Home | History | Annotate | Line # | Download | only in asan
      1  1.1  mrg //===-- asan_rtl.cpp ------------------------------------------------------===//
      2  1.1  mrg //
      3  1.1  mrg // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
      4  1.1  mrg // See https://llvm.org/LICENSE.txt for license information.
      5  1.1  mrg // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
      6  1.1  mrg //
      7  1.1  mrg //===----------------------------------------------------------------------===//
      8  1.1  mrg //
      9  1.1  mrg // This file is a part of AddressSanitizer, an address sanity checker.
     10  1.1  mrg //
     11  1.1  mrg // Main file of the ASan run-time library.
     12  1.1  mrg //===----------------------------------------------------------------------===//
     13  1.1  mrg 
     14  1.1  mrg #include "asan_activation.h"
     15  1.1  mrg #include "asan_allocator.h"
     16  1.1  mrg #include "asan_fake_stack.h"
     17  1.1  mrg #include "asan_interceptors.h"
     18  1.1  mrg #include "asan_interface_internal.h"
     19  1.1  mrg #include "asan_internal.h"
     20  1.1  mrg #include "asan_mapping.h"
     21  1.1  mrg #include "asan_poisoning.h"
     22  1.1  mrg #include "asan_report.h"
     23  1.1  mrg #include "asan_stack.h"
     24  1.1  mrg #include "asan_stats.h"
     25  1.1  mrg #include "asan_suppressions.h"
     26  1.1  mrg #include "asan_thread.h"
     27  1.1  mrg #include "lsan/lsan_common.h"
     28  1.1  mrg #include "sanitizer_common/sanitizer_atomic.h"
     29  1.1  mrg #include "sanitizer_common/sanitizer_flags.h"
     30  1.1  mrg #include "sanitizer_common/sanitizer_libc.h"
     31  1.1  mrg #include "sanitizer_common/sanitizer_symbolizer.h"
     32  1.1  mrg #include "ubsan/ubsan_init.h"
     33  1.1  mrg #include "ubsan/ubsan_platform.h"
     34  1.1  mrg 
     35  1.1  mrg uptr __asan_shadow_memory_dynamic_address;  // Global interface symbol.
     36  1.1  mrg int __asan_option_detect_stack_use_after_return;  // Global interface symbol.
     37  1.1  mrg uptr *__asan_test_only_reported_buggy_pointer;  // Used only for testing asan.
     38  1.1  mrg 
     39  1.1  mrg namespace __asan {
     40  1.1  mrg 
     41  1.1  mrg uptr AsanMappingProfile[kAsanMappingProfileSize];
     42  1.1  mrg 
     43  1.1  mrg static void AsanDie() {
     44  1.1  mrg   static atomic_uint32_t num_calls;
     45  1.1  mrg   if (atomic_fetch_add(&num_calls, 1, memory_order_relaxed) != 0) {
     46  1.1  mrg     // Don't die twice - run a busy loop.
     47  1.1  mrg     while (1) { }
     48  1.1  mrg   }
     49  1.1  mrg   if (common_flags()->print_module_map >= 1)
     50  1.1  mrg     DumpProcessMap();
     51  1.1  mrg   if (flags()->sleep_before_dying) {
     52  1.1  mrg     Report("Sleeping for %d second(s)\n", flags()->sleep_before_dying);
     53  1.1  mrg     SleepForSeconds(flags()->sleep_before_dying);
     54  1.1  mrg   }
     55  1.1  mrg   if (flags()->unmap_shadow_on_exit) {
     56  1.1  mrg     if (kMidMemBeg) {
     57  1.1  mrg       UnmapOrDie((void*)kLowShadowBeg, kMidMemBeg - kLowShadowBeg);
     58  1.1  mrg       UnmapOrDie((void*)kMidMemEnd, kHighShadowEnd - kMidMemEnd);
     59  1.1  mrg     } else {
     60  1.1  mrg       if (kHighShadowEnd)
     61  1.1  mrg         UnmapOrDie((void*)kLowShadowBeg, kHighShadowEnd - kLowShadowBeg);
     62  1.1  mrg     }
     63  1.1  mrg   }
     64  1.1  mrg }
     65  1.1  mrg 
     66  1.1  mrg static void CheckUnwind() {
     67  1.1  mrg   GET_STACK_TRACE(kStackTraceMax, common_flags()->fast_unwind_on_check);
     68  1.1  mrg   stack.Print();
     69  1.1  mrg }
     70  1.1  mrg 
     71  1.1  mrg // -------------------------- Globals --------------------- {{{1
     72  1.1  mrg int asan_inited;
     73  1.1  mrg bool asan_init_is_running;
     74  1.1  mrg 
     75  1.1  mrg #if !ASAN_FIXED_MAPPING
     76  1.1  mrg uptr kHighMemEnd, kMidMemBeg, kMidMemEnd;
     77  1.1  mrg #endif
     78  1.1  mrg 
     79  1.1  mrg // -------------------------- Misc ---------------- {{{1
     80  1.1  mrg void ShowStatsAndAbort() {
     81  1.1  mrg   __asan_print_accumulated_stats();
     82  1.1  mrg   Die();
     83  1.1  mrg }
     84  1.1  mrg 
     85  1.1  mrg NOINLINE
     86  1.1  mrg static void ReportGenericErrorWrapper(uptr addr, bool is_write, int size,
     87  1.1  mrg                                       int exp_arg, bool fatal) {
     88  1.1  mrg   if (__asan_test_only_reported_buggy_pointer) {
     89  1.1  mrg     *__asan_test_only_reported_buggy_pointer = addr;
     90  1.1  mrg   } else {
     91  1.1  mrg     GET_CALLER_PC_BP_SP;
     92  1.1  mrg     ReportGenericError(pc, bp, sp, addr, is_write, size, exp_arg, fatal);
     93  1.1  mrg   }
