compiler-rt/lib/hwasan/hwasan_interceptors.cpp

   1 //===-- hwasan_interceptors.cpp -------------------------------------------===//
   2 //
   3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
   4 // See https://llvm.org/LICENSE.txt for license information.
   5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
   6 //
   7 //===----------------------------------------------------------------------===//
   8 //
   9 // This file is a part of HWAddressSanitizer.
  10 //
  11 // Interceptors for standard library functions.
  12 //
  13 // FIXME: move as many interceptors as possible into
  14 // sanitizer_common/sanitizer_common_interceptors.h
  15 //===----------------------------------------------------------------------===//
  16
  17 #include "interception/interception.h"
  18 #include "hwasan.h"
  19 #include "hwasan_thread.h"
  20 #include "sanitizer_common/sanitizer_stackdepot.h"
  21
  22 #if !SANITIZER_FUCHSIA
  23
  24 using namespace __hwasan;
  25
  26 #if HWASAN_WITH_INTERCEPTORS
  27
  28 struct ThreadStartArg {
  29   thread_callback_t callback;
  30   void *param;
  31 };
  32
  33 static void *HwasanThreadStartFunc(void *arg) {
  34   __hwasan_thread_enter();
  35   ThreadStartArg A = *reinterpret_cast<ThreadStartArg*>(arg);
  36   UnmapOrDie(arg, GetPageSizeCached());
  37   return A.callback(A.param);
  38 }
  39
  40 INTERCEPTOR(int, pthread_create, void *th, void *attr, void *(*callback)(void*),
  41             void * param) {
  42   ScopedTaggingDisabler disabler;
  43   ThreadStartArg *A = reinterpret_cast<ThreadStartArg *> (MmapOrDie(
  44       GetPageSizeCached(), "pthread_create"));
  45   *A = {callback, param};
  46   int res = REAL(pthread_create)(th, attr, &HwasanThreadStartFunc, A);
  47   return res;
  48 }
  49
  50 INTERCEPTOR(int, pthread_join, void *t, void **arg) {
  51   return REAL(pthread_join)(t, arg);
  52 }
  53
  54 DEFINE_REAL_PTHREAD_FUNCTIONS
  55
  56 DEFINE_REAL(int, vfork)
  57 DECLARE_EXTERN_INTERCEPTOR_AND_WRAPPER(int, vfork)
  58
  59 // Get and/or change the set of blocked signals.
  60 extern "C" int sigprocmask(int __how, const __hw_sigset_t *__restrict __set,
  61                            __hw_sigset_t *__restrict __oset);
  62 #define SIG_BLOCK 0
  63 #define SIG_SETMASK 2
  64 extern "C" int __sigjmp_save(__hw_sigjmp_buf env, int savemask) {
  65   env[0].__magic = kHwJmpBufMagic;
  66   env[0].__mask_was_saved =
  67       (savemask && sigprocmask(SIG_BLOCK, (__hw_sigset_t *)0,
  68                                &env[0].__saved_mask) == 0);
  69   return 0;
  70 }
  71
  72 static void __attribute__((always_inline))
  73 InternalLongjmp(__hw_register_buf env, int retval) {
  74 #    if defined(__aarch64__)
  75   constexpr size_t kSpIndex = 13;
  76 #    elif defined(__x86_64__)
  77   constexpr size_t kSpIndex = 6;
  78 #    endif
  79
  80   // Clear all memory tags on the stack between here and where we're going.
  81   unsigned long long stack_pointer = env[kSpIndex];
  82   // The stack pointer should never be tagged, so we don't need to clear the
  83   // tag for this function call.
  84   __hwasan_handle_longjmp((void *)stack_pointer);
  85
  86   // Run code for handling a longjmp.
  87   // Need to use a register that isn't going to be loaded from the environment
  88   // buffer -- hence why we need to specify the register to use.
  89   // Must implement this ourselves, since we don't know the order of registers
  90   // in different libc implementations and many implementations mangle the
  91   // stack pointer so we can't use it without knowing the demangling scheme.
  92 #    if defined(__aarch64__)
  93   register long int retval_tmp asm("x1") = retval;
  94   register void *env_address asm("x0") = &env[0];
  95   asm volatile("ldp     x19, x20, [%0, #0<<3];"
  96                "ldp     x21, x22, [%0, #2<<3];"
  97                "ldp     x23, x24, [%0, #4<<3];"
  98                "ldp     x25, x26, [%0, #6<<3];"
  99                "ldp     x27, x28, [%0, #8<<3];"
 100                "ldp     x29, x30, [%0, #10<<3];"
 101                "ldp      d8,  d9, [%0, #14<<3];"
 102                "ldp     d10, d11, [%0, #16<<3];"
 103                "ldp     d12, d13, [%0, #18<<3];"
 104                "ldp     d14, d15, [%0, #20<<3];"
 105                "ldr     x5, [%0, #13<<3];"
 106                "mov     sp, x5;"
 107                // Return the value requested to return through arguments.
