From patchwork Tue Nov 5 11:33:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Malcomson X-Patchwork-Id: 1189601 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=gcc-patches-return-512435-incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.b="HQLkxqJi"; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=armh.onmicrosoft.com header.i=@armh.onmicrosoft.com header.b="SJjZkebC"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=armh.onmicrosoft.com header.i=@armh.onmicrosoft.com header.b="SJjZkebC"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 476nfD436fz9sNT for ; Tue, 5 Nov 2019 22:35:32 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; q=dns; s=default; b=exaP8NBorKtx+uz6 JqwWCRMAAlrRutGwg9QaNHDZavRxj70orO6Hxwc4fzTAJrv3pSy+1310R0XjyLnL yz20boAKdKp2DavYrMAy4hPJW46HSq1Q37cbJz3F9ZHqV+Ik+A00CH7CqC8F7a1E pY+WMUPiiaOVO23oPHd9IB9JDFo= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=default; bh=r0uTlKgbunZ0EwImeHE2bB EDv7U=; b=HQLkxqJiEULHdUUZIP44z518PrvbK/KSbRPbHmY9+38UJItj3wNDoh hWX4ZBU9C9C0+uWFaeqgf/4xHorenagZmbzyJ7OsyKz3MMpAaheceTMQlarTP8vY rx2FqxYgXvWigXZByw35hOrliGBtNHntPUdAVh+2Y1k+LKpZxLs+U= Received: (qmail 84510 invoked by alias); 5 Nov 2019 11:34:18 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 84405 invoked by uid 89); 5 Nov 2019 11:34:17 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-22.2 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_ASCII_DIVIDERS, KAM_LOTSOFHASH, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, SPF_PASS autolearn=ham version=3.3.1 spammy= X-HELO: EUR01-HE1-obe.outbound.protection.outlook.com Received: from mail-eopbgr130089.outbound.protection.outlook.com (HELO EUR01-HE1-obe.outbound.protection.outlook.com) (40.107.13.89) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 05 Nov 2019 11:34:11 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jdrrcwM38QaR6+sPT6Q8fBiwkd77jR0C7awUbfycEL8=; b=SJjZkebCskOwf7e/dTJdbpX7ff7cNLSkt4D/pb0wPlFPlcMY9TxKjY1quEUqKdyBLxcjEhZJm3njm8LoJoh2fL/JUbbIWpfFJ7/ZrnFkRnRGYlj2t+Rq8uOa0oOLsY7LzVBw4Wy+FPzab4z1+CVKNRXQP0xVC+bGsEMGrDGsMm4= Received: from AM4PR08CA0062.eurprd08.prod.outlook.com (2603:10a6:205:2::33) by DB6PR0801MB1941.eurprd08.prod.outlook.com (2603:10a6:4:76::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Tue, 5 Nov 2019 11:34:07 +0000 Received: from DB5EUR03FT014.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e0a::205) by AM4PR08CA0062.outlook.office365.com (2603:10a6:205:2::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2408.24 via Frontend Transport; Tue, 5 Nov 2019 11:34:07 +0000 Authentication-Results: spf=fail (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; gcc.gnu.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; gcc.gnu.org; dmarc=none action=none header.from=arm.com; Received-SPF: Fail (protection.outlook.com: domain of arm.com does not designate 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT014.mail.protection.outlook.com (10.152.20.