This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/lib/hwasan/
-
lib/
-
hwasan/
1/1
hwasan_checks.h
-
hwasan_registers.h

Differential D139377

[compiler-rt][hwasan] Let CheckAddressSized eventually call HandleTagMismatch on Fuchsia
ClosedPublic

Authored by leonardchan on Dec 5 2022, 4:11 PM.

Download Raw Diff

Details

Reviewers

mcgrathr
vitalybuka
eugenis

Commits

rGbcc4470bade1: [compiler-rt][hwasan] Let CheckAddressSized eventually call HandleTagMismatch…

Summary

Any hwasan tag checking done through runtime calls like __hwasan_mem* or __hwasan_load/store* currently raise a sigtrap on a tag mismatch. Hwasan dumps as much information it knows on the tag mismatch by placing important values in specific registers before the brk and encoding the access information in the optional argument supplied to the brk. If the platform hwasan runs on uses signal handlers, then users can see the typical pretty hwasan error report, but Fuchsia doesn't use signal handlers, so it's left up to the platform exception handler to print all this encoded information.

This patch attempts to enter the regular error reporting path via HandleTagMismatch if a new macro CAN_GET_REGISTERS is set. For now this is only defined for Fuchsia + aarch64, but can be expanded for other platforms.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

leonardchan created this revision.Dec 5 2022, 4:11 PM

Herald added a project: Restricted Project. · View Herald TranscriptDec 5 2022, 4:11 PM

Herald added subscribers: Enna1, abrachet, kristof.beyls, dberris. · View Herald Transcript

leonardchan requested review of this revision.Dec 5 2022, 4:11 PM

Herald added a subscriber: Restricted Project. · View Herald TranscriptDec 5 2022, 4:11 PM

Not sure if there can be an upstream test for this since we don't have any fuchsia emulators running on buildbot. I imagine for now we don't want to change the current behavior on linux where each signal handler can be enabled/disabled via the handle_sig* env options.

Harbormaster completed remote builds in B201240: Diff 480271.Dec 5 2022, 4:46 PM

vitalybuka accepted this revision.Dec 7 2022, 2:10 PM

This revision is now accepted and ready to land.Dec 7 2022, 2:10 PM

vitalybuka added inline comments.Dec 7 2022, 2:12 PM

compiler-rt/lib/hwasan/hwasan_checks.h
90–104	Here are else #if SANITIZER_FUCHSIA is probably more appropriate we are doing this not because regs are available, but because we can't do int3, fuchsia specific

leonardchan marked an inline comment as done.Dec 7 2022, 3:10 PM

Closed by commit rGbcc4470bade1: [compiler-rt][hwasan] Let CheckAddressSized eventually call HandleTagMismatch… (authored by leonardchan). · Explain WhyDec 7 2022, 3:11 PM

This revision was automatically updated to reflect the committed changes.

leonardchan added a commit: rGbcc4470bade1: [compiler-rt][hwasan] Let CheckAddressSized eventually call HandleTagMismatch….

Herald added a subscriber: phosek. · View Herald TranscriptDec 7 2022, 3:11 PM

gulfem added a reverting change: rGba5edfd386fc: Revert "[compiler-rt][hwasan] Let CheckAddressSized eventually call….Dec 9 2022, 8:46 PM

This commit broke the following test in Fuchsia:
https://cs.opensource.google/fuchsia/fuchsia/+/main:zircon/system/utest/core/c11-thread/thread.cc

Revision Contents

Path

Size

compiler-rt/

lib/

hwasan/

hwasan_checks.h

78 lines

hwasan_registers.h

56 lines

Diff 481080

compiler-rt/lib/hwasan/hwasan_checks.h

	Show All 9 Lines
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//

	#ifndef HWASAN_CHECKS_H			#ifndef HWASAN_CHECKS_H
	#define HWASAN_CHECKS_H			#define HWASAN_CHECKS_H

	#include "hwasan_allocator.h"			#include "hwasan_allocator.h"
	#include "hwasan_mapping.h"			#include "hwasan_mapping.h"
				#include "hwasan_registers.h"
	#include "sanitizer_common/sanitizer_common.h"			#include "sanitizer_common/sanitizer_common.h"

	namespace __hwasan {			namespace __hwasan {
	template <unsigned X>
				enum class ErrorAction { Abort, Recover };
				enum class AccessType { Load, Store };

				// Used when the access size is known.
				constexpr unsigned SigTrapEncoding(ErrorAction EA, AccessType AT,
				unsigned LogSize) {
				return 0x20 * (EA == ErrorAction::Recover) +
				0x10 * (AT == AccessType::Store) + LogSize;
				}

