1 //===-- msan.h --------------------------------------------------*- C++ -*-===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file is a part of MemorySanitizer.
10 //
11 // Private MSan header.
12 //===----------------------------------------------------------------------===//
13
14 #ifndef MSAN_H
15 #define MSAN_H
16
17 #include "sanitizer_common/sanitizer_flags.h"
18 #include "sanitizer_common/sanitizer_internal_defs.h"
19 #include "sanitizer_common/sanitizer_stacktrace.h"
20 #include "msan_interface_internal.h"
21 #include "msan_flags.h"
22 #include "ubsan/ubsan_platform.h"
23
24 #ifndef MSAN_REPLACE_OPERATORS_NEW_AND_DELETE
25 # define MSAN_REPLACE_OPERATORS_NEW_AND_DELETE 1
26 #endif
27
28 #ifndef MSAN_CONTAINS_UBSAN
29 # define MSAN_CONTAINS_UBSAN CAN_SANITIZE_UB
30 #endif
31
32 struct MappingDesc {
33 uptr start;
34 uptr end;
35 enum Type {
36 INVALID, APP, SHADOW, ORIGIN
37 } type;
38 const char *name;
39 };
40
41
42 #if SANITIZER_LINUX && defined(__mips64)
43
44 // MIPS64 maps:
45 // - 0x0000000000-0x0200000000: Program own segments
46 // - 0xa200000000-0xc000000000: PIE program segments
47 // - 0xe200000000-0xffffffffff: libraries segments.
48 const MappingDesc kMemoryLayout[] = {
49 {0x000000000000ULL, 0x000200000000ULL, MappingDesc::APP, "app-1"},
50 {0x000200000000ULL, 0x002200000000ULL, MappingDesc::INVALID, "invalid"},
51 {0x002200000000ULL, 0x004000000000ULL, MappingDesc::SHADOW, "shadow-2"},
52 {0x004000000000ULL, 0x004200000000ULL, MappingDesc::INVALID, "invalid"},
53 {0x004200000000ULL, 0x006000000000ULL, MappingDesc::ORIGIN, "origin-2"},
54 {0x006000000000ULL, 0x006200000000ULL, MappingDesc::INVALID, "invalid"},
55 {0x006200000000ULL, 0x008000000000ULL, MappingDesc::SHADOW, "shadow-3"},
56 {0x008000000000ULL, 0x008200000000ULL, MappingDesc::SHADOW, "shadow-1"},
57 {0x008200000000ULL, 0x00a000000000ULL, MappingDesc::ORIGIN, "origin-3"},
58 {0x00a000000000ULL, 0x00a200000000ULL, MappingDesc::ORIGIN, "origin-1"},
59 {0x00a200000000ULL, 0x00c000000000ULL, MappingDesc::APP, "app-2"},
60 {0x00c000000000ULL, 0x00e200000000ULL, MappingDesc::INVALID, "invalid"},
61 {0x00e200000000ULL, 0x00ffffffffffULL, MappingDesc::APP, "app-3"}};
62
63 #define MEM_TO_SHADOW(mem) (((uptr)(mem)) ^ 0x8000000000ULL)
64 #define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x2000000000ULL)
65
66 #elif SANITIZER_LINUX && defined(__aarch64__)
67
68 // The mapping assumes 48-bit VMA. AArch64 maps:
69 // - 0x0000000000000-0x0100000000000: 39/42/48-bits program own segments
70 // - 0x0a00000000000-0x0b00000000000: 48-bits PIE program segments
71 // Ideally, this would extend to 0x0c00000000000 (2^45 bytes - the
72 // maximum ASLR region for 48-bit VMA) but it is too hard to fit in
73 // the larger app/shadow/origin regions.
