This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/
-
lib/
-
msan/
-
msan_interceptors.cpp
-
sanitizer_common/
1
sanitizer_common_interceptors.inc
-
sanitizer_linux_s390.cpp
-
sanitizer_platform_interceptors.h
-
test/sanitizer_common/TestCases/Posix/
-
sanitizer_common/
-
TestCases/
-
Posix/
-
uname.c

Differential D76578

[compiler-rt] Intercept the uname() function
ClosedPublic

Authored by iii on Mar 22 2020, 3:47 PM.

Download Raw Diff

Details

Reviewers

eugenis
vitalybuka
uweigand
jonpa

Commits

rG5f5fb56c68e4: [compiler-rt] Intercept the uname() function

Summary

Move interceptor from msan to sanitizer_common_interceptors.inc, so that
other sanitizers could benefit.

Adjust FixedCVE_2016_2143() to deal with the intercepted uname().

Patch by Ilya Leoshkevich.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

iii created this revision.Mar 22 2020, 3:47 PM

Herald added a project: Restricted Project. · View Herald TranscriptMar 22 2020, 3:47 PM

Herald added subscribers: Restricted Project, krytarowski, dberris. · View Herald Transcript

Harbormaster failed remote builds in B50049: Diff 251925!Mar 22 2020, 5:10 PM

vitalybuka accepted this revision.Mar 22 2020, 7:20 PM

vitalybuka added inline comments.

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
9752	instead of if SANITIZER_FREEBSD please use separate #define SANITIZER_INTERCEPT_UNAME (SI_POSIX && !SI_FREEBSD) #define SANITIZER_INTERCEPT__XUNAME SI_FREEBSD

This revision is now accepted and ready to land.Mar 22 2020, 7:20 PM

Introduced SANITIZER_INTERCEPT___XUNAME

Harbormaster failed remote builds in B50087: Diff 251981!Mar 23 2020, 4:53 AM

eugenis accepted this revision.Mar 23 2020, 11:44 AM

vitalybuka edited the summary of this revision. (Show Details)Mar 23 2020, 12:59 PM

Closed by commit rG5f5fb56c68e4: [compiler-rt] Intercept the uname() function (authored by iii, committed by vitalybuka). · Explain WhyMar 23 2020, 1:06 PM

This revision was automatically updated to reflect the committed changes.

This change broke the sanitizer-x86_64-linux bot: http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux/builds/26313
Please take a look.

Unfortunately I was unable to reproduce locally (Debian testing) and was only able to reproduce on the bot itself (which runs Debian stretch set up using this script:
https://github.com/google/sanitizers/blob/master/buildbot/start_script.sh
). Vitaly probably knows more about how the bot was set up if you have trouble reproducing.

I'll check. I was hoping this was already fixed by https://reviews.llvm.org/D76776, but the last build http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux/builds/26367 already contains that commit, and yet it still fails with the same symptoms.

I've installed stretch and hit the following issue:

Program received signal SIGILL, Illegal instruction.
0xf7ddab52 in _xbegin () at ../sysdeps/unix/sysv/linux/x86/hle.h:53
53	  asm volatile (".byte 0xc7,0xf8 ; .long 0" : "+a" (ret) :: "memory");
(gdb) bt
#0  0xf7ddab52 in _xbegin () at ../sysdeps/unix/sysv/linux/x86/hle.h:53
#1  __GI___pthread_rwlock_rdlock (rwlock=<optimized out>) at pthread_rwlock_rdlock.c:128
#2  0xf7c12964 in __dcigettext (domainname=0xf7d4cfd8 <_libc_intl_domainname> "libc", msgid1=0xf6103970 "undefined symbol: swift_demangle", msgid2=0x0, plural=0, n=0, category=5) at dcigettext.c:527
#3  0xf7c115e6 in __GI___dcgettext (domainname=0xf7d4cfd8 <_libc_intl_domainname> "libc", msgid=0xf6103970 "undefined symbol: swift_demangle", category=5) at dcgettext.c:47
#4  0xf7dc31d9 in __dlerror () at dlerror.c:94
#5  0x08135e70 in __sanitizer::InitializeSwiftDemangler () at $HOME/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cpp:75
#6  __sanitizer::Symbolizer::LateInitialize () at $HOME/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cpp:482
#7  0x0810eb32 in __asan::AsanInitInternal () at $HOME/llvm-project/compiler-rt/lib/asan/asan_rtl.cpp:521
#8  0x0810ec80 in __asan::AsanInitInternal () at $HOME/llvm-project/compiler-rt/lib/asan/asan_rtl.cpp:538
#9  __asan::AsanInitFromRtl () at $HOME/llvm-project/compiler-rt/lib/asan/asan_rtl.cpp:537
#10 0x08091b0d in __interceptor_uname (utsname=0xffffd350) at $HOME/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:9752
#11 0xf7dd4ed7 in is_smp_system () at ../sysdeps/unix/sysv/linux/i386/smp.h:39
#12 __pthread_initialize_minimal_internal () at nptl-init.c:487
#13 0xf7dd43d8 in _init () at ../sysdeps/i386/crti.S:74
#14 0x00000000 in ?? ()

