This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/
-
lib/sanitizer_common/
-
sanitizer_common/
1/6
sanitizer_common_interceptors.inc
-
sanitizer_platform_interceptors.h
-
test/sanitizer_common/TestCases/Linux/
-
sanitizer_common/
-
TestCases/
-
Linux/
1/1
xdrrec.cpp

Differential D83358

[Sanitizers] Add interceptor for xdrrec_create
ClosedPublic

Authored by guiand on Jul 7 2020, 4:34 PM.

Download Raw Diff

Details

Reviewers

eugenis
vitalybuka

Commits

rGf93b55a5ab9d: [Sanitizers] Add interceptor for xdrrec_create

Summary

For now, xdrrec_create is only intercepted Linux as its signature
is different on Solaris.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

guiand created this revision.Jul 7 2020, 4:34 PM

Herald added a project: Restricted Project. · View Herald TranscriptJul 7 2020, 4:34 PM

Herald added subscribers: Restricted Project, fedor.sergeev. · View Herald Transcript

eugenis added inline comments.Jul 7 2020, 5:02 PM

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
5803	I would not do this, we unpoison *xdrs in some places, but its probably better not to rely on it. This is terrible API and the less we do with it, the better. Remove these three interceptors.
5880	There is a handle parameter, you can use it wrap both read and write by passing a pointer to {real_handle, ctx, real_write, real_read} as the new handle.

eugenis added inline comments.Jul 7 2020, 5:07 PM

compiler-rt/test/sanitizer_common/TestCases/Linux/xdrrec.cpp
4	This line is unnecessary.

guiand marked an inline comment as done.Jul 7 2020, 5:48 PM

guiand added inline comments.

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
5880	I used that originally, but I was concerned the handle parameter might be saved somewhere inside the XDR struct in a user-accessible way. I actually went with the thread local data because these callbacks are used beyond the stack frame of just this function, so allocating such a struct on the stack would cause problems.

Remove interceptors besides xdrrec_create

guiand marked an inline comment as done.Jul 7 2020, 5:52 PM

Harbormaster failed remote builds in B63329: Diff 276261!Jul 7 2020, 6:44 PM

Harbormaster failed remote builds in B63343: Diff 276287!Jul 7 2020, 7:53 PM

eugenis added inline comments.Jul 8 2020, 12:47 PM

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
5880	Would not thread-local storage cause even bigger problems in that case? Imagine another xdrrec_create called inside a write callback or simply two instances of xdrrec created in the same thread or even xdr_* functions invoked on a different thread from the one where xdrrec was created

read also needs to be wrapped to do COMMON_INTERCEPTOR_UNPOISON_PARAM

This solution isn't super ideal but I couldn't think of a way around it.

We can't just allocate a handle on the heap in xdrrec_create and leave it at that, since there'd be no way to free it later. This is because it doesn't seem to be possible to access handle from the XDR struct, which is the only argument to xdr_destroy.
On the other hand, the callbacks don't have a way to get at the x_private field of XDR, which is what I chose for the HashMap key. So we need to wrap the handle parameter of the callbacks. But we can't just pass x_private as handle (as it hasn't been set yet). We can't put the wrapper struct into the HashMap and pass its pointer as handle, as the key we need (x_private again) hasn't been set yet.

So I allocate the wrapper struct on the heap, pass its pointer as handle, and put it into the HashMap so xdr_destroy can find it later and destroy it.

Harbormaster failed remote builds in B63521: Diff 276611!Jul 8 2020, 6:36 PM

LGTM w/ nit

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
5839	Remove _LINUX. If other platforms need a different implementation, then can add it later, or even add some ifdefs in the interceptor body,
5846	static

This revision is now accepted and ready to land.Jul 21 2020, 4:15 PM

Closed by commit rGf93b55a5ab9d: [Sanitizers] Add interceptor for xdrrec_create (authored by guiand). · Explain WhyJul 22 2020, 10:30 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

compiler-rt/

lib/

sanitizer_common/

sanitizer_common_interceptors.inc

74 lines

sanitizer_platform_interceptors.h

1 line

test/

sanitizer_common/

TestCases/

Linux/

xdrrec.cpp

27 lines

Diff 279878

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 5,794 Lines • ▼ Show 20 Lines	INTERCEPTOR(int, xdr_string, __sanitizer_XDR xdrs, char *p,
int res = REAL(xdr_string)(xdrs, p, maxsize);		int res = REAL(xdr_string)(xdrs, p, maxsize);
if (p && xdrs->x_op == __sanitizer_XDR_DECODE) {		if (p && xdrs->x_op == __sanitizer_XDR_DECODE) {
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, p, sizeof(*p));		COMMON_INTERCEPTOR_WRITE_RANGE(ctx, p, sizeof(*p));
if (res && *p)		if (res && *p)
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, p, REAL(strlen)(p) + 1);		COMMON_INTERCEPTOR_WRITE_RANGE(ctx, p, REAL(strlen)(p) + 1);
}		}
return res;		return res;
}		}