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2387.20 via Frontend Transport; Tue, 5 Nov 2019 11:34:07 +0000 Received: ("Tessian outbound 0939a6bab6b1:v33"); Tue, 05 Nov 2019 11:34:07 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: c88366501fe553ed X-CR-MTA-TID: 64aa7808 Received: from 1163cc94ca9a.2 (cr-mta-lb-1.cr-mta-net [104.47.14.50]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 7BE29325-4444-492F-8C74-21B2BAC15DA7.1; Tue, 05 Nov 2019 11:34:01 +0000 Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04lp2050.outbound.protection.outlook.com [104.47.14.50]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 1163cc94ca9a.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 05 Nov 2019 11:34:01 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cAPLs0MfPYn3CcYhoqiTMXl3mmbeKGlmKz/aW1YBOdBKwrZWlA+214XYVtHAksTJIfqyCm7IwirLxG/CkvTN0jmEmKE80TWmDwWkXPWGSYdkkxxGMxCLIEV5ELNyLsjNMicuF/4/QXy2TU2mnxtpjedYfi80Er15XK0WBU2nfNg6rKdpuenRZXO9ibdsH5Rmk5RH5saGz2A9Emb46KI5WFsjrUcPG2t8frMfqmKKzdonebHV9CczMHgQQtjjjjjCeYB0xwyj26d8CoGTxhneSYi9eZIpwFq1cZ1v+8kc0YEoqaAinBgmFtstFGdVhyckxHWkxt+QUbjIMKHZgJNV2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jdrrcwM38QaR6+sPT6Q8fBiwkd77jR0C7awUbfycEL8=; b=Ttv3XjLYDN51mbkzapgNh7h8aFX8BmOzpTL5mi9yUszpgMBJyxNOA/2fxO/ADZe8tM32Da0UvCXeiQ5GuS86htg9miXLIH+BL9Blaid+7+qnSs6A1PMwWVJQ7yQNP7rKNg8laZCyco6XLmqclpg+HrxgmQLb1xiLYPKS27WJTi7E9lnLz/AmUXGsYkjCFpAzU/9HNL5CSkpb4wGeOnZATH9aUs2MunCc62QYOufdKthorDLN9F0TzKbaJzf1FuqbF6Jc29LUNnzqgkxX6bUTHOiK6pQu/ESRL2MS7k98XKUsFByOBHX9+jtx36ztGOlZRMp74VfPTJOrz9LrSf70Gw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jdrrcwM38QaR6+sPT6Q8fBiwkd77jR0C7awUbfycEL8=; b=SJjZkebCskOwf7e/dTJdbpX7ff7cNLSkt4D/pb0wPlFPlcMY9TxKjY1quEUqKdyBLxcjEhZJm3njm8LoJoh2fL/JUbbIWpfFJ7/ZrnFkRnRGYlj2t+Rq8uOa0oOLsY7LzVBw4Wy+FPzab4z1+CVKNRXQP0xVC+bGsEMGrDGsMm4= Received: from HE1PR0802MB2251.eurprd08.prod.outlook.com (10.172.131.21) by HE1PR0802MB2313.eurprd08.prod.outlook.com (10.172.127.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Tue, 5 Nov 2019 11:33:59 +0000 Received: from HE1PR0802MB2251.eurprd08.prod.outlook.com ([fe80::e120:9a38:bcf4:6075]) by HE1PR0802MB2251.eurprd08.prod.outlook.com ([fe80::e120:9a38:bcf4:6075%5]) with mapi id 15.20.2408.024; Tue, 5 Nov 2019 11:33:59 +0000 From: Matthew Malcomson To: "gcc-patches@gcc.gnu.org" CC: nd , "kcc@google.com" , "dvyukov@google.com" , Martin Liska , Richard Earnshaw , Kyrylo Tkachov , "dodji@redhat.com" , "jakub@redhat.com" Subject: [PATCH 4/X] [libsanitizer] libhwasan add longjmp & setjmp interceptors Date: Tue, 5 Nov 2019 11:33:59 +0000 Message-ID: References: <157295142743.27946.1142544630216676787.scripted-patch-series@arm.com> In-Reply-To: <157295142743.27946.1142544630216676787.scripted-patch-series@arm.com> Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Matthew.Malcomson@arm.com; X-MS-Exchange-PUrlCount: 1 x-ms-exchange-transport-forked: True x-checkrecipientrouted: true x-ms-oob-tlc-oobclassifiers: OLM:7691;OLM:7691; X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(376002)(136003)(396003)(366004)(39860400002)(346002)(54534003)(189003)(199004)(11346002)(446003)(66616009)(5660300002)(26005)(102836004)(7696005)(2501003)(6506007)(7736002)(8676002)(81156014)(81166006)(33656002)(478600001)(74316002)(2906002)(76176011)(186003)(386003)(99936001)(8936002)(14454004)(2351001)(44832011)(486006)(476003)(66476007)(316002)(52116002)(71190400001)(966005)(6116002)(25786009)(3846002)(305945005)(54906003)(86362001)(66066001)(6306002)(9686003)(6436002)(5024004)(5640700003)(4326008)(55016002)(99286004)(14444005)(66446008)(71200400001)(66556008)(52536014)(66946007)(64756008)(256004)(6916009); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0802MB2313; H:HE1PR0802MB2251.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: OHy3MPiqQlId0J5ZBbtqWmeHyCcEHJsUkFWxy0OM6tzH2schXIOy2OOnb3LDKJJjVPv6Ls/nOOJeZqUFaYvHKNOLjbuxF2WdjsjBgI2L88vxy/qWedgdTD1elIPkrKnxLq4/s9e782Tk4+SNj0rR5J9WwVkt9tX5KWIzVYLV+NFSCR/+dl2vnQM/KiJg6IjrWugwBHV4cx53xc4hERIvuA1hUWlMM9nCngVX3fjcYLvTgLbuZexA5dfntDrEGOuimOtKNDC1AnWhIHFrR7f123vMw+1paYLRFYsn0LLJ2CVh23oh1waQu+aeEWWS/xMfBO5yYFq4iE6uVn7fjQkygvhcYubOHFcNMUy+oQnS5wpUWgZV8/kSxDxRqInLD2bGDGfRr6/Jsxh58Qmyd8tfVQnLpcVnHSEuR1Pg/CGUaEFJOc7S1vgjmDdNjbBVBYpK6TYGgVS05ha4s+139nE+halwLZEkTvq61UHkLHtCyds= MIME-Version: 1.0 Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Matthew.Malcomson@arm.com; X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT014.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 16f8275f-1e20-4fa8-0f2f-08d761e40ce1 X-IsSubscribed: yes Backported from LLVM git id 67474c60d libsanitizer/ChangeLog: 2019-11-05 Matthew Malcomson * hwasan/hwasan.h (__hw_jmp_buf_struct, __hw_jmp_buf, __hw_sigjmp_buf): Define new types for internal longjmp implementation. * hwasan/hwasan_interceptors.cpp (__sigjmp_save, InternalLongjmp, siglongjmp, longjmp, __libc_longjmp): New. * hwasan/hwasan_setjmp.S: New file. * hwasan/hwasan_type_test.cpp: New file. ############### Attachment also inlined for ease of reply ############### diff --git a/libsanitizer/hwasan/hwasan.h b/libsanitizer/hwasan/hwasan.h index 9e0ced93b55d361cd5aae787db7562741683944c..64cdcf30f5c7059dcc1916f72e14b6649ca701f5 100644 --- a/libsanitizer/hwasan/hwasan.h +++ b/libsanitizer/hwasan/hwasan.h @@ -172,4 +172,24 @@ void AndroidTestTlsSlot(); RunFreeHooks(ptr); \ } while (false) +#if HWASAN_WITH_INTERCEPTORS && defined(__aarch64__) +// For both bionic and glibc __sigset_t is an unsigned long. +typedef unsigned long __hw_sigset_t; +// Setjmp and longjmp implementations are platform specific, and hence the +// interception code is platform specific too. As yet we've only implemented +// the interception for AArch64. +typedef unsigned long long __hw_register_buf[22]; +struct __hw_jmp_buf_struct { + // NOTE: The machine-dependent definition of `__sigsetjmp' + // assume that a `__hw_jmp_buf' begins with a `__hw_register_buf' and that + // `__mask_was_saved' follows it. Do not move these members or add others + // before it. + __hw_register_buf __jmpbuf; // Calling environment. + int __mask_was_saved; // Saved the signal mask? + __hw_sigset_t __saved_mask; // Saved signal mask. +}; +typedef struct __hw_jmp_buf_struct __hw_jmp_buf[1]; +typedef struct __hw_jmp_buf_struct __hw_sigjmp_buf[1]; +#endif // HWASAN_WITH_INTERCEPTORS && __aarch64__ + #endif // HWASAN_H