74 // - 0x0e00000000000-0x1000000000000: 48-bits libraries segments
75 const MappingDesc kMemoryLayout[] = {
76 {0X0000000000000, 0X0100000000000, MappingDesc::APP, "app-10-13"},
77 {0X0100000000000, 0X0200000000000, MappingDesc::SHADOW, "shadow-14"},
78 {0X0200000000000, 0X0300000000000, MappingDesc::INVALID, "invalid"},
79 {0X0300000000000, 0X0400000000000, MappingDesc::ORIGIN, "origin-14"},
80 {0X0400000000000, 0X0600000000000, MappingDesc::SHADOW, "shadow-15"},
81 {0X0600000000000, 0X0800000000000, MappingDesc::ORIGIN, "origin-15"},
82 {0X0800000000000, 0X0A00000000000, MappingDesc::INVALID, "invalid"},
83 {0X0A00000000000, 0X0B00000000000, MappingDesc::APP, "app-14"},
84 {0X0B00000000000, 0X0C00000000000, MappingDesc::SHADOW, "shadow-10-13"},
85 {0X0C00000000000, 0X0D00000000000, MappingDesc::INVALID, "invalid"},
86 {0X0D00000000000, 0X0E00000000000, MappingDesc::ORIGIN, "origin-10-13"},
87 {0X0E00000000000, 0X1000000000000, MappingDesc::APP, "app-15"},
88 };
89 # define MEM_TO_SHADOW(mem) ((uptr)mem ^ 0xB00000000000ULL)
90 # define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x200000000000ULL)
91
92 #elif SANITIZER_LINUX && SANITIZER_PPC64
93 const MappingDesc kMemoryLayout[] = {
94 {0x000000000000ULL, 0x000200000000ULL, MappingDesc::APP, "low memory"},
95 {0x000200000000ULL, 0x080000000000ULL, MappingDesc::INVALID, "invalid"},
96 {0x080000000000ULL, 0x180200000000ULL, MappingDesc::SHADOW, "shadow"},
97 {0x180200000000ULL, 0x1C0000000000ULL, MappingDesc::INVALID, "invalid"},
98 {0x1C0000000000ULL, 0x2C0200000000ULL, MappingDesc::ORIGIN, "origin"},
99 {0x2C0200000000ULL, 0x300000000000ULL, MappingDesc::INVALID, "invalid"},
100 {0x300000000000ULL, 0x800000000000ULL, MappingDesc::APP, "high memory"}};
101
102 // Various kernels use different low end ranges but we can combine them into one
103 // big range. They also use different high end ranges but we can map them all to
104 // one range.
105 // Maps low and high app ranges to contiguous space with zero base:
106 // Low: 0000 0000 0000 - 0001 ffff ffff -> 1000 0000 0000 - 1001 ffff ffff
107 // High: 3000 0000 0000 - 3fff ffff ffff -> 0000 0000 0000 - 0fff ffff ffff
108 // High: 4000 0000 0000 - 4fff ffff ffff -> 0000 0000 0000 - 0fff ffff ffff
109 // High: 7000 0000 0000 - 7fff ffff ffff -> 0000 0000 0000 - 0fff ffff ffff
110 #define LINEARIZE_MEM(mem) \
111 (((uptr)(mem) & ~0xE00000000000ULL) ^ 0x100000000000ULL)
112 #define MEM_TO_SHADOW(mem) (LINEARIZE_MEM((mem)) + 0x080000000000ULL)
113 #define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x140000000000ULL)
114
115 #elif SANITIZER_LINUX && SANITIZER_S390_64
116 const MappingDesc kMemoryLayout[] = {
117 {0x000000000000ULL, 0x040000000000ULL, MappingDesc::APP, "low memory"},
118 {0x040000000000ULL, 0x080000000000ULL, MappingDesc::INVALID, "invalid"},
119 {0x080000000000ULL, 0x180000000000ULL, MappingDesc::SHADOW, "shadow"},
120 {0x180000000000ULL, 0x1C0000000000ULL, MappingDesc::INVALID, "invalid"},
