1 //===-- sanitizer_linux.cc ------------------------------------------------===//
2 //
3 // This file is distributed under the University of Illinois Open Source
4 // License. See LICENSE.TXT for details.
5 //
6 //===----------------------------------------------------------------------===//
7 //
8 // This file is shared between AddressSanitizer and ThreadSanitizer
9 // run-time libraries and implements linux-specific functions from
10 // sanitizer_libc.h.
11 //===----------------------------------------------------------------------===//
12
13 #include "sanitizer_platform.h"
14
15 #if SANITIZER_FREEBSD || SANITIZER_LINUX || SANITIZER_NETBSD || \
16 SANITIZER_OPENBSD || SANITIZER_SOLARIS
17
18 #include "sanitizer_common.h"
19 #include "sanitizer_flags.h"
20 #include "sanitizer_getauxval.h"
21 #include "sanitizer_internal_defs.h"
22 #include "sanitizer_libc.h"
23 #include "sanitizer_linux.h"
24 #include "sanitizer_mutex.h"
25 #include "sanitizer_placement_new.h"
26 #include "sanitizer_procmaps.h"
27
28 #if SANITIZER_LINUX
29 #include <asm/param.h>
30 #endif
31
32 // For mips64, syscall(__NR_stat) fills the buffer in the 'struct kernel_stat'
33 // format. Struct kernel_stat is defined as 'struct stat' in asm/stat.h. To
34 // access stat from asm/stat.h, without conflicting with definition in
35 // sys/stat.h, we use this trick.
36 #if defined(__mips64)
37 #include <asm/unistd.h>
38 #include <sys/types.h>
39 #define stat kernel_stat
40 #include <asm/stat.h>
41 #undef stat
42 #endif
43
44 #include <dlfcn.h>
45 #include <errno.h>
46 #include <fcntl.h>
47 #include <link.h>
48 #include <pthread.h>
49 #include <sched.h>
50 #include <signal.h>
51 #include <sys/mman.h>
52 #include <sys/param.h>
53 #if !SANITIZER_SOLARIS
54 #include <sys/ptrace.h>
55 #endif
56 #include <sys/resource.h>
57 #include <sys/stat.h>
58 #include <sys/syscall.h>
59 #include <sys/time.h>
60 #include <sys/types.h>
61 #if !SANITIZER_OPENBSD
62 #include <ucontext.h>
63 #endif
64 #if SANITIZER_OPENBSD
65 #include <sys/futex.h>
66 #include <sys/sysctl.h>
67 #endif
68 #include <unistd.h>
69
70 #if SANITIZER_LINUX
71 #include <sys/utsname.h>
72 #endif
73
74 #if SANITIZER_LINUX && !SANITIZER_ANDROID
75 #include <sys/personality.h>
76 #endif
77
78 #if SANITIZER_FREEBSD
79 #include <sys/exec.h>
80 #include <sys/sysctl.h>
81 #include <machine/atomic.h>
82 extern "C" {
83 // <sys/umtx.h> must be included after <errno.h> and <sys/types.h> on
84 // FreeBSD 9.2 and 10.0.
85 #include <sys/umtx.h>
86 }
87 #include <sys/thr.h>
88 #endif // SANITIZER_FREEBSD
89
90 #if SANITIZER_NETBSD
91 #include <limits.h> // For NAME_MAX
92 #include <sys/sysctl.h>
93 #include <sys/exec.h>
94 extern struct ps_strings *__ps_strings;
95 #endif // SANITIZER_NETBSD
96
97 #if SANITIZER_SOLARIS
98 #include <stdlib.h>
99 #include <thread.h>
100 #define environ _environ
101 #endif
102
103 extern char **environ;
104
105 #if SANITIZER_LINUX
106 // <linux/time.h>
107 struct kernel_timeval {
108 long tv_sec;
109 long tv_usec;
110 };
111
112 // <linux/futex.h> is broken on some linux distributions.
113 const int FUTEX_WAIT = 0;
114 const int FUTEX_WAKE = 1;
115 const int FUTEX_PRIVATE_FLAG = 128;
116 const int FUTEX_WAIT_PRIVATE = FUTEX_WAIT | FUTEX_PRIVATE_FLAG;
117 const int FUTEX_WAKE_PRIVATE = FUTEX_WAKE | FUTEX_PRIVATE_FLAG;
118 #endif // SANITIZER_LINUX
119
120 // Are we using 32-bit or 64-bit Linux syscalls?
121 // x32 (which defines __x86_64__) has SANITIZER_WORDSIZE == 32
122 // but it still needs to use 64-bit syscalls.
123 #if SANITIZER_LINUX && (defined(__x86_64__) || defined(__powerpc64__) || \
124 SANITIZER_WORDSIZE == 64)
125 # define SANITIZER_LINUX_USES_64BIT_SYSCALLS 1
126 #else
127 # define SANITIZER_LINUX_USES_64BIT_SYSCALLS 0
128 #endif
129
130 #if defined(__x86_64__) || SANITIZER_MIPS64
131 extern "C" {
132 extern void internal_sigreturn();
133 }
134 #endif
135
136 // Note : FreeBSD had implemented both
137 // Linux and OpenBSD apis, available from
138 // future 12.x version most likely
139 #if SANITIZER_LINUX && defined(__NR_getrandom)
140 # if !defined(GRND_NONBLOCK)
141 # define GRND_NONBLOCK 1
142 # endif
143 # define SANITIZER_USE_GETRANDOM 1
144 #else
145 # define SANITIZER_USE_GETRANDOM 0
146 #endif // SANITIZER_LINUX && defined(__NR_getrandom)
147
148 #if SANITIZER_OPENBSD
149 # define SANITIZER_USE_GETENTROPY 1
150 #else
151 # if SANITIZER_FREEBSD && __FreeBSD_version >= 1200000
152 # define SANITIZER_USE_GETENTROPY 1
153 # else
154 # define SANITIZER_USE_GETENTROPY 0
155 # endif
156 #endif // SANITIZER_USE_GETENTROPY
157
158 namespace __sanitizer {
159
160 #if SANITIZER_LINUX && defined(__x86_64__)
161 #include "sanitizer_syscall_linux_x86_64.inc"
162 #elif SANITIZER_LINUX && defined(__aarch64__)
163 #include "sanitizer_syscall_linux_aarch64.inc"
164 #elif SANITIZER_LINUX && defined(__arm__)
165 #include "sanitizer_syscall_linux_arm.inc"
166 #else
167 #include "sanitizer_syscall_generic.inc"
168 #endif
169
170 // --------------- sanitizer_libc.h
171 #if !SANITIZER_SOLARIS && !SANITIZER_NETBSD
172 #if !SANITIZER_S390 && !SANITIZER_OPENBSD
internal_mmap(void * addr,uptr length,int prot,int flags,int fd,OFF_T offset)173 uptr internal_mmap(void *addr, uptr length, int prot, int flags, int fd,
174 OFF_T offset) {
175 #if SANITIZER_FREEBSD || SANITIZER_LINUX_USES_64BIT_SYSCALLS
176 return internal_syscall(SYSCALL(mmap), (uptr)addr, length, prot, flags, fd,
177 offset);
178 #else
179 // mmap2 specifies file offset in 4096-byte units.
180 CHECK(IsAligned(offset, 4096));
181 return internal_syscall(SYSCALL(mmap2), addr, length, prot, flags, fd,
182 offset / 4096);
183 #endif
184 }
185 #endif // !SANITIZER_S390 && !SANITIZER_OPENBSD
186
187 #if !SANITIZER_OPENBSD
internal_munmap(void * addr,uptr length)188 uptr internal_munmap(void *addr, uptr length) {
189 return internal_syscall(SYSCALL(munmap), (uptr)addr, length);
190 }
191
internal_mprotect(void * addr,uptr length,int prot)192 int internal_mprotect(void *addr, uptr length, int prot) {
193 return internal_syscall(SYSCALL(mprotect), (uptr)addr, length, prot);
194 }
195 #endif
196
internal_close(fd_t fd)197 uptr internal_close(fd_t fd) {
198 return internal_syscall(SYSCALL(close), fd);
199 }
200
internal_open(const char * filename,int flags)201 uptr internal_open(const char *filename, int flags) {
202 #if SANITIZER_USES_CANONICAL_LINUX_SYSCALLS
203 return internal_syscall(SYSCALL(openat), AT_FDCWD, (uptr)filename, flags);
204 #else
205 return internal_syscall(SYSCALL(open), (uptr)filename, flags);
206 #endif
207 }
208
internal_open(const char * filename,int flags,u32 mode)209 uptr internal_open(const char *filename, int flags, u32 mode) {
210 #if SANITIZER_USES_CANONICAL_LINUX_SYSCALLS
211 return internal_syscall(SYSCALL(openat), AT_FDCWD, (uptr)filename, flags,
212 mode);
213 #else
214 return internal_syscall(SYSCALL(open), (uptr)filename, flags, mode);
215 #endif
216 }
217
internal_read(fd_t fd,void * buf,uptr count)218 uptr internal_read(fd_t fd, void *buf, uptr count) {
219 sptr res;
220 HANDLE_EINTR(res,
221 (sptr)internal_syscall(SYSCALL(read), fd, (uptr)buf, count));
222 return res;
223 }
224
internal_write(fd_t fd,const void * buf,uptr count)225 uptr internal_write(fd_t fd, const void *buf, uptr count) {
226 sptr res;
227 HANDLE_EINTR(res,
228 (sptr)internal_syscall(SYSCALL(write), fd, (uptr)buf, count));
229 return res;
230 }
231
internal_ftruncate(fd_t fd,uptr size)232 uptr internal_ftruncate(fd_t fd, uptr size) {
233 sptr res;
234 HANDLE_EINTR(res, (sptr)internal_syscall(SYSCALL(ftruncate), fd,
235 (OFF_T)size));
236 return res;
237 }
238
239 #if !SANITIZER_LINUX_USES_64BIT_SYSCALLS && SANITIZER_LINUX
stat64_to_stat(struct stat64 * in,struct stat * out)240 static void stat64_to_stat(struct stat64 *in, struct stat *out) {
241 internal_memset(out, 0, sizeof(*out));
242 out->st_dev = in->st_dev;
243 out->st_ino = in->st_ino;
244 out->st_mode = in->st_mode;
245 out->st_nlink = in->st_nlink;
246 out->st_uid = in->st_uid;
247 out->st_gid = in->st_gid;
248 out->st_rdev = in->st_rdev;
249 out->st_size = in->st_size;
250 out->st_blksize = in->st_blksize;
251 out->st_blocks = in->st_blocks;
252 out->st_atime = in->st_atime;
253 out->st_mtime = in->st_mtime;
254 out->st_ctime = in->st_ctime;
255 }
256 #endif
257
258 #if defined(__mips64)
259 // Undefine compatibility macros from <sys/stat.h>
260 // so that they would not clash with the kernel_stat
261 // st_[a|m|c]time fields
262 #undef st_atime
263 #undef st_mtime
264 #undef st_ctime
265 #if defined(SANITIZER_ANDROID)
266 // Bionic sys/stat.h defines additional macros
267 // for compatibility with the old NDKs and
268 // they clash with the kernel_stat structure
269 // st_[a|m|c]time_nsec fields.