				// Used when the access size varies at runtime.
				constexpr unsigned SigTrapEncoding(ErrorAction EA, AccessType AT) {
				return SigTrapEncoding(EA, AT, 0xf);
				}

				template <ErrorAction EA, AccessType AT, size_t LogSize>
	__attribute__((always_inline)) static void SigTrap(uptr p) {			__attribute__((always_inline)) static void SigTrap(uptr p) {
	#if defined(__aarch64__)			// Other platforms like linux can use signals for intercepting an exception
				// and dispatching to HandleTagMismatch. The fuchsias implementation doesn't
				// use signals so we can call it here directly instead.
				#if CAN_GET_REGISTERS && SANITIZER_FUCHSIA
				auto regs = GetRegisters();
				size_t size = 2 << LogSize;
				AccessInfo access_info = {
				.addr = p,
				.size = size,
				.is_store = AT == AccessType::Store,
				.is_load = AT == AccessType::Load,
				.recover = EA == ErrorAction::Recover,
				};
				HandleTagMismatch(access_info, (uptr)__builtin_return_address(0),
				(uptr)__builtin_frame_address(0), /uc=/nullptr, regs.x);
				#elif defined(__aarch64__)
	(void)p;			(void)p;
	// 0x900 is added to do not interfere with the kernel use of lower values of			// 0x900 is added to do not interfere with the kernel use of lower values of
	// brk immediate.			// brk immediate.
	register uptr x0 asm("x0") = p;			register uptr x0 asm("x0") = p;
	asm("brk %1\n\t" ::"r"(x0), "n"(0x900 + X));			asm("brk %1\n\t" ::"r"(x0), "n"(0x900 + SigTrapEncoding(EA, AT, LogSize)));
	#elif defined(__x86_64__)			#elif defined(__x86_64__)
	// INT3 + NOP DWORD ptr [EAX + X] to pass X to our signal handler, 5 bytes			// INT3 + NOP DWORD ptr [EAX + X] to pass X to our signal handler, 5 bytes
	// total. The pointer is passed via rdi.			// total. The pointer is passed via rdi.
	// 0x40 is added as a safeguard, to help distinguish our trap from others and			// 0x40 is added as a safeguard, to help distinguish our trap from others and
	// to avoid 0 offsets in the command (otherwise it'll be reduced to a			// to avoid 0 offsets in the command (otherwise it'll be reduced to a
	// different nop command, the three bytes one).			// different nop command, the three bytes one).
	asm volatile(			asm volatile(
	"int3\n"			"int3\n"
	"nopl %c0(%%rax)\n" ::"n"(0x40 + X),			"nopl %c0(%%rax)\n" ::"n"(0x40 + SigTrapEncoding(EA, AT, LogSize)),
	"D"(p));			"D"(p));
	#elif SANITIZER_RISCV64			#elif SANITIZER_RISCV64
	// Put pointer into x10			// Put pointer into x10
	// addiw contains immediate of 0x40 + X, where 0x40 is magic number and X			// addiw contains immediate of 0x40 + X, where 0x40 is magic number and X
	// encodes access size			// encodes access size
	register uptr x10 asm("x10") = p;			register uptr x10 asm("x10") = p;
	asm volatile(			asm volatile(
	"ebreak\n"			"ebreak\n"
	"addiw x0, x0, %1\n" ::"r"(x10),			"addiw x0, x0, %1\n" ::"r"(x10),
	"I"(0x40 + X));			"I"(0x40 + SigTrapEncoding(EA, AT, LogSize)));
	#else			#else
	// FIXME: not always sigill.			// FIXME: not always sigill.
	__builtin_trap();			__builtin_trap();
	#endif			#endif
	// __builtin_unreachable();			// __builtin_unreachable();
	}			}