121 {0x1C0000000000ULL, 0x2C0000000000ULL, MappingDesc::ORIGIN, "origin"},
122 {0x2C0000000000ULL, 0x440000000000ULL, MappingDesc::INVALID, "invalid"},
123 {0x440000000000ULL, 0x500000000000ULL, MappingDesc::APP, "high memory"}};
124
125 #define MEM_TO_SHADOW(mem) \
126 ((((uptr)(mem)) & ~0xC00000000000ULL) + 0x080000000000ULL)
127 #define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x140000000000ULL)
128
129 #elif SANITIZER_FREEBSD && defined(__aarch64__)
130
131 // Low memory: main binary, MAP_32BIT mappings and modules
132 // High memory: heap, modules and main thread stack
133 const MappingDesc kMemoryLayout[] = {
134 {0x000000000000ULL, 0x020000000000ULL, MappingDesc::APP, "low memory"},
135 {0x020000000000ULL, 0x200000000000ULL, MappingDesc::INVALID, "invalid"},
136 {0x200000000000ULL, 0x620000000000ULL, MappingDesc::SHADOW, "shadow"},
137 {0x620000000000ULL, 0x700000000000ULL, MappingDesc::INVALID, "invalid"},
138 {0x700000000000ULL, 0xb20000000000ULL, MappingDesc::ORIGIN, "origin"},
139 {0xb20000000000ULL, 0xc00000000000ULL, MappingDesc::INVALID, "invalid"},
140 {0xc00000000000ULL, 0x1000000000000ULL, MappingDesc::APP, "high memory"}};
141
142 // Maps low and high app ranges to contiguous space with zero base:
143 // Low: 0000 0000 0000 - 01ff ffff ffff -> 4000 0000 0000 - 41ff ffff ffff
144 // High: c000 0000 0000 - ffff ffff ffff -> 0000 0000 0000 - 3fff ffff ffff
145 #define LINEARIZE_MEM(mem) \
146 (((uptr)(mem) & ~0x1800000000000ULL) ^ 0x400000000000ULL)
147 #define MEM_TO_SHADOW(mem) (LINEARIZE_MEM((mem)) + 0x200000000000ULL)
148 #define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x500000000000)
149
150 #elif SANITIZER_FREEBSD && SANITIZER_WORDSIZE == 64
151
152 // Low memory: main binary, MAP_32BIT mappings and modules
153 // High memory: heap, modules and main thread stack
154 const MappingDesc kMemoryLayout[] = {
155 {0x000000000000ULL, 0x010000000000ULL, MappingDesc::APP, "low memory"},
156 {0x010000000000ULL, 0x100000000000ULL, MappingDesc::INVALID, "invalid"},
157 {0x100000000000ULL, 0x310000000000ULL, MappingDesc::SHADOW, "shadow"},
158 {0x310000000000ULL, 0x380000000000ULL, MappingDesc::INVALID, "invalid"},
159 {0x380000000000ULL, 0x590000000000ULL, MappingDesc::ORIGIN, "origin"},
160 {0x590000000000ULL, 0x600000000000ULL, MappingDesc::INVALID, "invalid"},
161 {0x600000000000ULL, 0x800000000000ULL, MappingDesc::APP, "high memory"}};
162
163 // Maps low and high app ranges to contiguous space with zero base:
164 // Low: 0000 0000 0000 - 00ff ffff ffff -> 2000 0000 0000 - 20ff ffff ffff
165 // High: 6000 0000 0000 - 7fff ffff ffff -> 0000 0000 0000 - 1fff ffff ffff
166 #define LINEARIZE_MEM(mem) \
167 (((uptr)(mem) & ~0xc00000000000ULL) ^ 0x200000000000ULL)
168 #define MEM_TO_SHADOW(mem) (LINEARIZE_MEM((mem)) + 0x100000000000ULL)
169 #define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x280000000000)
170
171 #elif SANITIZER_NETBSD || (SANITIZER_LINUX && SANITIZER_WORDSIZE == 64)
172
173 // All of the following configurations are supported.
