1 1.1 mrg //===-- asan_rtl.cpp ------------------------------------------------------===// 2 1.1 mrg // 3 1.1 mrg // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 1.1 mrg // See https://llvm.org/LICENSE.txt for license information. 5 1.1 mrg // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 1.1 mrg // 7 1.1 mrg //===----------------------------------------------------------------------===// 8 1.1 mrg // 9 1.1 mrg // This file is a part of AddressSanitizer, an address sanity checker. 10 1.1 mrg // 11 1.1 mrg // Main file of the ASan run-time library. 12 1.1 mrg //===----------------------------------------------------------------------===// 13 1.1 mrg 14 1.1 mrg #include "asan_activation.h" 15 1.1 mrg #include "asan_allocator.h" 16 1.1 mrg #include "asan_fake_stack.h" 17 1.1 mrg #include "asan_interceptors.h" 18 1.1 mrg #include "asan_interface_internal.h" 19 1.1 mrg #include "asan_internal.h" 20 1.1 mrg #include "asan_mapping.h" 21 1.1 mrg #include "asan_poisoning.h" 22 1.1 mrg #include "asan_report.h" 23 1.1 mrg #include "asan_stack.h" 24 1.1 mrg #include "asan_stats.h" 25 1.1 mrg #include "asan_suppressions.h" 26 1.1 mrg #include "asan_thread.h" 27 1.1 mrg #include "lsan/lsan_common.h" 28 1.1 mrg #include "sanitizer_common/sanitizer_atomic.h" 29 1.1 mrg #include "sanitizer_common/sanitizer_flags.h" 30 1.1 mrg #include "sanitizer_common/sanitizer_libc.h" 31 1.1 mrg #include "sanitizer_common/sanitizer_symbolizer.h" 32 1.1 mrg #include "ubsan/ubsan_init.h" 33 1.1 mrg #include "ubsan/ubsan_platform.h" 34 1.1 mrg 35 1.1 mrg uptr __asan_shadow_memory_dynamic_address; // Global interface symbol. 36 1.1 mrg int __asan_option_detect_stack_use_after_return; // Global interface symbol. 37 1.1 mrg uptr *__asan_test_only_reported_buggy_pointer; // Used only for testing asan. 38 1.1 mrg 39 1.1 mrg namespace __asan { 40 1.1 mrg 41 1.1 mrg uptr AsanMappingProfile[kAsanMappingProfileSize]; 42 1.1 mrg 43 1.1 mrg static void AsanDie() { 44 1.1 mrg static atomic_uint32_t num_calls; 45 1.1 mrg if (atomic_fetch_add(&num_calls, 1, memory_order_relaxed) != 0) { 46 1.1 mrg // Don't die twice - run a busy loop. 47 1.1 mrg while (1) { } 48 1.1 mrg } 49 1.1 mrg if (common_flags()->print_module_map >= 1) 50 1.1 mrg DumpProcessMap(); 51 1.1 mrg if (flags()->sleep_before_dying) { 52 1.1 mrg Report("Sleeping for %d second(s)\n", flags()->sleep_before_dying); 53 1.1 mrg SleepForSeconds(flags()->sleep_before_dying); 54 1.1 mrg } 55 1.1 mrg if (flags()->unmap_shadow_on_exit) { 56 1.1 mrg if (kMidMemBeg) { 57 1.1 mrg UnmapOrDie((void*)kLowShadowBeg, kMidMemBeg - kLowShadowBeg); 58 1.1 mrg UnmapOrDie((void*)kMidMemEnd, kHighShadowEnd - kMidMemEnd); 59 1.1 mrg } else { 60 1.1 mrg if (kHighShadowEnd) 61 1.1 mrg UnmapOrDie((void*)kLowShadowBeg, kHighShadowEnd - kLowShadowBeg); 62 1.1 mrg } 63 1.1 mrg } 64 1.1 mrg } 65 1.1 mrg 66 1.1 mrg static void CheckUnwind() { 67 1.1 mrg GET_STACK_TRACE(kStackTraceMax, common_flags()->fast_unwind_on_check); 68 1.1 mrg stack.Print(); 69 1.1 mrg } 70 1.1 mrg 71 1.1 mrg // -------------------------- Globals --------------------- {{{1 72 1.1 mrg int asan_inited; 73 1.1 mrg bool asan_init_is_running; 74 1.1 mrg 75 1.1 mrg #if !ASAN_FIXED_MAPPING 76 1.1 mrg uptr kHighMemEnd, kMidMemBeg, kMidMemEnd; 77 1.1 mrg #endif 78 1.1 mrg 79 1.1 mrg // -------------------------- Misc ---------------- {{{1 80 1.1 mrg void