270 #undef st_atime_nsec
271 #undef st_mtime_nsec
272 #undef st_ctime_nsec
273 #endif
kernel_stat_to_stat(struct kernel_stat * in,struct stat * out)274 static void kernel_stat_to_stat(struct kernel_stat *in, struct stat *out) {
275 internal_memset(out, 0, sizeof(*out));
276 out->st_dev = in->st_dev;
277 out->st_ino = in->st_ino;
278 out->st_mode = in->st_mode;
279 out->st_nlink = in->st_nlink;
280 out->st_uid = in->st_uid;
281 out->st_gid = in->st_gid;
282 out->st_rdev = in->st_rdev;
283 out->st_size = in->st_size;
284 out->st_blksize = in->st_blksize;
285 out->st_blocks = in->st_blocks;
286 #if defined(__USE_MISC) || \
287 defined(__USE_XOPEN2K8) || \
288 defined(SANITIZER_ANDROID)
289 out->st_atim.tv_sec = in->st_atime;
290 out->st_atim.tv_nsec = in->st_atime_nsec;
291 out->st_mtim.tv_sec = in->st_mtime;
292 out->st_mtim.tv_nsec = in->st_mtime_nsec;
293 out->st_ctim.tv_sec = in->st_ctime;
294 out->st_ctim.tv_nsec = in->st_ctime_nsec;
295 #else
296 out->st_atime = in->st_atime;
297 out->st_atimensec = in->st_atime_nsec;
298 out->st_mtime = in->st_mtime;
299 out->st_mtimensec = in->st_mtime_nsec;
300 out->st_ctime = in->st_ctime;
301 out->st_atimensec = in->st_ctime_nsec;
302 #endif
303 }
304 #endif
305
internal_stat(const char * path,void * buf)306 uptr internal_stat(const char *path, void *buf) {
307 #if SANITIZER_FREEBSD || SANITIZER_OPENBSD
308 return internal_syscall(SYSCALL(fstatat), AT_FDCWD, (uptr)path, (uptr)buf, 0);
309 #elif SANITIZER_USES_CANONICAL_LINUX_SYSCALLS
310 return internal_syscall(SYSCALL(newfstatat), AT_FDCWD, (uptr)path, (uptr)buf,
311 0);
312 #elif SANITIZER_LINUX_USES_64BIT_SYSCALLS
313 # if defined(__mips64)
314 // For mips64, stat syscall fills buffer in the format of kernel_stat
315 struct kernel_stat kbuf;
316 int res = internal_syscall(SYSCALL(stat), path, &kbuf);
317 kernel_stat_to_stat(&kbuf, (struct stat *)buf);
318 return res;
319 # else
320 return internal_syscall(SYSCALL(stat), (uptr)path, (uptr)buf);
321 # endif
322 #else
323 struct stat64 buf64;
324 int res = internal_syscall(SYSCALL(stat64), path, &buf64);
325 stat64_to_stat(&buf64, (struct stat *)buf);
326 return res;
327 #endif
328 }
329
internal_lstat(const char * path,void * buf)330 uptr internal_lstat(const char *path, void *buf) {
331 #if SANITIZER_FREEBSD || SANITIZER_OPENBSD
332 return internal_syscall(SYSCALL(fstatat), AT_FDCWD, (uptr)path, (uptr)buf,
333 AT_SYMLINK_NOFOLLOW);
334 #elif SANITIZER_USES_CANONICAL_LINUX_SYSCALLS
335 return internal_syscall(SYSCALL(newfstatat), AT_FDCWD, (uptr)path, (uptr)buf,
336 AT_SYMLINK_NOFOLLOW);
337 #elif SANITIZER_LINUX_USES_64BIT_SYSCALLS
338 # if SANITIZER_MIPS64
339 // For mips64, lstat syscall fills buffer in the format of kernel_stat
340 struct kernel_stat kbuf;
341 int res = internal_syscall(SYSCALL(lstat), path, &kbuf);
342 kernel_stat_to_stat(&kbuf, (struct stat *)buf);
343 return res;
344 # else
345 return internal_syscall(SYSCALL(lstat), (uptr)path, (uptr)buf);
346 # endif
347 #else
348 struct stat64 buf64;
349 int res = internal_syscall(SYSCALL(lstat64), path, &buf64);
350 stat64_to_stat(&buf64, (struct stat *)buf);
351 return res;
352 #endif
353 }
354
internal_fstat(fd_t fd,void * buf)355 uptr internal_fstat(fd_t fd, void *buf) {
356 #if SANITIZER_FREEBSD || SANITIZER_OPENBSD || \
357 SANITIZER_LINUX_USES_64BIT_SYSCALLS
358 #if SANITIZER_MIPS64 && !SANITIZER_OPENBSD
359 // For mips64, fstat syscall fills buffer in the format of kernel_stat
360 struct kernel_stat kbuf;
361 int res = internal_syscall(SYSCALL(fstat), fd, &kbuf);
362 kernel_stat_to_stat(&kbuf, (struct stat *)buf);
363 return res;
364 # else
365 return internal_syscall(SYSCALL(fstat), fd, (uptr)buf);
366 # endif
367 #else
368 struct stat64 buf64;
369 int res = internal_syscall(SYSCALL(fstat64), fd, &buf64);
370 stat64_to_stat(&buf64, (struct stat *)buf);
371 return res;
372 #endif
373 }
374
internal_filesize(fd_t fd)375 uptr internal_filesize(fd_t fd) {
376 struct stat st;
377 if (internal_fstat(fd, &st))
378 return -1;
379 return (uptr)st.st_size;
380 }
381
internal_dup2(int oldfd,int newfd)382 uptr internal_dup2(int oldfd, int newfd) {
383 #if SANITIZER_USES_CANONICAL_LINUX_SYSCALLS
384 return internal_syscall(SYSCALL(dup3), oldfd, newfd, 0);
385 #else
386 return internal_syscall(SYSCALL(dup2), oldfd, newfd);
387 #endif
388 }
389
internal_readlink(const char * path,char * buf,uptr bufsize)390 uptr internal_readlink(const char *path, char *buf, uptr bufsize) {
391 #if SANITIZER_USES_CANONICAL_LINUX_SYSCALLS
392 return internal_syscall(SYSCALL(readlinkat), AT_FDCWD, (uptr)path, (uptr)buf,
393 bufsize);
394 #elif SANITIZER_OPENBSD
395 return internal_syscall(SYSCALL(readlinkat), AT_FDCWD, (uptr)path, (uptr)buf,
396 bufsize);
397 #else
398 return internal_syscall(SYSCALL(readlink), (uptr)path, (uptr)buf, bufsize);
399 #endif
400 }
401
internal_unlink(const char * path)402 uptr internal_unlink(const char *path) {
403 #if SANITIZER_USES_CANONICAL_LINUX_SYSCALLS || SANITIZER_OPENBSD
404 return internal_syscall(SYSCALL(unlinkat), AT_FDCWD, (uptr)path, 0);
405 #else
406 return internal_syscall(SYSCALL(unlink), (uptr)path);
407 #endif
408 }
409
internal_rename(const char * oldpath,const char * newpath)410 uptr internal_rename(const char *oldpath, const char *newpath) {
411 #if SANITIZER_USES_CANONICAL_LINUX_SYSCALLS || SANITIZER_OPENBSD
412 return internal_syscall(SYSCALL(renameat), AT_FDCWD, (uptr)oldpath, AT_FDCWD,
413 (uptr)newpath);
414 #else
415 return internal_syscall(SYSCALL(rename), (uptr)oldpath, (uptr)newpath);
416 #endif
417 }
418
internal_sched_yield()419 uptr internal_sched_yield() {
420 return internal_syscall(SYSCALL(sched_yield));
421 }
422
internal__exit(int exitcode)423 void internal__exit(int exitcode) {
424 #if SANITIZER_FREEBSD || SANITIZER_OPENBSD
425 internal_syscall(SYSCALL(exit), exitcode);
426 #else
427 internal_syscall(SYSCALL(exit_group), exitcode);
428 #endif
429 Die(); // Unreachable.
430 }
431
internal_sleep(unsigned int seconds)432 unsigned int internal_sleep(unsigned int seconds) {
433 struct timespec ts;
434 ts.tv_sec = 1;
435 ts.tv_nsec = 0;
436 int res = internal_syscall(SYSCALL(nanosleep), &ts, &ts);
437 if (res) return ts.tv_sec;
438 return 0;
439 }
440
internal_execve(const char * filename,char * const argv[],char * const envp[])441 uptr internal_execve(const char *filename, char *const argv[],
442 char *const envp[]) {
443 return internal_syscall(SYSCALL(execve), (uptr)filename, (uptr)argv,
444 (uptr)envp);
445 }
446 #endif // !SANITIZER_SOLARIS && !SANITIZER_NETBSD
447
448 // ----------------- sanitizer_common.h
FileExists(const char * filename)449 bool FileExists(const char *filename) {
450 struct stat st;
451 #if SANITIZER_USES_CANONICAL_LINUX_SYSCALLS
452 if (internal_syscall(SYSCALL(newfstatat), AT_FDCWD, filename, &st, 0))
453 #else
454 if (internal_stat(filename, &st))
455 #endif
456 return false;
457 // Sanity check: filename is a regular file.
458 return S_ISREG(st.st_mode);
459 }
460
461 #if !SANITIZER_NETBSD
GetTid()462 tid_t GetTid() {
463 #if SANITIZER_FREEBSD
464 long Tid;
465 thr_self(&Tid);
466 return Tid;
467 #elif SANITIZER_OPENBSD
468 return internal_syscall(SYSCALL(getthrid));
469 #elif SANITIZER_SOLARIS
470 return thr_self();
471 #else
472 return internal_syscall(SYSCALL(gettid));
473 #endif
474 }
475
TgKill(pid_t pid,tid_t tid,int sig)476 int TgKill(pid_t pid, tid_t tid, int sig) {
477 #if SANITIZER_LINUX
478 return internal_syscall(SYSCALL(tgkill), pid, tid, sig);
479 #elif SANITIZER_FREEBSD
480 return internal_syscall(SYSCALL(thr_kill2), pid, tid, sig);
481 #elif SANITIZER_OPENBSD
482 (void)pid;
483 return internal_syscall(SYSCALL(thrkill), tid, sig, nullptr);
484 #elif SANITIZER_SOLARIS
485 (void)pid;
486 return thr_kill(tid, sig);
487 #endif
488 }
489 #endif
490
491 #if !SANITIZER_SOLARIS && !SANITIZER_NETBSD
NanoTime()492 u64 NanoTime() {
493 #if SANITIZER_FREEBSD || SANITIZER_OPENBSD
494 timeval tv;
495 #else
496 kernel_timeval tv;
497 #endif
498 internal_memset(&tv, 0, sizeof(tv));
499 internal_syscall(SYSCALL(gettimeofday), &tv, 0);
500 return (u64)tv.tv_sec * 1000*1000*1000 + tv.tv_usec * 1000;
501 }
502
internal_clock_gettime(__sanitizer_clockid_t clk_id,void * tp)503 uptr internal_clock_gettime(__sanitizer_clockid_t clk_id, void *tp) {
504 return internal_syscall(SYSCALL(clock_gettime), clk_id, tp);
505 }
506 #endif // !SANITIZER_SOLARIS && !SANITIZER_NETBSD
507
508 // Like getenv, but reads env directly from /proc (on Linux) or parses the
509 // 'environ' array (on some others) and does not use libc. This function
510 // should be called first inside __asan_init.
GetEnv(const char * name)511 const char *GetEnv(const char *name) {
512 #if SANITIZER_FREEBSD || SANITIZER_NETBSD || SANITIZER_OPENBSD || \
513 SANITIZER_SOLARIS
514 if (::environ != 0) {
515 uptr NameLen = internal_strlen(name);
516 for (char **Env = ::environ; *Env != 0; Env++) {
517 if (internal_strncmp(*Env, name, NameLen) == 0 && (*Env)[NameLen] == '=')
518 return (*Env) + NameLen + 1;
519 }
520 }
521 return 0; // Not found.
522 #elif SANITIZER_LINUX
523 static char *environ;
524 static uptr len;
525 static bool inited;
526 if (!inited) {
527 inited = true;
528 uptr environ_size;
529 if (!ReadFileToBuffer("/proc/self/environ", &environ, &environ_size, &len))
530 environ = nullptr;
531 }
532 if (!environ || len == 0) return nullptr;
533 uptr namelen = internal_strlen(name);
534 const char *p = environ;
535 while (*p != '\0') { // will happen at the \0\0 that terminates the buffer
536 // proc file has the format NAME=value\0NAME=value\0NAME=value\0...
537 const char* endp =
538 (char*)internal_memchr(p, '\0', len - (p - environ));
539 if (!endp) // this entry isn't NUL terminated
540 return nullptr;
541 else if (!internal_memcmp(p, name, namelen) && p[namelen] == '=') // Match.
