1 //===-- hwasan_fuchsia.cpp --------------------------------------*- C++ -*-===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 /// 9 /// \file 10 /// This file is a part of HWAddressSanitizer and contains Fuchsia-specific 11 /// code. 12 /// 13 //===----------------------------------------------------------------------===// 14 15 #include "sanitizer_common/sanitizer_fuchsia.h" 16 #if SANITIZER_FUCHSIA 17 18 #include <zircon/features.h> 19 #include <zircon/syscalls.h> 20 21 #include "hwasan.h" 22 #include "hwasan_interface_internal.h" 23 #include "hwasan_report.h" 24 #include "hwasan_thread.h" 25 #include "hwasan_thread_list.h" 26 27 // This TLS variable contains the location of the stack ring buffer and can be 28 // used to always find the hwasan thread object associated with the current 29 // running thread. 30 [[gnu::tls_model("initial-exec")]] 31 SANITIZER_INTERFACE_ATTRIBUTE 32 THREADLOCAL uptr __hwasan_tls; 33 34 namespace __hwasan { 35 36 bool InitShadow() { 37 __sanitizer::InitShadowBounds(); 38 CHECK_NE(__sanitizer::ShadowBounds.shadow_limit, 0); 39 40 // These variables are used by MemIsShadow for asserting we have a correct 41 // shadow address. On Fuchsia, we only have one region of shadow, so the 42 // bounds of Low shadow can be zero while High shadow represents the true 43 // bounds. Note that these are inclusive ranges. 44 kLowShadowStart = 0; 45 kLowShadowEnd = 0; 46 kHighShadowStart = __sanitizer::ShadowBounds.shadow_base; 47 kHighShadowEnd = __sanitizer::ShadowBounds.shadow_limit - 1; 48 49 return true; 50 } 51 52 bool MemIsApp(uptr p) { 53 CHECK(GetTagFromPointer(p) == 0); 54 return __sanitizer::ShadowBounds.shadow_limit <= p && 55 p <= (__sanitizer::ShadowBounds.memory_limit - 1); 56 } 57 58 // These are known parameters passed to the hwasan runtime on thread creation. 59 struct Thread::InitState { 60 uptr stack_bottom, stack_top; 61 }; 62 63 static void FinishThreadInitialization(Thread *thread); 64 65 void InitThreads() { 66 // This is the minimal alignment needed for the storage where hwasan threads 67 // and their stack ring buffers are placed. This alignment is necessary so the 68 // stack ring buffer can perform a simple calculation to get the next element 69 // in the RB. The instructions for this calculation are emitted by the 70 // compiler. (Full explanation in hwasan_thread_list.h.) 71 uptr alloc_size = UINT64_C(1) << kShadowBaseAlignment; 72 uptr thread_start = reinterpret_cast<uptr>( 73 MmapAlignedOrDieOnFatalError(alloc_size, alloc_size, __func__)); 74 75 InitThreadList(thread_start, alloc_size); 76 77 // Create the hwasan thread object for the current (main) thread. Stack info 78 // for this thread is known from information passed via 79 // __sanitizer_startup_hook. 80 const Thread::InitState state = { 81 .stack_bottom = __sanitizer::MainThreadStackBase, 82 .stack_top = 83 __sanitizer::MainThreadStackBase + __sanitizer::MainThreadStackSize, 84 }; 85 FinishThreadInitialization(hwasanThreadList().CreateCurrentThread(&state)); 86 } 87 88 uptr *GetCurrentThreadLongPtr() { return &__hwasan_tls; } 89 90 // This is called from the parent thread before the new thread is created. Here 91 // we can propagate known info like the stack bounds to Thread::Init before 92 // jumping into the thread. We cannot initialize the stack ring buffer yet since 93 // we have not entered the new thread. 94 static void *BeforeThreadCreateHook(uptr user_id, bool detached, 95 const char *name, uptr stack_bottom, 96 uptr stack_size) { 97 const Thread::InitState state = { 98 .stack_bottom = stack_bottom, 99 .stack_top = stack_bottom + stack_size, 100 }; 101 return hwasanThreadList().CreateCurrentThread(&state); 102 } 103 104 // This sets the stack top and bottom according to the InitState passed to 105 // CreateCurrentThread above. 106 void Thread::InitStackAndTls(const InitState *state) { 107 CHECK_NE(state->stack_bottom, 0); 108 CHECK_NE(state->stack_top, 0); 109 stack_bottom_ = state->stack_bottom; 110 stack_top_ = state->stack_top; 111 tls_end_ = tls_begin_ = 0; 112 } 113 114 // This is called after creating a new thread with the pointer returned by 115 // BeforeThreadCreateHook. We are still in the creating thread and should check 116 // if it was actually created correctly. 117 static void ThreadCreateHook(void *hook, bool aborted) { 118 Thread *thread = static_cast<Thread *>(hook); 119 if (!aborted) { 120 // The thread was created successfully. 