174 // ASLR disabled: main executable and DSOs at 0x555550000000
175 // PIE and ASLR: main executable and DSOs at 0x7f0000000000
176 // non-PIE: main executable below 0x100000000, DSOs at 0x7f0000000000
177 // Heap at 0x700000000000.
178 const MappingDesc kMemoryLayout[] = {
179 {0x000000000000ULL, 0x010000000000ULL, MappingDesc::APP, "app-1"},
180 {0x010000000000ULL, 0x100000000000ULL, MappingDesc::SHADOW, "shadow-2"},
181 {0x100000000000ULL, 0x110000000000ULL, MappingDesc::INVALID, "invalid"},
182 {0x110000000000ULL, 0x200000000000ULL, MappingDesc::ORIGIN, "origin-2"},
183 {0x200000000000ULL, 0x300000000000ULL, MappingDesc::SHADOW, "shadow-3"},
184 {0x300000000000ULL, 0x400000000000ULL, MappingDesc::ORIGIN, "origin-3"},
185 {0x400000000000ULL, 0x500000000000ULL, MappingDesc::INVALID, "invalid"},
186 {0x500000000000ULL, 0x510000000000ULL, MappingDesc::SHADOW, "shadow-1"},
187 {0x510000000000ULL, 0x600000000000ULL, MappingDesc::APP, "app-2"},
188 {0x600000000000ULL, 0x610000000000ULL, MappingDesc::ORIGIN, "origin-1"},
189 {0x610000000000ULL, 0x700000000000ULL, MappingDesc::INVALID, "invalid"},
190 {0x700000000000ULL, 0x800000000000ULL, MappingDesc::APP, "app-3"}};
191 #define MEM_TO_SHADOW(mem) (((uptr)(mem)) ^ 0x500000000000ULL)
192 #define SHADOW_TO_ORIGIN(mem) (((uptr)(mem)) + 0x100000000000ULL)
193
194 #else
195 #error "Unsupported platform"
196 #endif
197
198 const uptr kMemoryLayoutSize = sizeof(kMemoryLayout) / sizeof(kMemoryLayout[0]);
199
200 #define MEM_TO_ORIGIN(mem) (SHADOW_TO_ORIGIN(MEM_TO_SHADOW((mem))))
201
202 #ifndef __clang__
203 __attribute__((optimize("unroll-loops")))
204 #endif
addr_is_type(uptr addr,MappingDesc::Type mapping_type)205 inline bool addr_is_type(uptr addr, MappingDesc::Type mapping_type) {
206 // It is critical for performance that this loop is unrolled (because then it is
207 // simplified into just a few constant comparisons).
208 #ifdef __clang__
209 #pragma unroll
210 #endif
211 for (unsigned i = 0; i < kMemoryLayoutSize; ++i)
212 if (kMemoryLayout[i].type == mapping_type &&
213 addr >= kMemoryLayout[i].start && addr < kMemoryLayout[i].end)
214 return true;
215 return false;
216 }
217
218 #define MEM_IS_APP(mem) addr_is_type((uptr)(mem), MappingDesc::APP)
219 #define MEM_IS_SHADOW(mem) addr_is_type((uptr)(mem), MappingDesc::SHADOW)
220 #define MEM_IS_ORIGIN(mem) addr_is_type((uptr)(mem), MappingDesc::ORIGIN)
221
222 // These constants must be kept in sync with the ones in MemorySanitizer.cpp.