542 return p + namelen + 1; // point after =
543 p = endp + 1;
544 }
545 return nullptr; // Not found.
546 #else
547 #error "Unsupported platform"
548 #endif
549 }
550
551 #if !SANITIZER_FREEBSD && !SANITIZER_NETBSD && !SANITIZER_OPENBSD
552 extern "C" {
553 SANITIZER_WEAK_ATTRIBUTE extern void *__libc_stack_end;
554 }
555 #endif
556
557 #if !SANITIZER_GO && !SANITIZER_FREEBSD && !SANITIZER_NETBSD && \
558 !SANITIZER_OPENBSD
ReadNullSepFileToArray(const char * path,char *** arr,int arr_size)559 static void ReadNullSepFileToArray(const char *path, char ***arr,
560 int arr_size) {
561 char *buff;
562 uptr buff_size;
563 uptr buff_len;
564 *arr = (char **)MmapOrDie(arr_size * sizeof(char *), "NullSepFileArray");
565 if (!ReadFileToBuffer(path, &buff, &buff_size, &buff_len, 1024 * 1024)) {
566 (*arr)[0] = nullptr;
567 return;
568 }
569 (*arr)[0] = buff;
570 int count, i;
571 for (count = 1, i = 1; ; i++) {
572 if (buff[i] == 0) {
573 if (buff[i+1] == 0) break;
574 (*arr)[count] = &buff[i+1];
575 CHECK_LE(count, arr_size - 1); // FIXME: make this more flexible.
576 count++;
577 }
578 }
579 (*arr)[count] = nullptr;
580 }
581 #endif
582
583 #if !SANITIZER_OPENBSD
GetArgsAndEnv(char *** argv,char *** envp)584 static void GetArgsAndEnv(char ***argv, char ***envp) {
585 #if SANITIZER_FREEBSD
586 // On FreeBSD, retrieving the argument and environment arrays is done via the
587 // kern.ps_strings sysctl, which returns a pointer to a structure containing
588 // this information. See also <sys/exec.h>.
589 ps_strings *pss;
590 uptr sz = sizeof(pss);
591 if (internal_sysctlbyname("kern.ps_strings", &pss, &sz, NULL, 0) == -1) {
592 Printf("sysctl kern.ps_strings failed\n");
593 Die();
594 }
595 *argv = pss->ps_argvstr;
596 *envp = pss->ps_envstr;
597 #elif SANITIZER_NETBSD
598 *argv = __ps_strings->ps_argvstr;
599 *envp = __ps_strings->ps_envstr;
600 #else // SANITIZER_FREEBSD
601 #if !SANITIZER_GO
602 if (&__libc_stack_end) {
603 #endif // !SANITIZER_GO
604 uptr* stack_end = (uptr*)__libc_stack_end;
605 int argc = *stack_end;
606 *argv = (char**)(stack_end + 1);
607 *envp = (char**)(stack_end + argc + 2);
608 #if !SANITIZER_GO
609 } else {
610 static const int kMaxArgv = 2000, kMaxEnvp = 2000;
611 ReadNullSepFileToArray("/proc/self/cmdline", argv, kMaxArgv);
612 ReadNullSepFileToArray("/proc/self/environ", envp, kMaxEnvp);
613 }
614 #endif // !SANITIZER_GO
615 #endif // SANITIZER_FREEBSD
616 }
617
GetArgv()618 char **GetArgv() {
619 char **argv, **envp;
620 GetArgsAndEnv(&argv, &envp);
621 return argv;
622 }
623
ReExec()624 void ReExec() {
625 char **argv, **envp;
626 const char *pathname = "/proc/self/exe";
627
628 #if SANITIZER_NETBSD
629 static const int name[] = {
630 CTL_KERN, KERN_PROC_ARGS, -1, KERN_PROC_PATHNAME,
631 };
632 char path[400];
633 uptr len;
634
635 len = sizeof(path);
636 if (internal_sysctl(name, ARRAY_SIZE(name), path, &len, NULL, 0) != -1)
637 pathname = path;
638 #elif SANITIZER_SOLARIS
639 pathname = getexecname();
640 CHECK_NE(pathname, NULL);
641 #endif
642
643 GetArgsAndEnv(&argv, &envp);
644 uptr rv = internal_execve(pathname, argv, envp);
645 int rverrno;
646 CHECK_EQ(internal_iserror(rv, &rverrno), true);
647 Printf("execve failed, errno %d\n", rverrno);
648 Die();
649 }
650 #endif
651
652 #if !SANITIZER_SOLARIS
653 enum MutexState {
654 MtxUnlocked = 0,
655 MtxLocked = 1,
656 MtxSleeping = 2
657 };
658
BlockingMutex()659 BlockingMutex::BlockingMutex() {
660 internal_memset(this, 0, sizeof(*this));
661 }
662
Lock()663 void BlockingMutex::Lock() {
664 CHECK_EQ(owner_, 0);
665 atomic_uint32_t *m = reinterpret_cast<atomic_uint32_t *>(&opaque_storage_);
666 if (atomic_exchange(m, MtxLocked, memory_order_acquire) == MtxUnlocked)
667 return;
668 while (atomic_exchange(m, MtxSleeping, memory_order_acquire) != MtxUnlocked) {
669 #if SANITIZER_FREEBSD
670 _umtx_op(m, UMTX_OP_WAIT_UINT, MtxSleeping, 0, 0);
671 #elif SANITIZER_NETBSD
672 sched_yield(); /* No userspace futex-like synchronization */
673 #else
674 internal_syscall(SYSCALL(futex), (uptr)m, FUTEX_WAIT_PRIVATE, MtxSleeping,
675 0, 0, 0);
676 #endif
677 }
678 }
679
Unlock()680 void BlockingMutex::Unlock() {
681 atomic_uint32_t *m = reinterpret_cast<atomic_uint32_t *>(&opaque_storage_);
682 u32 v = atomic_exchange(m, MtxUnlocked, memory_order_release);
683 CHECK_NE(v, MtxUnlocked);
684 if (v == MtxSleeping) {
685 #if SANITIZER_FREEBSD
686 _umtx_op(m, UMTX_OP_WAKE, 1, 0, 0);
687 #elif SANITIZER_NETBSD
688 /* No userspace futex-like synchronization */
689 #else
690 internal_syscall(SYSCALL(futex), (uptr)m, FUTEX_WAKE_PRIVATE, 1, 0, 0, 0);
691 #endif
692 }
693 }
694
CheckLocked()695 void BlockingMutex::CheckLocked() {
696 atomic_uint32_t *m = reinterpret_cast<atomic_uint32_t *>(&opaque_storage_);
697 CHECK_NE(MtxUnlocked, atomic_load(m, memory_order_relaxed));
698 }
699 #endif // !SANITIZER_SOLARIS
700
701 // ----------------- sanitizer_linux.h
702 // The actual size of this structure is specified by d_reclen.
703 // Note that getdents64 uses a different structure format. We only provide the
704 // 32-bit syscall here.
705 #if SANITIZER_NETBSD
706 // Not used
707 #elif SANITIZER_OPENBSD
708 // struct dirent is different for Linux and us. At this moment, we use only
709 // d_fileno (Linux call this d_ino), d_reclen, and d_name.
710 struct linux_dirent {
711 u64 d_ino; // d_fileno
712 u16 d_reclen;
713 u16 d_namlen; // not used
714 u8 d_type; // not used
715 char d_name[NAME_MAX + 1];
716 };
717 #else
718 struct linux_dirent {
719 #if SANITIZER_X32 || defined(__aarch64__)
720 u64 d_ino;
721 u64 d_off;
722 #else
723 unsigned long d_ino;
724 unsigned long d_off;
725 #endif
726 unsigned short d_reclen;
727 #ifdef __aarch64__
728 unsigned char d_type;
729 #endif
730 char d_name[256];
731 };
732 #endif
733
734 #if !SANITIZER_SOLARIS && !SANITIZER_NETBSD
735 // Syscall wrappers.
internal_ptrace(int request,int pid,void * addr,void * data)736 uptr internal_ptrace(int request, int pid, void *addr, void *data) {
737 return internal_syscall(SYSCALL(ptrace), request, pid, (uptr)addr,
738 (uptr)data);
739 }
740
internal_waitpid(int pid,int * status,int options)741 uptr internal_waitpid(int pid, int *status, int options) {
742 return internal_syscall(SYSCALL(wait4), pid, (uptr)status, options,
743 0 /* rusage */);
744 }
745
internal_getpid()746 uptr internal_getpid() {
747 return internal_syscall(SYSCALL(getpid));
748 }
749
internal_getppid()750 uptr internal_getppid() {
751 return internal_syscall(SYSCALL(getppid));
752 }
753
internal_getdents(fd_t fd,struct linux_dirent * dirp,unsigned int count)754 uptr internal_getdents(fd_t fd, struct linux_dirent *dirp, unsigned int count) {
755 #if SANITIZER_FREEBSD
756 return internal_syscall(SYSCALL(getdirentries), fd, (uptr)dirp, count, NULL);
757 #elif SANITIZER_USES_CANONICAL_LINUX_SYSCALLS
758 return internal_syscall(SYSCALL(getdents64), fd, (uptr)dirp, count);
759 #else
760 return internal_syscall(SYSCALL(getdents), fd, (uptr)dirp, count);
761 #endif
762 }
763
internal_lseek(fd_t fd,OFF_T offset,int whence)764 uptr internal_lseek(fd_t fd, OFF_T offset, int whence) {
765 return internal_syscall(SYSCALL(lseek), fd, offset, whence);
766 }
767
768 #if SANITIZER_LINUX
internal_prctl(int option,uptr arg2,uptr arg3,uptr arg4,uptr arg5)769 uptr internal_prctl(int option, uptr arg2, uptr arg3, uptr arg4, uptr arg5) {
770 return internal_syscall(SYSCALL(prctl), option, arg2, arg3, arg4, arg5);
771 }
772 #endif
773
internal_sigaltstack(const void * ss,void * oss)774 uptr internal_sigaltstack(const void *ss, void *oss) {
775 return internal_syscall(SYSCALL(sigaltstack), (uptr)ss, (uptr)oss);
776 }
777
internal_fork()778 int internal_fork() {
779 #if SANITIZER_USES_CANONICAL_LINUX_SYSCALLS
780 return internal_syscall(SYSCALL(clone), SIGCHLD, 0);
781 #else
782 return internal_syscall(SYSCALL(fork));
783 #endif
784 }
785
786 #if SANITIZER_FREEBSD || SANITIZER_OPENBSD
internal_sysctl(const int * name,unsigned int namelen,void * oldp,uptr * oldlenp,const void * newp,uptr newlen)787 int internal_sysctl(const int *name, unsigned int namelen, void *oldp,
788 uptr *oldlenp, const void *newp, uptr newlen) {
789 #if SANITIZER_OPENBSD
790 return sysctl(name, namelen, oldp, (size_t *)oldlenp, (void *)newp,
791 (size_t)newlen);
792 #else
793 return sysctl(name, namelen, oldp, (size_t *)oldlenp, newp, (size_t)newlen);
794 #endif
795 }
796
797 #if SANITIZER_FREEBSD
internal_sysctlbyname(const char * sname,void * oldp,uptr * oldlenp,const void * newp,uptr newlen)798 int internal_sysctlbyname(const char *sname, void *oldp, uptr *oldlenp,
799 const void *newp, uptr newlen) {
800 return sysctlbyname(sname, oldp, (size_t *)oldlenp, newp, (size_t)newlen);
801 }
802 #endif
803 #endif
804
805 #if SANITIZER_LINUX
806 #define SA_RESTORER 0x04000000
807 // Doesn't set sa_restorer if the caller did not set it, so use with caution
808 //(see below).
internal_sigaction_norestorer(int signum,const void * act,void * oldact)809 int internal_sigaction_norestorer(int signum, const void *act, void *oldact) {
810 __sanitizer_kernel_sigaction_t k_act, k_oldact;
811 internal_memset(&k_act, 0, sizeof(__sanitizer_kernel_sigaction_t));
812 internal_memset(&k_oldact, 0, sizeof(__sanitizer_kernel_sigaction_t));
813 const __sanitizer_sigaction *u_act = (const __sanitizer_sigaction *)act;
814 __sanitizer_sigaction *u_oldact = (__sanitizer_sigaction *)oldact;
815 if (u_act) {
816 k_act.handler = u_act->handler;
817 k_act.sigaction = u_act->sigaction;
818 internal_memcpy(&k_act.sa_mask, &u_act->sa_mask,
819 sizeof(__sanitizer_kernel_sigset_t));
820 // Without SA_RESTORER kernel ignores the calls (probably returns EINVAL).
