch. Every sanitizer had to be changed.
* The settings of `__<sanitizer>_default_options()` are ignored.

For those reasons I opted for the solution in this patch.

rdar://problem/42567204

Reviewers: kubamracek, yln, kcc, dvyukov, vitalybuka, cryptoad, eugenis, samsonov

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69546
2019-11-14 14:04:34 -08:00
Kamil Rytarowski 858b15cb9c [compiler-rt] [msan] Correct the __libc_thr_keycreate prototype
Fixes build with GCC8.
2019-11-04 01:10:59 +01:00
Evgenii Stepanov 2f856a36e0 [msan] Blacklist __gxx_personality_v0.
Summary:
Fixes https://bugs.llvm.org/show_bug.cgi?id=31877.
Fixes https://github.com/google/sanitizers/issues/1155.

Enables exceptions in msan/tsan buid of libcxx, and in msan tests.

-fdepfile-entry stuff is a workaround for
https://reviews.llvm.org/D69290 (default blacklist missing from -MMD
output).

Reviewers: pcc, dvyukov

Subscribers: mgorny, christof, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69587
2019-10-31 10:22:52 -07:00
Matt Morehouse 7904bd9409 [sanitizer_common] Create max_allocation_size_mb flag.
Summary:
The flag allows the user to specify a maximum allocation size that the
sanitizers will honor.  Any larger allocations will return nullptr or
crash depending on allocator_may_return_null.

Reviewers: kcc, eugenis

Reviewed By: kcc, eugenis

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69576
2019-10-30 11:26:05 -07:00
Vitaly Buka d39e7e2cf1 [compiler-rt] Use GetNextInstructionPc in signal handlers
Summary:
All other stack trace callers assume that PC contains return address.
HWAsan already use GetNextInstructionPc in similar code.

PR43339

Reviewers: eugenis, kcc, jfb

Subscribers: dexonsmith, dberris, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D68313

llvm-svn: 373529
2019-10-02 21:20:37 +00:00
Evgeniy Stepanov 72131161a4 [msan] Intercept __getrlimit.
Summary:
This interceptor is useful on its own, but the main purpose of this
change is to intercept libpthread initialization on linux/glibc in
order to run __msan_init before any .preinit_array constructors.

We used to trigger on pthread_initialize_minimal -> getrlimit(), but
that call has changed to __getrlimit at some point.

Reviewers: vitalybuka, pcc

Subscribers: jfb, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D68168

llvm-svn: 373239
2019-09-30 17:49:48 +00:00
Vitaly Buka d2af368aee [compiler-rt] Remove some cpplint filters
llvm-svn: 371704
2019-09-12 02:20:36 +00:00
Vitaly Buka c0fa632236 Remove NOLINTs from compiler-rt
llvm-svn: 371687
2019-09-11 23:19:48 +00:00
Vitaly Buka 48eb4a27d1 Update compiler-rt cpplint.py
adb3500107

llvm-svn: 371675
2019-09-11 21:33:06 +00:00
David Carlier e2ed800d62 [Sanitizer] checks ASLR on FreeBSD
- Especially MemorySanitizer fails if those sysctl configs are enabled.

Reviewers: vitalybuka, emaste, dim

Reviewed By: dim

Differential Revision: https://reviews.llvm.org/D66582

llvm-svn: 369708
2019-08-22 21:36:35 +00:00
Nico Weber 4a1a113a99 Remove a few straggler ".cc"s in compiler-rt/lib
llvm-svn: 367589
2019-08-01 17:53:25 +00:00
Nico Weber 1265d0f44c compiler-rt: Rename .cc file in lib/msan/tests to .cpp
Like r367463, but for msan/tests.

llvm-svn: 367563
2019-08-01 14:09:37 +00:00
Nico Weber 60c66db476 compiler-rt: Rename .cc file in lib/msan to .cpp
Like r367463, but for msan.

llvm-svn: 367562
2019-08-01 14:08:18 +00:00
Alexander Richardson a4ea27de92 [Sanitizer][ASAN][MSAN] Fix infinite recursion on FreeBSD
Summary:
MSAN was broken on FreeBSD by https://reviews.llvm.org/D55703: after this
change accesses to the key variable call __tls_get_addr, which is
intercepted. The interceptor then calls GetCurrentThread which calls
MsanTSDGet which again calls __tls_get_addr, etc...
Using the default implementation in the SANITIZER_FREEBSD case fixes MSAN
for me.

