This is an archive of the discontinued LLVM Phabricator instance.

Differential D57490

hwasan: Add __hwasan_init_static() function.
ClosedPublic

Authored by pcc on Jan 30 2019, 4:49 PM.

Details

Reviewers
eugenis
Commits
rG886b7cc1073f: hwasan: Add __hwasan_init_static() function.
rL352816: hwasan: Add __hwasan_init_static() function.
rCRT352816: hwasan: Add __hwasan_init_static() function.
Summary

This function initializes enough of the runtime to be able to run
instrumented code in a statically linked executable. It replaces
__hwasan_shadow_init() which wasn't doing enough initialization for
instrumented code that uses either TLS or IFUNC to work.

Diff Detail

Event Timeline

pcc created this revision.Jan 30 2019, 4:49 PM
Herald added subscribers: kubamracek, srhines. · View Herald TranscriptJan 30 2019, 4:49 PM
Harbormaster completed remote builds in B27518: Diff 184411.Jan 30 2019, 4:51 PM
eugenis added inline comments.Jan 31 2019, 2:50 PM
compiler-rt/include/sanitizer/hwasan_interface.h
26 ↗(On Diff #184411)

It should fine to call this function in dynamic executables if __rela_iplt symbols are declared weak.

In that case, would it be possible to get rid of hwasan_init_static, and simply call hwasan_init early enough? If not, is there a corresponding bionic patch to use__hwasan_init_static?

pcc marked an inline comment as done.Jan 31 2019, 3:12 PM
pcc added inline comments.
compiler-rt/include/sanitizer/hwasan_interface.h
26 ↗(On Diff #184411)

It should fine to call this function in dynamic executables if __rela_iplt symbols are declared weak.

They don't even need to be declared weak, the symbols point to the IRELATIVEs in dynamic executables as well. In PIEs and DSOs I guess it's possible (though extremely unlikely) for the r_offset for an unrelated ifunc to match the address of __hwasan_shadow, which would end up calling the wrong resolver (and segfaulting if RELRO was applied). And this will definitely segfault if the executable is a dynamically linked non-PIE (which isn't supported on Android but could be on other platforms).

In that case, would it be possible to get rid of hwasan_init_static, and simply call hwasan_init early enough?

I think that won't work because the call to madvise in MadviseShadow requires libc to be initialized more than it is currently at the point where __hwasan_init is currently called in bionic (which AFAICT was the motivation for adding __hwasan_init_shadow in D50581).

If not, is there a corresponding bionic patch to use__hwasan_init_static?

It's basically just s/__hwasan_init/__hwasan_init_static/g in bionic. I'll send it out in a bit.

Herald added a project: Restricted Project. · View Herald TranscriptJan 31 2019, 3:12 PM
eugenis accepted this revision.Jan 31 2019, 3:28 PM

LGTM
Doing less things while libc is not fully initialized is a step in the right direction.

This revision is now accepted and ready to land.Jan 31 2019, 3:28 PM
Closed by commit rCRT352816: hwasan: Add __hwasan_init_static() function. (authored by pcc). · Explain WhyJan 31 2019, 3:37 PM
This revision was automatically updated to reflect the committed changes.
Herald added a project: Restricted Project. · View Herald TranscriptJan 31 2019, 3:37 PM
pcc marked an inline comment as done.Jan 31 2019, 4:32 PM
pcc added inline comments.
compiler-rt/include/sanitizer/hwasan_interface.h
26 ↗(On Diff #184411)

They don't even need to be declared weak, the symbols point to the IRELATIVEs in dynamic executables as well.

Hmm, actually it's only lld which has this behaviour. I'll make them weak.