	// Version with access size which is not power of 2			// Version with access size which is not power of 2
	template <unsigned X>			template <ErrorAction EA, AccessType AT>
	__attribute__((always_inline)) static void SigTrap(uptr p, uptr size) {			__attribute__((always_inline)) static void SigTrap(uptr p, uptr size) {
	#if defined(__aarch64__)			// Other platforms like linux can use signals for intercepting an exception
				// and dispatching to HandleTagMismatch. The fuchsias implementation doesn't
				// use signals so we can call it here directly instead.
				#if CAN_GET_REGISTERS && SANITIZER_FUCHSIA
				auto regs = GetRegisters();
				AccessInfo access_info = {
				.addr = p,
				.size = size,
				.is_store = AT == AccessType::Store,
				.is_load = AT == AccessType::Load,
				.recover = EA == ErrorAction::Recover,
				};
				HandleTagMismatch(access_info, (uptr)__builtin_return_address(0),
				(uptr)__builtin_frame_address(0), /uc=/nullptr, regs.x);
				#elif defined(__aarch64__)
				vitalybukaUnsubmitted Done Reply Inline Actions Here are else #if SANITIZER_FUCHSIA is probably more appropriate we are doing this not because regs are available, but because we can't do int3, fuchsia specific vitalybuka: Here are else #if SANITIZER_FUCHSIA is probably more appropriate we are doing this not because…
	register uptr x0 asm("x0") = p;			register uptr x0 asm("x0") = p;
	register uptr x1 asm("x1") = size;			register uptr x1 asm("x1") = size;
	asm("brk %2\n\t" ::"r"(x0), "r"(x1), "n"(0x900 + X));			asm("brk %2\n\t" ::"r"(x0), "r"(x1), "n"(0x900 + SigTrapEncoding(EA, AT)));
	#elif defined(__x86_64__)			#elif defined(__x86_64__)
	// Size is stored in rsi.			// Size is stored in rsi.
	asm volatile(			asm volatile(
	"int3\n"			"int3\n"
	"nopl %c0(%%rax)\n" ::"n"(0x40 + X),			"nopl %c0(%%rax)\n" ::"n"(0x40 + SigTrapEncoding(EA, AT)),
	"D"(p), "S"(size));			"D"(p), "S"(size));
	#elif SANITIZER_RISCV64			#elif SANITIZER_RISCV64
	// Put access size into x11			// Put access size into x11
	register uptr x10 asm("x10") = p;			register uptr x10 asm("x10") = p;
	register uptr x11 asm("x11") = size;			register uptr x11 asm("x11") = size;
	asm volatile(			asm volatile(
	"ebreak\n"			"ebreak\n"
	"addiw x0, x0, %2\n" ::"r"(x10),			"addiw x0, x0, %2\n" ::"r"(x10),
	"r"(x11), "I"(0x40 + X));			"r"(x11), "I"(0x40 + SigTrapEncoding(EA, AT)));
	#else			#else
	__builtin_trap();			__builtin_trap();
	#endif			#endif
	// __builtin_unreachable();			// __builtin_unreachable();
	}			}

	__attribute__((always_inline, nodebug)) static bool PossiblyShortTagMatches(			__attribute__((always_inline, nodebug)) static bool PossiblyShortTagMatches(
	tag_t mem_tag, uptr ptr, uptr sz) {			tag_t mem_tag, uptr ptr, uptr sz) {
	tag_t ptr_tag = GetTagFromPointer(ptr);			tag_t ptr_tag = GetTagFromPointer(ptr);
	if (ptr_tag == mem_tag)			if (ptr_tag == mem_tag)
	return true;			return true;
	if (mem_tag >= kShadowAlignment)			if (mem_tag >= kShadowAlignment)
	return false;			return false;
	if ((ptr & (kShadowAlignment - 1)) + sz > mem_tag)			if ((ptr & (kShadowAlignment - 1)) + sz > mem_tag)
	return false;			return false;
	#if !defined(__aarch64__) && !(SANITIZER_RISCV64)			#if !defined(__aarch64__) && !(SANITIZER_RISCV64)
	ptr = UntagAddr(ptr);			ptr = UntagAddr(ptr);
	#endif			#endif
	return (u8 )(ptr \| (kShadowAlignment - 1)) == ptr_tag;			return (u8 )(ptr \| (kShadowAlignment - 1)) == ptr_tag;
	}			}

	enum class ErrorAction { Abort, Recover };
	enum class AccessType { Load, Store };

	template <ErrorAction EA, AccessType AT, unsigned LogSize>			template <ErrorAction EA, AccessType AT, unsigned LogSize>
	__attribute__((always_inline, nodebug)) static void CheckAddress(uptr p) {			__attribute__((always_inline, nodebug)) static void CheckAddress(uptr p) {
	if (!InTaggableRegion(p))			if (!InTaggableRegion(p))
	return;			return;
	uptr ptr_raw = p & ~kAddressTagMask;			uptr ptr_raw = p & ~kAddressTagMask;
	tag_t mem_tag = (tag_t )MemToShadow(ptr_raw);			tag_t mem_tag = (tag_t )MemToShadow(ptr_raw);
	if (UNLIKELY(!PossiblyShortTagMatches(mem_tag, p, 1 << LogSize))) {			if (UNLIKELY(!PossiblyShortTagMatches(mem_tag, p, 1 << LogSize))) {
	SigTrap<0x20 * (EA == ErrorAction::Recover) +			SigTrap<EA, AT, LogSize>(p);
	0x10 * (AT == AccessType::Store) + LogSize>(p);
	if (EA == ErrorAction::Abort)			if (EA == ErrorAction::Abort)
	__builtin_unreachable();			__builtin_unreachable();
	}			}
	}			}