     94  1.1  mrg }
     95  1.1  mrg 
     96  1.1  mrg // --------------- LowLevelAllocateCallbac ---------- {{{1
     97  1.1  mrg static void OnLowLevelAllocate(uptr ptr, uptr size) {
     98  1.1  mrg   PoisonShadow(ptr, size, kAsanInternalHeapMagic);
     99  1.1  mrg }
    100  1.1  mrg 
    101  1.1  mrg // -------------------------- Run-time entry ------------------- {{{1
    102  1.1  mrg // exported functions
    103  1.1  mrg #define ASAN_REPORT_ERROR(type, is_write, size)                     \
    104  1.1  mrg extern "C" NOINLINE INTERFACE_ATTRIBUTE                             \
    105  1.1  mrg void __asan_report_ ## type ## size(uptr addr) {                    \
    106  1.1  mrg   GET_CALLER_PC_BP_SP;                                              \
    107  1.1  mrg   ReportGenericError(pc, bp, sp, addr, is_write, size, 0, true);    \
    108  1.1  mrg }                                                                   \
    109  1.1  mrg extern "C" NOINLINE INTERFACE_ATTRIBUTE                             \
    110  1.1  mrg void __asan_report_exp_ ## type ## size(uptr addr, u32 exp) {       \
    111  1.1  mrg   GET_CALLER_PC_BP_SP;                                              \
    112  1.1  mrg   ReportGenericError(pc, bp, sp, addr, is_write, size, exp, true);  \
    113  1.1  mrg }                                                                   \
    114  1.1  mrg extern "C" NOINLINE INTERFACE_ATTRIBUTE                             \
    115  1.1  mrg void __asan_report_ ## type ## size ## _noabort(uptr addr) {        \
    116  1.1  mrg   GET_CALLER_PC_BP_SP;                                              \
    117  1.1  mrg   ReportGenericError(pc, bp, sp, addr, is_write, size, 0, false);   \
    118  1.1  mrg }                                                                   \
    119  1.1  mrg 
    120  1.1  mrg ASAN_REPORT_ERROR(load, false, 1)
    121  1.1  mrg ASAN_REPORT_ERROR(load, false, 2)
    122  1.1  mrg ASAN_REPORT_ERROR(load, false, 4)
    123  1.1  mrg ASAN_REPORT_ERROR(load, false, 8)
    124  1.1  mrg ASAN_REPORT_ERROR(load, false, 16)
    125  1.1  mrg ASAN_REPORT_ERROR(store, true, 1)
    126  1.1  mrg ASAN_REPORT_ERROR(store, true, 2)
    127  1.1  mrg ASAN_REPORT_ERROR(store, true, 4)
    128  1.1  mrg ASAN_REPORT_ERROR(store, true, 8)
    129  1.1  mrg ASAN_REPORT_ERROR(store, true, 16)
    130  1.1  mrg 
    131  1.1  mrg #define ASAN_REPORT_ERROR_N(type, is_write)                                 \
    132  1.1  mrg extern "C" NOINLINE INTERFACE_ATTRIBUTE                                     \
    133  1.1  mrg void __asan_report_ ## type ## _n(uptr addr, uptr size) {                   \
    134  1.1  mrg   GET_CALLER_PC_BP_SP;                                                      \
    135  1.1  mrg   ReportGenericError(pc, bp, sp, addr, is_write, size, 0, true);            \
    136  1.1  mrg }                                                                           \
    137  1.1  mrg extern "C" NOINLINE INTERFACE_ATTRIBUTE                                     \
    138  1.1  mrg void __asan_report_exp_ ## type ## _n(uptr addr, uptr size, u32 exp) {      \
    139  1.1  mrg   GET_CALLER_PC_BP_SP;                                                      \
    140  1.1  mrg   ReportGenericError(pc, bp, sp, addr, is_write, size, exp, true);          \
    141  1.1  mrg }                                                                           \
    142  1.1  mrg extern "C" NOINLINE INTERFACE_ATTRIBUTE                                     \
    143  1.1  mrg void __asan_report_ ## type ## _n_noabort(uptr addr, uptr size) {           \
    144  1.1  mrg   GET_CALLER_PC_BP_SP;                                                      \
    145  1.1  mrg   ReportGenericError(pc, bp, sp, addr, is_write, size, 0, false);           \
    146  1.1  mrg }                                                                           \
    147  1.1  mrg 
    148  1.1  mrg ASAN_REPORT_ERROR_N(load, false)
    149  1.1  mrg ASAN_REPORT_ERROR_N(store, true)
    150  1.1  mrg 
    151  1.1  mrg #define ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, exp_arg, fatal) \
    152  1.1  mrg   uptr sp = MEM_TO_SHADOW(addr);                                               \
    153  1.1  mrg   uptr s = size <= SHADOW_GRANULARITY ? *reinterpret_cast<u8 *>(sp)            \
    154  1.1  mrg                                       : *reinterpret_cast<u16 *>(sp);          \
    155  1.1  mrg   if (UNLIKELY(s)) {                                                           \
    156  1.1  mrg     if (UNLIKELY(size >= SHADOW_GRANULARITY ||                                 \
    157  1.1  mrg                  ((s8)((addr & (SHADOW_GRANULARITY - 1)) + size - 1)) >=       \