821 k_act.sa_flags = u_act->sa_flags | SA_RESTORER;
822 // FIXME: most often sa_restorer is unset, however the kernel requires it
823 // to point to a valid signal restorer that calls the rt_sigreturn syscall.
824 // If sa_restorer passed to the kernel is NULL, the program may crash upon
825 // signal delivery or fail to unwind the stack in the signal handler.
826 // libc implementation of sigaction() passes its own restorer to
827 // rt_sigaction, so we need to do the same (we'll need to reimplement the
828 // restorers; for x86_64 the restorer address can be obtained from
829 // oldact->sa_restorer upon a call to sigaction(xxx, NULL, oldact).
830 #if !SANITIZER_ANDROID || !SANITIZER_MIPS32
831 k_act.sa_restorer = u_act->sa_restorer;
832 #endif
833 }
834
835 uptr result = internal_syscall(SYSCALL(rt_sigaction), (uptr)signum,
836 (uptr)(u_act ? &k_act : nullptr),
837 (uptr)(u_oldact ? &k_oldact : nullptr),
838 (uptr)sizeof(__sanitizer_kernel_sigset_t));
839
840 if ((result == 0) && u_oldact) {
841 u_oldact->handler = k_oldact.handler;
842 u_oldact->sigaction = k_oldact.sigaction;
843 internal_memcpy(&u_oldact->sa_mask, &k_oldact.sa_mask,
844 sizeof(__sanitizer_kernel_sigset_t));
845 u_oldact->sa_flags = k_oldact.sa_flags;
846 #if !SANITIZER_ANDROID || !SANITIZER_MIPS32
847 u_oldact->sa_restorer = k_oldact.sa_restorer;
848 #endif
849 }
850 return result;
851 }
852
853 // Invokes sigaction via a raw syscall with a restorer, but does not support
854 // all platforms yet.
855 // We disable for Go simply because we have not yet added to buildgo.sh.
856 #if (defined(__x86_64__) || SANITIZER_MIPS64) && !SANITIZER_GO
internal_sigaction_syscall(int signum,const void * act,void * oldact)857 int internal_sigaction_syscall(int signum, const void *act, void *oldact) {
858 if (act == nullptr)
859 return internal_sigaction_norestorer(signum, act, oldact);
860 __sanitizer_sigaction u_adjust;
861 internal_memcpy(&u_adjust, act, sizeof(u_adjust));
862 #if !SANITIZER_ANDROID || !SANITIZER_MIPS32
863 if (u_adjust.sa_restorer == nullptr) {
864 u_adjust.sa_restorer = internal_sigreturn;
865 }
866 #endif
867 return internal_sigaction_norestorer(signum, (const void *)&u_adjust, oldact);
868 }
869 #endif // defined(__x86_64__) && !SANITIZER_GO
870 #endif // SANITIZER_LINUX
871
internal_sigprocmask(int how,__sanitizer_sigset_t * set,__sanitizer_sigset_t * oldset)872 uptr internal_sigprocmask(int how, __sanitizer_sigset_t *set,
873 __sanitizer_sigset_t *oldset) {
874 #if SANITIZER_FREEBSD || SANITIZER_OPENBSD
875 return internal_syscall(SYSCALL(sigprocmask), how, set, oldset);
876 #else
877 __sanitizer_kernel_sigset_t *k_set = (__sanitizer_kernel_sigset_t *)set;
878 __sanitizer_kernel_sigset_t *k_oldset = (__sanitizer_kernel_sigset_t *)oldset;
879 return internal_syscall(SYSCALL(rt_sigprocmask), (uptr)how,
880 (uptr)&k_set->sig[0], (uptr)&k_oldset->sig[0],
881 sizeof(__sanitizer_kernel_sigset_t));
882 #endif
883 }
884
internal_sigfillset(__sanitizer_sigset_t * set)885 void internal_sigfillset(__sanitizer_sigset_t *set) {
886 internal_memset(set, 0xff, sizeof(*set));
887 }
888
internal_sigemptyset(__sanitizer_sigset_t * set)889 void internal_sigemptyset(__sanitizer_sigset_t *set) {
890 internal_memset(set, 0, sizeof(*set));
891 }
892
893 #if SANITIZER_LINUX
internal_sigdelset(__sanitizer_sigset_t * set,int signum)894 void internal_sigdelset(__sanitizer_sigset_t *set, int signum) {
895 signum -= 1;
896 CHECK_GE(signum, 0);
897 CHECK_LT(signum, sizeof(*set) * 8);
898 __sanitizer_kernel_sigset_t *k_set = (__sanitizer_kernel_sigset_t *)set;
899 const uptr idx = signum / (sizeof(k_set->sig[0]) * 8);
900 const uptr bit = signum % (sizeof(k_set->sig[0]) * 8);
901 k_set->sig[idx] &= ~(1 << bit);
902 }
903
internal_sigismember(__sanitizer_sigset_t * set,int signum)904 bool internal_sigismember(__sanitizer_sigset_t *set, int signum) {
905 signum -= 1;
906 CHECK_GE(signum, 0);
907 CHECK_LT(signum, sizeof(*set) * 8);
908 __sanitizer_kernel_sigset_t *k_set = (__sanitizer_kernel_sigset_t *)set;
909 const uptr idx = signum / (sizeof(k_set->sig[0]) * 8);
910 const uptr bit = signum % (sizeof(k_set->sig[0]) * 8);
911 return k_set->sig[idx] & (1 << bit);
912 }
913 #elif SANITIZER_FREEBSD
internal_sigdelset(__sanitizer_sigset_t * set,int signum)914 void internal_sigdelset(__sanitizer_sigset_t *set, int signum) {
915 sigset_t *rset = reinterpret_cast<sigset_t *>(set);
916 sigdelset(rset, signum);
917 }
918
internal_sigismember(__sanitizer_sigset_t * set,int signum)919 bool internal_sigismember(__sanitizer_sigset_t *set, int signum) {
920 sigset_t *rset = reinterpret_cast<sigset_t *>(set);
921 return sigismember(rset, signum);
922 }
923 #endif
924 #endif // !SANITIZER_SOLARIS
925
926 #if !SANITIZER_NETBSD
927 // ThreadLister implementation.
ThreadLister(pid_t pid)928 ThreadLister::ThreadLister(pid_t pid) : pid_(pid), buffer_(4096) {
929 char task_directory_path[80];
930 internal_snprintf(task_directory_path, sizeof(task_directory_path),
931 "/proc/%d/task/", pid);
932 descriptor_ = internal_open(task_directory_path, O_RDONLY | O_DIRECTORY);
933 if (internal_iserror(descriptor_)) {
934 Report("Can't open /proc/%d/task for reading.\n", pid);
935 }
936 }
937
ListThreads(InternalMmapVector<tid_t> * threads)938 ThreadLister::Result ThreadLister::ListThreads(
939 InternalMmapVector<tid_t> *threads) {
940 if (internal_iserror(descriptor_))
941 return Error;
942 internal_lseek(descriptor_, 0, SEEK_SET);
943 threads->clear();
944
945 Result result = Ok;
946 for (bool first_read = true;; first_read = false) {
947 // Resize to max capacity if it was downsized by IsAlive.
948 buffer_.resize(buffer_.capacity());
949 CHECK_GE(buffer_.size(), 4096);
950 uptr read = internal_getdents(
951 descriptor_, (struct linux_dirent *)buffer_.data(), buffer_.size());
952 if (!read)
953 return result;
954 if (internal_iserror(read)) {
955 Report("Can't read directory entries from /proc/%d/task.\n", pid_);
956 return Error;
957 }
958
959 for (uptr begin = (uptr)buffer_.data(), end = begin + read; begin < end;) {
960 struct linux_dirent *entry = (struct linux_dirent *)begin;
961 begin += entry->d_reclen;
962 if (entry->d_ino == 1) {
963 // Inode 1 is for bad blocks and also can be a reason for early return.
964 // Should be emitted if kernel tried to output terminating thread.
965 // See proc_task_readdir implementation in Linux.
966 result = Incomplete;
967 }
968 if (entry->d_ino && *entry->d_name >= '0' && *entry->d_name <= '9')
969 threads->push_back(internal_atoll(entry->d_name));
970 }
971
972 // Now we are going to detect short-read or early EOF. In such cases Linux
973 // can return inconsistent list with missing alive threads.
974 // Code will just remember that the list can be incomplete but it will
975 // continue reads to return as much as possible.
976 if (!first_read) {
977 // The first one was a short-read by definition.
978 result = Incomplete;
979 } else if (read > buffer_.size() - 1024) {
980 // Read was close to the buffer size. So double the size and assume the
981 // worst.
982 buffer_.resize(buffer_.size() * 2);
983 result = Incomplete;
984 } else if (!threads->empty() && !IsAlive(threads->back())) {
985 // Maybe Linux early returned from read on terminated thread (!pid_alive)
986 // and failed to restore read position.
987 // See next_tid and proc_task_instantiate in Linux.
988 result = Incomplete;
989 }
990 }
991 }
992
IsAlive(int tid)993 bool ThreadLister::IsAlive(int tid) {
994 // /proc/%d/task/%d/status uses same call to detect alive threads as
995 // proc_task_readdir. See task_state implementation in Linux.
996 char path[80];
997 internal_snprintf(path, sizeof(path), "/proc/%d/task/%d/status", pid_, tid);
998 if (!ReadFileToVector(path, &buffer_) || buffer_.empty())
999 return false;
1000 buffer_.push_back(0);
1001 static const char kPrefix[] = "\nPPid:";
1002 const char *field = internal_strstr(buffer_.data(), kPrefix);
1003 if (!field)
1004 return false;
1005 field += internal_strlen(kPrefix);
1006 return (int)internal_atoll(field) != 0;
1007 }
1008
~ThreadLister()1009 ThreadLister::~ThreadLister() {
1010 if (!internal_iserror(descriptor_))
1011 internal_close(descriptor_);
1012 }
1013 #endif
1014
1015 #if SANITIZER_WORDSIZE == 32
1016 // Take care of unusable kernel area in top gigabyte.
GetKernelAreaSize()1017 static uptr GetKernelAreaSize() {
1018 #if SANITIZER_LINUX && !SANITIZER_X32
1019 const uptr gbyte = 1UL << 30;
1020
1021 // Firstly check if there are writable segments
1022 // mapped to top gigabyte (e.g. stack).
1023 MemoryMappingLayout proc_maps(/*cache_enabled*/true);
1024 MemoryMappedSegment segment;
1025 while (proc_maps.Next(&segment)) {
1026 if ((segment.end >= 3 * gbyte) && segment.IsWritable()) return 0;
1027 }
1028
1029 #if !SANITIZER_ANDROID
1030 // Even if nothing is mapped, top Gb may still be accessible
1031 // if we are running on 64-bit kernel.
1032 // Uname may report misleading results if personality type
1033 // is modified (e.g. under schroot) so check this as well.
1034 struct utsname uname_info;
1035 int pers = personality(0xffffffffUL);
1036 if (!(pers & PER_MASK)
1037 && uname(&uname_info) == 0
1038 && internal_strstr(uname_info.machine, "64"))
1039 return 0;
1040 #endif // SANITIZER_ANDROID
1041
1042 // Top gigabyte is reserved for kernel.
