This is an archive of the discontinued LLVM Phabricator instance.

Differential D23369

Port msan to Android (revised)
Needs ReviewPublic

Authored by thurston on Aug 10 2016, 1:21 PM.

Details

Reviewers
eugenis
Summary

This is the Msan portion of D22549, modified per the comments (and subsequent comments on this revision).

Variables that were formerly __thread will use GetMsanTLS() on Android. On non-Android, the variables are unchanged.

This requires new, corresponding changes to MemorySanitizer.cpp, to be updated shortly in D22550.

Diff Detail

Event Timeline

thurston updated this revision to Diff 67583.Aug 10 2016, 1:21 PM
thurston retitled this revision from to Port msan to Android (revised).
thurston updated this object.
thurston added a reviewer: eugenis.
thurston added a project: Restricted Project.
Herald added subscribers: kubamracek, srhines, danalbert, tberghammer. · View Herald TranscriptAug 10 2016, 1:21 PM
thurston mentioned this in D22550: Port MemorySanitizer.cpp (compiler transform) to Android.Aug 10 2016, 1:28 PM
eugenis edited edge metadata.Aug 10 2016, 2:12 PM

Sorry, I think I've mislead you earlier. We need to keep the ABI on existing platforms, so msan_param_tls and friends (everything that's accessed from the instrumented code) must stay. Define wrappers for each of those, like
#if SANITIZE_ANDROID
#define TLSVAR(x) GetMsanTLS()->x
#else
#define TLSVAR(x) x
#endif
u64 *msan_param_tls() { return &TLSVAR(msan_param_tls); }

msan/msan.h
31

Is this because our cmake does not link ubsan runtime? Btw, don't you need to update cmake so that "msan" target exists on android?

msan/msan_flags.inc
36

why?

msan/msan_poisoning.cc
126 ↗(On Diff #67583)

why is this necessary?

msan/msan_thread.cc
12

__msan_tls

sanitizer_common/sanitizer_linux.cc
791 ↗(On Diff #67583)

This is already done, please rebase on ToT.

thurston added inline comments.Aug 10 2016, 8:36 PM
msan/msan.h
31

I've been building msan within the Android source tree (explicitly specifying libmsan as a static library when compiling applications), which is why I haven't used ubsan (it's not set up to be linked into msan) and the compiler doesn't need to know the msan target.

msan/msan_flags.inc
36

On Android, there's some use-of-uninitialized-values early on before main() has even been reached e.g.,

`Uninitialized bytes in __interceptor_strlen at offset 44 inside [0x007f0d701f80, 45)

WARNING: MemorySanitizer: use-of-uninitialized-value 0x2a8ef: read_spec_entries(char*, int, ...) at bionic/libc/bionic/system_properties.cpp:903:11 0x29ab7: initialize_properties() at bionic/libc/bionic/system_properties.cpp:957:21 0x29877: system_properties_init at bionic/libc/bionic/system_properties.cpp:1017:14 0x1a8e3: libc_preinit() at bionic/libc/bionic/libc_init_dynamic.cpp:78:3`

I think they're innocuous, so I don't want to halt.

msan/msan_poisoning.cc
126 ↗(On Diff #67583)

Leftover code from debugging. I'll remove it.

msan/msan_thread.cc
12

This variable will be gone in the next revision (since THREADLOCAL is only applicable for non-Android, and non-Android will use the original variables rather than MsanTLSSlot).

sanitizer_common/sanitizer_linux.cc
791 ↗(On Diff #67583)

Ok

thurston updated this revision to Diff 67648.Aug 10 2016, 8:44 PM
thurston updated this object.
thurston edited edge metadata.

For non-Android, this keeps the ABI the same (uses the original variables).
For Android, this uses TLS_SLOT_TSAN.

eugenis added inline comments.Aug 11 2016, 3:08 PM
msan/msan.h
31

This code must be testable upstream, so some cmake support is necessary.

You can check how we build asan for android here: http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux/builds/25050/steps/build%20compiler-rt%20android%2Fx86/logs/stdio

msan/msan_flags.inc
36

That's because libc is not instrumented, but some of its internal calls are intercepted.
It's not good to leave it like this, because it requires -msan-keep-going, which adds code size and runtime overhead. It also makes every program fail (i.e. exit with non-zero code) under MSan which is problematic for testing.

Some ideas how to handle this.

  1. Checks are disabled in nested interceptors, so intercepting anything on this stack trace would prevent this from firing.
  1. We may disable all interceptor checks before libc is initialized. Not clear how to detect this, but the idea is that after some point all that libc does it handle requests from the application, and those usually go through intercepted entrypoints, see item 1.
thurston updated this revision to Diff 67805.Aug 12 2016, 1:12 AM

Minor housekeeping: same as the sanitizer_common changes for lsan (GetTls() on 32-bit Android; and sig_setmask)

ele7enxxh added a subscriber: ele7enxxh.Jul 26 2017, 8:23 AM
ele7enxxh removed a subscriber: ele7enxxh.

Revision Contents

Diff 67805

msan/msan.h

Show All 20 Lines
#include "msan_interface_internal.h" #include "msan_interface_internal.h"
#include "msan_flags.h" #include "msan_flags.h"
#include "ubsan/ubsan_platform.h" #include "ubsan/ubsan_platform.h"
#ifndef MSAN_REPLACE_OPERATORS_NEW_AND_DELETE #ifndef MSAN_REPLACE_OPERATORS_NEW_AND_DELETE
# define MSAN_REPLACE_OPERATORS_NEW_AND_DELETE 1 # define MSAN_REPLACE_OPERATORS_NEW_AND_DELETE 1
#endif #endif
#if SANITIZER_ANDROID
#define MSAN_CONTAINS_UBSAN 0
#endif // SANITIZER_ANDROID
eugenisUnsubmitted
Not Done
ReplyInline Actions

Is this because our cmake does not link ubsan runtime? Btw, don't you need to update cmake so that "msan" target exists on android?

eugenis: Is this because our cmake does not link ubsan runtime? Btw, don't you need to update cmake so…
thurstonAuthorUnsubmitted
Not Done
ReplyInline Actions

I've been building msan within the Android source tree (explicitly specifying libmsan as a static library when compiling applications), which is why I haven't used ubsan (it's not set up to be linked into msan) and the compiler doesn't need to know the msan target.

thurston: I've been building msan within the Android source tree (explicitly specifying libmsan as a…
eugenisUnsubmitted
Not Done
ReplyInline Actions

This code must be testable upstream, so some cmake support is necessary.

You can check how we build asan for android here: http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux/builds/25050/steps/build%20compiler-rt%20android%2Fx86/logs/stdio

eugenis: This code must be testable upstream, so some cmake support is necessary. You can check how we…
#ifndef MSAN_CONTAINS_UBSAN #ifndef MSAN_CONTAINS_UBSAN
# define MSAN_CONTAINS_UBSAN CAN_SANITIZE_UB # define MSAN_CONTAINS_UBSAN CAN_SANITIZE_UB
#endif #endif
struct MappingDesc { struct MappingDesc {
uptr start; uptr start;
uptr end; uptr end;
enum Type { enum Type {
▲ Show 20 LinesShow All 170 Lines▼ Show 20 Lines if (kMemoryLayout[i].type == mapping_type &&
return true; return true;
return false; return false;
} }
#define MEM_IS_APP(mem) addr_is_type((uptr)(mem), MappingDesc::APP) #define MEM_IS_APP(mem) addr_is_type((uptr)(mem), MappingDesc::APP)
#define MEM_IS_SHADOW(mem) addr_is_type((uptr)(mem), MappingDesc::SHADOW) #define MEM_IS_SHADOW(mem) addr_is_type((uptr)(mem), MappingDesc::SHADOW)
#define MEM_IS_ORIGIN(mem) addr_is_type((uptr)(mem), MappingDesc::ORIGIN) #define MEM_IS_ORIGIN(mem) addr_is_type((uptr)(mem), MappingDesc::ORIGIN)
// These constants must be kept in sync with the ones in MemorySanitizer.cc.
const int kMsanParamTlsSize = 800;
const int kMsanRetvalTlsSize = 800;
namespace __msan { namespace __msan {
extern int msan_inited; extern int msan_inited;
extern bool msan_init_is_running; extern bool msan_init_is_running;
extern int msan_report_count; extern int msan_report_count;
bool ProtectRange(uptr beg, uptr end); bool ProtectRange(uptr beg, uptr end);
bool InitShadow(bool init_origins); bool InitShadow(bool init_origins);
▲ Show 20 LinesShow All 104 LinesShow Last 20 Lines

