This is an archive of the discontinued LLVM Phabricator instance.

Differential D44777

Mmap interceptor providing mprotect support
ClosedPublic

Authored by devnexen on Mar 22 2018, 5:00 AM.

Details

Reviewers
vitalybuka
vsk
Commits
rG861636301749: Mmap interceptor providing mprotect support
rGe4d34c0d56eb: Mmap interceptor providing mprotect support
rCRT328415: Mmap interceptor providing mprotect support
rL328415: Mmap interceptor providing mprotect support
rCRT328369: Mmap interceptor providing mprotect support
rL328369: Mmap interceptor providing mprotect support
Summary
  • Intercepting mprotect calls.
  • Fixing forgotten flag check.

Patch by David CARLIER

Diff Detail

Repository
rL LLVM

Event Timeline

devnexen created this revision.Mar 22 2018, 5:00 AM
Herald added subscribers: Restricted Project, llvm-commits, kubamracek. · View Herald TranscriptMar 22 2018, 5:00 AM
devnexen added reviewers: vitalybuka, vsk.Mar 22 2018, 5:01 AM

After that, next step would be trying to fix Android support. sorry for all the work I give you @vitalybuka

devnexen updated this revision to Diff 139432.Mar 22 2018, 6:02 AM
Herald added a subscriber: srhines. · View Herald TranscriptMar 22 2018, 6:02 AM
vitalybuka requested changes to this revision.Mar 22 2018, 2:11 PM
vitalybuka added inline comments.
lib/sanitizer_common/sanitizer_common_interceptors.inc
280 ↗(On Diff #139432)

Just put this into INTERCEPTOR
No need to have COMMON_INTERCEPTOR_MPROTECT_IMPL before we have overrides

6925 ↗(On Diff #139432)

Oh, it didn't actually worked.

test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp
15 ↗(On Diff #139432)

Please extend tests with:

  1. env_tool_opts=detect_write_exec=0 and // CHECK-DISABLED-NOT: writable-executable
  2. correct call to mprotect without warning.
  3. add //CHECK for [[@LINE
  4. Move all correct mprotec and mpap to the end and CHECK-NOT: writable-executable to make sure there is no 3rd report
This revision now requires changes to proceed.Mar 22 2018, 2:11 PM
devnexen updated this revision to Diff 139539.Mar 22 2018, 5:45 PM
devnexen added inline comments.
test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp
15 ↗(On Diff #139432)

When I set to respectively LINE-3, LINE-2 ... does not work ... any clue eventually ?

vitalybuka added inline comments.Mar 22 2018, 5:48 PM
test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp
21 ↗(On Diff #139539)

CHECK-DISABLED-NOT: #0 is unnecacary
you still need to keep // CHECK: for reports

15 ↗(On Diff #139432)

you are matching sanitizer_common_interceptors.in file.
you should match mmap_write_exec.cpp:[[@LINE....

devnexen added inline comments.Mar 22 2018, 6:08 PM
test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp
15 ↗(On Diff #139432)

Oh right I missed this ...

devnexen updated this revision to Diff 139546.Mar 22 2018, 6:14 PM
vitalybuka added inline comments.Mar 22 2018, 11:53 PM
test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp
15 ↗(On Diff #139546)

For check-not I'd use simple rule, e.g. just "-NOT: Sanitizer"
With complex rule there is a check that it can get always true if we change format.

20 ↗(On Diff #139546)

there is no point in checking "-NOT:" twice here
one above covers everything

devnexen added inline comments.Mar 23 2018, 12:04 AM
test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp
20 ↗(On Diff #139546)

Oh ok good to know.

devnexen updated this revision to Diff 139561.Mar 23 2018, 12:10 AM
vitalybuka accepted this revision.Mar 23 2018, 1:41 PM
vitalybuka edited the summary of this revision. (Show Details)
This revision is now accepted and ready to land.Mar 23 2018, 1:41 PM
vitalybuka added inline comments.Mar 23 2018, 1:51 PM
test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp
2 ↗(On Diff #139561)