diff --git a/libsanitizer/hwasan/hwasan_interceptors.cpp b/libsanitizer/hwasan/hwasan_interceptors.cpp index 47fed0fc9abb821996efcd8d12f7e5442916326d..f6758efa65c051376468d3cad2c1530fa7329627 100644 --- a/libsanitizer/hwasan/hwasan_interceptors.cpp +++ b/libsanitizer/hwasan/hwasan_interceptors.cpp @@ -220,6 +220,80 @@ DEFINE_REAL(int, vfork) DECLARE_EXTERN_INTERCEPTOR_AND_WRAPPER(int, vfork) #endif +#if HWASAN_WITH_INTERCEPTORS && defined(__aarch64__) +// Get and/or change the set of blocked signals. +extern "C" int sigprocmask(int __how, const __hw_sigset_t *__restrict __set, + __hw_sigset_t *__restrict __oset); +#define SIG_BLOCK 0 +#define SIG_SETMASK 2 +extern "C" int __sigjmp_save(__hw_sigjmp_buf env, int savemask) { + env[0].__mask_was_saved = + (savemask && sigprocmask(SIG_BLOCK, (__hw_sigset_t *)0, + &env[0].__saved_mask) == 0); + return 0; +} + +static void __attribute__((always_inline)) +InternalLongjmp(__hw_register_buf env, int retval) { + // Clear all memory tags on the stack between here and where we're going. + unsigned long long stack_pointer = env[13]; + // The stack pointer should never be tagged, so we don't need to clear the + // tag for this function call. + __hwasan_handle_longjmp((void *)stack_pointer); + + // Run code for handling a longjmp. + // Need to use a register that isn't going to be loaded from the environment + // buffer -- hence why we need to specify the register to use. + // Must implement this ourselves, since we don't know the order of registers + // in different libc implementations and many implementations mangle the + // stack pointer so we can't use it without knowing the demangling scheme. + register long int retval_tmp asm("x1") = retval; + register void *env_address asm("x0") = &env[0]; + asm volatile("ldp x19, x20, [%0, #0<<3];" + "ldp x21, x22, [%0, #2<<3];" + "ldp x23, x24, [%0, #4<<3];" + "ldp x25, x26, [%0, #6<<3];" + "ldp x27, x28, [%0, #8<<3];" + "ldp x29, x30, [%0, #10<<3];" + "ldp d8, d9, [%0, #14<<3];" + "ldp d10, d11, [%0, #16<<3];" + "ldp d12, d13, [%0, #18<<3];" + "ldp d14, d15, [%0, #20<<3];" + "ldr x5, [%0, #13<<3];" + "mov sp, x5;" + // Return the value requested to return through arguments. + // This should be in x1 given what we requested above. + "cmp %1, #0;" + "mov x0, #1;" + "csel x0, %1, x0, ne;" + "br x30;" + : "+r"(env_address) + : "r"(retval_tmp)); +} + +INTERCEPTOR(void, siglongjmp, __hw_sigjmp_buf env, int val) { + if (env[0].__mask_was_saved) + // Restore the saved signal mask. + (void)sigprocmask(SIG_SETMASK, &env[0].__saved_mask, + (__hw_sigset_t *)0); + InternalLongjmp(env[0].__jmpbuf, val); +} + +// Required since glibc libpthread calls __libc_longjmp on pthread_exit, and +// _setjmp on start_thread. Hence we have to intercept the longjmp on +// pthread_exit so the __hw_jmp_buf order matches. +INTERCEPTOR(void, __libc_longjmp, __hw_jmp_buf env, int val) { + InternalLongjmp(env[0].__jmpbuf, val); +} + +INTERCEPTOR(void, longjmp, __hw_jmp_buf env, int val) { + InternalLongjmp(env[0].