diff --git a/compiler-rt/lib/asan/asan_interceptors.cpp b/compiler-rt/lib/asan/asan_interceptors.cpp --- a/compiler-rt/lib/asan/asan_interceptors.cpp +++ b/compiler-rt/lib/asan/asan_interceptors.cpp @@ -242,6 +242,7 @@ #endif // ASAN_INTERCEPT_PTHREAD_CREATE #if ASAN_INTERCEPT_SWAPCONTEXT +#include static void ClearShadowMemoryForContextStack(uptr stack, uptr ssize) { // Only clear if we know the stack. This should be true only for contexts // created with makecontext(). @@ -259,12 +260,63 @@ INTERCEPTOR(int, getcontext, struct ucontext_t *ucp) { // API does not requires to have ucp clean, and sets only part of fields. We - // use ucp->uc_stack to unpoison new stack. We prefer to have zeroes then + // use ucp->uc_stack to unpoison new stack. We prefer to have zeroes than // uninitialized bytes. - ResetContextStack(ucp); + SetContextStack(ucp, 0, 0); return REAL(getcontext)(ucp); } +DEFINE_REAL(void, makecontext, struct ucontext_t *, void(*)(), int, ...); + +struct SwapcontextMeta final { + SwapcontextMeta(struct ucontext_t* oucp, struct ucontext_t *ucp) + : oucp{oucp}, ucp{ucp} { + ReadContextStack(oucp, &oucp_ss_sp, &oucp_ss_size); + + REAL(getcontext)(&intermediate_context); + SetContextStack((void *)&intermediate_context, + (uptr)(GetCurrentThread()->GetintermediateSwapcontextStack()), 65536); + } + + struct ucontext_t* oucp; + struct ucontext_t* ucp; + struct ucontext_t intermediate_context; + + uptr oucp_ss_sp; + uptr oucp_ss_size; +}; + +union PassContextMetaPtrAsTwoInts { + int a[2]; + SwapcontextMeta *p; +}; + +int DoRealSwapcontext(struct ucontext_t *oucp, + struct ucontext_t *ucp); + +void SwapcontextOucpStackRestoration(int ptr_as_int_p1, int ptr_as_int_p2) { + PassContextMetaPtrAsTwoInts u; + u.a[0] = ptr_as_int_p1; + u.a[1] = ptr_as_int_p2; + + auto& meta = *u.p; + SetContextStack(meta.oucp, meta.oucp_ss_sp, meta.oucp_ss_size); + + DoRealSwapcontext(&meta.intermediate_context, meta.ucp); +} + +int SwapcontextWithOucpStackRestoration(struct ucontext_t *oucp, + struct ucontext_t *ucp) { + SwapcontextMeta meta{oucp, ucp}; + + PassContextMetaPtrAsTwoInts u; + u.p = &meta; + REAL(makecontext)(&meta.intermediate_context, + (void (*)())SwapcontextOucpStackRestoration, 2, u.a[0], u.a[1]); + + return DoRealSwapcontext(oucp, &meta.intermediate_context); +} + INTERCEPTOR(int, swapcontext, struct ucontext_t *oucp, struct ucontext_t *ucp) { static bool reported_warning = false; @@ -279,17 +331,11 @@ ReadContextStack(ucp, &stack, &ssize); ClearShadowMemoryForContextStack(stack, ssize); - // See getcontext interceptor. - ResetContextStack(oucp); + // swapcontext(3) doesn't guarantee to preserve oucp->uc_stack values, + // and since we use them to clear shadow memory when oucp later becomes ucp + // we have to do some trickery here + int res = SwapcontextWithOucpStackRestoration(oucp, ucp); -# if __has_attribute(__indirect_return__) && \ - (defined(__x86_64__) || defined(__i386__)) - int (*real_swapcontext)(struct ucontext_t *, struct ucontext_t *) - __attribute__((__indirect_return__)) = REAL(swapcontext); - int res = real_swapcontext(oucp, ucp); -# else - int res = REAL(swapcontext)(oucp, ucp); -# endif // swapcontext technically does not return, but program may swap context to // "oucp" later, that would look as if swapcontext() returned 0. // We need to clear shadow for ucp once again, as it may be in arbitrary @@ -297,6 +343,20 @@ ClearShadowMemoryForContextStack(stack, ssize); return res; } + +int DoRealSwapcontext(struct ucontext_t *oucp, + struct ucontext_t *ucp) { +# if __has_attribute(__indirect_return__) && \ + (defined(__x86_64__) || defined(__i386__)) + int (*real_swapcontext)(struct ucontext_t *, struct ucontext_t *) + __attribute__((__indirect_return__)) = REAL(swapcontext); + return real_swapcontext(oucp, ucp); +# else + return REAL(swapcontext)(oucp, ucp); +# endif +} + + #endif // ASAN_INTERCEPT_SWAPCONTEXT #if SANITIZER_NETBSD @@ -661,6 +721,7 @@ #if ASAN_INTERCEPT_SWAPCONTEXT ASAN_INTERCEPT_FUNC(getcontext); ASAN_INTERCEPT_FUNC(swapcontext); + ::__interception::InterceptFunction("makecontext", (::__interception::uptr *) & REAL(makecontext), 0, 0); #endif #if ASAN_INTERCEPT__LONGJMP ASAN_INTERCEPT_FUNC(_longjmp); diff --git a/compiler-rt/lib/asan/asan_internal.h b/compiler-rt/lib/asan/asan_internal.h --- a/compiler-rt/lib/asan/asan_internal.h +++ b/compiler-rt/lib/asan/asan_internal.h @@ -106,7 +106,7 @@ void AsanOnDeadlySignal(int, void *siginfo, void *context); void ReadContextStack(void *context, uptr *stack, uptr *ssize); -void ResetContextStack(void *context); +void SetContextStack(void *context, uptr stack, uptr ssize); void StopInitOrderChecking(); // Wrapper for TLS/TSD. diff --git a/compiler-rt/lib/asan/asan_linux.cpp b/compiler-rt/lib/asan/asan_linux.cpp --- a/compiler-rt/lib/asan/asan_linux.cpp +++ b/compiler-rt/lib/asan/asan_linux.cpp @@ -215,17 +215,26 @@ *ssize = ucp->uc_stack.ss_size; } -void ResetContextStack(void *context) { - ucontext_t *ucp = (ucontext_t *)context; - ucp->uc_stack.ss_sp = nullptr; - ucp->uc_stack.ss_size = 0; +void SetContextStack(void *context, uptr stack, uptr ssize) { + ucontext_t *ucp = (ucontext_t*)context; + + ucp->uc_stack.ss_sp = (void *)stack; + ucp->uc_stack.ss_size = ssize; } + # else void ReadContextStack(void *context, uptr *stack, uptr *ssize) { UNIMPLEMENTED(); } -void ResetContextStack(void *context) { UNIMPLEMENTED(); } +void SetContextStack(void *context, uptr stack, uptr ssize) { + UNIMPLEMENTED(); +} + +void* GetIntermediateContext() { + UNIMPLEMENTED(); +} + # endif void *AsanDlSymNext(const char *sym) { diff --git a/compiler-rt/lib/asan/asan_mac.cpp b/compiler-rt/lib/asan/asan_mac.cpp --- a/compiler-rt/lib/asan/asan_mac.cpp +++ b/compiler-rt/lib/asan/asan_mac.cpp @@ -99,7 +99,9 @@ UNIMPLEMENTED(); } -void ResetContextStack(void *context) { UNIMPLEMENTED(); } +void SetContextStack(void *context, uptr stack, uptr ssize) { + UNIMPLEMENTED(); +} // Support for the following functions from libdispatch on Mac OS: // dispatch_async_f() diff --git a/compiler-rt/lib/asan/asan_thread.h b/compiler-rt/lib/asan/asan_thread.h --- a/compiler-rt/lib/asan/asan_thread.h +++ b/compiler-rt/lib/asan/asan_thread.h @@ -131,6 +131,8 @@ void *get_arg() { return arg_; } + char* GetintermediateSwapcontextStack() { return intermediate_swapcontext_stack_; } + private: // NOTE: There is no AsanThread constructor. It is allocated // via mmap() and *must* be valid in zero-initialized state. @@ -167,6 +169,8 @@ AsanStats stats_; bool unwinding_; uptr extra_spill_area_; + + char intermediate_swapcontext_stack_[65536]; }; // Returns a single instance of registry. diff --git a/compiler-rt/lib/asan/asan_win.cpp b/compiler-rt/lib/asan/asan_win.cpp --- a/compiler-rt/lib/asan/asan_win.cpp +++ b/compiler-rt/lib/asan/asan_win.cpp @@ -267,7 +267,9 @@ UNIMPLEMENTED(); } -void ResetContextStack(void *context) { UNIMPLEMENTED(); } +void SetContextStack(void *context, uptr stack, uptr ssize) { + UNIMPLEMENTED(); +} void AsanOnDeadlySignal(int, void *siginfo, void *context) { UNIMPLEMENTED(); } diff --git a/compiler-rt/test/asan/TestCases/Linux/swapcontext_annotation.cpp b/compiler-rt/test/asan/TestCases/Linux/swapcontext_annotation.cpp --- a/compiler-rt/test/asan/TestCases/Linux/swapcontext_annotation.cpp +++ b/compiler-rt/test/asan/TestCases/Linux/swapcontext_annotation.cpp @@ -177,9 +177,8 @@ perror("swapcontext"); _exit(1); } - __sanitizer_finish_switch_fiber( - fake_stack_save, (const void **)&child_huge_stack_context.uc_stack.ss_sp, - &child_huge_stack_context.uc_stack.ss_size); + __sanitizer_finish_switch_fiber(fake_stack_save, &from_stack, &from_stacksize); + for (int i = 0; i < kHugeStackSize; ++i) { child_stack[i] = i; } @@ -197,6 +196,9 @@ void handler(int sig) { CallNoReturn(); } int main(int