Page MenuHomePhabricator

[HWASan] Catch cases where libc populated jmp_buf.
ClosedPublic

Authored by morehouse on Sep 14 2021, 2:28 PM.

Details

Summary

Some setjmp calls within libc cannot be intercepted while their matching
longjmp calls can be. This causes problems if our setjmp/longjmp
interceptors don't use the exact same format as libc for populating and
reading the jmp_buf.

We add a magic field to our jmp_buf and populate it in setjmp. This
allows our longjmp interceptor to notice when a libc jmp_buf is passed
to it.

See discussion on https://reviews.llvm.org/D109699 and
https://reviews.llvm.org/D69045.

Fixes https://github.com/google/sanitizers/issues/1244.

Diff Detail

Event Timeline

morehouse requested review of this revision.Sep 14 2021, 2:28 PM
morehouse created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptSep 14 2021, 2:28 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript

Yes, I think I like this version better. What does glibc has at the offset of __mask_was_saved? Is it impossible for the magic value to match that contents, or simply very unlikely?

We could also print a warning if that happens when not expected, i.e. in non-__libc-prefixed variants.

compiler-rt/lib/hwasan/hwasan_interceptors.cpp
153

why aarch64 only?

morehouse updated this revision to Diff 372572.Sep 14 2021, 3:08 PM
morehouse marked an inline comment as done.
  • Add warning on mismatch in [sig]longjmp.

Yes, I think I like this version better. What does glibc has at the offset of __mask_was_saved? Is it impossible for the magic value to match that contents, or simply very unlikely?

glibc has the same int __mask_was_saved at this offset but they use it as a bool, so it's always 0 or 1. No chance of matching unless the glibc struct changes.

We could also print a warning if that happens when not expected, i.e. in non-__libc-prefixed variants.

Done.

compiler-rt/lib/hwasan/hwasan_interceptors.cpp
153

The interceptors are only defined on aarch64 (for now).

I have another patch queued that adds the longjmp interceptor on x86 and removes this ifdef.

eugenis accepted this revision.Sep 14 2021, 3:12 PM

LGTM

This revision is now accepted and ready to land.Sep 14 2021, 3:12 PM
This revision was automatically updated to reflect the committed changes.
fmayer added a subscriber: fmayer.Sep 15 2021, 8:37 AM
fmayer added inline comments.
compiler-rt/lib/hwasan/hwasan_interceptors.cpp
109–110

driveby nit: newline?

129–130

as above

morehouse marked 2 inline comments as done.Sep 15 2021, 9:07 AM
morehouse added inline comments.
compiler-rt/lib/hwasan/hwasan_interceptors.cpp
109–110