I then applied the same change to ASAN (introduced in https://reviews.llvm.org/D55596)
but that did not work yet. In the ASAN case, we get infinite recursion
again during initialization, this time because calling pthread_key_create() early on
results in infinite recursion. pthread_key_create() calls sysctlbyname()
which is intercepted but COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED returns
true, so the interceptor calls internal_sysctlbyname() which then ends up
calling the interceptor again. I fixed this issue by using dlsym() to get
the libc version of sysctlbyname() instead.

This fixes https://llvm.org/PR40761

Reviewers: vitalybuka, krytarowski, devnexen, dim, bsdjhb, #sanitizers, MaskRay

Reviewed By: MaskRay

Subscribers: MaskRay, emaste, kubamracek, jfb, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D65221

llvm-svn: 367442
2019-07-31 16:31:55 +00:00
Vitaly Buka 0b1ea8cb28 Improve error message when '=' is missing in {ASAN,...}_OPTIONS.
Summary:
It's handling isses as described here:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89832

Patch by Martin Liška.

Reviewers: kcc, vitalybuka

Reviewed By: vitalybuka

Subscribers: cryptoad, kubamracek

Differential Revision: https://reviews.llvm.org/D59876

llvm-svn: 363480
2019-06-15 01:37:14 +00:00
Vitaly Buka 627e383ce5 [sanitizer] Don't generate "failed to intercept" constants for each function
llvm-svn: 360958
2019-05-16 23:46:15 +00:00
Matt Morehouse a612b5adb7 [MSan] Introduce __msan_unpoison_param().
Summary:
This allows libFuzzer to unpoison parameter shadow before calling
LLVMFuzzerTestOneInput to eliminate the false positives described
in https://github.com/google/oss-fuzz/issues/2369.

Reviewers: eugenis

Reviewed By: eugenis

Subscribers: llvm-commits, metzman, kcc

Tags: #llvm

Differential Revision: https://reviews.llvm.org/D61751

llvm-svn: 360379
2019-05-09 21:50:57 +00:00
Hubert Tong 50721b27c4 [compiler-rt][tests] Propagate COMPILER_RT_UNITTEST_LINK_FLAGS
`COMPILER_RT_UNITTEST_LINK_FLAGS` is dropped in many places, unlike
`COMPILER_RT_UNITTEST_CFLAGS`. This patch attempts to remove that
inconsistency.

Previously reviewed as part of D58951.

Reviewers: sfertile, peter.smith, pzheng, phosek, Hahnfeld, nemanjai, jasonliu

Reviewed By: sfertile

Subscribers: jsji, kubamracek, dberris, mgorny, delcypher, jdoerfert, #sanitizers, llvm-commits

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D60143

llvm-svn: 359733
2019-05-01 22:25:16 +00:00
Julian Lettner 91c166cbb0 [Sanitizer] Reland "Cleanup INTERCEPT_FUNCTION macro"
On Linux both version of the INTERCEPT_FUNCTION macro now return true
when interception was successful. Adapt and cleanup some usages.

Also note that `&(func) == &WRAP(func)` is a link-time property, but we
do a runtime check.

Tested on Linux and macOS.

Previous attempt reverted by: 5642c3feb0

This attempt to bring order to the interceptor macro goes the other
direction and aligns the Linux implementation with the way things are
done on Windows.

