xref: /freebsd/contrib/llvm-project/compiler-rt/lib/msan/msan.h (revision 63f537551380d2dab29fa402ad1269feae17e594)
1 //===-- msan.h --------------------------------------------------*- C++ -*-===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file is a part of MemorySanitizer.
10 //
11 // Private MSan header.
12 //===----------------------------------------------------------------------===//
13 
14 #ifndef MSAN_H
15 #define MSAN_H
16 
17 #include "sanitizer_common/sanitizer_flags.h"
18 #include "sanitizer_common/sanitizer_internal_defs.h"
19 #include "sanitizer_common/sanitizer_stacktrace.h"
20 #include "msan_interface_internal.h"
21 #include "msan_flags.h"
22 #include "ubsan/ubsan_platform.h"
23 
24 #ifndef MSAN_REPLACE_OPERATORS_NEW_AND_DELETE
25 # define MSAN_REPLACE_OPERATORS_NEW_AND_DELETE 1
26 #endif
27 
28 #ifndef MSAN_CONTAINS_UBSAN
29 # define MSAN_CONTAINS_UBSAN CAN_SANITIZE_UB
30 #endif
31 
32 struct MappingDesc {
33   uptr start;
34   uptr end;
35   enum Type {
36     INVALID, APP, SHADOW, ORIGIN
37   } type;
38   const char *name;
39 };
40 
41 
42 #if SANITIZER_LINUX && defined(__mips64)
43 
44 // MIPS64 maps:
45 // - 0x0000000000-0x0200000000: Program own segments
46 // - 0xa200000000-0xc000000000: PIE program segments
47 // - 0xe200000000-0xffffffffff: libraries segments.
48 const MappingDesc kMemoryLayout[] = {
49     {0x000000000000ULL, 0x000200000000ULL, MappingDesc::APP, "app-1"},
50     {0x000200000000ULL, 0x002200000000ULL, MappingDesc::INVALID, "invalid"},
51     {0x002200000000ULL, 0x004000000000ULL, MappingDesc::SHADOW, "shadow-2"},
52     {0x004000000000ULL, 0x004200000000ULL, MappingDesc::INVALID, "invalid"},
53     {0x004200000000ULL, 0x006000000000ULL, MappingDesc::ORIGIN, "origin-2"},
54     {0x006000000000ULL, 0x006200000000ULL, MappingDesc::INVALID, "invalid"},
55     {0x006200000000ULL, 0x008000000000ULL, MappingDesc::SHADOW, "shadow-3"},
56     {0x008000000000ULL, 0x008200000000ULL, MappingDesc::SHADOW, "shadow-1"},
57     {0x008200000000ULL, 0x00a000000000ULL, MappingDesc::ORIGIN, "origin-3"},
58     {0x00a000000000ULL, 0x00a200000000ULL, MappingDesc::ORIGIN, "origin-1"},
59     {0x00a200000000ULL, 0x00c000000000ULL, MappingDesc::APP, "app-2"},
60     {0x00c000000000ULL, 0x00e200000000ULL, MappingDesc::INVALID, "invalid"},
61     {0x00e200000000ULL, 0x00ffffffffffULL, MappingDesc::APP, "app-3"}};
62 
63 #define MEM_TO_SHADOW(mem) (((uptr)(mem)) ^ 0x8000000000ULL)
64 #define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x2000000000ULL)
65 
66 #elif SANITIZER_LINUX && defined(__aarch64__)
67 
68 // The mapping assumes 48-bit VMA. AArch64 maps:
69 // - 0x0000000000000-0x0100000000000: 39/42/48-bits program own segments
70 // - 0x0a00000000000-0x0b00000000000: 48-bits PIE program segments
71 //   Ideally, this would extend to 0x0c00000000000 (2^45 bytes - the
72 //   maximum ASLR region for 48-bit VMA) but it is too hard to fit in
73 //   the larger app/shadow/origin regions.
