compiler-rt/lib/gwp_asan/optional/segv_handler_posix.cpp

   1 //===-- segv_handler_posix.cpp ----------------------------------*- C++ -*-===//
   2 //
   3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
   4 // See https://llvm.org/LICENSE.txt for license information.
   5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
   6 //
   7 //===----------------------------------------------------------------------===//
   8
   9 #include "gwp_asan/common.h"
  10 #include "gwp_asan/crash_handler.h"
  11 #include "gwp_asan/guarded_pool_allocator.h"
  12 #include "gwp_asan/optional/segv_handler.h"
  13 #include "gwp_asan/options.h"
  14
  15 // RHEL creates the PRIu64 format macro (for printing uint64_t's) only when this
  16 // macro is defined before including <inttypes.h>.
  17 #ifndef __STDC_FORMAT_MACROS
  18 #define __STDC_FORMAT_MACROS 1
  19 #endif
  20
  21 #include <assert.h>
  22 #include <inttypes.h>
  23 #include <signal.h>
  24 #include <stdio.h>
  25
  26 using gwp_asan::AllocationMetadata;
  27 using gwp_asan::Error;
  28 using gwp_asan::GuardedPoolAllocator;
  29 using gwp_asan::Printf_t;
  30 using gwp_asan::backtrace::PrintBacktrace_t;
  31 using gwp_asan::backtrace::SegvBacktrace_t;
  32
  33 namespace {
  34
  35 struct ScopedEndOfReportDecorator {
  36   ScopedEndOfReportDecorator(gwp_asan::Printf_t Printf) : Printf(Printf) {}
  37   ~ScopedEndOfReportDecorator() { Printf("*** End GWP-ASan report ***\n"); }
  38   gwp_asan::Printf_t Printf;
  39 };
  40
  41 // Prints the provided error and metadata information.
  42 void printHeader(Error E, uintptr_t AccessPtr,
  43                  const gwp_asan::AllocationMetadata *Metadata,
  44                  Printf_t Printf) {
  45   // Print using intermediate strings. Platforms like Android don't like when
  46   // you print multiple times to the same line, as there may be a newline
  47   // appended to a log file automatically per Printf() call.
  48   constexpr size_t kDescriptionBufferLen = 128;
  49   char DescriptionBuffer[kDescriptionBufferLen] = "";
  50
  51   bool AccessWasInBounds = false;
  52   if (E != Error::UNKNOWN && Metadata != nullptr) {
  53     uintptr_t Address = __gwp_asan_get_allocation_address(Metadata);
  54     size_t Size = __gwp_asan_get_allocation_size(Metadata);
  55     if (AccessPtr < Address) {
  56       snprintf(DescriptionBuffer, kDescriptionBufferLen,
  57                "(%zu byte%s to the left of a %zu-byte allocation at 0x%zx) ",
  58                Address - AccessPtr, (Address - AccessPtr == 1) ? "" : "s", Size,
  59                Address);
  60     } else if (AccessPtr > Address) {
  61       snprintf(DescriptionBuffer, kDescriptionBufferLen,
  62                "(%zu byte%s to the right of a %zu-byte allocation at 0x%zx) ",
  63                AccessPtr - Address, (AccessPtr - Address == 1) ? "" : "s", Size,
  64                Address);
  65     } else if (E == Error::DOUBLE_FREE) {
  66       snprintf(DescriptionBuffer, kDescriptionBufferLen,
  67                "(a %zu-byte allocation) ", Size);
  68     } else {
  69       AccessWasInBounds = true;
  70       snprintf(DescriptionBuffer, kDescriptionBufferLen,
  71                "(%zu byte%s into a %zu-byte allocation at 0x%zx) ",
  72                AccessPtr - Address, (AccessPtr - Address == 1) ? "" : "s", Size,
  73                Address);
  74     }
  75   }
  76
  77   // Possible number of digits of a 64-bit number: ceil(log10(2^64)) == 20. Add
  78   // a null terminator, and round to the nearest 8-byte boundary.