    158  1.1  mrg                      (s8)s)) {                                                 \
    159  1.1  mrg       ReportGenericErrorWrapper(addr, is_write, size, exp_arg, fatal);         \
    160  1.1  mrg     }                                                                          \
    161  1.1  mrg   }
    162  1.1  mrg 
    163  1.1  mrg #define ASAN_MEMORY_ACCESS_CALLBACK(type, is_write, size)                      \
    164  1.1  mrg   extern "C" NOINLINE INTERFACE_ATTRIBUTE                                      \
    165  1.1  mrg   void __asan_##type##size(uptr addr) {                                        \
    166  1.1  mrg     ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, 0, true)            \
    167  1.1  mrg   }                                                                            \
    168  1.1  mrg   extern "C" NOINLINE INTERFACE_ATTRIBUTE                                      \
    169  1.1  mrg   void __asan_exp_##type##size(uptr addr, u32 exp) {                           \
    170  1.1  mrg     ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, exp, true)          \
    171  1.1  mrg   }                                                                            \
    172  1.1  mrg   extern "C" NOINLINE INTERFACE_ATTRIBUTE                                      \
    173  1.1  mrg   void __asan_##type##size ## _noabort(uptr addr) {                            \
    174  1.1  mrg     ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, 0, false)           \
    175  1.1  mrg   }                                                                            \
    176  1.1  mrg 
    177  1.1  mrg ASAN_MEMORY_ACCESS_CALLBACK(load, false, 1)
    178  1.1  mrg ASAN_MEMORY_ACCESS_CALLBACK(load, false, 2)
    179  1.1  mrg ASAN_MEMORY_ACCESS_CALLBACK(load, false, 4)
    180  1.1  mrg ASAN_MEMORY_ACCESS_CALLBACK(load, false, 8)
    181  1.1  mrg ASAN_MEMORY_ACCESS_CALLBACK(load, false, 16)
    182  1.1  mrg ASAN_MEMORY_ACCESS_CALLBACK(store, true, 1)
    183  1.1  mrg ASAN_MEMORY_ACCESS_CALLBACK(store, true, 2)
    184  1.1  mrg ASAN_MEMORY_ACCESS_CALLBACK(store, true, 4)
    185  1.1  mrg ASAN_MEMORY_ACCESS_CALLBACK(store, true, 8)
    186  1.1  mrg ASAN_MEMORY_ACCESS_CALLBACK(store, true, 16)
    187  1.1  mrg 
    188  1.1  mrg extern "C"
    189  1.1  mrg NOINLINE INTERFACE_ATTRIBUTE
    190  1.1  mrg void __asan_loadN(uptr addr, uptr size) {
    191  1.1  mrg   if (__asan_region_is_poisoned(addr, size)) {
    192  1.1  mrg     GET_CALLER_PC_BP_SP;
    193  1.1  mrg     ReportGenericError(pc, bp, sp, addr, false, size, 0, true);
    194  1.1  mrg   }
    195  1.1  mrg }
    196  1.1  mrg 
    197  1.1  mrg extern "C"
    198  1.1  mrg NOINLINE INTERFACE_ATTRIBUTE
    199  1.1  mrg void __asan_exp_loadN(uptr addr, uptr size, u32 exp) {
    200  1.1  mrg   if (__asan_region_is_poisoned(addr, size)) {
    201  1.1  mrg     GET_CALLER_PC_BP_SP;
    202  1.1  mrg     ReportGenericError(pc, bp, sp, addr, false, size, exp, true);
    203  1.1  mrg   }
    204  1.1  mrg }
    205  1.1  mrg 
    206  1.1  mrg extern "C"
    207  1.1  mrg NOINLINE INTERFACE_ATTRIBUTE
    208  1.1  mrg void __asan_loadN_noabort(uptr addr, uptr size) {
    209  1.1  mrg   if (__asan_region_is_poisoned(addr, size)) {
    210  1.1  mrg     GET_CALLER_PC_BP_SP;
    211  1.1  mrg     ReportGenericError(pc, bp, sp, addr, false, size, 0, false);
    212  1.1  mrg   }
    213  1.1  mrg }
    214  1.1  mrg 
    215  1.1  mrg extern "C"
    216  1.1  mrg NOINLINE INTERFACE_ATTRIBUTE
    217  1.1  mrg void __asan_storeN(uptr addr, uptr size) {
    218  1.1  mrg   if (__asan_region_is_poisoned(addr, size)) {
    219  1.1  mrg     GET_CALLER_PC_BP_SP;
    220  1.1  mrg     ReportGenericError(pc, bp, sp, addr, true, size, 0, true);
    221  1.1  mrg   }
    222  1.1  mrg }
    223  1.1  mrg 
    224  1.1  mrg extern "C"
    225  1.1  mrg NOINLINE INTERFACE_ATTRIBUTE
    226  1.1  mrg void __asan_exp_storeN(uptr addr, uptr size, u32 exp) {
    227  1.1  mrg   if (__asan_region_is_poisoned(addr, size)) {
    228  1.1  mrg     GET_CALLER_PC_BP_SP;
    229  1.1  mrg     ReportGenericError(pc, bp, sp, addr, true, size, exp, true);
    230  1.1  mrg   }
    231  1.1  mrg }
    232  1.1  mrg 
    233  1.1  mrg extern "C"
    234  1.1  mrg NOINLINE INTERFACE_ATTRIBUTE
    235  1.1  mrg void __asan_storeN_noabort(uptr addr, uptr size) {
    236  1.1  mrg   if (__asan_region_is_poisoned(addr, size)) {
    237  1.1  mrg     GET_CALLER_PC_BP_SP;
    238  1.1  mrg     ReportGenericError(pc, bp, sp, addr, true, size, 0, false);
    239  1.1  mrg   }
    240  1.1  mrg }
    241  1.1  mrg 
    242  1.1  mrg // Force the linker to keep the symbols for various ASan interface functions.