121 // ThreadStartHook can already be running in the new thread. 122 } else { 123 // The thread wasn't created after all. 124 // Clean up everything we set up in BeforeThreadCreateHook. 125 atomic_signal_fence(memory_order_seq_cst); 126 hwasanThreadList().ReleaseThread(thread); 127 } 128 } 129 130 // This is called in the newly-created thread before it runs anything else, 131 // with the pointer returned by BeforeThreadCreateHook (above). Here we can 132 // setup the stack ring buffer. 133 static void ThreadStartHook(void *hook, thrd_t self) { 134 Thread *thread = static_cast<Thread *>(hook); 135 FinishThreadInitialization(thread); 136 thread->EnsureRandomStateInited(); 137 } 138 139 // This is the function that sets up the stack ring buffer and enables us to use 140 // GetCurrentThread. This function should only be called while IN the thread 141 // that we want to create the hwasan thread object for so __hwasan_tls can be 142 // properly referenced. 143 static void FinishThreadInitialization(Thread *thread) { 144 CHECK_NE(thread, nullptr); 145 146 // The ring buffer is located immediately before the thread object. 147 uptr stack_buffer_size = hwasanThreadList().GetRingBufferSize(); 148 uptr stack_buffer_start = reinterpret_cast<uptr>(thread) - stack_buffer_size; 149 thread->InitStackRingBuffer(stack_buffer_start, stack_buffer_size); 150 } 151 152 static void ThreadExitHook(void *hook, thrd_t self) { 153 Thread *thread = static_cast<Thread *>(hook); 154 atomic_signal_fence(memory_order_seq_cst); 155 hwasanThreadList().ReleaseThread(thread); 156 } 157 158 uptr TagMemoryAligned(uptr p, uptr size, tag_t tag) { 159 CHECK(IsAligned(p, kShadowAlignment)); 160 CHECK(IsAligned(size, kShadowAlignment)); 161 __sanitizer_fill_shadow(p, size, tag, 162 common_flags()->clear_shadow_mmap_threshold); 163 return AddTagToPointer(p, tag); 164 } 165 166 // Not implemented because Fuchsia does not use signal handlers. 167 void HwasanOnDeadlySignal(int signo, void *info, void *context) {} 168 169 // Not implemented because Fuchsia does not use interceptors. 170 void InitializeInterceptors() {} 171 172 // Not implemented because this is only relevant for Android. 173 void AndroidTestTlsSlot() {} 174 175 // TSD was normally used on linux as a means of calling the hwasan thread exit 176 // handler passed to pthread_key_create. This is not needed on Fuchsia because 177 // we will be using __sanitizer_thread_exit_hook. 178 void HwasanTSDInit() {} 179 void HwasanTSDThreadInit() {} 180 181 // On linux, this just would call `atexit(HwasanAtExit)`. The functions in 182 // HwasanAtExit are unimplemented for Fuchsia and effectively no-ops, so this 183 // function is unneeded. 184 void InstallAtExitHandler() {} 185 186 void HwasanInstallAtForkHandler() {} 187 188 void InstallAtExitCheckLeaks() {} 189 190 void InitializeOsSupport() { 191 #ifdef __aarch64__ 192 uint32_t features = 0; 193 CHECK_EQ(zx_system_get_features(ZX_FEATURE_KIND_ADDRESS_TAGGING, &features), 194 ZX_OK); 195 if (!(features & ZX_ARM64_FEATURE_ADDRESS_TAGGING_TBI) && 196 flags()->fail_without_syscall_abi) { 197 Printf( 198 "FATAL: HWAddressSanitizer requires " 199 "ZX_ARM64_FEATURE_ADDRESS_TAGGING_TBI.\n"); 200 Die(); 201 } 202 #endif 203 } 204 205 } // namespace __hwasan 206 207 namespace __lsan { 208 209 bool UseExitcodeOnLeak() { return __hwasan::flags()->halt_on_error; } 210 211 } // namespace __lsan 212 213 extern "C" { 214 215 void *__sanitizer_before_thread_create_hook(thrd_t thread, bool detached, 216 const char *name, void *stack_base, 217 size_t stack_size) { 218 return __hwasan::BeforeThreadCreateHook( 219 reinterpret_cast<uptr>(thread), detached, name, 220 reinterpret_cast<uptr>(stack_base), stack_size); 221 } 222 223 void __sanitizer_thread_create_hook(void *hook, thrd_t thread, int error) { 224 __hwasan::ThreadCreateHook(hook, error != thrd_success); 225 } 226 227 void __sanitizer_thread_start_hook(void *hook, thrd_t self) { 228 __hwasan::ThreadStartHook(hook, reinterpret_cast<uptr>(self)); 229 } 230 231 void __sanitizer_thread_exit_hook(void *hook, thrd_t self) { 232 __hwasan::ThreadExitHook(hook, self); 233 } 234 235 void __sanitizer_module_loaded(const struct dl_phdr_info *info, size_t) { 236 __hwasan_library_loaded(info->dlpi_addr, info->dlpi_phdr, info->dlpi_phnum); 237 } 238 239 } // extern "C" 240 241 #endif // SANITIZER_FUCHSIA 242