1 //===-- hwasan_interceptors.cpp -------------------------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file is a part of HWAddressSanitizer.
10 //
11 // Interceptors for standard library functions.
12 //
13 // FIXME: move as many interceptors as possible into
14 // sanitizer_common/sanitizer_common_interceptors.h
15 //===----------------------------------------------------------------------===//
16 
17 #include "interception/interception.h"
18 #include "hwasan.h"
19 #include "hwasan_thread.h"
20 #include "sanitizer_common/sanitizer_stackdepot.h"
21 
22 #if !SANITIZER_FUCHSIA
23 
24 using namespace __hwasan;
25 
26 #if HWASAN_WITH_INTERCEPTORS
27 
28 struct ThreadStartArg {
29   thread_callback_t callback;
30   void *param;
31 };
32 
33 static void *HwasanThreadStartFunc(void *arg) {
34   __hwasan_thread_enter();
35   ThreadStartArg A = *reinterpret_cast<ThreadStartArg*>(arg);
36   UnmapOrDie(arg, GetPageSizeCached());
37   return A.callback(A.param);
38 }
39 
40 INTERCEPTOR(int, pthread_create, void *th, void *attr, void *(*callback)(void*),
41             void * param) {
42   ScopedTaggingDisabler disabler;
43   ThreadStartArg *A = reinterpret_cast<ThreadStartArg *> (MmapOrDie(
44       GetPageSizeCached(), "pthread_create"));
45   *A = {callback, param};
46   int res = REAL(pthread_create)(th, attr, &HwasanThreadStartFunc, A);
47   return res;
48 }
49 
50 DEFINE_REAL(int, vfork)
51 DECLARE_EXTERN_INTERCEPTOR_AND_WRAPPER(int, vfork)
52 #endif // HWASAN_WITH_INTERCEPTORS
53 
54 #if HWASAN_WITH_INTERCEPTORS && defined(__aarch64__)
55 // Get and/or change the set of blocked signals.
56 extern "C" int sigprocmask(int __how, const __hw_sigset_t *__restrict __set,
57                            __hw_sigset_t *__restrict __oset);
58 #define SIG_BLOCK 0
59 #define SIG_SETMASK 2
60 extern "C" int __sigjmp_save(__hw_sigjmp_buf env, int savemask) {
61   env[0].__mask_was_saved =
62       (savemask && sigprocmask(SIG_BLOCK, (__hw_sigset_t *)0,
63                                &env[0].__saved_mask) == 0);
64   return 0;
65 }
66 
67 static void __attribute__((always_inline))
68 InternalLongjmp(__hw_register_buf env, int retval) {
69   // Clear all memory tags on the stack between here and where we're going.
70   unsigned long long stack_pointer = env[13];
71   // The stack pointer should never be tagged, so we don't need to clear the
72   // tag for this function call.
73   __hwasan_handle_longjmp((void *)stack_pointer);
74 
75   // Run code for handling a longjmp.
76   // Need to use a register that isn't going to be loaded from the environment
77   // buffer -- hence why we need to specify the register to use.
78   // Must implement this ourselves, since we don't know the order of registers
79   // in different libc implementations and many implementations mangle the
80   // stack pointer so we can't use it without knowing the demangling scheme.
81   register long int retval_tmp asm("x1") = retval;
82   register void *env_address asm("x0") = &env[0];
83   asm volatile("ldp	x19, x20, [%0, #0<<3];"
84                "ldp	x21, x22, [%0, #2<<3];"
85                "ldp	x23, x24, [%0, #4<<3];"
86                "ldp	x25, x26, [%0, #6<<3];"
87                "ldp	x27, x28, [%0, #8<<3];"
88                "ldp	x29, x30, [%0, #10<<3];"
89                "ldp	 d8,  d9, [%0, #14<<3];"
90                "ldp	d10, d11, [%0, #16<<3];"
91                "ldp	d12, d13, [%0, #18<<3];"
92                "ldp	d14, d15, [%0, #20<<3];"
93                "ldr	x5, [%0, #13<<3];"
94                "mov	sp, x5;"
95                // Return the value requested to return through arguments.
96                // This should be in x1 given what we requested above.
97                "cmp	%1, #0;"
98                "mov	x0, #1;"
99                "csel	x0, %1, x0, ne;"
100                "br	x30;"
101                : "+r"(env_address)
102                : "r"(retval_tmp));
103 }
104 
105 INTERCEPTOR(void, siglongjmp, __hw_sigjmp_buf env, int val) {
106   if (env[0].__mask_was_saved)
107     // Restore the saved signal mask.
108     (void)sigprocmask(SIG_SETMASK, &env[0].__saved_mask,
109                       (__hw_sigset_t *)0);
110   InternalLongjmp(env[0].__jmpbuf, val);
111 }
112 
113 // Required since glibc libpthread calls __libc_longjmp on pthread_exit, and
114 // _setjmp on start_thread.  Hence we have to intercept the longjmp on
115 // pthread_exit so the __hw_jmp_buf order matches.
116 INTERCEPTOR(void, __libc_longjmp, __hw_jmp_buf env, int val) {
117   InternalLongjmp(env[0].__jmpbuf, val);
118 }
119 
120 INTERCEPTOR(void, longjmp, __hw_jmp_buf env, int val) {
121   InternalLongjmp(env[0].__jmpbuf, val);
122 }
123 #undef SIG_BLOCK
124 #undef SIG_SETMASK
125 
126 #endif // HWASAN_WITH_INTERCEPTORS && __aarch64__
127 
128 static void BeforeFork() {
129   StackDepotLockAll();
130 }
131 
132 static void AfterFork() {
133   StackDepotUnlockAll();
134 }
135 
136 INTERCEPTOR(int, fork, void) {
137   ENSURE_HWASAN_INITED();
138   BeforeFork();
139   int pid = REAL(fork)();
140   AfterFork();
141   return pid;
142 }
143 
144 namespace __hwasan {
145 
146 int OnExit() {
147   // FIXME: ask frontend whether we need to return failure.
148   return 0;
149 }
150 
151 } // namespace __hwasan
152 
153 namespace __hwasan {
154 
155 void InitializeInterceptors() {
156   static int inited = 0;
157   CHECK_EQ(inited, 0);
158 
159   INTERCEPT_FUNCTION(fork);
160 
161 #if HWASAN_WITH_INTERCEPTORS
162 #if defined(__linux__)
163   INTERCEPT_FUNCTION(vfork);
164 #endif  // __linux__
165   INTERCEPT_FUNCTION(pthread_create);
166 #endif
167 
168   inited = 1;
169 }
170 } // namespace __hwasan
171 
172 #endif  // #if !SANITIZER_FUCHSIA
173