This is an archive of the discontinued LLVM Phabricator instance.

Differential D6968

[Sanitizers] Intercept opendir()
ClosedPublic

Authored by kutuzov.viktor.84 on Jan 14 2015, 8:17 AM.

Details

Reviewers
kcc
dvyukov
samsonov
eugenis
Commits
rCRT226648: [Sanitizers] Intercept opendir()
rL226648: [Sanitizers] Intercept opendir()

Diff Detail

Repository
rL LLVM

Event Timeline

kutuzov.viktor.84 updated this revision to Diff 18158.Jan 14 2015, 8:17 AM
kutuzov.viktor.84 retitled this revision from to [Sanitizers] Intercept opendir().
kutuzov.viktor.84 updated this object.
kutuzov.viktor.84 edited the test plan for this revision. (Show Details)
kutuzov.viktor.84 added reviewers: kcc, samsonov, eugenis.
kutuzov.viktor.84 added subscribers: Unknown Object (MLST), emaste.
kcc edited edge metadata.Jan 14 2015, 6:05 PM

Not sure I understand this.
If opendir() calls strlen(), which we already intersept, won't we see the access w/o this interceptor?

ygribov added a subscriber: ygribov.Jan 16 2015, 1:48 AM

Not sure I understand this.
If opendir() calls strlen(), which we already intersept, won't we see the access w/o this interceptor?

I thought that glibc usually forces references to it's own functions to be linked internally (to avoid PLT costs). So ASan interceptor may not be called.

eugenis edited edge metadata.Jan 16 2015, 1:56 AM

So the difference in observable behavior is we start detecting uninit in the opendir() argument? Why is this freebsd-specific?

Also, there should be a test.

kutuzov.viktor.84 planned changes to this revision.Jan 16 2015, 6:32 AM

If opendir() calls strlen(), which we already intersept, won't we see the access w/o this interceptor?

The point is that FreeBSD's opendir() calls strlen() for inspecting related internal structures and not the file path passed (the comment should mention it; my mistake). Then given we don't intercept opendir(), we indeed do catch poisoned file paths, but we also generate false positives on these internal structures. Since COMMON_INTERCEPTOR_ENTER() includes the declaration for interceptor scope, it suppresses the checks for whatever the real opendir() relies on.

kutuzov.viktor.84 updated this revision to Diff 18300.Jan 16 2015, 6:36 AM
kutuzov.viktor.84 edited edge metadata.
  • The opendir() interceptor moved to Msan so it doesn't interfere with the Tsan's one;
  • The comment fixed to mention internal structures that cause false positives;
  • A test added.
eugenis added a comment.Jan 16 2015, 6:50 AM

Got it.
This interceptor is beneficial on linux, too - it adds check for opendir() path.
Also, we've been moving interceptors to sanitizer_common, not the other way around. Please move it back, and merge the TSan bits into it (see COMMON_INTERCEPTOR_FD_ACQUIRE).

kutuzov.viktor.84 updated this revision to Diff 18378.Jan 19 2015, 3:04 AM
kutuzov.viktor.84 added a reviewer: dvyukov.

Updated.

eugenis added a comment.Jan 19 2015, 4:45 AM

Looks ok, but I dislike the use of Dir2addr() in common interceptors, which is only valid in TSan and looks completely out of context. Maybe wrap it into COMMON_INTERCEPTOR_ACQUIRE_DIR?
Dmitry?

dvyukov edited edge metadata.Jan 19 2015, 5:08 AM

yes

kutuzov.viktor.84 updated this revision to Diff 18423.Jan 20 2015, 3:33 AM
kutuzov.viktor.84 edited edge metadata.

Updated.

eugenis accepted this revision.Jan 20 2015, 3:51 AM
eugenis edited edge metadata.

Perhaps COMMON_INTERCEPTOR_DIR_ACQUIRE, for similarity with FD_ACQUIRE / FD_RELEASE and MUTEX_LOCK / MUTEX_UNLOCK.

