compiler-rt/lib/asan/asan_win.cpp

   1 //===-- asan_win.cpp
   2 //------------------------------------------------------===//>
   3 //
   4 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
   5 // See https://llvm.org/LICENSE.txt for license information.
   6 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
   7 //
   8 //===----------------------------------------------------------------------===//
   9 //
  10 // This file is a part of AddressSanitizer, an address sanity checker.
  11 //
  12 // Windows-specific details.
  13 //===----------------------------------------------------------------------===//
  14
  15 #include "sanitizer_common/sanitizer_platform.h"
  16 #if SANITIZER_WINDOWS
  17 #  define WIN32_LEAN_AND_MEAN
  18 #  include <stdlib.h>
  19 #  include <windows.h>
  20
  21 #  include "asan_interceptors.h"
  22 #  include "asan_internal.h"
  23 #  include "asan_mapping.h"
  24 #  include "asan_report.h"
  25 #  include "asan_stack.h"
  26 #  include "asan_thread.h"
  27 #  include "sanitizer_common/sanitizer_libc.h"
  28 #  include "sanitizer_common/sanitizer_mutex.h"
  29 #  include "sanitizer_common/sanitizer_win.h"
  30 #  include "sanitizer_common/sanitizer_win_defs.h"
  31
  32 using namespace __asan;
  33
  34 extern "C" {
  35 SANITIZER_INTERFACE_ATTRIBUTE
  36 int __asan_should_detect_stack_use_after_return() {
  37   __asan_init();
  38   return __asan_option_detect_stack_use_after_return;
  39 }
  40
  41 SANITIZER_INTERFACE_ATTRIBUTE
  42 uptr __asan_get_shadow_memory_dynamic_address() {
  43   __asan_init();
  44   return __asan_shadow_memory_dynamic_address;
  45 }
  46 }  // extern "C"
  47
  48 // ---------------------- Windows-specific interceptors ---------------- {{{
  49 static LPTOP_LEVEL_EXCEPTION_FILTER default_seh_handler;
  50 static LPTOP_LEVEL_EXCEPTION_FILTER user_seh_handler;
  51
  52 extern "C" SANITIZER_INTERFACE_ATTRIBUTE long __asan_unhandled_exception_filter(
  53     EXCEPTION_POINTERS *info) {
  54   EXCEPTION_RECORD *exception_record = info->ExceptionRecord;
  55   CONTEXT *context = info->ContextRecord;
  56
  57   // FIXME: Handle EXCEPTION_STACK_OVERFLOW here.
  58
  59   SignalContext sig(exception_record, context);
  60   ReportDeadlySignal(sig);
  61   UNREACHABLE("returned from reporting deadly signal");
  62 }
  63
  64 // Wrapper SEH Handler. If the exception should be handled by asan, we call
  65 // __asan_unhandled_exception_filter, otherwise, we execute the user provided
  66 // exception handler or the default.
  67 static long WINAPI SEHHandler(EXCEPTION_POINTERS *info) {
  68   DWORD exception_code = info->ExceptionRecord->ExceptionCode;
  69   if (__sanitizer::IsHandledDeadlyException(exception_code))
  70     return __asan_unhandled_exception_filter(info);
  71   if (user_seh_handler)
  72     return user_seh_handler(info);
  73   // Bubble out to the default exception filter.
  74   if (default_seh_handler)
  75     return default_seh_handler(info);
  76   return EXCEPTION_CONTINUE_SEARCH;
  77 }
  78
  79 INTERCEPTOR_WINAPI(LPTOP_LEVEL_EXCEPTION_FILTER, SetUnhandledExceptionFilter,
  80                    LPTOP_LEVEL_EXCEPTION_FILTER ExceptionFilter) {
  81   CHECK(REAL(SetUnhandledExceptionFilter));
  82   if (ExceptionFilter == &SEHHandler)
  83     return REAL(SetUnhandledExceptionFilter)(ExceptionFilter);
  84   // We record the user provided exception handler to be called for all the
  85   // exceptions unhandled by asan.
