This is an archive of the discontinued LLVM Phabricator instance.

Differential D50922

[hwasan] Add a (almost) no-interceptor mode.
ClosedPublic

Authored by eugenis on Aug 17 2018, 1:48 PM.

Details

Reviewers
vitalybuka
kcc
jfb
Commits
rG4f0e10fff97c: [hwasan] Add a (almost) no-interceptor mode.
rCRT340216: [hwasan] Add a (almost) no-interceptor mode.
rL340216: [hwasan] Add a (almost) no-interceptor mode.
Summary

The idea behind this change is to allow sanitization of libc. We are prototyping on Bionic,
but the tool interface will be general enough (or at least generalizable) to support any other libc.

When libc depends on libclang_rt.hwasan, the latter can not interpose libc functions.
In fact, majority of interceptors become unnecessary when libc code is instrumented.

This change gets rid of most hwasan interceptors and provides interface for libc to notify
hwasan about thread creation and destruction events. Some interceptors (pthread_create)
are kept under #ifdef to enable testing with uninstrumented libc. They are expressed in
terms of the new libc interface.

The new cmake switch, COMPILER_RT_HWASAN_WITH_INTERCEPTORS, ON by default, builds testing
version of the library with the aforementioned pthread_create interceptor.
With the OFF setting, the library becomes more of a libc plugin.

Diff Detail

Repository
rL LLVM

Event Timeline

eugenis created this revision.Aug 17 2018, 1:48 PM
Herald added a reviewer: jfb. · View Herald TranscriptAug 17 2018, 1:48 PM
Herald added subscribers: jfb, mgorny, kubamracek, srhines. · View Herald Transcript
Harbormaster completed remote builds in B21632: Diff 161319.Aug 17 2018, 1:48 PM
kcc accepted this revision.Aug 20 2018, 1:45 PM

LGTM,
but please consider moving the code around (in a separate CL) to reduce the number of #ifdefs

This revision is now accepted and ready to land.Aug 20 2018, 1:45 PM
eugenis added a comment.Aug 20 2018, 1:50 PM

Sure. Eventually the entire hwasan_interceptors.cc would be under one big ifdef, if things go as planned.

Closed by commit rL340216: [hwasan] Add a (almost) no-interceptor mode. (authored by eugenis). · Explain WhyAug 20 2018, 2:49 PM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: delcypher. · View Herald TranscriptAug 20 2018, 2:49 PM

Revision Contents

PathSize
compiler-rt/
trunk/
3 lines
include/
sanitizer/
8 lines
lib/
hwasan/
15 lines
9 lines
4 lines
152 lines
6 lines
51 lines
3 lines
18 lines
test/
hwasan/
TestCases/
4 lines

Diff 161568

compiler-rt/trunk/CMakeLists.txt

Show First 20 LinesShow All 53 Lines▼ Show 20 Linesif (NOT COMPILER_RT_ASAN_SHADOW_SCALE STREQUAL "")
set(COMPILER_RT_ASAN_SHADOW_SCALE_LLVM_FLAG set(COMPILER_RT_ASAN_SHADOW_SCALE_LLVM_FLAG
-mllvm -asan-mapping-scale=${COMPILER_RT_ASAN_SHADOW_SCALE}) -mllvm -asan-mapping-scale=${COMPILER_RT_ASAN_SHADOW_SCALE})
set(COMPILER_RT_ASAN_SHADOW_SCALE_DEFINITION set(COMPILER_RT_ASAN_SHADOW_SCALE_DEFINITION
ASAN_SHADOW_SCALE=${COMPILER_RT_ASAN_SHADOW_SCALE}) ASAN_SHADOW_SCALE=${COMPILER_RT_ASAN_SHADOW_SCALE})
set(COMPILER_RT_ASAN_SHADOW_SCALE_FLAG set(COMPILER_RT_ASAN_SHADOW_SCALE_FLAG
-D${COMPILER_RT_ASAN_SHADOW_SCALE_DEFINITION}) -D${COMPILER_RT_ASAN_SHADOW_SCALE_DEFINITION})
endif() endif()
set(COMPILER_RT_HWASAN_WITH_INTERCEPTORS ON CACHE BOOLEAN
"Enable libc interceptors in HWASan (testing mode)")
set(COMPILER_RT_BAREMETAL_BUILD OFF CACHE BOOLEAN set(COMPILER_RT_BAREMETAL_BUILD OFF CACHE BOOLEAN
"Build for a bare-metal target.") "Build for a bare-metal target.")
if (COMPILER_RT_STANDALONE_BUILD) if (COMPILER_RT_STANDALONE_BUILD)
load_llvm_config() load_llvm_config()
if (TARGET intrinsics_gen) if (TARGET intrinsics_gen)
# Loading the llvm config causes this target to be imported so place it # Loading the llvm config causes this target to be imported so place it
# under the appropriate folder in an IDE. # under the appropriate folder in an IDE.
▲ Show 20 LinesShow All 348 LinesShow Last 20 Lines