This revision is now accepted and ready to land.Jan 20 2015, 3:51 AM
Closed by commit rL226648: [Sanitizers] Intercept opendir() (authored by vkutuzov). · Explain WhyJan 21 2015, 12:55 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
compiler-rt/
trunk/
lib/
asan/
3 lines
msan/
3 lines
tests/
10 lines
sanitizer_common/
12 lines
tsan/
rtl/
12 lines

Diff 18488

compiler-rt/trunk/lib/asan/asan_interceptors.cc

Show First 20 LinesShow All 144 Lines▼ Show 20 Lines#define COMMON_INTERCEPTOR_ENTER(ctx, func, ...) \
do { \ do { \
if (asan_init_is_running) \ if (asan_init_is_running) \
return REAL(func)(__VA_ARGS__); \ return REAL(func)(__VA_ARGS__); \
ASAN_INTERCEPTOR_ENTER(ctx, func); \ ASAN_INTERCEPTOR_ENTER(ctx, func); \
if (SANITIZER_MAC && UNLIKELY(!asan_inited)) \ if (SANITIZER_MAC && UNLIKELY(!asan_inited)) \
return REAL(func)(__VA_ARGS__); \ return REAL(func)(__VA_ARGS__); \
ENSURE_ASAN_INITED(); \ ENSURE_ASAN_INITED(); \
} while (false) } while (false)
#define COMMON_INTERCEPTOR_DIR_ACQUIRE(ctx, path) \
do { \
} while (false)
#define COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd) \ #define COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd) \
do { \ do { \
} while (false) } while (false)
#define COMMON_INTERCEPTOR_FD_RELEASE(ctx, fd) \ #define COMMON_INTERCEPTOR_FD_RELEASE(ctx, fd) \
do { \ do { \
} while (false) } while (false)
#define COMMON_INTERCEPTOR_FD_SOCKET_ACCEPT(ctx, fd, newfd) \ #define COMMON_INTERCEPTOR_FD_SOCKET_ACCEPT(ctx, fd, newfd) \
do { \ do { \
▲ Show 20 LinesShow All 766 LinesShow Last 20 Lines

compiler-rt/trunk/lib/msan/msan_interceptors.cc

Show First 20 LinesShow All 1,352 Lines▼ Show 20 Lines
#define COMMON_INTERCEPTOR_ENTER(ctx, func, ...) \ #define COMMON_INTERCEPTOR_ENTER(ctx, func, ...) \
if (msan_init_is_running) return REAL(func)(__VA_ARGS__); \ if (msan_init_is_running) return REAL(func)(__VA_ARGS__); \
MSanInterceptorContext msan_ctx = {IsInInterceptorScope()}; \ MSanInterceptorContext msan_ctx = {IsInInterceptorScope()}; \
ctx = (void *)&msan_ctx; \ ctx = (void *)&msan_ctx; \
(void)ctx; \ (void)ctx; \
InterceptorScope interceptor_scope; \ InterceptorScope interceptor_scope; \
__msan_unpoison(__errno_location(), sizeof(int)); /* NOLINT */ \ __msan_unpoison(__errno_location(), sizeof(int)); /* NOLINT */ \
ENSURE_MSAN_INITED(); ENSURE_MSAN_INITED();
#define COMMON_INTERCEPTOR_DIR_ACQUIRE(ctx, path) \
do { \
} while (false)
#define COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd) \ #define COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd) \
do { \ do { \
} while (false) } while (false)
#define COMMON_INTERCEPTOR_FD_RELEASE(ctx, fd) \ #define COMMON_INTERCEPTOR_FD_RELEASE(ctx, fd) \
do { \ do { \
} while (false) } while (false)
#define COMMON_INTERCEPTOR_FD_SOCKET_ACCEPT(ctx, fd, newfd) \ #define COMMON_INTERCEPTOR_FD_SOCKET_ACCEPT(ctx, fd, newfd) \
do { \ do { \
▲ Show 20 LinesShow All 318 LinesShow Last 20 Lines