74 // - 0x0e00000000000-0x1000000000000: 48-bits libraries segments
75 const MappingDesc kMemoryLayout[] = {
76     {0X0000000000000, 0X0100000000000, MappingDesc::APP, "app-10-13"},
77     {0X0100000000000, 0X0200000000000, MappingDesc::SHADOW, "shadow-14"},
78     {0X0200000000000, 0X0300000000000, MappingDesc::INVALID, "invalid"},
79     {0X0300000000000, 0X0400000000000, MappingDesc::ORIGIN, "origin-14"},
80     {0X0400000000000, 0X0600000000000, MappingDesc::SHADOW, "shadow-15"},
81     {0X0600000000000, 0X0800000000000, MappingDesc::ORIGIN, "origin-15"},
82     {0X0800000000000, 0X0A00000000000, MappingDesc::INVALID, "invalid"},
83     {0X0A00000000000, 0X0B00000000000, MappingDesc::APP, "app-14"},
84     {0X0B00000000000, 0X0C00000000000, MappingDesc::SHADOW, "shadow-10-13"},
85     {0X0C00000000000, 0X0D00000000000, MappingDesc::INVALID, "invalid"},
86     {0X0D00000000000, 0X0E00000000000, MappingDesc::ORIGIN, "origin-10-13"},
87     {0X0E00000000000, 0X1000000000000, MappingDesc::APP, "app-15"},
88 };
89 # define MEM_TO_SHADOW(mem) ((uptr)mem ^ 0xB00000000000ULL)
90 # define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x200000000000ULL)
91 
92 #elif SANITIZER_LINUX && SANITIZER_PPC64
93 const MappingDesc kMemoryLayout[] = {
94     {0x000000000000ULL, 0x000200000000ULL, MappingDesc::APP, "low memory"},
95     {0x000200000000ULL, 0x080000000000ULL, MappingDesc::INVALID, "invalid"},
96     {0x080000000000ULL, 0x180200000000ULL, MappingDesc::SHADOW, "shadow"},
97     {0x180200000000ULL, 0x1C0000000000ULL, MappingDesc::INVALID, "invalid"},
98     {0x1C0000000000ULL, 0x2C0200000000ULL, MappingDesc::ORIGIN, "origin"},
99     {0x2C0200000000ULL, 0x300000000000ULL, MappingDesc::INVALID, "invalid"},
100     {0x300000000000ULL, 0x800000000000ULL, MappingDesc::APP, "high memory"}};
101 
102 // Various kernels use different low end ranges but we can combine them into one
103 // big range. They also use different high end ranges but we can map them all to
104 // one range.
105 // Maps low and high app ranges to contiguous space with zero base:
106 //   Low:  0000 0000 0000 - 0001 ffff ffff  ->  1000 0000 0000 - 1001 ffff ffff
107 //   High: 3000 0000 0000 - 3fff ffff ffff  ->  0000 0000 0000 - 0fff ffff ffff
108 //   High: 4000 0000 0000 - 4fff ffff ffff  ->  0000 0000 0000 - 0fff ffff ffff
109 //   High: 7000 0000 0000 - 7fff ffff ffff  ->  0000 0000 0000 - 0fff ffff ffff
110 #define LINEARIZE_MEM(mem) \
111   (((uptr)(mem) & ~0xE00000000000ULL) ^ 0x100000000000ULL)
112 #define MEM_TO_SHADOW(mem) (LINEARIZE_MEM((mem)) + 0x080000000000ULL)
113 #define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x140000000000ULL)
114 
115 #elif SANITIZER_LINUX && SANITIZER_S390_64
116 const MappingDesc kMemoryLayout[] = {
117     {0x000000000000ULL, 0x040000000000ULL, MappingDesc::APP, "low memory"},
118     {0x040000000000ULL, 0x080000000000ULL, MappingDesc::INVALID, "invalid"},
119     {0x080000000000ULL, 0x180000000000ULL, MappingDesc::SHADOW, "shadow"},
120     {0x180000000000ULL, 0x1C0000000000ULL, MappingDesc::INVALID, "invalid"},