Herald added a subscriber: Restricted Project. · View Herald TranscriptJan 31 2019, 4:32 PM
pcc marked an inline comment as done.Jan 31 2019, 4:43 PM
pcc added inline comments.
compiler-rt/include/sanitizer/hwasan_interface.h
26 ↗(On Diff #184411)

r352823

Revision Contents

Diff 184637

include/sanitizer/hwasan_interface.h

Show All 12 Lines
#ifndef SANITIZER_HWASAN_INTERFACE_H #ifndef SANITIZER_HWASAN_INTERFACE_H
#define SANITIZER_HWASAN_INTERFACE_H #define SANITIZER_HWASAN_INTERFACE_H
#include <sanitizer/common_interface_defs.h> #include <sanitizer/common_interface_defs.h>
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
// Initialize shadow but not the rest of the runtime. // Libc hook for program startup in statically linked executables.
// Initializes enough of the runtime to run instrumented code. This function
// should only be called in statically linked executables because it modifies
// the GOT, which won't work in regular binaries because RELRO will already
// have been applied by the time the function is called. This also means that
// the function should be called before libc applies RELRO.
// Does not call libc unless there is an error. // Does not call libc unless there is an error.
// Can be called multiple times, or not at all (in which case shadow will // Can be called multiple times.
// be initialized in compiler-inserted __hwasan_init() call). void __hwasan_init_static(void);
void __hwasan_shadow_init(void);
// This function may be optionally provided by user and should return // This function may be optionally provided by user and should return
// a string containing HWASan runtime options. See asan_flags.h for details. // a string containing HWASan runtime options. See asan_flags.h for details.
const char* __hwasan_default_options(void); const char* __hwasan_default_options(void);
void __hwasan_enable_allocator_tagging(void); void __hwasan_enable_allocator_tagging(void);
void __hwasan_disable_allocator_tagging(void); void __hwasan_disable_allocator_tagging(void);
▲ Show 20 LinesShow All 50 LinesShow Last 20 Lines

lib/hwasan/hwasan.h

Show First 20 LinesShow All 64 Lines▼ Show 20 Lines
extern int hwasan_inited; extern int hwasan_inited;
extern bool hwasan_init_is_running; extern bool hwasan_init_is_running;
extern int hwasan_report_count; extern int hwasan_report_count;
bool ProtectRange(uptr beg, uptr end); bool ProtectRange(uptr beg, uptr end);
bool InitShadow(); bool InitShadow();
void InitThreads(); void InitThreads();
void InitInstrumentation();
void MadviseShadow(); void MadviseShadow();
char *GetProcSelfMaps(); char *GetProcSelfMaps();
void InitializeInterceptors(); void InitializeInterceptors();
void HwasanAllocatorInit(); void HwasanAllocatorInit();
void HwasanAllocatorThreadFinish(); void HwasanAllocatorThreadFinish();
void *hwasan_malloc(uptr size, StackTrace *stack); void *hwasan_malloc(uptr size, StackTrace *stack);
▲ Show 20 LinesShow All 95 LinesShow Last 20 Lines