"FileCheck %s" was lost

Closed by commit rL328369: Mmap interceptor providing mprotect support (authored by vitalybuka). · Explain WhyMar 23 2018, 2:02 PM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: delcypher. · View Herald TranscriptMar 23 2018, 2:02 PM
kubamracek added a comment.Mar 23 2018, 2:32 PM

Hi, this probably broke on Darwin, https://smooshbase.apple.com/ci/view/BuildCzar/job/apple-clang-master-RA-stage1-cmake-incremental/44333/console:

duplicate symbol _wrap_mprotect in:
    projects/compiler-rt/lib/asan/CMakeFiles/RTAsan_dynamic.watchossim.dir/asan_interceptors.cc.o
    projects/compiler-rt/lib/asan/CMakeFiles/RTAsan_dynamic.watchossim.dir/asan_malloc_mac.cc.o
ld: 1 duplicate symbol for architecture i386
clang: error: linker command failed with exit code 1 (use -v to see invocation)

Can you take a look?

devnexen added a comment.Mar 23 2018, 2:45 PM

Seems sanitizer_malloc_mac.inc already intercepts mprotect.

devnexen added a comment.Mar 23 2018, 2:46 PM

Would need to protect the common interception and still catching the flags in the mac part maybe.

vitalybuka reopened this revision.Mar 23 2018, 2:48 PM

reverted r328375

This revision is now accepted and ready to land.Mar 23 2018, 2:48 PM
kubamracek added a comment.Mar 23 2018, 2:49 PM

Thanks. If you don't have a macOS machine, you can email me a patch and I can test it out for you.

devnexen updated this revision to Diff 139659.Mar 23 2018, 3:01 PM

Fix Apple build, as mprotect is already intercepted. We check the flags in apple case too.

devnexen added a comment.Mar 23 2018, 3:02 PM
In D44777#1047175, @kubamracek wrote:

Thanks. If you don't have a macOS machine, you can email me a patch and I can test it out for you.

I tested with an weak apple machine I reproduced your linkage issues and do not get them after the changes.

vitalybuka requested changes to this revision.Mar 23 2018, 3:20 PM
vitalybuka added inline comments.
lib/sanitizer_common/sanitizer_malloc_mac.inc
76 ↗(On Diff #139659)

It does not look right.
We have now two conditional interceptors.

I think better approach to instert some mmaloc hook into the common interceptor
and make it empty on all platforms and put "if (addr == malloc_zones && prot == PROT_READ) {" into the mac one.

This revision now requires changes to proceed.Mar 23 2018, 3:20 PM
devnexen added inline comments.Mar 23 2018, 3:27 PM
lib/sanitizer_common/sanitizer_malloc_mac.inc
76 ↗(On Diff #139659)

Sure fair point I tried to avoid too much changes. Will update.

devnexen updated this revision to Diff 139678.Mar 23 2018, 4:50 PM
vitalybuka added inline comments.Mar 23 2018, 4:58 PM
lib/sanitizer_common/sanitizer_malloc_mac.inc
309 ↗(On Diff #139678)

please move this into some cc file. e.g sanitizer_mac.cc

devnexen updated this revision to Diff 139699.Mar 23 2018, 11:04 PM

Refactoring MmapMallocZones

This revision was not accepted when it landed; it landed in state Needs Review.Mar 24 2018, 12:49 AM
Closed by commit rL328415: Mmap interceptor providing mprotect support (authored by vitalybuka). · Explain Why
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
compiler-rt/
trunk/
lib/
sanitizer_common/
4 lines
19 lines
8 lines
24 lines
25 lines
4 lines
test/
sanitizer_common/
TestCases/
Linux/
26 lines