Reviewed By: vitalybuka, rnk

Differential Revision: https://reviews.llvm.org/D61358

llvm-svn: 359725
2019-05-01 20:57:59 +00:00
Vitaly Buka 20c5676416 [sanitizer][NFC] Set LargeMmapAllocator type from PrimaryAllocator
They need to have same AddressSpaceView and MapUnmapCallback.

Reviewers: eugenis

Subscribers: kubamracek, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D61168

llvm-svn: 359719
2019-05-01 19:41:54 +00:00
Vitaly Buka 76931df40f [sanitizer][NFC] Get type of AllocatorCache from CombinedAllocator
Reviewers: eugenis, cryptoad, kcc

Reviewed By: kcc

Subscribers: kcc, kubamracek, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D61155

llvm-svn: 359715
2019-05-01 19:30:49 +00:00
Evgeniy Stepanov d1a710047b [sanitizer] Implement reallocarray.
Summary:
It's a cross of calloc and realloc. Sanitizers implement calloc-like check for size
overflow.

Reviewers: vitalybuka, kcc

Subscribers: kubamracek, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D61108

llvm-svn: 359708
2019-05-01 17:33:01 +00:00
Reid Kleckner 5642c3feb0 Revert r359325 "[NFC][Sanitizer] Change "return type" of INTERCEPT_FUNCTION to void"
Changing INTERCEPT_FUNCTION to return void is not functionally correct.
IMO the best way to communicate failure or success of interception is
with a return value, not some external address comparison.

This change was also creating link errors for _except_handler4_common,
which is exported from ucrtbase.dll in 32-bit Windows.

Also revert dependent changes r359362 and r359466.

llvm-svn: 359611
2019-04-30 20:59:56 +00:00
Julian Lettner 1f10f6ea51 [Sanitizer] Cleanup {ASAN, MSAN}_INTERCEPT_FUNC[_VER] macro
Note that this change is not strictly NFC since we add the
`(&(name) != &WRAP(name)` part to the conditional for the `_VER` variant
of the macro.

Reviewers: vitalybuka

Differential Revision: https://reviews.llvm.org/D61204

llvm-svn: 359466
2019-04-29 16:39:18 +00:00
Vitaly Buka 0f21545a3c [sanitizer] Calculate SizeClassAllocator32::ByteMap type from Params::kSpaceSize and Params::kRegionSizeLog
Reviewers: eugenis

Subscribers: kubamracek, cryptoad, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D61206

llvm-svn: 359374
2019-04-27 06:30:52 +00:00
Julian Lettner aebd3014a5 [NFC][Sanitizer] Change "return type" of INTERCEPT_FUNCTION to void
This temporary change tells us about all the places where the return
value of the INTERCEPT_FUNCTION macro is actually used. In the next
patch I will cleanup the macro and remove GetRealFuncAddress.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D61145

llvm-svn: 359325
2019-04-26 17:29:22 +00:00
Vitaly Buka a9e7fd2188 NFC: Clang-format msan_allocator.cc
llvm-svn: 359270
2019-04-26 04:22:28 +00:00
JF Bastien 2f46de8c0b [NFC] Use clearer naming for local variables
llvm-svn: 358145
2019-04-10 23:23:17 +00:00
Pavel Labath 711bea9ded [Sanitizer] Add interceptor for wctomb
Summary:
This is required to avoid msan false positives for code using this
function (although generally one should avoid using this function in
favor of wcrtomb).

Reviewers: eugenis, EricWF, vitalybuka

Subscribers: srhines, kubamracek, fedor.sergeev, delcypher, llvm-commits, #sanitizers

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D59548

llvm-svn: 357240
2019-03-29 08:39:03 +00:00
Jonas Hahnfeld 77eccf24d5 [msan] Fix BMI2 detection in msan tests, take 2.
It's not enough if only one bit is present, we need to check that
both are set. This finally fixes the test failures for me.

llvm-svn: 356242
2019-03-15 10:15:13 +00:00
Evgeniy Stepanov 17ee3b4b74 [msan] Fix BMI2 detection in msan tests.
llvm-svn: 355885
2019-03-12 00:19:09 +00:00
Hubert Tong 57b38a8593 [msan] Properly guard tests added by r355348; NFC
r355348 uses builtins without proper guards, breaking the test on
various platforms.

llvm-svn: 355718
2019-03-08 19:57:27 +00:00
Evgeniy Stepanov 53d7c5cd44 [msan] Instrument x86 BMI intrinsics.
Summary:
They simply shuffle bits. MSan needs to do the same with shadow bits,
after making sure that the shuffle mask is fully initialized.

