compiler-rt/lib/hwasan/hwasan_fuchsia.cpp

   1 //===-- hwasan_fuchsia.cpp --------------------------------------*- C++ -*-===//
   2 //
   3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
   4 // See https://llvm.org/LICENSE.txt for license information.
   5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
   6 //
   7 //===----------------------------------------------------------------------===//
   8 ///
   9 /// \file
  10 /// This file is a part of HWAddressSanitizer and contains Fuchsia-specific
  11 /// code.
  12 ///
  13 //===----------------------------------------------------------------------===//
  14
  15 #include "sanitizer_common/sanitizer_fuchsia.h"
  16 #if SANITIZER_FUCHSIA
  17
  18 #include <zircon/features.h>
  19 #include <zircon/syscalls.h>
  20
  21 #include "hwasan.h"
  22 #include "hwasan_interface_internal.h"
  23 #include "hwasan_report.h"
  24 #include "hwasan_thread.h"
  25 #include "hwasan_thread_list.h"
  26
  27 // This TLS variable contains the location of the stack ring buffer and can be
  28 // used to always find the hwasan thread object associated with the current
  29 // running thread.
  30 [[gnu::tls_model("initial-exec")]]
  31 SANITIZER_INTERFACE_ATTRIBUTE
  32 THREADLOCAL uptr __hwasan_tls;
  33
  34 namespace __hwasan {
  35
  36 bool InitShadow() {
  37   __sanitizer::InitShadowBounds();
  38   CHECK_NE(__sanitizer::ShadowBounds.shadow_limit, 0);
  39
  40   // These variables are used by MemIsShadow for asserting we have a correct
  41   // shadow address. On Fuchsia, we only have one region of shadow, so the
  42   // bounds of Low shadow can be zero while High shadow represents the true
  43   // bounds. Note that these are inclusive ranges.
  44   kLowShadowStart = 0;
  45   kLowShadowEnd = 0;
  46   kHighShadowStart = __sanitizer::ShadowBounds.shadow_base;
  47   kHighShadowEnd = __sanitizer::ShadowBounds.shadow_limit - 1;
  48
  49   return true;
  50 }
  51
  52 bool MemIsApp(uptr p) {
  53   CHECK(GetTagFromPointer(p) == 0);
  54   return __sanitizer::ShadowBounds.shadow_limit <= p &&
  55          p <= (__sanitizer::ShadowBounds.memory_limit - 1);
  56 }
  57
  58 // These are known parameters passed to the hwasan runtime on thread creation.
  59 struct Thread::InitState {
  60   uptr stack_bottom, stack_top;
  61 };
  62
  63 static void FinishThreadInitialization(Thread *thread);
  64
  65 void InitThreads() {
  66   // This is the minimal alignment needed for the storage where hwasan threads
  67   // and their stack ring buffers are placed. This alignment is necessary so the
  68   // stack ring buffer can perform a simple calculation to get the next element
  69   // in the RB. The instructions for this calculation are emitted by the
  70   // compiler. (Full explanation in hwasan_thread_list.h.)
  71   uptr alloc_size = UINT64_C(1) << kShadowBaseAlignment;
  72   uptr thread_start = reinterpret_cast<uptr>(
  73       MmapAlignedOrDieOnFatalError(alloc_size, alloc_size, __func__));
  74
  75   InitThreadList(thread_start, alloc_size);
  76
  77   // Create the hwasan thread object for the current (main) thread. Stack info
  78   // for this thread is known from information passed via
  79   // __sanitizer_startup_hook.
  80   const Thread::InitState state = {
  81       .stack_bottom = __sanitizer::MainThreadStackBase,
  82       .stack_top =
  83           __sanitizer::MainThreadStackBase + __sanitizer::MainThreadStackSize,
  84   };
  85   FinishThreadInitialization(hwasanThreadList().CreateCurrentThread(&state));
  86 }
  87
  88 uptr *GetCurrentThreadLongPtr() { return &__hwasan_tls; }
  89
  90 // This is called from the parent thread before the new thread is created. Here
  91 // we can propagate known info like the stack bounds to Thread::Init before
  92 // jumping into the thread. We cannot initialize the stack ring buffer yet since
  93 // we have not entered the new thread.
  94 static void *BeforeThreadCreateHook(uptr user_id, bool detached,
  95                                     const char *name, uptr stack_bottom,
  96                                     uptr stack_size) {
  97   const Thread::InitState state = {
  98       .stack_bottom = stack_bottom,
  99       .stack_top = stack_bottom + stack_size,
 100   };
 101   return hwasanThreadList().CreateCurrentThread(&state);
 102 }
 103
 104 // This sets the stack top and bottom according to the InitState passed to
 105 // CreateCurrentThread above.
 106 void Thread::InitStackAndTls(const InitState *state) {
 107   CHECK_NE(state->stack_bottom, 0);
 108   CHECK_NE(state->stack_top, 0);
 109   stack_bottom_ = state->stack_bottom;
 110   stack_top_ = state->stack_top;
 111   tls_end_ = tls_begin_ = 0;
 112 }
 113
 114 // This is called after creating a new thread with the pointer returned by
 115 // BeforeThreadCreateHook. We are still in the creating thread and should check
 116 // if it was actually created correctly.
 117 static void ThreadCreateHook(void *hook, bool aborted) {
 118   Thread *thread = static_cast<Thread *>(hook);
 119   if (!aborted) {
 120     // The thread was created successfully.
