1 //===-- esan_interceptors.cpp ---------------------------------------------===//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // This file is a part of EfficiencySanitizer, a family of performance tuners.
12 // Interception routines for the esan run-time.
13 //===----------------------------------------------------------------------===//
16 #include "esan_shadow.h"
17 #include "interception/interception.h"
18 #include "sanitizer_common/sanitizer_common.h"
19 #include "sanitizer_common/sanitizer_libc.h"
20 #include "sanitizer_common/sanitizer_linux.h"
21 #include "sanitizer_common/sanitizer_stacktrace.h"
23 using namespace __esan; // NOLINT
25 #define CUR_PC() (StackTrace::GetCurrentPc())
27 //===----------------------------------------------------------------------===//
28 // Interception via sanitizer common interceptors
29 //===----------------------------------------------------------------------===//
31 // Get the per-platform defines for what is possible to intercept
32 #include "sanitizer_common/sanitizer_platform_interceptors.h"
34 DECLARE_REAL_AND_INTERCEPTOR(void *, malloc, uptr)
36 // TODO(bruening): tsan disables several interceptors (getpwent, etc.) claiming
37 // that interception is a perf hit: should we do the same?
39 // We have no need to intercept:
40 #undef SANITIZER_INTERCEPT_TLS_GET_ADDR
42 // TODO(bruening): the common realpath interceptor assumes malloc is
43 // intercepted! We should try to parametrize that, though we'll
44 // intercept malloc soon ourselves and can then remove this undef.
45 #undef SANITIZER_INTERCEPT_REALPATH
47 // We provide our own version:
48 #undef SANITIZER_INTERCEPT_SIGPROCMASK
50 #define COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED (!EsanIsInitialized)
52 #define COMMON_INTERCEPT_FUNCTION(name) INTERCEPT_FUNCTION(name)
53 #define COMMON_INTERCEPT_FUNCTION_VER(name, ver) \
54 INTERCEPT_FUNCTION_VER(name, ver)
56 // We must initialize during early interceptors, to support tcmalloc.
57 // This means that for some apps we fully initialize prior to
58 // __esan_init() being called.
59 // We currently do not use ctx.
60 #define COMMON_INTERCEPTOR_ENTER(ctx, func, ...) \
62 if (UNLIKELY(COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED)) { \
63 if (!UNLIKELY(EsanDuringInit)) \
64 initializeLibrary(__esan_which_tool); \
65 return REAL(func)(__VA_ARGS__); \
71 #define COMMON_INTERCEPTOR_ENTER_NOIGNORE(ctx, func, ...) \
72 COMMON_INTERCEPTOR_ENTER(ctx, func, __VA_ARGS__)
74 #define COMMON_INTERCEPTOR_WRITE_RANGE(ctx, ptr, size) \
75 processRangeAccess(CUR_PC(), (uptr)ptr, size, true)
77 #define COMMON_INTERCEPTOR_READ_RANGE(ctx, ptr, size) \
78 processRangeAccess(CUR_PC(), (uptr)ptr, size, false)
80 // This is only called if the app explicitly calls exit(), not on
82 #define COMMON_INTERCEPTOR_ON_EXIT(ctx) finalizeLibrary()
84 #define COMMON_INTERCEPTOR_FILE_OPEN(ctx, file, path) \
90 #define COMMON_INTERCEPTOR_FILE_CLOSE(ctx, file) \
95 #define COMMON_INTERCEPTOR_LIBRARY_LOADED(filename, handle) \
100 #define COMMON_INTERCEPTOR_LIBRARY_UNLOADED() \
103 #define COMMON_INTERCEPTOR_ACQUIRE(ctx, u) \
108 #define COMMON_INTERCEPTOR_RELEASE(ctx, u) \