compiler-rt/trunk/lib/msan/tests/msan_test.cc

Show First 20 LinesShow All 1,225 Lines▼ Show 20 LinesTEST(MemorySanitizer, confstr) {
res = confstr(_CS_PATH, buf2, sizeof(buf2)); res = confstr(_CS_PATH, buf2, sizeof(buf2));
ASSERT_LT(res, sizeof(buf2)); ASSERT_LT(res, sizeof(buf2));
EXPECT_NOT_POISONED(buf2[0]); EXPECT_NOT_POISONED(buf2[0]);
EXPECT_NOT_POISONED(buf2[res - 1]); EXPECT_NOT_POISONED(buf2[res - 1]);
EXPECT_POISONED(buf2[res]); EXPECT_POISONED(buf2[res]);
ASSERT_EQ(res, strlen(buf2) + 1); ASSERT_EQ(res, strlen(buf2) + 1);
} }
TEST(MemorySanitizer, opendir) {
DIR *dir = opendir(".");
closedir(dir);
char name[10] = ".";
__msan_poison(name, sizeof(name));
EXPECT_UMR(dir = opendir(name));
closedir(dir);
}
TEST(MemorySanitizer, readdir) { TEST(MemorySanitizer, readdir) {
DIR *dir = opendir("."); DIR *dir = opendir(".");
struct dirent *d = readdir(dir); struct dirent *d = readdir(dir);
ASSERT_TRUE(d != NULL); ASSERT_TRUE(d != NULL);
EXPECT_NOT_POISONED(d->d_name[0]); EXPECT_NOT_POISONED(d->d_name[0]);
closedir(dir); closedir(dir);
} }
▲ Show 20 LinesShow All 2,919 LinesShow Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc

Show All 11 Lines
// //
// This file should be included into the tool's interceptor file, // This file should be included into the tool's interceptor file,
// which has to define it's own macros: // which has to define it's own macros:
// COMMON_INTERCEPTOR_ENTER // COMMON_INTERCEPTOR_ENTER
// COMMON_INTERCEPTOR_ENTER_NOIGNORE // COMMON_INTERCEPTOR_ENTER_NOIGNORE
// COMMON_INTERCEPTOR_READ_RANGE // COMMON_INTERCEPTOR_READ_RANGE
// COMMON_INTERCEPTOR_WRITE_RANGE // COMMON_INTERCEPTOR_WRITE_RANGE
// COMMON_INTERCEPTOR_INITIALIZE_RANGE // COMMON_INTERCEPTOR_INITIALIZE_RANGE
// COMMON_INTERCEPTOR_DIR_ACQUIRE
// COMMON_INTERCEPTOR_FD_ACQUIRE // COMMON_INTERCEPTOR_FD_ACQUIRE
// COMMON_INTERCEPTOR_FD_RELEASE // COMMON_INTERCEPTOR_FD_RELEASE
// COMMON_INTERCEPTOR_FD_ACCESS // COMMON_INTERCEPTOR_FD_ACCESS
// COMMON_INTERCEPTOR_SET_THREAD_NAME // COMMON_INTERCEPTOR_SET_THREAD_NAME
// COMMON_INTERCEPTOR_ON_EXIT // COMMON_INTERCEPTOR_ON_EXIT
// COMMON_INTERCEPTOR_MUTEX_LOCK // COMMON_INTERCEPTOR_MUTEX_LOCK
// COMMON_INTERCEPTOR_MUTEX_UNLOCK // COMMON_INTERCEPTOR_MUTEX_UNLOCK
// COMMON_INTERCEPTOR_MUTEX_REPAIR // COMMON_INTERCEPTOR_MUTEX_REPAIR
▲ Show 20 LinesShow All 2,124 Lines▼ Show 20 LinesINTERCEPTOR(int, sysinfo, void *info) {
return res; return res;
} }
#define INIT_SYSINFO COMMON_INTERCEPT_FUNCTION(sysinfo); #define INIT_SYSINFO COMMON_INTERCEPT_FUNCTION(sysinfo);
#else #else
#define INIT_SYSINFO #define INIT_SYSINFO
#endif #endif
#if SANITIZER_INTERCEPT_READDIR #if SANITIZER_INTERCEPT_READDIR
INTERCEPTOR(__sanitizer_dirent *, opendir, const char *path) {
void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, opendir, path);
COMMON_INTERCEPTOR_READ_RANGE(ctx, path, REAL(strlen)(path) + 1);
__sanitizer_dirent *res = REAL(opendir)(path);
if (res != 0)
COMMON_INTERCEPTOR_DIR_ACQUIRE(ctx, path);
return res;
}
INTERCEPTOR(__sanitizer_dirent *, readdir, void *dirp) { INTERCEPTOR(__sanitizer_dirent *, readdir, void *dirp) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, readdir, dirp); COMMON_INTERCEPTOR_ENTER(ctx, readdir, dirp);
// FIXME: under ASan the call below may write to freed memory and corrupt // FIXME: under ASan the call below may write to freed memory and corrupt
// its metadata. See // its metadata. See
// https://code.google.com/p/address-sanitizer/issues/detail?id=321. // https://code.google.com/p/address-sanitizer/issues/detail?id=321.
__sanitizer_dirent *res = REAL(readdir)(dirp); __sanitizer_dirent *res = REAL(readdir)(dirp);
if (res) COMMON_INTERCEPTOR_WRITE_RANGE(ctx, res, res->d_reclen); if (res) COMMON_INTERCEPTOR_WRITE_RANGE(ctx, res, res->d_reclen);
Show All 12 Lines if (!res) {
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, result, sizeof(*result)); COMMON_INTERCEPTOR_WRITE_RANGE(ctx, result, sizeof(*result));
if (*result) if (*result)
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, *result, (*result)->d_reclen); COMMON_INTERCEPTOR_WRITE_RANGE(ctx, *result, (*result)->d_reclen);
} }
return res; return res;
} }
#define INIT_READDIR \ #define INIT_READDIR \
COMMON_INTERCEPT_FUNCTION(opendir); \
COMMON_INTERCEPT_FUNCTION(readdir); \ COMMON_INTERCEPT_FUNCTION(readdir); \
COMMON_INTERCEPT_FUNCTION(readdir_r); COMMON_INTERCEPT_FUNCTION(readdir_r);
#else #else
#define INIT_READDIR #define INIT_READDIR
#endif #endif
#if SANITIZER_INTERCEPT_READDIR64 #if SANITIZER_INTERCEPT_READDIR64
INTERCEPTOR(__sanitizer_dirent64 *, readdir64, void *dirp) { INTERCEPTOR(__sanitizer_dirent64 *, readdir64, void *dirp) {
▲ Show 20 LinesShow All 2,727 LinesShow Last 20 Lines