lib/hwasan/hwasan.cc

//===-- hwasan.cc ---------------------------------------------------------===// //===-- hwasan.cc ---------------------------------------------------------===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
// This file is a part of HWAddressSanitizer. // This file is a part of HWAddressSanitizer.
// //
// HWAddressSanitizer runtime. // HWAddressSanitizer runtime.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "hwasan.h" #include "hwasan.h"
#include "hwasan_checks.h" #include "hwasan_checks.h"
#include "hwasan_dynamic_shadow.h"
#include "hwasan_poisoning.h" #include "hwasan_poisoning.h"
#include "hwasan_report.h" #include "hwasan_report.h"
#include "hwasan_thread.h" #include "hwasan_thread.h"
#include "hwasan_thread_list.h" #include "hwasan_thread_list.h"
#include "sanitizer_common/sanitizer_atomic.h" #include "sanitizer_common/sanitizer_atomic.h"
#include "sanitizer_common/sanitizer_common.h" #include "sanitizer_common/sanitizer_common.h"
#include "sanitizer_common/sanitizer_flag_parser.h" #include "sanitizer_common/sanitizer_flag_parser.h"
#include "sanitizer_common/sanitizer_flags.h" #include "sanitizer_common/sanitizer_flags.h"
Show All 28 Lines
static Flags hwasan_flags; static Flags hwasan_flags;
Flags *flags() { Flags *flags() {
return &hwasan_flags; return &hwasan_flags;
} }
int hwasan_inited = 0; int hwasan_inited = 0;
int hwasan_shadow_inited = 0; int hwasan_instrumentation_inited = 0;
bool hwasan_init_is_running; bool hwasan_init_is_running;
int hwasan_report_count = 0; int hwasan_report_count = 0;
void Flags::SetDefaults() { void Flags::SetDefaults() {
#define HWASAN_FLAG(Type, Name, DefaultValue, Description) Name = DefaultValue; #define HWASAN_FLAG(Type, Name, DefaultValue, Description) Name = DefaultValue;
#include "hwasan_flags.inc" #include "hwasan_flags.inc"
#undef HWASAN_FLAG #undef HWASAN_FLAG
▲ Show 20 LinesShow All 172 Lines▼ Show 20 Lines
const char *GetStackFrameDescr(uptr pc) { const char *GetStackFrameDescr(uptr pc) {
for (uptr i = 0, n = AllFrames.size(); i < n; i++) for (uptr i = 0, n = AllFrames.size(); i < n; i++)
for (auto p = AllFrames[i].beg; p < AllFrames[i].end; p++) for (auto p = AllFrames[i].beg; p < AllFrames[i].end; p++)
if (p->PC == pc) if (p->PC == pc)
return p->Descr; return p->Descr;
return nullptr; return nullptr;
} }
} // namespace __hwasan // Prepare to run instrumented code on the main thread.
void InitInstrumentation() {
// Interface. if (hwasan_instrumentation_inited) return;
using namespace __hwasan;
uptr __hwasan_shadow_memory_dynamic_address; // Global interface symbol.
void __hwasan_shadow_init() {
if (hwasan_shadow_inited) return;
if (!InitShadow()) { if (!InitShadow()) {
Printf("FATAL: HWAddressSanitizer cannot mmap the shadow memory.\n"); Printf("FATAL: HWAddressSanitizer cannot mmap the shadow memory.\n");
DumpProcessMap(); DumpProcessMap();
Die(); Die();
} }
hwasan_shadow_inited = 1;
InitThreads();
hwasanThreadList().CreateCurrentThread();
hwasan_instrumentation_inited = 1;
} }
} // namespace __hwasan
// Interface.
using namespace __hwasan;
uptr __hwasan_shadow_memory_dynamic_address; // Global interface symbol.
void __hwasan_init_frames(uptr beg, uptr end) { void __hwasan_init_frames(uptr beg, uptr end) {
InitFrameDescriptors(beg, end); InitFrameDescriptors(beg, end);
} }
void __hwasan_init_static() {
InitShadowGOT();
InitInstrumentation();
}
void __hwasan_init() { void __hwasan_init() {
CHECK(!hwasan_init_is_running); CHECK(!hwasan_init_is_running);
if (hwasan_inited) return; if (hwasan_inited) return;
hwasan_init_is_running = 1; hwasan_init_is_running = 1;
SanitizerToolName = "HWAddressSanitizer"; SanitizerToolName = "HWAddressSanitizer";
InitTlsSize(); InitTlsSize();
CacheBinaryName(); CacheBinaryName();
InitializeFlags(); InitializeFlags();
// Install tool-specific callbacks in sanitizer_common. // Install tool-specific callbacks in sanitizer_common.
SetCheckFailedCallback(HWAsanCheckFailed); SetCheckFailedCallback(HWAsanCheckFailed);
__sanitizer_set_report_path(common_flags()->log_path); __sanitizer_set_report_path(common_flags()->log_path);
AndroidTestTlsSlot(); AndroidTestTlsSlot();
DisableCoreDumperIfNecessary(); DisableCoreDumperIfNecessary();
__hwasan_shadow_init(); InitInstrumentation();
InitThreads(); // Needs to be called here because flags()->random_tags might not have been
hwasanThreadList().CreateCurrentThread(); // initialized when InitInstrumentation() was called.
GetCurrentThread()->InitRandomState();
MadviseShadow(); MadviseShadow();
SetPrintfAndReportCallback(AppendToErrorMessageBuffer); SetPrintfAndReportCallback(AppendToErrorMessageBuffer);
// This may call libc -> needs initialized shadow. // This may call libc -> needs initialized shadow.
AndroidLogInit(); AndroidLogInit();
InitializeInterceptors(); InitializeInterceptors();
▲ Show 20 LinesShow All 196 LinesShow Last 20 Lines

