1 2 #include "hwasan.h" 3 #include "hwasan_mapping.h" 4 #include "hwasan_thread.h" 5 #include "hwasan_poisoning.h" 6 #include "hwasan_interface_internal.h" 7 8 #include "sanitizer_common/sanitizer_file.h" 9 #include "sanitizer_common/sanitizer_placement_new.h" 10 #include "sanitizer_common/sanitizer_tls_get_addr.h" 11 12 13 namespace __hwasan { 14 15 static u32 RandomSeed() { 16 u32 seed; 17 do { 18 if (UNLIKELY(!GetRandom(reinterpret_cast<void *>(&seed), sizeof(seed), 19 /*blocking=*/false))) { 20 seed = static_cast<u32>( 21 (NanoTime() >> 12) ^ 22 (reinterpret_cast<uptr>(__builtin_frame_address(0)) >> 4)); 23 } 24 } while (!seed); 25 return seed; 26 } 27 28 void Thread::InitRandomState() { 29 random_state_ = flags()->random_tags ? RandomSeed() : unique_id_; 30 31 // Push a random number of zeros onto the ring buffer so that the first stack 32 // tag base will be random. 33 for (tag_t i = 0, e = GenerateRandomTag(); i != e; ++i) 34 stack_allocations_->push(0); 35 } 36 37 void Thread::Init(uptr stack_buffer_start, uptr stack_buffer_size) { 38 static u64 unique_id; 39 unique_id_ = unique_id++; 40 if (auto sz = flags()->heap_history_size) 41 heap_allocations_ = HeapAllocationsRingBuffer::New(sz); 42 43 HwasanTSDThreadInit(); // Only needed with interceptors. 44 uptr *ThreadLong = GetCurrentThreadLongPtr(); 45 // The following implicitly sets (this) as the current thread. 46 stack_allocations_ = new (ThreadLong) 47 StackAllocationsRingBuffer((void *)stack_buffer_start, stack_buffer_size); 48 // Check that it worked. 49 CHECK_EQ(GetCurrentThread(), this); 50 51 // ScopedTaggingDisable needs GetCurrentThread to be set up. 52 ScopedTaggingDisabler disabler; 53 54 uptr tls_size; 55 uptr stack_size; 56 GetThreadStackAndTls(IsMainThread(), &stack_bottom_, &stack_size, &tls_begin_, 57 &tls_size); 58 stack_top_ = stack_bottom_ + stack_size; 59 tls_end_ = tls_begin_ + tls_size; 60 61 if (stack_bottom_) { 62 int local; 63 CHECK(AddrIsInStack((uptr)&local)); 64 CHECK(MemIsApp(stack_bottom_)); 65 CHECK(MemIsApp(stack_top_ - 1)); 66 } 67 68 if (flags()->verbose_threads) { 69 if (IsMainThread()) { 70 Printf("sizeof(Thread): %zd sizeof(HeapRB): %zd sizeof(StackRB): %zd\n", 71 sizeof(Thread), heap_allocations_->SizeInBytes(), 72 stack_allocations_->size() * sizeof(uptr)); 73 } 74 Print("Creating : "); 75 } 76 } 77 78 void Thread::ClearShadowForThreadStackAndTLS() { 79 if (stack_top_ != stack_bottom_) 80 TagMemory(stack_bottom_, stack_top_ - stack_bottom_, 0); 81 if (tls_begin_ != tls_end_) 82 TagMemory(tls_begin_, tls_end_ - tls_begin_, 0); 83 } 84 85 void Thread::Destroy() { 86 if (flags()->verbose_threads) 87 Print("Destroying: "); 88 AllocatorSwallowThreadLocalCache(allocator_cache()); 89 ClearShadowForThreadStackAndTLS(); 90 if (heap_allocations_) 91 heap_allocations_->Delete(); 92 DTLS_Destroy(); 93 // Unregister this as the current thread. 94 // Instrumented code can not run on this thread from this point onwards, but 95 // malloc/free can still be served. Glibc may call free() very late, after all 96 // TSD destructors are done. 97 CHECK_EQ(GetCurrentThread(), this); 98 *GetCurrentThreadLongPtr() = 0; 99 } 100 101 void Thread::Print(const char *Prefix) { 102 Printf("%sT%zd %p stack: [%p,%p) sz: %zd tls: [%p,%p)\n", Prefix, 103 unique_id_, this, stack_bottom(), stack_top(), 104 stack_top() - stack_bottom(), 105 tls_begin(), tls_end()); 106 } 107 108 static u32 xorshift(u32 state) { 109 state ^= state << 13; 110 state ^= state >> 17; 111 state ^= state << 5; 112 return state; 113 } 114 115 // Generate a (pseudo-)random non-zero tag. 116 tag_t Thread::GenerateRandomTag() { 117 if (tagging_disabled_) return 0; 118 tag_t tag; 119 do { 120 if (flags()->random_tags) { 121 if (!random_buffer_) 122 random_buffer_ = random_state_ = xorshift(random_state_); 123 CHECK(random_buffer_); 124 tag = random_buffer_ & 0xFF; 125 random_buffer_ >>= 8; 126 } else { 127 tag = random_state_ = (random_state_ + 1) & 0xFF; 128 } 129 } while (!tag); 130 return tag; 131 } 132 133 } // namespace __hwasan 134