compiler-rt/trunk/include/sanitizer/hwasan_interface.h

Show First 20 LinesShow All 41 Lines▼ Show 20 Lines#endif
// Set memory tag from the current SP address to the given address to zero. // Set memory tag from the current SP address to the given address to zero.
// This is meant to annotate longjmp and other non-local jumps. // This is meant to annotate longjmp and other non-local jumps.
// This function needs to know the (almost) exact destination frame address; // This function needs to know the (almost) exact destination frame address;
// clearing shadow for the entire thread stack like __asan_handle_no_return // clearing shadow for the entire thread stack like __asan_handle_no_return
// does would cause false reports. // does would cause false reports.
void __hwasan_handle_longjmp(const void *sp_dst); void __hwasan_handle_longjmp(const void *sp_dst);
// Libc hook for thread creation. Should be called in the child thread before
// any instrumented code.
void __hwasan_thread_enter();
// Libc hook for thread destruction. No instrumented code should run after
// this call.
void __hwasan_thread_exit();
// Print shadow and origin for the memory range to stderr in a human-readable // Print shadow and origin for the memory range to stderr in a human-readable
// format. // format.
void __hwasan_print_shadow(const volatile void *x, size_t size); void __hwasan_print_shadow(const volatile void *x, size_t size);
int __sanitizer_posix_memalign(void **memptr, size_t alignment, size_t size); int __sanitizer_posix_memalign(void **memptr, size_t alignment, size_t size);
void * __sanitizer_memalign(size_t alignment, size_t size); void * __sanitizer_memalign(size_t alignment, size_t size);
void * __sanitizer_aligned_alloc(size_t alignment, size_t size); void * __sanitizer_aligned_alloc(size_t alignment, size_t size);
void * __sanitizer___libc_memalign(size_t alignment, size_t size); void * __sanitizer___libc_memalign(size_t alignment, size_t size);
Show All 16 Lines

compiler-rt/trunk/lib/hwasan/CMakeLists.txt

Show All 22 Linesset(HWASAN_RTL_HEADERS
hwasan_flags.inc hwasan_flags.inc
hwasan_interface_internal.h hwasan_interface_internal.h
hwasan_mapping.h hwasan_mapping.h
hwasan_poisoning.h hwasan_poisoning.h
hwasan_report.h hwasan_report.h
hwasan_thread.h) hwasan_thread.h)
set(HWASAN_DEFINITIONS)
append_list_if(COMPILER_RT_HWASAN_WITH_INTERCEPTORS HWASAN_WITH_INTERCEPTORS=1 HWASAN_DEFINITIONS)
set(HWASAN_RTL_CFLAGS ${SANITIZER_COMMON_CFLAGS}) set(HWASAN_RTL_CFLAGS ${SANITIZER_COMMON_CFLAGS})
append_rtti_flag(OFF HWASAN_RTL_CFLAGS) append_rtti_flag(OFF HWASAN_RTL_CFLAGS)
append_list_if(COMPILER_RT_HAS_FPIC_FLAG -fPIC HWASAN_RTL_CFLAGS) append_list_if(COMPILER_RT_HAS_FPIC_FLAG -fPIC HWASAN_RTL_CFLAGS)
# Prevent clang from generating libc calls. # Prevent clang from generating libc calls.
append_list_if(COMPILER_RT_HAS_FFREESTANDING_FLAG -ffreestanding HWASAN_RTL_CFLAGS) append_list_if(COMPILER_RT_HAS_FFREESTANDING_FLAG -ffreestanding HWASAN_RTL_CFLAGS)
set(HWASAN_DYNAMIC_LINK_FLAGS ${SANITIZER_COMMON_LINK_FLAGS}) set(HWASAN_DYNAMIC_LINK_FLAGS ${SANITIZER_COMMON_LINK_FLAGS})
Show All 11 Lines
# Static runtime library. # Static runtime library.
add_compiler_rt_component(hwasan) add_compiler_rt_component(hwasan)
add_compiler_rt_object_libraries(RTHwasan add_compiler_rt_object_libraries(RTHwasan
ARCHS ${HWASAN_SUPPORTED_ARCH} ARCHS ${HWASAN_SUPPORTED_ARCH}
SOURCES ${HWASAN_RTL_SOURCES} SOURCES ${HWASAN_RTL_SOURCES}
ADDITIONAL_HEADERS ${HWASAN_RTL_HEADERS} ADDITIONAL_HEADERS ${HWASAN_RTL_HEADERS}
CFLAGS ${HWASAN_RTL_CFLAGS}) CFLAGS ${HWASAN_RTL_CFLAGS}
DEFS ${HWASAN_DEFINITIONS})
add_compiler_rt_object_libraries(RTHwasan_cxx add_compiler_rt_object_libraries(RTHwasan_cxx
ARCHS ${HWASAN_SUPPORTED_ARCH} ARCHS ${HWASAN_SUPPORTED_ARCH}
SOURCES ${HWASAN_RTL_CXX_SOURCES} SOURCES ${HWASAN_RTL_CXX_SOURCES}
ADDITIONAL_HEADERS ${HWASAN_RTL_HEADERS} ADDITIONAL_HEADERS ${HWASAN_RTL_HEADERS}
CFLAGS ${HWASAN_RTL_CFLAGS}) CFLAGS ${HWASAN_RTL_CFLAGS}
DEFS ${HWASAN_DEFINITIONS})
add_compiler_rt_object_libraries(RTHwasan_dynamic add_compiler_rt_object_libraries(RTHwasan_dynamic
ARCHS ${HWASAN_SUPPORTED_ARCH} ARCHS ${HWASAN_SUPPORTED_ARCH}
SOURCES ${HWASAN_RTL_SOURCES} ${HWASAN_RTL_CXX_SOURCES} SOURCES ${HWASAN_RTL_SOURCES} ${HWASAN_RTL_CXX_SOURCES}
ADDITIONAL_HEADERS ${HWASAN_RTL_HEADERS} ADDITIONAL_HEADERS ${HWASAN_RTL_HEADERS}
CFLAGS ${HWASAN_DYNAMIC_CFLAGS}) CFLAGS ${HWASAN_DYNAMIC_CFLAGS}
DEFS ${HWASAN_DEFINITIONS})
file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/dummy.cc "") file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/dummy.cc "")
add_compiler_rt_object_libraries(RTHwasan_dynamic_version_script_dummy add_compiler_rt_object_libraries(RTHwasan_dynamic_version_script_dummy
ARCHS ${HWASAN_SUPPORTED_ARCH} ARCHS ${HWASAN_SUPPORTED_ARCH}
SOURCES ${CMAKE_CURRENT_BINARY_DIR}/dummy.cc SOURCES ${CMAKE_CURRENT_BINARY_DIR}/dummy.cc
CFLAGS ${HWASAN_DYNAMIC_CFLAGS}) CFLAGS ${HWASAN_DYNAMIC_CFLAGS}
DEFS ${HWASAN_DEFINITIONS})
foreach(arch ${HWASAN_SUPPORTED_ARCH}) foreach(arch ${HWASAN_SUPPORTED_ARCH})
add_compiler_rt_runtime(clang_rt.hwasan add_compiler_rt_runtime(clang_rt.hwasan
STATIC STATIC
ARCHS ${arch} ARCHS ${arch}
OBJECT_LIBS RTHwasan OBJECT_LIBS RTHwasan
RTInterception RTInterception
RTSanitizerCommon RTSanitizerCommon
▲ Show 20 LinesShow All 70 LinesShow Last 20 Lines