113 #define COMMON_INTERCEPTOR_DIR_ACQUIRE(ctx, path) \
118 #define COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd) \
123 #define COMMON_INTERCEPTOR_FD_RELEASE(ctx, fd) \
128 #define COMMON_INTERCEPTOR_FD_ACCESS(ctx, fd) \
133 #define COMMON_INTERCEPTOR_FD_SOCKET_ACCEPT(ctx, fd, newfd) \
139 #define COMMON_INTERCEPTOR_SET_THREAD_NAME(ctx, name) \
144 #define COMMON_INTERCEPTOR_SET_PTHREAD_NAME(ctx, thread, name) \
150 #define COMMON_INTERCEPTOR_BLOCK_REAL(name) REAL(name)
151 #define COMMON_INTERCEPTOR_MUTEX_LOCK(ctx, m) \
156 #define COMMON_INTERCEPTOR_MUTEX_UNLOCK(ctx, m) \
161 #define COMMON_INTERCEPTOR_MUTEX_REPAIR(ctx, m) \
166 #define COMMON_INTERCEPTOR_HANDLE_RECVMSG(ctx, msg) \
171 #define COMMON_INTERCEPTOR_USER_CALLBACK_START() \
174 #define COMMON_INTERCEPTOR_USER_CALLBACK_END() \
178 #define COMMON_INTERCEPTOR_MMAP_IMPL(ctx, mmap, addr, sz, prot, flags, fd, \
181 if (!fixMmapAddr(&addr, sz, flags)) \
183 void *result = REAL(mmap)(addr, sz, prot, flags, fd, off); \
184 return (void *)checkMmapResult((uptr)result, sz); \
187 #include "sanitizer_common/sanitizer_common_interceptors.inc"
189 //===----------------------------------------------------------------------===//
190 // Syscall interception
191 //===----------------------------------------------------------------------===//
193 // We want the caller's PC b/c unlike the other function interceptors these
194 // are separate pre and post functions called around the app's syscall().
196 #define COMMON_SYSCALL_PRE_READ_RANGE(ptr, size) \
197 processRangeAccess(GET_CALLER_PC(), (uptr)ptr, size, false)
199 #define COMMON_SYSCALL_PRE_WRITE_RANGE(ptr, size) \
205 #define COMMON_SYSCALL_POST_READ_RANGE(ptr, size) \
211 // The actual amount written is in post, not pre.
212 #define COMMON_SYSCALL_POST_WRITE_RANGE(ptr, size) \
213 processRangeAccess(GET_CALLER_PC(), (uptr)ptr, size, true)
215 #define COMMON_SYSCALL_ACQUIRE(addr) \
219 #define COMMON_SYSCALL_RELEASE(addr) \
223 #define COMMON_SYSCALL_FD_CLOSE(fd) \
227 #define COMMON_SYSCALL_FD_ACQUIRE(fd) \
231 #define COMMON_SYSCALL_FD_RELEASE(fd) \
235 #define COMMON_SYSCALL_PRE_FORK() \
238 #define COMMON_SYSCALL_POST_FORK(res) \
243 #include "sanitizer_common/sanitizer_common_syscalls.inc"
244 #include "sanitizer_common/sanitizer_syscalls_netbsd.inc"
246 //===----------------------------------------------------------------------===//
247 // Custom interceptors
248 //===----------------------------------------------------------------------===//
250 // TODO(bruening): move more of these to the common interception pool as they
251 // are shared with tsan and asan.
252 // While our other files match LLVM style, here we match sanitizer style as we
253 // expect to move these to the common pool.
255 INTERCEPTOR(char *, strcpy, char *dst, const char *src) { // NOLINT
257 COMMON_INTERCEPTOR_ENTER(ctx, strcpy, dst, src);
258 uptr srclen = internal_strlen(src);
259 COMMON_INTERCEPTOR_WRITE_RANGE(ctx, dst, srclen + 1);
260 COMMON_INTERCEPTOR_READ_RANGE(ctx, src, srclen + 1);
261 return REAL(strcpy)(dst, src); // NOLINT
264 INTERCEPTOR(char *, strncpy, char *dst, char *src, uptr n) {