		eugenisUnsubmitted Not Done Reply Inline Actions I would not do this, we unpoison xdrs in some places, but its probably better not to rely on it. This is terrible API and the less we do with it, the better. Remove these three interceptors. eugenis:* I would not do this, we unpoison *xdrs in some places, but its probably better not to rely on…
#define INIT_XDR \		#define INIT_XDR \
COMMON_INTERCEPT_FUNCTION(xdrmem_create); \		COMMON_INTERCEPT_FUNCTION(xdrmem_create); \
COMMON_INTERCEPT_FUNCTION(xdrstdio_create); \		COMMON_INTERCEPT_FUNCTION(xdrstdio_create); \
COMMON_INTERCEPT_FUNCTION(xdr_short); \		COMMON_INTERCEPT_FUNCTION(xdr_short); \
COMMON_INTERCEPT_FUNCTION(xdr_u_short); \		COMMON_INTERCEPT_FUNCTION(xdr_u_short); \
COMMON_INTERCEPT_FUNCTION(xdr_int); \		COMMON_INTERCEPT_FUNCTION(xdr_int); \
COMMON_INTERCEPT_FUNCTION(xdr_u_int); \		COMMON_INTERCEPT_FUNCTION(xdr_u_int); \
COMMON_INTERCEPT_FUNCTION(xdr_long); \		COMMON_INTERCEPT_FUNCTION(xdr_long); \
Show All 19 Lines	#define INIT_XDR \
COMMON_INTERCEPT_FUNCTION(xdr_float); \		COMMON_INTERCEPT_FUNCTION(xdr_float); \
COMMON_INTERCEPT_FUNCTION(xdr_double); \		COMMON_INTERCEPT_FUNCTION(xdr_double); \
COMMON_INTERCEPT_FUNCTION(xdr_bytes); \		COMMON_INTERCEPT_FUNCTION(xdr_bytes); \
COMMON_INTERCEPT_FUNCTION(xdr_string);		COMMON_INTERCEPT_FUNCTION(xdr_string);
#else		#else
#define INIT_XDR		#define INIT_XDR
#endif // SANITIZER_INTERCEPT_XDR		#endif // SANITIZER_INTERCEPT_XDR

		#if SANITIZER_INTERCEPT_XDRREC
		eugenisUnsubmitted Not Done Reply Inline Actions Remove _LINUX. If other platforms need a different implementation, then can add it later, or even add some ifdefs in the interceptor body, eugenis: Remove _LINUX. If other platforms need a different implementation, then can add it later, or…
		typedef int (xdrrec_cb)(char, char*, int);
		struct XdrRecWrapper {
		char *handle;
		xdrrec_cb rd, wr;
		};
		typedef AddrHashMap<XdrRecWrapper *, 11> XdrRecWrapMap;
		static XdrRecWrapMap *xdrrec_wrap_map;
		eugenisUnsubmitted Not Done Reply Inline Actions static eugenis: static

		static int xdrrec_wr_wrap(char handle, char buf, int count) {
		COMMON_INTERCEPTOR_UNPOISON_PARAM(3);
		COMMON_INTERCEPTOR_INITIALIZE_RANGE(buf, count);
		XdrRecWrapper wrap = (XdrRecWrapper )handle;
		return wrap->wr(wrap->handle, buf, count);
		}

		static int xdrrec_rd_wrap(char handle, char buf, int count) {
		COMMON_INTERCEPTOR_UNPOISON_PARAM(3);
		XdrRecWrapper wrap = (XdrRecWrapper )handle;
		return wrap->rd(wrap->handle, buf, count);
		}

		// This doesn't apply to the solaris version as it has a different function
		// signature.
		INTERCEPTOR(void, xdrrec_create, __sanitizer_XDR *xdr, unsigned sndsize,
		unsigned rcvsize, char handle, int (rd)(char, char, int),
		int (wr)(char, char*, int)) {
		void *ctx;
		COMMON_INTERCEPTOR_ENTER(ctx, xdrrec_create, xdr, sndsize, rcvsize,
		handle, rd, wr);
		COMMON_INTERCEPTOR_READ_RANGE(ctx, &xdr->x_op, sizeof xdr->x_op);