Diff 139701

compiler-rt/trunk/lib/sanitizer_common/sanitizer_common.h

Show First 20 LinesShow All 100 Lines▼ Show 20 Lines
// Dies on all but out of memory errors, in the latter case returns nullptr. // Dies on all but out of memory errors, in the latter case returns nullptr.
void *MmapAlignedOrDieOnFatalError(uptr size, uptr alignment, void *MmapAlignedOrDieOnFatalError(uptr size, uptr alignment,
const char *mem_type); const char *mem_type);
// Disallow access to a memory range. Use MmapFixedNoAccess to allocate an // Disallow access to a memory range. Use MmapFixedNoAccess to allocate an
// unaccessible memory. // unaccessible memory.
bool MprotectNoAccess(uptr addr, uptr size); bool MprotectNoAccess(uptr addr, uptr size);
bool MprotectReadOnly(uptr addr, uptr size); bool MprotectReadOnly(uptr addr, uptr size);
void MprotectMallocZones(void *addr, int prot);
// Find an available address space. // Find an available address space.
uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding, uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding,
uptr *largest_gap_found, uptr *max_occupied_addr); uptr *largest_gap_found, uptr *max_occupied_addr);
// Used to check if we can map shadow memory to a fixed location. // Used to check if we can map shadow memory to a fixed location.
bool MemoryRangeIsAvailable(uptr range_start, uptr range_end); bool MemoryRangeIsAvailable(uptr range_start, uptr range_end);
// Releases memory pages entirely within the [beg, end] address range. Noop if // Releases memory pages entirely within the [beg, end] address range. Noop if
// the provided range does not contain at least one entire page. // the provided range does not contain at least one entire page.
▲ Show 20 LinesShow All 256 Lines▼ Show 20 Lines
// Same as above, but construct error_message as: // Same as above, but construct error_message as:
// error_type file:line[:column][ function] // error_type file:line[:column][ function]
void ReportErrorSummary(const char *error_type, const AddressInfo &info, void ReportErrorSummary(const char *error_type, const AddressInfo &info,
const char *alt_tool_name = nullptr); const char *alt_tool_name = nullptr);
// Same as above, but obtains AddressInfo by symbolizing top stack trace frame. // Same as above, but obtains AddressInfo by symbolizing top stack trace frame.
void ReportErrorSummary(const char *error_type, const StackTrace *trace, void ReportErrorSummary(const char *error_type, const StackTrace *trace,
const char *alt_tool_name = nullptr); const char *alt_tool_name = nullptr);
void ReportMmapWriteExec(); void ReportMmapWriteExec(int prot);
// Math // Math
#if SANITIZER_WINDOWS && !defined(__clang__) && !defined(__GNUC__) #if SANITIZER_WINDOWS && !defined(__clang__) && !defined(__GNUC__)
extern "C" { extern "C" {
unsigned char _BitScanForward(unsigned long *index, unsigned long mask); // NOLINT unsigned char _BitScanForward(unsigned long *index, unsigned long mask); // NOLINT
unsigned char _BitScanReverse(unsigned long *index, unsigned long mask); // NOLINT unsigned char _BitScanReverse(unsigned long *index, unsigned long mask); // NOLINT
#if defined(_WIN64) #if defined(_WIN64)
unsigned char _BitScanForward64(unsigned long *index, unsigned __int64 mask); // NOLINT unsigned char _BitScanForward64(unsigned long *index, unsigned __int64 mask); // NOLINT
▲ Show 20 LinesShow All 562 LinesShow Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc

Show First 20 LinesShow All 6,882 Lines▼ Show 20 Lines
#define INIT_STRLCPY #define INIT_STRLCPY
#endif #endif
#if SANITIZER_INTERCEPT_MMAP #if SANITIZER_INTERCEPT_MMAP
INTERCEPTOR(void *, mmap, void *addr, SIZE_T sz, int prot, int flags, int fd, INTERCEPTOR(void *, mmap, void *addr, SIZE_T sz, int prot, int flags, int fd,
OFF_T off) { OFF_T off) {
void *ctx; void *ctx;
if (common_flags()->detect_write_exec) if (common_flags()->detect_write_exec)
ReportMmapWriteExec(); ReportMmapWriteExec(prot);
if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED) if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED)
return (void *)internal_mmap(addr, sz, prot, flags, fd, off); return (void *)internal_mmap(addr, sz, prot, flags, fd, off);
COMMON_INTERCEPTOR_ENTER(ctx, mmap, addr, sz, prot, flags, fd, off); COMMON_INTERCEPTOR_ENTER(ctx, mmap, addr, sz, prot, flags, fd, off);
COMMON_INTERCEPTOR_MMAP_IMPL(ctx, mmap, addr, sz, prot, flags, fd, off); COMMON_INTERCEPTOR_MMAP_IMPL(ctx, mmap, addr, sz, prot, flags, fd, off);
} }
#define INIT_MMAP COMMON_INTERCEPT_FUNCTION(mmap);
INTERCEPTOR(int, mprotect, void *addr, SIZE_T sz, int prot) {
void *ctx;
if (common_flags()->detect_write_exec)
ReportMmapWriteExec(prot);
if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED)
return (int)internal_mprotect(addr, sz, prot);
COMMON_INTERCEPTOR_ENTER(ctx, mprotect, addr, sz, prot);
MprotectMallocZones(addr, prot);
return REAL(mprotect)(addr, sz, prot);
}
#define INIT_MMAP \
COMMON_INTERCEPT_FUNCTION(mmap); \
COMMON_INTERCEPT_FUNCTION(mprotect);
#else #else
#define INIT_MMAP #define INIT_MMAP
#endif #endif
#if SANITIZER_INTERCEPT_MMAP64 #if SANITIZER_INTERCEPT_MMAP64
INTERCEPTOR(void *, mmap64, void *addr, SIZE_T sz, int prot, int flags, int fd, INTERCEPTOR(void *, mmap64, void *addr, SIZE_T sz, int prot, int flags, int fd,
OFF64_T off) { OFF64_T off) {
void *ctx; void *ctx;
if (common_flags()->detect_write_exec) if (common_flags()->detect_write_exec)
ReportMmapWriteExec(); ReportMmapWriteExec(prot);
if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED) if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED)
return (void *)internal_mmap(addr, sz, prot, flags, fd, off); return (void *)internal_mmap(addr, sz, prot, flags, fd, off);
COMMON_INTERCEPTOR_ENTER(ctx, mmap64, addr, sz, prot, flags, fd, off); COMMON_INTERCEPTOR_ENTER(ctx, mmap64, addr, sz, prot, flags, fd, off);
COMMON_INTERCEPTOR_MMAP_IMPL(ctx, mmap64, addr, sz, prot, flags, fd, off); COMMON_INTERCEPTOR_MMAP_IMPL(ctx, mmap64, addr, sz, prot, flags, fd, off);
} }
#define INIT_MMAP64 COMMON_INTERCEPT_FUNCTION(mmap64); #define INIT_MMAP64 COMMON_INTERCEPT_FUNCTION(mmap64);
#else #else
#define INIT_MMAP64 #define INIT_MMAP64
▲ Show 20 LinesShow All 485 LinesShow Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_libcdep.cc

Show All 18 Lines
#include "sanitizer_procmaps.h" #include "sanitizer_procmaps.h"
#include "sanitizer_report_decorator.h" #include "sanitizer_report_decorator.h"
#include "sanitizer_stackdepot.h" #include "sanitizer_stackdepot.h"
#include "sanitizer_stacktrace.h" #include "sanitizer_stacktrace.h"
#include "sanitizer_symbolizer.h" #include "sanitizer_symbolizer.h"
#if SANITIZER_POSIX #if SANITIZER_POSIX
#include "sanitizer_posix.h" #include "sanitizer_posix.h"
#include <sys/mman.h>
#endif #endif
namespace __sanitizer { namespace __sanitizer {
#if !SANITIZER_FUCHSIA #if !SANITIZER_FUCHSIA
bool ReportFile::SupportsColors() { bool ReportFile::SupportsColors() {
SpinMutexLock l(mu); SpinMutexLock l(mu);
▲ Show 20 LinesShow All 41 Lines▼ Show 20 Lines#if !SANITIZER_GO
// Maybe sometimes we need to choose another frame (e.g. skip memcpy/etc). // Maybe sometimes we need to choose another frame (e.g. skip memcpy/etc).
uptr pc = StackTrace::GetPreviousInstructionPc(stack->trace[0]); uptr pc = StackTrace::GetPreviousInstructionPc(stack->trace[0]);
SymbolizedStack *frame = Symbolizer::GetOrInit()->SymbolizePC(pc); SymbolizedStack *frame = Symbolizer::GetOrInit()->SymbolizePC(pc);
ReportErrorSummary(error_type, frame->info, alt_tool_name); ReportErrorSummary(error_type, frame->info, alt_tool_name);
frame->ClearAll(); frame->ClearAll();
#endif #endif
} }
void ReportMmapWriteExec() { void ReportMmapWriteExec(int prot) {
#if !SANITIZER_GO && !SANITIZER_ANDROID #if SANITIZER_POSIX && (!SANITIZER_GO && !SANITIZER_ANDROID)
if ((prot & (PROT_WRITE | PROT_EXEC)) != (PROT_WRITE | PROT_EXEC))
return;
ScopedErrorReportLock l; ScopedErrorReportLock l;
SanitizerCommonDecorator d; SanitizerCommonDecorator d;
InternalScopedBuffer<BufferedStackTrace> stack_buffer(1); InternalScopedBuffer<BufferedStackTrace> stack_buffer(1);
BufferedStackTrace *stack = stack_buffer.data(); BufferedStackTrace *stack = stack_buffer.data();
stack->Reset(); stack->Reset();
uptr top = 0; uptr top = 0;
uptr bottom = 0; uptr bottom = 0;
▲ Show 20 LinesShow All 282 LinesShow Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_mac.cc