  86   Swap(ExceptionFilter, user_seh_handler);
  87   return ExceptionFilter;
  88 }
  89
  90 INTERCEPTOR_WINAPI(void, RtlRaiseException, EXCEPTION_RECORD *ExceptionRecord) {
  91   CHECK(REAL(RtlRaiseException));
  92   // This is a noreturn function, unless it's one of the exceptions raised to
  93   // communicate with the debugger, such as the one from OutputDebugString.
  94   if (ExceptionRecord->ExceptionCode != DBG_PRINTEXCEPTION_C)
  95     __asan_handle_no_return();
  96   REAL(RtlRaiseException)(ExceptionRecord);
  97 }
  98
  99 INTERCEPTOR_WINAPI(void, RaiseException, void *a, void *b, void *c, void *d) {
 100   CHECK(REAL(RaiseException));
 101   __asan_handle_no_return();
 102   REAL(RaiseException)(a, b, c, d);
 103 }
 104
 105 #ifdef _WIN64
 106
 107 INTERCEPTOR_WINAPI(EXCEPTION_DISPOSITION, __C_specific_handler,
 108                    _EXCEPTION_RECORD *a, void *b, _CONTEXT *c,
 109                    _DISPATCHER_CONTEXT *d) {
 110   CHECK(REAL(__C_specific_handler));
 111   __asan_handle_no_return();
 112   return REAL(__C_specific_handler)(a, b, c, d);
 113 }
 114
 115 #else
 116
 117 INTERCEPTOR(int, _except_handler3, void *a, void *b, void *c, void *d) {
 118   CHECK(REAL(_except_handler3));
 119   __asan_handle_no_return();
 120   return REAL(_except_handler3)(a, b, c, d);
 121 }
 122
 123 #if ASAN_DYNAMIC
 124 // This handler is named differently in -MT and -MD CRTs.
 125 #define _except_handler4 _except_handler4_common
 126 #endif
 127 INTERCEPTOR(int, _except_handler4, void *a, void *b, void *c, void *d) {
 128   CHECK(REAL(_except_handler4));
 129   __asan_handle_no_return();
 130   return REAL(_except_handler4)(a, b, c, d);
 131 }
 132 #endif
 133
 134 struct ThreadStartParams {
 135   thread_callback_t start_routine;
 136   void *arg;
 137 };
 138
 139 static thread_return_t THREAD_CALLING_CONV asan_thread_start(void *arg) {
 140   AsanThread *t = (AsanThread *)arg;
 141   SetCurrentThread(t);
 142   t->ThreadStart(GetTid());
 143
 144   ThreadStartParams params;
 145   t->GetStartData(params);
 146
 147   auto res = (*params.start_routine)(params.arg);
 148   t->Destroy();  // POSIX calls this from TSD destructor.
 149   return res;
 150 }
 151
 152 INTERCEPTOR_WINAPI(HANDLE, CreateThread, LPSECURITY_ATTRIBUTES security,
 153                    SIZE_T stack_size, LPTHREAD_START_ROUTINE start_routine,
 154                    void *arg, DWORD thr_flags, DWORD *tid) {
 155   // Strict init-order checking is thread-hostile.
 156   if (flags()->strict_init_order)
 157     StopInitOrderChecking();
 158   GET_STACK_TRACE_THREAD;
 159   // FIXME: The CreateThread interceptor is not the same as a pthread_create
 160   // one.  This is a bandaid fix for PR22025.
 161   bool detached = false;  // FIXME: how can we determine it on Windows?