		// We can't allocate a wrapper on the stack, as the handle is used outside
		// this stack frame. So we put it on the heap, and keep track of it with
		// the HashMap (keyed by x_private). When we later need to xdr_destroy,
		// we can index the map, free the wrapper, and then clean the map entry.
		XdrRecWrapper *wrap_data =
		(XdrRecWrapper *)InternalAlloc(sizeof(XdrRecWrapper));
		wrap_data->handle = handle;
		wrap_data->rd = rd;
		wrap_data->wr = wr;
		if (wr)
		eugenisUnsubmitted Not Done Reply Inline Actions There is a handle parameter, you can use it wrap both read and write by passing a pointer to {real_handle, ctx, real_write, real_read} as the new handle. eugenis: There is a handle parameter, you can use it wrap both read and write by passing a pointer to…
		guiandAuthorUnsubmitted Done Reply Inline Actions I used that originally, but I was concerned the handle parameter might be saved somewhere inside the XDR struct in a user-accessible way. I actually went with the thread local data because these callbacks are used beyond the stack frame of just this function, so allocating such a struct on the stack would cause problems. guiand: I used that originally, but I was concerned the handle parameter might be saved somewhere…
		eugenisUnsubmitted Not Done Reply Inline Actions Would not thread-local storage cause even bigger problems in that case? Imagine another xdrrec_create called inside a write callback or simply two instances of xdrrec created in the same thread or even xdr_* functions invoked on a different thread from the one where xdrrec was created eugenis: Would not thread-local storage cause even bigger problems in that case? Imagine 1. another…
		wr = xdrrec_wr_wrap;
		if (rd)
		rd = xdrrec_rd_wrap;
		handle = (char *)wrap_data;

		REAL(xdrrec_create)(xdr, sndsize, rcvsize, handle, rd, wr);
		COMMON_INTERCEPTOR_WRITE_RANGE(ctx, xdr, sizeof *xdr);

		XdrRecWrapMap::Handle wrap(xdrrec_wrap_map, xdr->x_private, false, true);
		*wrap = wrap_data;
		}

		// We have to intercept this to be able to free wrapper memory;
		// otherwise it's not necessary.
		INTERCEPTOR(void, xdr_destroy, __sanitizer_XDR *xdr) {
		void *ctx;
		COMMON_INTERCEPTOR_ENTER(ctx, xdr_destroy, xdr);

		XdrRecWrapMap::Handle wrap(xdrrec_wrap_map, xdr->x_private, true);
		InternalFree(*wrap);
		REAL(xdr_destroy)(xdr);
		}
		#define INIT_XDRREC_LINUX \
		static u64 xdrrec_wrap_mem[sizeof(XdrRecWrapMap) / sizeof(u64) + 1]; \
		xdrrec_wrap_map = new ((void *)&xdrrec_wrap_mem) XdrRecWrapMap(); \
		COMMON_INTERCEPT_FUNCTION(xdrrec_create); \
		COMMON_INTERCEPT_FUNCTION(xdr_destroy);
		#else
		#define INIT_XDRREC_LINUX
		#endif

#if SANITIZER_INTERCEPT_TSEARCH		#if SANITIZER_INTERCEPT_TSEARCH
INTERCEPTOR(void , tsearch, void key, void **rootp,		INTERCEPTOR(void , tsearch, void key, void **rootp,
int (compar)(const void , const void *)) {		int (compar)(const void , const void *)) {
void *ctx;		void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, tsearch, key, rootp, compar);		COMMON_INTERCEPTOR_ENTER(ctx, tsearch, key, rootp, compar);
// FIXME: under ASan the call below may write to freed memory and corrupt		// FIXME: under ASan the call below may write to freed memory and corrupt
// its metadata. See		// its metadata. See
// https://github.com/google/sanitizers/issues/321.		// https://github.com/google/sanitizers/issues/321.
▲ Show 20 Lines • Show All 4,242 Lines • ▼ Show 20 Lines	#endif
INIT_GETIFADDRS;		INIT_GETIFADDRS;
INIT_IF_INDEXTONAME;		INIT_IF_INDEXTONAME;
INIT_CAPGET;		INIT_CAPGET;
INIT_AEABI_MEM;		INIT_AEABI_MEM;
INIT___BZERO;		INIT___BZERO;
INIT_BZERO;		INIT_BZERO;
INIT_FTIME;		INIT_FTIME;
INIT_XDR;		INIT_XDR;
		INIT_XDRREC_LINUX;
INIT_TSEARCH;		INIT_TSEARCH;
INIT_LIBIO_INTERNALS;		INIT_LIBIO_INTERNALS;
INIT_FOPEN;		INIT_FOPEN;
INIT_FOPEN64;		INIT_FOPEN64;
INIT_OPEN_MEMSTREAM;		INIT_OPEN_MEMSTREAM;
INIT_OBSTACK;		INIT_OBSTACK;
INIT_FFLUSH;		INIT_FFLUSH;
INIT_FCLOSE;		INIT_FCLOSE;
▲ Show 20 Lines • Show All 99 Lines • Show Last 20 Lines

