1 //===-- sanitizer_posix_libcdep.cc ----------------------------------------===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This file is shared between AddressSanitizer and ThreadSanitizer 11 // run-time libraries and implements libc-dependent POSIX-specific functions 12 // from sanitizer_libc.h. 13 //===----------------------------------------------------------------------===// 14 15 #include "sanitizer_platform.h" 16 17 #if SANITIZER_POSIX 18 19 #include "sanitizer_common.h" 20 #include "sanitizer_flags.h" 21 #include "sanitizer_platform_limits_netbsd.h" 22 #include "sanitizer_platform_limits_openbsd.h" 23 #include "sanitizer_platform_limits_posix.h" 24 #include "sanitizer_platform_limits_solaris.h" 25 #include "sanitizer_posix.h" 26 #include "sanitizer_procmaps.h" 27 28 #include <errno.h> 29 #include <fcntl.h> 30 #include <pthread.h> 31 #include <signal.h> 32 #include <stdlib.h> 33 #include <sys/mman.h> 34 #include <sys/resource.h> 35 #include <sys/stat.h> 36 #include <sys/time.h> 37 #include <sys/types.h> 38 #include <sys/wait.h> 39 #include <unistd.h> 40 41 #if SANITIZER_FREEBSD 42 // The MAP_NORESERVE define has been removed in FreeBSD 11.x, and even before 43 // that, it was never implemented. So just define it to zero. 44 #undef MAP_NORESERVE 45 #define MAP_NORESERVE 0 46 #endif 47 48 typedef void (*sa_sigaction_t)(int, siginfo_t *, void *); 49 50 namespace __sanitizer { 51 52 u32 GetUid() { 53 return getuid(); 54 } 55 56 uptr GetThreadSelf() { 57 return (uptr)pthread_self(); 58 } 59 60 void ReleaseMemoryPagesToOS(uptr beg, uptr end) { 61 uptr page_size = GetPageSizeCached(); 62 uptr beg_aligned = RoundUpTo(beg, page_size); 63 uptr end_aligned = RoundDownTo(end, page_size); 64 if (beg_aligned < end_aligned) 65 // In the default Solaris compilation environment, madvise() is declared 66 // to take a caddr_t arg; casting it to void * results in an invalid 67 // conversion error, so use char * instead. 68 madvise((char *)beg_aligned, end_aligned - beg_aligned, 69 SANITIZER_MADVISE_DONTNEED); 70 } 71 72 bool NoHugePagesInRegion(uptr addr, uptr size) { 73 #ifdef MADV_NOHUGEPAGE // May not be defined on old systems. 74 return madvise((void *)addr, size, MADV_NOHUGEPAGE) == 0; 75 #else 76 return true; 77 #endif // MADV_NOHUGEPAGE 78 } 79 80 bool DontDumpShadowMemory(uptr addr, uptr length) { 81 #if defined(MADV_DONTDUMP) 82 return madvise((void *)addr, length, MADV_DONTDUMP) == 0; 83 #elif defined(MADV_NOCORE) 84 return madvise((void *)addr, length, MADV_NOCORE) == 0; 85 #else 86 return true; 87 #endif // MADV_DONTDUMP 88 } 89 90 static rlim_t getlim(int res) { 91 rlimit rlim; 92 CHECK_EQ(0, getrlimit(res, &rlim)); 93 return rlim.rlim_cur; 94 } 95 96 static void setlim(int res, rlim_t lim) { 97 struct rlimit rlim; 98 if (getrlimit(res, const_cast<struct rlimit *>(&rlim))) { 99 Report("ERROR: %s getrlimit() failed %d\n", SanitizerToolName, errno); 100 Die(); 101 } 102 rlim.rlim_cur = lim; 103 if (setrlimit(res, const_cast<struct rlimit *>(&rlim))) { 104 Report("ERROR: %s setrlimit() failed %d\n", SanitizerToolName, errno); 105 Die(); 106 } 107 } 108 109 void DisableCoreDumperIfNecessary() { 110 if (common_flags()->disable_coredump) { 111 setlim(RLIMIT_CORE, 0); 112 } 113 } 114 115 bool StackSizeIsUnlimited() { 116 rlim_t stack_size = getlim(RLIMIT_STACK); 117 return (stack_size == RLIM_INFINITY); 118 } 119 120 uptr GetStackSizeLimitInBytes() { 121 return (uptr)getlim(RLIMIT_STACK); 122 } 123 124 void SetStackSizeLimitInBytes(uptr