lib/hwasan/hwasan_dynamic_shadow.h

Show All 14 Lines
#ifndef HWASAN_PREMAP_SHADOW_H #ifndef HWASAN_PREMAP_SHADOW_H
#define HWASAN_PREMAP_SHADOW_H #define HWASAN_PREMAP_SHADOW_H
#include "sanitizer_common/sanitizer_internal_defs.h" #include "sanitizer_common/sanitizer_internal_defs.h"
namespace __hwasan { namespace __hwasan {
uptr FindDynamicShadowStart(uptr shadow_size_bytes); uptr FindDynamicShadowStart(uptr shadow_size_bytes);
void InitShadowGOT();
} // namespace __hwasan } // namespace __hwasan
#endif // HWASAN_PREMAP_SHADOW_H #endif // HWASAN_PREMAP_SHADOW_H

lib/hwasan/hwasan_dynamic_shadow.cc

Show All 12 Lines
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "hwasan.h" #include "hwasan.h"
#include "hwasan_dynamic_shadow.h" #include "hwasan_dynamic_shadow.h"
#include "hwasan_mapping.h" #include "hwasan_mapping.h"
#include "sanitizer_common/sanitizer_common.h" #include "sanitizer_common/sanitizer_common.h"
#include "sanitizer_common/sanitizer_posix.h" #include "sanitizer_common/sanitizer_posix.h"
#include <elf.h>
#include <link.h>
// The code in this file needs to run in an unrelocated binary. It should not // The code in this file needs to run in an unrelocated binary. It should not
// access any external symbol, including its own non-hidden globals. // access any external symbol, including its own non-hidden globals.
namespace __hwasan { namespace __hwasan {
static void UnmapFromTo(uptr from, uptr to) { static void UnmapFromTo(uptr from, uptr to) {
if (to == from) if (to == from)
return; return;
▲ Show 20 LinesShow All 84 Lines▼ Show 20 Linesdecltype(__hwasan_shadow)* __hwasan_premap_shadow() {
return reinterpret_cast<decltype(__hwasan_shadow)*>(shadow); return reinterpret_cast<decltype(__hwasan_shadow)*>(shadow);
} }
// __hwasan_shadow is a "function" that has the same address as the first byte // __hwasan_shadow is a "function" that has the same address as the first byte
// of the shadow mapping. // of the shadow mapping.
INTERFACE_ATTRIBUTE __attribute__((ifunc("__hwasan_premap_shadow"))) INTERFACE_ATTRIBUTE __attribute__((ifunc("__hwasan_premap_shadow")))
void __hwasan_shadow(); void __hwasan_shadow();
extern __attribute((visibility("hidden"))) ElfW(Rela) __rela_iplt_start[],
__rela_iplt_end[];
} // extern "C" } // extern "C"
namespace __hwasan { namespace __hwasan {
void InitShadowGOT() {
// Call the ifunc resolver for __hwasan_shadow and fill in its GOT entry. This
// needs to be done before other ifunc resolvers (which are handled by libc)
// because a resolver might read __hwasan_shadow.
typedef ElfW(Addr) (*ifunc_resolver_t)(void);
for (ElfW(Rela) *r = __rela_iplt_start; r != __rela_iplt_end; ++r) {
ElfW(Addr)* offset = reinterpret_cast<ElfW(Addr)*>(r->r_offset);
ElfW(Addr) resolver = r->r_addend;
if (resolver == reinterpret_cast<ElfW(Addr)>(&__hwasan_premap_shadow)) {
*offset = reinterpret_cast<ifunc_resolver_t>(resolver)();
break;
}
}
}
uptr FindDynamicShadowStart(uptr shadow_size_bytes) { uptr FindDynamicShadowStart(uptr shadow_size_bytes) {
if (IsPremapShadowAvailable()) if (IsPremapShadowAvailable())
return FindPremappedShadowStart(shadow_size_bytes); return FindPremappedShadowStart(shadow_size_bytes);
return MapDynamicShadow(shadow_size_bytes); return MapDynamicShadow(shadow_size_bytes);
} }
} // namespace __hwasan } // namespace __hwasan
#else #else
namespace __hwasan { namespace __hwasan {
void InitShadowGOT() {}
uptr FindDynamicShadowStart(uptr shadow_size_bytes) { uptr FindDynamicShadowStart(uptr shadow_size_bytes) {
return MapDynamicShadow(shadow_size_bytes); return MapDynamicShadow(shadow_size_bytes);
} }
} // namespace __hwasan } // namespace __hwasan
#
#endif // SANITIZER_ANDROID #endif // SANITIZER_ANDROID