Reviewers: pcc, vitalybuka

Subscribers: hiraditya, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D58858

llvm-svn: 355348
2019-03-04 22:58:20 +00:00
Evgeniy Stepanov 02a913367a Revert "[sanitizer] Fix return type of __bzero and __aeabi_mem* interceptors."
Breaks TSan on Mac, which does
  return REAL(func)(...
in COMMON_INTERCEPTOR_ENTER, which is not OK when REAL(func) has return
type of void.

llvm-svn: 355256
2019-03-02 01:33:52 +00:00
Julian Lettner 9fe3b4906f [NFC][Sanitizer] Make GetStackTrace a private method of BufferedStackTrace
GetStackTrace is a implementation detail of BufferedStackTrace. Make it
a private method.

Reviewed By: vitalybuka

Differential-Revision: https://reviews.llvm.org/D58753
llvm-svn: 355232
2019-03-01 22:10:49 +00:00
Evgeniy Stepanov ddc4b7c1d6 [sanitizer] Fix return type of __bzero and __aeabi_mem* interceptors.
llvm-svn: 355231
2019-03-01 21:59:18 +00:00
Evgeniy Stepanov 72e83488f3 Revert "[sanitizer] Fix return type of __bzero and __aeabi_mem* interceptors."
This change is incomplete.

llvm-svn: 355230
2019-03-01 21:49:40 +00:00
Evgeniy Stepanov 3bbac856f9 [sanitizer] Fix return type of __bzero and __aeabi_mem* interceptors.
They return void, unlike memset/memcpy/memmove.

llvm-svn: 355225
2019-03-01 20:54:16 +00:00
Julian Lettner 13c4bc5671 [NFC][Sanitizer] Add new BufferedStackTrace::Unwind API
Retrying without replacing call sites in sanitizer_common (which might
not have a symbol definition).

Add new Unwind API. This is the final envisioned API with the correct
abstraction level. It hides/slow fast unwinder selection from the caller
and doesn't take any arguments that would leak that abstraction (i.e.,
arguments like stack_top/stack_bottom).

GetStackTrace will become an implementation detail (private method) of
the BufferedStackTrace class.

Reviewers: vitalybuka

Differential Revision: https://reviews.llvm.org/D58741

> llvm-svn: 355168

llvm-svn: 355172
2019-03-01 04:03:38 +00:00
Julian Lettner e6ec6bd8e0 Revert "[NFC][Sanitizer] Add new BufferedStackTrace::Unwind API"
This reverts commit 6112f37e75.

llvm-svn: 355171
2019-03-01 03:35:05 +00:00
Julian Lettner 6112f37e75 [NFC][Sanitizer] Add new BufferedStackTrace::Unwind API
Add new Unwind API. This is the final envisioned API with the correct
abstraction level. It hides/slow fast unwinder selection from the caller
and doesn't take any arguments that would leak that abstraction (i.e.,
arguments like stack_top/stack_bottom).

GetStackTrace will become an implementation detail (private method) of
the BufferedStackTrace class.

Reviewers: vitalybuka

Differential Revision: https://reviews.llvm.org/D58741

llvm-svn: 355168
2019-03-01 03:08:34 +00:00
Julian Lettner a0884da62a [NFC][Sanitizer] Pull up GetStackTrace into sanitizer_common
We already independently declare GetStackTrace in all (except TSan)
sanitizer runtime headers. Lets move it to sanitizer_stacktrace.h to
have one canonical way to fill in a BufferedStackFrame. Also enables us
to use it in sanitizer_common itself.