compiler-rt/trunk/lib/hwasan/hwasan.h

Show All 24 Lines
#ifndef HWASAN_REPLACE_OPERATORS_NEW_AND_DELETE #ifndef HWASAN_REPLACE_OPERATORS_NEW_AND_DELETE
# define HWASAN_REPLACE_OPERATORS_NEW_AND_DELETE 1 # define HWASAN_REPLACE_OPERATORS_NEW_AND_DELETE 1
#endif #endif
#ifndef HWASAN_CONTAINS_UBSAN #ifndef HWASAN_CONTAINS_UBSAN
# define HWASAN_CONTAINS_UBSAN CAN_SANITIZE_UB # define HWASAN_CONTAINS_UBSAN CAN_SANITIZE_UB
#endif #endif
#ifndef HWASAN_WITH_INTERCEPTORS
#define HWASAN_WITH_INTERCEPTORS 0
#endif
typedef u8 tag_t; typedef u8 tag_t;
// TBI (Top Byte Ignore) feature of AArch64: bits [63:56] are ignored in address // TBI (Top Byte Ignore) feature of AArch64: bits [63:56] are ignored in address
// translation and can be used to store a tag. // translation and can be used to store a tag.
const unsigned kAddressTagShift = 56; const unsigned kAddressTagShift = 56;
const uptr kAddressTagMask = 0xFFUL << kAddressTagShift; const uptr kAddressTagMask = 0xFFUL << kAddressTagShift;
static inline tag_t GetTagFromPointer(uptr p) { static inline tag_t GetTagFromPointer(uptr p) {
▲ Show 20 LinesShow All 90 Lines▼ Show 20 Lines public:
ScopedThreadLocalStateBackup() { Backup(); } ScopedThreadLocalStateBackup() { Backup(); }
~ScopedThreadLocalStateBackup() { Restore(); } ~ScopedThreadLocalStateBackup() { Restore(); }
void Backup(); void Backup();
void Restore(); void Restore();
private: private:
u64 va_arg_overflow_size_tls; u64 va_arg_overflow_size_tls;
}; };
void HwasanTSDInit(void (*destructor)(void *tsd)); void HwasanTSDInit();
void *HwasanTSDGet();
void HwasanTSDSet(void *tsd);
void HwasanTSDDtor(void *tsd);
void HwasanOnDeadlySignal(int signo, void *info, void *context); void HwasanOnDeadlySignal(int signo, void *info, void *context);
} // namespace __hwasan } // namespace __hwasan
#define HWASAN_MALLOC_HOOK(ptr, size) \ #define HWASAN_MALLOC_HOOK(ptr, size) \
do { \ do { \
if (&__sanitizer_malloc_hook) { \ if (&__sanitizer_malloc_hook) { \
Show All 13 Lines