ShowStatsAndAbort() { 81 1.1 mrg __asan_print_accumulated_stats(); 82 1.1 mrg Die(); 83 1.1 mrg } 84 1.1 mrg 85 1.1 mrg NOINLINE 86 1.1 mrg static void ReportGenericErrorWrapper(uptr addr, bool is_write, int size, 87 1.1 mrg int exp_arg, bool fatal) { 88 1.1 mrg if (__asan_test_only_reported_buggy_pointer) { 89 1.1 mrg *__asan_test_only_reported_buggy_pointer = addr; 90 1.1 mrg } else { 91 1.1 mrg GET_CALLER_PC_BP_SP; 92 1.1 mrg ReportGenericError(pc, bp, sp, addr, is_write, size, exp_arg, fatal); 93 1.1 mrg } 94 1.1 mrg } 95 1.1 mrg 96 1.1 mrg // --------------- LowLevelAllocateCallbac ---------- {{{1 97 1.1 mrg static void OnLowLevelAllocate(uptr ptr, uptr size) { 98 1.1 mrg PoisonShadow(ptr, size, kAsanInternalHeapMagic); 99 1.1 mrg } 100 1.1 mrg 101 1.1 mrg // -------------------------- Run-time entry ------------------- {{{1 102 1.1 mrg // exported functions 103 1.1 mrg #define ASAN_REPORT_ERROR(type, is_write, size) \ 104 1.1 mrg extern "C" NOINLINE INTERFACE_ATTRIBUTE \ 105 1.1 mrg void __asan_report_ ## type ## size(uptr addr) { \ 106 1.1 mrg GET_CALLER_PC_BP_SP; \ 107 1.1 mrg ReportGenericError(pc, bp, sp, addr, is_write, size, 0, true); \ 108 1.1 mrg } \ 109 1.1 mrg extern "C" NOINLINE INTERFACE_ATTRIBUTE \ 110 1.1 mrg void __asan_report_exp_ ## type ## size(uptr addr, u32 exp) { \ 111 1.1 mrg GET_CALLER_PC_BP_SP; \ 112 1.1 mrg ReportGenericError(pc, bp, sp, addr, is_write, size, exp, true); \ 113 1.1 mrg } \ 114 1.1 mrg extern "C" NOINLINE INTERFACE_ATTRIBUTE \ 115 1.1 mrg void __asan_report_ ## type ## size ## _noabort(uptr addr) { \ 116 1.1 mrg GET_CALLER_PC_BP_SP; \ 117 1.1 mrg ReportGenericError(pc, bp, sp, addr, is_write, size, 0, false); \ 118 1.1 mrg } \ 119 1.1 mrg 120 1.1 mrg ASAN_REPORT_ERROR(load, false, 1) 121 1.1 mrg ASAN_REPORT_ERROR(load, false, 2) 122 1.1 mrg ASAN_REPORT_ERROR(load, false, 4) 123 1.1 mrg ASAN_REPORT_ERROR(load, false, 8) 124 1.1 mrg ASAN_REPORT_ERROR(load, false, 16) 125 1.1 mrg ASAN_REPORT_ERROR(store, true, 1) 126 1.1 mrg ASAN_REPORT_ERROR(store, true, 2) 127 1.1 mrg ASAN_REPORT_ERROR(store, true, 4) 128 1.1 mrg ASAN_REPORT_ERROR(store, true, 8) 129 1.1 mrg ASAN_REPORT_ERROR(store, true, 16) 130 1.1 mrg 131 1.1 mrg #define ASAN_REPORT_ERROR_N(type, is_write) \ 132 1.1 mrg extern "C" NOINLINE INTERFACE_ATTRIBUTE \ 133 1.1 mrg void __asan_report_ ## type ## _n(uptr addr, uptr size) { \ 134 1.1 mrg GET_CALLER_PC_BP_SP; \ 135 1.1 mrg ReportGenericError(pc, bp, sp, addr, is_write, size, 0, true); \ 136 1.1 mrg } \ 137 1.1 mrg extern "C" NOINLINE INTERFACE_ATTRIBUTE \ 138 1.1 mrg void __asan_report_exp_ ## type ## _n(uptr addr, uptr size, u32 exp) { \ 139 1.1 mrg GET_CALLER_PC_BP_SP; \ 140 1.1 mrg ReportGenericError(pc, bp, sp, addr, is_write, size, exp, true); \ 141 1.1 mrg } \ 142 1.1 mrg extern "C" NOINLINE INTERFACE_ATTRIBUTE \ 143 1.1 mrg void __asan_report_ ## type ## _n_noabort(uptr addr, uptr size) { \ 144 1.1 mrg GET_CALLER_PC_BP_SP; \ 145 1.1 mrg ReportGenericError(pc, bp, sp, addr, is_write, size, 0, false); \ 146 1.1 mrg } \ 147 1.1 mrg 148 1.1 mrg ASAN_REPORT_ERROR_N(load, false) 149 1.1 mrg ASAN_REPORT_ERROR_N(store, true) 150 1.1 mrg 151 1.1 mrg #define ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, exp_arg, fatal) \ 152 1.1 mrg uptr sp = MEM_TO_SHADOW(addr); \ 153 1.1 mrg uptr s = size <= SHADOW_GRANULARITY ? *reinterpret_cast<u8 *>(sp) \ 154 1.1 mrg : *reinterpret_cast<u16 *>(sp); \ 155 1.1 mrg if (UNLIKELY(s)) { \ 156 1.1 mrg if (UNLIKELY(size >= SHADOW_GRANULARITY || \ 157 1.1 mrg ((s8)((addr & (SHADOW_GRANULARITY - 1)) + size - 1)) >= \ 158 1.1 mrg (s8)s)) { \ 159 1.1 mrg ReportGenericErrorWrapper(addr, is_write, size, exp_arg, fatal); \ 160 1.1 mrg } \ 161 1.1 mrg } 162 1.1 mrg 163 1.1 mrg #define ASAN_MEMORY_ACCESS_CALLBACK(type, is_write, size) \ 164 1.1 mrg extern "C" NOINLINE INTERFACE_ATTRIBUTE \ 165 1.1 mrg void __asan_##type##size(uptr addr) { \ 166 1.1 mrg ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, 0, true) \ 167 1.1 mrg } \ 168 1.1 mrg extern "C" NOINLINE INTERFACE_ATTRIBUTE \ 169 1.1 mrg void __asan_exp_##type##size(uptr addr, u32 exp) { \ 170 1.1 mrg ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, exp, true) \ 171 1.1 mrg } \ 172 1.1 mrg extern "C" NOINLINE INTERFACE_ATTRIBUTE \ 173 1.1 mrg void __asan_##type##size ## _noabort(uptr addr) { \ 174 1.1 mrg ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, 0, false) \ 175 1.1 mrg } \ 176 1.1 mrg 177 1.1 mrg ASAN_MEMORY_ACCESS_CALLBACK(load, false, 1) 178 1.1 mrg ASAN_MEMORY_ACCESS_CALLBACK(load, false, 2) 179 1.1 mrg ASAN_MEMORY_ACCESS_CALLBACK(load, false, 4) 180 1.1 mrg ASAN_MEMORY_ACCESS_CALLBACK(load, false, 8) 181 1.1 mrg ASAN_MEMORY_ACCESS_CALLBACK(load, false, 16) 182 1.1 mrg ASAN_MEMORY_ACCESS_CALLBACK(store, true, 1) 183 1.1 mrg ASAN_MEMORY_ACCESS_CALLBACK(store, true, 2) 184 1.1 mrg ASAN_MEMORY_ACCESS_CALLBACK(store, true, 4) 185 1.1 mrg ASAN_MEMORY_ACCESS_CALLBACK(store, true, 8) 186 1.1 mrg ASAN_MEMORY_ACCESS_CALLBACK(store, true, 16) 187 1.1 mrg 188 1.1 mrg extern "C" 189 1.1 mrg NOINLINE INTERFACE_ATTRIBUTE 190 1.1 mrg void __asan_loadN(uptr addr, uptr size) { 191 1.1 mrg if (__asan_region_is_poisoned(addr, size)) { 192 1.1 mrg GET_CALLER_PC_BP_SP; 193 1.1 mrg ReportGenericError(pc, bp, sp, addr, false, size, 0, true); 194 1.1 mrg } 195 1.1 mrg } 196 1.1 mrg 197 1.1 mrg extern "C" 198 1.1 mrg NOINLINE INTERFACE_ATTRIBUTE 199 1.1 mrg void __asan_exp_loadN(uptr addr, uptr size, u32 exp) { 200 1.1 mrg if (__asan_region_is_poisoned(addr, size)) { 201 1.1 mrg GET_CALLER_PC_BP_SP; 202 1.1 mrg ReportGenericError(pc, bp, sp, addr, false, size, exp, true); 203 1.1 mrg } 204 1.1 mrg } 205 1.1 mrg 206 1.1 mrg extern "C" 207 1.1 mrg NOINLINE INTERFACE_ATTRIBUTE 208 1.1 mrg void __asan_loadN_noabort(uptr addr, uptr size) { 209 1.1 mrg if (__asan_region_is_poisoned(addr, size)) { 210 1.1 mrg GET_CALLER_PC_BP_SP; 211 1.1 mrg ReportGenericError(pc, bp, sp, addr, false, size, 0, false); 212 1.1 mrg } 213 1.1 mrg } 214 1.1 mrg 215 1.1 mrg extern "C" 216 1.1 mrg NOINLINE INTERFACE_ATTRIBUTE 217 1.1 mrg void __asan_storeN(uptr addr, uptr size) { 218 1.1 mrg if (__asan_region_is_poisoned(addr, size)) { 219 1.1 mrg GET_CALLER_PC_BP_SP; 220 1.1 mrg ReportGenericError(pc, bp, sp, addr, true, size, 0, true); 221 1.1 mrg } 222 1.1 mrg } 223 1.1 mrg 224 1.1 mrg extern "C" 225 1.1 mrg NOINLINE INTERFACE_ATTRIBUTE 226 1.1 mrg void __asan_exp_storeN(uptr addr, uptr size, u32 exp) { 227 1.1 mrg if (__asan_region_is_poisoned(addr, size)) { 228 1.1 mrg GET_CALLER_PC_BP_SP; 229 1.1 mrg ReportGenericError(pc, bp, sp, addr, true, size, exp, true); 230 1.1 mrg } 231 1.1 mrg } 232 1.1 mrg 233 1.1 mrg extern "C" 234 1.1 mrg NOINLINE INTERFACE_ATTRIBUTE 235 1.1 mrg void __asan_storeN_noabort(uptr addr, uptr size) { 236 1.1 mrg if (__asan_region_is_poisoned(addr, size)) { 237 1.1 mrg GET_CALLER_PC_BP_SP; 238 1.1 mrg ReportGenericError(pc, bp, sp, addr, true, size, 0, false); 239 1.1 mrg } 240 1.1 mrg } 241 1.1 mrg 242 1.1 mrg // Force the linker to keep the symbols for various ASan interface functions. 