1043 return gbyte;
1044 #else
1045 return 0;
1046 #endif // SANITIZER_LINUX && !SANITIZER_X32
1047 }
1048 #endif // SANITIZER_WORDSIZE == 32
1049
GetMaxVirtualAddress()1050 uptr GetMaxVirtualAddress() {
1051 #if (SANITIZER_NETBSD || SANITIZER_OPENBSD) && defined(__x86_64__)
1052 return 0x7f7ffffff000ULL; // (0x00007f8000000000 - PAGE_SIZE)
1053 #elif SANITIZER_WORDSIZE == 64
1054 # if defined(__powerpc64__) || defined(__aarch64__)
1055 // On PowerPC64 we have two different address space layouts: 44- and 46-bit.
1056 // We somehow need to figure out which one we are using now and choose
1057 // one of 0x00000fffffffffffUL and 0x00003fffffffffffUL.
1058 // Note that with 'ulimit -s unlimited' the stack is moved away from the top
1059 // of the address space, so simply checking the stack address is not enough.
1060 // This should (does) work for both PowerPC64 Endian modes.
1061 // Similarly, aarch64 has multiple address space layouts: 39, 42 and 47-bit.
1062 return (1ULL << (MostSignificantSetBitIndex(GET_CURRENT_FRAME()) + 1)) - 1;
1063 # elif defined(__mips64)
1064 return (1ULL << 40) - 1; // 0x000000ffffffffffUL;
1065 # elif defined(__s390x__)
1066 return (1ULL << 53) - 1; // 0x001fffffffffffffUL;
1067 # elif defined(__sparc__)
1068 return ~(uptr)0;
1069 # else
1070 return (1ULL << 47) - 1; // 0x00007fffffffffffUL;
1071 # endif
1072 #else // SANITIZER_WORDSIZE == 32
1073 # if defined(__s390__)
1074 return (1ULL << 31) - 1; // 0x7fffffff;
1075 # else
1076 return (1ULL << 32) - 1; // 0xffffffff;
1077 # endif
1078 #endif // SANITIZER_WORDSIZE
1079 }
1080
GetMaxUserVirtualAddress()1081 uptr GetMaxUserVirtualAddress() {
1082 uptr addr = GetMaxVirtualAddress();
1083 #if SANITIZER_WORDSIZE == 32 && !defined(__s390__)
1084 if (!common_flags()->full_address_space)
1085 addr -= GetKernelAreaSize();
1086 CHECK_LT(reinterpret_cast<uptr>(&addr), addr);
1087 #endif
1088 return addr;
1089 }
1090
GetPageSize()1091 uptr GetPageSize() {
1092 // Android post-M sysconf(_SC_PAGESIZE) crashes if called from .preinit_array.
1093 #if SANITIZER_ANDROID
1094 return 4096;
1095 #elif SANITIZER_LINUX && (defined(__x86_64__) || defined(__i386__))
1096 return EXEC_PAGESIZE;
1097 #elif SANITIZER_USE_GETAUXVAL
1098 return getauxval(AT_PAGESZ);
1099 #else
1100 return sysconf(_SC_PAGESIZE); // EXEC_PAGESIZE may not be trustworthy.
1101 #endif
1102 }
1103
1104 #if !SANITIZER_OPENBSD
ReadBinaryName(char * buf,uptr buf_len)1105 uptr ReadBinaryName(/*out*/char *buf, uptr buf_len) {
1106 #if SANITIZER_SOLARIS
1107 const char *default_module_name = getexecname();
1108 CHECK_NE(default_module_name, NULL);
1109 return internal_snprintf(buf, buf_len, "%s", default_module_name);
1110 #else
1111 #if SANITIZER_FREEBSD || SANITIZER_NETBSD
1112 #if SANITIZER_FREEBSD
1113 const int Mib[4] = {CTL_KERN, KERN_PROC, KERN_PROC_PATHNAME, -1};
1114 #else
1115 const int Mib[4] = {CTL_KERN, KERN_PROC_ARGS, -1, KERN_PROC_PATHNAME};
1116 #endif
1117 const char *default_module_name = "kern.proc.pathname";
1118 uptr Size = buf_len;
1119 bool IsErr =
1120 (internal_sysctl(Mib, ARRAY_SIZE(Mib), buf, &Size, NULL, 0) != 0);
1121 int readlink_error = IsErr ? errno : 0;
1122 uptr module_name_len = Size;
1123 #else
1124 const char *default_module_name = "/proc/self/exe";
1125 uptr module_name_len = internal_readlink(
1126 default_module_name, buf, buf_len);
1127 int readlink_error;
1128 bool IsErr = internal_iserror(module_name_len, &readlink_error);
1129 #endif // SANITIZER_SOLARIS
1130 if (IsErr) {
1131 // We can't read binary name for some reason, assume it's unknown.
1132 Report("WARNING: reading executable name failed with errno %d, "
1133 "some stack frames may not be symbolized\n", readlink_error);
1134 module_name_len = internal_snprintf(buf, buf_len, "%s",
1135 default_module_name);
1136 CHECK_LT(module_name_len, buf_len);
1137 }
1138 return module_name_len;
1139 #endif
1140 }
1141 #endif // !SANITIZER_OPENBSD
1142
ReadLongProcessName(char * buf,uptr buf_len)1143 uptr ReadLongProcessName(/*out*/ char *buf, uptr buf_len) {
1144 #if SANITIZER_LINUX
1145 char *tmpbuf;
1146 uptr tmpsize;
1147 uptr tmplen;
1148 if (ReadFileToBuffer("/proc/self/cmdline", &tmpbuf, &tmpsize, &tmplen,
1149 1024 * 1024)) {
1150 internal_strncpy(buf, tmpbuf, buf_len);
1151 UnmapOrDie(tmpbuf, tmpsize);
1152 return internal_strlen(buf);
1153 }
1154 #endif
1155 return ReadBinaryName(buf, buf_len);
1156 }
1157
1158 // Match full names of the form /path/to/base_name{-,.}*
LibraryNameIs(const char * full_name,const char * base_name)1159 bool LibraryNameIs(const char *full_name, const char *base_name) {
1160 const char *name = full_name;
1161 // Strip path.
1162 while (*name != '\0') name++;
1163 while (name > full_name && *name != '/') name--;
1164 if (*name == '/') name++;
1165 uptr base_name_length = internal_strlen(base_name);
1166 if (internal_strncmp(name, base_name, base_name_length)) return false;
1167 return (name[base_name_length] == '-' || name[base_name_length] == '.');
1168 }
1169
1170 #if !SANITIZER_ANDROID
1171 // Call cb for each region mapped by map.
ForEachMappedRegion(link_map * map,void (* cb)(const void *,uptr))1172 void ForEachMappedRegion(link_map *map, void (*cb)(const void *, uptr)) {
1173 CHECK_NE(map, nullptr);
1174 #if !SANITIZER_FREEBSD && !SANITIZER_OPENBSD
1175 typedef ElfW(Phdr) Elf_Phdr;
1176 typedef ElfW(Ehdr) Elf_Ehdr;
1177 #endif // !SANITIZER_FREEBSD && !SANITIZER_OPENBSD
1178 char *base = (char *)map->l_addr;
1179 Elf_Ehdr *ehdr = (Elf_Ehdr *)base;
1180 char *phdrs = base + ehdr->e_phoff;
1181 char *phdrs_end = phdrs + ehdr->e_phnum * ehdr->e_phentsize;
1182
1183 // Find the segment with the minimum base so we can "relocate" the p_vaddr
1184 // fields. Typically ET_DYN objects (DSOs) have base of zero and ET_EXEC
1185 // objects have a non-zero base.
1186 uptr preferred_base = (uptr)-1;
1187 for (char *iter = phdrs; iter != phdrs_end; iter += ehdr->e_phentsize) {
1188 Elf_Phdr *phdr = (Elf_Phdr *)iter;
1189 if (phdr->p_type == PT_LOAD && preferred_base > (uptr)phdr->p_vaddr)
1190 preferred_base = (uptr)phdr->p_vaddr;
1191 }
1192
1193 // Compute the delta from the real base to get a relocation delta.
1194 sptr delta = (uptr)base - preferred_base;
1195 // Now we can figure out what the loader really mapped.
1196 for (char *iter = phdrs; iter != phdrs_end; iter += ehdr->e_phentsize) {
1197 Elf_Phdr *phdr = (Elf_Phdr *)iter;
1198 if (phdr->p_type == PT_LOAD) {
1199 uptr seg_start = phdr->p_vaddr + delta;
1200 uptr seg_end = seg_start + phdr->p_memsz;
1201 // None of these values are aligned. We consider the ragged edges of the
1202 // load command as defined, since they are mapped from the file.
1203 seg_start = RoundDownTo(seg_start, GetPageSizeCached());
1204 seg_end = RoundUpTo(seg_end, GetPageSizeCached());
1205 cb((void *)seg_start, seg_end - seg_start);
1206 }
1207 }
1208 }
1209 #endif
1210
1211 #if defined(__x86_64__) && SANITIZER_LINUX
1212 // We cannot use glibc's clone wrapper, because it messes with the child
1213 // task's TLS. It writes the PID and TID of the child task to its thread
1214 // descriptor, but in our case the child task shares the thread descriptor with
1215 // the parent (because we don't know how to allocate a new thread
1216 // descriptor to keep glibc happy). So the stock version of clone(), when
1217 // used with CLONE_VM, would end up corrupting the parent's thread descriptor.
internal_clone(int (* fn)(void *),void * child_stack,int flags,void * arg,int * parent_tidptr,void * newtls,int * child_tidptr)1218 uptr internal_clone(int (*fn)(void *), void *child_stack, int flags, void *arg,
1219 int *parent_tidptr, void *newtls, int *child_tidptr) {
1220 long long res;
1221 if (!fn || !child_stack)
1222 return -EINVAL;
1223 CHECK_EQ(0, (uptr)child_stack % 16);
1224 child_stack = (char *)child_stack - 2 * sizeof(unsigned long long);
1225 ((unsigned long long *)child_stack)[0] = (uptr)fn;
1226 ((unsigned long long *)child_stack)[1] = (uptr)arg;
1227 register void *r8 __asm__("r8") = newtls;
1228 register int *r10 __asm__("r10") = child_tidptr;
1229 __asm__ __volatile__(
1230 /* %rax = syscall(%rax = SYSCALL(clone),
1231 * %rdi = flags,
1232 * %rsi = child_stack,
1233 * %rdx = parent_tidptr,
1234 * %r8 = new_tls,
1235 * %r10 = child_tidptr)
1236 */
1237 "syscall\n"
1238
1239 /* if (%rax != 0)
1240 * return;
1241 */
1242 "testq %%rax,%%rax\n"
1243 "jnz 1f\n"
1244
1245 /* In the child. Terminate unwind chain. */
1246 // XXX: We should also terminate the CFI unwind chain
1247 // here. Unfortunately clang 3.2 doesn't support the
1248 // necessary CFI directives, so we skip that part.
1249 "xorq %%rbp,%%rbp\n"
1250
1251 /* Call "fn(arg)". */
1252 "popq %%rax\n"
1253 "popq %%rdi\n"
1254 "call *%%rax\n"
1255
1256 /* Call _exit(%rax). */
1257 "movq %%rax,%%rdi\n"
1258 "movq %2,%%rax\n"
1259 "syscall\n"
1260
1261 /* Return to parent. */
1262 "1:\n"
1263 : "=a" (res)
1264 : "a"(SYSCALL(clone)), "i"(SYSCALL(exit)),
1265 "S"(child_stack),
1266 "D"(flags),
1267 "d"(parent_tidptr),
1268 "r"(r8),
1269 "r"(r10)
1270 : "memory", "r11", "rcx");
1271 return res;
1272 }
1273 #elif defined(__mips__)
internal_clone(int (* fn)(void *),void * child_stack,int flags,void * arg,int * parent_tidptr,void * newtls,int * child_tidptr)1274 uptr internal_clone(int (*fn)(void *), void *child_stack, int flags, void *arg,
1275 int *parent_tidptr, void *newtls, int *child_tidptr) {
1276 long long res;
1277 if (!fn || !child_stack)
1278 return -EINVAL;
1279 CHECK_EQ(0, (uptr)child_stack % 16);
1280 child_stack = (char *)child_stack - 2 * sizeof(unsigned long long);
1281 ((unsigned long long *)child_stack)[0] = (uptr)fn;
1282 ((unsigned long long *)child_stack)[1] = (uptr)arg;
1283 register void *a3 __asm__("$7") = newtls;
1284 register int *a4 __asm__("$8") = child_tidptr;
1285 // We don't have proper CFI directives here because it requires alot of code
1286 // for very marginal benefits.
