diff options
Diffstat (limited to 'compiler-rt/lib/gwp_asan/optional')
6 files changed, 318 insertions, 7 deletions
diff --git a/compiler-rt/lib/gwp_asan/optional/backtrace.h b/compiler-rt/lib/gwp_asan/optional/backtrace.h index 6c9ee9f6506d..3a72eb3d08e8 100644 --- a/compiler-rt/lib/gwp_asan/optional/backtrace.h +++ b/compiler-rt/lib/gwp_asan/optional/backtrace.h @@ -9,6 +9,7 @@ #ifndef GWP_ASAN_OPTIONAL_BACKTRACE_H_ #define GWP_ASAN_OPTIONAL_BACKTRACE_H_ +#include "gwp_asan/optional/segv_handler.h" #include "gwp_asan/options.h" namespace gwp_asan { @@ -21,7 +22,7 @@ namespace options { // note any thread-safety descriptions for the implementation of these functions // that you use. Backtrace_t getBacktraceFunction(); -PrintBacktrace_t getPrintBacktraceFunction(); +crash_handler::PrintBacktrace_t getPrintBacktraceFunction(); } // namespace options } // namespace gwp_asan diff --git a/compiler-rt/lib/gwp_asan/optional/backtrace_linux_libc.cpp b/compiler-rt/lib/gwp_asan/optional/backtrace_linux_libc.cpp index a656c9b41d5d..bb0aad224a14 100644 --- a/compiler-rt/lib/gwp_asan/optional/backtrace_linux_libc.cpp +++ b/compiler-rt/lib/gwp_asan/optional/backtrace_linux_libc.cpp @@ -24,7 +24,7 @@ size_t Backtrace(uintptr_t *TraceBuffer, size_t Size) { } static void PrintBacktrace(uintptr_t *Trace, size_t TraceLength, - gwp_asan::options::Printf_t Printf) { + gwp_asan::crash_handler::Printf_t Printf) { if (TraceLength == 0) { Printf(" <not found (does your allocator support backtracing?)>\n\n"); return; @@ -49,6 +49,8 @@ static void PrintBacktrace(uintptr_t *Trace, size_t TraceLength, namespace gwp_asan { namespace options { Backtrace_t getBacktraceFunction() { return Backtrace; } -PrintBacktrace_t getPrintBacktraceFunction() { return PrintBacktrace; } +crash_handler::PrintBacktrace_t getPrintBacktraceFunction() { + return PrintBacktrace; +} } // namespace options } // namespace gwp_asan diff --git a/compiler-rt/lib/gwp_asan/optional/backtrace_sanitizer_common.cpp b/compiler-rt/lib/gwp_asan/optional/backtrace_sanitizer_common.cpp index 5e07fd6f465a..3ac4b52bfc27 100644 --- a/compiler-rt/lib/gwp_asan/optional/backtrace_sanitizer_common.cpp +++ b/compiler-rt/lib/gwp_asan/optional/backtrace_sanitizer_common.cpp @@ -45,7 +45,7 @@ size_t Backtrace(uintptr_t *TraceBuffer, size_t Size) { } static void PrintBacktrace(uintptr_t *Trace, size_t TraceLength, - gwp_asan::options::Printf_t Printf) { + gwp_asan::crash_handler::Printf_t Printf) { __sanitizer::StackTrace StackTrace; StackTrace.trace = reinterpret_cast<__sanitizer::uptr *>(Trace); StackTrace.size = TraceLength; @@ -73,6 +73,8 @@ Backtrace_t getBacktraceFunction() { __sanitizer::InitializeCommonFlags(); return Backtrace; } -PrintBacktrace_t getPrintBacktraceFunction() { return PrintBacktrace; } +crash_handler::PrintBacktrace_t getPrintBacktraceFunction() { + return PrintBacktrace; +} } // namespace options } // namespace gwp_asan diff --git a/compiler-rt/lib/gwp_asan/optional/options_parser.cpp b/compiler-rt/lib/gwp_asan/optional/options_parser.cpp index 6c2167288d6c..2e6386286745 100644 --- a/compiler-rt/lib/gwp_asan/optional/options_parser.cpp +++ b/compiler-rt/lib/gwp_asan/optional/options_parser.cpp @@ -83,8 +83,6 @@ void initOptions() { "GWP-ASan ERROR: SampleRate must be > 0 when GWP-ASan is enabled.\n"); exit(EXIT_FAILURE); } - - o->Printf = __sanitizer::Printf; } Options &getOptions() { return *getOptionsInternal(); } diff --git a/compiler-rt/lib/gwp_asan/optional/segv_handler.h b/compiler-rt/lib/gwp_asan/optional/segv_handler.h new file mode 100644 index 000000000000..10af15055e2a --- /dev/null +++ b/compiler-rt/lib/gwp_asan/optional/segv_handler.h @@ -0,0 +1,81 @@ +//===-- crash_handler.h -----------------------------------------*- C++ -*-===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// + +#ifndef GWP_ASAN_OPTIONAL_CRASH_HANDLER_H_ +#define GWP_ASAN_OPTIONAL_CRASH_HANDLER_H_ + +#include "gwp_asan/guarded_pool_allocator.h" +#include "gwp_asan/options.h" + +namespace gwp_asan { +namespace crash_handler { +// ================================ Requirements =============================== +// This function must be provided by the supporting allocator only when this +// provided crash handler is used to dump the generic report. +// sanitizer::Printf() function can be simply used here. +// ================================ Description ================================ +// This function shall produce output according to a strict subset of the C +// standard library's printf() family. This function must support printing the +// following formats: +// 1. integers: "%([0-9]*)?(z|ll)?{d,u,x,X}" +// 2. pointers: "%p" +// 3. strings: "%[-]([0-9]*)?(\\.\\*)?s" +// 4. chars: "%c" +// This function must be implemented in a signal-safe manner, and thus must not +// malloc(). +// =================================== Notes =================================== +// This function has a slightly different signature than the C standard +// library's printf(). Notably, it returns 'void' rather than 'int'. +typedef void (*Printf_t)(const char *Format, ...); + +// ================================ Requirements =============================== +// This function is required for the supporting allocator, but one of the three +// provided implementations may be used (RTGwpAsanBacktraceLibc, +// RTGwpAsanBacktraceSanitizerCommon, or BasicPrintBacktraceFunction). +// ================================ Description ================================ +// This function shall take the backtrace provided in `TraceBuffer`, and print +// it in a human-readable format using `Print`. Generally, this function shall +// resolve raw pointers to section offsets and print them with the following +// sanitizer-common format: +// " #{frame_number} {pointer} in {function name} ({binary name}+{offset}" +// e.g. " #5 0x420459 in _start (/tmp/uaf+0x420459)" +// This format allows the backtrace to be symbolized offline successfully using +// llvm-symbolizer. +// =================================== Notes =================================== +// This function may directly or indirectly call malloc(), as the +// GuardedPoolAllocator contains a reentrancy barrier to prevent infinite +// recursion. Any allocation made inside this function will be served by the +// supporting allocator, and will not have GWP-ASan protections. +typedef void (*PrintBacktrace_t)(uintptr_t *TraceBuffer, size_t TraceLength, + Printf_t Print); + +// Returns a function pointer to a basic PrintBacktrace implementation. This +// implementation simply prints the stack trace in a human readable fashion +// without any symbolization. +PrintBacktrace_t getBasicPrintBacktraceFunction(); + +// Install the SIGSEGV crash handler for printing use-after-free and heap- +// buffer-{under|over}flow exceptions if the user asked for it. This is platform +// specific as even though POSIX and Windows both support registering handlers +// through signal(), we have to use platform-specific signal handlers to obtain +// the address that caused the SIGSEGV exception. GPA->init() must be called +// before this function. +void installSignalHandlers(gwp_asan::GuardedPoolAllocator *GPA, Printf_t Printf, + PrintBacktrace_t PrintBacktrace, + options::Backtrace_t Backtrace); + +void uninstallSignalHandlers(); + +void dumpReport(uintptr_t ErrorPtr, const gwp_asan::AllocatorState *State, + const gwp_asan::AllocationMetadata *Metadata, + options::Backtrace_t Backtrace, Printf_t Printf, + PrintBacktrace_t PrintBacktrace); +} // namespace crash_handler +} // namespace gwp_asan + +#endif // GWP_ASAN_OPTIONAL_CRASH_HANDLER_H_ diff --git a/compiler-rt/lib/gwp_asan/optional/segv_handler_posix.cpp b/compiler-rt/lib/gwp_asan/optional/segv_handler_posix.cpp new file mode 100644 index 000000000000..22589b893604 --- /dev/null +++ b/compiler-rt/lib/gwp_asan/optional/segv_handler_posix.cpp @@ -0,0 +1,227 @@ +//===-- crash_handler_posix.cpp ---------------------------------*- C++ -*-===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// + +#include "gwp_asan/common.h" +#include "gwp_asan/crash_handler.h" +#include "gwp_asan/guarded_pool_allocator.h" +#include "gwp_asan/optional/segv_handler.h" +#include "gwp_asan/options.h" + +#include <assert.h> +#include <inttypes.h> +#include <signal.h> +#include <stdio.h> + +namespace { +using gwp_asan::AllocationMetadata; +using gwp_asan::Error; +using gwp_asan::GuardedPoolAllocator; +using gwp_asan::crash_handler::PrintBacktrace_t; +using gwp_asan::crash_handler::Printf_t; +using gwp_asan::options::Backtrace_t; + +struct sigaction PreviousHandler; +bool SignalHandlerInstalled; +gwp_asan::GuardedPoolAllocator *GPAForSignalHandler; +Printf_t PrintfForSignalHandler; +PrintBacktrace_t PrintBacktraceForSignalHandler; +Backtrace_t BacktraceForSignalHandler; + +static void sigSegvHandler(int sig, siginfo_t *info, void *ucontext) { + if (GPAForSignalHandler) { + GPAForSignalHandler->stop(); + + gwp_asan::crash_handler::dumpReport( + reinterpret_cast<uintptr_t>(info->si_addr), + GPAForSignalHandler->getAllocatorState(), + GPAForSignalHandler->getMetadataRegion(), BacktraceForSignalHandler, + PrintfForSignalHandler, PrintBacktraceForSignalHandler); + } + + // Process any previous handlers. + if (PreviousHandler.sa_flags & SA_SIGINFO) { + PreviousHandler.sa_sigaction(sig, info, ucontext); + } else if (PreviousHandler.sa_handler == SIG_DFL) { + // If the previous handler was the default handler, cause a core dump. + signal(SIGSEGV, SIG_DFL); + raise(SIGSEGV); + } else if (PreviousHandler.sa_handler == SIG_IGN) { + // If the previous segv handler was SIGIGN, crash iff we were responsible + // for the crash. + if (__gwp_asan_error_is_mine(GPAForSignalHandler->getAllocatorState(), + reinterpret_cast<uintptr_t>(info->si_addr))) { + signal(SIGSEGV, SIG_DFL); + raise(SIGSEGV); + } + } else { + PreviousHandler.sa_handler(sig); + } +} + +struct ScopedEndOfReportDecorator { + ScopedEndOfReportDecorator(gwp_asan::crash_handler::Printf_t Printf) + : Printf(Printf) {} + ~ScopedEndOfReportDecorator() { Printf("*** End GWP-ASan report ***\n"); } + gwp_asan::crash_handler::Printf_t Printf; +}; + +// Prints the provided error and metadata information. +void printHeader(Error E, uintptr_t AccessPtr, + const gwp_asan::AllocationMetadata *Metadata, + Printf_t Printf) { + // Print using intermediate strings. Platforms like Android don't like when + // you print multiple times to the same line, as there may be a newline + // appended to a log file automatically per Printf() call. + constexpr size_t kDescriptionBufferLen = 128; + char DescriptionBuffer[kDescriptionBufferLen] = ""; + if (E != Error::UNKNOWN && Metadata != nullptr) { + uintptr_t Address = __gwp_asan_get_allocation_address(Metadata); + size_t Size = __gwp_asan_get_allocation_size(Metadata); + if (E == Error::USE_AFTER_FREE) { + snprintf(DescriptionBuffer, kDescriptionBufferLen, + "(%zu byte%s into a %zu-byte allocation at 0x%zx) ", + AccessPtr - Address, (AccessPtr - Address == 1) ? "" : "s", Size, + Address); + } else if (AccessPtr < Address) { + snprintf(DescriptionBuffer, kDescriptionBufferLen, + "(%zu byte%s to the left of a %zu-byte allocation at 0x%zx) ", + Address - AccessPtr, (Address - AccessPtr == 1) ? "" : "s", Size, + Address); + } else if (AccessPtr > Address) { + snprintf(DescriptionBuffer, kDescriptionBufferLen, + "(%zu byte%s to the right of a %zu-byte allocation at 0x%zx) ", + AccessPtr - Address, (AccessPtr - Address == 1) ? "" : "s", Size, + Address); + } else { + snprintf(DescriptionBuffer, kDescriptionBufferLen, + "(a %zu-byte allocation) ", Size); + } + } + + // Possible number of digits of a 64-bit number: ceil(log10(2^64)) == 20. Add + // a null terminator, and round to the nearest 8-byte boundary. + uint64_t ThreadID = gwp_asan::getThreadID(); + constexpr size_t kThreadBufferLen = 24; + char ThreadBuffer[kThreadBufferLen]; + if (ThreadID == gwp_asan::kInvalidThreadID) + snprintf(ThreadBuffer, kThreadBufferLen, "<unknown>"); + else + snprintf(ThreadBuffer, kThreadBufferLen, "%" PRIu64, ThreadID); + + Printf("%s at 0x%zx %sby thread %s here:\n", gwp_asan::ErrorToString(E), + AccessPtr, DescriptionBuffer, ThreadBuffer); +} + +void defaultPrintStackTrace(uintptr_t *Trace, size_t TraceLength, + gwp_asan::crash_handler::Printf_t Printf) { + if (TraceLength == 0) + Printf(" <unknown (does your allocator support backtracing?)