266 COMMON_INTERCEPTOR_ENTER(ctx, strncpy, dst, src, n);
267 uptr srclen = internal_strnlen(src, n);
268 uptr copied_size = srclen + 1 > n ? n : srclen + 1;
269 COMMON_INTERCEPTOR_WRITE_RANGE(ctx, dst, copied_size);
270 COMMON_INTERCEPTOR_READ_RANGE(ctx, src, copied_size);
271 return REAL(strncpy)(dst, src, n);
274 INTERCEPTOR(int, open, const char *name, int flags, int mode) {
276 COMMON_INTERCEPTOR_ENTER(ctx, open, name, flags, mode);
277 COMMON_INTERCEPTOR_READ_STRING(ctx, name, 0);
278 return REAL(open)(name, flags, mode);
282 INTERCEPTOR(int, open64, const char *name, int flags, int mode) {
284 COMMON_INTERCEPTOR_ENTER(ctx, open64, name, flags, mode);
285 COMMON_INTERCEPTOR_READ_STRING(ctx, name, 0);
286 return REAL(open64)(name, flags, mode);
288 #define ESAN_MAYBE_INTERCEPT_OPEN64 INTERCEPT_FUNCTION(open64)
290 #define ESAN_MAYBE_INTERCEPT_OPEN64
293 INTERCEPTOR(int, creat, const char *name, int mode) {
295 COMMON_INTERCEPTOR_ENTER(ctx, creat, name, mode);
296 COMMON_INTERCEPTOR_READ_STRING(ctx, name, 0);
297 return REAL(creat)(name, mode);
301 INTERCEPTOR(int, creat64, const char *name, int mode) {
303 COMMON_INTERCEPTOR_ENTER(ctx, creat64, name, mode);
304 COMMON_INTERCEPTOR_READ_STRING(ctx, name, 0);
305 return REAL(creat64)(name, mode);
307 #define ESAN_MAYBE_INTERCEPT_CREAT64 INTERCEPT_FUNCTION(creat64)
309 #define ESAN_MAYBE_INTERCEPT_CREAT64
312 INTERCEPTOR(int, unlink, char *path) {
314 COMMON_INTERCEPTOR_ENTER(ctx, unlink, path);
315 COMMON_INTERCEPTOR_READ_STRING(ctx, path, 0);
316 return REAL(unlink)(path);
319 INTERCEPTOR(int, rmdir, char *path) {
321 COMMON_INTERCEPTOR_ENTER(ctx, rmdir, path);
322 COMMON_INTERCEPTOR_READ_STRING(ctx, path, 0);
323 return REAL(rmdir)(path);
326 //===----------------------------------------------------------------------===//
327 // Signal-related interceptors
328 //===----------------------------------------------------------------------===//
330 #if SANITIZER_LINUX || SANITIZER_FREEBSD
331 typedef void (*signal_handler_t)(int);
332 INTERCEPTOR(signal_handler_t, signal, int signum, signal_handler_t handler) {
334 COMMON_INTERCEPTOR_ENTER(ctx, signal, signum, handler);
335 signal_handler_t result;
336 if (!processSignal(signum, handler, &result))
339 return REAL(signal)(signum, handler);
341 #define ESAN_MAYBE_INTERCEPT_SIGNAL INTERCEPT_FUNCTION(signal)
343 #error Platform not supported
344 #define ESAN_MAYBE_INTERCEPT_SIGNAL
347 #if SANITIZER_LINUX || SANITIZER_FREEBSD
348 DECLARE_REAL(int, sigaction, int signum, const struct sigaction *act,
349 struct sigaction *oldact)
350 INTERCEPTOR(int, sigaction, int signum, const struct sigaction *act,
351 struct sigaction *oldact) {
353 COMMON_INTERCEPTOR_ENTER(ctx, sigaction, signum, act, oldact);
354 if (!processSigaction(signum, act, oldact))
357 return REAL(sigaction)(signum, act, oldact);
360 // This is required to properly use internal_sigaction.
361 namespace __sanitizer {
362 int real_sigaction(int signum, const void *act, void *oldact) {
363 if (REAL(sigaction) == nullptr) {
364 // With an instrumented allocator, this is called during interceptor init
365 // and we need a raw syscall solution.
