xref: /freebsd/contrib/llvm-project/compiler-rt/lib/hwasan/hwasan_interceptors.cpp (revision 2ff63af9b88c7413b7d71715b5532625752a248e)
1 //===-- hwasan_interceptors.cpp -------------------------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file is a part of HWAddressSanitizer.
10 //
11 // Interceptors for standard library functions.
12 //
13 // FIXME: move as many interceptors as possible into
14 // sanitizer_common/sanitizer_common_interceptors.h
15 //===----------------------------------------------------------------------===//
16 
17 #include "interception/interception.h"
18 #include "hwasan.h"
19 #include "hwasan_thread.h"
20 #include "sanitizer_common/sanitizer_stackdepot.h"
21 
22 #if !SANITIZER_FUCHSIA
23 
24 using namespace __hwasan;
25 
26 #if HWASAN_WITH_INTERCEPTORS
27 
28 struct ThreadStartArg {
29   thread_callback_t callback;
30   void *param;
31 };
32 
33 static void *HwasanThreadStartFunc(void *arg) {
34   __hwasan_thread_enter();
35   ThreadStartArg A = *reinterpret_cast<ThreadStartArg*>(arg);
36   UnmapOrDie(arg, GetPageSizeCached());
37   return A.callback(A.param);
38 }
39 
40 INTERCEPTOR(int, pthread_create, void *th, void *attr, void *(*callback)(void*),
41             void * param) {
42   ScopedTaggingDisabler disabler;
43   ThreadStartArg *A = reinterpret_cast<ThreadStartArg *> (MmapOrDie(
44       GetPageSizeCached(), "pthread_create"));
45   *A = {callback, param};
46   int res = REAL(pthread_create)(th, attr, &HwasanThreadStartFunc, A);
47   return res;
48 }
49 
50 INTERCEPTOR(int, pthread_join, void *t, void **arg) {
51   return REAL(pthread_join)(t, arg);
52 }
53 
54 DEFINE_REAL_PTHREAD_FUNCTIONS
55 
56 DEFINE_REAL(int, vfork)
57 DECLARE_EXTERN_INTERCEPTOR_AND_WRAPPER(int, vfork)
58 
59 // Get and/or change the set of blocked signals.
60 extern "C" int sigprocmask(int __how, const __hw_sigset_t *__restrict __set,
61                            __hw_sigset_t *__restrict __oset);
62 #define SIG_BLOCK 0
63 #define SIG_SETMASK 2
64 extern "C" int __sigjmp_save(__hw_sigjmp_buf env, int savemask) {
65   env[0].__magic = kHwJmpBufMagic;
66   env[0].__mask_was_saved =
67       (savemask && sigprocmask(SIG_BLOCK, (__hw_sigset_t *)0,
68                                &env[0].__saved_mask) == 0);
69   return 0;
70 }
71 
72 static void __attribute__((always_inline))
73 InternalLongjmp(__hw_register_buf env, int retval) {
74 #    if defined(__aarch64__)
75   constexpr size_t kSpIndex = 13;
76 #    elif defined(__x86_64__)
77   constexpr size_t kSpIndex = 6;
78 #    elif SANITIZER_RISCV64
79   constexpr size_t kSpIndex = 13;
80 #    endif
81 
82   // Clear all memory tags on the stack between here and where we're going.
83   unsigned long long stack_pointer = env[kSpIndex];
84   // The stack pointer should never be tagged, so we don't need to clear the
85   // tag for this function call.
86   __hwasan_handle_longjmp((void *)stack_pointer);
87 
88   // Run code for handling a longjmp.
89   // Need to use a register that isn't going to be loaded from the environment
90   // buffer -- hence why we need to specify the register to use.
91   // Must implement this ourselves, since we don't know the order of registers
92   // in different libc implementations and many implementations mangle the
93   // stack pointer so we can't use it without knowing the demangling scheme.
94 #    if defined(__aarch64__)
95   register long int retval_tmp asm("x1") = retval;
96   register void *env_address asm("x0") = &env[0];
97   asm volatile("ldp	x19, x20, [%0, #0<<3];"
98                "ldp	x21, x22, [%0, #2<<3];"
99                "ldp	x23, x24, [%0, #4<<3];"
100                "ldp	x25, x26, [%0, #6<<3];"
101                "ldp	x27, x28, [%0, #8<<3];"
102                "ldp	x29, x30, [%0, #10<<3];"
103                "ldp	 d8,  d9, [%0, #14<<3];"
104                "ldp	d10, d11, [%0, #16<<3];"
105                "ldp	d12, d13, [%0, #18<<3];"
106                "ldp	d14, d15, [%0, #20<<3];"
107                "ldr	x5, [%0, #13<<3];"
108                "mov	sp, x5;"
109                // Return the value requested to return through arguments.
110                // This should be in x1 given what we requested above.
111                "cmp	%1, #0;"
112                "mov	x0, #1;"
113                "csel	x0, %1, x0, ne;"
114                "br	x30;"
115                : "+r"(env_address)
116                : "r"(retval_tmp));
117 #    elif defined(__x86_64__)
118   register long int retval_tmp asm("%rsi") = retval;
119   register void *env_address asm("%rdi") = &env[0];
120   asm volatile(
121       // Restore registers.