argc, char **argv) { + char local; + main_thread_stack = &local; + main_thread_stacksize = 8 << 20; // CHECK: WARNING: ASan doesn't fully support makecontext/swapcontext // CHECK-NOT: ASan is ignoring requested __asan_handle_no_return RunHugeStack(); diff --git a/compiler-rt/test/asan/TestCases/Linux/swapcontext_test.cpp b/compiler-rt/test/asan/TestCases/Linux/swapcontext_test.cpp --- a/compiler-rt/test/asan/TestCases/Linux/swapcontext_test.cpp +++ b/compiler-rt/test/asan/TestCases/Linux/swapcontext_test.cpp @@ -4,6 +4,10 @@ // RUN: %clangxx_asan -O1 %s -o %t && %run %t 2>&1 | FileCheck %s // RUN: %clangxx_asan -O2 %s -o %t && %run %t 2>&1 | FileCheck %s // RUN: %clangxx_asan -O3 %s -o %t && %run %t 2>&1 | FileCheck %s +// RUN: %clangxx_asan -fsanitize-address-use-after-return=never -O0 %s -o %t && %run %t 2>&1 | FileCheck %s +// RUN: %clangxx_asan -fsanitize-address-use-after-return=never -O1 %s -o %t && %run %t 2>&1 | FileCheck %s +// RUN: %clangxx_asan -fsanitize-address-use-after-return=never -O2 %s -o %t && %run %t 2>&1 | FileCheck %s +// RUN: %clangxx_asan -fsanitize-address-use-after-return=never -O3 %s -o %t && %run %t 2>&1 | FileCheck %s // // This test is too sublte to try on non-x86 arch for now. // Android and musl do not support swapcontext. @@ -20,25 +24,20 @@ const int kStackSize = 1 << 20; -__attribute__((noinline)) -void Throw() { - throw 1; -} +__attribute__((noinline)) void Throw() { throw 1; } -__attribute__((noinline)) -void ThrowAndCatch() { +__attribute__((noinline)) void ThrowAndCatch() { try { Throw(); - } catch(int a) { + } catch (int a) { printf("ThrowAndCatch: %d\n", a); } } void Child(int mode) { - assert(orig_context.uc_stack.ss_size == 0); - char x[32] = {0}; // Stack gets poisoned. + char x[32] = {0}; // Stack gets poisoned. printf("Child: %p\n", x); - ThrowAndCatch(); // Simulate __asan_handle_no_return(). + ThrowAndCatch(); // Simulate __asan_handle_no_return(). // (a) Do nothing, just return to parent function. // (b) Jump into the original function. Stack remains poisoned unless we do // something. @@ -53,16 +52,13 @@ int Run(int arg, int mode, char *child_stack) { printf("Child stack: %p\n", child_stack); // Setup child context. - memset(&child_context, 0xff, sizeof(child_context)); getcontext(&child_context); - assert(child_context.uc_stack.ss_size == 0); child_context.uc_stack.ss_sp = child_stack; child_context.uc_stack.ss_size = kStackSize / 2; if (mode == 0) { child_context.uc_link = &orig_context; } makecontext(&child_context, (void (*)())Child, 1, mode); - memset(&orig_context, 0xff, sizeof(orig_context)); if (swapcontext(&orig_context, &child_context) < 0) { perror("swapcontext"); return 0; @@ -74,6 +70,47 @@ return child_stack[arg]; } +ucontext_t poll_context; +ucontext_t poller_context; + +void Poll() { + swapcontext(&poll_context, &poller_context); + + { + char x = 0; + printf("POLL: %p\n", &x); + } + + swapcontext(&poll_context, &poller_context); +} + +void DoRunPoll(char *poll_stack) { + getcontext(&poll_context); + poll_context.uc_stack.ss_sp = poll_stack; + poll_context.uc_stack.ss_size = kStackSize / 2; + makecontext(&poll_context, Poll, 0); + + getcontext(&poller_context); + + swapcontext(&poller_context, &poll_context); + swapcontext(&poller_context, &poll_context); + + // Touch poll's stack to make sure it's unpoisoned. + for (int i = 0; i < kStackSize; i++) { + poll_stack[i] = i; + } +} + +void RunPoll() { + char *poll_stack = new char[kStackSize]; + + for (size_t i = 0; i < 2; ++i) { + DoRunPoll(poll_stack); + } + + delete[] poll_stack; +} + int main(int argc, char **argv) { char stack[kStackSize + 1]; // CHECK: WARNING: ASan doesn't fully support makecontext/swapcontext @@ -92,6 +129,10 @@ printf("Test4 passed\n"); // CHECK: Test4 passed - delete [] heap; + RunPoll(); + printf("Test Poll passed\n"); + // CHECK: Test Poll passed + + delete[] heap; return ret; }