compiler-rt/trunk/lib/tsan/rtl/tsan_interceptors.cc

Show First 20 LinesShow All 1,820 Lines▼ Show 20 Lines
TSAN_INTERCEPTOR(int, rmdir, char *path) { TSAN_INTERCEPTOR(int, rmdir, char *path) {
SCOPED_TSAN_INTERCEPTOR(rmdir, path); SCOPED_TSAN_INTERCEPTOR(rmdir, path);
Release(thr, pc, Dir2addr(path)); Release(thr, pc, Dir2addr(path));
int res = REAL(rmdir)(path); int res = REAL(rmdir)(path);
return res; return res;
} }
TSAN_INTERCEPTOR(void*, opendir, char *path) {
SCOPED_TSAN_INTERCEPTOR(opendir, path);
void *res = REAL(opendir)(path);
if (res != 0)
Acquire(thr, pc, Dir2addr(path));
return res;
}
TSAN_INTERCEPTOR(int, closedir, void *dirp) { TSAN_INTERCEPTOR(int, closedir, void *dirp) {
SCOPED_TSAN_INTERCEPTOR(closedir, dirp); SCOPED_TSAN_INTERCEPTOR(closedir, dirp);
int fd = dirfd(dirp); int fd = dirfd(dirp);
FdClose(thr, pc, fd); FdClose(thr, pc, fd);
return REAL(closedir)(dirp); return REAL(closedir)(dirp);
} }
#if !SANITIZER_FREEBSD #if !SANITIZER_FREEBSD
▲ Show 20 LinesShow All 396 Lines▼ Show 20 Lines#define COMMON_INTERCEPTOR_FILE_CLOSE(ctx, file) \
} }
#define COMMON_INTERCEPTOR_LIBRARY_LOADED(filename, res) \ #define COMMON_INTERCEPTOR_LIBRARY_LOADED(filename, res) \
libignore()->OnLibraryLoaded(filename) libignore()->OnLibraryLoaded(filename)
#define COMMON_INTERCEPTOR_LIBRARY_UNLOADED() \ #define COMMON_INTERCEPTOR_LIBRARY_UNLOADED() \
libignore()->OnLibraryUnloaded() libignore()->OnLibraryUnloaded()
#define COMMON_INTERCEPTOR_DIR_ACQUIRE(ctx, path) \
Acquire(((TsanInterceptorContext *) ctx)->thr, pc, Dir2addr(path))
#define COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd) \ #define COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd) \
FdAcquire(((TsanInterceptorContext *) ctx)->thr, pc, fd) FdAcquire(((TsanInterceptorContext *) ctx)->thr, pc, fd)
#define COMMON_INTERCEPTOR_FD_RELEASE(ctx, fd) \ #define COMMON_INTERCEPTOR_FD_RELEASE(ctx, fd) \
FdRelease(((TsanInterceptorContext *) ctx)->thr, pc, fd) FdRelease(((TsanInterceptorContext *) ctx)->thr, pc, fd)
#define COMMON_INTERCEPTOR_FD_ACCESS(ctx, fd) \ #define COMMON_INTERCEPTOR_FD_ACCESS(ctx, fd) \
FdAccess(((TsanInterceptorContext *) ctx)->thr, pc, fd) FdAccess(((TsanInterceptorContext *) ctx)->thr, pc, fd)
▲ Show 20 LinesShow All 299 Lines▼ Show 20 Lines#endif
TSAN_INTERCEPT(unlink); TSAN_INTERCEPT(unlink);
TSAN_INTERCEPT(tmpfile); TSAN_INTERCEPT(tmpfile);
TSAN_MAYBE_INTERCEPT_TMPFILE64; TSAN_MAYBE_INTERCEPT_TMPFILE64;
TSAN_INTERCEPT(fread); TSAN_INTERCEPT(fread);
TSAN_INTERCEPT(fwrite); TSAN_INTERCEPT(fwrite);
TSAN_INTERCEPT(abort); TSAN_INTERCEPT(abort);
TSAN_INTERCEPT(puts); TSAN_INTERCEPT(puts);
TSAN_INTERCEPT(rmdir); TSAN_INTERCEPT(rmdir);
TSAN_INTERCEPT(opendir);
TSAN_INTERCEPT(closedir); TSAN_INTERCEPT(closedir);
TSAN_MAYBE_INTERCEPT_EPOLL_CTL; TSAN_MAYBE_INTERCEPT_EPOLL_CTL;
TSAN_MAYBE_INTERCEPT_EPOLL_WAIT; TSAN_MAYBE_INTERCEPT_EPOLL_WAIT;
TSAN_INTERCEPT(sigaction); TSAN_INTERCEPT(sigaction);
TSAN_INTERCEPT(signal); TSAN_INTERCEPT(signal);
TSAN_INTERCEPT(sigsuspend); TSAN_INTERCEPT(sigsuspend);
Show All 32 Lines