This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/
-
lib/sanitizer_common/
-
sanitizer_common/
1/3
sanitizer_common_interceptors.inc
-
sanitizer_platform_interceptors.h
-
test/sanitizer_common/TestCases/Darwin/
-
sanitizer_common/
-
TestCases/
-
Darwin/
3/3
ccrandomgeneratebytes.c

Differential D105394

[Sanitizers][Darwin] Intercept CCRandomGenerateBytes
AbandonedPublic

Authored by devnexen on Jul 3 2021, 5:55 AM.

Download Raw Diff

Details

Reviewers

yln
delcypher
aralisza
eugenis
vitalybuka

Summary

Intercept the native apple (both iOs and macOS) which is even allowed on App Store (contrary to getentropy for example), thus checking its proper usage in code consumers.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

devnexen requested review of this revision.Jul 3 2021, 5:55 AM

devnexen created this revision.

Herald added a project: Restricted Project. · View Herald TranscriptJul 3 2021, 5:55 AM

Herald added a subscriber: Restricted Project. · View Herald Transcript

Harbormaster completed remote builds in B112321: Diff 356338.Jul 3 2021, 6:32 AM

Hi David, thanks for the patch for this previously unintercepted API. I am happy with the interceptor implementation itself; it follows our "recipe" nicely! :)

I have two small asks:

In the commit message, can you explain which issue (crash, false positive) for which sanitizer this is addressing?
Can we write a test that shows this issue? I think the current test only shows that we don't crash, right?

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
7246	Nitpick: can we use the parameter names "bytes" and "count" from the header declaration? CCRNGStatus CCRandomGenerateBytes(void *bytes, size_t count) __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0);
compiler-rt/test/sanitizer_common/TestCases/Darwin/ccrandomgeneratebytes.c
1	Are we testing here simply that we don't crash in our interceptor? Can we add a comment what we intend to test here.
4	I don't think this will work as intended. We would try to compile and run an empty file. However, I think no one is actually testing on macOS version < 10.10, so just omitting this guard should be fine.
12	I don't think we will ever return "false", i.e., failing the test here? success -> n = 0 failure -> n = 1 return n <= 0 // n is never <= 0, right?! Maybe just return the return value of `CCRandomGenerateBytes()` (assuming `kCCSuccess` is 0)?

yln added reviewers: delcypher, aralisza, eugenis, vitalybuka.Jul 12 2021, 3:48 PM

Update unit test case.

Harbormaster completed remote builds in B113779: Diff 358328.Jul 13 2021, 10:20 AM

devnexen edited the summary of this revision. (Show Details)Jul 13 2021, 10:21 AM

devnexen marked 3 inline comments as done.

vitalybuka added inline comments.Jul 13 2021, 11:29 AM

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
9836–9845	Why this renaming? As it it matches https://man7.org/linux/man-pages/man2/getrandom.2.html Either way it looks unrelated to the patch.

It's titled "Intercept CCRandomGenerateBytes", but I don't see changes in interceptors, only new test.

devnexen added inline comments.Jul 13 2021, 11:42 AM

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
9836–9845	My bad wrong lines.

devnexen updated this revision to Diff 358377.Jul 13 2021, 11:48 AM

vitalybuka accepted this revision.Jul 13 2021, 11:51 AM

vitalybuka added 1 blocking reviewer(s): yln.

Harbormaster completed remote builds in B113811: Diff 358377.Jul 13 2021, 1:11 PM

Hi David,

Before I approve this can we do the following?

In the commit message, can you explain which issue (crash, false positive) for which sanitizer this is addressing?
Can we write a test that shows this issue, i.e., a test that fails without the added interceptor? (Maybe this test needs to be for a specific sanitizer instead of sanitizer_common?)

Note: my understanding is that the added test is "green" even without the new interceptor. Ignore my second point if that is not the case.

you re right after second thoughts it does not bring anything on the table.

Revision Contents

Path

Size

compiler-rt/

lib/

sanitizer_common/

sanitizer_common_interceptors.inc

16 lines

sanitizer_platform_interceptors.h

2 lines

test/

sanitizer_common/

TestCases/

Darwin/

ccrandomgeneratebytes.c

14 lines

Diff 356338

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc

	Show First 20 Lines • Show All 991 Lines • ▼ Show 20 Lines
	return res;			return res;
	}			}

	#define INIT_READLINKAT COMMON_INTERCEPT_FUNCTION(readlinkat)			#define INIT_READLINKAT COMMON_INTERCEPT_FUNCTION(readlinkat)
	#else			#else
	#define INIT_READLINKAT			#define INIT_READLINKAT
	#endif			#endif