msan/msan.cc

Show All 27 Lines
#include "sanitizer_common/sanitizer_stackdepot.h" #include "sanitizer_common/sanitizer_stackdepot.h"
#include "ubsan/ubsan_flags.h" #include "ubsan/ubsan_flags.h"
#include "ubsan/ubsan_init.h" #include "ubsan/ubsan_init.h"
// ACHTUNG! No system header includes in this file. // ACHTUNG! No system header includes in this file.
using namespace __sanitizer; using namespace __sanitizer;
// Globals.
static THREADLOCAL int msan_expect_umr = 0;
static THREADLOCAL int msan_expected_umr_found = 0;
// Function argument shadow. Each argument starts at the next available 8-byte
// aligned address.
SANITIZER_INTERFACE_ATTRIBUTE
THREADLOCAL u64 __msan_param_tls[kMsanParamTlsSize / sizeof(u64)];
// Function argument origin. Each argument starts at the same offset as the
// corresponding shadow in (__msan_param_tls). Slightly weird, but changing this
// would break compatibility with older prebuilt binaries.
SANITIZER_INTERFACE_ATTRIBUTE
THREADLOCAL u32 __msan_param_origin_tls[kMsanParamTlsSize / sizeof(u32)];
SANITIZER_INTERFACE_ATTRIBUTE
THREADLOCAL u64 __msan_retval_tls[kMsanRetvalTlsSize / sizeof(u64)];
SANITIZER_INTERFACE_ATTRIBUTE
THREADLOCAL u32 __msan_retval_origin_tls;
SANITIZER_INTERFACE_ATTRIBUTE
ALIGNED(16) THREADLOCAL u64 __msan_va_arg_tls[kMsanParamTlsSize / sizeof(u64)];
SANITIZER_INTERFACE_ATTRIBUTE
THREADLOCAL u64 __msan_va_arg_overflow_size_tls;
SANITIZER_INTERFACE_ATTRIBUTE
THREADLOCAL u32 __msan_origin_tls;
static THREADLOCAL int is_in_symbolizer;
extern "C" SANITIZER_WEAK_ATTRIBUTE const int __msan_track_origins; extern "C" SANITIZER_WEAK_ATTRIBUTE const int __msan_track_origins;
int __msan_get_track_origins() { int __msan_get_track_origins() {
return &__msan_track_origins ? __msan_track_origins : 0; return &__msan_track_origins ? __msan_track_origins : 0;
} }
extern "C" SANITIZER_WEAK_ATTRIBUTE const int __msan_keep_going; extern "C" SANITIZER_WEAK_ATTRIBUTE const int __msan_keep_going;
namespace __msan { namespace __msan {
void EnterSymbolizer() { ++is_in_symbolizer; } void EnterSymbolizer() { ++(*get_is_in_symbolizer()); }
void ExitSymbolizer() { --is_in_symbolizer; } void ExitSymbolizer() { --(*get_is_in_symbolizer()); }
bool IsInSymbolizer() { return is_in_symbolizer; } bool IsInSymbolizer() { return *get_is_in_symbolizer(); }
static Flags msan_flags; static Flags msan_flags;
Flags *flags() { Flags *flags() {
return &msan_flags; return &msan_flags;
} }
int msan_inited = 0; int msan_inited = 0;
▲ Show 20 LinesShow All 136 Lines▼ Show 20 Lines if (!t || !StackTrace::WillUseFastUnwind(request_fast_unwind)) {
SymbolizerScope sym_scope; SymbolizerScope sym_scope;
return stack->Unwind(max_s, pc, bp, nullptr, 0, 0, request_fast_unwind); return stack->Unwind(max_s, pc, bp, nullptr, 0, 0, request_fast_unwind);
} }
stack->Unwind(max_s, pc, bp, nullptr, t->stack_top(), t->stack_bottom(), stack->Unwind(max_s, pc, bp, nullptr, t->stack_top(), t->stack_bottom(),
request_fast_unwind); request_fast_unwind);
} }
void PrintWarning(uptr pc, uptr bp) { void PrintWarning(uptr pc, uptr bp) {
PrintWarningWithOrigin(pc, bp, __msan_origin_tls); PrintWarningWithOrigin(pc, bp, *msan_origin_tls());
} }
void PrintWarningWithOrigin(uptr pc, uptr bp, u32 origin) { void PrintWarningWithOrigin(uptr pc, uptr bp, u32 origin) {
if (msan_expect_umr) { if (*get_msan_expect_umr()) {
// Printf("Expected UMR\n"); // Printf("Expected UMR\n");
__msan_origin_tls = origin; *msan_origin_tls() = origin;
msan_expected_umr_found = 1; *get_msan_expected_umr_found() = 1;
return; return;
} }
++msan_report_count; ++msan_report_count;
GET_FATAL_STACK_TRACE_PC_BP(pc, bp); GET_FATAL_STACK_TRACE_PC_BP(pc, bp);
u32 report_origin = u32 report_origin =
(__msan_get_track_origins() && Origin::isValidId(origin)) ? origin : 0; (__msan_get_track_origins() && Origin::isValidId(origin)) ? origin : 0;
ReportUMR(&stack, report_origin); ReportUMR(&stack, report_origin);
if (__msan_get_track_origins() && !Origin::isValidId(origin)) { if (__msan_get_track_origins() && !Origin::isValidId(origin)) {
Printf( Printf(
" ORIGIN: invalid (%x). Might be a bug in MemorySanitizer origin " " ORIGIN: invalid (%x). Might be a bug in MemorySanitizer origin "
"tracking.\n This could still be a bug in your code, too!\n", "tracking.\n This could still be a bug in your code, too!\n",
origin); origin);
} }
} }
void UnpoisonParam(uptr n) { void UnpoisonParam(uptr n) {
internal_memset(__msan_param_tls, 0, n * sizeof(*__msan_param_tls)); internal_memset(*msan_param_tls(), 0, n * sizeof(**msan_param_tls()));
} }
// Backup MSan runtime TLS state. // Backup MSan runtime TLS state.
// Implementation must be async-signal-safe. // Implementation must be async-signal-safe.
// Instances of this class may live on the signal handler stack, and data size // Instances of this class may live on the signal handler stack, and data size
// may be an issue. // may be an issue.
void ScopedThreadLocalStateBackup::Backup() { void ScopedThreadLocalStateBackup::Backup() {
va_arg_overflow_size_tls = __msan_va_arg_overflow_size_tls; va_arg_overflow_size_tls = *msan_va_arg_overflow_size_tls();
} }
void ScopedThreadLocalStateBackup::Restore() { void ScopedThreadLocalStateBackup::Restore() {
// A lame implementation that only keeps essential state and resets the rest. // A lame implementation that only keeps essential state and resets the rest.
__msan_va_arg_overflow_size_tls = va_arg_overflow_size_tls; *msan_va_arg_overflow_size_tls() = va_arg_overflow_size_tls;
internal_memset(__msan_param_tls, 0, sizeof(__msan_param_tls)); internal_memset(*msan_param_tls(), 0, sizeof(*msan_param_tls()));
internal_memset(__msan_retval_tls, 0, sizeof(__msan_retval_tls)); internal_memset(*msan_retval_tls(), 0, sizeof(*msan_retval_tls()));
internal_memset(__msan_va_arg_tls, 0, sizeof(__msan_va_arg_tls)); internal_memset(*msan_va_arg_tls(), 0, sizeof(*msan_va_arg_tls()));
if (__msan_get_track_origins()) { if (__msan_get_track_origins()) {
internal_memset(&__msan_retval_origin_tls, 0, internal_memset(msan_retval_origin_tls(), 0,
sizeof(__msan_retval_origin_tls)); sizeof(*msan_retval_origin_tls()));
internal_memset(__msan_param_origin_tls, 0, internal_memset(*msan_param_origin_tls(), 0,
sizeof(__msan_param_origin_tls)); sizeof(*msan_param_origin_tls()));
} }
} }
void UnpoisonThreadLocalState() { void UnpoisonThreadLocalState() {
} }