1287 __asm__ __volatile__(
1288 /* $v0 = syscall($v0 = __NR_clone,
1289 * $a0 = flags,
1290 * $a1 = child_stack,
1291 * $a2 = parent_tidptr,
1292 * $a3 = new_tls,
1293 * $a4 = child_tidptr)
1294 */
1295 ".cprestore 16;\n"
1296 "move $4,%1;\n"
1297 "move $5,%2;\n"
1298 "move $6,%3;\n"
1299 "move $7,%4;\n"
1300 /* Store the fifth argument on stack
1301 * if we are using 32-bit abi.
1302 */
1303 #if SANITIZER_WORDSIZE == 32
1304 "lw %5,16($29);\n"
1305 #else
1306 "move $8,%5;\n"
1307 #endif
1308 "li $2,%6;\n"
1309 "syscall;\n"
1310
1311 /* if ($v0 != 0)
1312 * return;
1313 */
1314 "bnez $2,1f;\n"
1315
1316 /* Call "fn(arg)". */
1317 #if SANITIZER_WORDSIZE == 32
1318 #ifdef __BIG_ENDIAN__
1319 "lw $25,4($29);\n"
1320 "lw $4,12($29);\n"
1321 #else
1322 "lw $25,0($29);\n"
1323 "lw $4,8($29);\n"
1324 #endif
1325 #else
1326 "ld $25,0($29);\n"
1327 "ld $4,8($29);\n"
1328 #endif
1329 "jal $25;\n"
1330
1331 /* Call _exit($v0). */
1332 "move $4,$2;\n"
1333 "li $2,%7;\n"
1334 "syscall;\n"
1335
1336 /* Return to parent. */
1337 "1:\n"
1338 : "=r" (res)
1339 : "r"(flags),
1340 "r"(child_stack),
1341 "r"(parent_tidptr),
1342 "r"(a3),
1343 "r"(a4),
1344 "i"(__NR_clone),
1345 "i"(__NR_exit)
1346 : "memory", "$29" );
1347 return res;
1348 }
1349 #elif defined(__aarch64__)
internal_clone(int (* fn)(void *),void * child_stack,int flags,void * arg,int * parent_tidptr,void * newtls,int * child_tidptr)1350 uptr internal_clone(int (*fn)(void *), void *child_stack, int flags, void *arg,
1351 int *parent_tidptr, void *newtls, int *child_tidptr) {
1352 long long res;
1353 if (!fn || !child_stack)
1354 return -EINVAL;
1355 CHECK_EQ(0, (uptr)child_stack % 16);
1356 child_stack = (char *)child_stack - 2 * sizeof(unsigned long long);
1357 ((unsigned long long *)child_stack)[0] = (uptr)fn;
1358 ((unsigned long long *)child_stack)[1] = (uptr)arg;
1359
1360 register int (*__fn)(void *) __asm__("x0") = fn;
1361 register void *__stack __asm__("x1") = child_stack;
1362 register int __flags __asm__("x2") = flags;
1363 register void *__arg __asm__("x3") = arg;
1364 register int *__ptid __asm__("x4") = parent_tidptr;
1365 register void *__tls __asm__("x5") = newtls;
1366 register int *__ctid __asm__("x6") = child_tidptr;
1367
1368 __asm__ __volatile__(
1369 "mov x0,x2\n" /* flags */
1370 "mov x2,x4\n" /* ptid */
1371 "mov x3,x5\n" /* tls */
1372 "mov x4,x6\n" /* ctid */
1373 "mov x8,%9\n" /* clone */
1374
1375 "svc 0x0\n"
1376
1377 /* if (%r0 != 0)
1378 * return %r0;
1379 */
1380 "cmp x0, #0\n"
1381 "bne 1f\n"
1382
1383 /* In the child, now. Call "fn(arg)". */
1384 "ldp x1, x0, [sp], #16\n"
1385 "blr x1\n"
1386
1387 /* Call _exit(%r0). */
1388 "mov x8, %10\n"
1389 "svc 0x0\n"
1390 "1:\n"
1391
1392 : "=r" (res)
1393 : "i"(-EINVAL),
1394 "r"(__fn), "r"(__stack), "r"(__flags), "r"(__arg),
1395 "r"(__ptid), "r"(__tls), "r"(__ctid),
1396 "i"(__NR_clone), "i"(__NR_exit)
1397 : "x30", "memory");
1398 return res;
1399 }
1400 #elif defined(__powerpc64__)
internal_clone(int (* fn)(void *),void * child_stack,int flags,void * arg,int * parent_tidptr,void * newtls,int * child_tidptr)1401 uptr internal_clone(int (*fn)(void *), void *child_stack, int flags, void *arg,
1402 int *parent_tidptr, void *newtls, int *child_tidptr) {
1403 long long res;
1404 // Stack frame structure.
1405 #if SANITIZER_PPC64V1
1406 // Back chain == 0 (SP + 112)
1407 // Frame (112 bytes):
1408 // Parameter save area (SP + 48), 8 doublewords
1409 // TOC save area (SP + 40)
1410 // Link editor doubleword (SP + 32)
1411 // Compiler doubleword (SP + 24)
1412 // LR save area (SP + 16)
1413 // CR save area (SP + 8)
1414 // Back chain (SP + 0)
1415 # define FRAME_SIZE 112
1416 # define FRAME_TOC_SAVE_OFFSET 40
1417 #elif SANITIZER_PPC64V2
1418 // Back chain == 0 (SP + 32)
1419 // Frame (32 bytes):
1420 // TOC save area (SP + 24)
1421 // LR save area (SP + 16)
1422 // CR save area (SP + 8)
1423 // Back chain (SP + 0)
1424 # define FRAME_SIZE 32
1425 # define FRAME_TOC_SAVE_OFFSET 24
1426 #else
1427 # error "Unsupported PPC64 ABI"
1428 #endif
1429 if (!fn || !child_stack)
1430 return -EINVAL;
1431 CHECK_EQ(0, (uptr)child_stack % 16);
1432
1433 register int (*__fn)(void *) __asm__("r3") = fn;
1434 register void *__cstack __asm__("r4") = child_stack;
1435 register int __flags __asm__("r5") = flags;
1436 register void *__arg __asm__("r6") = arg;
1437 register int *__ptidptr __asm__("r7") = parent_tidptr;
1438 register void *__newtls __asm__("r8") = newtls;
1439 register int *__ctidptr __asm__("r9") = child_tidptr;
1440
1441 __asm__ __volatile__(
1442 /* fn and arg are saved across the syscall */
1443 "mr 28, %5\n\t"
1444 "mr 27, %8\n\t"
1445
1446 /* syscall
1447 r0 == __NR_clone
1448 r3 == flags
1449 r4 == child_stack
1450 r5 == parent_tidptr
1451 r6 == newtls
1452 r7 == child_tidptr */
1453 "mr 3, %7\n\t"
1454 "mr 5, %9\n\t"
1455 "mr 6, %10\n\t"
1456 "mr 7, %11\n\t"
1457 "li 0, %3\n\t"
1458 "sc\n\t"
1459
1460 /* Test if syscall was successful */
1461 "cmpdi cr1, 3, 0\n\t"
1462 "crandc cr1*4+eq, cr1*4+eq, cr0*4+so\n\t"
1463 "bne- cr1, 1f\n\t"
1464
1465 /* Set up stack frame */
1466 "li 29, 0\n\t"
1467 "stdu 29, -8(1)\n\t"
1468 "stdu 1, -%12(1)\n\t"
1469 /* Do the function call */
1470 "std 2, %13(1)\n\t"
1471 #if SANITIZER_PPC64V1
1472 "ld 0, 0(28)\n\t"
1473 "ld 2, 8(28)\n\t"
1474 "mtctr 0\n\t"
1475 #elif SANITIZER_PPC64V2
1476 "mr 12, 28\n\t"
1477 "mtctr 12\n\t"
1478 #else
1479 # error "Unsupported PPC64 ABI"
1480 #endif
1481 "mr 3, 27\n\t"
1482 "bctrl\n\t"
1483 "ld 2, %13(1)\n\t"
1484
1485 /* Call _exit(r3) */
1486 "li 0, %4\n\t"
1487 "sc\n\t"
1488
1489 /* Return to parent */
1490 "1:\n\t"
1491 "mr %0, 3\n\t"
1492 : "=r" (res)
1493 : "0" (-1),
1494 "i" (EINVAL),
1495 "i" (__NR_clone),
1496 "i" (__NR_exit),
1497 "r" (__fn),
1498 "r" (__cstack),
1499 "r" (__flags),
1500 "r" (__arg),
1501 "r" (__ptidptr),
1502 "r" (__newtls),
1503 "r" (__ctidptr),
1504 "i" (FRAME_SIZE),
1505 "i" (FRAME_TOC_SAVE_OFFSET)
1506 : "cr0", "cr1", "memory", "ctr", "r0", "r27", "r28", "r29");
1507 return res;
1508 }
1509 #elif defined(__i386__) && SANITIZER_LINUX
internal_clone(int (* fn)(void *),void * child_stack,int flags,void * arg,int * parent_tidptr,void * newtls,int * child_tidptr)1510 uptr internal_clone(int (*fn)(void *), void *child_stack, int flags, void *arg,
1511 int *parent_tidptr, void *newtls, int *child_tidptr) {
1512 int res;
1513 if (!fn || !child_stack)
1514 return -EINVAL;
1515 CHECK_EQ(0, (uptr)child_stack % 16);
1516 child_stack = (char *)child_stack - 7 * sizeof(unsigned int);
1517 ((unsigned int *)child_stack)[0] = (uptr)flags;
1518 ((unsigned int *)child_stack)[1] = (uptr)0;
1519 ((unsigned int *)child_stack)[2] = (uptr)fn;
1520 ((unsigned int *)child_stack)[3] = (uptr)arg;
1521 __asm__ __volatile__(
1522 /* %eax = syscall(%eax = SYSCALL(clone),
1523 * %ebx = flags,
1524 * %ecx = child_stack,
1525 * %edx = parent_tidptr,
1526 * %esi = new_tls,
1527 * %edi = child_tidptr)
1528 */
1529
1530 /* Obtain flags */
1531 "movl (%%ecx), %%ebx\n"
1532 /* Do the system call */
1533 "pushl %%ebx\n"
1534 "pushl %%esi\n"
1535 "pushl %%edi\n"
1536 /* Remember the flag value. */
1537 "movl %%ebx, (%%ecx)\n"
1538 "int $0x80\n"
1539 "popl %%edi\n"
1540 "popl %%esi\n"
1541 "popl %%ebx\n"
1542
1543 /* if (%eax != 0)
1544 * return;
1545 */
1546
1547 "test %%eax,%%eax\n"
1548 "jnz 1f\n"
1549
1550 /* terminate the stack frame */
1551 "xorl %%ebp,%%ebp\n"
1552 /* Call FN. */
1553 "call *%%ebx\n"
1554 #ifdef PIC
1555 "call here\n"
1556 "here:\n"
1557 "popl %%ebx\n"
1558 "addl $_GLOBAL_OFFSET_TABLE_+[.-here], %%ebx\n"
1559 #endif
1560 /* Call exit */
1561 "movl %%eax, %%ebx\n"
1562 "movl %2, %%eax\n"
1563 "int $0x80\n"
1564 "1:\n"
1565 : "=a" (res)
1566 : "a"(SYSCALL(clone)), "i"(SYSCALL(exit)),
1567 "c"(child_stack),
1568 "d"(parent_tidptr),
1569 "S"(newtls),
1570 "D"(child_tidptr)
1571 : "memory");
1572 return res;
1573 }
1574 #elif defined(__arm__) && SANITIZER_LINUX
internal_clone(int (* fn)(void *),void * child_stack,int flags,void * arg,int * parent_tidptr,void * newtls,int * child_tidptr)1575 uptr internal_clone(int (*fn)(void *), void *child_stack, int flags, void *arg,
1576 int *parent_tidptr, void *newtls, int *child_tidptr) {
1577 unsigned int res;
1578 if (!fn || !child_stack)
1579 return -EINVAL;
1580 child_stack = (char *)child_stack - 2 * sizeof(unsigned int);
1581 ((unsigned int *)child_stack)[0] = (uptr)fn;
1582 ((unsigned int *)child_stack)[1] = (uptr)arg;
1583 register int r0 __asm__("r0") = flags;
1584 register void *r1 __asm__("r1") = child_stack;
1585 register int *r2 __asm__("r2") = parent_tidptr;
1586 register void *r3 __asm__("r3") = newtls;
1587 register int *r4 __asm__("r4") = child_tidptr;
1588 register int r7 __asm__("r7") = __NR_clone;
1589
1590 #if __ARM_ARCH > 4 || defined (__ARM_ARCH_4T__)
1591 # define ARCH_HAS_BX
1592 #endif
1593 #if __ARM_ARCH > 4
1594 # define ARCH_HAS_BLX
1595 #endif
1596
1597 #ifdef ARCH_HAS_BX
1598 # ifdef ARCH_HAS_BLX
1599 # define BLX(R) "blx " #R "\n"
1600 # else
1601 # define BLX(R) "mov lr, pc; bx " #R "\n"
1602 # endif
1603 #else
1604 # define BLX(R) "mov lr, pc; mov pc," #R "\n"
1605 #endif
1606
1607 __asm__ __volatile__(
1608 /* %r0 = syscall(%r7 = SYSCALL(clone),
1609 * %r0 = flags,
1610 * %r1 = child_stack,
1611 * %r2 = parent_tidptr,
1612 * %r3 = new_tls,
1613 * %r4 = child_tidptr)
1614 */
1615
1616 /* Do the system call */
1617 "swi 0x0\n"
1618
1619 /* if (%r0 != 0)
1620 * return %r0;
1621 */
1622 "cmp r0, #0\n"
1623 "bne 1f\n"
1624
1625 /* In the child, now. Call "fn(arg)". */
1626 "ldr r0, [sp, #4]\n"
1627 "ldr ip, [sp], #8\n"
1628 BLX(ip)
1629 /* Call _exit(%r0). */
1630 "mov r7, %7\n"
1631 "swi 0x0\n"
1632 "1:\n"
1633 "mov %0, r0\n"
1634 : "=r"(res)
1635 : "r"(r0), "r"(r1), "r"(r2), "r"(r3), "r"(r4), "r"(r7),
1636 "i"(__NR_exit)
1637 : "memory");
1638 return res;
1639 }
1640 #endif // defined(__x86_64__) && SANITIZER_LINUX
1641
1642 #if SANITIZER_ANDROID
1643 #if __ANDROID_API__ < 21
1644 extern "C" __attribute__((weak)) int dl_iterate_phdr(
1645 int (*)(struct dl_phdr_info *, size_t, void *), void *);
1646 #endif
1647
dl_iterate_phdr_test_cb(struct dl_phdr_info * info,size_t size,void * data)1648 static int dl_iterate_phdr_test_cb(struct dl_phdr_info *info, size_t size,
1649 void *data) {
1650 // Any name starting with "lib" indicates a bug in L where library base names
1651 // are returned instead of paths.