223 const int kMsanParamTlsSize = 800;
224 const int kMsanRetvalTlsSize = 800;
225
226 namespace __msan {
227 extern int msan_inited;
228 extern bool msan_init_is_running;
229 extern int msan_report_count;
230
231 bool ProtectRange(uptr beg, uptr end);
232 bool InitShadow(bool init_origins);
233 char *GetProcSelfMaps();
234 void InitializeInterceptors();
235
236 void MsanAllocatorInit();
237 void MsanDeallocate(StackTrace *stack, void *ptr);
238
239 void *msan_malloc(uptr size, StackTrace *stack);
240 void *msan_calloc(uptr nmemb, uptr size, StackTrace *stack);
241 void *msan_realloc(void *ptr, uptr size, StackTrace *stack);
242 void *msan_reallocarray(void *ptr, uptr nmemb, uptr size, StackTrace *stack);
243 void *msan_valloc(uptr size, StackTrace *stack);
244 void *msan_pvalloc(uptr size, StackTrace *stack);
245 void *msan_aligned_alloc(uptr alignment, uptr size, StackTrace *stack);
246 void *msan_memalign(uptr alignment, uptr size, StackTrace *stack);
247 int msan_posix_memalign(void **memptr, uptr alignment, uptr size,
248 StackTrace *stack);
249
250 void InstallTrapHandler();
251 void InstallAtExitHandler();
252
253 const char *GetStackOriginDescr(u32 id, uptr *pc);
254
255 bool IsInSymbolizerOrUnwider();
256
257 void PrintWarning(uptr pc, uptr bp);
258 void PrintWarningWithOrigin(uptr pc, uptr bp, u32 origin);
259
260 // Unpoison first n function arguments.
261 void UnpoisonParam(uptr n);
262 void UnpoisonThreadLocalState();
263
264 // Returns a "chained" origin id, pointing to the given stack trace followed by
265 // the previous origin id.
266 u32 ChainOrigin(u32 id, StackTrace *stack);
267
268 const int STACK_TRACE_TAG_POISON = StackTrace::TAG_CUSTOM + 1;
269 const int STACK_TRACE_TAG_FIELDS = STACK_TRACE_TAG_POISON + 1;
270 const int STACK_TRACE_TAG_VPTR = STACK_TRACE_TAG_FIELDS + 1;
271
272 #define GET_MALLOC_STACK_TRACE \
273 BufferedStackTrace stack; \
274 if (__msan_get_track_origins() && msan_inited) \
275 stack.Unwind(StackTrace::GetCurrentPc(), GET_CURRENT_FRAME(), \
276 nullptr, common_flags()->fast_unwind_on_malloc, \
277 common_flags()->malloc_context_size)
278
279 // For platforms which support slow unwinder only, we restrict the store context
280 // size to 1, basically only storing the current pc. We do this because the slow
281 // unwinder which is based on libunwind is not async signal safe and causes
282 // random freezes in forking applications as well as in signal handlers.
283 #define GET_STORE_STACK_TRACE_PC_BP(pc, bp) \
284 BufferedStackTrace stack; \
285 if (__msan_get_track_origins() > 1 && msan_inited) { \
286 int size = flags()->store_context_size; \
287 if (!SANITIZER_CAN_FAST_UNWIND) \
288 size = Min(size, 1); \
289 stack.Unwind(pc, bp, nullptr, common_flags()->fast_unwind_on_malloc, size);\
290 }
291
292 #define GET_STORE_STACK_TRACE \
293 GET_STORE_STACK_TRACE_PC_BP(StackTrace::GetCurrentPc(), GET_CURRENT_FRAME())
294
295 #define GET_FATAL_STACK_TRACE_PC_BP(pc, bp) \
296 BufferedStackTrace stack; \
297 if (msan_inited) { \
298 stack.Unwind(pc, bp, nullptr, common_flags()->fast_unwind_on_fatal); \
299 }
300
301 class ScopedThreadLocalStateBackup {
302 public:
ScopedThreadLocalStateBackup()303 ScopedThreadLocalStateBackup() { Backup(); }
~ScopedThreadLocalStateBackup()304 ~ScopedThreadLocalStateBackup() { Restore(); }
305 void Backup();
306 void Restore();
307 private:
308 u64 va_arg_overflow_size_tls;
309 };
310
311 void MsanTSDInit(void (*destructor)(void *tsd));
312 void *MsanTSDGet();
313 void MsanTSDSet(void *tsd);
314 void MsanTSDDtor(void *tsd);
315
316 } // namespace __msan
317
318 #endif // MSAN_H
319