243 1.1 mrg // We want to keep those in the executable in order to let the instrumented 244 1.1 mrg // dynamic libraries access the symbol even if it is not used by the executable 245 1.1 mrg // itself. This should help if the build system is removing dead code at link 246 1.1 mrg // time. 247 1.1 mrg static NOINLINE void force_interface_symbols() { 248 1.1 mrg volatile int fake_condition = 0; // prevent dead condition elimination. 249 1.1 mrg // __asan_report_* functions are noreturn, so we need a switch to prevent 250 1.1 mrg // the compiler from removing any of them. 251 1.1 mrg // clang-format off 252 1.1 mrg switch (fake_condition) { 253 1.1 mrg case 1: __asan_report_load1(0); break; 254 1.1 mrg case 2: __asan_report_load2(0); break; 255 1.1 mrg case 3: __asan_report_load4(0); break; 256 1.1 mrg case 4: __asan_report_load8(0); break; 257 1.1 mrg case 5: __asan_report_load16(0); break; 258 1.1 mrg case 6: __asan_report_load_n(0, 0); break; 259 1.1 mrg case 7: __asan_report_store1(0); break; 260 1.1 mrg case 8: __asan_report_store2(0); break; 261 1.1 mrg case 9: __asan_report_store4(0); break; 262 1.1 mrg case 10: __asan_report_store8(0); break; 263 1.1 mrg case 11: __asan_report_store16(0); break; 264 1.1 mrg case 12: __asan_report_store_n(0, 0); break; 265 1.1 mrg case 13: __asan_report_exp_load1(0, 0); break; 266 1.1 mrg case 14: __asan_report_exp_load2(0, 0); break; 267 1.1 mrg case 15: __asan_report_exp_load4(0, 0); break; 268 1.1 mrg case 16: __asan_report_exp_load8(0, 0); break; 269 1.1 mrg case 17: __asan_report_exp_load16(0, 0); break; 270 1.1 mrg case 18: __asan_report_exp_load_n(0, 0, 0); break; 271 1.1 mrg case 19: __asan_report_exp_store1(0, 0); break; 272 1.1 mrg case 20: __asan_report_exp_store2(0, 0); break; 273 1.1 mrg case 21: __asan_report_exp_store4(0, 0); break; 274 1.1 mrg case 22: __asan_report_exp_store8(0, 0); break; 275 1.1 mrg case 23: __asan_report_exp_store16(0, 0); break; 276 1.1 mrg case 24: __asan_report_exp_store_n(0, 0, 0); break; 277 1.1 mrg case 25: __asan_register_globals(nullptr, 0); break; 278 1.1 mrg case 26: __asan_unregister_globals(nullptr, 0); break; 279 1.1 mrg case 27: __asan_set_death_callback(nullptr); break; 280 1.1 mrg case 28: __asan_set_error_report_callback(nullptr); break; 281 1.1 mrg case 29: __asan_handle_no_return(); break; 282 1.1 mrg case 30: __asan_address_is_poisoned(nullptr); break; 283 1.1 mrg case 31: __asan_poison_memory_region(nullptr, 0); break; 284 1.1 mrg case 32: __asan_unpoison_memory_region(nullptr, 0); break; 285 1.1 mrg case 34: __asan_before_dynamic_init(nullptr); break; 286 1.1 mrg case 35: __asan_after_dynamic_init(); break; 287 1.1 mrg case 36: __asan_poison_stack_memory(0, 0); break; 288 1.1 mrg case 37: __asan_unpoison_stack_memory(0, 0); break; 289 1.1 mrg case 38: __asan_region_is_poisoned(0, 0); break; 290 1.1 mrg case 39: __asan_describe_address(0); break; 291 1.1 mrg case 40: __asan_set_shadow_00(0, 0); break; 292 1.1 mrg case 41: __asan_set_shadow_f1(0, 0); break; 293 1.1 mrg case 42: __asan_set_shadow_f2(0, 0); break; 294 1.1 mrg case 43: __asan_set_shadow_f3(0, 0); break; 295 1.1 mrg case 44: __asan_set_shadow_f5(0, 0); break; 296 1.1 mrg case 45: __asan_set_shadow_f8(0, 0); break; 297 1.1 mrg } 298 1.1 mrg // clang-format on 299 1.1 mrg } 300 1.1 mrg 301 1.1 mrg static void asan_atexit() { 302 1.1 mrg Printf("AddressSanitizer exit stats:\n"); 303 1.1 mrg __asan_print_accumulated_stats(); 304 1.1 mrg // Print AsanMappingProfile. 