	template <ErrorAction EA, AccessType AT>			template <ErrorAction EA, AccessType AT>
	__attribute__((always_inline, nodebug)) static void CheckAddressSized(uptr p,			__attribute__((always_inline, nodebug)) static void CheckAddressSized(uptr p,
	uptr sz) {			uptr sz) {
	if (sz == 0 \|\| !InTaggableRegion(p))			if (sz == 0 \|\| !InTaggableRegion(p))
	return;			return;
	tag_t ptr_tag = GetTagFromPointer(p);			tag_t ptr_tag = GetTagFromPointer(p);
	uptr ptr_raw = p & ~kAddressTagMask;			uptr ptr_raw = p & ~kAddressTagMask;
	tag_t shadow_first = (tag_t )MemToShadow(ptr_raw);			tag_t shadow_first = (tag_t )MemToShadow(ptr_raw);
	tag_t shadow_last = (tag_t )MemToShadow(ptr_raw + sz);			tag_t shadow_last = (tag_t )MemToShadow(ptr_raw + sz);
	for (tag_t *t = shadow_first; t < shadow_last; ++t)			for (tag_t *t = shadow_first; t < shadow_last; ++t)
	if (UNLIKELY(ptr_tag != *t)) {			if (UNLIKELY(ptr_tag != *t)) {
	SigTrap<0x20 * (EA == ErrorAction::Recover) +			SigTrap<EA, AT>(p, sz);
	0x10 * (AT == AccessType::Store) + 0xf>(p, sz);
	if (EA == ErrorAction::Abort)			if (EA == ErrorAction::Abort)
	__builtin_unreachable();			__builtin_unreachable();
	}			}
	uptr end = p + sz;			uptr end = p + sz;
	uptr tail_sz = end & 0xf;			uptr tail_sz = end & 0xf;
	if (UNLIKELY(tail_sz != 0 &&			if (UNLIKELY(tail_sz != 0 &&
	!PossiblyShortTagMatches(			!PossiblyShortTagMatches(
	*shadow_last, end & ~(kShadowAlignment - 1), tail_sz))) {			*shadow_last, end & ~(kShadowAlignment - 1), tail_sz))) {
	SigTrap<0x20 * (EA == ErrorAction::Recover) +			SigTrap<EA, AT>(p, sz);
	0x10 * (AT == AccessType::Store) + 0xf>(p, sz);
	if (EA == ErrorAction::Abort)			if (EA == ErrorAction::Abort)
	__builtin_unreachable();			__builtin_unreachable();
	}			}
	}			}

	} // end namespace __hwasan			} // end namespace __hwasan

	#endif // HWASAN_CHECKS_H			#endif // HWASAN_CHECKS_H

compiler-rt/lib/hwasan/hwasan_registers.h

This file was added.

				//===-- hwasan_registers.h --------------------------------------- C++ --===//
				//
				// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
				// See https://llvm.org/LICENSE.txt for license information.
				// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
				//
				//===----------------------------------------------------------------------===//
				//
				// This describes the register state retrieved by hwasan when error reporting.
				//
				//===----------------------------------------------------------------------===//

				#ifndef HWASAN_REGISTERS_H
				#define HWASAN_REGISTERS_H

				#include "sanitizer_common/sanitizer_common.h"
				#include "sanitizer_common/sanitizer_platform.h"

				#if defined(__aarch64__)

				# define CAN_GET_REGISTERS 1

				struct Registers {
				uptr x[32];
				};

				__attribute__((always_inline)) static Registers GetRegisters() {
				Registers regs;
				__asm__ volatile(
				"stp x0, x1, [%1, #(8 * 0)]\n"
				"stp x2, x3, [%1, #(8 * 2)]\n"
				"stp x4, x5, [%1, #(8 * 4)]\n"
				"stp x6, x7, [%1, #(8 * 6)]\n"
				"stp x8, x9, [%1, #(8 * 8)]\n"
				"stp x10, x11, [%1, #(8 * 10)]\n"
				"stp x12, x13, [%1, #(8 * 12)]\n"
				"stp x14, x15, [%1, #(8 * 14)]\n"
				"stp x16, x17, [%1, #(8 * 16)]\n"
				"stp x18, x19, [%1, #(8 * 18)]\n"
				"stp x20, x21, [%1, #(8 * 20)]\n"
				"stp x22, x23, [%1, #(8 * 22)]\n"
				"stp x24, x25, [%1, #(8 * 24)]\n"
				"stp x26, x27, [%1, #(8 * 26)]\n"
				"stp x28, x29, [%1, #(8 * 28)]\n"
				: "=m"(regs)
				: "r"(regs.x));
				regs.x[30] = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
				regs.x[31] = reinterpret_cast<uintptr_t>(__builtin_frame_address(0));
				return regs;
				}

				#else
				# define CAN_GET_REGISTERS 0
				#endif

				#endif // HWASAN_REGISTERS_H