const char *GetStackOriginDescr(u32 id, uptr *pc) { const char *GetStackOriginDescr(u32 id, uptr *pc) {
CHECK_LT(id, kNumStackOriginDescrs); CHECK_LT(id, kNumStackOriginDescrs);
▲ Show 20 LinesShow All 128 Lines▼ Show 20 Linesvoid __msan_init() {
main_thread->ThreadStart(); main_thread->ThreadStart();
#if MSAN_CONTAINS_UBSAN #if MSAN_CONTAINS_UBSAN
__ubsan::InitAsPlugin(); __ubsan::InitAsPlugin();
#endif #endif
VPrintf(1, "MemorySanitizer init done\n"); VPrintf(1, "MemorySanitizer init done\n");
AndroidLogInit();
msan_init_is_running = 0; msan_init_is_running = 0;
msan_inited = 1; msan_inited = 1;
} }
void __msan_set_keep_going(int keep_going) { void __msan_set_keep_going(int keep_going) {
flags()->halt_on_error = !keep_going; flags()->halt_on_error = !keep_going;
} }
void __msan_set_expect_umr(int expect_umr) { void __msan_set_expect_umr(int expect_umr) {
if (expect_umr) { if (expect_umr) {
msan_expected_umr_found = 0; *get_msan_expected_umr_found() = 0;
} else if (!msan_expected_umr_found) { } else if (!*get_msan_expected_umr_found()) {
GET_CALLER_PC_BP_SP; GET_CALLER_PC_BP_SP;
(void)sp; (void)sp;
GET_FATAL_STACK_TRACE_PC_BP(pc, bp); GET_FATAL_STACK_TRACE_PC_BP(pc, bp);
ReportExpectedUMRNotFound(&stack); ReportExpectedUMRNotFound(&stack);
Die(); Die();
} }
msan_expect_umr = expect_umr; *get_msan_expect_umr() = expect_umr;
} }
void __msan_print_shadow(const void *x, uptr size) { void __msan_print_shadow(const void *x, uptr size) {
if (!MEM_IS_APP(x)) { if (!MEM_IS_APP(x)) {
Printf("Not a valid application address: %p\n", x); Printf("Not a valid application address: %p\n", x);
return; return;
} }
▲ Show 20 LinesShow All 43 Lines▼ Show 20 Linesint __msan_set_poison_in_malloc(int do_poison) {
flags()->poison_in_malloc = do_poison; flags()->poison_in_malloc = do_poison;
return old; return old;
} }
int __msan_has_dynamic_component() { return false; } int __msan_has_dynamic_component() { return false; }
NOINLINE NOINLINE
void __msan_clear_on_return() { void __msan_clear_on_return() {
__msan_param_tls[0] = 0; (*msan_param_tls())[0] = 0;
} }
void __msan_partial_poison(const void* data, void* shadow, uptr size) { void __msan_partial_poison(const void* data, void* shadow, uptr size) {
internal_memcpy((void*)MEM_TO_SHADOW((uptr)data), shadow, size); internal_memcpy((void*)MEM_TO_SHADOW((uptr)data), shadow, size);
} }
void __msan_load_unpoisoned(const void *src, uptr size, void *dst) { void __msan_load_unpoisoned(const void *src, uptr size, void *dst) {
internal_memcpy(dst, src, size); internal_memcpy(dst, src, size);
▲ Show 20 LinesShow All 58 Lines▼ Show 20 Lines
int __msan_origin_is_descendant_or_same(u32 this_id, u32 prev_id) { int __msan_origin_is_descendant_or_same(u32 this_id, u32 prev_id) {
Origin o = Origin::FromRawId(this_id); Origin o = Origin::FromRawId(this_id);
while (o.raw_id() != prev_id && o.isChainedOrigin()) while (o.raw_id() != prev_id && o.isChainedOrigin())
o = o.getNextChainedOrigin(nullptr); o = o.getNextChainedOrigin(nullptr);
return o.raw_id() == prev_id; return o.raw_id() == prev_id;
} }
u32 __msan_get_umr_origin() { u32 __msan_get_umr_origin() {
return __msan_origin_tls; return *msan_origin_tls();
} }
u16 __sanitizer_unaligned_load16(const uu16 *p) { u16 __sanitizer_unaligned_load16(const uu16 *p) {
*(uu16 *)&__msan_retval_tls[0] = *(uu16 *)MEM_TO_SHADOW((uptr)p); *(uu16 *)&(*msan_retval_tls())[0] = *(uu16 *)MEM_TO_SHADOW((uptr)p);
if (__msan_get_track_origins()) if (__msan_get_track_origins())
__msan_retval_origin_tls = GetOriginIfPoisoned((uptr)p, sizeof(*p)); *msan_retval_origin_tls() = GetOriginIfPoisoned((uptr)p, sizeof(*p));
return *p; return *p;
} }
u32 __sanitizer_unaligned_load32(const uu32 *p) { u32 __sanitizer_unaligned_load32(const uu32 *p) {
*(uu32 *)&__msan_retval_tls[0] = *(uu32 *)MEM_TO_SHADOW((uptr)p); *(uu32 *)&(*msan_retval_tls())[0] = *(uu32 *)MEM_TO_SHADOW((uptr)p);
if (__msan_get_track_origins()) if (__msan_get_track_origins())
__msan_retval_origin_tls = GetOriginIfPoisoned((uptr)p, sizeof(*p)); *msan_retval_origin_tls() = GetOriginIfPoisoned((uptr)p, sizeof(*p));
return *p; return *p;
} }
u64 __sanitizer_unaligned_load64(const uu64 *p) { u64 __sanitizer_unaligned_load64(const uu64 *p) {
__msan_retval_tls[0] = *(uu64 *)MEM_TO_SHADOW((uptr)p); (*msan_retval_tls())[0] = *(uu64 *)MEM_TO_SHADOW((uptr)p);
if (__msan_get_track_origins()) if (__msan_get_track_origins())
__msan_retval_origin_tls = GetOriginIfPoisoned((uptr)p, sizeof(*p)); *msan_retval_origin_tls() = GetOriginIfPoisoned((uptr)p, sizeof(*p));
return *p; return *p;
} }
void __sanitizer_unaligned_store16(uu16 *p, u16 x) { void __sanitizer_unaligned_store16(uu16 *p, u16 x) {
u16 s = *(uu16 *)&__msan_param_tls[1]; u16 s = *(uu16 *)&(*msan_param_tls())[1];
*(uu16 *)MEM_TO_SHADOW((uptr)p) = s; *(uu16 *)MEM_TO_SHADOW((uptr)p) = s;
if (s && __msan_get_track_origins()) if (s && __msan_get_track_origins())
if (uu32 o = __msan_param_origin_tls[2]) if (uu32 o = (*msan_param_origin_tls())[2])
SetOriginIfPoisoned((uptr)p, (uptr)&s, sizeof(s), o); SetOriginIfPoisoned((uptr)p, (uptr)&s, sizeof(s), o);
*p = x; *p = x;
} }
void __sanitizer_unaligned_store32(uu32 *p, u32 x) { void __sanitizer_unaligned_store32(uu32 *p, u32 x) {
u32 s = *(uu32 *)&__msan_param_tls[1]; u32 s = *(uu32 *)&(*msan_param_tls())[1];
*(uu32 *)MEM_TO_SHADOW((uptr)p) = s; *(uu32 *)MEM_TO_SHADOW((uptr)p) = s;
if (s && __msan_get_track_origins()) if (s && __msan_get_track_origins())
if (uu32 o = __msan_param_origin_tls[2]) if (uu32 o = (*msan_param_origin_tls())[2])
SetOriginIfPoisoned((uptr)p, (uptr)&s, sizeof(s), o); SetOriginIfPoisoned((uptr)p, (uptr)&s, sizeof(s), o);
*p = x; *p = x;
} }
void __sanitizer_unaligned_store64(uu64 *p, u64 x) { void __sanitizer_unaligned_store64(uu64 *p, u64 x) {
u64 s = __msan_param_tls[1]; u64 s = (*msan_param_tls())[1];
*(uu64 *)MEM_TO_SHADOW((uptr)p) = s; *(uu64 *)MEM_TO_SHADOW((uptr)p) = s;
if (s && __msan_get_track_origins()) if (s && __msan_get_track_origins())
if (uu32 o = __msan_param_origin_tls[2]) if (uu32 o = (*msan_param_origin_tls())[2])
SetOriginIfPoisoned((uptr)p, (uptr)&s, sizeof(s), o); SetOriginIfPoisoned((uptr)p, (uptr)&s, sizeof(s), o);
*p = x; *p = x;
} }
void __msan_set_death_callback(void (*callback)(void)) { void __msan_set_death_callback(void (*callback)(void)) {
SetUserDieCallback(callback); SetUserDieCallback(callback);
} }
Show All 14 Lines