305 1.1 mrg for (uptr i = 0; i < kAsanMappingProfileSize; i++) { 306 1.1 mrg if (AsanMappingProfile[i] == 0) continue; 307 1.1 mrg Printf("asan_mapping.h:%zd -- %zd\n", i, AsanMappingProfile[i]); 308 1.1 mrg } 309 1.1 mrg } 310 1.1 mrg 311 1.1 mrg static void InitializeHighMemEnd() { 312 1.1 mrg #if !ASAN_FIXED_MAPPING 313 1.1 mrg kHighMemEnd = GetMaxUserVirtualAddress(); 314 1.1 mrg // Increase kHighMemEnd to make sure it's properly 315 1.1 mrg // aligned together with kHighMemBeg: 316 1.1 mrg kHighMemEnd |= (GetMmapGranularity() << SHADOW_SCALE) - 1; 317 1.1 mrg #endif // !ASAN_FIXED_MAPPING 318 1.1 mrg CHECK_EQ((kHighMemBeg % GetMmapGranularity()), 0); 319 1.1 mrg } 320 1.1 mrg 321 1.1 mrg void PrintAddressSpaceLayout() { 322 1.1 mrg if (kHighMemBeg) { 323 1.1 mrg Printf("|| `[%p, %p]` || HighMem ||\n", 324 1.1 mrg (void*)kHighMemBeg, (void*)kHighMemEnd); 325 1.1 mrg Printf("|| `[%p, %p]` || HighShadow ||\n", 326 1.1 mrg (void*)kHighShadowBeg, (void*)kHighShadowEnd); 327 1.1 mrg } 328 1.1 mrg if (kMidMemBeg) { 329 1.1 mrg Printf("|| `[%p, %p]` || ShadowGap3 ||\n", 330 1.1 mrg (void*)kShadowGap3Beg, (void*)kShadowGap3End); 331 1.1 mrg Printf("|| `[%p, %p]` || MidMem ||\n", 332 1.1 mrg (void*)kMidMemBeg, (void*)kMidMemEnd); 333 1.1 mrg Printf("|| `[%p, %p]` || ShadowGap2 ||\n", 334 1.1 mrg (void*)kShadowGap2Beg, (void*)kShadowGap2End); 335 1.1 mrg Printf("|| `[%p, %p]` || MidShadow ||\n", 336 1.1 mrg (void*)kMidShadowBeg, (void*)kMidShadowEnd); 337 1.1 mrg } 338 1.1 mrg Printf("|| `[%p, %p]` || ShadowGap ||\n", 339 1.1 mrg (void*)kShadowGapBeg, (void*)kShadowGapEnd); 340 1.1 mrg if (kLowShadowBeg) { 341 1.1 mrg Printf("|| `[%p, %p]` || LowShadow ||\n", 342 1.1 mrg (void*)kLowShadowBeg, (void*)kLowShadowEnd); 343 1.1 mrg Printf("|| `[%p, %p]` || LowMem ||\n", 344 1.1 mrg (void*)kLowMemBeg, (void*)kLowMemEnd); 345 1.1 mrg } 346 1.1 mrg Printf("MemToShadow(shadow): %p %p", 347 1.1 mrg (void*)MEM_TO_SHADOW(kLowShadowBeg), 348 1.1 mrg (void*)MEM_TO_SHADOW(kLowShadowEnd)); 349 1.1 mrg if (kHighMemBeg) { 350 1.1 mrg Printf(" %p %p", 351 1.1 mrg (void*)MEM_TO_SHADOW(kHighShadowBeg), 352 1.1 mrg (void*)MEM_TO_SHADOW(kHighShadowEnd)); 353 1.1 mrg } 354 1.1 mrg if (kMidMemBeg) { 355 1.1 mrg Printf(" %p %p", 356 1.1 mrg (void*)MEM_TO_SHADOW(kMidShadowBeg), 357 1.1 mrg (void*)MEM_TO_SHADOW(kMidShadowEnd)); 358 1.1 mrg } 359 1.1 mrg Printf("\n"); 360 1.1 mrg Printf("redzone=%zu\n", (uptr)flags()->redzone); 361 1.1 mrg Printf("max_redzone=%zu\n", (uptr)flags()->max_redzone); 362 1.1 mrg Printf("quarantine_size_mb=%zuM\n", (uptr)flags()->quarantine_size_mb); 363 1.1 mrg Printf("thread_local_quarantine_size_kb=%zuK\n", 364 1.1 mrg (uptr)flags()->thread_local_quarantine_size_kb); 365 1.1 mrg Printf("malloc_context_size=%zu\n", 366 1.1 mrg (uptr)common_flags()->malloc_context_size); 367 1.1 mrg 368 1.1 mrg Printf("SHADOW_SCALE: %d\n", (int)SHADOW_SCALE); 369 1.1 mrg Printf("SHADOW_GRANULARITY: %d\n", (int)SHADOW_GRANULARITY); 370 1.1 mrg Printf("SHADOW_OFFSET: 0x%zx\n", (uptr)SHADOW_OFFSET); 