The problem is that libc calls uname() very early - earlier than it finds out hardware capabilities (in this case: whether lock elision is available).
COMMON_INTERCEPTOR_ENTER, however, triggers usage of functions that use these capabilities.
I think the solution should be to avoid calling ENSURE_ASAN_INITED in COMMON_INTERCEPTOR_ENTER for uname().
Something like this seems to be already implemented for macOS:

if (SANITIZER_MAC && UNLIKELY(!asan_inited))                               \
  return REAL(func)(__VA_ARGS__);                                          \

Revision Contents

Path

Size

compiler-rt/

lib/

msan/

msan_interceptors.cpp

25 lines

sanitizer_common/

sanitizer_common_interceptors.inc

36 lines

sanitizer_linux_s390.cpp

13 lines

sanitizer_platform_interceptors.h

2 lines

test/

sanitizer_common/

TestCases/

Posix/

uname.c

13 lines

Diff 252127

compiler-rt/lib/msan/msan_interceptors.cpp

Show First 20 Lines • Show All 818 Lines • ▼ Show 20 Lines
#define MSAN_MAYBE_INTERCEPT_PRLIMIT64 INTERCEPT_FUNCTION(prlimit64)		#define MSAN_MAYBE_INTERCEPT_PRLIMIT64 INTERCEPT_FUNCTION(prlimit64)
#else		#else
#define MSAN_MAYBE_INTERCEPT___GETRLIMIT		#define MSAN_MAYBE_INTERCEPT___GETRLIMIT
#define MSAN_MAYBE_INTERCEPT_GETRLIMIT64		#define MSAN_MAYBE_INTERCEPT_GETRLIMIT64
#define MSAN_MAYBE_INTERCEPT_PRLIMIT		#define MSAN_MAYBE_INTERCEPT_PRLIMIT
#define MSAN_MAYBE_INTERCEPT_PRLIMIT64		#define MSAN_MAYBE_INTERCEPT_PRLIMIT64
#endif		#endif

#if SANITIZER_FREEBSD
// FreeBSD's <sys/utsname.h> define uname() as
// static __inline int uname(struct utsname *name) {
// return __xuname(SYS_NMLN, (void*)name);
// }
INTERCEPTOR(int, __xuname, int size, void *utsname) {
ENSURE_MSAN_INITED();
int res = REAL(__xuname)(size, utsname);
if (!res)
__msan_unpoison(utsname, __sanitizer::struct_utsname_sz);
return res;
}
#define MSAN_INTERCEPT_UNAME INTERCEPT_FUNCTION(__xuname)
#else
INTERCEPTOR(int, uname, struct utsname *utsname) {
ENSURE_MSAN_INITED();
int res = REAL(uname)(utsname);
if (!res)
__msan_unpoison(utsname, __sanitizer::struct_utsname_sz);
return res;
}
#define MSAN_INTERCEPT_UNAME INTERCEPT_FUNCTION(uname)
#endif