1652 if (info->dlpi_name && info->dlpi_name[0] == 'l' &&
1653 info->dlpi_name[1] == 'i' && info->dlpi_name[2] == 'b') {
1654 *(bool *)data = true;
1655 return 1;
1656 }
1657 return 0;
1658 }
1659
1660 static atomic_uint32_t android_api_level;
1661
AndroidDetectApiLevelStatic()1662 static AndroidApiLevel AndroidDetectApiLevelStatic() {
1663 #if __ANDROID_API__ <= 19
1664 return ANDROID_KITKAT;
1665 #elif __ANDROID_API__ <= 22
1666 return ANDROID_LOLLIPOP_MR1;
1667 #else
1668 return ANDROID_POST_LOLLIPOP;
1669 #endif
1670 }
1671
AndroidDetectApiLevel()1672 static AndroidApiLevel AndroidDetectApiLevel() {
1673 if (!&dl_iterate_phdr)
1674 return ANDROID_KITKAT; // K or lower
1675 bool base_name_seen = false;
1676 dl_iterate_phdr(dl_iterate_phdr_test_cb, &base_name_seen);
1677 if (base_name_seen)
1678 return ANDROID_LOLLIPOP_MR1; // L MR1
1679 return ANDROID_POST_LOLLIPOP; // post-L
1680 // Plain L (API level 21) is completely broken wrt ASan and not very
1681 // interesting to detect.
1682 }
1683
1684 extern "C" __attribute__((weak)) void* _DYNAMIC;
1685
AndroidGetApiLevel()1686 AndroidApiLevel AndroidGetApiLevel() {
1687 AndroidApiLevel level =
1688 (AndroidApiLevel)atomic_load(&android_api_level, memory_order_relaxed);
1689 if (level) return level;
1690 level = &_DYNAMIC == nullptr ? AndroidDetectApiLevelStatic()
1691 : AndroidDetectApiLevel();
1692 atomic_store(&android_api_level, level, memory_order_relaxed);
1693 return level;
1694 }
1695
1696 #endif
1697
GetHandleSignalModeImpl(int signum)1698 static HandleSignalMode GetHandleSignalModeImpl(int signum) {
1699 switch (signum) {
1700 case SIGABRT:
1701 return common_flags()->handle_abort;
1702 case SIGILL:
1703 return common_flags()->handle_sigill;
1704 case SIGTRAP:
1705 return common_flags()->handle_sigtrap;
1706 case SIGFPE:
1707 return common_flags()->handle_sigfpe;
1708 case SIGSEGV:
1709 return common_flags()->handle_segv;
1710 case SIGBUS:
1711 return common_flags()->handle_sigbus;
1712 }
1713 return kHandleSignalNo;
1714 }
1715
GetHandleSignalMode(int signum)1716 HandleSignalMode GetHandleSignalMode(int signum) {
1717 HandleSignalMode result = GetHandleSignalModeImpl(signum);
1718 if (result == kHandleSignalYes && !common_flags()->allow_user_segv_handler)
1719 return kHandleSignalExclusive;
1720 return result;
1721 }
1722
1723 #if !SANITIZER_GO
internal_start_thread(void (* func)(void * arg),void * arg)1724 void *internal_start_thread(void(*func)(void *arg), void *arg) {
1725 // Start the thread with signals blocked, otherwise it can steal user signals.
1726 __sanitizer_sigset_t set, old;
1727 internal_sigfillset(&set);
1728 #if SANITIZER_LINUX && !SANITIZER_ANDROID
1729 // Glibc uses SIGSETXID signal during setuid call. If this signal is blocked
1730 // on any thread, setuid call hangs (see test/tsan/setuid.c).
1731 internal_sigdelset(&set, 33);
1732 #endif
1733 internal_sigprocmask(SIG_SETMASK, &set, &old);
1734 void *th;
1735 real_pthread_create(&th, nullptr, (void*(*)(void *arg))func, arg);
1736 internal_sigprocmask(SIG_SETMASK, &old, nullptr);
1737 return th;
1738 }
1739
internal_join_thread(void * th)1740 void internal_join_thread(void *th) {
1741 real_pthread_join(th, nullptr);
1742 }
1743 #else
internal_start_thread(void (* func)(void *),void * arg)1744 void *internal_start_thread(void (*func)(void *), void *arg) { return 0; }
1745
internal_join_thread(void * th)1746 void internal_join_thread(void *th) {}
1747 #endif
1748
1749 #if defined(__aarch64__)
1750 // Android headers in the older NDK releases miss this definition.
1751 struct __sanitizer_esr_context {
1752 struct _aarch64_ctx head;
1753 uint64_t esr;
1754 };
1755
Aarch64GetESR(ucontext_t * ucontext,u64 * esr)1756 static bool Aarch64GetESR(ucontext_t *ucontext, u64 *esr) {
1757 static const u32 kEsrMagic = 0x45535201;
1758 u8 *aux = ucontext->uc_mcontext.__reserved;
1759 while (true) {
1760 _aarch64_ctx *ctx = (_aarch64_ctx *)aux;
1761 if (ctx->size == 0) break;
1762 if (ctx->magic == kEsrMagic) {
1763 *esr = ((__sanitizer_esr_context *)ctx)->esr;
1764 return true;
1765 }
1766 aux += ctx->size;
1767 }
1768 return false;
1769 }
1770 #endif
1771
1772 #if SANITIZER_OPENBSD
1773 using Context = sigcontext;
1774 #else
1775 using Context = ucontext_t;
1776 #endif
1777
GetWriteFlag() const1778 SignalContext::WriteFlag SignalContext::GetWriteFlag() const {
1779 Context *ucontext = (Context *)context;
1780 #if defined(__x86_64__) || defined(__i386__)
1781 static const uptr PF_WRITE = 1U << 1;
1782 #if SANITIZER_FREEBSD
1783 uptr err = ucontext->uc_mcontext.mc_err;
1784 #elif SANITIZER_NETBSD
1785 uptr err = ucontext->uc_mcontext.__gregs[_REG_ERR];
1786 #elif SANITIZER_OPENBSD
1787 uptr err = ucontext->sc_err;
1788 #elif SANITIZER_SOLARIS && defined(__i386__)
1789 const int Err = 13;
1790 uptr err = ucontext->uc_mcontext.gregs[Err];
1791 #else
1792 uptr err = ucontext->uc_mcontext.gregs[REG_ERR];
1793 #endif // SANITIZER_FREEBSD
1794 return err & PF_WRITE ? WRITE : READ;
1795 #elif defined(__mips__)
1796 uint32_t *exception_source;
1797 uint32_t faulty_instruction;
1798 uint32_t op_code;
1799
1800 exception_source = (uint32_t *)ucontext->uc_mcontext.pc;
1801 faulty_instruction = (uint32_t)(*exception_source);
1802
1803 op_code = (faulty_instruction >> 26) & 0x3f;
1804
1805 // FIXME: Add support for FPU, microMIPS, DSP, MSA memory instructions.
1806 switch (op_code) {
1807 case 0x28: // sb
1808 case 0x29: // sh
1809 case 0x2b: // sw
1810 case 0x3f: // sd
1811 #if __mips_isa_rev < 6
1812 case 0x2c: // sdl
1813 case 0x2d: // sdr
1814 case 0x2a: // swl
1815 case 0x2e: // swr
1816 #endif
1817 return SignalContext::WRITE;
1818
1819 case 0x20: // lb
1820 case 0x24: // lbu
1821 case 0x21: // lh
1822 case 0x25: // lhu
1823 case 0x23: // lw
1824 case 0x27: // lwu
1825 case 0x37: // ld
1826 #if __mips_isa_rev < 6
1827 case 0x1a: // ldl
1828 case 0x1b: // ldr
1829 case 0x22: // lwl
1830 case 0x26: // lwr
1831 #endif
1832 return SignalContext::READ;
1833 #if __mips_isa_rev == 6
1834 case 0x3b: // pcrel
1835 op_code = (faulty_instruction >> 19) & 0x3;
1836 switch (op_code) {
1837 case 0x1: // lwpc
1838 case 0x2: // lwupc
1839 return SignalContext::READ;
1840 }
1841 #endif
1842 }
1843 return SignalContext::UNKNOWN;
1844 #elif defined(__arm__)
1845 static const uptr FSR_WRITE = 1U << 11;
1846 uptr fsr = ucontext->uc_mcontext.error_code;
1847 return fsr & FSR_WRITE ? WRITE : READ;
1848 #elif defined(__aarch64__)
1849 static const u64 ESR_ELx_WNR = 1U << 6;
1850 u64 esr;
1851 if (!Aarch64GetESR(ucontext, &esr)) return UNKNOWN;
1852 return esr & ESR_ELx_WNR ? WRITE : READ;
1853 #elif defined(__sparc__)
1854 // Decode the instruction to determine the access type.