msan/msan_flags.inc

Show All 23 Lines
MSAN_FLAG(bool, poison_heap_with_zeroes, false, "") MSAN_FLAG(bool, poison_heap_with_zeroes, false, "")
MSAN_FLAG(bool, poison_stack_with_zeroes, false, "") MSAN_FLAG(bool, poison_stack_with_zeroes, false, "")
MSAN_FLAG(bool, poison_in_malloc, true, "") MSAN_FLAG(bool, poison_in_malloc, true, "")
MSAN_FLAG(bool, poison_in_free, true, "") MSAN_FLAG(bool, poison_in_free, true, "")
MSAN_FLAG(bool, poison_in_dtor, false, "") MSAN_FLAG(bool, poison_in_dtor, false, "")
MSAN_FLAG(bool, report_umrs, true, "") MSAN_FLAG(bool, report_umrs, true, "")
MSAN_FLAG(bool, wrap_signals, true, "") MSAN_FLAG(bool, wrap_signals, true, "")
MSAN_FLAG(bool, print_stats, false, "") MSAN_FLAG(bool, print_stats, false, "")
#if SANITIZER_ANDROID
MSAN_FLAG(bool, halt_on_error, false, "")
#else
MSAN_FLAG(bool, halt_on_error, !&__msan_keep_going, "") MSAN_FLAG(bool, halt_on_error, !&__msan_keep_going, "")
#endif // SANITIZER_ANDROID
eugenisUnsubmitted
Not Done
ReplyInline Actions

why?

eugenis: why?
thurstonAuthorUnsubmitted
Not Done
ReplyInline Actions

On Android, there's some use-of-uninitialized-values early on before main() has even been reached e.g.,

`Uninitialized bytes in __interceptor_strlen at offset 44 inside [0x007f0d701f80, 45)

WARNING: MemorySanitizer: use-of-uninitialized-value 0x2a8ef: read_spec_entries(char*, int, ...) at bionic/libc/bionic/system_properties.cpp:903:11 0x29ab7: initialize_properties() at bionic/libc/bionic/system_properties.cpp:957:21 0x29877: system_properties_init at bionic/libc/bionic/system_properties.cpp:1017:14 0x1a8e3: libc_preinit() at bionic/libc/bionic/libc_init_dynamic.cpp:78:3`

I think they're innocuous, so I don't want to halt.

thurston: On Android, there's some use-of-uninitialized-values early on before main() has even been…
eugenisUnsubmitted
Not Done
ReplyInline Actions

That's because libc is not instrumented, but some of its internal calls are intercepted.
It's not good to leave it like this, because it requires -msan-keep-going, which adds code size and runtime overhead. It also makes every program fail (i.e. exit with non-zero code) under MSan which is problematic for testing.