 162   u32 current_tid = GetCurrentTidOrInvalid();
 163   ThreadStartParams params = {start_routine, arg};
 164   AsanThread *t = AsanThread::Create(params, current_tid, &stack, detached);
 165   return REAL(CreateThread)(security, stack_size, asan_thread_start, t,
 166                             thr_flags, tid);
 167 }
 168
 169 // }}}
 170
 171 namespace __asan {
 172
 173 void InitializePlatformInterceptors() {
 174   __interception::SetErrorReportCallback(Report);
 175
 176   // The interceptors were not designed to be removable, so we have to keep this
 177   // module alive for the life of the process.
 178   HMODULE pinned;
 179   CHECK(GetModuleHandleExW(
 180       GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS | GET_MODULE_HANDLE_EX_FLAG_PIN,
 181       (LPCWSTR)&InitializePlatformInterceptors, &pinned));
 182
 183   ASAN_INTERCEPT_FUNC(CreateThread);
 184   ASAN_INTERCEPT_FUNC(SetUnhandledExceptionFilter);
 185
 186 #ifdef _WIN64
 187   ASAN_INTERCEPT_FUNC(__C_specific_handler);
 188 #else
 189   ASAN_INTERCEPT_FUNC(_except_handler3);
 190   ASAN_INTERCEPT_FUNC(_except_handler4);
 191 #endif
 192
 193   // Try to intercept kernel32!RaiseException, and if that fails, intercept
 194   // ntdll!RtlRaiseException instead.
 195   if (!::__interception::OverrideFunction("RaiseException",
 196                                           (uptr)WRAP(RaiseException),
 197                                           (uptr *)&REAL(RaiseException))) {
 198     CHECK(::__interception::OverrideFunction("RtlRaiseException",
 199                                              (uptr)WRAP(RtlRaiseException),
 200                                              (uptr *)&REAL(RtlRaiseException)));
 201   }
 202 }
 203
 204 void InstallAtExitCheckLeaks() {}
 205
 206 void InstallAtForkHandler() {}
 207
 208 void AsanApplyToGlobals(globals_op_fptr op, const void *needle) {
 209   UNIMPLEMENTED();
 210 }
 211
 212 void FlushUnneededASanShadowMemory(uptr p, uptr size) {
 213   // Only asan on 64-bit Windows supports committing shadow memory on demand.
 214 #if SANITIZER_WINDOWS64
 215   // Since asan's mapping is compacting, the shadow chunk may be
 216   // not page-aligned, so we only flush the page-aligned portion.
 217   ReleaseMemoryPagesToOS(MemToShadow(p), MemToShadow(p + size));
 218 #endif
 219 }
 220
 221 // ---------------------- TSD ---------------- {{{
 222 static bool tsd_key_inited = false;
 223
 224 static __declspec(thread) void *fake_tsd = 0;
 225
 226 // https://docs.microsoft.com/en-us/windows/desktop/api/winternl/ns-winternl-_teb
 227 // "[This structure may be altered in future versions of Windows. Applications
 228 // should use the alternate functions listed in this topic.]"
 229 typedef struct _TEB {
 230   PVOID Reserved1[12];
 231   // PVOID ThreadLocalStoragePointer; is here, at the last field in Reserved1.
 232   PVOID ProcessEnvironmentBlock;
 233   PVOID Reserved2[399];
 234   BYTE Reserved3[1952];
 235   PVOID TlsSlots[64];
 236   BYTE Reserved4[8];
 237   PVOID Reserved5[26];
 238   PVOID ReservedForOle;
 239   PVOID Reserved6[4];
 240   PVOID TlsExpansionSlots;
 241 } TEB, *PTEB;
 242
 243 constexpr size_t TEB_RESERVED_FIELDS_THREAD_LOCAL_STORAGE_OFFSET = 11;
 244 BOOL IsTlsInitialized() {
 245   PTEB teb = (PTEB)NtCurrentTeb();
 246   return teb->Reserved1[TEB_RESERVED_FIELDS_THREAD_LOCAL_STORAGE_OFFSET] !=
 247          nullptr;
 248 }
 249
 250 void AsanTSDInit(void (*destructor)(void *tsd)) {
 251   // FIXME: we're ignoring the destructor for now.