371 1.1 mrg CHECK(SHADOW_SCALE >= 3 && SHADOW_SCALE <= 7); 372 1.1 mrg if (kMidMemBeg) 373 1.1 mrg CHECK(kMidShadowBeg > kLowShadowEnd && 374 1.1 mrg kMidMemBeg > kMidShadowEnd && 375 1.1 mrg kHighShadowBeg > kMidMemEnd); 376 1.1 mrg } 377 1.1 mrg 378 1.1 mrg #if defined(__thumb__) && defined(__linux__) 379 1.1 mrg #define START_BACKGROUND_THREAD_IN_ASAN_INTERNAL 380 1.1 mrg #endif 381 1.1 mrg 382 1.1 mrg #ifndef START_BACKGROUND_THREAD_IN_ASAN_INTERNAL 383 1.1 mrg static bool UNUSED __local_asan_dyninit = [] { 384 1.1 mrg MaybeStartBackgroudThread(); 385 1.1 mrg SetSoftRssLimitExceededCallback(AsanSoftRssLimitExceededCallback); 386 1.1 mrg 387 1.1 mrg return false; 388 1.1 mrg }(); 389 1.1 mrg #endif 390 1.1 mrg 391 1.1 mrg static void AsanInitInternal() { 392 1.1 mrg if (LIKELY(asan_inited)) return; 393 1.1 mrg SanitizerToolName = "AddressSanitizer"; 394 1.1 mrg CHECK(!asan_init_is_running && "ASan init calls itself!"); 395 1.1 mrg asan_init_is_running = true; 396 1.1 mrg 397 1.1 mrg CacheBinaryName(); 398 1.1 mrg 399 1.1 mrg // Initialize flags. This must be done early, because most of the 400 1.1 mrg // initialization steps look at flags(). 401 1.1 mrg InitializeFlags(); 402 1.1 mrg 403 1.1 mrg // Stop performing init at this point if we are being loaded via 404 1.1 mrg // dlopen() and the platform supports it. 405 1.1 mrg if (SANITIZER_SUPPORTS_INIT_FOR_DLOPEN && UNLIKELY(HandleDlopenInit())) { 406 1.1 mrg asan_init_is_running = false; 407 1.1 mrg VReport(1, "AddressSanitizer init is being performed for dlopen().\n"); 408 1.1 mrg return; 409 1.1 mrg } 410 1.1 mrg 411 1.1 mrg AsanCheckIncompatibleRT(); 412 1.1 mrg AsanCheckDynamicRTPrereqs(); 413 1.1 mrg AvoidCVE_2016_2143(); 414 1.1 mrg 415 1.1 mrg SetCanPoisonMemory(flags()->poison_heap); 416 1.1 mrg SetMallocContextSize(common_flags()->malloc_context_size); 417 1.1 mrg 418 1.1 mrg InitializePlatformExceptionHandlers(); 419 1.1 mrg 420 1.1 mrg InitializeHighMemEnd(); 421 1.1 mrg 422 1.1 mrg // Make sure we are not statically linked. 423 1.1 mrg AsanDoesNotSupportStaticLinkage(); 424 1.1 mrg 425 1.1 mrg // Install tool-specific callbacks in sanitizer_common. 426 1.1 mrg AddDieCallback(AsanDie); 427 1.1 mrg SetCheckUnwindCallback(CheckUnwind); 428 1.1 mrg SetPrintfAndReportCallback(AppendToErrorMessageBuffer); 429 1.1 mrg 430 1.1 mrg __sanitizer_set_report_path(common_flags()->log_path); 431 1.1 mrg 432 1.1 mrg __asan_option_detect_stack_use_after_return = 433 1.1 mrg flags()->detect_stack_use_after_return; 434 1.1 mrg 435 1.1 mrg __sanitizer::InitializePlatformEarly(); 436 1.1 mrg 437 1.1 mrg // Re-exec ourselves if we need to set additional env or command line args. 438 1.1 mrg MaybeReexec(); 439 1.1 mrg 440 1.1 mrg // Setup internal allocator callback. 441 1.1 mrg SetLowLevelAllocateMinAlignment(SHADOW_GRANULARITY); 442 1.1 mrg SetLowLevelAllocateCallback(OnLowLevelAllocate); 443 1.1 mrg 444 1.1 mrg InitializeAsanInterceptors(); 445 1.1 mrg CheckASLR(); 446 1.1 mrg 447 1.1 mrg // Enable system log ("adb logcat") on Android. 