121     {0x1C0000000000ULL, 0x2C0000000000ULL, MappingDesc::ORIGIN, "origin"},
122     {0x2C0000000000ULL, 0x440000000000ULL, MappingDesc::INVALID, "invalid"},
123     {0x440000000000ULL, 0x500000000000ULL, MappingDesc::APP, "high memory"}};
124 
125 #define MEM_TO_SHADOW(mem) \
126   ((((uptr)(mem)) & ~0xC00000000000ULL) + 0x080000000000ULL)
127 #define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x140000000000ULL)
128 
129 #elif SANITIZER_FREEBSD && defined(__aarch64__)
130 
131 // Low memory: main binary, MAP_32BIT mappings and modules
132 // High memory: heap, modules and main thread stack
133 const MappingDesc kMemoryLayout[] = {
134     {0x000000000000ULL, 0x020000000000ULL, MappingDesc::APP, "low memory"},
135     {0x020000000000ULL, 0x200000000000ULL, MappingDesc::INVALID, "invalid"},
136     {0x200000000000ULL, 0x620000000000ULL, MappingDesc::SHADOW, "shadow"},
137     {0x620000000000ULL, 0x700000000000ULL, MappingDesc::INVALID, "invalid"},
138     {0x700000000000ULL, 0xb20000000000ULL, MappingDesc::ORIGIN, "origin"},
139     {0xb20000000000ULL, 0xc00000000000ULL, MappingDesc::INVALID, "invalid"},
140     {0xc00000000000ULL, 0x1000000000000ULL, MappingDesc::APP, "high memory"}};
141 
142 // Maps low and high app ranges to contiguous space with zero base:
143 //   Low:  0000 0000 0000 - 01ff ffff ffff -> 4000 0000 0000 - 41ff ffff ffff
144 //   High: c000 0000 0000 - ffff ffff ffff -> 0000 0000 0000 - 3fff ffff ffff
145 #define LINEARIZE_MEM(mem) \
146   (((uptr)(mem) & ~0x1800000000000ULL) ^ 0x400000000000ULL)
147 #define MEM_TO_SHADOW(mem) (LINEARIZE_MEM((mem)) + 0x200000000000ULL)
148 #define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x500000000000)
149 
150 #elif SANITIZER_FREEBSD && SANITIZER_WORDSIZE == 64
151 
152 // Low memory: main binary, MAP_32BIT mappings and modules
153 // High memory: heap, modules and main thread stack
154 const MappingDesc kMemoryLayout[] = {
155     {0x000000000000ULL, 0x010000000000ULL, MappingDesc::APP, "low memory"},
156     {0x010000000000ULL, 0x100000000000ULL, MappingDesc::INVALID, "invalid"},
157     {0x100000000000ULL, 0x310000000000ULL, MappingDesc::SHADOW, "shadow"},
158     {0x310000000000ULL, 0x380000000000ULL, MappingDesc::INVALID, "invalid"},
159     {0x380000000000ULL, 0x590000000000ULL, MappingDesc::ORIGIN, "origin"},
160     {0x590000000000ULL, 0x600000000000ULL, MappingDesc::INVALID, "invalid"},
161     {0x600000000000ULL, 0x800000000000ULL, MappingDesc::APP, "high memory"}};
162 
163 // Maps low and high app ranges to contiguous space with zero base:
164 //   Low:  0000 0000 0000 - 00ff ffff ffff  ->  2000 0000 0000 - 20ff ffff ffff
165 //   High: 6000 0000 0000 - 7fff ffff ffff  ->  0000 0000 0000 - 1fff ffff ffff
166 #define LINEARIZE_MEM(mem) \
167   (((uptr)(mem) & ~0xc00000000000ULL) ^ 0x200000000000ULL)
168 #define MEM_TO_SHADOW(mem) (LINEARIZE_MEM((mem)) + 0x100000000000ULL)
169 #define SHADOW_TO_ORIGIN(shadow) (((uptr)(shadow)) + 0x280000000000)
170 
171 #elif SANITIZER_NETBSD || (SANITIZER_LINUX && SANITIZER_WORDSIZE == 64)
172 
173 // All of the following configurations are supported.