Show First 20 LinesShow All 55 Lines▼ Show 20 Lines
#include <dlfcn.h> // for dladdr() #include <dlfcn.h> // for dladdr()
#include <errno.h> #include <errno.h>
#include <fcntl.h> #include <fcntl.h>
#include <libkern/OSAtomic.h> #include <libkern/OSAtomic.h>
#include <mach-o/dyld.h> #include <mach-o/dyld.h>
#include <mach/mach.h> #include <mach/mach.h>
#include <mach/mach_time.h> #include <mach/mach_time.h>
#include <mach/vm_statistics.h> #include <mach/vm_statistics.h>
#include <malloc/malloc.h>
#include <pthread.h> #include <pthread.h>
#include <sched.h> #include <sched.h>
#include <signal.h> #include <signal.h>
#include <stdlib.h> #include <stdlib.h>
#include <sys/mman.h> #include <sys/mman.h>
#include <sys/resource.h> #include <sys/resource.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/sysctl.h> #include <sys/sysctl.h>
▲ Show 20 LinesShow All 266 Lines▼ Show 20 Lines
void ReExec() { void ReExec() {
UNIMPLEMENTED(); UNIMPLEMENTED();
} }
uptr GetPageSize() { uptr GetPageSize() {
return sysconf(_SC_PAGESIZE); return sysconf(_SC_PAGESIZE);
} }
extern unsigned malloc_num_zones;
extern malloc_zone_t **malloc_zones;
static malloc_zone_t sanitizer_zone;
// We need to make sure that sanitizer_zone is registered as malloc_zones[0]. If
// libmalloc tries to set up a different zone as malloc_zones[0], it will call
// mprotect(malloc_zones, ..., PROT_READ). This interceptor will catch that and
// make sure we are still the first (default) zone.
void MprotectMallocZones(void *addr, int prot) {
if (addr == malloc_zones && prot == PROT_READ) {
if (malloc_num_zones > 1 && malloc_zones[0] != &sanitizer_zone) {
for (unsigned i = 1; i < malloc_num_zones; i++) {
if (malloc_zones[i] == &sanitizer_zone) {
// Swap malloc_zones[0] and malloc_zones[i].
malloc_zones[i] = malloc_zones[0];
malloc_zones[0] = &sanitizer_zone;
break;
}
}
}
}
}
BlockingMutex::BlockingMutex() { BlockingMutex::BlockingMutex() {
internal_memset(this, 0, sizeof(*this)); internal_memset(this, 0, sizeof(*this));
} }
void BlockingMutex::Lock() { void BlockingMutex::Lock() {
CHECK(sizeof(OSSpinLock) <= sizeof(opaque_storage_)); CHECK(sizeof(OSSpinLock) <= sizeof(opaque_storage_));
CHECK_EQ(OS_SPINLOCK_INIT, 0); CHECK_EQ(OS_SPINLOCK_INIT, 0);
CHECK_EQ(owner_, 0); CHECK_EQ(owner_, 0);
▲ Show 20 LinesShow All 687 LinesShow Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_malloc_mac.inc