INTERCEPTOR(int, gethostname, char *name, SIZE_T len) {		INTERCEPTOR(int, gethostname, char *name, SIZE_T len) {
ENSURE_MSAN_INITED();		ENSURE_MSAN_INITED();
int res = REAL(gethostname)(name, len);		int res = REAL(gethostname)(name, len);
if (!res) {		if (!res) {
SIZE_T real_len = REAL(strnlen)(name, len);		SIZE_T real_len = REAL(strnlen)(name, len);
if (real_len < len)		if (real_len < len)
++real_len;		++real_len;
__msan_unpoison(name, real_len);		__msan_unpoison(name, real_len);
▲ Show 20 Lines • Show All 841 Lines • ▼ Show 20 Lines	#endif
INTERCEPT_FUNCTION(pipe2);		INTERCEPT_FUNCTION(pipe2);
INTERCEPT_FUNCTION(socketpair);		INTERCEPT_FUNCTION(socketpair);
MSAN_MAYBE_INTERCEPT_FGETS_UNLOCKED;		MSAN_MAYBE_INTERCEPT_FGETS_UNLOCKED;
INTERCEPT_FUNCTION(getrlimit);		INTERCEPT_FUNCTION(getrlimit);
MSAN_MAYBE_INTERCEPT___GETRLIMIT;		MSAN_MAYBE_INTERCEPT___GETRLIMIT;
MSAN_MAYBE_INTERCEPT_GETRLIMIT64;		MSAN_MAYBE_INTERCEPT_GETRLIMIT64;
MSAN_MAYBE_INTERCEPT_PRLIMIT;		MSAN_MAYBE_INTERCEPT_PRLIMIT;
MSAN_MAYBE_INTERCEPT_PRLIMIT64;		MSAN_MAYBE_INTERCEPT_PRLIMIT64;
MSAN_INTERCEPT_UNAME;
INTERCEPT_FUNCTION(gethostname);		INTERCEPT_FUNCTION(gethostname);
MSAN_MAYBE_INTERCEPT_EPOLL_WAIT;		MSAN_MAYBE_INTERCEPT_EPOLL_WAIT;
MSAN_MAYBE_INTERCEPT_EPOLL_PWAIT;		MSAN_MAYBE_INTERCEPT_EPOLL_PWAIT;
INTERCEPT_FUNCTION(dladdr);		INTERCEPT_FUNCTION(dladdr);
INTERCEPT_FUNCTION(dlerror);		INTERCEPT_FUNCTION(dlerror);
INTERCEPT_FUNCTION(dl_iterate_phdr);		INTERCEPT_FUNCTION(dl_iterate_phdr);
INTERCEPT_FUNCTION(getrusage);		INTERCEPT_FUNCTION(getrusage);
#if defined(__mips__)		#if defined(__mips__)
Show All 22 Lines

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 9,743 Lines • ▼ Show 20 Lines	INTERCEPTOR(int, sigaltstack, void ss, void oss) {
}		}
return r;		return r;
}		}
#define INIT_SIGALTSTACK COMMON_INTERCEPT_FUNCTION(sigaltstack)		#define INIT_SIGALTSTACK COMMON_INTERCEPT_FUNCTION(sigaltstack)
#else		#else
#define INIT_SIGALTSTACK		#define INIT_SIGALTSTACK
#endif		#endif

		#if SANITIZER_INTERCEPT_UNAME
		vitalybukaUnsubmitted Not Done Reply Inline Actions instead of if SANITIZER_FREEBSD please use separate #define SANITIZER_INTERCEPT_UNAME (SI_POSIX && !SI_FREEBSD) #define SANITIZER_INTERCEPT__XUNAME SI_FREEBSD vitalybuka: instead of if SANITIZER_FREEBSD please use separate ``` #define SANITIZER_INTERCEPT_UNAME…
		INTERCEPTOR(int, uname, struct utsname *utsname) {
		void *ctx;
		COMMON_INTERCEPTOR_ENTER(ctx, uname, utsname);
		int res = REAL(uname)(utsname);
		if (!res)
		COMMON_INTERCEPTOR_WRITE_RANGE(ctx, utsname,
		__sanitizer::struct_utsname_sz);
		return res;
		}
		#define INIT_UNAME COMMON_INTERCEPT_FUNCTION(uname)
		#else
		#define INIT_UNAME
		#endif