				#if SANITIZER_INTERCEPT_CCRANDOM_GENERATE_BYTES
				INTERCEPTOR(int, CCRandomGenerateBytes, void *buf, SIZE_T buflen) {
				ylnUnsubmitted Not Done Reply Inline Actions Nitpick: can we use the parameter names "bytes" and "count" from the header declaration? CCRNGStatus CCRandomGenerateBytes(void bytes, size_t count) __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0); yln:* Nitpick: can we use the parameter names "bytes" and "count" from the header declaration? ```…
				void *ctx;
				COMMON_INTERCEPTOR_ENTER(ctx, CCRandomGenerateBytes, buf, buflen);
				int ret = REAL(CCRandomGenerateBytes)(buf, buflen);
				if (ret == 0) {
				COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, buflen);
				}
				return ret;
				}
				#define INIT_CCRANDOM_GENERATE_BYTES COMMON_INTERCEPT_FUNCTION(CCRandomGenerateBytes);
				#else
				#define INIT_CCRANDOM_GENERATE_BYTES
				#endif

	#if SANITIZER_INTERCEPT_NAME_TO_HANDLE_AT			#if SANITIZER_INTERCEPT_NAME_TO_HANDLE_AT
	INTERCEPTOR(int, name_to_handle_at, int dirfd, const char *pathname,			INTERCEPTOR(int, name_to_handle_at, int dirfd, const char *pathname,
	struct file_handle handle, int mount_id, int flags) {			struct file_handle handle, int mount_id, int flags) {
	void* ctx;			void* ctx;
	COMMON_INTERCEPTOR_ENTER(ctx, name_to_handle_at, dirfd, pathname, handle,			COMMON_INTERCEPTOR_ENTER(ctx, name_to_handle_at, dirfd, pathname, handle,
	mount_id, flags);			mount_id, flags);
	COMMON_INTERCEPTOR_READ_RANGE(ctx, pathname, REAL(strlen)(pathname) + 1);			COMMON_INTERCEPTOR_READ_RANGE(ctx, pathname, REAL(strlen)(pathname) + 1);

	▲ Show 20 Lines • Show All 1,492 Lines • ▼ Show 20 Lines
	COMMON_INTERCEPT_FUNCTION(sl_init); \			COMMON_INTERCEPT_FUNCTION(sl_init); \
	COMMON_INTERCEPT_FUNCTION(sl_add); \			COMMON_INTERCEPT_FUNCTION(sl_add); \
	COMMON_INTERCEPT_FUNCTION(sl_find); \			COMMON_INTERCEPT_FUNCTION(sl_find); \
	COMMON_INTERCEPT_FUNCTION(sl_free);			COMMON_INTERCEPT_FUNCTION(sl_free);
	#else			#else
	#define INIT_SL_INIT			#define INIT_SL_INIT
	#endif			#endif

	#if SANITIZER_INTERCEPT_GETRANDOM			#if SANITIZER_INTERCEPT_GETRANDOM
	INTERCEPTOR(SSIZE_T, getrandom, void *buf, SIZE_T buflen, unsigned int flags) {			INTERCEPTOR(SSIZE_T, getrandom, void *buf, SIZE_T buflen, unsigned int flags) {
	void *ctx;			void *ctx;
	COMMON_INTERCEPTOR_ENTER(ctx, getrandom, buf, buflen, flags);			COMMON_INTERCEPTOR_ENTER(ctx, getrandom, buf, buflen, flags);
	SSIZE_T n = REAL(getrandom)(buf, buflen, flags);			SSIZE_T n = REAL(getrandom)(buf, buflen, flags);
	if (n > 0) {			if (n > 0) {
	COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, n);			COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, n);
	}			}
	return n;			return n;
	}			}
				vitalybukaUnsubmitted Not Done Reply Inline Actions Why this renaming? As it it matches https://man7.org/linux/man-pages/man2/getrandom.2.html Either way it looks unrelated to the patch. vitalybuka: Why this renaming? As it it matches https://man7.org/linux/man-pages/man2/getrandom.2.html…
				devnexenAuthorUnsubmitted Done Reply Inline Actions My bad wrong lines. devnexen: My bad wrong lines.
	#define INIT_GETRANDOM COMMON_INTERCEPT_FUNCTION(getrandom)			#define INIT_GETRANDOM COMMON_INTERCEPT_FUNCTION(getrandom)
	#else			#else
	#define INIT_GETRANDOM			#define INIT_GETRANDOM
	#endif			#endif

	#if SANITIZER_INTERCEPT_CRYPT			#if SANITIZER_INTERCEPT_CRYPT
	INTERCEPTOR(char , crypt, char key, char *salt) {			INTERCEPTOR(char , crypt, char key, char *salt) {
	void *ctx;			void *ctx;
	▲ Show 20 Lines • Show All 464 Lines • ▼ Show 20 Lines
	INIT_GROUP_FROM_GID;			INIT_GROUP_FROM_GID;
	INIT_GID_FROM_GROUP;			INIT_GID_FROM_GROUP;
	INIT_ACCESS;			INIT_ACCESS;
	INIT_FACCESSAT;			INIT_FACCESSAT;
	INIT_GETGROUPLIST;			INIT_GETGROUPLIST;
	INIT_GETGROUPMEMBERSHIP;			INIT_GETGROUPMEMBERSHIP;
	INIT_READLINK;			INIT_READLINK;
	INIT_READLINKAT;			INIT_READLINKAT;
				INIT_CCRANDOM_GENERATE_BYTES;
	INIT_NAME_TO_HANDLE_AT;			INIT_NAME_TO_HANDLE_AT;
	INIT_OPEN_BY_HANDLE_AT;			INIT_OPEN_BY_HANDLE_AT;
	INIT_STRLCPY;			INIT_STRLCPY;
	INIT_DEVNAME;			INIT_DEVNAME;
	INIT_DEVNAME_R;			INIT_DEVNAME_R;
	INIT_FGETLN;			INIT_FGETLN;
	INIT_STRMODE;			INIT_STRMODE;
	INIT_TTYENT;			INIT_TTYENT;
	▲ Show 20 Lines • Show All 51 Lines • Show Last 20 Lines