    243  1.1  mrg // We want to keep those in the executable in order to let the instrumented
    244  1.1  mrg // dynamic libraries access the symbol even if it is not used by the executable
    245  1.1  mrg // itself. This should help if the build system is removing dead code at link
    246  1.1  mrg // time.
    247  1.1  mrg static NOINLINE void force_interface_symbols() {
    248  1.1  mrg   volatile int fake_condition = 0;  // prevent dead condition elimination.
    249  1.1  mrg   // __asan_report_* functions are noreturn, so we need a switch to prevent
    250  1.1  mrg   // the compiler from removing any of them.
    251  1.1  mrg   // clang-format off
    252  1.1  mrg   switch (fake_condition) {
    253  1.1  mrg     case 1: __asan_report_load1(0); break;
    254  1.1  mrg     case 2: __asan_report_load2(0); break;
    255  1.1  mrg     case 3: __asan_report_load4(0); break;
    256  1.1  mrg     case 4: __asan_report_load8(0); break;
    257  1.1  mrg     case 5: __asan_report_load16(0); break;
    258  1.1  mrg     case 6: __asan_report_load_n(0, 0); break;
    259  1.1  mrg     case 7: __asan_report_store1(0); break;
    260  1.1  mrg     case 8: __asan_report_store2(0); break;
    261  1.1  mrg     case 9: __asan_report_store4(0); break;
    262  1.1  mrg     case 10: __asan_report_store8(0); break;
    263  1.1  mrg     case 11: __asan_report_store16(0); break;
    264  1.1  mrg     case 12: __asan_report_store_n(0, 0); break;
    265  1.1  mrg     case 13: __asan_report_exp_load1(0, 0); break;
    266  1.1  mrg     case 14: __asan_report_exp_load2(0, 0); break;
    267  1.1  mrg     case 15: __asan_report_exp_load4(0, 0); break;
    268  1.1  mrg     case 16: __asan_report_exp_load8(0, 0); break;
    269  1.1  mrg     case 17: __asan_report_exp_load16(0, 0); break;
    270  1.1  mrg     case 18: __asan_report_exp_load_n(0, 0, 0); break;
    271  1.1  mrg     case 19: __asan_report_exp_store1(0, 0); break;
    272  1.1  mrg     case 20: __asan_report_exp_store2(0, 0); break;
    273  1.1  mrg     case 21: __asan_report_exp_store4(0, 0); break;
    274  1.1  mrg     case 22: __asan_report_exp_store8(0, 0); break;
    275  1.1  mrg     case 23: __asan_report_exp_store16(0, 0); break;
    276  1.1  mrg     case 24: __asan_report_exp_store_n(0, 0, 0); break;
    277  1.1  mrg     case 25: __asan_register_globals(nullptr, 0); break;
    278  1.1  mrg     case 26: __asan_unregister_globals(nullptr, 0); break;
    279  1.1  mrg     case 27: __asan_set_death_callback(nullptr); break;
    280  1.1  mrg     case 28: __asan_set_error_report_callback(nullptr); break;
    281  1.1  mrg     case 29: __asan_handle_no_return(); break;
    282  1.1  mrg     case 30: __asan_address_is_poisoned(nullptr); break;
    283  1.1  mrg     case 31: __asan_poison_memory_region(nullptr, 0); break;
    284  1.1  mrg     case 32: __asan_unpoison_memory_region(nullptr, 0); break;
    285  1.1  mrg     case 34: __asan_before_dynamic_init(nullptr); break;
    286  1.1  mrg     case 35: __asan_after_dynamic_init(); break;
    287  1.1  mrg     case 36: __asan_poison_stack_memory(0, 0); break;
    288  1.1  mrg     case 37: __asan_unpoison_stack_memory(0, 0); break;
    289  1.1  mrg     case 38: __asan_region_is_poisoned(0, 0); break;
    290  1.1  mrg     case 39: __asan_describe_address(0); break;
    291  1.1  mrg     case 40: __asan_set_shadow_00(0, 0); break;
    292  1.1  mrg     case 41: __asan_set_shadow_f1(0, 0); break;
    293  1.1  mrg     case 42: __asan_set_shadow_f2(0, 0); break;
    294  1.1  mrg     case 43: __asan_set_shadow_f3(0, 0); break;
    295  1.1  mrg     case 44: __asan_set_shadow_f5(0, 0); break;
    296  1.1  mrg     case 45: __asan_set_shadow_f8(0, 0); break;
    297  1.1  mrg   }
    298  1.1  mrg   // clang-format on
    299  1.1  mrg }
    300  1.1  mrg 
    301  1.1  mrg static void asan_atexit() {
    302  1.1  mrg   Printf("AddressSanitizer exit stats:\n");
    303  1.1  mrg   __asan_print_accumulated_stats();
    304  1.1  mrg   // Print AsanMappingProfile.