122       "mov (0*8)(%0),%%rbx;"
123       "mov (1*8)(%0),%%rbp;"
124       "mov (2*8)(%0),%%r12;"
125       "mov (3*8)(%0),%%r13;"
126       "mov (4*8)(%0),%%r14;"
127       "mov (5*8)(%0),%%r15;"
128       "mov (6*8)(%0),%%rsp;"
129       "mov (7*8)(%0),%%rdx;"
130       // Return 1 if retval is 0.
131       "mov $1,%%rax;"
132       "test %1,%1;"
133       "cmovnz %1,%%rax;"
134       "jmp *%%rdx;" ::"r"(env_address),
135       "r"(retval_tmp));
136 #    elif SANITIZER_RISCV64
137   register long int retval_tmp asm("x11") = retval;
138   register void *env_address asm("x10") = &env[0];
139   asm volatile(
140       "ld     ra,   0<<3(%0);"
141       "ld     s0,   1<<3(%0);"
142       "ld     s1,   2<<3(%0);"
143       "ld     s2,   3<<3(%0);"
144       "ld     s3,   4<<3(%0);"
145       "ld     s4,   5<<3(%0);"
146       "ld     s5,   6<<3(%0);"
147       "ld     s6,   7<<3(%0);"
148       "ld     s7,   8<<3(%0);"
149       "ld     s8,   9<<3(%0);"
150       "ld     s9,   10<<3(%0);"
151       "ld     s10,  11<<3(%0);"
152       "ld     s11,  12<<3(%0);"
153 #      if __riscv_float_abi_double
154       "fld    fs0,  14<<3(%0);"
155       "fld    fs1,  15<<3(%0);"
156       "fld    fs2,  16<<3(%0);"
157       "fld    fs3,  17<<3(%0);"
158       "fld    fs4,  18<<3(%0);"
159       "fld    fs5,  19<<3(%0);"
160       "fld    fs6,  20<<3(%0);"
161       "fld    fs7,  21<<3(%0);"
162       "fld    fs8,  22<<3(%0);"
163       "fld    fs9,  23<<3(%0);"
164       "fld    fs10, 24<<3(%0);"
165       "fld    fs11, 25<<3(%0);"
166 #      elif __riscv_float_abi_soft
167 #      else
168 #        error "Unsupported case"
169 #      endif
170       "ld     a4, 13<<3(%0);"
171       "mv     sp, a4;"
172       // Return the value requested to return through arguments.
173       // This should be in x11 given what we requested above.
174       "seqz   a0, %1;"
175       "add    a0, a0, %1;"
176       "ret;"
177       : "+r"(env_address)
178       : "r"(retval_tmp));
179 #    endif
180 }
181 
182 INTERCEPTOR(void, siglongjmp, __hw_sigjmp_buf env, int val) {
183   if (env[0].__magic != kHwJmpBufMagic) {
184     Printf(
185         "WARNING: Unexpected bad jmp_buf. Either setjmp was not called or "
186         "there is a bug in HWASan.\n");
187     return REAL(siglongjmp)(env, val);
188   }
189 
190   if (env[0].__mask_was_saved)
191     // Restore the saved signal mask.
192     (void)sigprocmask(SIG_SETMASK, &env[0].__saved_mask,
193                       (__hw_sigset_t *)0);
194   InternalLongjmp(env[0].__jmpbuf, val);
195 }
196 
197 // Required since glibc libpthread calls __libc_longjmp on pthread_exit, and
198 // _setjmp on start_thread.  Hence we have to intercept the longjmp on
199 // pthread_exit so the __hw_jmp_buf order matches.
200 INTERCEPTOR(void, __libc_longjmp, __hw_jmp_buf env, int val) {
201   if (env[0].__magic != kHwJmpBufMagic)
202     return REAL(__libc_longjmp)(env, val);
203   InternalLongjmp(env[0].__jmpbuf, val);
204 }
205 
206 INTERCEPTOR(void, longjmp, __hw_jmp_buf env, int val) {
207   if (env[0].__magic != kHwJmpBufMagic) {
208     Printf(
209         "WARNING: Unexpected bad jmp_buf. Either setjmp was not called or "
210         "there is a bug in HWASan.\n");
211     return REAL(longjmp)(env, val);
212   }
213   InternalLongjmp(env[0].__jmpbuf, val);
214 }
215 #undef SIG_BLOCK
216 #undef SIG_SETMASK
217 
218 #  endif  // HWASAN_WITH_INTERCEPTORS
219 
220 namespace __hwasan {
221 
222 int OnExit() {
223   if (CAN_SANITIZE_LEAKS && common_flags()->detect_leaks &&
224       __lsan::HasReportedLeaks()) {
225     return common_flags()->exitcode;
226   }
227   // FIXME: ask frontend whether we need to return failure.
228   return 0;
229 }
230 
231 } // namespace __hwasan
232 
233 namespace __hwasan {
234 
235 void InitializeInterceptors() {
236   static int inited = 0;
237   CHECK_EQ(inited, 0);
238 
239 #if HWASAN_WITH_INTERCEPTORS
240 #if defined(__linux__)
241   INTERCEPT_FUNCTION(__libc_longjmp);
242   INTERCEPT_FUNCTION(longjmp);
243   INTERCEPT_FUNCTION(siglongjmp);
244   INTERCEPT_FUNCTION(vfork);
245 #endif  // __linux__
246   INTERCEPT_FUNCTION(pthread_create);
247   INTERCEPT_FUNCTION(pthread_join);
248 #  endif
249 
250   inited = 1;
251 }
252 } // namespace __hwasan
253 
254 #endif  // #if !SANITIZER_FUCHSIA
255