__jmpbuf, val); +} +#undef SIG_BLOCK +#undef SIG_SETMASK + +#endif // HWASAN_WITH_INTERCEPTORS && __aarch64__ + static void BeforeFork() { StackDepotLockAll(); } diff --git a/libsanitizer/hwasan/hwasan_setjmp.S b/libsanitizer/hwasan/hwasan_setjmp.S new file mode 100644 index 0000000000000000000000000000000000000000..0c1354331940e23acad1ca4becba87199a211653 --- /dev/null +++ b/libsanitizer/hwasan/hwasan_setjmp.S @@ -0,0 +1,100 @@ +//===-- hwasan_setjmp.S --------------------------------------------------------===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// +// +// This file is a part of HWAddressSanitizer. +// +// HWAddressSanitizer runtime. +//===----------------------------------------------------------------------===// + +#include "sanitizer_common/sanitizer_asm.h" + +#if HWASAN_WITH_INTERCEPTORS && defined(__aarch64__) +#include "sanitizer_common/sanitizer_platform.h" + +// We want to save the context of the calling function. +// That requires +// 1) No modification of the link register by this function. +// 2) No modification of the stack pointer by this function. +// 3) (no modification of any other saved register, but that's not really going +// to occur, and hence isn't as much of a worry). +// +// There's essentially no way to ensure that the compiler will not modify the +// stack pointer when compiling a C function. +// Hence we have to write this function in assembly. + +.section .text +.file "hwasan_setjmp.S" + +.global __interceptor_setjmp +ASM_TYPE_FUNCTION(__interceptor_setjmp) +__interceptor_setjmp: + CFI_STARTPROC + mov x1, #0 + b __interceptor_sigsetjmp + CFI_ENDPROC +ASM_SIZE(__interceptor_setjmp) + +#if SANITIZER_ANDROID +// Bionic also defines a function `setjmp` that calls `sigsetjmp` saving the +// current signal. +.global __interceptor_setjmp_bionic +ASM_TYPE_FUNCTION(__interceptor_setjmp_bionic) +__interceptor_setjmp_bionic: + CFI_STARTPROC + mov x1, #1 + b __interceptor_sigsetjmp + CFI_ENDPROC +ASM_SIZE(__interceptor_setjmp_bionic) +#endif + +.global __interceptor_sigsetjmp +ASM_TYPE_FUNCTION(__interceptor_sigsetjmp) +__interceptor_sigsetjmp: + CFI_STARTPROC + stp x19, x20, [x0, #0<<3] + stp x21, x22, [x0, #2<<3] + stp x23, x24, [x0, #4<<3] + stp x25, x26, [x0, #6<<3] + stp x27, x28, [x0, #8<<3] + stp x29, x30, [x0, #10<<3] + stp d8, d9, [x0, #14<<3] + stp d10, d11, [x0, #16<<3] + stp d12, d13, [x0, #18<<3] + stp d14, d15, [x0, #20<<3] + mov x2, sp + str x2, [x0, #13<<3] + // We always have the second argument to __sigjmp_save (savemask) set, since + // the _setjmp function above has set it for us as `false`. + // This function is defined in hwasan_interceptors.cc + b __sigjmp_save + CFI_ENDPROC +ASM_SIZE(__interceptor_sigsetjmp) + + +.macro ALIAS first second + .globl \second + .equ \second\(), \first +.endm + +#if SANITIZER_ANDROID +ALIAS __interceptor_sigsetjmp, sigsetjmp +.weak sigsetjmp + +ALIAS __interceptor_setjmp_bionic, setjmp +.weak setjmp +#else +ALIAS __interceptor_sigsetjmp, __sigsetjmp +.weak __sigsetjmp +#endif + +ALIAS __interceptor_setjmp, _setjmp +.weak _setjmp +#endif + +// We do not need executable stack. +NO_EXEC_STACK_DIRECTIVE diff --git a/libsanitizer/hwasan/hwasan_type_test.cpp