compiler-rt/trunk/lib/hwasan/hwasan.cc

Show First 20 LinesShow All 203 Lines▼ Show 20 Linesvoid __hwasan_init() {
InitializeInterceptors(); InitializeInterceptors();
InstallDeadlySignalHandlers(HwasanOnDeadlySignal); InstallDeadlySignalHandlers(HwasanOnDeadlySignal);
InstallAtExitHandler(); // Needs __cxa_atexit interceptor. InstallAtExitHandler(); // Needs __cxa_atexit interceptor.
Symbolizer::GetOrInit()->AddHooks(EnterSymbolizer, ExitSymbolizer); Symbolizer::GetOrInit()->AddHooks(EnterSymbolizer, ExitSymbolizer);
InitializeCoverage(common_flags()->coverage, common_flags()->coverage_dir); InitializeCoverage(common_flags()->coverage, common_flags()->coverage_dir);
HwasanTSDInit(HwasanTSDDtor); HwasanTSDInit();
HwasanAllocatorInit(); HwasanAllocatorInit();
HwasanThread *main_thread = HwasanThread::Create(nullptr, nullptr); HwasanThread *main_thread = HwasanThread::Create(nullptr, nullptr);
SetCurrentThread(main_thread); SetCurrentThread(main_thread);
main_thread->ThreadStart(); main_thread->Init();
#if HWASAN_CONTAINS_UBSAN #if HWASAN_CONTAINS_UBSAN
__ubsan::InitAsPlugin(); __ubsan::InitAsPlugin();
#endif #endif
VPrintf(1, "HWAddressSanitizer init done\n"); VPrintf(1, "HWAddressSanitizer init done\n");
hwasan_init_is_running = 0; hwasan_init_is_running = 0;
▲ Show 20 LinesShow All 228 LinesShow Last 20 Lines

