xref: /freebsd/contrib/llvm-project/compiler-rt/lib/gwp_asan/options.inc (revision bdd1243df58e60e85101c09001d9812a789b6bc4) 
10b57cec5SDimitry Andric//===-- options.inc ---------------------------------------------*- C++ -*-===//
20b57cec5SDimitry Andric//
30b57cec5SDimitry Andric// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
40b57cec5SDimitry Andric// See https://llvm.org/LICENSE.txt for license information.
50b57cec5SDimitry Andric// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
60b57cec5SDimitry Andric//
70b57cec5SDimitry Andric//===----------------------------------------------------------------------===//
80b57cec5SDimitry Andric
90b57cec5SDimitry Andric#ifndef GWP_ASAN_OPTION
100b57cec5SDimitry Andric#error "Define GWP_ASAN_OPTION prior to including this file!"
110b57cec5SDimitry Andric#endif
120b57cec5SDimitry Andric
13e8d8bef9SDimitry Andric#ifndef GWP_ASAN_DEFAULT_ENABLED
14e8d8bef9SDimitry Andric#define GWP_ASAN_DEFAULT_ENABLED true
15e8d8bef9SDimitry Andric#endif
16e8d8bef9SDimitry Andric
17e8d8bef9SDimitry Andric#ifndef GWP_ASAN_STRINGIFY
18e8d8bef9SDimitry Andric#define GWP_ASAN_STRINGIFY(S) GWP_ASAN_STRINGIFY_(S)
19e8d8bef9SDimitry Andric#define GWP_ASAN_STRINGIFY_(S) #S
20e8d8bef9SDimitry Andric#endif
21e8d8bef9SDimitry Andric
22e8d8bef9SDimitry AndricGWP_ASAN_OPTION(bool, Enabled, GWP_ASAN_DEFAULT_ENABLED,
23e8d8bef9SDimitry Andric                "Is GWP-ASan enabled? Defaults to " GWP_ASAN_STRINGIFY(
24e8d8bef9SDimitry Andric                    GWP_ASAN_DEFAULT_ENABLED) ".")
250b57cec5SDimitry Andric
2668d75effSDimitry AndricGWP_ASAN_OPTION(int, MaxSimultaneousAllocations, 16,
2768d75effSDimitry Andric                "Number of simultaneously-guarded allocations available in the "
2868d75effSDimitry Andric                "pool. Defaults to 16.")
290b57cec5SDimitry Andric
300b57cec5SDimitry AndricGWP_ASAN_OPTION(int, SampleRate, 5000,
310b57cec5SDimitry Andric                "The probability (1 / SampleRate) that an allocation is "
320b57cec5SDimitry Andric                "selected for GWP-ASan sampling. Default is 5000. Sample rates "
33e8d8bef9SDimitry Andric                "up to (2^30 - 1) are supported.")
340b57cec5SDimitry Andric
355ffd83dbSDimitry Andric// Developer note - This option is not actually processed by GWP-ASan itself. It
365ffd83dbSDimitry Andric// is included here so that a user can specify whether they want signal handlers
375ffd83dbSDimitry Andric// or not. The supporting allocator should inspect this value to see whether
385ffd83dbSDimitry Andric// signal handlers need to be installed, and then use
395ffd83dbSDimitry Andric// crash_handler::installSignalHandlers() in order to install the handlers. Note
405ffd83dbSDimitry Andric// that in order to support signal handlers, you will need to link against the
415ffd83dbSDimitry Andric// optional crash_handler component.
420b57cec5SDimitry AndricGWP_ASAN_OPTION(
430b57cec5SDimitry Andric    bool, InstallSignalHandlers, true,
440b57cec5SDimitry Andric    "Install GWP-ASan signal handlers for SIGSEGV during dynamic loading. This "
450b57cec5SDimitry Andric    "allows better error reports by providing stack traces for allocation and "
460b57cec5SDimitry Andric    "deallocation when reporting a memory error. GWP-ASan's signal handler "
470b57cec5SDimitry Andric    "will forward the signal to any previously-installed handler, and user "
480b57cec5SDimitry Andric    "programs that install further signal handlers should make sure they do "
490b57cec5SDimitry Andric    "the same. Note, if the previously installed SIGSEGV handler is SIG_IGN, "
500b57cec5SDimitry Andric    "we terminate the process after dumping the error report.")
515ffd83dbSDimitry Andric
52*bdd1243dSDimitry AndricGWP_ASAN_OPTION(
53*bdd1243dSDimitry Andric    bool, Recoverable, false,
54*bdd1243dSDimitry Andric    "Install GWP-ASan's signal handler in recoverable mode. This means that "
55*bdd1243dSDimitry Andric    "upon GWP-ASan detecting an error, it'll print the error report, but *not* "
56*bdd1243dSDimitry Andric    "crash. Only one crash per sampled allocation will ever be recorded, and "
57*bdd1243dSDimitry Andric    "if a sampled allocation does actually cause a crash, it'll permanently "
58*bdd1243dSDimitry Andric    "occupy a slot in the pool. The recoverable mode also means that "
59*bdd1243dSDimitry Andric    "previously-installed signal handlers will only be triggered for "
60*bdd1243dSDimitry Andric    "non-GWP-ASan errors, as all GWP-ASan errors won't be forwarded.")
61*bdd1243dSDimitry Andric
625ffd83dbSDimitry AndricGWP_ASAN_OPTION(bool, InstallForkHandlers, true,
635ffd83dbSDimitry Andric                "Install GWP-ASan atfork handlers to acquire internal locks "
645ffd83dbSDimitry Andric                "before fork and release them after.")
65e8d8bef9SDimitry Andric
66e8d8bef9SDimitry AndricGWP_ASAN_OPTION(bool, help, false, "Print a summary of the available options.")
67e8d8bef9SDimitry Andric
68e8d8bef9SDimitry Andric// =============================================================================
69e8d8bef9SDimitry Andric// ==== WARNING
70e8d8bef9SDimitry Andric// =============================================================================
71e8d8bef9SDimitry Andric// If you are adding flags to GWP-ASan, please note that GWP-ASan flag strings
72e8d8bef9SDimitry Andric// may be parsed by trusted system components (on Android, GWP-ASan flag strings
73e8d8bef9SDimitry Andric// are parsed by libc during the dynamic loader). This means that GWP-ASan
74e8d8bef9SDimitry Andric// should never feature flags like log paths on disk, because this can lead to
75e8d8bef9SDimitry Andric// arbitrary file write and thus privilege escalation. For an example, see the
76e8d8bef9SDimitry Andric// setuid ASan log_path exploits: https://www.exploit-db.com/exploits/46241.
77e8d8bef9SDimitry Andric//
78e8d8bef9SDimitry Andric// Please place all new flags above this warning, so that the warning always
79e8d8bef9SDimitry Andric// stays at the bottom.
80