b/libsanitizer/hwasan/hwasan_type_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..8cff495bae153eb728a9dc7d12e80be3bc976a85 --- /dev/null +++ b/libsanitizer/hwasan/hwasan_type_test.cpp @@ -0,0 +1,25 @@ +//===-- hwasan_type_test.cpp ------------------------------------*- C++ -*-===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// +// +// This file is a part of HWAddressSanitizer. +// +// Compile-time tests of the internal type definitions. +//===----------------------------------------------------------------------===// + +#include "interception/interception.h" +#include "sanitizer_common/sanitizer_platform_limits_posix.h" +#include "hwasan.h" +#include + +#define CHECK_TYPE_SIZE_FITS(TYPE) \ + COMPILER_CHECK(sizeof(__hw_##TYPE) <= sizeof(TYPE)) + +#if HWASAN_WITH_INTERCEPTORS && defined(__aarch64__) +CHECK_TYPE_SIZE_FITS(jmp_buf); +CHECK_TYPE_SIZE_FITS(sigjmp_buf); +#endif diff --git a/libsanitizer/hwasan/hwasan.h b/libsanitizer/hwasan/hwasan.h index 9e0ced93b55d361cd5aae787db7562741683944c..64cdcf30f5c7059dcc1916f72e14b6649ca701f5 100644 --- a/libsanitizer/hwasan/hwasan.h +++ b/libsanitizer/hwasan/hwasan.h @@ -172,4 +172,24 @@ void AndroidTestTlsSlot(); RunFreeHooks(ptr); \ } while (false) +#if HWASAN_WITH_INTERCEPTORS && defined(__aarch64__) +// For both bionic and glibc __sigset_t is an unsigned long. +typedef unsigned long __hw_sigset_t; +// Setjmp and longjmp implementations are platform specific, and hence the +// interception code is platform specific too. As yet we've only implemented +// the interception for AArch64. +typedef unsigned long long __hw_register_buf[22]; +struct __hw_jmp_buf_struct { + // NOTE: The machine-dependent definition of `__sigsetjmp' + // assume that a `__hw_jmp_buf' begins with a `__hw_register_buf' and that + // `__mask_was_saved' follows it. Do not move these members or add others + // before it. + __hw_register_buf __jmpbuf; // Calling environment. + int __mask_was_saved; // Saved the signal mask? + __hw_sigset_t __saved_mask; // Saved signal mask. +}; +typedef struct __hw_jmp_buf_struct __hw_jmp_buf[1]; +typedef struct __hw_jmp_buf_struct __hw_sigjmp_buf[1]; +#endif // HWASAN_WITH_INTERCEPTORS && __aarch64__ + #endif // HWASAN_H diff --git a/libsanitizer/hwasan/hwasan_interceptors.cpp b/libsanitizer/hwasan/hwasan_interceptors.cpp index 47fed0fc9abb821996efcd8d12f7e5442916326d..f6758efa65c051376468d3cad2c1530fa7329627 100644 --- a/libsanitizer/hwasan/hwasan_interceptors.cpp +++ b/libsanitizer/hwasan/hwasan_interceptors.cpp @@ -220,6 +220,80 @@ DEFINE_REAL(int, vfork) DECLARE_EXTERN_INTERCEPTOR_AND_WRAPPER(int, vfork) #endif +#if HWASAN_WITH_INTERCEPTORS && defined(__aarch64__) +// Get and/or change the set of blocked signals. +extern "C" int sigprocmask(int __how, const __hw_sigset_t *__restrict __set, + __hw_sigset_t *__restrict __oset); +#define SIG_BLOCK 0 +#define SIG_SETMASK 2 +extern "C" int __sigjmp_save(__hw_sigjmp_buf env, int savemask) { + env[0].__mask_was_saved = + (savemask && sigprocmask(SIG_BLOCK, (__hw_sigset_t *)0, + &env[0].