1 //===-- common.h ------------------------------------------------*- C++ -*-===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 9 // This file contains code that is common between the crash handler and the 10 // GuardedPoolAllocator. 11 12 #ifndef GWP_ASAN_COMMON_H_ 13 #define GWP_ASAN_COMMON_H_ 14 15 #include "gwp_asan/definitions.h" 16 #include "gwp_asan/options.h" 17 18 #include <stddef.h> 19 #include <stdint.h> 20 21 namespace gwp_asan { 22 23 // Magic header that resides in the AllocatorState so that GWP-ASan bugreports 24 // can be understood by tools at different versions. Out-of-process crash 25 // handlers, like crashpad on Fuchsia, take the raw contents of the 26 // AllocationMetatada array and the AllocatorState, and shove them into the 27 // minidump. Online unpacking of these structs needs to know from which version 28 // of GWP-ASan it's extracting the information, as the structures are not 29 // stable. 30 struct AllocatorVersionMagic { 31 // The values are copied into the structure at runtime, during 32 // `GuardedPoolAllocator::init()` so that GWP-ASan remains completely in the 33 // `.bss` segment. 34 static constexpr uint8_t kAllocatorVersionMagic[4] = {'A', 'S', 'A', 'N'}; 35 uint8_t Magic[4] = {}; 36 // Update the version number when the AllocatorState or AllocationMetadata 37 // change. 38 static constexpr uint16_t kAllocatorVersion = 1; 39 uint16_t Version = 0; 40 uint16_t Reserved = 0; 41 }; 42 43 enum class Error : uint8_t { 44 UNKNOWN, 45 USE_AFTER_FREE, 46 DOUBLE_FREE, 47 INVALID_FREE, 48 BUFFER_OVERFLOW, 49 BUFFER_UNDERFLOW 50 }; 51 52 const char *ErrorToString(const Error &E); 53 54 static constexpr uint64_t kInvalidThreadID = UINT64_MAX; 55 // Get the current thread ID, or kInvalidThreadID if failure. Note: This 56 // implementation is platform-specific. 57 uint64_t getThreadID(); 58 59 // This struct contains all the metadata recorded about a single allocation made 60 // by GWP-ASan. If `AllocationMetadata.Addr` is zero, the metadata is non-valid. 61 struct AllocationMetadata { 62 // The number of bytes used to store a compressed stack frame. On 64-bit 63 // platforms, assuming a compression ratio of 50%, this should allow us to 64 // store ~64 frames per trace. 65 static constexpr size_t kStackFrameStorageBytes = 256; 66 67 // Maximum number of stack frames to collect on allocation/deallocation. The 68 // actual number of collected frames may be less than this as the stack 69 // frames are compressed into a fixed memory range. 70 static constexpr size_t kMaxTraceLengthToCollect = 128; 71 72 // Records the given allocation metadata into this struct. 73 void RecordAllocation(uintptr_t Addr, size_t RequestedSize); 74 // Record that this allocation is now deallocated. 75 void RecordDeallocation(); 76 77 struct CallSiteInfo { 78 // Record the current backtrace to this callsite. 79 void RecordBacktrace(options::Backtrace_t Backtrace); 80 81 // The compressed backtrace to the allocation/deallocation. 82 uint8_t CompressedTrace[kStackFrameStorageBytes]; 83 // The thread ID for this trace, or kInvalidThreadID if not available. 84 uint64_t ThreadID = kInvalidThreadID; 85 // The size of the compressed trace (in bytes). Zero indicates that no 86 // trace was collected. 87 size_t TraceSize = 0; 88 }; 89 90 // The address of this allocation. If zero, the rest of this struct isn't 91 // valid, as the allocation has never occurred. 92 uintptr_t Addr = 0; 93 // Represents the actual size of the allocation. 94 size_t RequestedSize = 0; 95 96 CallSiteInfo AllocationTrace; 97 CallSiteInfo DeallocationTrace; 98 99 // Whether this allocation has been deallocated yet. 100 bool IsDeallocated = false; 101 }; 102 103 // This holds the state that's shared between the GWP-ASan allocator and the 104 // crash handler. This, in conjunction with the Metadata array, forms the entire 105 // set of information required for understanding a GWP-ASan crash. 