>\n"); + + for (size_t i = 0; i < TraceLength; ++i) { + Printf(" #%zu 0x%zx in <unknown>\n", i, Trace[i]); + } + Printf("\n"); +} + +} // anonymous namespace + +namespace gwp_asan { +namespace crash_handler { +PrintBacktrace_t getBasicPrintBacktraceFunction() { + return defaultPrintStackTrace; +} + +void installSignalHandlers(gwp_asan::GuardedPoolAllocator *GPA, Printf_t Printf, + PrintBacktrace_t PrintBacktrace, + options::Backtrace_t Backtrace) { + GPAForSignalHandler = GPA; + PrintfForSignalHandler = Printf; + PrintBacktraceForSignalHandler = PrintBacktrace; + BacktraceForSignalHandler = Backtrace; + + struct sigaction Action; + Action.sa_sigaction = sigSegvHandler; + Action.sa_flags = SA_SIGINFO; + sigaction(SIGSEGV, &Action, &PreviousHandler); + SignalHandlerInstalled = true; +} + +void uninstallSignalHandlers() { + if (SignalHandlerInstalled) { + sigaction(SIGSEGV, &PreviousHandler, nullptr); + SignalHandlerInstalled = false; + } +} + +void dumpReport(uintptr_t ErrorPtr, const gwp_asan::AllocatorState *State, + const gwp_asan::AllocationMetadata *Metadata, + options::Backtrace_t Backtrace, Printf_t Printf, + PrintBacktrace_t PrintBacktrace) { + assert(State && "dumpReport missing Allocator State."); + assert(Metadata && "dumpReport missing Metadata."); + assert(Printf && "dumpReport missing Printf."); + + if (!__gwp_asan_error_is_mine(State, ErrorPtr)) + return; + + Printf("*** GWP-ASan detected a memory error ***\n"); + ScopedEndOfReportDecorator Decorator(Printf); + + uintptr_t InternalErrorPtr = __gwp_asan_get_internal_crash_address(State); + if (InternalErrorPtr != 0u) + ErrorPtr = InternalErrorPtr; + + Error E = __gwp_asan_diagnose_error(State, Metadata, ErrorPtr); + + if (E == Error::UNKNOWN) { + Printf("GWP-ASan cannot provide any more information about this error. " + "This may occur due to a wild memory access into the GWP-ASan pool, " + "or an overflow/underflow that is > 512B in length.\n"); + return; + } + + const gwp_asan::AllocationMetadata *AllocMeta = + __gwp_asan_get_metadata(State, Metadata, ErrorPtr); + + // Print the error header. + printHeader(E, ErrorPtr, AllocMeta, Printf); + + // Print the fault backtrace. + static constexpr unsigned kMaximumStackFramesForCrashTrace = 512; + uintptr_t Trace[kMaximumStackFramesForCrashTrace]; + size_t TraceLength = Backtrace(Trace, kMaximumStackFramesForCrashTrace); + + PrintBacktrace(Trace, TraceLength, Printf); + + if (AllocMeta == nullptr) + return; + + // Maybe print the deallocation trace. + if (__gwp_asan_is_deallocated(AllocMeta)) { + uint64_t ThreadID = __gwp_asan_get_deallocation_thread_id(AllocMeta); + if (ThreadID == kInvalidThreadID) + Printf("0x%zx was deallocated by thread <unknown> here:\n", ErrorPtr); + else + Printf("0x%zx was deallocated by thread %zu here:\n", ErrorPtr, ThreadID); + TraceLength = __gwp_asan_get_deallocation_trace( + AllocMeta, Trace, kMaximumStackFramesForCrashTrace); + PrintBacktrace(Trace, TraceLength, Printf); + } + + // Print the allocation trace. + uint64_t ThreadID = __gwp_asan_get_allocation_thread_id(AllocMeta); + if (ThreadID == kInvalidThreadID) + Printf("0x%zx was allocated by thread <unknown> here:\n", ErrorPtr); + else + Printf("0x%zx was allocated by thread %zu here:\n", ErrorPtr, ThreadID); + TraceLength = __gwp_asan_get_allocation_trace( + AllocMeta, Trace, kMaximumStackFramesForCrashTrace); + PrintBacktrace(Trace, TraceLength, Printf); +} +} // namespace crash_handler +} // namespace gwp_asan |