compiler-rt/lib/sanitizer_common/sanitizer_platform_interceptors.h

	Show First 20 Lines • Show All 434 Lines • ▼ Show 20 Lines
	#else			#else
	#define SANITIZER_INTERCEPT_AEABI_MEM 0			#define SANITIZER_INTERCEPT_AEABI_MEM 0
	#endif			#endif
	#define SANITIZER_INTERCEPT___BZERO SI_MAC \|\| SI_LINUX_NOT_ANDROID			#define SANITIZER_INTERCEPT___BZERO SI_MAC \|\| SI_LINUX_NOT_ANDROID
	#define SANITIZER_INTERCEPT_BZERO SI_LINUX_NOT_ANDROID			#define SANITIZER_INTERCEPT_BZERO SI_LINUX_NOT_ANDROID
	#define SANITIZER_INTERCEPT_FTIME \			#define SANITIZER_INTERCEPT_FTIME \
	(!SI_FREEBSD && !SI_NETBSD && !SI_OPENBSD && SI_POSIX)			(!SI_FREEBSD && !SI_NETBSD && !SI_OPENBSD && SI_POSIX)
	#define SANITIZER_INTERCEPT_XDR SI_LINUX_NOT_ANDROID \|\| SI_SOLARIS			#define SANITIZER_INTERCEPT_XDR SI_LINUX_NOT_ANDROID \|\| SI_SOLARIS
				#define SANITIZER_INTERCEPT_XDRREC SI_LINUX_NOT_ANDROID
	#define SANITIZER_INTERCEPT_TSEARCH \			#define SANITIZER_INTERCEPT_TSEARCH \
	(SI_LINUX_NOT_ANDROID \|\| SI_MAC \|\| SI_NETBSD \|\| SI_OPENBSD \|\| SI_SOLARIS)			(SI_LINUX_NOT_ANDROID \|\| SI_MAC \|\| SI_NETBSD \|\| SI_OPENBSD \|\| SI_SOLARIS)
	#define SANITIZER_INTERCEPT_LIBIO_INTERNALS SI_LINUX_NOT_ANDROID			#define SANITIZER_INTERCEPT_LIBIO_INTERNALS SI_LINUX_NOT_ANDROID
	#define SANITIZER_INTERCEPT_FOPEN SI_POSIX			#define SANITIZER_INTERCEPT_FOPEN SI_POSIX
	#define SANITIZER_INTERCEPT_FOPEN64 SI_LINUX_NOT_ANDROID \|\| SI_SOLARIS32			#define SANITIZER_INTERCEPT_FOPEN64 SI_LINUX_NOT_ANDROID \|\| SI_SOLARIS32
	#define SANITIZER_INTERCEPT_OPEN_MEMSTREAM \			#define SANITIZER_INTERCEPT_OPEN_MEMSTREAM \
	(SI_LINUX_NOT_ANDROID \|\| SI_NETBSD \|\| SI_OPENBSD \|\| SI_SOLARIS)			(SI_LINUX_NOT_ANDROID \|\| SI_NETBSD \|\| SI_OPENBSD \|\| SI_SOLARIS)
	#define SANITIZER_INTERCEPT_OBSTACK SI_LINUX_NOT_ANDROID			#define SANITIZER_INTERCEPT_OBSTACK SI_LINUX_NOT_ANDROID
	▲ Show 20 Lines • Show All 160 Lines • Show Last 20 Lines

compiler-rt/test/sanitizer_common/TestCases/Linux/xdrrec.cpp

This file was added.

				// RUN: %clangxx -O0 %s -o %t && %run %t \| FileCheck %s
				// REQUIRES: !android
				#include <cassert>
				#include <rpc/xdr.h>
				eugenisUnsubmitted Done Reply Inline Actions This line is unnecessary. eugenis: This line is unnecessary.

				int print_msg(char handle, char buf, int len) {
				if (len > 0) {
				for (size_t i = 0; i < len; i++) {
				printf("%02x ", (uint8_t)buf[i]);
				}
				printf("\n");
				}
				return len;
				}

				int main() {
				XDR xdrs;
				xdrs.x_op = XDR_ENCODE;

				xdrrec_create(&xdrs, 0, 0, nullptr, nullptr, print_msg);
				unsigned foo = 42;
				assert(xdr_u_int(&xdrs, &foo));
				assert(xdrrec_endofrecord(&xdrs, /sendnow/ true));
				xdr_destroy(&xdrs);
				}

				// CHECK: 00 00 00 2a