lib/hwasan/hwasan_interface_internal.h

Show All 14 Lines
#define HWASAN_INTERFACE_INTERNAL_H #define HWASAN_INTERFACE_INTERNAL_H
#include "sanitizer_common/sanitizer_internal_defs.h" #include "sanitizer_common/sanitizer_internal_defs.h"
#include "sanitizer_common/sanitizer_platform_limits_posix.h" #include "sanitizer_common/sanitizer_platform_limits_posix.h"
extern "C" { extern "C" {
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __hwasan_shadow_init(); void __hwasan_init_static();
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __hwasan_init(); void __hwasan_init();
using __sanitizer::uptr; using __sanitizer::uptr;
using __sanitizer::sptr; using __sanitizer::sptr;
using __sanitizer::uu64; using __sanitizer::uu64;
using __sanitizer::uu32; using __sanitizer::uu32;
▲ Show 20 LinesShow All 174 LinesShow Last 20 Lines

lib/hwasan/hwasan_linux.cc

Show First 20 LinesShow All 230 Lines▼ Show 20 Lines
void InstallAtExitHandler() { void InstallAtExitHandler() {
atexit(HwasanAtExit); atexit(HwasanAtExit);
} }
// ---------------------- TSD ---------------- {{{1 // ---------------------- TSD ---------------- {{{1
extern "C" void __hwasan_thread_enter() { extern "C" void __hwasan_thread_enter() {
hwasanThreadList().CreateCurrentThread(); hwasanThreadList().CreateCurrentThread()->InitRandomState();
} }
extern "C" void __hwasan_thread_exit() { extern "C" void __hwasan_thread_exit() {
Thread *t = GetCurrentThread(); Thread *t = GetCurrentThread();
// Make sure that signal handler can not see a stale current thread pointer. // Make sure that signal handler can not see a stale current thread pointer.
atomic_signal_fence(memory_order_seq_cst); atomic_signal_fence(memory_order_seq_cst);
if (t) if (t)
hwasanThreadList().ReleaseThread(t); hwasanThreadList().ReleaseThread(t);
Show All 36 Lines
uptr *GetCurrentThreadLongPtr() { uptr *GetCurrentThreadLongPtr() {
return &__hwasan_tls; return &__hwasan_tls;
} }
#endif #endif
#if SANITIZER_ANDROID #if SANITIZER_ANDROID
void AndroidTestTlsSlot() { void AndroidTestTlsSlot() {
uptr kMagicValue = 0x010203040A0B0C0D; uptr kMagicValue = 0x010203040A0B0C0D;
*(uptr *)get_android_tls_ptr() = kMagicValue; uptr *tls_ptr = GetCurrentThreadLongPtr();
uptr old_value = *tls_ptr;
*tls_ptr = kMagicValue;
dlerror(); dlerror();
if (*(uptr *)get_android_tls_ptr() != kMagicValue) { if (*(uptr *)get_android_tls_ptr() != kMagicValue) {
Printf( Printf(
"ERROR: Incompatible version of Android: TLS_SLOT_SANITIZER(6) is used " "ERROR: Incompatible version of Android: TLS_SLOT_SANITIZER(6) is used "
"for dlerror().\n"); "for dlerror().\n");
Die(); Die();
} }
*tls_ptr = old_value;
} }
#else #else
void AndroidTestTlsSlot() {} void AndroidTestTlsSlot() {}
#endif #endif
Thread *GetCurrentThread() { Thread *GetCurrentThread() {
uptr *ThreadLong = GetCurrentThreadLongPtr(); uptr *ThreadLong = GetCurrentThreadLongPtr();
#if HWASAN_WITH_INTERCEPTORS #if HWASAN_WITH_INTERCEPTORS
▲ Show 20 LinesShow All 126 LinesShow Last 20 Lines