    305  1.1  mrg   for (uptr i = 0; i < kAsanMappingProfileSize; i++) {
    306  1.1  mrg     if (AsanMappingProfile[i] == 0) continue;
    307  1.1  mrg     Printf("asan_mapping.h:%zd -- %zd\n", i, AsanMappingProfile[i]);
    308  1.1  mrg   }
    309  1.1  mrg }
    310  1.1  mrg 
    311  1.1  mrg static void InitializeHighMemEnd() {
    312  1.1  mrg #if !ASAN_FIXED_MAPPING
    313  1.1  mrg   kHighMemEnd = GetMaxUserVirtualAddress();
    314  1.1  mrg   // Increase kHighMemEnd to make sure it's properly
    315  1.1  mrg   // aligned together with kHighMemBeg:
    316  1.1  mrg   kHighMemEnd |= (GetMmapGranularity() << SHADOW_SCALE) - 1;
    317  1.1  mrg #endif  // !ASAN_FIXED_MAPPING
    318  1.1  mrg   CHECK_EQ((kHighMemBeg % GetMmapGranularity()), 0);
    319  1.1  mrg }
    320  1.1  mrg 
    321  1.1  mrg void PrintAddressSpaceLayout() {
    322  1.1  mrg   if (kHighMemBeg) {
    323  1.1  mrg     Printf("|| `[%p, %p]` || HighMem    ||\n",
    324  1.1  mrg            (void*)kHighMemBeg, (void*)kHighMemEnd);
    325  1.1  mrg     Printf("|| `[%p, %p]` || HighShadow ||\n",
    326  1.1  mrg            (void*)kHighShadowBeg, (void*)kHighShadowEnd);
    327  1.1  mrg   }
    328  1.1  mrg   if (kMidMemBeg) {
    329  1.1  mrg     Printf("|| `[%p, %p]` || ShadowGap3 ||\n",
    330  1.1  mrg            (void*)kShadowGap3Beg, (void*)kShadowGap3End);
    331  1.1  mrg     Printf("|| `[%p, %p]` || MidMem     ||\n",
    332  1.1  mrg            (void*)kMidMemBeg, (void*)kMidMemEnd);
    333  1.1  mrg     Printf("|| `[%p, %p]` || ShadowGap2 ||\n",
    334  1.1  mrg            (void*)kShadowGap2Beg, (void*)kShadowGap2End);
    335  1.1  mrg     Printf("|| `[%p, %p]` || MidShadow  ||\n",
    336  1.1  mrg            (void*)kMidShadowBeg, (void*)kMidShadowEnd);
    337  1.1  mrg   }
    338  1.1  mrg   Printf("|| `[%p, %p]` || ShadowGap  ||\n",
    339  1.1  mrg          (void*)kShadowGapBeg, (void*)kShadowGapEnd);
    340  1.1  mrg   if (kLowShadowBeg) {
    341  1.1  mrg     Printf("|| `[%p, %p]` || LowShadow  ||\n",
    342  1.1  mrg            (void*)kLowShadowBeg, (void*)kLowShadowEnd);
    343  1.1  mrg     Printf("|| `[%p, %p]` || LowMem     ||\n",
    344  1.1  mrg            (void*)kLowMemBeg, (void*)kLowMemEnd);
    345  1.1  mrg   }
    346  1.1  mrg   Printf("MemToShadow(shadow): %p %p",
    347  1.1  mrg          (void*)MEM_TO_SHADOW(kLowShadowBeg),
    348  1.1  mrg          (void*)MEM_TO_SHADOW(kLowShadowEnd));
    349  1.1  mrg   if (kHighMemBeg) {
    350  1.1  mrg     Printf(" %p %p",
    351  1.1  mrg            (void*)MEM_TO_SHADOW(kHighShadowBeg),
    352  1.1  mrg            (void*)MEM_TO_SHADOW(kHighShadowEnd));
    353  1.1  mrg   }
    354  1.1  mrg   if (kMidMemBeg) {
    355  1.1  mrg     Printf(" %p %p",
    356  1.1  mrg            (void*)MEM_TO_SHADOW(kMidShadowBeg),
    357  1.1  mrg            (void*)MEM_TO_SHADOW(kMidShadowEnd));
    358  1.1  mrg   }
    359  1.1  mrg   Printf("\n");
    360  1.1  mrg   Printf("redzone=%zu\n", (uptr)flags()->redzone);
    361  1.1  mrg   Printf("max_redzone=%zu\n", (uptr)flags()->max_redzone);
    362  1.1  mrg   Printf("quarantine_size_mb=%zuM\n", (uptr)flags()->quarantine_size_mb);
    363  1.1  mrg   Printf("thread_local_quarantine_size_kb=%zuK\n",
    364  1.1  mrg          (uptr)flags()->thread_local_quarantine_size_kb);
    365  1.1  mrg   Printf("malloc_context_size=%zu\n",
    366  1.1  mrg          (uptr)common_flags()->malloc_context_size);
    367  1.1  mrg 
    368  1.1  mrg   Printf("SHADOW_SCALE: %d\n", (int)SHADOW_SCALE);
    369  1.1  mrg   Printf("SHADOW_GRANULARITY: %d\n", (int)SHADOW_GRANULARITY);