		#if SANITIZER_INTERCEPT___XUNAME
		// FreeBSD's <sys/utsname.h> define uname() as
		// static __inline int uname(struct utsname *name) {
		// return __xuname(SYS_NMLN, (void*)name);
		// }
		INTERCEPTOR(int, __xuname, int size, void *utsname) {
		void *ctx;
		COMMON_INTERCEPTOR_ENTER(ctx, __xuname, size, utsname);
		int res = REAL(__xuname)(size, utsname);
		if (!res)
		COMMON_INTERCEPTOR_WRITE_RANGE(ctx, utsname,
		__sanitizer::struct_utsname_sz);
		return res;
		}
		#define INIT___XUNAME COMMON_INTERCEPT_FUNCTION(__xuname)
		#else
		#define INIT___XUNAME
		#endif

#include "sanitizer_common_interceptors_netbsd_compat.inc"		#include "sanitizer_common_interceptors_netbsd_compat.inc"

static void InitializeCommonInterceptors() {		static void InitializeCommonInterceptors() {
#if SI_POSIX		#if SI_POSIX
static u64 metadata_mem[sizeof(MetadataHashMap) / sizeof(u64) + 1];		static u64 metadata_mem[sizeof(MetadataHashMap) / sizeof(u64) + 1];
interceptor_metadata_map = new ((void *)&metadata_mem) MetadataHashMap();		interceptor_metadata_map = new ((void *)&metadata_mem) MetadataHashMap();
#endif		#endif

▲ Show 20 Lines • Show All 290 Lines • ▼ Show 20 Lines	#endif
INIT_SL_INIT;		INIT_SL_INIT;
INIT_GETRANDOM;		INIT_GETRANDOM;
INIT_CRYPT;		INIT_CRYPT;
INIT_CRYPT_R;		INIT_CRYPT_R;
INIT_GETENTROPY;		INIT_GETENTROPY;
INIT_QSORT;		INIT_QSORT;
INIT_QSORT_R;		INIT_QSORT_R;
INIT_SIGALTSTACK;		INIT_SIGALTSTACK;
		INIT_UNAME;
		INIT___XUNAME;

INIT___PRINTF_CHK;		INIT___PRINTF_CHK;
}		}

compiler-rt/lib/sanitizer_common/sanitizer_linux_s390.cpp

	Show All 9 Lines
	// run-time libraries and implements s390-linux-specific functions from			// run-time libraries and implements s390-linux-specific functions from
	// sanitizer_libc.h.			// sanitizer_libc.h.
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//

	#include "sanitizer_platform.h"			#include "sanitizer_platform.h"

	#if SANITIZER_LINUX && SANITIZER_S390			#if SANITIZER_LINUX && SANITIZER_S390

	#include "sanitizer_libc.h"			#include <dlfcn.h>
	#include "sanitizer_linux.h"

	#include <errno.h>			#include <errno.h>
	#include <sys/syscall.h>			#include <sys/syscall.h>
	#include <sys/utsname.h>			#include <sys/utsname.h>
	#include <unistd.h>			#include <unistd.h>

				#include "sanitizer_libc.h"
				#include "sanitizer_linux.h"

	namespace __sanitizer {			namespace __sanitizer {

	// --------------- sanitizer_libc.h			// --------------- sanitizer_libc.h
	uptr internal_mmap(void *addr, uptr length, int prot, int flags, int fd,			uptr internal_mmap(void *addr, uptr length, int prot, int flags, int fd,
	u64 offset) {			u64 offset) {
	struct s390_mmap_params {			struct s390_mmap_params {
	unsigned long addr;			unsigned long addr;
	unsigned long length;			unsigned long length;
	▲ Show 20 Lines • Show All 83 Lines • ▼ Show 20 Lines