 252   tsd_key_inited = true;
 253 }
 254
 255 void *AsanTSDGet() {
 256   CHECK(tsd_key_inited);
 257   return IsTlsInitialized() ? fake_tsd : nullptr;
 258 }
 259
 260 void AsanTSDSet(void *tsd) {
 261   CHECK(tsd_key_inited);
 262   fake_tsd = tsd;
 263 }
 264
 265 void PlatformTSDDtor(void *tsd) { AsanThread::TSDDtor(tsd); }
 266 // }}}
 267
 268 // ---------------------- Various stuff ---------------- {{{
 269 uptr FindDynamicShadowStart() {
 270   return MapDynamicShadow(MemToShadowSize(kHighMemEnd), ASAN_SHADOW_SCALE,
 271                           /*min_shadow_base_alignment*/ 0, kHighMemEnd,
 272                           GetMmapGranularity());
 273 }
 274
 275 void AsanCheckDynamicRTPrereqs() {}
 276
 277 void AsanCheckIncompatibleRT() {}
 278
 279 void AsanOnDeadlySignal(int, void *siginfo, void *context) { UNIMPLEMENTED(); }
 280
 281 bool PlatformUnpoisonStacks() { return false; }
 282
 283 #if SANITIZER_WINDOWS64
 284 // Exception handler for dealing with shadow memory.
 285 static LONG CALLBACK
 286 ShadowExceptionHandler(PEXCEPTION_POINTERS exception_pointers) {
 287   uptr page_size = GetPageSizeCached();
 288   // Only handle access violations.
 289   if (exception_pointers->ExceptionRecord->ExceptionCode !=
 290           EXCEPTION_ACCESS_VIOLATION ||
 291       exception_pointers->ExceptionRecord->NumberParameters < 2) {
 292     __asan_handle_no_return();
 293     return EXCEPTION_CONTINUE_SEARCH;
 294   }
 295
 296   // Only handle access violations that land within the shadow memory.
 297   uptr addr =
 298       (uptr)(exception_pointers->ExceptionRecord->ExceptionInformation[1]);
 299
 300   // Check valid shadow range.
 301   if (!AddrIsInShadow(addr)) {
 302     __asan_handle_no_return();
 303     return EXCEPTION_CONTINUE_SEARCH;
 304   }
 305
 306   // This is an access violation while trying to read from the shadow. Commit
 307   // the relevant page and let execution continue.
 308
 309   // Determine the address of the page that is being accessed.
 310   uptr page = RoundDownTo(addr, page_size);
 311
 312   // Commit the page.
 313   uptr result =
 314       (uptr)::VirtualAlloc((LPVOID)page, page_size, MEM_COMMIT, PAGE_READWRITE);
 315   if (result != page)
 316     return EXCEPTION_CONTINUE_SEARCH;
 317
 318   // The page mapping succeeded, so continue execution as usual.
 319   return EXCEPTION_CONTINUE_EXECUTION;
 320 }
 321
 322 #endif
 323
 324 void InitializePlatformExceptionHandlers() {
 325 #if SANITIZER_WINDOWS64
 326   // On Win64, we map memory on demand with access violation handler.
 327   // Install our exception handler.
 328   CHECK(AddVectoredExceptionHandler(TRUE, &ShadowExceptionHandler));
 329 #endif
 330 }
 331
 332 bool IsSystemHeapAddress(uptr addr) {
 333   return ::HeapValidate(GetProcessHeap(), 0, (void *)addr) != FALSE;
 334 }
 335
 336 // We want to install our own exception handler (EH) to print helpful reports
 337 // on access violations and whatnot.  Unfortunately, the CRT initializers assume
 338 // they are run before any user code and drop any previously-installed EHs on
 339 // the floor, so we can't install our handler inside __asan_init.
