xref: /freebsd/contrib/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.h (revision 2ff63af9b88c7413b7d71715b5532625752a248e)
1 //===-- asan_interceptors_memintrinsics.h -----------------------*- C++ -*-===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===---------------------------------------------------------------------===//
8 //
9 // This file is a part of AddressSanitizer, an address sanity checker.
10 //
11 // ASan-private header for asan_interceptors_memintrinsics.cpp
12 //===---------------------------------------------------------------------===//
13 #ifndef ASAN_MEMINTRIN_H
14 #define ASAN_MEMINTRIN_H
15 
16 #include "asan_interface_internal.h"
17 #include "asan_internal.h"
18 #include "asan_mapping.h"
19 #include "interception/interception.h"
20 
21 DECLARE_REAL(void *, memcpy, void *to, const void *from, uptr size)
22 DECLARE_REAL(void *, memset, void *block, int c, uptr size)
23 
24 namespace __asan {
25 
26 // Return true if we can quickly decide that the region is unpoisoned.
27 // We assume that a redzone is at least 16 bytes.
28 static inline bool QuickCheckForUnpoisonedRegion(uptr beg, uptr size) {
29   if (UNLIKELY(size == 0 || size > sizeof(uptr) * ASAN_SHADOW_GRANULARITY))
30     return !size;
31 
32   uptr last = beg + size - 1;
33   uptr shadow_first = MEM_TO_SHADOW(beg);
34   uptr shadow_last = MEM_TO_SHADOW(last);
35   uptr uptr_first = RoundDownTo(shadow_first, sizeof(uptr));
36   uptr uptr_last = RoundDownTo(shadow_last, sizeof(uptr));
37   if (LIKELY(((*reinterpret_cast<const uptr *>(uptr_first) |
38                *reinterpret_cast<const uptr *>(uptr_last)) == 0)))
39     return true;
40   u8 shadow = AddressIsPoisoned(last);
41   for (; shadow_first < shadow_last; ++shadow_first)
42     shadow |= *((u8 *)shadow_first);
43   return !shadow;
44 }
45 
46 struct AsanInterceptorContext {
47   const char *interceptor_name;
48 };
49 
50 // We implement ACCESS_MEMORY_RANGE, ASAN_READ_RANGE,
51 // and ASAN_WRITE_RANGE as macro instead of function so
52 // that no extra frames are created, and stack trace contains
53 // relevant information only.
54 // We check all shadow bytes.
55 #define ACCESS_MEMORY_RANGE(ctx, offset, size, isWrite)                   \
56   do {                                                                    \
57     uptr __offset = (uptr)(offset);                                       \
58     uptr __size = (uptr)(size);                                           \
59     uptr __bad = 0;                                                       \
60     if (UNLIKELY(__offset > __offset + __size)) {                         \
61       GET_STACK_TRACE_FATAL_HERE;                                         \
62       ReportStringFunctionSizeOverflow(__offset, __size, &stack);         \
63     }                                                                     \
64     if (UNLIKELY(!QuickCheckForUnpoisonedRegion(__offset, __size)) &&     \
65         (__bad = __asan_region_is_poisoned(__offset, __size))) {          \
66       AsanInterceptorContext *_ctx = (AsanInterceptorContext *)ctx;       \
67       bool suppressed = false;                                            \
68       if (_ctx) {                                                         \
69         suppressed = IsInterceptorSuppressed(_ctx->interceptor_name);     \
70         if (!suppressed && HaveStackTraceBasedSuppressions()) {           \
71           GET_STACK_TRACE_FATAL_HERE;                                     \
72           suppressed = IsStackTraceSuppressed(&stack);                    \
73         }                                                                 \
74       }                                                                   \
75       if (!suppressed) {                                                  \
76         GET_CURRENT_PC_BP_SP;                                             \
77         ReportGenericError(pc, bp, sp, __bad, isWrite, __size, 0, false); \
78       }                                                                   \
79     }                                                                     \
80   } while (0)
81 
82 // memcpy is called during __asan_init() from the internals of printf(...).
83 // We do not treat memcpy with to==from as a bug.
84 // See http://llvm.org/bugs/show_bug.cgi?id=11763.
85 #define ASAN_MEMCPY_IMPL(ctx, to, from, size)                 \
86   do {                                                        \
87     if (LIKELY(replace_intrin_cached)) {                      \
88       if (LIKELY(to != from)) {                               \
89         CHECK_RANGES_OVERLAP("memcpy", to, size, from, size); \
90       }                                                       \
91       ASAN_READ_RANGE(ctx, from, size);                       \
92       ASAN_WRITE_RANGE(ctx, to, size);                        \
93     } else if (UNLIKELY(!asan_inited)) {                      \
94       return internal_memcpy(to, from, size);                 \
95     }                                                         \
96     return REAL(memcpy)(to, from, size);                      \
97   } while (0)
98 
99 // memset is called inside Printf.
100 #define ASAN_MEMSET_IMPL(ctx, block, c, size) \
101   do {                                        \
102     if (LIKELY(replace_intrin_cached)) {      \
103       ASAN_WRITE_RANGE(ctx, block, size);     \
104     } else if (UNLIKELY(!asan_inited)) {      \
105       return internal_memset(block, c, size); \
106     }                                         \
107     return REAL(memset)(block, c, size);      \
108   } while (0)
109 
110 #define ASAN_MEMMOVE_IMPL(ctx, to, from, size) \
111   do {                                         \
112     if (LIKELY(replace_intrin_cached)) {       \
113       ASAN_READ_RANGE(ctx, from, size);        \
114       ASAN_WRITE_RANGE(ctx, to, size);         \
115     }                                          \
116     return internal_memmove(to, from, size);   \
117   } while (0)
118 
119 #define ASAN_READ_RANGE(ctx, offset, size) \
120   ACCESS_MEMORY_RANGE(ctx, offset, size, false)
121 #define ASAN_WRITE_RANGE(ctx, offset, size) \
122   ACCESS_MEMORY_RANGE(ctx, offset, size, true)
123 
124 // Behavior of functions like "memcpy" or "strcpy" is undefined
125 // if memory intervals overlap. We report error in this case.
126 // Macro is used to avoid creation of new frames.
127 static inline bool RangesOverlap(const char *offset1, uptr length1,
128                                  const char *offset2, uptr length2) {
129   return !((offset1 + length1 <= offset2) || (offset2 + length2 <= offset1));
130 }
131 #define CHECK_RANGES_OVERLAP(name, _offset1, length1, _offset2, length2)   \
132   do {                                                                     \
133     const char *offset1 = (const char *)_offset1;                          \
134     const char *offset2 = (const char *)_offset2;                          \
135     if (UNLIKELY(RangesOverlap(offset1, length1, offset2, length2))) {     \
136       GET_STACK_TRACE_FATAL_HERE;                                          \
137       bool suppressed = IsInterceptorSuppressed(name);                     \
138       if (!suppressed && HaveStackTraceBasedSuppressions()) {              \
139         suppressed = IsStackTraceSuppressed(&stack);                       \
140       }                                                                    \
141       if (!suppressed) {                                                   \
142         ReportStringFunctionMemoryRangesOverlap(name, offset1, length1,    \
143                                                 offset2, length2, &stack); \
144       }                                                                    \
145     }                                                                      \
146   } while (0)
147 
148 }  // namespace __asan
149 
150 #endif  // ASAN_MEMINTRIN_H
151