compiler-rt/trunk/lib/hwasan/hwasan_interceptors.cc

Show First 20 LinesShow All 219 Lines▼ Show 20 Lines
// aarch64 (which uses a different register for sret value). We have a test // aarch64 (which uses a different register for sret value). We have a test
// to confirm that. // to confirm that.
INTERCEPTOR(void, mallinfo, __sanitizer_struct_mallinfo *sret) { INTERCEPTOR(void, mallinfo, __sanitizer_struct_mallinfo *sret) {
#ifdef __aarch64__ #ifdef __aarch64__
uptr r8; uptr r8;
asm volatile("mov %0,x8" : "=r" (r8)); asm volatile("mov %0,x8" : "=r" (r8));
sret = reinterpret_cast<__sanitizer_struct_mallinfo*>(r8); sret = reinterpret_cast<__sanitizer_struct_mallinfo*>(r8);
#endif #endif
REAL(memset)(sret, 0, sizeof(*sret)); internal_memset(sret, 0, sizeof(*sret));
} }
#define HWASAN_MAYBE_INTERCEPT_MALLINFO INTERCEPT_FUNCTION(mallinfo) #define HWASAN_MAYBE_INTERCEPT_MALLINFO INTERCEPT_FUNCTION(mallinfo)
#else #else
#define HWASAN_MAYBE_INTERCEPT_MALLINFO #define HWASAN_MAYBE_INTERCEPT_MALLINFO
#endif #endif
#if !SANITIZER_FREEBSD && !SANITIZER_NETBSD #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD
INTERCEPTOR(int, mallopt, int cmd, int value) { INTERCEPTOR(int, mallopt, int cmd, int value) {
▲ Show 20 LinesShow All 45 Lines▼ Show 20 LinesINTERCEPTOR(void *, malloc, SIZE_T size) {
if (UNLIKELY(!hwasan_init_is_running)) if (UNLIKELY(!hwasan_init_is_running))
ENSURE_HWASAN_INITED(); ENSURE_HWASAN_INITED();
if (UNLIKELY(!hwasan_inited)) if (UNLIKELY(!hwasan_inited))
// Hack: dlsym calls malloc before REAL(malloc) is retrieved from dlsym. // Hack: dlsym calls malloc before REAL(malloc) is retrieved from dlsym.
return AllocateFromLocalPool(size); return AllocateFromLocalPool(size);
return hwasan_malloc(size, &stack); return hwasan_malloc(size, &stack);
} }
template <class Mmap> #if HWASAN_WITH_INTERCEPTORS
static void *mmap_interceptor(Mmap real_mmap, void *addr, SIZE_T sz, int prot,
int flags, int fd, OFF64_T off) {
if (addr && !MEM_IS_APP(addr)) {
if (flags & map_fixed) {
errno = errno_EINVAL;
return (void *)-1;
} else {
addr = nullptr;
}
}
return real_mmap(addr, sz, prot, flags, fd, off);
}
extern "C" int pthread_attr_init(void *attr); extern "C" int pthread_attr_init(void *attr);
extern "C" int pthread_attr_destroy(void *attr); extern "C" int pthread_attr_destroy(void *attr);
static void *HwasanThreadStartFunc(void *arg) { static void *HwasanThreadStartFunc(void *arg) {
HwasanThread *t = (HwasanThread *)arg; __hwasan_thread_enter();
SetCurrentThread(t); return ((HwasanThread *)arg)->ThreadStart();
return t->ThreadStart();
} }
INTERCEPTOR(int, pthread_create, void *th, void *attr, void *(*callback)(void*), INTERCEPTOR(int, pthread_create, void *th, void *attr, void *(*callback)(void*),
void * param) { void * param) {
ENSURE_HWASAN_INITED(); // for GetTlsSize() ENSURE_HWASAN_INITED(); // for GetTlsSize()
__sanitizer_pthread_attr_t myattr; __sanitizer_pthread_attr_t myattr;
if (!attr) { if (!attr) {
pthread_attr_init(&myattr); pthread_attr_init(&myattr);
attr = &myattr; attr = &myattr;
} }
AdjustStackSize(attr); AdjustStackSize(attr);
HwasanThread *t = HwasanThread::Create(callback, param); HwasanThread *t = HwasanThread::Create(callback, param);
int res = REAL(pthread_create)(th, attr, HwasanThreadStartFunc, t); int res = REAL(pthread_create)(th, attr, HwasanThreadStartFunc, t);
if (attr == &myattr) if (attr == &myattr)
pthread_attr_destroy(&myattr); pthread_attr_destroy(&myattr);
return res; return res;
} }
#endif // HWASAN_WITH_INTERCEPTORS
static void BeforeFork() { static void BeforeFork() {
StackDepotLockAll(); StackDepotLockAll();
} }
static void AfterFork() { static void AfterFork() {
StackDepotUnlockAll(); StackDepotUnlockAll();
} }
Show All 15 Lines
int OnExit() { int OnExit() {
// FIXME: ask frontend whether we need to return failure. // FIXME: ask frontend whether we need to return failure.
return 0; return 0;
} }
} // namespace __hwasan } // namespace __hwasan
// A version of CHECK_UNPOISONED using a saved scope value. Used in common
// interceptors.
#define CHECK_UNPOISONED_CTX(ctx, x, n) \
do { \
if (!((HwasanInterceptorContext *)ctx)->in_interceptor_scope) \
CHECK_UNPOISONED_0(x, n); \
} while (0)
#define HWASAN_INTERCEPT_FUNC(name) \
do { \
if ((!INTERCEPT_FUNCTION(name) || !REAL(name))) \
VReport(1, "HWAddressSanitizer: failed to intercept '" #name "'\n"); \
} while (0)
#define HWASAN_INTERCEPT_FUNC_VER(name, ver) \
do { \
if ((!INTERCEPT_FUNCTION_VER(name, ver) || !REAL(name))) \
VReport( \
1, "HWAddressSanitizer: failed to intercept '" #name "@@" #ver "'\n"); \
} while (0)
#define COMMON_INTERCEPT_FUNCTION(name) HWASAN_INTERCEPT_FUNC(name)