    370  1.1  mrg   Printf("SHADOW_OFFSET: 0x%zx\n", (uptr)SHADOW_OFFSET);
    371  1.1  mrg   CHECK(SHADOW_SCALE >= 3 && SHADOW_SCALE <= 7);
    372  1.1  mrg   if (kMidMemBeg)
    373  1.1  mrg     CHECK(kMidShadowBeg > kLowShadowEnd &&
    374  1.1  mrg           kMidMemBeg > kMidShadowEnd &&
    375  1.1  mrg           kHighShadowBeg > kMidMemEnd);
    376  1.1  mrg }
    377  1.1  mrg 
    378  1.1  mrg #if defined(__thumb__) && defined(__linux__)
    379  1.1  mrg #define START_BACKGROUND_THREAD_IN_ASAN_INTERNAL
    380  1.1  mrg #endif
    381  1.1  mrg 
    382  1.1  mrg #ifndef START_BACKGROUND_THREAD_IN_ASAN_INTERNAL
    383  1.1  mrg static bool UNUSED __local_asan_dyninit = [] {
    384  1.1  mrg   MaybeStartBackgroudThread();
    385  1.1  mrg   SetSoftRssLimitExceededCallback(AsanSoftRssLimitExceededCallback);
    386  1.1  mrg 
    387  1.1  mrg   return false;
    388  1.1  mrg }();
    389  1.1  mrg #endif
    390  1.1  mrg 
    391  1.1  mrg static void AsanInitInternal() {
    392  1.1  mrg   if (LIKELY(asan_inited)) return;
    393  1.1  mrg   SanitizerToolName = "AddressSanitizer";
    394  1.1  mrg   CHECK(!asan_init_is_running && "ASan init calls itself!");
    395  1.1  mrg   asan_init_is_running = true;
    396  1.1  mrg 
    397  1.1  mrg   CacheBinaryName();
    398  1.1  mrg 
    399  1.1  mrg   // Initialize flags. This must be done early, because most of the
    400  1.1  mrg   // initialization steps look at flags().
    401  1.1  mrg   InitializeFlags();
    402  1.1  mrg 
    403  1.1  mrg   // Stop performing init at this point if we are being loaded via
    404  1.1  mrg   // dlopen() and the platform supports it.
    405  1.1  mrg   if (SANITIZER_SUPPORTS_INIT_FOR_DLOPEN && UNLIKELY(HandleDlopenInit())) {
    406  1.1  mrg     asan_init_is_running = false;
    407  1.1  mrg     VReport(1, "AddressSanitizer init is being performed for dlopen().\n");
    408  1.1  mrg     return;
    409  1.1  mrg   }
    410  1.1  mrg 
    411  1.1  mrg   AsanCheckIncompatibleRT();
    412  1.1  mrg   AsanCheckDynamicRTPrereqs();
    413  1.1  mrg   AvoidCVE_2016_2143();
    414  1.1  mrg 
    415  1.1  mrg   SetCanPoisonMemory(flags()->poison_heap);
    416  1.1  mrg   SetMallocContextSize(common_flags()->malloc_context_size);
    417  1.1  mrg 
    418  1.1  mrg   InitializePlatformExceptionHandlers();
    419  1.1  mrg 
    420  1.1  mrg   InitializeHighMemEnd();
    421  1.1  mrg 
    422  1.1  mrg   // Make sure we are not statically linked.
    423  1.1  mrg   AsanDoesNotSupportStaticLinkage();
    424  1.1  mrg 
    425  1.1  mrg   // Install tool-specific callbacks in sanitizer_common.
    426  1.1  mrg   AddDieCallback(AsanDie);
    427  1.1  mrg   SetCheckUnwindCallback(CheckUnwind);
    428  1.1  mrg   SetPrintfAndReportCallback(AppendToErrorMessageBuffer);
    429  1.1  mrg 
    430  1.1  mrg   __sanitizer_set_report_path(common_flags()->log_path);
    431  1.1  mrg 
    432  1.1  mrg   __asan_option_detect_stack_use_after_return =
    433  1.1  mrg       flags()->detect_stack_use_after_return;
    434  1.1  mrg 
    435  1.1  mrg   __sanitizer::InitializePlatformEarly();
    436  1.1  mrg 
    437  1.1  mrg   // Re-exec ourselves if we need to set additional env or command line args.
    438  1.1  mrg   MaybeReexec();
    439  1.1  mrg 
    440  1.1  mrg   // Setup internal allocator callback.
    441  1.1  mrg   SetLowLevelAllocateMinAlignment(SHADOW_GRANULARITY);
    442  1.1  mrg   SetLowLevelAllocateCallback(OnLowLevelAllocate);
    443  1.1  mrg 
    444  1.1  mrg   InitializeAsanInterceptors();
    445  1.1  mrg   CheckASLR();
    446  1.1  mrg 
    447  1.1  mrg   // Enable system log ("adb logcat") on Android.