__saved_mask) == 0); + return 0; +} + +static void __attribute__((always_inline)) +InternalLongjmp(__hw_register_buf env, int retval) { + // Clear all memory tags on the stack between here and where we're going. + unsigned long long stack_pointer = env[13]; + // The stack pointer should never be tagged, so we don't need to clear the + // tag for this function call. + __hwasan_handle_longjmp((void *)stack_pointer); + + // Run code for handling a longjmp. + // Need to use a register that isn't going to be loaded from the environment + // buffer -- hence why we need to specify the register to use. + // Must implement this ourselves, since we don't know the order of registers + // in different libc implementations and many implementations mangle the + // stack pointer so we can't use it without knowing the demangling scheme. + register long int retval_tmp asm("x1") = retval; + register void *env_address asm("x0") = &env[0]; + asm volatile("ldp x19, x20, [%0, #0<<3];" + "ldp x21, x22, [%0, #2<<3];" + "ldp x23, x24, [%0, #4<<3];" + "ldp x25, x26, [%0, #6<<3];" + "ldp x27, x28, [%0, #8<<3];" + "ldp x29, x30, [%0, #10<<3];" + "ldp d8, d9, [%0, #14<<3];" + "ldp d10, d11, [%0, #16<<3];" + "ldp d12, d13, [%0, #18<<3];" + "ldp d14, d15, [%0, #20<<3];" + "ldr x5, [%0, #13<<3];" + "mov sp, x5;" + // Return the value requested to return through arguments. + // This should be in x1 given what we requested above. + "cmp %1, #0;" + "mov x0, #1;" + "csel x0, %1, x0, ne;" + "br x30;" + : "+r"(env_address) + : "r"(retval_tmp)); +} + +INTERCEPTOR(void, siglongjmp, __hw_sigjmp_buf env, int val) { + if (env[0].__mask_was_saved) + // Restore the saved signal mask. + (void)sigprocmask(SIG_SETMASK, &env[0].__saved_mask, + (__hw_sigset_t *)0); + InternalLongjmp(env[0].__jmpbuf, val); +} + +// Required since glibc libpthread calls __libc_longjmp on pthread_exit, and +// _setjmp on start_thread. Hence we have to intercept the longjmp on +// pthread_exit so the __hw_jmp_buf order matches. +INTERCEPTOR(void, __libc_longjmp, __hw_jmp_buf env, int val) { + InternalLongjmp(env[0].__jmpbuf, val); +} + +INTERCEPTOR(void, longjmp, __hw_jmp_buf env, int val) { + InternalLongjmp(env[0].__jmpbuf, val); +} +#undef SIG_BLOCK +#undef SIG_SETMASK + +#endif // HWASAN_WITH_INTERCEPTORS && __aarch64__ + static void BeforeFork() { StackDepotLockAll(); } diff --git a/libsanitizer/hwasan/hwasan_setjmp.S b/libsanitizer/hwasan/hwasan_setjmp.S new file mode 100644 index 0000000000000000000000000000000000000000..0c1354331940e23acad1ca4becba87199a211653 --- /dev/null +++ b/libsanitizer/hwasan/hwasan_setjmp.S @@ -0,0 +1,100 @@ +//===-- hwasan_setjmp.S --------------------------------------------------------===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// +// +// This file is a part of HWAddressSanitizer. +// +// HWAddressSanitizer runtime. +//===----------------------------------------------------------------------===// + +#include "sanitizer_common/sanitizer_asm.h" + +#if HWASAN_WITH_INTERCEPTORS && defined(__aarch64__) +#include "sanitizer_common/sanitizer_platform.h" + +// We want to save the context of the calling function. +// That requires +// 1) No