#define COMMON_INTERCEPT_FUNCTION_VER(name, ver) \
HWASAN_INTERCEPT_FUNC_VER(name, ver)
#define COMMON_INTERCEPTOR_WRITE_RANGE(ctx, ptr, size) \
CHECK_UNPOISONED_CTX(ctx, ptr, size)
#define COMMON_INTERCEPTOR_READ_RANGE(ctx, ptr, size) \
CHECK_UNPOISONED_CTX(ctx, ptr, size)
#define COMMON_INTERCEPTOR_INITIALIZE_RANGE(ptr, size) \
HWASAN_WRITE_RANGE(ctx, ptr, size)
#define COMMON_INTERCEPTOR_ENTER(ctx, func, ...) \
if (hwasan_init_is_running) return REAL(func)(__VA_ARGS__); \
ENSURE_HWASAN_INITED(); \
HwasanInterceptorContext hwasan_ctx = {IsInInterceptorScope()}; \
ctx = (void *)&hwasan_ctx; \
(void)ctx; \
InterceptorScope interceptor_scope;
#define COMMON_INTERCEPTOR_DIR_ACQUIRE(ctx, path) \
do { \
} while (false)
#define COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd) \
do { \
} while (false)
#define COMMON_INTERCEPTOR_FD_RELEASE(ctx, fd) \
do { \
} while (false)
#define COMMON_INTERCEPTOR_FD_SOCKET_ACCEPT(ctx, fd, newfd) \
do { \
} while (false)
#define COMMON_INTERCEPTOR_SET_THREAD_NAME(ctx, name) \
do { \
} while (false) // FIXME
#define COMMON_INTERCEPTOR_SET_PTHREAD_NAME(ctx, thread, name) \
do { \
} while (false) // FIXME
#define COMMON_INTERCEPTOR_BLOCK_REAL(name) REAL(name)
#define COMMON_INTERCEPTOR_ON_EXIT(ctx) OnExit()
#define COMMON_INTERCEPTOR_GET_TLS_RANGE(begin, end) \
if (HwasanThread *t = GetCurrentThread()) { \
*begin = t->tls_begin(); \
*end = t->tls_end(); \
} else { \
*begin = *end = 0; \
}
// AArch64 has TBI and can (and must!) pass the pointer to system memset as-is.
// Other platforms need to remove the tag.
#if defined(__aarch64__)
#define COMMON_INTERCEPTOR_MEMSET_IMPL(ctx, dst, v, size) \
{ \
COMMON_INTERCEPTOR_ENTER(ctx, memset, dst, v, size); \
if (common_flags()->intercept_intrin && \
MEM_IS_APP(GetAddressFromPointer(dst))) \
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, dst, size); \
return REAL(memset)(dst, v, size); \
}
#else
#define COMMON_INTERCEPTOR_MEMSET_IMPL(ctx, dst, v, size) \
{ \
COMMON_INTERCEPTOR_ENTER(ctx, memset, dst, v, size); \
if (common_flags()->intercept_intrin && \
MEM_IS_APP(GetAddressFromPointer(dst))) \
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, dst, size); \
return REAL(memset)(GetAddressFromPointer(dst), v, size); \
}
#endif
#define COMMON_INTERCEPTOR_MMAP_IMPL(ctx, mmap, addr, length, prot, flags, fd, \
offset) \
do { \
return mmap_interceptor(REAL(mmap), addr, length, prot, flags, fd, \
offset); \
} while (false)
#include "sanitizer_common/sanitizer_platform_interceptors.h"
#include "sanitizer_common/sanitizer_common_interceptors.inc"
#include "sanitizer_common/sanitizer_signal_interceptors.inc"
#define COMMON_SYSCALL_PRE_READ_RANGE(p, s) CHECK_UNPOISONED(p, s)
#define COMMON_SYSCALL_PRE_WRITE_RANGE(p, s) \
do { \
(void)(p); \
(void)(s); \
} while (false)
#define COMMON_SYSCALL_POST_READ_RANGE(p, s) \
do { \
(void)(p); \
(void)(s); \
} while (false)
#define COMMON_SYSCALL_POST_WRITE_RANGE(p, s) \
do { \
(void)(p); \
(void)(s); \
} while (false)
#include "sanitizer_common/sanitizer_common_syscalls.inc"
#include "sanitizer_common/sanitizer_syscalls_netbsd.inc"
namespace __hwasan { namespace __hwasan {
void InitializeInterceptors() { void InitializeInterceptors() {
static int inited = 0; static int inited = 0;
CHECK_EQ(inited, 0); CHECK_EQ(inited, 0);
InitializeCommonInterceptors();
InitializeSignalInterceptors();
// FIXME: disable interceptors for allocator functions, keep only __sanitizer
// aliases unless HWASAN_WITH_INTERCEPTORS=1.
INTERCEPT_FUNCTION(posix_memalign); INTERCEPT_FUNCTION(posix_memalign);
HWASAN_MAYBE_INTERCEPT_MEMALIGN; HWASAN_MAYBE_INTERCEPT_MEMALIGN;
INTERCEPT_FUNCTION(__libc_memalign); INTERCEPT_FUNCTION(__libc_memalign);
INTERCEPT_FUNCTION(valloc); INTERCEPT_FUNCTION(valloc);
HWASAN_MAYBE_INTERCEPT_PVALLOC; HWASAN_MAYBE_INTERCEPT_PVALLOC;
INTERCEPT_FUNCTION(malloc); INTERCEPT_FUNCTION(malloc);
INTERCEPT_FUNCTION(calloc); INTERCEPT_FUNCTION(calloc);
INTERCEPT_FUNCTION(realloc); INTERCEPT_FUNCTION(realloc);
INTERCEPT_FUNCTION(free); INTERCEPT_FUNCTION(free);
HWASAN_MAYBE_INTERCEPT_CFREE; HWASAN_MAYBE_INTERCEPT_CFREE;
INTERCEPT_FUNCTION(malloc_usable_size); INTERCEPT_FUNCTION(malloc_usable_size);
HWASAN_MAYBE_INTERCEPT_MALLINFO; HWASAN_MAYBE_INTERCEPT_MALLINFO;
HWASAN_MAYBE_INTERCEPT_MALLOPT; HWASAN_MAYBE_INTERCEPT_MALLOPT;
HWASAN_MAYBE_INTERCEPT_MALLOC_STATS; HWASAN_MAYBE_INTERCEPT_MALLOC_STATS;
INTERCEPT_FUNCTION(pthread_create);
INTERCEPT_FUNCTION(fork); INTERCEPT_FUNCTION(fork);
#if HWASAN_WITH_INTERCEPTORS
INTERCEPT_FUNCTION(pthread_create);
#endif
inited = 1; inited = 1;
} }
} // namespace __hwasan } // namespace __hwasan