    448  1.1  mrg   // Doing this before interceptors are initialized crashes in:
    449  1.1  mrg   // AsanInitInternal -> android_log_write -> __interceptor_strcmp
    450  1.1  mrg   AndroidLogInit();
    451  1.1  mrg 
    452  1.1  mrg   ReplaceSystemMalloc();
    453  1.1  mrg 
    454  1.1  mrg   DisableCoreDumperIfNecessary();
    455  1.1  mrg 
    456  1.1  mrg   InitializeShadowMemory();
    457  1.1  mrg 
    458  1.1  mrg   AsanTSDInit(PlatformTSDDtor);
    459  1.1  mrg   InstallDeadlySignalHandlers(AsanOnDeadlySignal);
    460  1.1  mrg 
    461  1.1  mrg   AllocatorOptions allocator_options;
    462  1.1  mrg   allocator_options.SetFrom(flags(), common_flags());
    463  1.1  mrg   InitializeAllocator(allocator_options);
    464  1.1  mrg 
    465  1.1  mrg #ifdef START_BACKGROUND_THREAD_IN_ASAN_INTERNAL
    466  1.1  mrg   MaybeStartBackgroudThread();
    467  1.1  mrg   SetSoftRssLimitExceededCallback(AsanSoftRssLimitExceededCallback);
    468  1.1  mrg #endif
    469  1.1  mrg 
    470  1.1  mrg   // On Linux AsanThread::ThreadStart() calls malloc() that's why asan_inited
    471  1.1  mrg   // should be set to 1 prior to initializing the threads.
    472  1.1  mrg   asan_inited = 1;
    473  1.1  mrg   asan_init_is_running = false;
    474  1.1  mrg 
    475  1.1  mrg   if (flags()->atexit)
    476  1.1  mrg     Atexit(asan_atexit);
    477  1.1  mrg 
    478  1.1  mrg   InitializeCoverage(common_flags()->coverage, common_flags()->coverage_dir);
    479  1.1  mrg 
    480  1.1  mrg   // Now that ASan runtime is (mostly) initialized, deactivate it if
    481  1.1  mrg   // necessary, so that it can be re-activated when requested.
    482  1.1  mrg   if (flags()->start_deactivated)
    483  1.1  mrg     AsanDeactivate();
    484  1.1  mrg 
    485  1.1  mrg   // interceptors
    486  1.1  mrg   InitTlsSize();
    487  1.1  mrg 
    488  1.1  mrg   // Create main thread.
    489  1.1  mrg   AsanThread *main_thread = CreateMainThread();
    490  1.1  mrg   CHECK_EQ(0, main_thread->tid());
    491  1.1  mrg   force_interface_symbols();  // no-op.
    492  1.1  mrg   SanitizerInitializeUnwinder();
    493  1.1  mrg 
    494  1.1  mrg   if (CAN_SANITIZE_LEAKS) {
    495  1.1  mrg     __lsan::InitCommonLsan();
    496  1.1  mrg     if (common_flags()->detect_leaks && common_flags()->leak_check_at_exit) {
    497  1.1  mrg       if (flags()->halt_on_error)
    498  1.1  mrg         Atexit(__lsan::DoLeakCheck);
    499  1.1  mrg       else
    500  1.1  mrg         Atexit(__lsan::DoRecoverableLeakCheckVoid);
    501  1.1  mrg     }
    502  1.1  mrg   }
    503  1.1  mrg 
    504  1.1  mrg #if CAN_SANITIZE_UB
    505  1.1  mrg   __ubsan::InitAsPlugin();
    506  1.1  mrg #endif
    507  1.1  mrg 
    508  1.1  mrg   InitializeSuppressions();
    509  1.1  mrg 
    510  1.1  mrg   if (CAN_SANITIZE_LEAKS) {
    511  1.1  mrg     // LateInitialize() calls dlsym, which can allocate an error string buffer
    512  1.1  mrg     // in the TLS.  Let's ignore the allocation to avoid reporting a leak.
    513  1.1  mrg     __lsan::ScopedInterceptorDisabler disabler;
    514  1.1  mrg     Symbolizer::LateInitialize();
    515  1.1  mrg   } else {
    516  1.1  mrg     Symbolizer::LateInitialize();
    517  1.1  mrg   }
    518  1.1  mrg 
    519  1.1  mrg   VReport(1, "AddressSanitizer Init done\n");
    520  1.1  mrg 
    521  1.1  mrg   if (flags()->sleep_after_init) {
    522  1.1  mrg     Report("Sleeping for %d second(s)\n", flags()->sleep_after_init);
    523  1.1  mrg     SleepForSeconds(flags()->sleep_after_init);
    524  1.1  mrg   }
    525  1.1  mrg }
    526  1.1  mrg 
    527  1.1  mrg // Initialize as requested from some part of ASan runtime library (interceptors,
    528  1.1  mrg // allocator, etc).
    529  1.1  mrg void AsanInitFromRtl() {
    530  1.1  mrg   AsanInitInternal();
    531  1.1  mrg }
    532  1.1  mrg 
    533  1.1  mrg #if ASAN_DYNAMIC
    534  1.1  mrg // Initialize runtime in case it's LD_PRELOAD-ed into unsanitized executable
    535  1.1  mrg // (and thus normal initializers from .preinit_array or modules haven't run).