compiler-rt/lib/sanitizer_common/sanitizer_platform_interceptors.h

	Show First 20 Lines • Show All 506 Lines • ▼ Show 20 Lines
	#if defined(__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__) && \			#if defined(__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__) && \
	__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ < 101000			__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ < 101000
	#define SI_MAC_DEPLOYMENT_BELOW_10_10 1			#define SI_MAC_DEPLOYMENT_BELOW_10_10 1
	#else			#else
	#define SI_MAC_DEPLOYMENT_BELOW_10_10 0			#define SI_MAC_DEPLOYMENT_BELOW_10_10 0
	#endif			#endif
	#define SANITIZER_INTERCEPT_READLINKAT \			#define SANITIZER_INTERCEPT_READLINKAT \
	(SI_POSIX && !SI_MAC_DEPLOYMENT_BELOW_10_10)			(SI_POSIX && !SI_MAC_DEPLOYMENT_BELOW_10_10)
				#define SANITIZER_INTERCEPT_CCRANDOM_GENERATE_BYTES \
				(SI_MAC && !SI_MAC_DEPLOYMENT_BELOW_10_10)

	#define SANITIZER_INTERCEPT_DEVNAME (SI_NETBSD \|\| SI_FREEBSD)			#define SANITIZER_INTERCEPT_DEVNAME (SI_NETBSD \|\| SI_FREEBSD)
	#define SANITIZER_INTERCEPT_DEVNAME_R (SI_NETBSD \|\| SI_FREEBSD)			#define SANITIZER_INTERCEPT_DEVNAME_R (SI_NETBSD \|\| SI_FREEBSD)
	#define SANITIZER_INTERCEPT_FGETLN (SI_NETBSD \|\| SI_FREEBSD)			#define SANITIZER_INTERCEPT_FGETLN (SI_NETBSD \|\| SI_FREEBSD)
	#define SANITIZER_INTERCEPT_STRMODE (SI_NETBSD \|\| SI_FREEBSD)			#define SANITIZER_INTERCEPT_STRMODE (SI_NETBSD \|\| SI_FREEBSD)
	#define SANITIZER_INTERCEPT_TTYENT SI_NETBSD			#define SANITIZER_INTERCEPT_TTYENT SI_NETBSD
	#define SANITIZER_INTERCEPT_PROTOENT (SI_NETBSD \|\| SI_LINUX)			#define SANITIZER_INTERCEPT_PROTOENT (SI_NETBSD \|\| SI_LINUX)
	#define SANITIZER_INTERCEPT_PROTOENT_R SI_GLIBC			#define SANITIZER_INTERCEPT_PROTOENT_R SI_GLIBC
	▲ Show 20 Lines • Show All 80 Lines • Show Last 20 Lines

compiler-rt/test/sanitizer_common/TestCases/Darwin/ccrandomgeneratebytes.c

This file was added.

				// RUN: %clang -O2 %s -o %t && %run %t
				ylnUnsubmitted Done Reply Inline Actions Are we testing here simply that we don't crash in our interceptor? Can we add a comment what we intend to test here. yln: Are we testing here simply that we don't crash in our interceptor? Can we add a comment what…

				#include <Availability.h>
				#if __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ > 101000
				ylnUnsubmitted Done Reply Inline Actions I don't think this will work as intended. We would try to compile and run an empty file. However, I think no one is actually testing on macOS version < 10.10, so just omitting this guard should be fine. yln: I don't think this will work as intended. We would try to compile and run an empty file.
				#include <CommonCrypto/CommonRandom.h>

				int main() {
				char buf[16];
				int n = 0;
				if (CCRandomGenerateBytes(buf, sizeof(buf)) != kCCSuccess)
				n = 1;
				return n <= 0;
				ylnUnsubmitted Done Reply Inline Actions I don't think we will ever return "false", i.e., failing the test here? success -> n = 0 failure -> n = 1 return n <= 0 // n is never <= 0, right?! Maybe just return the return value of `CCRandomGenerateBytes()` (assuming `kCCSuccess` is 0)? yln: I don't think we will ever return "false", i.e., failing the test here? ``` success -> n = 0…
				}
				#endif