compiler-rt/trunk/lib/hwasan/hwasan_interface_internal.h

Show First 20 LinesShow All 131 Lines▼ Show 20 Lines
void __sanitizer_unaligned_store64(uu64 *p, u64 x); void __sanitizer_unaligned_store64(uu64 *p, u64 x);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __hwasan_enable_allocator_tagging(); void __hwasan_enable_allocator_tagging();
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __hwasan_disable_allocator_tagging(); void __hwasan_disable_allocator_tagging();
SANITIZER_INTERFACE_ATTRIBUTE
void __hwasan_thread_enter();
SANITIZER_INTERFACE_ATTRIBUTE
void __hwasan_thread_exit();
} // extern "C" } // extern "C"
#endif // HWASAN_INTERFACE_INTERNAL_H #endif // HWASAN_INTERFACE_INTERNAL_H

compiler-rt/trunk/lib/hwasan/hwasan_linux.cc

Show First 20 LinesShow All 245 Lines▼ Show 20 Lines
} }
void InstallAtExitHandler() { void InstallAtExitHandler() {
atexit(HwasanAtExit); atexit(HwasanAtExit);
} }
// ---------------------- TSD ---------------- {{{1 // ---------------------- TSD ---------------- {{{1
extern "C" void __hwasan_thread_enter() {
HwasanThread *t = HwasanThread::Create(nullptr, nullptr);
SetCurrentThread(t);
t->Init();
}
extern "C" void __hwasan_thread_exit() {
HwasanThread *t = GetCurrentThread();
// Make sure that signal handler can not see a stale current thread pointer.
atomic_signal_fence(memory_order_seq_cst);
if (t)
t->Destroy();
}
#if HWASAN_WITH_INTERCEPTORS
static pthread_key_t tsd_key; static pthread_key_t tsd_key;
static bool tsd_key_inited = false; static bool tsd_key_inited = false;
void HwasanTSDInit(void (*destructor)(void *tsd)) { void HwasanTSDDtor(void *tsd) {
HwasanThread *t = (HwasanThread*)tsd;
if (t->destructor_iterations_ > 1) {
t->destructor_iterations_--;
CHECK_EQ(0, pthread_setspecific(tsd_key, tsd));
return;
}
__hwasan_thread_exit();
}
void HwasanTSDInit() {
CHECK(!tsd_key_inited); CHECK(!tsd_key_inited);
tsd_key_inited = true; tsd_key_inited = true;
CHECK_EQ(0, pthread_key_create(&tsd_key, destructor)); CHECK_EQ(0, pthread_key_create(&tsd_key, HwasanTSDDtor));
} }
HwasanThread *GetCurrentThread() { HwasanThread *GetCurrentThread() {
return (HwasanThread*)pthread_getspecific(tsd_key); return (HwasanThread *)pthread_getspecific(tsd_key);
} }
void SetCurrentThread(HwasanThread *t) { void SetCurrentThread(HwasanThread *t) {
// Make sure that HwasanTSDDtor gets called at the end. // Make sure that HwasanTSDDtor gets called at the end.
CHECK(tsd_key_inited); CHECK(tsd_key_inited);
// Make sure we do not reset the current HwasanThread. // Make sure we do not reset the current HwasanThread.
CHECK_EQ(0, pthread_getspecific(tsd_key)); CHECK_EQ(0, pthread_getspecific(tsd_key));
pthread_setspecific(tsd_key, (void *)t); pthread_setspecific(tsd_key, (void *)t);
} }
#elif SANITIZER_ANDROID
void HwasanTSDDtor(void *tsd) { void HwasanTSDInit() {}
HwasanThread *t = (HwasanThread*)tsd; HwasanThread *GetCurrentThread() {
if (t->destructor_iterations_ > 1) { return (HwasanThread*)*get_android_tls_ptr();
t->destructor_iterations_--;
CHECK_EQ(0, pthread_setspecific(tsd_key, tsd));
return;
} }
// Make sure that signal handler can not see a stale current thread pointer.
atomic_signal_fence(memory_order_seq_cst); void SetCurrentThread(HwasanThread *t) {
HwasanThread::TSDDtor(tsd); *get_android_tls_ptr() = (uptr)t;
} }
#else
#error unsupported configuration !HWASAN_WITH_INTERCEPTORS && !SANITIZER_ANDROID
#endif
struct AccessInfo { struct AccessInfo {
uptr addr; uptr addr;
uptr size; uptr size;
bool is_store; bool is_store;
bool is_load; bool is_load;
bool recover; bool recover;
}; };
▲ Show 20 LinesShow All 97 LinesShow Last 20 Lines