106 struct AllocatorState { 107 constexpr AllocatorState() {} 108 AllocatorVersionMagic VersionMagic{}; 109 110 // Returns whether the provided pointer is a current sampled allocation that 111 // is owned by this pool. 112 GWP_ASAN_ALWAYS_INLINE bool pointerIsMine(const void *Ptr) const { 113 uintptr_t P = reinterpret_cast<uintptr_t>(Ptr); 114 return P < GuardedPagePoolEnd && GuardedPagePool <= P; 115 } 116 117 // Returns the address of the N-th guarded slot. 118 uintptr_t slotToAddr(size_t N) const; 119 120 // Returns the largest allocation that is supported by this pool. 121 size_t maximumAllocationSize() const; 122 123 // Gets the nearest slot to the provided address. 124 size_t getNearestSlot(uintptr_t Ptr) const; 125 126 // Returns whether the provided pointer is a guard page or not. The pointer 127 // must be within memory owned by this pool, else the result is undefined. 128 bool isGuardPage(uintptr_t Ptr) const; 129 130 // The number of guarded slots that this pool holds. 131 size_t MaxSimultaneousAllocations = 0; 132 133 // Pointer to the pool of guarded slots. Note that this points to the start of 134 // the pool (which is a guard page), not a pointer to the first guarded page. 135 uintptr_t GuardedPagePool = 0; 136 uintptr_t GuardedPagePoolEnd = 0; 137 138 // Cached page size for this system in bytes. 139 size_t PageSize = 0; 140 141 // The type and address of an internally-detected failure. For INVALID_FREE 142 // and DOUBLE_FREE, these errors are detected in GWP-ASan, which will set 143 // these values and terminate the process. 144 Error FailureType = Error::UNKNOWN; 145 uintptr_t FailureAddress = 0; 146 }; 147 148 // Below are various compile-time checks that the layout of the internal 149 // GWP-ASan structures are undisturbed. If they are disturbed, the version magic 150 // number needs to be increased by one, and the asserts need to be updated. 151 // Out-of-process crash handlers, like breakpad/crashpad, may copy the internal 152 // GWP-ASan structures into a minidump for offline reconstruction of the crash. 153 // In order to accomplish this, the offline reconstructor needs to know the 154 // version of GWP-ASan internal structures that it's unpacking (along with the 155 // architecture-specific layout info, which is left as an exercise to the crash 156 // handler). 157 static_assert(offsetof(AllocatorState, VersionMagic) == 0, ""); 158 static_assert(sizeof(AllocatorVersionMagic) == 8, ""); 159 #if defined(__x86_64__) 160 static_assert(sizeof(AllocatorState) == 56, ""); 161 static_assert(offsetof(AllocatorState, FailureAddress) == 48, ""); 162 static_assert(sizeof(AllocationMetadata) == 568, ""); 163 static_assert(offsetof(AllocationMetadata, IsDeallocated) == 560, ""); 164 #elif defined(__aarch64__) 165 static_assert(sizeof(AllocatorState) == 56, ""); 166 static_assert(offsetof(AllocatorState, FailureAddress) == 48, ""); 167 static_assert(sizeof(AllocationMetadata) == 568, ""); 168 static_assert(offsetof(AllocationMetadata, IsDeallocated) == 560, ""); 169 #elif defined(__i386__) 170 static_assert(sizeof(AllocatorState) == 32, ""); 171 static_assert(offsetof(AllocatorState, FailureAddress) == 28, ""); 172 static_assert(sizeof(AllocationMetadata) == 548, ""); 173 static_assert(offsetof(AllocationMetadata, IsDeallocated) == 544, ""); 174 #elif defined(__arm__) 175 static_assert(sizeof(AllocatorState) == 32, ""); 176 static_assert(offsetof(AllocatorState, FailureAddress) == 28, ""); 177 static_assert(sizeof(AllocationMetadata) == 560, ""); 178 static_assert(offsetof(AllocationMetadata, IsDeallocated) == 552, ""); 179 #endif // defined($ARCHITECTURE) 180 181 } // namespace gwp_asan 182 #endif // GWP_ASAN_COMMON_H_ 183