 340 // (See crt0dat.c in the CRT sources for the details)
 341 //
 342 // Things get even more complicated with the dynamic runtime, as it finishes its
 343 // initialization before the .exe module CRT begins to initialize.
 344 //
 345 // For the static runtime (-MT), it's enough to put a callback to
 346 // __asan_set_seh_filter in the last section for C initializers.
 347 //
 348 // For the dynamic runtime (-MD), we want link the same
 349 // asan_dynamic_runtime_thunk.lib to all the modules, thus __asan_set_seh_filter
 350 // will be called for each instrumented module.  This ensures that at least one
 351 // __asan_set_seh_filter call happens after the .exe module CRT is initialized.
 352 extern "C" SANITIZER_INTERFACE_ATTRIBUTE int __asan_set_seh_filter() {
 353   // We should only store the previous handler if it's not our own handler in
 354   // order to avoid loops in the EH chain.
 355   auto prev_seh_handler = SetUnhandledExceptionFilter(SEHHandler);
 356   if (prev_seh_handler != &SEHHandler)
 357     default_seh_handler = prev_seh_handler;
 358   return 0;
 359 }
 360
 361 bool HandleDlopenInit() {
 362   // Not supported on this platform.
 363   static_assert(!SANITIZER_SUPPORTS_INIT_FOR_DLOPEN,
 364                 "Expected SANITIZER_SUPPORTS_INIT_FOR_DLOPEN to be false");
 365   return false;
 366 }
 367
 368 #if !ASAN_DYNAMIC
 369 // The CRT runs initializers in this order:
 370 // - C initializers, from XIA to XIZ
 371 // - C++ initializers, from XCA to XCZ
 372 // Prior to 2015, the CRT set the unhandled exception filter at priority XIY,
 373 // near the end of C initialization. Starting in 2015, it was moved to the
 374 // beginning of C++ initialization. We set our priority to XCAB to run
 375 // immediately after the CRT runs. This way, our exception filter is called
 376 // first and we can delegate to their filter if appropriate.
 377 #pragma section(".CRT$XCAB", long, read)
 378 __declspec(allocate(".CRT$XCAB")) int (*__intercept_seh)() =
 379     __asan_set_seh_filter;
 380
 381 // Piggyback on the TLS initialization callback directory to initialize asan as
 382 // early as possible. Initializers in .CRT$XL* are called directly by ntdll,
 383 // which run before the CRT. Users also add code to .CRT$XLC, so it's important
 384 // to run our initializers first.
 385 static void NTAPI asan_thread_init(void *module, DWORD reason, void *reserved) {
 386   if (reason == DLL_PROCESS_ATTACH)
 387     __asan_init();
 388 }
 389
 390 #pragma section(".CRT$XLAB", long, read)
 391 __declspec(allocate(".CRT$XLAB")) void(NTAPI *__asan_tls_init)(
 392     void *, unsigned long, void *) = asan_thread_init;
 393 #endif
 394
 395 static void NTAPI asan_thread_exit(void *module, DWORD reason, void *reserved) {
 396   if (reason == DLL_THREAD_DETACH) {
 397     // Unpoison the thread's stack because the memory may be re-used.
 398     NT_TIB *tib = (NT_TIB *)NtCurrentTeb();
 399     uptr stackSize = (uptr)tib->StackBase - (uptr)tib->StackLimit;
 400     __asan_unpoison_memory_region(tib->StackLimit, stackSize);
 401   }
 402 }
 403
 404 #pragma section(".CRT$XLY", long, read)
 405 __declspec(allocate(".CRT$XLY")) void(NTAPI *__asan_tls_exit)(
 406     void *, unsigned long, void *) = asan_thread_exit;
 407
 408 WIN_FORCE_LINK(__asan_dso_reg_hook)
 409
 410 // }}}
 411 }  // namespace __asan
 412
 413 #endif  // SANITIZER_WINDOWS