Show All 23 Lines
#include <sys/mman.h> #include <sys/mman.h>
#include "interception/interception.h" #include "interception/interception.h"
#include "sanitizer_common/sanitizer_mac.h" #include "sanitizer_common/sanitizer_mac.h"
// Similar code is used in Google Perftools, // Similar code is used in Google Perftools,
// https://github.com/gperftools/gperftools. // https://github.com/gperftools/gperftools.
static malloc_zone_t sanitizer_zone;
INTERCEPTOR(malloc_zone_t *, malloc_create_zone, INTERCEPTOR(malloc_zone_t *, malloc_create_zone,
vm_size_t start_size, unsigned zone_flags) { vm_size_t start_size, unsigned zone_flags) {
COMMON_MALLOC_ENTER(); COMMON_MALLOC_ENTER();
uptr page_size = GetPageSizeCached(); uptr page_size = GetPageSizeCached();
uptr allocated_size = RoundUpTo(sizeof(sanitizer_zone), page_size); uptr allocated_size = RoundUpTo(sizeof(sanitizer_zone), page_size);
COMMON_MALLOC_MEMALIGN(page_size, allocated_size); COMMON_MALLOC_MEMALIGN(page_size, allocated_size);
malloc_zone_t *new_zone = (malloc_zone_t *)p; malloc_zone_t *new_zone = (malloc_zone_t *)p;
internal_memcpy(new_zone, &sanitizer_zone, sizeof(sanitizer_zone)); internal_memcpy(new_zone, &sanitizer_zone, sizeof(sanitizer_zone));
Show All 18 Lines if (GetMacosVersion() >= MACOS_VERSION_LION) {
mprotect(zone, allocated_size, PROT_READ | PROT_WRITE); mprotect(zone, allocated_size, PROT_READ | PROT_WRITE);
} }
if (zone->zone_name) { if (zone->zone_name) {
COMMON_MALLOC_FREE((void *)zone->zone_name); COMMON_MALLOC_FREE((void *)zone->zone_name);
} }
COMMON_MALLOC_FREE(zone); COMMON_MALLOC_FREE(zone);
} }
extern unsigned malloc_num_zones;
extern malloc_zone_t **malloc_zones;
// We need to make sure that sanitizer_zone is registered as malloc_zones[0]. If
// libmalloc tries to set up a different zone as malloc_zones[0], it will call
// mprotect(malloc_zones, ..., PROT_READ). This interceptor will catch that and
// make sure we are still the first (default) zone.
INTERCEPTOR(int, mprotect, void *addr, size_t len, int prot) {
if (addr == malloc_zones && prot == PROT_READ) {
if (malloc_num_zones > 1 && malloc_zones[0] != &sanitizer_zone) {
for (unsigned i = 1; i < malloc_num_zones; i++) {
if (malloc_zones[i] == &sanitizer_zone) {
// Swap malloc_zones[0] and malloc_zones[i].
malloc_zones[i] = malloc_zones[0];
malloc_zones[0] = &sanitizer_zone;
break;
}
}
}
}
return REAL(mprotect)(addr, len, prot);
}
INTERCEPTOR(malloc_zone_t *, malloc_default_zone, void) { INTERCEPTOR(malloc_zone_t *, malloc_default_zone, void) {
COMMON_MALLOC_ENTER(); COMMON_MALLOC_ENTER();
return &sanitizer_zone; return &sanitizer_zone;
} }
INTERCEPTOR(malloc_zone_t *, malloc_default_purgeable_zone, void) { INTERCEPTOR(malloc_zone_t *, malloc_default_purgeable_zone, void) {
// FIXME: ASan should support purgeable allocations. // FIXME: ASan should support purgeable allocations.
// https://github.com/google/sanitizers/issues/139 // https://github.com/google/sanitizers/issues/139
▲ Show 20 LinesShow All 266 LinesShow Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_posix.cc