  79   uint64_t ThreadID = gwp_asan::getThreadID();
  80   constexpr size_t kThreadBufferLen = 24;
  81   char ThreadBuffer[kThreadBufferLen];
  82   if (ThreadID == gwp_asan::kInvalidThreadID)
  83     snprintf(ThreadBuffer, kThreadBufferLen, "<unknown>");
  84   else
  85     snprintf(ThreadBuffer, kThreadBufferLen, "%" PRIu64, ThreadID);
  86
  87   const char *OutOfBoundsAndUseAfterFreeWarning = "";
  88   if (E == Error::USE_AFTER_FREE && !AccessWasInBounds) {
  89     OutOfBoundsAndUseAfterFreeWarning =
  90         " (warning: buffer overflow/underflow detected on a free()'d "
  91         "allocation. This either means you have a buffer-overflow and a "
  92         "use-after-free at the same time, or you have a long-lived "
  93         "use-after-free bug where the allocation/deallocation metadata below "
  94         "has already been overwritten and is likely bogus)";
  95   }
  96
  97   Printf("%s%s at 0x%zx %sby thread %s here:\n", gwp_asan::ErrorToString(E),
  98          OutOfBoundsAndUseAfterFreeWarning, AccessPtr, DescriptionBuffer,
  99          ThreadBuffer);
 100 }
 101
 102 static bool HasReportedBadPoolAccess = false;
 103 static const char *kUnknownCrashText =
 104     "GWP-ASan cannot provide any more information about this error. This may "
 105     "occur due to a wild memory access into the GWP-ASan pool, or an "
 106     "overflow/underflow that is > 512B in length.\n";
 107
 108 void dumpReport(uintptr_t ErrorPtr, const gwp_asan::AllocatorState *State,
 109                 const gwp_asan::AllocationMetadata *Metadata,
 110                 SegvBacktrace_t SegvBacktrace, Printf_t Printf,
 111                 PrintBacktrace_t PrintBacktrace, void *Context) {
 112   assert(State && "dumpReport missing Allocator State.");
 113   assert(Metadata && "dumpReport missing Metadata.");
 114   assert(Printf && "dumpReport missing Printf.");
 115   assert(__gwp_asan_error_is_mine(State, ErrorPtr) &&
 116          "dumpReport() called on a non-GWP-ASan error.");
 117
 118   uintptr_t InternalErrorPtr =
 119       __gwp_asan_get_internal_crash_address(State, ErrorPtr);
 120   if (InternalErrorPtr)
 121     ErrorPtr = InternalErrorPtr;
 122
 123   const gwp_asan::AllocationMetadata *AllocMeta =
 124       __gwp_asan_get_metadata(State, Metadata, ErrorPtr);
 125
 126   if (AllocMeta == nullptr) {
 127     if (HasReportedBadPoolAccess) return;
 128     HasReportedBadPoolAccess = true;
 129     Printf("*** GWP-ASan detected a memory error ***\n");
 130     ScopedEndOfReportDecorator Decorator(Printf);
 131     Printf(kUnknownCrashText);
 132     return;
 133   }
 134
 135   // It's unusual for a signal handler to be invoked multiple times for the same
 136   // allocation, but it's possible in various scenarios, like:
 137   //  1. A double-free or invalid-free was invoked in one thread at the same
 138   //     time as a buffer-overflow or use-after-free in another thread, or
 139   //  2. Two threads do a use-after-free or buffer-overflow at the same time.
 140   // In these instances, we've already dumped a report for this allocation, so
 141   // skip dumping this issue as well.
 142   if (AllocMeta->HasCrashed)
 143     return;
 144
 145   Printf("*** GWP-ASan detected a memory error ***\n");
 146   ScopedEndOfReportDecorator Decorator(Printf);
 147
 148   Error E = __gwp_asan_diagnose_error(State, Metadata, ErrorPtr);
 149   if (E == Error::UNKNOWN) {
 150     Printf(kUnknownCrashText);
 151     return;
 152   }
 153
 154   // Print the error header.
 155   printHeader(E, ErrorPtr, AllocMeta, Printf);
 156
 157   // Print the fault backtrace.
 158   static constexpr unsigned kMaximumStackFramesForCrashTrace = 512;
 159   uintptr_t Trace[kMaximumStackFramesForCrashTrace];
 160   size_t TraceLength =
 161       SegvBacktrace(Trace, kMaximumStackFramesForCrashTrace, Context);
 162
 163   PrintBacktrace(Trace, TraceLength, Printf);
 164
 165   // Maybe print the deallocation trace.
 166   if (__gwp_asan_is_deallocated(AllocMeta)) {
 167     uint64_t ThreadID = __gwp_asan_get_deallocation_thread_id(AllocMeta);
 168     if (ThreadID == gwp_asan::kInvalidThreadID)
 169       Printf("0x%zx was deallocated by thread <unknown> here:\n", ErrorPtr);
 170     else
 171       Printf("0x%zx was deallocated by thread %zu here:\n", ErrorPtr, ThreadID);
 172     TraceLength = __gwp_asan_get_deallocation_trace(
 173         AllocMeta, Trace, kMaximumStackFramesForCrashTrace);
 174     PrintBacktrace(Trace, TraceLength, Printf);
 175   }
 176
 177   // Print the allocation trace.