448 1.1 mrg // Doing this before interceptors are initialized crashes in: 449 1.1 mrg // AsanInitInternal -> android_log_write -> __interceptor_strcmp 450 1.1 mrg AndroidLogInit(); 451 1.1 mrg 452 1.1 mrg ReplaceSystemMalloc(); 453 1.1 mrg 454 1.1 mrg DisableCoreDumperIfNecessary(); 455 1.1 mrg 456 1.1 mrg InitializeShadowMemory(); 457 1.1 mrg 458 1.1 mrg AsanTSDInit(PlatformTSDDtor); 459 1.1 mrg InstallDeadlySignalHandlers(AsanOnDeadlySignal); 460 1.1 mrg 461 1.1 mrg AllocatorOptions allocator_options; 462 1.1 mrg allocator_options.SetFrom(flags(), common_flags()); 463 1.1 mrg InitializeAllocator(allocator_options); 464 1.1 mrg 465 1.1 mrg #ifdef START_BACKGROUND_THREAD_IN_ASAN_INTERNAL 466 1.1 mrg MaybeStartBackgroudThread(); 467 1.1 mrg SetSoftRssLimitExceededCallback(AsanSoftRssLimitExceededCallback); 468 1.1 mrg #endif 469 1.1 mrg 470 1.1 mrg // On Linux AsanThread::ThreadStart() calls malloc() that's why asan_inited 471 1.1 mrg // should be set to 1 prior to initializing the threads. 472 1.1 mrg asan_inited = 1; 473 1.1 mrg asan_init_is_running = false; 474 1.1 mrg 475 1.1 mrg if (flags()->atexit) 476 1.1 mrg Atexit(asan_atexit); 477 1.1 mrg 478 1.1 mrg InitializeCoverage(common_flags()->coverage, common_flags()->coverage_dir); 479 1.1 mrg 480 1.1 mrg // Now that ASan runtime is (mostly) initialized, deactivate it if 481 1.1 mrg // necessary, so that it can be re-activated when requested. 482 1.1 mrg if (flags()->start_deactivated) 483 1.1 mrg AsanDeactivate(); 484 1.1 mrg 485 1.1 mrg // interceptors 486 1.1 mrg InitTlsSize(); 487 1.1 mrg 488 1.1 mrg // Create main thread. 489 1.1 mrg AsanThread *main_thread = CreateMainThread(); 490 1.1 mrg CHECK_EQ(0, main_thread->tid()); 491 1.1 mrg force_interface_symbols(); // no-op. 492 1.1 mrg SanitizerInitializeUnwinder(); 493 1.1 mrg 494 1.1 mrg if (CAN_SANITIZE_LEAKS) { 495 1.1 mrg __lsan::InitCommonLsan(); 496 1.1 mrg if (common_flags()->detect_leaks && common_flags()->leak_check_at_exit) { 497 1.1 mrg if (flags()->halt_on_error) 498 1.1 mrg Atexit(__lsan::DoLeakCheck); 499 1.1 mrg else 500 1.1 mrg Atexit(__lsan::DoRecoverableLeakCheckVoid); 501 1.1 mrg } 502 1.1 mrg } 503 1.1 mrg 504 1.1 mrg #if CAN_SANITIZE_UB 505 1.1 mrg __ubsan::InitAsPlugin(); 506 1.1 mrg #endif 507 1.1 mrg 508 1.1 mrg InitializeSuppressions(); 509 1.1 mrg 510 1.1 mrg if (CAN_SANITIZE_LEAKS) { 511 1.1 mrg // LateInitialize() calls dlsym, which can allocate an error string buffer 512 1.1 mrg // in the TLS. Let's ignore the allocation to avoid reporting a leak. 513 1.1 mrg __lsan::ScopedInterceptorDisabler disabler; 514 1.1 mrg Symbolizer::LateInitialize(); 515 1.1 mrg } else { 516 1.1 mrg Symbolizer::LateInitialize(); 517 1.1 mrg } 518 1.1 mrg 519 1.1 mrg VReport(1, "AddressSanitizer Init done\n"); 520 1.1 mrg 521 1.1 mrg if (flags()->sleep_after_init) { 522 1.1 mrg Report("Sleeping for %d second(s)\n", flags()->sleep_after_init); 523 1.1 mrg SleepForSeconds(flags()->sleep_after_init); 524 1.1 mrg } 525 1.1 mrg } 526 1.1 mrg 527 1.1 mrg // Initialize as requested from some part of ASan runtime library (interceptors, 528 1.1 mrg // allocator, etc). 529 1.1 mrg void AsanInitFromRtl() { 530 1.1 mrg AsanInitInternal(); 531 1.1 mrg } 532 1.1 mrg 533 1.1 mrg #if ASAN_DYNAMIC 534 1.1 mrg // Initialize runtime in case it's LD_PRELOAD-ed into unsanitized executable 535 1.1 mrg // (and thus normal initializers from .preinit_array or modules haven't run). 