Show First 20 LinesShow All 147 Lines▼ Show 20 Lines
bool MprotectNoAccess(uptr addr, uptr size) { bool MprotectNoAccess(uptr addr, uptr size) {
return 0 == internal_mprotect((void*)addr, size, PROT_NONE); return 0 == internal_mprotect((void*)addr, size, PROT_NONE);
} }
bool MprotectReadOnly(uptr addr, uptr size) { bool MprotectReadOnly(uptr addr, uptr size) {
return 0 == internal_mprotect((void *)addr, size, PROT_READ); return 0 == internal_mprotect((void *)addr, size, PROT_READ);
} }
#if !SANITIZER_MAC
void MprotectMallocZones(void *addr, int prot) {}
#endif
fd_t OpenFile(const char *filename, FileAccessMode mode, error_t *errno_p) { fd_t OpenFile(const char *filename, FileAccessMode mode, error_t *errno_p) {
int flags; int flags;
switch (mode) { switch (mode) {
case RdOnly: flags = O_RDONLY; break; case RdOnly: flags = O_RDONLY; break;
case WrOnly: flags = O_WRONLY | O_CREAT; break; case WrOnly: flags = O_WRONLY | O_CREAT; break;
case RdWr: flags = O_RDWR | O_CREAT; break; case RdWr: flags = O_RDWR | O_CREAT; break;
} }
fd_t res = internal_open(filename, flags, 0660); fd_t res = internal_open(filename, flags, 0660);
▲ Show 20 LinesShow All 167 LinesShow Last 20 Lines

compiler-rt/trunk/test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp

// RUN: %clangxx %s -o %t // RUN: %clangxx %s -o %t
// RUN: %env_tool_opts=detect_write_exec=1 %run %t 2>&1 | FileCheck %s // RUN: %env_tool_opts=detect_write_exec=1 %run %t 2>&1 | FileCheck %s
// ubsan and lsan do not install mmap interceptors // RUN: %env_tool_opts=detect_write_exec=0 %run %t 2>&1 | FileCheck %s \
// UNSUPPORTED: ubsan, lsan // RUN: --check-prefix=CHECK-DISABLED
// ubsan and lsan do not install mmap interceptors UNSUPPORTED: ubsan, lsan
// TODO: Fix option on Android, it hangs there for unknown reasons. // TODO: Fix option on Android, it hangs there for unknown reasons.
// XFAIL: android // XFAIL: android
#include <stdio.h>
#include <sys/mman.h> #include <sys/mman.h>
int main(int argc, char **argv) { int main(int argc, char **argv) {
char *p = (char *)mmap(0, 1024, PROT_READ | PROT_WRITE | PROT_EXEC, char *p = (char *)mmap(0, 1024, PROT_READ | PROT_WRITE | PROT_EXEC,
MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
// CHECK: WARNING: {{.*}}Sanitizer: writable-executable page usage // CHECK: WARNING: {{.*}}Sanitizer: writable-executable page usage
// CHECK: #{{[0-9]+.*}}main{{.*}}mmap_write_exec.cpp:[[@LINE-3]]
// CHECK: SUMMARY: {{.*}}Sanitizer: w-and-x-usage
char *q = (char *)mmap(p, 64, PROT_READ | PROT_WRITE,
MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0);
(void)mprotect(q, 64, PROT_WRITE | PROT_EXEC);
// CHECK: WARNING: {{.*}}Sanitizer: writable-executable page usage
// CHECK: #{{[0-9]+.*}}main{{.*}}mmap_write_exec.cpp:[[@LINE-2]]
// CHECK: SUMMARY: {{.*}}Sanitizer: w-and-x-usage
char *a = (char *)mmap(0, 1024, PROT_READ | PROT_WRITE,
MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
char *b = (char *)mmap(a, 64, PROT_READ | PROT_WRITE,
MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0);
(void)mprotect(q, 64, PROT_READ | PROT_EXEC);
// CHECK-NOT: Sanitizer
printf("done\n");
// CHECK-DISABLED-NOT: Sanitizer
// CHECK-DISABLED: done
} }