modification of the link register by this function. +// 2) No modification of the stack pointer by this function. +// 3) (no modification of any other saved register, but that's not really going +// to occur, and hence isn't as much of a worry). +// +// There's essentially no way to ensure that the compiler will not modify the +// stack pointer when compiling a C function. +// Hence we have to write this function in assembly. + +.section .text +.file "hwasan_setjmp.S" + +.global __interceptor_setjmp +ASM_TYPE_FUNCTION(__interceptor_setjmp) +__interceptor_setjmp: + CFI_STARTPROC + mov x1, #0 + b __interceptor_sigsetjmp + CFI_ENDPROC +ASM_SIZE(__interceptor_setjmp) + +#if SANITIZER_ANDROID +// Bionic also defines a function `setjmp` that calls `sigsetjmp` saving the +// current signal. +.global __interceptor_setjmp_bionic +ASM_TYPE_FUNCTION(__interceptor_setjmp_bionic) +__interceptor_setjmp_bionic: + CFI_STARTPROC + mov x1, #1 + b __interceptor_sigsetjmp + CFI_ENDPROC +ASM_SIZE(__interceptor_setjmp_bionic) +#endif + +.global __interceptor_sigsetjmp +ASM_TYPE_FUNCTION(__interceptor_sigsetjmp) +__interceptor_sigsetjmp: + CFI_STARTPROC + stp x19, x20, [x0, #0<<3] + stp x21, x22, [x0, #2<<3] + stp x23, x24, [x0, #4<<3] + stp x25, x26, [x0, #6<<3] + stp x27, x28, [x0, #8<<3] + stp x29, x30, [x0, #10<<3] + stp d8, d9, [x0, #14<<3] + stp d10, d11, [x0, #16<<3] + stp d12, d13, [x0, #18<<3] + stp d14, d15, [x0, #20<<3] + mov x2, sp + str x2, [x0, #13<<3] + // We always have the second argument to __sigjmp_save (savemask) set, since + // the _setjmp function above has set it for us as `false`. + // This function is defined in hwasan_interceptors.cc + b __sigjmp_save + CFI_ENDPROC +ASM_SIZE(__interceptor_sigsetjmp) + + +.macro ALIAS first second + .globl \second + .equ \second\(), \first +.endm + +#if SANITIZER_ANDROID +ALIAS __interceptor_sigsetjmp, sigsetjmp +.weak sigsetjmp + +ALIAS __interceptor_setjmp_bionic, setjmp +.weak setjmp +#else +ALIAS __interceptor_sigsetjmp, __sigsetjmp +.weak __sigsetjmp +#endif + +ALIAS __interceptor_setjmp, _setjmp +.weak _setjmp +#endif + +// We do not need executable stack. +NO_EXEC_STACK_DIRECTIVE diff --git a/libsanitizer/hwasan/hwasan_type_test.cpp b/libsanitizer/hwasan/hwasan_type_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..8cff495bae153eb728a9dc7d12e80be3bc976a85 --- /dev/null +++ b/libsanitizer/hwasan/hwasan_type_test.cpp @@ -0,0 +1,25 @@ +//===-- hwasan_type_test.cpp ------------------------------------*- C++ -*-===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// +// +// This file is a part of HWAddressSanitizer. +// +// Compile-time tests of the internal type definitions. +//===----------------------------------------------------------------------===// + +#include "interception/interception.h" +#include "sanitizer_common/sanitizer_platform_limits_posix.h" +#include "hwasan.h" +#include + +#define CHECK_TYPE_SIZE_FITS(TYPE) \ + COMPILER_CHECK(sizeof(__hw_##TYPE) <= sizeof(TYPE)) + +#if HWASAN_WITH_INTERCEPTORS && defined(__aarch64__) +CHECK_TYPE_SIZE_FITS(jmp_buf); +CHECK_TYPE_SIZE_FITS(sigjmp_buf); +#endif