Some ideas how to handle this.

  1. Checks are disabled in nested interceptors, so intercepting anything on this stack trace would prevent this from firing.
  1. We may disable all interceptor checks before libc is initialized. Not clear how to detect this, but the idea is that after some point all that libc does it handle requests from the application, and those usually go through intercepted entrypoints, see item 1.
eugenis: That's because libc is not instrumented, but some of its internal calls are intercepted. It's…
MSAN_FLAG(bool, atexit, false, "") MSAN_FLAG(bool, atexit, false, "")
MSAN_FLAG(int, store_context_size, 20, MSAN_FLAG(int, store_context_size, 20,
"Like malloc_context_size, but for uninit stores.") "Like malloc_context_size, but for uninit stores.")

msan/msan_interceptors.cc

Show All 10 Lines
// //
// Interceptors for standard library functions. // Interceptors for standard library functions.
// //
// FIXME: move as many interceptors as possible into // FIXME: move as many interceptors as possible into
// sanitizer_common/sanitizer_common_interceptors.h // sanitizer_common/sanitizer_common_interceptors.h
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "interception/interception.h" #include "interception/interception.h"
#include "msan_thread.h"
#include "msan.h" #include "msan.h"
#include "msan_chained_origin_depot.h" #include "msan_chained_origin_depot.h"
#include "msan_origin.h" #include "msan_origin.h"
#include "msan_thread.h"
#include "msan_poisoning.h" #include "msan_poisoning.h"
#include "sanitizer_common/sanitizer_platform_limits_posix.h" #include "sanitizer_common/sanitizer_platform_limits_posix.h"
#include "sanitizer_common/sanitizer_allocator.h" #include "sanitizer_common/sanitizer_allocator.h"
#include "sanitizer_common/sanitizer_allocator_interface.h" #include "sanitizer_common/sanitizer_allocator_interface.h"
#include "sanitizer_common/sanitizer_allocator_internal.h" #include "sanitizer_common/sanitizer_allocator_internal.h"
#include "sanitizer_common/sanitizer_atomic.h" #include "sanitizer_common/sanitizer_atomic.h"
#include "sanitizer_common/sanitizer_common.h" #include "sanitizer_common/sanitizer_common.h"
#include "sanitizer_common/sanitizer_stackdepot.h" #include "sanitizer_common/sanitizer_stackdepot.h"
Show All 14 Lines
DECLARE_REAL(SIZE_T, strlen, const char *s) DECLARE_REAL(SIZE_T, strlen, const char *s)
DECLARE_REAL(SIZE_T, strnlen, const char *s, SIZE_T maxlen) DECLARE_REAL(SIZE_T, strnlen, const char *s, SIZE_T maxlen)
#if SANITIZER_FREEBSD #if SANITIZER_FREEBSD
#define __errno_location __error #define __errno_location __error
#endif #endif
// True if this is a nested interceptor. #if SANITIZER_ANDROID
static THREADLOCAL int in_interceptor_scope; // From bionic/libc/include/errno.h:
// "internal function returning the address of the thread-specific errno"
extern "C" volatile int* __errno(void);
#define __errno_location (int*)__errno
#else
extern "C" int *__errno_location(void); extern "C" int *__errno_location(void);
#endif // SANITIZER_ANDROID
struct InterceptorScope { struct InterceptorScope {
InterceptorScope() { ++in_interceptor_scope; } InterceptorScope() {
~InterceptorScope() { --in_interceptor_scope; } ++(*get_in_interceptor_scope());
}
~InterceptorScope() {
--(*get_in_interceptor_scope());
}
}; };
bool IsInInterceptorScope() { bool IsInInterceptorScope() {
return in_interceptor_scope; return *get_in_interceptor_scope();
} }
#define ENSURE_MSAN_INITED() do { \ #define ENSURE_MSAN_INITED() do { \
CHECK(!msan_init_is_running); \ CHECK(!msan_init_is_running); \
if (!msan_inited) { \ if (!msan_inited) { \
__msan_init(); \ __msan_init(); \
} \ } \
} while (0) } while (0)
▲ Show 20 LinesShow All 1,110 Lines▼ Show 20 Lines MSanAtExitRecord *r =
(MSanAtExitRecord *)InternalAlloc(sizeof(MSanAtExitRecord)); (MSanAtExitRecord *)InternalAlloc(sizeof(MSanAtExitRecord));
r->func = func; r->func = func;
r->arg = arg; r->arg = arg;
return REAL(__cxa_atexit)(MSanAtExitWrapper, r, dso_handle); return REAL(__cxa_atexit)(MSanAtExitWrapper, r, dso_handle);
} }
DECLARE_REAL(int, shmctl, int shmid, int cmd, void *buf) DECLARE_REAL(int, shmctl, int shmid, int cmd, void *buf)
#if !SANITIZER_ANDROID
INTERCEPTOR(void *, shmat, int shmid, const void *shmaddr, int shmflg) { INTERCEPTOR(void *, shmat, int shmid, const void *shmaddr, int shmflg) {
ENSURE_MSAN_INITED(); ENSURE_MSAN_INITED();
void *p = REAL(shmat)(shmid, shmaddr, shmflg); void *p = REAL(shmat)(shmid, shmaddr, shmflg);
if (p != (void *)-1) { if (p != (void *)-1) {
__sanitizer_shmid_ds ds; __sanitizer_shmid_ds ds;
int res = REAL(shmctl)(shmid, shmctl_ipc_stat, &ds); int res = REAL(shmctl)(shmid, shmctl_ipc_stat, &ds);
if (!res) { if (!res) {
__msan_unpoison(p, ds.shm_segsz); __msan_unpoison(p, ds.shm_segsz);
} }
} }
return p; return p;
} }
#define MSAN_MAYBE_INTERCEPT_SHMAT INTERCEPT_FUNCTION(shmat)
#else
#define MSAN_MAYBE_INTERCEPT_SHMAT
#endif // !SANITIZER_ANDROID
static void BeforeFork() { static void BeforeFork() {
StackDepotLockAll(); StackDepotLockAll();
ChainedOriginDepotLockAll(); ChainedOriginDepotLockAll();
} }
static void AfterFork() { static void AfterFork() {
ChainedOriginDepotUnlockAll(); ChainedOriginDepotUnlockAll();
▲ Show 20 LinesShow All 130 Lines▼ Show 20 Lines#define COMMON_SYSCALL_PRE_WRITE_RANGE(p, s) \
do { \ do { \
} while (false) } while (false)
#define COMMON_SYSCALL_POST_READ_RANGE(p, s) \ #define COMMON_SYSCALL_POST_READ_RANGE(p, s) \
do { \ do { \
} while (false) } while (false)
#define COMMON_SYSCALL_POST_WRITE_RANGE(p, s) __msan_unpoison(p, s) #define COMMON_SYSCALL_POST_WRITE_RANGE(p, s) __msan_unpoison(p, s)
#include "sanitizer_common/sanitizer_common_syscalls.inc" #include "sanitizer_common/sanitizer_common_syscalls.inc"
#if !SANITIZER_ANDROID
struct dlinfo { struct dlinfo {
char *dli_fname; char *dli_fname;
void *dli_fbase; void *dli_fbase;
char *dli_sname; char *dli_sname;
void *dli_saddr; void *dli_saddr;
}; };
#endif // !SANITIZER_ANDROID
#if !SANITIZER_ANDROID
INTERCEPTOR(int, dladdr, void *addr, dlinfo *info) { INTERCEPTOR(int, dladdr, void *addr, dlinfo *info) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, dladdr, addr, info); COMMON_INTERCEPTOR_ENTER(ctx, dladdr, addr, info);
int res = REAL(dladdr)(addr, info); int res = REAL(dladdr)(addr, info);
if (res != 0) { if (res != 0) {
__msan_unpoison(info, sizeof(*info)); __msan_unpoison(info, sizeof(*info));
if (info->dli_fname) if (info->dli_fname)
__msan_unpoison(info->dli_fname, REAL(strlen)(info->dli_fname) + 1); __msan_unpoison(info->dli_fname, REAL(strlen)(info->dli_fname) + 1);
if (info->dli_sname) if (info->dli_sname)
__msan_unpoison(info->dli_sname, REAL(strlen)(info->dli_sname) + 1); __msan_unpoison(info->dli_sname, REAL(strlen)(info->dli_sname) + 1);
} }
return res; return res;
} }
#define MSAN_MAYBE_INTERCEPT_DLADDR INTERCEPT_FUNCTION(dladdr)
#else
#define MSAN_MAYBE_INTERCEPT_DLADDR
#endif // !SANITIZER_ANDROID
#if !SANITIZER_ANDROID
INTERCEPTOR(char *, dlerror, int fake) { INTERCEPTOR(char *, dlerror, int fake) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, dlerror, fake); COMMON_INTERCEPTOR_ENTER(ctx, dlerror, fake);
char *res = REAL(dlerror)(fake); char *res = REAL(dlerror)(fake);
if (res) __msan_unpoison(res, REAL(strlen)(res) + 1); if (res) __msan_unpoison(res, REAL(strlen)(res) + 1);
return res; return res;
} }
#define MSAN_MAYBE_INTERCEPT_DLERROR INTERCEPT_FUNCTION(dlerror)
#else
#define MSAN_MAYBE_INTERCEPT_DLERROR
#endif // !SANITIZER_ANDROID
#if !SANITIZER_ANDROID
typedef int (*dl_iterate_phdr_cb)(__sanitizer_dl_phdr_info *info, SIZE_T size, typedef int (*dl_iterate_phdr_cb)(__sanitizer_dl_phdr_info *info, SIZE_T size,
void *data); void *data);
struct dl_iterate_phdr_data { struct dl_iterate_phdr_data {
dl_iterate_phdr_cb callback; dl_iterate_phdr_cb callback;
void *data; void *data;
}; };
static int msan_dl_iterate_phdr_cb(__sanitizer_dl_phdr_info *info, SIZE_T size, static int msan_dl_iterate_phdr_cb(__sanitizer_dl_phdr_info *info, SIZE_T size,
void *data) { void *data) {
if (info) { if (info) {
__msan_unpoison(info, size); __msan_unpoison(info, size);
if (info->dlpi_phdr && info->dlpi_phnum) if (info->dlpi_phdr && info->dlpi_phnum)
__msan_unpoison(info->dlpi_phdr, struct_ElfW_Phdr_sz * info->dlpi_phnum); __msan_unpoison(info->dlpi_phdr, struct_ElfW_Phdr_sz * info->dlpi_phnum);
if (info->dlpi_name) if (info->dlpi_name)
__msan_unpoison(info->dlpi_name, REAL(strlen)(info->dlpi_name) + 1); __msan_unpoison(info->dlpi_name, REAL(strlen)(info->dlpi_name) + 1);
} }
dl_iterate_phdr_data *cbdata = (dl_iterate_phdr_data *)data; dl_iterate_phdr_data *cbdata = (dl_iterate_phdr_data *)data;
UnpoisonParam(3); UnpoisonParam(3);
return cbdata->callback(info, size, cbdata->data); return cbdata->callback(info, size, cbdata->data);
} }
#endif // !SANITIZER_ANDROID
#if !SANITIZER_ANDROID
INTERCEPTOR(int, dl_iterate_phdr, dl_iterate_phdr_cb callback, void *data) { INTERCEPTOR(int, dl_iterate_phdr, dl_iterate_phdr_cb callback, void *data) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, dl_iterate_phdr, callback, data); COMMON_INTERCEPTOR_ENTER(ctx, dl_iterate_phdr, callback, data);
dl_iterate_phdr_data cbdata; dl_iterate_phdr_data cbdata;
cbdata.callback = callback; cbdata.callback = callback;
cbdata.data = data; cbdata.data = data;
int res = REAL(dl_iterate_phdr)(msan_dl_iterate_phdr_cb, (void *)&cbdata); int res = REAL(dl_iterate_phdr)(msan_dl_iterate_phdr_cb, (void *)&cbdata);
return res; return res;
} }
#define MSAN_MAYBE_INTERCEPT_DL_ITERATE_PHDR INTERCEPT_FUNCTION(dl_iterate_phdr)
#else
#define MSAN_MAYBE_INTERCEPT_DL_ITERATE_PHDR
#endif // !SANITIZER_ANDROID
// These interface functions reside here so that they can use // These interface functions reside here so that they can use
// REAL(memset), etc. // REAL(memset), etc.
void __msan_unpoison(const void *a, uptr size) { void __msan_unpoison(const void *a, uptr size) {
if (!MEM_IS_APP(a)) return; if (!MEM_IS_APP(a)) return;
SetShadow(a, size, 0); SetShadow(a, size, 0);
} }
▲ Show 20 LinesShow All 145 Lines▼ Show 20 Lines#endif
INTERCEPT_FUNCTION(getrlimit); INTERCEPT_FUNCTION(getrlimit);
MSAN_MAYBE_INTERCEPT_GETRLIMIT64; MSAN_MAYBE_INTERCEPT_GETRLIMIT64;
MSAN_MAYBE_INTERCEPT_PRLIMIT; MSAN_MAYBE_INTERCEPT_PRLIMIT;
MSAN_MAYBE_INTERCEPT_PRLIMIT64; MSAN_MAYBE_INTERCEPT_PRLIMIT64;
MSAN_INTERCEPT_UNAME; MSAN_INTERCEPT_UNAME;
INTERCEPT_FUNCTION(gethostname); INTERCEPT_FUNCTION(gethostname);
MSAN_MAYBE_INTERCEPT_EPOLL_WAIT; MSAN_MAYBE_INTERCEPT_EPOLL_WAIT;
MSAN_MAYBE_INTERCEPT_EPOLL_PWAIT; MSAN_MAYBE_INTERCEPT_EPOLL_PWAIT;
INTERCEPT_FUNCTION(dladdr); MSAN_MAYBE_INTERCEPT_DLADDR;
INTERCEPT_FUNCTION(dlerror); MSAN_MAYBE_INTERCEPT_DLERROR;
INTERCEPT_FUNCTION(dl_iterate_phdr); MSAN_MAYBE_INTERCEPT_DL_ITERATE_PHDR;
INTERCEPT_FUNCTION(getrusage); INTERCEPT_FUNCTION(getrusage);
INTERCEPT_FUNCTION(sigaction); INTERCEPT_FUNCTION(sigaction);
INTERCEPT_FUNCTION(signal); INTERCEPT_FUNCTION(signal);
#if defined(__mips__) #if defined(__mips__)
INTERCEPT_FUNCTION_VER(pthread_create, "GLIBC_2.2"); INTERCEPT_FUNCTION_VER(pthread_create, "GLIBC_2.2");
#else #else
INTERCEPT_FUNCTION(pthread_create); INTERCEPT_FUNCTION(pthread_create);
#endif #endif
INTERCEPT_FUNCTION(pthread_key_create); INTERCEPT_FUNCTION(pthread_key_create);
INTERCEPT_FUNCTION(pthread_join); INTERCEPT_FUNCTION(pthread_join);
INTERCEPT_FUNCTION(tzset); INTERCEPT_FUNCTION(tzset);
INTERCEPT_FUNCTION(__cxa_atexit); INTERCEPT_FUNCTION(__cxa_atexit);
INTERCEPT_FUNCTION(shmat); MSAN_MAYBE_INTERCEPT_SHMAT;
INTERCEPT_FUNCTION(fork); INTERCEPT_FUNCTION(fork);
INTERCEPT_FUNCTION(openpty); INTERCEPT_FUNCTION(openpty);
INTERCEPT_FUNCTION(forkpty); INTERCEPT_FUNCTION(forkpty);
inited = 1; inited = 1;
} }
} // namespace __msan } // namespace __msan