limit) { 125 setlim(RLIMIT_STACK, (rlim_t)limit); 126 CHECK(!StackSizeIsUnlimited()); 127 } 128 129 bool AddressSpaceIsUnlimited() { 130 rlim_t as_size = getlim(RLIMIT_AS); 131 return (as_size == RLIM_INFINITY); 132 } 133 134 void SetAddressSpaceUnlimited() { 135 setlim(RLIMIT_AS, RLIM_INFINITY); 136 CHECK(AddressSpaceIsUnlimited()); 137 } 138 139 void SleepForSeconds(int seconds) { 140 sleep(seconds); 141 } 142 143 void SleepForMillis(int millis) { 144 usleep(millis * 1000); 145 } 146 147 void Abort() { 148 #if !SANITIZER_GO 149 // If we are handling SIGABRT, unhandle it first. 150 // TODO(vitalybuka): Check if handler belongs to sanitizer. 151 if (GetHandleSignalMode(SIGABRT) != kHandleSignalNo) { 152 struct sigaction sigact; 153 internal_memset(&sigact, 0, sizeof(sigact)); 154 sigact.sa_sigaction = (sa_sigaction_t)SIG_DFL; 155 internal_sigaction(SIGABRT, &sigact, nullptr); 156 } 157 #endif 158 159 abort(); 160 } 161 162 int Atexit(void (*function)(void)) { 163 #if !SANITIZER_GO 164 return atexit(function); 165 #else 166 return 0; 167 #endif 168 } 169 170 bool SupportsColoredOutput(fd_t fd) { 171 return isatty(fd) != 0; 172 } 173 174 #if !SANITIZER_GO 175 // TODO(glider): different tools may require different altstack size. 176 static const uptr kAltStackSize = SIGSTKSZ * 4; // SIGSTKSZ is not enough. 177 178 void SetAlternateSignalStack() { 179 stack_t altstack, oldstack; 180 CHECK_EQ(0, sigaltstack(nullptr, &oldstack)); 181 // If the alternate stack is already in place, do nothing. 182 // Android always sets an alternate stack, but it's too small for us. 183 if (!SANITIZER_ANDROID && !(oldstack.ss_flags & SS_DISABLE)) return; 184 // TODO(glider): the mapped stack should have the MAP_STACK flag in the 185 // future. It is not required by man 2 sigaltstack now (they're using 186 // malloc()). 187 void* base = MmapOrDie(kAltStackSize, __func__); 188 altstack.ss_sp = (char*) base; 189 altstack.ss_flags = 0; 190 altstack.ss_size = kAltStackSize; 191 CHECK_EQ(0, sigaltstack(&altstack, nullptr)); 192 } 193 194 void UnsetAlternateSignalStack() { 195 stack_t altstack, oldstack; 196 altstack.ss_sp = nullptr; 197 altstack.ss_flags = SS_DISABLE; 198 altstack.ss_size = kAltStackSize; // Some sane value required on Darwin. 199 CHECK_EQ(0, sigaltstack(&altstack, &oldstack)); 200 UnmapOrDie(oldstack.ss_sp, oldstack.ss_size); 201 } 202 203 static void MaybeInstallSigaction(int signum, 204 SignalHandlerType handler) { 205 if (GetHandleSignalMode(signum) == kHandleSignalNo) return; 206 207 struct sigaction sigact; 208 internal_memset(&sigact, 0, sizeof(sigact)); 209 sigact.sa_sigaction = (sa_sigaction_t)handler; 210 // Do not block the signal from being received in that signal's handler. 211 // Clients are responsible for handling this correctly. 212 sigact.sa_flags = SA_SIGINFO | SA_NODEFER; 213 if (common_flags()->use_sigaltstack) sigact.sa_flags |= SA_ONSTACK; 214 CHECK_EQ(0, internal_sigaction(signum, &sigact, nullptr)); 215 VReport(1, "Installed the sigaction for signal %d\n", signum); 216 } 217 218 void InstallDeadlySignalHandlers(SignalHandlerType handler) { 219 // Set the alternate signal stack for the main thread. 