 178   uint64_t ThreadID = __gwp_asan_get_allocation_thread_id(AllocMeta);
 179   if (ThreadID == gwp_asan::kInvalidThreadID)
 180     Printf("0x%zx was allocated by thread <unknown> here:\n", ErrorPtr);
 181   else
 182     Printf("0x%zx was allocated by thread %zu here:\n", ErrorPtr, ThreadID);
 183   TraceLength = __gwp_asan_get_allocation_trace(
 184       AllocMeta, Trace, kMaximumStackFramesForCrashTrace);
 185   PrintBacktrace(Trace, TraceLength, Printf);
 186 }
 187
 188 struct sigaction PreviousHandler;
 189 bool SignalHandlerInstalled;
 190 bool RecoverableSignal;
 191 gwp_asan::GuardedPoolAllocator *GPAForSignalHandler;
 192 Printf_t PrintfForSignalHandler;
 193 PrintBacktrace_t PrintBacktraceForSignalHandler;
 194 SegvBacktrace_t BacktraceForSignalHandler;
 195
 196 static void sigSegvHandler(int sig, siginfo_t *info, void *ucontext) {
 197   const gwp_asan::AllocatorState *State =
 198       GPAForSignalHandler->getAllocatorState();
 199   void *FaultAddr = info->si_addr;
 200   uintptr_t FaultAddrUPtr = reinterpret_cast<uintptr_t>(FaultAddr);
 201
 202   if (__gwp_asan_error_is_mine(State, FaultAddrUPtr)) {
 203     GPAForSignalHandler->preCrashReport(FaultAddr);
 204
 205     dumpReport(FaultAddrUPtr, State, GPAForSignalHandler->getMetadataRegion(),
 206                BacktraceForSignalHandler, PrintfForSignalHandler,
 207                PrintBacktraceForSignalHandler, ucontext);
 208
 209     if (RecoverableSignal) {
 210       GPAForSignalHandler->postCrashReportRecoverableOnly(FaultAddr);
 211       return;
 212     }
 213   }
 214
 215   // Process any previous handlers as long as the crash wasn't a GWP-ASan crash
 216   // in recoverable mode.
 217   if (PreviousHandler.sa_flags & SA_SIGINFO) {
 218     PreviousHandler.sa_sigaction(sig, info, ucontext);
 219   } else if (PreviousHandler.sa_handler == SIG_DFL) {
 220     // If the previous handler was the default handler, cause a core dump.
 221     signal(SIGSEGV, SIG_DFL);
 222     raise(SIGSEGV);
 223   } else if (PreviousHandler.sa_handler == SIG_IGN) {
 224     // If the previous segv handler was SIGIGN, crash iff we were responsible
 225     // for the crash.
 226     if (__gwp_asan_error_is_mine(GPAForSignalHandler->getAllocatorState(),
 227                                  reinterpret_cast<uintptr_t>(info->si_addr))) {
 228       signal(SIGSEGV, SIG_DFL);
 229       raise(SIGSEGV);
 230     }
 231   } else {
 232     PreviousHandler.sa_handler(sig);
 233   }
 234 }
 235 } // anonymous namespace
 236
 237 namespace gwp_asan {
 238 namespace segv_handler {
 239
 240 void installSignalHandlers(gwp_asan::GuardedPoolAllocator *GPA, Printf_t Printf,
 241                            PrintBacktrace_t PrintBacktrace,
 242                            SegvBacktrace_t SegvBacktrace, bool Recoverable) {
 243   assert(GPA && "GPA wasn't provided to installSignalHandlers.");
 244   assert(Printf && "Printf wasn't provided to installSignalHandlers.");
 245   assert(PrintBacktrace &&
 246          "PrintBacktrace wasn't provided to installSignalHandlers.");
 247   assert(SegvBacktrace &&
 248          "SegvBacktrace wasn't provided to installSignalHandlers.");
 249   GPAForSignalHandler = GPA;
 250   PrintfForSignalHandler = Printf;
 251   PrintBacktraceForSignalHandler = PrintBacktrace;
 252   BacktraceForSignalHandler = SegvBacktrace;
 253   RecoverableSignal = Recoverable;
 254
 255   struct sigaction Action = {};
 256   Action.sa_sigaction = sigSegvHandler;
 257   Action.sa_flags = SA_SIGINFO;
 258   sigaction(SIGSEGV, &Action, &PreviousHandler);
 259   SignalHandlerInstalled = true;
 260 }
 261
 262 void uninstallSignalHandlers() {
 263   if (SignalHandlerInstalled) {
 264     sigaction(SIGSEGV, &PreviousHandler, nullptr);
 265     SignalHandlerInstalled = false;
 266   }
 267 }
 268 } // namespace segv_handler
 269 } // namespace gwp_asan