msan/msan_linux.cc

Show All 20 Lines
#include <elf.h> #include <elf.h>
#include <link.h> #include <link.h>
#include <pthread.h> #include <pthread.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <signal.h> #include <signal.h>
#include <unistd.h> #include <unistd.h>
#include <unwind.h> #include <unwind.h>
#include <stddef.h>
#if !SANITIZER_ANDROID
#include <execinfo.h> #include <execinfo.h>
#endif // !SANITIZER_ANDROID
#include <sys/time.h> #include <sys/time.h>
#include <sys/resource.h> #include <sys/resource.h>
#include "sanitizer_common/sanitizer_common.h" #include "sanitizer_common/sanitizer_common.h"
#include "sanitizer_common/sanitizer_procmaps.h" #include "sanitizer_common/sanitizer_procmaps.h"
namespace __msan { namespace __msan {
▲ Show 20 LinesShow All 130 Lines▼ Show 20 Lines
} }
void InstallAtExitHandler() { void InstallAtExitHandler() {
atexit(MsanAtExit); atexit(MsanAtExit);
} }
// ---------------------- TSD ---------------- {{{1 // ---------------------- TSD ---------------- {{{1
static pthread_key_t tsd_key;
static bool tsd_key_inited = false; static bool tsd_key_inited = false;
void MsanTSDInit(void (*destructor)(void *tsd)) { void MsanTSDInit(void (*destructor)(void *tsd)) {
CHECK(!tsd_key_inited); CHECK(!tsd_key_inited);
tsd_key_inited = true; tsd_key_inited = true;
CHECK_EQ(0, pthread_key_create(&tsd_key, destructor));
} }
static THREADLOCAL MsanThread* msan_current_thread;
MsanThread *GetCurrentThread() { MsanThread *GetCurrentThread() {
return msan_current_thread; #if SANITIZER_ANDROID
// These assume 64-bit Linux (ILP64).
// If any of these assertions break (perhaps because k{MsanParam/RetvalTls}Size
// change), we must also update MemorySanitizer.cpp.
static_assert (offsetof(MsanTLSSlot, __msan_param_tls) == 0,
"__msan_param_tls offset");
static_assert (offsetof(MsanTLSSlot, __msan_param_origin_tls) == 800,
"__msan_param_origin_tls offset");
static_assert (offsetof(MsanTLSSlot, __msan_retval_tls) == 1600,
"__msan_retval_tls offset");
static_assert (offsetof(MsanTLSSlot, __msan_retval_origin_tls) == 2424,
"u32 __msan_retval_origin_tls offset");
static_assert (offsetof(MsanTLSSlot, __msan_origin_tls) == 2428,
"u32 __msan_origin_tls offset");
static_assert (offsetof(MsanTLSSlot, __msan_va_arg_overflow_size_tls) == 2432,
"u64 __msan_va_arg_overflow_tls offset");
static_assert (offsetof(MsanTLSSlot, __msan_va_arg_tls) == 2448,
"ALIGNED(16) u64 __msan_va_arg_tls offset");
static_assert (sizeof(MsanTLSSlot) == 3248,
"sizeof(MsanTLSSlot)");
#endif
return *get_msan_current_thread();
} }
void SetCurrentThread(MsanThread *t) { void SetCurrentThread(MsanThread *t) {
// Make sure we do not reset the current MsanThread. // Make sure we do not reset the current MsanThread.
CHECK_EQ(0, msan_current_thread); CHECK_EQ(0, *get_msan_current_thread());
msan_current_thread = t; *get_msan_current_thread() = t;
// Make sure that MsanTSDDtor gets called at the end. // Make sure that MsanTSDDtor gets called at the end.
CHECK(tsd_key_inited); CHECK(tsd_key_inited);
pthread_setspecific(tsd_key, (void *)t);
} }
void MsanTSDDtor(void *tsd) { void MsanTSDDtor(void *tsd) {
MsanThread *t = (MsanThread*)tsd; MsanThread *t = (MsanThread*)tsd;
if (t->destructor_iterations_ > 1) { if (t->destructor_iterations_ > 1) {
t->destructor_iterations_--; t->destructor_iterations_--;
CHECK_EQ(0, pthread_setspecific(tsd_key, tsd));
return; return;
} }
msan_current_thread = nullptr; *get_msan_current_thread() = nullptr;
// Make sure that signal handler can not see a stale current thread pointer. // Make sure that signal handler can not see a stale current thread pointer.
atomic_signal_fence(memory_order_seq_cst); atomic_signal_fence(memory_order_seq_cst);
MsanThread::TSDDtor(tsd); MsanThread::TSDDtor(tsd);
} }
} // namespace __msan } // namespace __msan
#endif // SANITIZER_FREEBSD || SANITIZER_LINUX #endif // SANITIZER_FREEBSD || SANITIZER_LINUX

msan/msan_thread.h

Show All 11 Lines
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef MSAN_THREAD_H #ifndef MSAN_THREAD_H
#define MSAN_THREAD_H #define MSAN_THREAD_H
#include "msan_allocator.h" #include "msan_allocator.h"
#include "sanitizer_common/sanitizer_common.h" #include "sanitizer_common/sanitizer_common.h"
#if SANITIZER_ANDROID
#define TLSVAR(x) GetMsanTLS()->x
#else
#define TLSVAR(x) x
#endif
namespace __msan { namespace __msan {
class MsanThread { class MsanThread {
public: public:
static MsanThread *Create(thread_callback_t start_routine, void *arg); static MsanThread *Create(thread_callback_t start_routine, void *arg);
static void TSDDtor(void *tsd); static void TSDDtor(void *tsd);
void Destroy(); void Destroy();
Show All 33 Lines private:
unsigned in_signal_handler_; unsigned in_signal_handler_;
MsanThreadLocalMallocStorage malloc_storage_; MsanThreadLocalMallocStorage malloc_storage_;
}; };
MsanThread *GetCurrentThread(); MsanThread *GetCurrentThread();
void SetCurrentThread(MsanThread *t); void SetCurrentThread(MsanThread *t);
// These constants must be kept in sync with the ones in MemorySanitizer.cc.
const int kMsanParamTlsSize = 800;
const int kMsanRetvalTlsSize = 800;
struct MsanTLSSlot {
u64 __msan_param_tls[kMsanParamTlsSize / sizeof(u64)];
u32 __msan_param_origin_tls[kMsanParamTlsSize / sizeof(u32)];
u64 __msan_retval_tls[kMsanRetvalTlsSize / sizeof(u64)];
__msan::MsanThread* msan_current_thread;
int in_interceptor_scope;
int is_in_symbolizer;
int msan_expect_umr;
int msan_expected_umr_found;
u32 __msan_retval_origin_tls;
u32 __msan_origin_tls;
u64 __msan_va_arg_overflow_size_tls;
ALIGNED(16) u64 __msan_va_arg_tls[kMsanParamTlsSize / sizeof(u64)];
};
MsanTLSSlot* GetMsanTLS(void);
u64 (*msan_param_tls())[kMsanParamTlsSize / sizeof(u64)];
u32 (*msan_param_origin_tls())[kMsanParamTlsSize / sizeof(u32)];
u64 (*msan_retval_tls())[kMsanRetvalTlsSize / sizeof(u64)];
u32 *msan_retval_origin_tls();
u32 *msan_origin_tls();
u64 *msan_va_arg_overflow_size_tls();
u64 (*msan_va_arg_tls())[kMsanParamTlsSize / sizeof(u64)];
__msan::MsanThread** get_msan_current_thread();
int *get_in_interceptor_scope();
int *get_is_in_symbolizer();
int *get_msan_expect_umr();
int *get_msan_expected_umr_found();
} // namespace __msan } // namespace __msan
#endif // MSAN_THREAD_H #endif // MSAN_THREAD_H

msan/msan_thread.cc

#include "msan.h" #include "msan.h"
#include "msan_thread.h" #include "msan_thread.h"
#include "msan_interface_internal.h" #include "msan_interface_internal.h"
#include "sanitizer_common/sanitizer_tls_get_addr.h" #include "sanitizer_common/sanitizer_tls_get_addr.h"
#include "sanitizer_common/sanitizer_linux.h"
#if !SANITIZER_ANDROID
static THREADLOCAL int msan_expect_umr = 0;
static THREADLOCAL int msan_expected_umr_found = 0;
eugenisUnsubmitted
Not Done
ReplyInline Actions

__msan_tls

eugenis: __msan_tls
thurstonAuthorUnsubmitted
Not Done
ReplyInline Actions

This variable will be gone in the next revision (since THREADLOCAL is only applicable for non-Android, and non-Android will use the original variables rather than MsanTLSSlot).