220 // This will cause SetAlternateSignalStack to be called twice, but the stack 221 // will be actually set only once. 222 if (common_flags()->use_sigaltstack) SetAlternateSignalStack(); 223 MaybeInstallSigaction(SIGSEGV, handler); 224 MaybeInstallSigaction(SIGBUS, handler); 225 MaybeInstallSigaction(SIGABRT, handler); 226 MaybeInstallSigaction(SIGFPE, handler); 227 MaybeInstallSigaction(SIGILL, handler); 228 MaybeInstallSigaction(SIGTRAP, handler); 229 } 230 231 bool SignalContext::IsStackOverflow() const { 232 // Access at a reasonable offset above SP, or slightly below it (to account 233 // for x86_64 or PowerPC redzone, ARM push of multiple registers, etc) is 234 // probably a stack overflow. 235 #ifdef __s390__ 236 // On s390, the fault address in siginfo points to start of the page, not 237 // to the precise word that was accessed. Mask off the low bits of sp to 238 // take it into account. 239 bool IsStackAccess = addr >= (sp & ~0xFFF) && addr < sp + 0xFFFF; 240 #else 241 // Let's accept up to a page size away from top of stack. Things like stack 242 // probing can trigger accesses with such large offsets. 243 bool IsStackAccess = addr + GetPageSizeCached() > sp && addr < sp + 0xFFFF; 244 #endif 245 246 #if __powerpc__ 247 // Large stack frames can be allocated with e.g. 248 // lis r0,-10000 249 // stdux r1,r1,r0 # store sp to [sp-10000] and update sp by -10000 250 // If the store faults then sp will not have been updated, so test above 251 // will not work, because the fault address will be more than just "slightly" 252 // below sp. 253 if (!IsStackAccess && IsAccessibleMemoryRange(pc, 4)) { 254 u32 inst = *(unsigned *)pc; 255 u32 ra = (inst >> 16) & 0x1F; 256 u32 opcd = inst >> 26; 257 u32 xo = (inst >> 1) & 0x3FF; 258 // Check for store-with-update to sp. The instructions we accept are: 259 // stbu rs,d(ra) stbux rs,ra,rb 260 // sthu rs,d(ra) sthux rs,ra,rb 261 // stwu rs,d(ra) stwux rs,ra,rb 262 // stdu rs,ds(ra) stdux rs,ra,rb 263 // where ra is r1 (the stack pointer). 264 if (ra == 1 && 265 (opcd == 39 || opcd == 45 || opcd == 37 || opcd == 62 || 266 (opcd == 31 && (xo == 247 || xo == 439 || xo == 183 || xo == 181)))) 267 IsStackAccess = true; 268 } 269 #endif // __powerpc__ 270 271 // We also check si_code to filter out SEGV caused by something else other 272 // then hitting the guard page or unmapped memory, like, for example, 273 // unaligned memory access. 274 auto si = static_cast<const siginfo_t *>(siginfo); 275 return IsStackAccess && 276 (si->si_code == si_SEGV_MAPERR || si->si_code == si_SEGV_ACCERR); 277 } 278 279 #endif // SANITIZER_GO 280 281 bool IsAccessibleMemoryRange(uptr beg, uptr size) { 282 uptr page_size = GetPageSizeCached(); 283 // Checking too large memory ranges is slow. 284 CHECK_LT(size, page_size * 10); 285 int sock_pair[2]; 286 if (pipe(sock_pair)) 287 return false; 288 uptr bytes_written = 289 internal_write(sock_pair[1], reinterpret_cast<void *>(beg), size); 290 int write_errno; 291 bool result; 292 if (internal_iserror(bytes_written, &write_errno)) { 293 CHECK_EQ(EFAULT, write_errno); 294 result = false; 295 } else { 296 result = (bytes_written == size); 297 } 298 internal_close(sock_pair[0]); 299 internal_close(sock_pair[1]); 300 return result; 301 } 302 303 void PlatformPrepareForSandboxing(__sanitizer_sandbox_arguments *args) { 304 // Some kinds of sandboxes may forbid filesystem access, so we won't be able 305 // to read the file mappings from /proc/self/maps. Luckily, neither the 306 // process will be able to load additional libraries, so it's fine to use the 307 // cached mappings. 