 121     // ThreadStartHook can already be running in the new thread.
 122   } else {
 123     // The thread wasn't created after all.
 124     // Clean up everything we set up in BeforeThreadCreateHook.
 125     atomic_signal_fence(memory_order_seq_cst);
 126     hwasanThreadList().ReleaseThread(thread);
 127   }
 128 }
 129
 130 // This is called in the newly-created thread before it runs anything else,
 131 // with the pointer returned by BeforeThreadCreateHook (above). Here we can
 132 // setup the stack ring buffer.
 133 static void ThreadStartHook(void *hook, thrd_t self) {
 134   Thread *thread = static_cast<Thread *>(hook);
 135   FinishThreadInitialization(thread);
 136   thread->EnsureRandomStateInited();
 137 }
 138
 139 // This is the function that sets up the stack ring buffer and enables us to use
 140 // GetCurrentThread. This function should only be called while IN the thread
 141 // that we want to create the hwasan thread object for so __hwasan_tls can be
 142 // properly referenced.
 143 static void FinishThreadInitialization(Thread *thread) {
 144   CHECK_NE(thread, nullptr);
 145
 146   // The ring buffer is located immediately before the thread object.
 147   uptr stack_buffer_size = hwasanThreadList().GetRingBufferSize();
 148   uptr stack_buffer_start = reinterpret_cast<uptr>(thread) - stack_buffer_size;
 149   thread->InitStackRingBuffer(stack_buffer_start, stack_buffer_size);
 150 }
 151
 152 static void ThreadExitHook(void *hook, thrd_t self) {
 153   Thread *thread = static_cast<Thread *>(hook);
 154   atomic_signal_fence(memory_order_seq_cst);
 155   hwasanThreadList().ReleaseThread(thread);
 156 }
 157
 158 uptr TagMemoryAligned(uptr p, uptr size, tag_t tag) {
 159   CHECK(IsAligned(p, kShadowAlignment));
 160   CHECK(IsAligned(size, kShadowAlignment));
 161   __sanitizer_fill_shadow(p, size, tag,
 162                           common_flags()->clear_shadow_mmap_threshold);
 163   return AddTagToPointer(p, tag);
 164 }
 165
 166 // Not implemented because Fuchsia does not use signal handlers.
 167 void HwasanOnDeadlySignal(int signo, void *info, void *context) {}
 168
 169 // Not implemented because Fuchsia does not use interceptors.
 170 void InitializeInterceptors() {}
 171
 172 // Not implemented because this is only relevant for Android.
 173 void AndroidTestTlsSlot() {}
 174
 175 // TSD was normally used on linux as a means of calling the hwasan thread exit
 176 // handler passed to pthread_key_create. This is not needed on Fuchsia because
 177 // we will be using __sanitizer_thread_exit_hook.
 178 void HwasanTSDInit() {}
 179 void HwasanTSDThreadInit() {}
 180
 181 // On linux, this just would call `atexit(HwasanAtExit)`. The functions in
 182 // HwasanAtExit are unimplemented for Fuchsia and effectively no-ops, so this
 183 // function is unneeded.
 184 void InstallAtExitHandler() {}
 185
 186 void HwasanInstallAtForkHandler() {}
 187
 188 void InstallAtExitCheckLeaks() {}
 189
 190 void InitializeOsSupport() {
 191 #ifdef __aarch64__
 192   uint32_t features = 0;
 193   CHECK_EQ(zx_system_get_features(ZX_FEATURE_KIND_ADDRESS_TAGGING, &features),
 194            ZX_OK);
 195   if (!(features & ZX_ARM64_FEATURE_ADDRESS_TAGGING_TBI) &&
 196       flags()->fail_without_syscall_abi) {
 197     Printf(
 198         "FATAL: HWAddressSanitizer requires "
 199         "ZX_ARM64_FEATURE_ADDRESS_TAGGING_TBI.\n");
 200     Die();
 201   }
 202 #endif
 203 }
 204
 205 }  // namespace __hwasan
 206
 207 namespace __lsan {
 208
 209 bool UseExitcodeOnLeak() { return __hwasan::flags()->halt_on_error; }
 210
 211 }  // namespace __lsan
 212
 213 extern "C" {
 214
 215 void *__sanitizer_before_thread_create_hook(thrd_t thread, bool detached,
 216                                             const char *name, void *stack_base,
 217                                             size_t stack_size) {
 218   return __hwasan::BeforeThreadCreateHook(
 219       reinterpret_cast<uptr>(thread), detached, name,
 220       reinterpret_cast<uptr>(stack_base), stack_size);
 221 }
 222
 223 void __sanitizer_thread_create_hook(void *hook, thrd_t thread, int error) {
 224   __hwasan::ThreadCreateHook(hook, error != thrd_success);
 225 }
 226
 227 void __sanitizer_thread_start_hook(void *hook, thrd_t self) {
 228   __hwasan::ThreadStartHook(hook, reinterpret_cast<uptr>(self));
 229 }
 230
 231 void __sanitizer_thread_exit_hook(void *hook, thrd_t self) {
 232   __hwasan::ThreadExitHook(hook, self);
 233 }
 234
 235 void __sanitizer_module_loaded(const struct dl_phdr_info *info, size_t) {
 236   __hwasan_library_loaded(info->dlpi_addr, info->dlpi_phdr, info->dlpi_phnum);
 237 }
 238
 239 }  // extern "C"
 240
 241 #endif  // SANITIZER_FUCHSIA