1855 // From OpenSolaris $SRC/uts/sun4/os/trap.c (get_accesstype).
1856 # if SANITIZER_SOLARIS
1857 uptr pc = ucontext->uc_mcontext.gregs[REG_PC];
1858 # else
1859 // Historical BSDism here.
1860 struct sigcontext *scontext = (struct sigcontext *)context;
1861 # if defined(__arch64__)
1862 uptr pc = scontext->sigc_regs.tpc;
1863 # else
1864 uptr pc = scontext->si_regs.pc;
1865 # endif
1866 # endif
1867 u32 instr = *(u32 *)pc;
1868 return (instr >> 21) & 1 ? WRITE: READ;
1869 #else
1870 (void)ucontext;
1871 return UNKNOWN; // FIXME: Implement.
1872 #endif
1873 }
1874
DumpAllRegisters(void * context)1875 void SignalContext::DumpAllRegisters(void *context) {
1876 // FIXME: Implement this.
1877 }
1878
GetPcSpBp(void * context,uptr * pc,uptr * sp,uptr * bp)1879 static void GetPcSpBp(void *context, uptr *pc, uptr *sp, uptr *bp) {
1880 #if SANITIZER_NETBSD
1881 // This covers all NetBSD architectures
1882 ucontext_t *ucontext = (ucontext_t *)context;
1883 *pc = _UC_MACHINE_PC(ucontext);
1884 *bp = _UC_MACHINE_FP(ucontext);
1885 *sp = _UC_MACHINE_SP(ucontext);
1886 #elif defined(__arm__)
1887 ucontext_t *ucontext = (ucontext_t*)context;
1888 *pc = ucontext->uc_mcontext.arm_pc;
1889 *bp = ucontext->uc_mcontext.arm_fp;
1890 *sp = ucontext->uc_mcontext.arm_sp;
1891 #elif defined(__aarch64__)
1892 ucontext_t *ucontext = (ucontext_t*)context;
1893 *pc = ucontext->uc_mcontext.pc;
1894 *bp = ucontext->uc_mcontext.regs[29];
1895 *sp = ucontext->uc_mcontext.sp;
1896 #elif defined(__hppa__)
1897 ucontext_t *ucontext = (ucontext_t*)context;
1898 *pc = ucontext->uc_mcontext.sc_iaoq[0];
1899 /* GCC uses %r3 whenever a frame pointer is needed. */
1900 *bp = ucontext->uc_mcontext.sc_gr[3];
1901 *sp = ucontext->uc_mcontext.sc_gr[30];
1902 #elif defined(__x86_64__)
1903 # if SANITIZER_FREEBSD
1904 ucontext_t *ucontext = (ucontext_t*)context;
1905 *pc = ucontext->uc_mcontext.mc_rip;
1906 *bp = ucontext->uc_mcontext.mc_rbp;
1907 *sp = ucontext->uc_mcontext.mc_rsp;
1908 #elif SANITIZER_OPENBSD
1909 sigcontext *ucontext = (sigcontext *)context;
1910 *pc = ucontext->sc_rip;
1911 *bp = ucontext->sc_rbp;
1912 *sp = ucontext->sc_rsp;
1913 # else
1914 ucontext_t *ucontext = (ucontext_t*)context;
1915 *pc = ucontext->uc_mcontext.gregs[REG_RIP];
1916 *bp = ucontext->uc_mcontext.gregs[REG_RBP];
1917 *sp = ucontext->uc_mcontext.gregs[REG_RSP];
1918 # endif
1919 #elif defined(__i386__)
1920 # if SANITIZER_FREEBSD
1921 ucontext_t *ucontext = (ucontext_t*)context;
1922 *pc = ucontext->uc_mcontext.mc_eip;
1923 *bp = ucontext->uc_mcontext.mc_ebp;
1924 *sp = ucontext->uc_mcontext.mc_esp;
1925 #elif SANITIZER_OPENBSD
1926 sigcontext *ucontext = (sigcontext *)context;
1927 *pc = ucontext->sc_eip;
1928 *bp = ucontext->sc_ebp;
1929 *sp = ucontext->sc_esp;
1930 # else
1931 ucontext_t *ucontext = (ucontext_t*)context;
1932 # if SANITIZER_SOLARIS
1933 /* Use the numeric values: the symbolic ones are undefined by llvm
1934 include/llvm/Support/Solaris.h. */
1935 # ifndef REG_EIP
1936 # define REG_EIP 14 // REG_PC
1937 # endif
1938 # ifndef REG_EBP
1939 # define REG_EBP 6 // REG_FP
1940 # endif
1941 # ifndef REG_ESP
1942 # define REG_ESP 17 // REG_SP
1943 # endif
1944 # endif
1945 *pc = ucontext->uc_mcontext.gregs[REG_EIP];
1946 *bp = ucontext->uc_mcontext.gregs[REG_EBP];
1947 *sp = ucontext->uc_mcontext.gregs[REG_ESP];
1948 # endif
1949 #elif defined(__powerpc__) || defined(__powerpc64__)
1950 ucontext_t *ucontext = (ucontext_t*)context;
1951 *pc = ucontext->uc_mcontext.regs->nip;
1952 *sp = ucontext->uc_mcontext.regs->gpr[PT_R1];
1953 // The powerpc{,64}-linux ABIs do not specify r31 as the frame
1954 // pointer, but GCC always uses r31 when we need a frame pointer.
1955 *bp = ucontext->uc_mcontext.regs->gpr[PT_R31];
1956 #elif defined(__sparc__)
1957 # if defined(__arch64__) || defined(__sparcv9)
1958 # define STACK_BIAS 2047
1959 # else
1960 # define STACK_BIAS 0
1961 # endif
1962 # if SANITIZER_SOLARIS
1963 ucontext_t *ucontext = (ucontext_t*)context;
1964 *pc = ucontext->uc_mcontext.gregs[REG_PC];
1965 *sp = ucontext->uc_mcontext.gregs[REG_O6] + STACK_BIAS;
1966 # else
1967 // Historical BSDism here.
1968 struct sigcontext *scontext = (struct sigcontext *)context;
1969 # if defined(__arch64__)
1970 *pc = scontext->sigc_regs.tpc;
1971 *sp = scontext->sigc_regs.u_regs[14] + STACK_BIAS;
1972 # else
1973 *pc = scontext->si_regs.pc;
1974 *sp = scontext->si_regs.u_regs[14];
1975 # endif
1976 # endif
1977 *bp = (uptr) ((uhwptr *) *sp)[14] + STACK_BIAS;
1978 #elif defined(__mips__)
1979 ucontext_t *ucontext = (ucontext_t*)context;
1980 *pc = ucontext->uc_mcontext.pc;
1981 *bp = ucontext->uc_mcontext.gregs[30];
1982 *sp = ucontext->uc_mcontext.gregs[29];
1983 #elif defined(__s390__)
1984 ucontext_t *ucontext = (ucontext_t*)context;
1985 # if defined(__s390x__)
1986 *pc = ucontext->uc_mcontext.psw.addr;
1987 # else
1988 *pc = ucontext->uc_mcontext.psw.addr & 0x7fffffff;
1989 # endif
1990 *bp = ucontext->uc_mcontext.gregs[11];
1991 *sp = ucontext->uc_mcontext.gregs[15];
1992 #else
1993 # error "Unsupported arch"
1994 #endif
1995 }
1996
InitPcSpBp()1997 void SignalContext::InitPcSpBp() { GetPcSpBp(context, &pc, &sp, &bp); }
1998
MaybeReexec()1999 void MaybeReexec() {
2000 // No need to re-exec on Linux.
2001 }
2002
CheckASLR()2003 void CheckASLR() {
2004 #if SANITIZER_NETBSD
2005 int mib[3];
2006 int paxflags;
2007 uptr len = sizeof(paxflags);
2008
2009 mib[0] = CTL_PROC;
2010 mib[1] = internal_getpid();
2011 mib[2] = PROC_PID_PAXFLAGS;
2012
2013 if (UNLIKELY(internal_sysctl(mib, 3, &paxflags, &len, NULL, 0) == -1)) {
2014 Printf("sysctl failed\n");
2015 Die();
2016 }
2017
2018 if (UNLIKELY(paxflags & CTL_PROC_PAXFLAGS_ASLR)) {
2019 Printf("This sanitizer is not compatible with enabled ASLR\n");
2020 Die();
2021 }
2022 #elif SANITIZER_PPC64V2
2023 // Disable ASLR for Linux PPC64LE.
2024 int old_personality = personality(0xffffffff);
2025 if (old_personality != -1 && (old_personality & ADDR_NO_RANDOMIZE) == 0) {
2026 VReport(1, "WARNING: Program is being run with address space layout "
2027 "randomization (ASLR) enabled which prevents the thread and "
2028 "memory sanitizers from working on powerpc64le.\n"
2029 "ASLR will be disabled and the program re-executed.\n");
2030 CHECK_NE(personality(old_personality | ADDR_NO_RANDOMIZE), -1);
2031 ReExec();
2032 }
2033 #else
2034 // Do nothing
2035 #endif
2036 }
2037
PrintModuleMap()2038 void PrintModuleMap() { }
2039
CheckNoDeepBind(const char * filename,int flag)2040 void CheckNoDeepBind(const char *filename, int flag) {
2041 #ifdef RTLD_DEEPBIND
2042 if (flag & RTLD_DEEPBIND) {
2043 Report(
2044 "You are trying to dlopen a %s shared library with RTLD_DEEPBIND flag"
2045 " which is incompatibe with sanitizer runtime "
2046 "(see https://github.com/google/sanitizers/issues/611 for details"
2047 "). If you want to run %s library under sanitizers please remove "
2048 "RTLD_DEEPBIND from dlopen flags.\n",
2049 filename, filename);
2050 Die();
2051 }
2052 #endif
2053 }
2054
FindAvailableMemoryRange(uptr size,uptr alignment,uptr left_padding,uptr * largest_gap_found,uptr * max_occupied_addr)2055 uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding,
2056 uptr *largest_gap_found,
2057 uptr *max_occupied_addr) {
2058 UNREACHABLE("FindAvailableMemoryRange is not available");
2059 return 0;
2060 }
2061
GetRandom(void * buffer,uptr length,bool blocking)2062 bool GetRandom(void *buffer, uptr length, bool blocking) {
2063 if (!buffer || !length || length > 256)
2064 return false;
2065 #if SANITIZER_USE_GETENTROPY
2066 uptr rnd = getentropy(buffer, length);
2067 int rverrno = 0;
2068 if (internal_iserror(rnd, &rverrno) && rverrno == EFAULT)
2069 return false;
2070 else if (rnd == 0)
2071 return true;
2072 #endif // SANITIZER_USE_GETENTROPY
2073
2074 #if SANITIZER_USE_GETRANDOM
2075 static atomic_uint8_t skip_getrandom_syscall;
2076 if (!atomic_load_relaxed(&skip_getrandom_syscall)) {
2077 // Up to 256 bytes, getrandom will not be interrupted.
2078 uptr res = internal_syscall(SYSCALL(getrandom), buffer, length,
2079 blocking ? 0 : GRND_NONBLOCK);
2080 int rverrno = 0;
2081 if (internal_iserror(res, &rverrno) && rverrno == ENOSYS)
2082 atomic_store_relaxed(&skip_getrandom_syscall, 1);
2083 else if (res == length)
2084 return true;
2085 }
2086 #endif // SANITIZER_USE_GETRANDOM
2087 // Up to 256 bytes, a read off /dev/urandom will not be interrupted.
2088 // blocking is moot here, O_NONBLOCK has no effect when opening /dev/urandom.
2089 uptr fd = internal_open("/dev/urandom", O_RDONLY);
2090 if (internal_iserror(fd))
2091 return false;
2092 uptr res = internal_read(fd, buffer, length);
2093 if (internal_iserror(res))
2094 return false;
2095 internal_close(fd);
2096 return true;
2097 }
2098
2099 } // namespace __sanitizer
2100
2101 #endif
2102