308 MemoryMappingLayout::CacheMemoryMappings(); 309 } 310 311 #if SANITIZER_ANDROID || SANITIZER_GO 312 int GetNamedMappingFd(const char *name, uptr size) { 313 return -1; 314 } 315 #else 316 int GetNamedMappingFd(const char *name, uptr size) { 317 if (!common_flags()->decorate_proc_maps) 318 return -1; 319 char shmname[200]; 320 CHECK(internal_strlen(name) < sizeof(shmname) - 10); 321 internal_snprintf(shmname, sizeof(shmname), "%zu [%s]", internal_getpid(), 322 name); 323 int fd = shm_open(shmname, O_RDWR | O_CREAT | O_TRUNC, S_IRWXU); 324 CHECK_GE(fd, 0); 325 int res = internal_ftruncate(fd, size); 326 CHECK_EQ(0, res); 327 res = shm_unlink(shmname); 328 CHECK_EQ(0, res); 329 return fd; 330 } 331 #endif 332 333 bool MmapFixedNoReserve(uptr fixed_addr, uptr size, const char *name) { 334 int fd = name ? GetNamedMappingFd(name, size) : -1; 335 unsigned flags = MAP_PRIVATE | MAP_FIXED | MAP_NORESERVE; 336 if (fd == -1) flags |= MAP_ANON; 337 338 uptr PageSize = GetPageSizeCached(); 339 uptr p = internal_mmap((void *)(fixed_addr & ~(PageSize - 1)), 340 RoundUpTo(size, PageSize), PROT_READ | PROT_WRITE, 341 flags, fd, 0); 342 int reserrno; 343 if (internal_iserror(p, &reserrno)) { 344 Report("ERROR: %s failed to " 345 "allocate 0x%zx (%zd) bytes at address %zx (errno: %d)\n", 346 SanitizerToolName, size, size, fixed_addr, reserrno); 347 return false; 348 } 349 IncreaseTotalMmap(size); 350 return true; 351 } 352 353 uptr ReservedAddressRange::Init(uptr size, const char *name, uptr fixed_addr) { 354 // We don't pass `name` along because, when you enable `decorate_proc_maps` 355 // AND actually use a named mapping AND are using a sanitizer intercepting 356 // `open` (e.g. TSAN, ESAN), then you'll get a failure during initialization. 357 // TODO(flowerhack): Fix the implementation of GetNamedMappingFd to solve 358 // this problem. 359 base_ = fixed_addr ? MmapFixedNoAccess(fixed_addr, size) : MmapNoAccess(size); 360 size_ = size; 361 name_ = name; 362 (void)os_handle_; // unsupported 363 return reinterpret_cast<uptr>(base_); 364 } 365 366 // Uses fixed_addr for now. 367 // Will use offset instead once we've implemented this function for real. 368 uptr ReservedAddressRange::Map(uptr fixed_addr, uptr size) { 369 return reinterpret_cast<uptr>(MmapFixedOrDieOnFatalError(fixed_addr, size)); 370 } 371 372 uptr ReservedAddressRange::MapOrDie(uptr fixed_addr, uptr size) { 373 return reinterpret_cast<uptr>(MmapFixedOrDie(fixed_addr, size)); 374 } 375 376 void ReservedAddressRange::Unmap(uptr addr, uptr size) { 377 CHECK_LE(size, size_); 378 if (addr == reinterpret_cast<uptr>(base_)) 379 // If we unmap the whole range, just null out the base. 380 base_ = (size == size_) ? nullptr : reinterpret_cast<void*>(addr + size); 381 else 382 CHECK_EQ(addr + size, reinterpret_cast<uptr>(base_) + size_); 383 size_ -= size; 384 UnmapOrDie(reinterpret_cast<void*>(addr), size); 385 } 386 387 void *MmapFixedNoAccess(uptr fixed_addr, uptr size, const char *name) { 388 int fd = name ? GetNamedMappingFd(name, size) : -1; 389 unsigned flags = MAP_PRIVATE | MAP_FIXED | MAP_NORESERVE; 390 if (fd == -1) flags |= MAP_ANON; 391 392 return (void *)internal_mmap((void *)fixed_addr, size, PROT_NONE, flags, fd, 393 0); 394 } 395 396 void *MmapNoAccess(uptr size) { 397 unsigned flags = MAP_PRIVATE | MAP_ANON | MAP_NORESERVE; 398 return (void *)internal_mmap(nullptr, size, PROT_NONE, flags, -1, 0); 399 } 400 401 // This function is defined elsewhere if we intercepted pthread_attr_getstack. 