174 // ASLR disabled: main executable and DSOs at 0x555550000000
175 // PIE and ASLR: main executable and DSOs at 0x7f0000000000
176 // non-PIE: main executable below 0x100000000, DSOs at 0x7f0000000000
177 // Heap at 0x700000000000.
178 const MappingDesc kMemoryLayout[] = {
179     {0x000000000000ULL, 0x010000000000ULL, MappingDesc::APP, "app-1"},
180     {0x010000000000ULL, 0x100000000000ULL, MappingDesc::SHADOW, "shadow-2"},
181     {0x100000000000ULL, 0x110000000000ULL, MappingDesc::INVALID, "invalid"},
182     {0x110000000000ULL, 0x200000000000ULL, MappingDesc::ORIGIN, "origin-2"},
183     {0x200000000000ULL, 0x300000000000ULL, MappingDesc::SHADOW, "shadow-3"},
184     {0x300000000000ULL, 0x400000000000ULL, MappingDesc::ORIGIN, "origin-3"},
185     {0x400000000000ULL, 0x500000000000ULL, MappingDesc::INVALID, "invalid"},
186     {0x500000000000ULL, 0x510000000000ULL, MappingDesc::SHADOW, "shadow-1"},
187     {0x510000000000ULL, 0x600000000000ULL, MappingDesc::APP, "app-2"},
188     {0x600000000000ULL, 0x610000000000ULL, MappingDesc::ORIGIN, "origin-1"},
189     {0x610000000000ULL, 0x700000000000ULL, MappingDesc::INVALID, "invalid"},
190     {0x700000000000ULL, 0x800000000000ULL, MappingDesc::APP, "app-3"}};
191 #define MEM_TO_SHADOW(mem) (((uptr)(mem)) ^ 0x500000000000ULL)
192 #define SHADOW_TO_ORIGIN(mem) (((uptr)(mem)) + 0x100000000000ULL)
193 
194 #else
195 #error "Unsupported platform"
196 #endif
197 
198 const uptr kMemoryLayoutSize = sizeof(kMemoryLayout) / sizeof(kMemoryLayout[0]);
199 
200 #define MEM_TO_ORIGIN(mem) (SHADOW_TO_ORIGIN(MEM_TO_SHADOW((mem))))
201 
202 #ifndef __clang__
203 __attribute__((optimize("unroll-loops")))
204 #endif
205 inline bool addr_is_type(uptr addr, MappingDesc::Type mapping_type) {
206 // It is critical for performance that this loop is unrolled (because then it is
207 // simplified into just a few constant comparisons).
208 #ifdef __clang__
209 #pragma unroll
210 #endif
211   for (unsigned i = 0; i < kMemoryLayoutSize; ++i)
212     if (kMemoryLayout[i].type == mapping_type &&
213         addr >= kMemoryLayout[i].start && addr < kMemoryLayout[i].end)
214       return true;
215   return false;
216 }
217 
218 #define MEM_IS_APP(mem) addr_is_type((uptr)(mem), MappingDesc::APP)
219 #define MEM_IS_SHADOW(mem) addr_is_type((uptr)(mem), MappingDesc::SHADOW)
220 #define MEM_IS_ORIGIN(mem) addr_is_type((uptr)(mem), MappingDesc::ORIGIN)
221 
222 // These constants must be kept in sync with the ones in MemorySanitizer.cpp.