    536  1.1  mrg 
    537  1.1  mrg class AsanInitializer {
    538  1.1  mrg  public:
    539  1.1  mrg   AsanInitializer() {
    540  1.1  mrg     AsanInitFromRtl();
    541  1.1  mrg   }
    542  1.1  mrg };
    543  1.1  mrg 
    544  1.1  mrg static AsanInitializer asan_initializer;
    545  1.1  mrg #endif  // ASAN_DYNAMIC
    546  1.1  mrg 
    547  1.1  mrg void UnpoisonStack(uptr bottom, uptr top, const char *type) {
    548  1.1  mrg   static const uptr kMaxExpectedCleanupSize = 64 << 20;  // 64M
    549  1.1  mrg   if (top - bottom > kMaxExpectedCleanupSize) {
    550  1.1  mrg     static bool reported_warning = false;
    551  1.1  mrg     if (reported_warning)
    552  1.1  mrg       return;
    553  1.1  mrg     reported_warning = true;
    554  1.1  mrg     Report(
    555  1.1  mrg         "WARNING: ASan is ignoring requested __asan_handle_no_return: "
    556  1.1  mrg         "stack type: %s top: %p; bottom %p; size: %p (%zd)\n"
    557  1.1  mrg         "False positive error reports may follow\n"
    558  1.1  mrg         "For details see "
    559  1.1  mrg         "https://github.com/google/sanitizers/issues/189\n",
    560  1.1  mrg         type, (void *)top, (void *)bottom, (void *)(top - bottom),
    561  1.1  mrg         top - bottom);
    562  1.1  mrg     return;
    563  1.1  mrg   }
    564  1.1  mrg   PoisonShadow(bottom, RoundUpTo(top - bottom, SHADOW_GRANULARITY), 0);
    565  1.1  mrg }
    566  1.1  mrg 
    567  1.1  mrg static void UnpoisonDefaultStack() {
    568  1.1  mrg   uptr bottom, top;
    569  1.1  mrg 
    570  1.1  mrg   if (AsanThread *curr_thread = GetCurrentThread()) {
    571  1.1  mrg     int local_stack;
    572  1.1  mrg     const uptr page_size = GetPageSizeCached();
    573  1.1  mrg     top = curr_thread->stack_top();
    574  1.1  mrg     bottom = ((uptr)&local_stack - page_size) & ~(page_size - 1);
    575  1.1  mrg   } else {
    576  1.1  mrg     CHECK(!SANITIZER_FUCHSIA);
    577  1.1  mrg     // If we haven't seen this thread, try asking the OS for stack bounds.
    578  1.1  mrg     uptr tls_addr, tls_size, stack_size;
    579  1.1  mrg     GetThreadStackAndTls(/*main=*/false, &bottom, &stack_size, &tls_addr,
    580  1.1  mrg                          &tls_size);
    581  1.1  mrg     top = bottom + stack_size;
    582  1.1  mrg   }
    583  1.1  mrg 
    584  1.1  mrg   UnpoisonStack(bottom, top, "default");
    585  1.1  mrg }
    586  1.1  mrg 
    587  1.1  mrg static void UnpoisonFakeStack() {
    588  1.1  mrg   AsanThread *curr_thread = GetCurrentThread();
    589  1.1  mrg   if (!curr_thread)
    590  1.1  mrg     return;
    591  1.1  mrg   FakeStack *stack = curr_thread->get_fake_stack();
    592  1.1  mrg   if (!stack)
    593  1.1  mrg     return;
    594  1.1  mrg   stack->HandleNoReturn();
    595  1.1  mrg }
    596  1.1  mrg 
    597  1.1  mrg }  // namespace __asan
    598  1.1  mrg 
    599  1.1  mrg // ---------------------- Interface ---------------- {{{1
    600  1.1  mrg using namespace __asan;
    601  1.1  mrg 
    602  1.1  mrg void NOINLINE __asan_handle_no_return() {
    603  1.1  mrg   if (asan_init_is_running)
    604  1.1  mrg     return;
    605  1.1  mrg 
    606  1.1  mrg   if (!PlatformUnpoisonStacks())
    607  1.1  mrg     UnpoisonDefaultStack();
    608  1.1  mrg 
    609  1.1  mrg   UnpoisonFakeStack();
    610  1.1  mrg }
    611  1.1  mrg 
    612  1.1  mrg extern "C" void *__asan_extra_spill_area() {
    613  1.1  mrg   AsanThread *t = GetCurrentThread();
    614  1.1  mrg   CHECK(t);
    615  1.1  mrg   return t->extra_spill_area();
    616  1.1  mrg }
    617  1.1  mrg 
    618  1.1  mrg void __asan_handle_vfork(void *sp) {
    619  1.1  mrg   AsanThread *t = GetCurrentThread();
    620  1.1  mrg   CHECK(t);
    621  1.1  mrg   uptr bottom = t->stack_bottom();
    622  1.1  mrg   PoisonShadow(bottom, (uptr)sp - bottom, 0);
    623  1.1  mrg }
    624  1.1  mrg 
    625  1.1  mrg void NOINLINE __asan_set_death_callback(void (*callback)(void)) {
    626  1.1  mrg   SetUserDieCallback(callback);
    627  1.1  mrg }
    628  1.1  mrg 
    629  1.1  mrg // Initialize as requested from instrumented application code.
    630  1.1  mrg // We use this call as a trigger to wake up ASan from deactivated state.
    631  1.1  mrg void __asan_init() {
    632  1.1  mrg   AsanActivate();
    633  1.1  mrg   AsanInitInternal();
    634  1.1  mrg }
    635  1.1  mrg 
    636  1.1  mrg void __asan_version_mismatch_check() {
    637  1.1  mrg   // Do nothing.
    638  1.1  mrg }
    639