402 extern "C" { 403 SANITIZER_WEAK_ATTRIBUTE int 404 real_pthread_attr_getstack(void *attr, void **addr, size_t *size); 405 } // extern "C" 406 407 int my_pthread_attr_getstack(void *attr, void **addr, uptr *size) { 408 #if !SANITIZER_GO && !SANITIZER_MAC 409 if (&real_pthread_attr_getstack) 410 return real_pthread_attr_getstack((pthread_attr_t *)attr, addr, 411 (size_t *)size); 412 #endif 413 return pthread_attr_getstack((pthread_attr_t *)attr, addr, (size_t *)size); 414 } 415 416 #if !SANITIZER_GO 417 void AdjustStackSize(void *attr_) { 418 pthread_attr_t *attr = (pthread_attr_t *)attr_; 419 uptr stackaddr = 0; 420 uptr stacksize = 0; 421 my_pthread_attr_getstack(attr, (void**)&stackaddr, &stacksize); 422 // GLibC will return (0 - stacksize) as the stack address in the case when 423 // stacksize is set, but stackaddr is not. 424 bool stack_set = (stackaddr != 0) && (stackaddr + stacksize != 0); 425 // We place a lot of tool data into TLS, account for that. 426 const uptr minstacksize = GetTlsSize() + 128*1024; 427 if (stacksize < minstacksize) { 428 if (!stack_set) { 429 if (stacksize != 0) { 430 VPrintf(1, "Sanitizer: increasing stacksize %zu->%zu\n", stacksize, 431 minstacksize); 432 pthread_attr_setstacksize(attr, minstacksize); 433 } 434 } else { 435 Printf("Sanitizer: pre-allocated stack size is insufficient: " 436 "%zu < %zu\n", stacksize, minstacksize); 437 Printf("Sanitizer: pthread_create is likely to fail.\n"); 438 } 439 } 440 } 441 #endif // !SANITIZER_GO 442 443 pid_t StartSubprocess(const char *program, const char *const argv[], 444 fd_t stdin_fd, fd_t stdout_fd, fd_t stderr_fd) { 445 auto file_closer = at_scope_exit([&] { 446 if (stdin_fd != kInvalidFd) { 447 internal_close(stdin_fd); 448 } 449 if (stdout_fd != kInvalidFd) { 450 internal_close(stdout_fd); 451 } 452 if (stderr_fd != kInvalidFd) { 453 internal_close(stderr_fd); 454 } 455 }); 456 457 int pid = internal_fork(); 458 459 if (pid < 0) { 460 int rverrno; 461 if (internal_iserror(pid, &rverrno)) { 462 Report("WARNING: failed to fork (errno %d)\n", rverrno); 463 } 464 return pid; 465 } 466 467 if (pid == 0) { 468 // Child subprocess 469 if (stdin_fd != kInvalidFd) { 470 internal_close(STDIN_FILENO); 471 internal_dup2(stdin_fd, STDIN_FILENO); 472 internal_close(stdin_fd); 473 } 474 if (stdout_fd != kInvalidFd) { 475 internal_close(STDOUT_FILENO); 476 internal_dup2(stdout_fd, STDOUT_FILENO); 477 internal_close(stdout_fd); 478 } 479 if (stderr_fd != kInvalidFd) { 480 internal_close(STDERR_FILENO); 481 internal_dup2(stderr_fd, STDERR_FILENO); 482 internal_close(stderr_fd); 483 } 484 485 for (int fd = sysconf(_SC_OPEN_MAX); fd > 2; fd--) internal_close(fd); 486 487 execv(program, const_cast<char **>(&argv[0])); 488 internal__exit(1); 489 } 490 491 return pid; 492 } 493 494 bool IsProcessRunning(pid_t pid) { 495 int process_status; 496 uptr waitpid_status = internal_waitpid(pid, &process_status, WNOHANG); 497 int local_errno; 498 if (internal_iserror(waitpid_status, &local_errno)) { 499 VReport(1, "Waiting on the process failed (errno %d).\n", local_errno); 500 return false; 501 } 502 return waitpid_status == 0; 503 } 504 505 int WaitForProcess(pid_t pid) { 506 int process_status; 507 uptr waitpid_status = internal_waitpid(pid, &process_status, 0); 508 int local_errno; 509 if (internal_iserror(waitpid_status, &local_errno)) { 510 VReport(1, "Waiting on the process failed (errno %d).\n", local_errno); 511 return -1; 512 } 513 return process_status; 514 } 515 516 bool IsStateDetached(int state) { 517 return state == PTHREAD_CREATE_DETACHED; 518 } 519 520 } // namespace __sanitizer 521 522 #endif // SANITIZER_POSIX 523
Indexes created Sat Sep 20 22:09:52 GMT 2025