223 const int kMsanParamTlsSize = 800;
224 const int kMsanRetvalTlsSize = 800;
225 
226 namespace __msan {
227 extern int msan_inited;
228 extern bool msan_init_is_running;
229 extern int msan_report_count;
230 
231 bool ProtectRange(uptr beg, uptr end);
232 bool InitShadow(bool init_origins);
233 char *GetProcSelfMaps();
234 void InitializeInterceptors();
235 
236 void MsanAllocatorInit();
237 void MsanDeallocate(StackTrace *stack, void *ptr);
238 
239 void *msan_malloc(uptr size, StackTrace *stack);
240 void *msan_calloc(uptr nmemb, uptr size, StackTrace *stack);
241 void *msan_realloc(void *ptr, uptr size, StackTrace *stack);
242 void *msan_reallocarray(void *ptr, uptr nmemb, uptr size, StackTrace *stack);
243 void *msan_valloc(uptr size, StackTrace *stack);
244 void *msan_pvalloc(uptr size, StackTrace *stack);
245 void *msan_aligned_alloc(uptr alignment, uptr size, StackTrace *stack);
246 void *msan_memalign(uptr alignment, uptr size, StackTrace *stack);
247 int msan_posix_memalign(void **memptr, uptr alignment, uptr size,
248                         StackTrace *stack);
249 
250 void InstallTrapHandler();
251 void InstallAtExitHandler();
252 
253 const char *GetStackOriginDescr(u32 id, uptr *pc);
254 
255 bool IsInSymbolizerOrUnwider();
256 
257 void PrintWarning(uptr pc, uptr bp);
258 void PrintWarningWithOrigin(uptr pc, uptr bp, u32 origin);
259 
260 // Unpoison first n function arguments.
261 void UnpoisonParam(uptr n);
262 void UnpoisonThreadLocalState();
263 
264 // Returns a "chained" origin id, pointing to the given stack trace followed by
265 // the previous origin id.
266 u32 ChainOrigin(u32 id, StackTrace *stack);
267 
268 const int STACK_TRACE_TAG_POISON = StackTrace::TAG_CUSTOM + 1;
269 const int STACK_TRACE_TAG_FIELDS = STACK_TRACE_TAG_POISON + 1;
270 const int STACK_TRACE_TAG_VPTR = STACK_TRACE_TAG_FIELDS + 1;
271 
272 #define GET_MALLOC_STACK_TRACE                                            \
273   BufferedStackTrace stack;                                               \
274   if (__msan_get_track_origins() && msan_inited)                          \
275     stack.Unwind(StackTrace::GetCurrentPc(), GET_CURRENT_FRAME(),         \
276                  nullptr, common_flags()->fast_unwind_on_malloc,          \
277                  common_flags()->malloc_context_size)
278 
279 // For platforms which support slow unwinder only, we restrict the store context
280 // size to 1, basically only storing the current pc. We do this because the slow
281 // unwinder which is based on libunwind is not async signal safe and causes
282 // random freezes in forking applications as well as in signal handlers.
283 #define GET_STORE_STACK_TRACE_PC_BP(pc, bp)                                    \
284   BufferedStackTrace stack;                                                    \
285   if (__msan_get_track_origins() > 1 && msan_inited) {                         \
286     int size = flags()->store_context_size;                                    \
287     if (!SANITIZER_CAN_FAST_UNWIND)                                            \
288       size = Min(size, 1);                                                     \
289     stack.Unwind(pc, bp, nullptr, common_flags()->fast_unwind_on_malloc, size);\
290   }
291 
292 #define GET_STORE_STACK_TRACE \
293   GET_STORE_STACK_TRACE_PC_BP(StackTrace::GetCurrentPc(), GET_CURRENT_FRAME())
294 
295 #define GET_FATAL_STACK_TRACE_PC_BP(pc, bp)                              \
296   BufferedStackTrace stack;                                              \
297   if (msan_inited) {                                                     \
298     stack.Unwind(pc, bp, nullptr, common_flags()->fast_unwind_on_fatal); \
299   }
300 
301 class ScopedThreadLocalStateBackup {
302  public:
303   ScopedThreadLocalStateBackup() { Backup(); }
304   ~ScopedThreadLocalStateBackup() { Restore(); }
305   void Backup();
306   void Restore();
307  private:
308   u64 va_arg_overflow_size_tls;
309 };
310 
311 void MsanTSDInit(void (*destructor)(void *tsd));
312 void *MsanTSDGet();
313 void MsanTSDSet(void *tsd);
314 void MsanTSDDtor(void *tsd);
315 
316 }  // namespace __msan
317 
318 #endif  // MSAN_H
319