This patch defines GetStackTrace for TSan and moves the function from
ubsan_diag.cc to ubsan_diag_standalone.cc to avoid duplicate symbols
for the UBSan-ASan runtime.

Other than that this patch just moves the code out of headers and into
the correct namespace.

Reviewers: vitalybuka

Differential Revision: https://reviews.llvm.org/D58651

llvm-svn: 355039
2019-02-27 22:16:02 +00:00
Julian Lettner 46e1b16e36 [NFC][Sanitizer] Hard-code fast/slow unwinder at call site
Also assert that the caller always gets what it requested.

This purely mechanical change simplifies future refactorings and
eventual removal of BufferedStackTrace::Unwind.

Reviewers: vitalybuka

Differential Revision: https://reviews.llvm.org/D58557

llvm-svn: 355022
2019-02-27 20:01:04 +00:00
Pavel Labath 89ae290b58 [Sanitizer] Add interceptor for pthread_sigmask
Summary:
pthread_sigmask is just like sigprocmask, except that its behavior in
multithreaded programs is explicitly specified. Sanitizers were lacking
a common interceptor for pthread_sigmask (although some specific
sanitizers defined custom version), which lead to false positives
(at least in msan) when using this function.

The interceptor implementation, and its test are based on the equivalent
code for sigprocmask.

Reviewers: eugenis, vitalybuka

Subscribers: kubamracek, delcypher, jfb, jdoerfert, llvm-commits, #sanitizers

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D58382

llvm-svn: 354874
2019-02-26 13:38:23 +00:00
Jonas Hahnfeld 66c60d9d71 [compiler-rt] Build custom libcxx with libcxxabi
This changes add_custom_libcxx to also build libcxxabi and merges
the two into a static and hermetic library.
There are multiple advantages:
1) The resulting libFuzzer doesn't expose C++ internals and looks
   like a plain C library.
2) We don't have to manually link in libstdc++ to provide cxxabi.
3) The sanitizer tests cannot interfere with an installed version
   of libc++.so in LD_LIBRARY_PATH.

Differential Revision: https://reviews.llvm.org/D58013

llvm-svn: 354212
2019-02-17 12:16:20 +00:00
Vitaly Buka 9a370ccca2 [msan] Don't delete MSanAtExitRecord
Summary:
Pre 2.27 libc can run same atexit handler twice
We will keep MSanAtExitRecord and reset fun to mark it as executed.

Fix PR40162

Reviewers: eugenis

Subscribers: jfb, jdoerfert, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D58221

llvm-svn: 354005
2019-02-14 02:51:55 +00:00
Chandler Carruth 2946cd7010 Update the file headers across all of the LLVM projects in the monorepo
to reflect the new license.

We understand that people may be surprised that we're moving the header
entirely to discuss the new license. We checked this carefully with the
Foundation's lawyer and we believe this is the correct approach.

Essentially, all code in the project is now made available by the LLVM
project under our new license, so you will see that the license headers
include that license only. Some of our contributors have contributed
code under our old license, and accordingly, we have retained a copy of
our old license notice in the top-level files in each project and
repository.

llvm-svn: 351636
2019-01-19 08:50:56 +00:00
Kamil Rytarowski 93e3b34ceb Reimplement Thread Static Data MSan routines with TLS
Summary:
Thread Static Data cannot be used in early init on NetBSD
and FreeBSD. Reuse the MSan TSD API for compatibility with
existing code with an alternative implementation using Thread
Local Storage.

New version uses Thread Local Storage to store a pointer
with thread specific data. The destructor from TSD has been
replaced with a TLS destrucutor that is called upon thread
exit.

Reviewers: joerg, vitalybuka, jfb

Reviewed By: vitalybuka

Subscribers: emaste, jfb, llvm-commits, #sanitizers, mgorny

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D55703

llvm-svn: 350102
2018-12-27 21:43:46 +00:00