thurston: This variable will be gone in the next revision (since THREADLOCAL is only applicable for non…
SANITIZER_INTERFACE_ATTRIBUTE
THREADLOCAL u64 __msan_param_tls[__msan::kMsanParamTlsSize / sizeof(u64)];
SANITIZER_INTERFACE_ATTRIBUTE
THREADLOCAL u32 __msan_param_origin_tls[__msan::kMsanParamTlsSize / sizeof(u32)];
SANITIZER_INTERFACE_ATTRIBUTE
THREADLOCAL u64 __msan_retval_tls[__msan::kMsanRetvalTlsSize / sizeof(u64)];
SANITIZER_INTERFACE_ATTRIBUTE
THREADLOCAL u32 __msan_retval_origin_tls;
SANITIZER_INTERFACE_ATTRIBUTE
ALIGNED(16) THREADLOCAL u64 __msan_va_arg_tls[__msan::kMsanParamTlsSize / sizeof(u64)];
SANITIZER_INTERFACE_ATTRIBUTE
THREADLOCAL u64 __msan_va_arg_overflow_size_tls;
SANITIZER_INTERFACE_ATTRIBUTE
THREADLOCAL u32 __msan_origin_tls;
static THREADLOCAL int is_in_symbolizer;
static THREADLOCAL int in_interceptor_scope;
static THREADLOCAL __msan::MsanThread* msan_current_thread;
#endif // !SANITIZER_ANDROID
namespace __msan { namespace __msan {
MsanThread *MsanThread::Create(thread_callback_t start_routine, MsanThread *MsanThread::Create(thread_callback_t start_routine,
void *arg) { void *arg) {
uptr PageSize = GetPageSizeCached(); uptr PageSize = GetPageSizeCached();
uptr size = RoundUpTo(sizeof(MsanThread), PageSize); uptr size = RoundUpTo(sizeof(MsanThread), PageSize);
MsanThread *thread = (MsanThread*)MmapOrDie(size, __func__); MsanThread *thread = (MsanThread*)MmapOrDie(size, __func__);
Show All 15 Linesvoid MsanThread::SetThreadStackAndTls() {
int local; int local;
CHECK(AddrIsInStack((uptr)&local)); CHECK(AddrIsInStack((uptr)&local));
} }
void MsanThread::ClearShadowForThreadStackAndTLS() { void MsanThread::ClearShadowForThreadStackAndTLS() {
__msan_unpoison((void *)stack_bottom_, stack_top_ - stack_bottom_); __msan_unpoison((void *)stack_bottom_, stack_top_ - stack_bottom_);
if (tls_begin_ != tls_end_) if (tls_begin_ != tls_end_)
__msan_unpoison((void *)tls_begin_, tls_end_ - tls_begin_); __msan_unpoison((void *)tls_begin_, tls_end_ - tls_begin_);
#if !SANITIZER_ANDROID
DTLS *dtls = DTLS_Get(); DTLS *dtls = DTLS_Get();
CHECK_NE(dtls, 0); CHECK_NE(dtls, 0);
for (uptr i = 0; i < dtls->dtv_size; ++i) for (uptr i = 0; i < dtls->dtv_size; ++i)
__msan_unpoison((void *)(dtls->dtv[i].beg), dtls->dtv[i].size); __msan_unpoison((void *)(dtls->dtv[i].beg), dtls->dtv[i].size);
#endif // !SANITIZER_ANDROID
} }
void MsanThread::Init() { void MsanThread::Init() {
SetThreadStackAndTls(); SetThreadStackAndTls();
CHECK(MEM_IS_APP(stack_bottom_)); CHECK(MEM_IS_APP(stack_bottom_));
CHECK(MEM_IS_APP(stack_top_ - 1)); CHECK(MEM_IS_APP(stack_top_ - 1));
ClearShadowForThreadStackAndTLS(); ClearShadowForThreadStackAndTLS();
} }
Show All 24 Lines if (!start_routine_) {
return 0; return 0;
} }
thread_return_t res = start_routine_(arg_); thread_return_t res = start_routine_(arg_);
return res; return res;
} }
#if SANITIZER_ANDROID
// Based on tsan_platform_linux.cc::cur_thread
MsanTLSSlot* GetMsanTLS(void) {
MsanTLSSlot* tls = (MsanTLSSlot*)(*AndroidGetTls());
if (tls == nullptr) {
__sanitizer_sigset_t emptyset;
internal_sigfillset(&emptyset);
__sanitizer_sigset_t oldset;
CHECK_EQ(0, internal_sigprocmask(sig_setmask, &emptyset, &oldset));
tls = reinterpret_cast<MsanTLSSlot*>(*AndroidGetTls());
if (tls == nullptr) {
tls = reinterpret_cast<MsanTLSSlot*>(MmapOrDie(sizeof(MsanTLSSlot),
"MsanTLSSlot"));
*(AndroidGetTls()) = tls;
}
CHECK_EQ(0, internal_sigprocmask(sig_setmask, &oldset, nullptr));
}
return tls;
}
#endif // SANITIZER_ANDROID
u64 (*msan_param_tls())[kMsanParamTlsSize / sizeof(u64)] { return &TLSVAR(__msan_param_tls); }
u32 (*msan_param_origin_tls())[kMsanParamTlsSize / sizeof(u32)] { return &TLSVAR(__msan_param_origin_tls); }
u64 (*msan_retval_tls())[kMsanRetvalTlsSize / sizeof(u64)] { return &TLSVAR(__msan_retval_tls); }
u32 *msan_retval_origin_tls() { return &TLSVAR(__msan_retval_origin_tls); }
u32 *msan_origin_tls() { return &TLSVAR(__msan_origin_tls); }
u64 *msan_va_arg_overflow_size_tls() { return &TLSVAR(__msan_va_arg_overflow_size_tls); }
u64 (*msan_va_arg_tls())[kMsanParamTlsSize / sizeof(u64)] { return &TLSVAR(__msan_va_arg_tls); }
__msan::MsanThread** get_msan_current_thread() { return &TLSVAR(msan_current_thread); }
int *get_in_interceptor_scope() { return &TLSVAR(in_interceptor_scope); }
int *get_is_in_symbolizer() { return &TLSVAR(is_in_symbolizer); }
int *get_msan_expect_umr() { return &TLSVAR(msan_expect_umr); }
int *get_msan_expected_umr_found() { return &TLSVAR(msan_expected_umr_found); }
} // namespace __msan } // namespace __msan

sanitizer_common/sanitizer_common.h

Show First 20 LinesShow All 828 Lines▼ Show 20 Linesinline void *operator new(__sanitizer::operator_new_size_type size,
return alloc.Allocate(size); return alloc.Allocate(size);
} }
struct StackDepotStats { struct StackDepotStats {
uptr n_uniq_ids; uptr n_uniq_ids;
uptr allocated; uptr allocated;
}; };
#if SANITIZER_ANDROID
// Voodoo from tsan
#if defined(__aarch64__)
# define __get_tls() ({ void** __val; __asm__("mrs %0, tpidr_el0" : "=r"(__val)); __val; })
#elif defined(__x86_64__)
# define __get_tls() ({ void** __val; __asm__("mov %%fs:0, %0" : "=r"(__val)); __val; })
#endif
static const int TLS_SLOT_TSAN = 8;
#if defined(__get_tls)
INLINE void **AndroidGetTls() { return &__get_tls()[TLS_SLOT_TSAN];}
#else
INLINE void **AndroidGetTls() { return nullptr;}
#endif
#endif // SANITIZER_ANDROID
#endif // SANITIZER_COMMON_H #endif // SANITIZER_COMMON_H

sanitizer_common/sanitizer_linux_libcdep.cc

Show First 20 LinesShow All 360 Lines▼ Show 20 Lines if (segbase != 0) {
// tls_size = round(tls_static_space, tcbalign); // tls_size = round(tls_static_space, tcbalign);
// dtv = segbase[1]; // dtv = segbase[1];
// dtv[2] = segbase - tls_static_space; // dtv[2] = segbase - tls_static_space;
void **dtv = (void**) segbase[1]; void **dtv = (void**) segbase[1];
*addr = (uptr) dtv[2]; *addr = (uptr) dtv[2];
*size = (*addr == 0) ? 0 : ((uptr) segbase[0] - (uptr) dtv[2]); *size = (*addr == 0) ? 0 : ((uptr) segbase[0] - (uptr) dtv[2]);
} }
#elif SANITIZER_ANDROID #elif SANITIZER_ANDROID
# if defined(__x86_64__) || defined(__aarch64__)
// bionic_tls.h and limits.h
const int BIONIC_TLS_SLOTS = 9;
const int BIONIC_PTHREAD_KEY_COUNT = 141;
*addr = (uptr) &(__get_tls()[BIONIC_TLS_SLOTS]);
*size = (BIONIC_PTHREAD_KEY_COUNT - BIONIC_TLS_SLOTS) * sizeof(void*);
#else
*addr = 0; *addr = 0;
*size = 0; *size = 0;
#endif
#else #else
# error "Unknown OS" # error "Unknown OS"
#endif #endif
} }
#endif #endif
#if !SANITIZER_GO #if !SANITIZER_GO
uptr GetTlsSize() { uptr GetTlsSize() {
▲ Show 20 LinesShow All 175 LinesShow Last 20 Lines