	#if SANITIZER_S390_64			#if SANITIZER_S390_64
	static bool FixedCVE_2016_2143() {			static bool FixedCVE_2016_2143() {
	// Try to determine if the running kernel has a fix for CVE-2016-2143,			// Try to determine if the running kernel has a fix for CVE-2016-2143,
	// return false if in doubt (better safe than sorry). Distros may want to			// return false if in doubt (better safe than sorry). Distros may want to
	// adjust this for their own kernels.			// adjust this for their own kernels.
	struct utsname buf;			struct utsname buf;
	unsigned int major, minor, patch = 0;			unsigned int major, minor, patch = 0;
				// Depending on the concrete sanitizer being used, uname may or may not
				// be intercepted. Make sure we use the libc version in either case.
				using Uname = int ()(struct utsname );
				Uname uname = reinterpret_cast<Uname>(dlsym(RTLD_NEXT, "uname"));
	// This should never fail, but just in case...			// This should never fail, but just in case...
	if (uname(&buf))			if (uname == nullptr \|\| uname(&buf))
	return false;			return false;
	const char *ptr = buf.release;			const char *ptr = buf.release;
	major = internal_simple_strtoll(ptr, &ptr, 10);			major = internal_simple_strtoll(ptr, &ptr, 10);
	// At least first 2 should be matched.			// At least first 2 should be matched.
	if (ptr[0] != '.')			if (ptr[0] != '.')
	return false;			return false;
	minor = internal_simple_strtoll(ptr+1, &ptr, 10);			minor = internal_simple_strtoll(ptr+1, &ptr, 10);
	// Third is optional.			// Third is optional.
	▲ Show 20 Lines • Show All 87 Lines • Show Last 20 Lines

compiler-rt/lib/sanitizer_common/sanitizer_platform_interceptors.h

	Show First 20 Lines • Show All 591 Lines • ▼ Show 20 Lines
	#define SANITIZER_INTERCEPT___CXA_ATEXIT SI_NETBSD			#define SANITIZER_INTERCEPT___CXA_ATEXIT SI_NETBSD
	#define SANITIZER_INTERCEPT_ATEXIT SI_NETBSD			#define SANITIZER_INTERCEPT_ATEXIT SI_NETBSD
	#define SANITIZER_INTERCEPT_PTHREAD_ATFORK SI_NETBSD			#define SANITIZER_INTERCEPT_PTHREAD_ATFORK SI_NETBSD
	#define SANITIZER_INTERCEPT_GETENTROPY SI_FREEBSD			#define SANITIZER_INTERCEPT_GETENTROPY SI_FREEBSD
	#define SANITIZER_INTERCEPT_QSORT \			#define SANITIZER_INTERCEPT_QSORT \
	(SI_POSIX && !SI_IOSSIM && !SI_WATCHOS && !SI_TVOS && !SI_ANDROID)			(SI_POSIX && !SI_IOSSIM && !SI_WATCHOS && !SI_TVOS && !SI_ANDROID)
	#define SANITIZER_INTERCEPT_QSORT_R (SI_LINUX && !SI_ANDROID)			#define SANITIZER_INTERCEPT_QSORT_R (SI_LINUX && !SI_ANDROID)
	#define SANITIZER_INTERCEPT_SIGALTSTACK SI_POSIX			#define SANITIZER_INTERCEPT_SIGALTSTACK SI_POSIX
				#define SANITIZER_INTERCEPT_UNAME (SI_POSIX && !SI_FREEBSD)
				#define SANITIZER_INTERCEPT___XUNAME SI_FREEBSD

	#endif // #ifndef SANITIZER_PLATFORM_INTERCEPTORS_H			#endif // #ifndef SANITIZER_PLATFORM_INTERCEPTORS_H

compiler-rt/test/sanitizer_common/TestCases/Posix/uname.c

This file was added.

				// RUN: %clang %s -o %t && %run %t

				#include <assert.h>
				#include <stdio.h>
				#include <sys/utsname.h>

				int main() {
				struct utsname buf;
				int err = uname(&buf);
				assert(err == 0);
				printf("%s %s %s %s %s\n", buf.sysname, buf.nodename, buf.release,
				buf.version, buf.machine);
				}