lib/hwasan/hwasan_thread.h

Show All 18 Lines
namespace __hwasan { namespace __hwasan {
typedef __sanitizer::CompactRingBuffer<uptr> StackAllocationsRingBuffer; typedef __sanitizer::CompactRingBuffer<uptr> StackAllocationsRingBuffer;
class Thread { class Thread {
public: public:
void Init(uptr stack_buffer_start, uptr stack_buffer_size); // Must be called from the thread itself. void Init(uptr stack_buffer_start, uptr stack_buffer_size); // Must be called from the thread itself.
void InitRandomState();
void Destroy(); void Destroy();
uptr stack_top() { return stack_top_; } uptr stack_top() { return stack_top_; }
uptr stack_bottom() { return stack_bottom_; } uptr stack_bottom() { return stack_bottom_; }
uptr stack_size() { return stack_top() - stack_bottom(); } uptr stack_size() { return stack_top() - stack_bottom(); }
uptr tls_begin() { return tls_begin_; } uptr tls_begin() { return tls_begin_; }
uptr tls_end() { return tls_end_; } uptr tls_end() { return tls_end_; }
bool IsMainThread() { return unique_id_ == 0; } bool IsMainThread() { return unique_id_ == 0; }
▲ Show 20 LinesShow All 79 LinesShow Last 20 Lines

lib/hwasan/hwasan_thread.cc

Show All 19 Lines if (UNLIKELY(!GetRandom(reinterpret_cast<void *>(&seed), sizeof(seed),
seed = static_cast<u32>( seed = static_cast<u32>(
(NanoTime() >> 12) ^ (NanoTime() >> 12) ^
(reinterpret_cast<uptr>(__builtin_frame_address(0)) >> 4)); (reinterpret_cast<uptr>(__builtin_frame_address(0)) >> 4));
} }
} while (!seed); } while (!seed);
return seed; return seed;
} }
void Thread::InitRandomState() {
random_state_ = flags()->random_tags ? RandomSeed() : unique_id_;
}
void Thread::Init(uptr stack_buffer_start, uptr stack_buffer_size) { void Thread::Init(uptr stack_buffer_start, uptr stack_buffer_size) {
static u64 unique_id; static u64 unique_id;
unique_id_ = unique_id++; unique_id_ = unique_id++;
random_state_ = flags()->random_tags ? RandomSeed() : unique_id_;
if (auto sz = flags()->heap_history_size) if (auto sz = flags()->heap_history_size)
heap_allocations_ = HeapAllocationsRingBuffer::New(sz); heap_allocations_ = HeapAllocationsRingBuffer::New(sz);
HwasanTSDThreadInit(); // Only needed with interceptors. HwasanTSDThreadInit(); // Only needed with interceptors.
uptr *ThreadLong = GetCurrentThreadLongPtr(); uptr *ThreadLong = GetCurrentThreadLongPtr();
// The following implicitly sets (this) as the current thread. // The following implicitly sets (this) as the current thread.
stack_allocations_ = new (ThreadLong) stack_allocations_ = new (ThreadLong)
StackAllocationsRingBuffer((void *)stack_buffer_start, stack_buffer_size); StackAllocationsRingBuffer((void *)stack_buffer_start, stack_buffer_size);
▲ Show 20 LinesShow All 80 LinesShow Last 20 Lines