sanitizer_common/sanitizer_platform_limits_posix.h

Show First 20 LinesShow All 47 Lines▼ Show 20 Lines#endif
extern unsigned struct_itimerspec_sz; extern unsigned struct_itimerspec_sz;
extern unsigned struct_sigevent_sz; extern unsigned struct_sigevent_sz;
extern unsigned struct_sched_param_sz; extern unsigned struct_sched_param_sz;
extern unsigned struct_statfs64_sz; extern unsigned struct_statfs64_sz;
#if !SANITIZER_ANDROID #if !SANITIZER_ANDROID
extern unsigned struct_statfs_sz; extern unsigned struct_statfs_sz;
extern unsigned struct_sockaddr_sz; extern unsigned struct_sockaddr_sz;
extern unsigned ucontext_t_sz;
#endif // !SANITIZER_ANDROID #endif // !SANITIZER_ANDROID
extern unsigned ucontext_t_sz;
#if SANITIZER_LINUX #if SANITIZER_LINUX
#if defined(__x86_64__) #if defined(__x86_64__)
const unsigned struct_kernel_stat_sz = 144; const unsigned struct_kernel_stat_sz = 144;
const unsigned struct_kernel_stat64_sz = 0; const unsigned struct_kernel_stat64_sz = 0;
#elif defined(__i386__) #elif defined(__i386__)
const unsigned struct_kernel_stat_sz = 64; const unsigned struct_kernel_stat_sz = 64;
const unsigned struct_kernel_stat64_sz = 96; const unsigned struct_kernel_stat64_sz = 96;
▲ Show 20 LinesShow All 102 Lines▼ Show 20 Lines
#endif // SANITIZER_LINUX || SANITIZER_FREEBSD #endif // SANITIZER_LINUX || SANITIZER_FREEBSD
#if SANITIZER_ANDROID #if SANITIZER_ANDROID
struct __sanitizer_mallinfo { struct __sanitizer_mallinfo {
uptr v[10]; uptr v[10];
}; };
#endif #endif
#if SANITIZER_LINUX
extern unsigned struct_rlimit64_sz;
#endif
#if SANITIZER_LINUX && !SANITIZER_ANDROID #if SANITIZER_LINUX && !SANITIZER_ANDROID
struct __sanitizer_mallinfo { struct __sanitizer_mallinfo {
int v[10]; int v[10];
}; };
extern unsigned struct_ustat_sz; extern unsigned struct_ustat_sz;
extern unsigned struct_rlimit64_sz;
extern unsigned struct_statvfs64_sz; extern unsigned struct_statvfs64_sz;
struct __sanitizer_ipc_perm { struct __sanitizer_ipc_perm {
int __key; int __key;
int uid; int uid;
int gid; int gid;
int cuid; int cuid;
int cgid; int cgid;
▲ Show 20 LinesShow All 431 Lines▼ Show 20 Lines struct __sanitizer_kernel_sigaction_t {
}; };
unsigned long sa_flags; unsigned long sa_flags;
void (*sa_restorer)(void); void (*sa_restorer)(void);
__sanitizer_kernel_sigset_t sa_mask; __sanitizer_kernel_sigset_t sa_mask;
}; };
extern uptr sig_ign; extern uptr sig_ign;
extern uptr sig_dfl; extern uptr sig_dfl;
extern uptr sig_setmask;
extern uptr sa_siginfo; extern uptr sa_siginfo;
#if SANITIZER_LINUX #if SANITIZER_LINUX
extern int e_tabsz; extern int e_tabsz;
#endif #endif
extern int af_inet; extern int af_inet;
extern int af_inet6; extern int af_inet6;
▲ Show 20 LinesShow All 757 LinesShow Last 20 Lines

sanitizer_common/sanitizer_platform_limits_posix.cc

Show First 20 LinesShow All 226 Lines▼ Show 20 Lines
#if SANITIZER_MAC && !SANITIZER_IOS #if SANITIZER_MAC && !SANITIZER_IOS
unsigned struct_statfs64_sz = sizeof(struct statfs64); unsigned struct_statfs64_sz = sizeof(struct statfs64);
#endif // SANITIZER_MAC && !SANITIZER_IOS #endif // SANITIZER_MAC && !SANITIZER_IOS
#if !SANITIZER_ANDROID #if !SANITIZER_ANDROID
unsigned struct_statfs_sz = sizeof(struct statfs); unsigned struct_statfs_sz = sizeof(struct statfs);
unsigned struct_sockaddr_sz = sizeof(struct sockaddr); unsigned struct_sockaddr_sz = sizeof(struct sockaddr);
unsigned ucontext_t_sz = sizeof(ucontext_t);
#endif // !SANITIZER_ANDROID #endif // !SANITIZER_ANDROID
unsigned ucontext_t_sz = sizeof(ucontext_t);
#if SANITIZER_LINUX #if SANITIZER_LINUX
unsigned struct_epoll_event_sz = sizeof(struct epoll_event); unsigned struct_epoll_event_sz = sizeof(struct epoll_event);
unsigned struct_sysinfo_sz = sizeof(struct sysinfo); unsigned struct_sysinfo_sz = sizeof(struct sysinfo);
unsigned __user_cap_header_struct_sz = unsigned __user_cap_header_struct_sz =
sizeof(struct __user_cap_header_struct); sizeof(struct __user_cap_header_struct);
unsigned __user_cap_data_struct_sz = sizeof(struct __user_cap_data_struct); unsigned __user_cap_data_struct_sz = sizeof(struct __user_cap_data_struct);
unsigned struct_new_utsname_sz = sizeof(struct new_utsname); unsigned struct_new_utsname_sz = sizeof(struct new_utsname);
unsigned struct_old_utsname_sz = sizeof(struct old_utsname); unsigned struct_old_utsname_sz = sizeof(struct old_utsname);
unsigned struct_oldold_utsname_sz = sizeof(struct oldold_utsname); unsigned struct_oldold_utsname_sz = sizeof(struct oldold_utsname);
#endif // SANITIZER_LINUX #endif // SANITIZER_LINUX
#if SANITIZER_LINUX || SANITIZER_FREEBSD #if SANITIZER_LINUX || SANITIZER_FREEBSD
unsigned struct_rlimit_sz = sizeof(struct rlimit); unsigned struct_rlimit_sz = sizeof(struct rlimit);
unsigned struct_timespec_sz = sizeof(struct timespec); unsigned struct_timespec_sz = sizeof(struct timespec);
unsigned struct_utimbuf_sz = sizeof(struct utimbuf); unsigned struct_utimbuf_sz = sizeof(struct utimbuf);
unsigned struct_itimerspec_sz = sizeof(struct itimerspec); unsigned struct_itimerspec_sz = sizeof(struct itimerspec);
#endif // SANITIZER_LINUX || SANITIZER_FREEBSD #endif // SANITIZER_LINUX || SANITIZER_FREEBSD
#if SANITIZER_LINUX && !SANITIZER_ANDROID #if SANITIZER_LINUX && !SANITIZER_ANDROID
unsigned struct_ustat_sz = sizeof(struct ustat); unsigned struct_ustat_sz = sizeof(struct ustat);
unsigned struct_rlimit64_sz = sizeof(struct rlimit64);
unsigned struct_statvfs64_sz = sizeof(struct statvfs64); unsigned struct_statvfs64_sz = sizeof(struct statvfs64);
#endif // SANITIZER_LINUX && !SANITIZER_ANDROID #endif // SANITIZER_LINUX && !SANITIZER_ANDROID
#if SANITIZER_LINUX
unsigned struct_rlimit64_sz = sizeof(struct rlimit64);
#endif // SANITIZER_LINUX
#if (SANITIZER_LINUX || SANITIZER_FREEBSD) && !SANITIZER_ANDROID #if (SANITIZER_LINUX || SANITIZER_FREEBSD) && !SANITIZER_ANDROID
unsigned struct_timex_sz = sizeof(struct timex); unsigned struct_timex_sz = sizeof(struct timex);
unsigned struct_msqid_ds_sz = sizeof(struct msqid_ds); unsigned struct_msqid_ds_sz = sizeof(struct msqid_ds);
unsigned struct_mq_attr_sz = sizeof(struct mq_attr); unsigned struct_mq_attr_sz = sizeof(struct mq_attr);
unsigned struct_statvfs_sz = sizeof(struct statvfs); unsigned struct_statvfs_sz = sizeof(struct statvfs);
#endif // (SANITIZER_LINUX || SANITIZER_FREEBSD) && !SANITIZER_ANDROID #endif // (SANITIZER_LINUX || SANITIZER_FREEBSD) && !SANITIZER_ANDROID
uptr sig_ign = (uptr)SIG_IGN; uptr sig_ign = (uptr)SIG_IGN;
uptr sig_dfl = (uptr)SIG_DFL; uptr sig_dfl = (uptr)SIG_DFL;
uptr sig_setmask = (uptr)SIG_SETMASK;
uptr sa_siginfo = (uptr)SA_SIGINFO; uptr sa_siginfo = (uptr)SA_SIGINFO;
#if SANITIZER_LINUX #if SANITIZER_LINUX
int e_tabsz = (int)E_TABSZ; int e_tabsz = (int)E_TABSZ;
#endif #endif
#if (SANITIZER_LINUX || SANITIZER_FREEBSD) && !SANITIZER_ANDROID #if (SANITIZER_LINUX || SANITIZER_FREEBSD) && !SANITIZER_ANDROID
▲ Show 20 LinesShow All 1,006 LinesShow Last 20 Lines