xref: /freebsd/contrib/llvm-project/compiler-rt/lib/hwasan/hwasan_checks.h (revision 5f4c09dd85bff675e0ca63c55ea3c517e0fddfcc) 
1 //===-- hwasan_checks.h -----------------------------------------*- C++ -*-===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file is a part of HWAddressSanitizer.
10 //
11 //===----------------------------------------------------------------------===//
12 
13 #ifndef HWASAN_CHECKS_H
14 #define HWASAN_CHECKS_H
15 
16 #include "hwasan_allocator.h"
17 #include "hwasan_mapping.h"
18 #include "sanitizer_common/sanitizer_common.h"
19 
20 namespace __hwasan {
21 template <unsigned X>
22 __attribute__((always_inline)) static void SigTrap(uptr p) {
23 #if defined(__aarch64__)
24   (void)p;
25   // 0x900 is added to do not interfere with the kernel use of lower values of
26   // brk immediate.
27   register uptr x0 asm("x0") = p;
28   asm("brk %1\n\t" ::"r"(x0), "n"(0x900 + X));
29 #elif defined(__x86_64__)
30   // INT3 + NOP DWORD ptr [EAX + X] to pass X to our signal handler, 5 bytes
31   // total. The pointer is passed via rdi.
32   // 0x40 is added as a safeguard, to help distinguish our trap from others and
33   // to avoid 0 offsets in the command (otherwise it'll be reduced to a
34   // different nop command, the three bytes one).
35   asm volatile(
36       "int3\n"
37       "nopl %c0(%%rax)\n" ::"n"(0x40 + X),
38       "D"(p));
39 #elif SANITIZER_RISCV64
40   // Put pointer into x10
41   // addiw contains immediate of 0x40 + X, where 0x40 is magic number and X
42   // encodes access size
43   register uptr x10 asm("x10") = p;
44   asm volatile(
45       "ebreak\n"
46       "addiw x0, x0, %1\n" ::"r"(x10),
47       "I"(0x40 + X));
48 #else
49   // FIXME: not always sigill.
50   __builtin_trap();
51 #endif
52   // __builtin_unreachable();
53 }
54 
55 // Version with access size which is not power of 2
56 template <unsigned X>
57 __attribute__((always_inline)) static void SigTrap(uptr p, uptr size) {
58 #if defined(__aarch64__)
59   register uptr x0 asm("x0") = p;
60   register uptr x1 asm("x1") = size;
61   asm("brk %2\n\t" ::"r"(x0), "r"(x1), "n"(0x900 + X));
62 #elif defined(__x86_64__)
63   // Size is stored in rsi.
64   asm volatile(
65       "int3\n"
66       "nopl %c0(%%rax)\n" ::"n"(0x40 + X),
67       "D"(p), "S"(size));
68 #elif SANITIZER_RISCV64
69   // Put access size into x11
70   register uptr x10 asm("x10") = p;
71   register uptr x11 asm("x11") = size;
72   asm volatile(
73       "ebreak\n"
74       "addiw x0, x0, %2\n" ::"r"(x10),
75       "r"(x11), "I"(0x40 + X));
76 #else
77   __builtin_trap();
78 #endif
79   // __builtin_unreachable();
80 }
81 
82 __attribute__((always_inline, nodebug)) static bool PossiblyShortTagMatches(
83     tag_t mem_tag, uptr ptr, uptr sz) {
84   tag_t ptr_tag = GetTagFromPointer(ptr);
85   if (ptr_tag == mem_tag)
86     return true;
87   if (mem_tag >= kShadowAlignment)
88     return false;
89   if ((ptr & (kShadowAlignment - 1)) + sz > mem_tag)
90     return false;
91 #if !defined(__aarch64__) && !(SANITIZER_RISCV64)
92   ptr = UntagAddr(ptr);
93 #endif
94   return *(u8 *)(ptr | (kShadowAlignment - 1)) == ptr_tag;
95 }
96 
97 enum class ErrorAction { Abort, Recover };
98 enum class AccessType { Load, Store };
99 
100 template <ErrorAction EA, AccessType AT, unsigned LogSize>
101 __attribute__((always_inline, nodebug)) static void CheckAddress(uptr p) {
102   if (!InTaggableRegion(p))
103     return;
104   uptr ptr_raw = p & ~kAddressTagMask;
105   tag_t mem_tag = *(tag_t *)MemToShadow(ptr_raw);
106   if (UNLIKELY(!PossiblyShortTagMatches(mem_tag, p, 1 << LogSize))) {
107     SigTrap<0x20 * (EA == ErrorAction::Recover) +
108             0x10 * (AT == AccessType::Store) + LogSize>(p);
109     if (EA == ErrorAction::Abort)
110       __builtin_unreachable();
111   }
112 }
113 
114 template <ErrorAction EA, AccessType AT>
115 __attribute__((always_inline, nodebug)) static void CheckAddressSized(uptr p,
116                                                                       uptr sz) {
117   if (sz == 0 || !InTaggableRegion(p))
118     return;
119   tag_t ptr_tag = GetTagFromPointer(p);
120   uptr ptr_raw = p & ~kAddressTagMask;
121   tag_t *shadow_first = (tag_t *)MemToShadow(ptr_raw);
122   tag_t *shadow_last = (tag_t *)MemToShadow(ptr_raw + sz);
123   for (tag_t *t = shadow_first; t < shadow_last; ++t)
124     if (UNLIKELY(ptr_tag != *t)) {
125       SigTrap<0x20 * (EA == ErrorAction::Recover) +
126               0x10 * (AT == AccessType::Store) + 0xf>(p, sz);
127       if (EA == ErrorAction::Abort)
128         __builtin_unreachable();
129     }
130   uptr end = p + sz;
131   uptr tail_sz = end & 0xf;
132   if (UNLIKELY(tail_sz != 0 &&
133                !PossiblyShortTagMatches(
134                    *shadow_last, end & ~(kShadowAlignment - 1), tail_sz))) {
135     SigTrap<0x20 * (EA == ErrorAction::Recover) +
136             0x10 * (AT == AccessType::Store) + 0xf>(p, sz);
137     if (EA == ErrorAction::Abort)
138       __builtin_unreachable();
139   }
140 }
141 
142 }  // end namespace __hwasan
143 
144 #endif  // HWASAN_CHECKS_H
145