compiler-rt/trunk/lib/hwasan/hwasan_thread.h

Show All 16 Lines
#include "hwasan_allocator.h" #include "hwasan_allocator.h"
#include "sanitizer_common/sanitizer_common.h" #include "sanitizer_common/sanitizer_common.h"
namespace __hwasan { namespace __hwasan {
class HwasanThread { class HwasanThread {
public: public:
static HwasanThread *Create(thread_callback_t start_routine, void *arg); static HwasanThread *Create(thread_callback_t start_routine, void *arg);
static void TSDDtor(void *tsd);
void Destroy(); void Destroy();
void Init(); // Should be called from the thread itself. void Init();
thread_return_t ThreadStart(); thread_return_t ThreadStart();
uptr stack_top() { return stack_top_; } uptr stack_top() { return stack_top_; }
uptr stack_bottom() { return stack_bottom_; } uptr stack_bottom() { return stack_bottom_; }
uptr tls_begin() { return tls_begin_; } uptr tls_begin() { return tls_begin_; }
uptr tls_end() { return tls_end_; } uptr tls_end() { return tls_end_; }
bool IsMainThread() { return start_routine_ == nullptr; } bool IsMainThread() { return start_routine_ == nullptr; }
▲ Show 20 LinesShow All 50 LinesShow Last 20 Lines

compiler-rt/trunk/lib/hwasan/hwasan_thread.cc

Show First 20 LinesShow All 59 Lines▼ Show 20 Lines
void HwasanThread::Init() { void HwasanThread::Init() {
SetThreadStackAndTls(); SetThreadStackAndTls();
if (stack_bottom_) { if (stack_bottom_) {
CHECK(MEM_IS_APP(stack_bottom_)); CHECK(MEM_IS_APP(stack_bottom_));
CHECK(MEM_IS_APP(stack_top_ - 1)); CHECK(MEM_IS_APP(stack_top_ - 1));
} }
} }
void HwasanThread::TSDDtor(void *tsd) {
HwasanThread *t = (HwasanThread*)tsd;
t->Destroy();
}
void HwasanThread::ClearShadowForThreadStackAndTLS() { void HwasanThread::ClearShadowForThreadStackAndTLS() {
if (stack_top_ != stack_bottom_) if (stack_top_ != stack_bottom_)
TagMemory(stack_bottom_, stack_top_ - stack_bottom_, 0); TagMemory(stack_bottom_, stack_top_ - stack_bottom_, 0);
if (tls_begin_ != tls_end_) if (tls_begin_ != tls_end_)
TagMemory(tls_begin_, tls_end_ - tls_begin_, 0); TagMemory(tls_begin_, tls_end_ - tls_begin_, 0);
} }
void HwasanThread::Destroy() { void HwasanThread::Destroy() {
malloc_storage().CommitBack(); malloc_storage().CommitBack();
ClearShadowForThreadStackAndTLS(); ClearShadowForThreadStackAndTLS();
uptr size = RoundUpTo(sizeof(HwasanThread), GetPageSizeCached()); uptr size = RoundUpTo(sizeof(HwasanThread), GetPageSizeCached());
UnmapOrDie(this, size); UnmapOrDie(this, size);
DTLS_Destroy(); DTLS_Destroy();
} }
thread_return_t HwasanThread::ThreadStart() { thread_return_t HwasanThread::ThreadStart() {
Init(); return start_routine_(arg_);
if (!start_routine_) {
// start_routine_ == 0 if we're on the main thread or on one of the
// OS X libdispatch worker threads. But nobody is supposed to call
// ThreadStart() for the worker threads.
return 0;
}
thread_return_t res = start_routine_(arg_);
return res;
} }
static u32 xorshift(u32 state) { static u32 xorshift(u32 state) {
state ^= state << 13; state ^= state << 13;
state ^= state >> 17; state ^= state >> 17;
state ^= state << 5; state ^= state << 5;
return state; return state;
} }
Show All 19 Lines

compiler-rt/trunk/test/hwasan/TestCases/longjmp.c

// RUN: %clang_hwasan -O0 -DNEGATIVE %s -o %t && %run %t 2>&1 // RUN: %clang_hwasan -O0 -DNEGATIVE %s -o %t && %run %t 2>&1
// RUN: %clang_hwasan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s // RUN: %clang_hwasan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
// REQUIRES: stable-runtime // REQUIRES: stable-runtime
#include <stdlib.h> #include <stdlib.h>
#include <assert.h> #include <assert.h>
#include <sanitizer/hwasan_interface.h> #include <sanitizer/hwasan_interface.h>
__attribute__((noinline)) __attribute__((noinline))
int f(void *caller_frame) { int f(void *caller_frame) {
char z[32] = {}; int z = 0;
char *volatile p = z; int *volatile p = &z;
// Tag of local is never zero. // Tag of local is never zero.
assert(__hwasan_tag_pointer(p, 0) != p); assert(__hwasan_tag_pointer(p, 0) != p);
#ifndef NEGATIVE #ifndef NEGATIVE
// This will destroy shadow of "z", and the following load will crash. // This will destroy shadow of "z", and the following load will crash.
__hwasan_handle_longjmp(caller_frame); __hwasan_handle_longjmp(caller_frame);
#endif #endif
return p[0]; return p[0];
} }
int main() { int main() {
return f(__builtin_frame_address(0)); return f(__builtin_frame_address(0));
// CHECK: READ of size 8 // CHECK: READ of size 8
// CHECK: pointer tag // CHECK: pointer tag
// CHECK: memory tag 0x0 // CHECK: memory tag 0x0
} }