536 1.1 mrg 537 1.1 mrg class AsanInitializer { 538 1.1 mrg public: 539 1.1 mrg AsanInitializer() { 540 1.1 mrg AsanInitFromRtl(); 541 1.1 mrg } 542 1.1 mrg }; 543 1.1 mrg 544 1.1 mrg static AsanInitializer asan_initializer; 545 1.1 mrg #endif // ASAN_DYNAMIC 546 1.1 mrg 547 1.1 mrg void UnpoisonStack(uptr bottom, uptr top, const char *type) { 548 1.1 mrg static const uptr kMaxExpectedCleanupSize = 64 << 20; // 64M 549 1.1 mrg if (top - bottom > kMaxExpectedCleanupSize) { 550 1.1 mrg static bool reported_warning = false; 551 1.1 mrg if (reported_warning) 552 1.1 mrg return; 553 1.1 mrg reported_warning = true; 554 1.1 mrg Report( 555 1.1 mrg "WARNING: ASan is ignoring requested __asan_handle_no_return: " 556 1.1 mrg "stack type: %s top: %p; bottom %p; size: %p (%zd)\n" 557 1.1 mrg "False positive error reports may follow\n" 558 1.1 mrg "For details see " 559 1.1 mrg "https://github.com/google/sanitizers/issues/189\n", 560 1.1 mrg type, (void *)top, (void *)bottom, (void *)(top - bottom), 561 1.1 mrg top - bottom); 562 1.1 mrg return; 563 1.1 mrg } 564 1.1 mrg PoisonShadow(bottom, RoundUpTo(top - bottom, SHADOW_GRANULARITY), 0); 565 1.1 mrg } 566 1.1 mrg 567 1.1 mrg static void UnpoisonDefaultStack() { 568 1.1 mrg uptr bottom, top; 569 1.1 mrg 570 1.1 mrg if (AsanThread *curr_thread = GetCurrentThread()) { 571 1.1 mrg int local_stack; 572 1.1 mrg const uptr page_size = GetPageSizeCached(); 573 1.1 mrg top = curr_thread->stack_top(); 574 1.1 mrg bottom = ((uptr)&local_stack - page_size) & ~(page_size - 1); 575 1.1 mrg } else { 576 1.1 mrg CHECK(!SANITIZER_FUCHSIA); 577 1.1 mrg // If we haven't seen this thread, try asking the OS for stack bounds. 578 1.1 mrg uptr tls_addr, tls_size, stack_size; 579 1.1 mrg GetThreadStackAndTls(/*main=*/false, &bottom, &stack_size, &tls_addr, 580 1.1 mrg &tls_size); 581 1.1 mrg top = bottom + stack_size; 582 1.1 mrg } 583 1.1 mrg 584 1.1 mrg UnpoisonStack(bottom, top, "default"); 585 1.1 mrg } 586 1.1 mrg 587 1.1 mrg static void UnpoisonFakeStack() { 588 1.1 mrg AsanThread *curr_thread = GetCurrentThread(); 589 1.1 mrg if (!curr_thread) 590 1.1 mrg return; 591 1.1 mrg FakeStack *stack = curr_thread->get_fake_stack(); 592 1.1 mrg if (!stack) 593 1.1 mrg return; 594 1.1 mrg stack->HandleNoReturn(); 595 1.1 mrg } 596 1.1 mrg 597 1.1 mrg } // namespace __asan 598 1.1 mrg 599 1.1 mrg // ---------------------- Interface ---------------- {{{1 600 1.1 mrg using namespace __asan; 601 1.1 mrg 602 1.1 mrg void NOINLINE __asan_handle_no_return() { 603 1.1 mrg if (asan_init_is_running) 604 1.1 mrg return; 605 1.1 mrg 606 1.1 mrg if (!PlatformUnpoisonStacks()) 607 1.1 mrg UnpoisonDefaultStack(); 608 1.1 mrg 609 1.1 mrg UnpoisonFakeStack(); 610 1.1 mrg } 611 1.1 mrg 612 1.1 mrg extern "C" void *__asan_extra_spill_area() { 613 1.1 mrg AsanThread *t = GetCurrentThread(); 614 1.1 mrg CHECK(t); 615 1.1 mrg return t->extra_spill_area(); 616 1.1 mrg } 617 1.1 mrg 618 1.1 mrg void __asan_handle_vfork(void *sp) { 619 1.1 mrg AsanThread *t = GetCurrentThread(); 620 1.1 mrg CHECK(t); 621 1.1 mrg uptr bottom = t->stack_bottom(); 622 1.1 mrg PoisonShadow(bottom, (uptr)sp - bottom, 0); 623 1.1 mrg } 624 1.1 mrg 625 1.1 mrg void NOINLINE __asan_set_death_callback(void (*callback)(void)) { 626 1.1 mrg SetUserDieCallback(callback); 627 1.1 mrg } 628 1.1 mrg 629 1.1 mrg // Initialize as requested from instrumented application code. 630 1.1 mrg // We use this call as a trigger to wake up ASan from deactivated state. 631 1.1 mrg void __asan_init() { 632 1.1 mrg AsanActivate(); 633 1.1 mrg AsanInitInternal(); 634 1.1 mrg } 635 1.1 mrg 636 1.1 mrg void __asan_version_mismatch_check() { 637 1.1 mrg // Do nothing. 638 1.1 mrg } 639