 108                // This should be in x1 given what we requested above.
 109                "cmp     %1, #0;"
 110                "mov     x0, #1;"
 111                "csel    x0, %1, x0, ne;"
 112                "br      x30;"
 113                : "+r"(env_address)
 114                : "r"(retval_tmp));
 115 #    elif defined(__x86_64__)
 116   register long int retval_tmp asm("%rsi") = retval;
 117   register void *env_address asm("%rdi") = &env[0];
 118   asm volatile(
 119       // Restore registers.
 120       "mov (0*8)(%0),%%rbx;"
 121       "mov (1*8)(%0),%%rbp;"
 122       "mov (2*8)(%0),%%r12;"
 123       "mov (3*8)(%0),%%r13;"
 124       "mov (4*8)(%0),%%r14;"
 125       "mov (5*8)(%0),%%r15;"
 126       "mov (6*8)(%0),%%rsp;"
 127       "mov (7*8)(%0),%%rdx;"
 128       // Return 1 if retval is 0.
 129       "mov $1,%%rax;"
 130       "test %1,%1;"
 131       "cmovnz %1,%%rax;"
 132       "jmp *%%rdx;" ::"r"(env_address),
 133       "r"(retval_tmp));
 134 #    endif
 135 }
 136
 137 INTERCEPTOR(void, siglongjmp, __hw_sigjmp_buf env, int val) {
 138   if (env[0].__magic != kHwJmpBufMagic) {
 139     Printf(
 140         "WARNING: Unexpected bad jmp_buf. Either setjmp was not called or "
 141         "there is a bug in HWASan.\n");
 142     return REAL(siglongjmp)(env, val);
 143   }
 144
 145   if (env[0].__mask_was_saved)
 146     // Restore the saved signal mask.
 147     (void)sigprocmask(SIG_SETMASK, &env[0].__saved_mask,
 148                       (__hw_sigset_t *)0);
 149   InternalLongjmp(env[0].__jmpbuf, val);
 150 }
 151
 152 // Required since glibc libpthread calls __libc_longjmp on pthread_exit, and
 153 // _setjmp on start_thread.  Hence we have to intercept the longjmp on
 154 // pthread_exit so the __hw_jmp_buf order matches.
 155 INTERCEPTOR(void, __libc_longjmp, __hw_jmp_buf env, int val) {
 156   if (env[0].__magic != kHwJmpBufMagic)
 157     return REAL(__libc_longjmp)(env, val);
 158   InternalLongjmp(env[0].__jmpbuf, val);
 159 }
 160
 161 INTERCEPTOR(void, longjmp, __hw_jmp_buf env, int val) {
 162   if (env[0].__magic != kHwJmpBufMagic) {
 163     Printf(
 164         "WARNING: Unexpected bad jmp_buf. Either setjmp was not called or "
 165         "there is a bug in HWASan.\n");
 166     return REAL(longjmp)(env, val);
 167   }
 168   InternalLongjmp(env[0].__jmpbuf, val);
 169 }
 170 #undef SIG_BLOCK
 171 #undef SIG_SETMASK
 172
 173 #  endif  // HWASAN_WITH_INTERCEPTORS
 174
 175 namespace __hwasan {
 176
 177 int OnExit() {
 178   // FIXME: ask frontend whether we need to return failure.
 179   return 0;
 180 }
 181
 182 } // namespace __hwasan
 183
 184 namespace __hwasan {
 185
 186 void InitializeInterceptors() {
 187   static int inited = 0;
 188   CHECK_EQ(inited, 0);
 189
 190 #if HWASAN_WITH_INTERCEPTORS
 191 #if defined(__linux__)
 192   INTERCEPT_FUNCTION(__libc_longjmp);
 193   INTERCEPT_FUNCTION(longjmp);
 194   INTERCEPT_FUNCTION(siglongjmp);
 195   INTERCEPT_FUNCTION(vfork);
 196 #endif  // __linux__
 197   INTERCEPT_FUNCTION(pthread_create);
 198   INTERCEPT_FUNCTION(pthread_join);
 199 #  endif
 200
 201   inited = 1;
 202 }
 203 } // namespace __hwasan
 204
 205 #endif  // #if !SANITIZER_FUCHSIA