367 return internal_sigaction_syscall(signum, act, oldact);
369 return internal_sigaction(signum, act, oldact);
372 return REAL(sigaction)(signum, (const struct sigaction *)act,
373 (struct sigaction *)oldact);
375 } // namespace __sanitizer
377 #define ESAN_MAYBE_INTERCEPT_SIGACTION INTERCEPT_FUNCTION(sigaction)
379 #error Platform not supported
380 #define ESAN_MAYBE_INTERCEPT_SIGACTION
383 #if SANITIZER_LINUX || SANITIZER_FREEBSD
384 INTERCEPTOR(int, sigprocmask, int how, __sanitizer_sigset_t *set,
385 __sanitizer_sigset_t *oldset) {
387 COMMON_INTERCEPTOR_ENTER(ctx, sigprocmask, how, set, oldset);
389 if (processSigprocmask(how, set, oldset))
390 res = REAL(sigprocmask)(how, set, oldset);
392 COMMON_INTERCEPTOR_WRITE_RANGE(ctx, oldset, sizeof(*oldset));
395 #define ESAN_MAYBE_INTERCEPT_SIGPROCMASK INTERCEPT_FUNCTION(sigprocmask)
397 #define ESAN_MAYBE_INTERCEPT_SIGPROCMASK
400 #if !SANITIZER_WINDOWS
401 INTERCEPTOR(int, pthread_sigmask, int how, __sanitizer_sigset_t *set,
402 __sanitizer_sigset_t *oldset) {
404 COMMON_INTERCEPTOR_ENTER(ctx, pthread_sigmask, how, set, oldset);
406 if (processSigprocmask(how, set, oldset))
407 res = REAL(sigprocmask)(how, set, oldset);
409 COMMON_INTERCEPTOR_WRITE_RANGE(ctx, oldset, sizeof(*oldset));
412 #define ESAN_MAYBE_INTERCEPT_PTHREAD_SIGMASK INTERCEPT_FUNCTION(pthread_sigmask)
414 #define ESAN_MAYBE_INTERCEPT_PTHREAD_SIGMASK
417 //===----------------------------------------------------------------------===//
418 // Malloc interceptors
419 //===----------------------------------------------------------------------===//
421 static const uptr early_alloc_buf_size = 4096;
422 static uptr allocated_bytes;
423 static char early_alloc_buf[early_alloc_buf_size];
425 static bool isInEarlyAllocBuf(const void *ptr) {
426 return ((uptr)ptr >= (uptr)early_alloc_buf &&
427 ((uptr)ptr - (uptr)early_alloc_buf) < sizeof(early_alloc_buf));
430 static void *handleEarlyAlloc(uptr size) {
431 // If esan is initialized during an interceptor (which happens with some
432 // tcmalloc implementations that call pthread_mutex_lock), the call from
433 // dlsym to calloc will deadlock.
434 // dlsym may also call malloc before REAL(malloc) is retrieved from dlsym.
435 // We work around it by using a static buffer for the early malloc/calloc
437 // This solution will also allow us to deliberately intercept malloc & family
438 // in the future (to perform tool actions on each allocation, without
439 // replacing the allocator), as it also solves the problem of intercepting
440 // calloc when it will itself be called before its REAL pointer is
442 // We do not handle multiple threads here. This only happens at process init
443 // time, and while it's possible for a shared library to create early threads
444 // that race here, we consider that to be a corner case extreme enough that
445 // it's not worth the effort to handle.
446 void *mem = (void *)&early_alloc_buf[allocated_bytes];
447 allocated_bytes += size;
448 CHECK_LT(allocated_bytes, early_alloc_buf_size);
452 INTERCEPTOR(void*, calloc, uptr size, uptr n) {
453 if (EsanDuringInit && REAL(calloc) == nullptr)
454 return handleEarlyAlloc(size * n);
456 COMMON_INTERCEPTOR_ENTER(ctx, calloc, size, n);
457 void *res = REAL(calloc)(size, n);
458 // The memory is zeroed and thus is all written.
459 COMMON_INTERCEPTOR_WRITE_RANGE(nullptr, (uptr)res, size * n);
463 INTERCEPTOR(void*, malloc, uptr size) {
464 if (EsanDuringInit && REAL(malloc) == nullptr)
465 return handleEarlyAlloc(size);
467 COMMON_INTERCEPTOR_ENTER(ctx, malloc, size);
468 return REAL(malloc)(size);
471 INTERCEPTOR(void, free, void *p) {
473 // There are only a few early allocation requests, so we simply skip the free.
474 if (isInEarlyAllocBuf(p))
476 COMMON_INTERCEPTOR_ENTER(ctx, free, p);
482 void initializeInterceptors() {
483 InitializeCommonInterceptors();
485 INTERCEPT_FUNCTION(strcpy); // NOLINT
486 INTERCEPT_FUNCTION(strncpy);
488 INTERCEPT_FUNCTION(open);
489 ESAN_MAYBE_INTERCEPT_OPEN64;
490 INTERCEPT_FUNCTION(creat);
491 ESAN_MAYBE_INTERCEPT_CREAT64;
492 INTERCEPT_FUNCTION(unlink);
493 INTERCEPT_FUNCTION(rmdir);
495 ESAN_MAYBE_INTERCEPT_SIGNAL;
496 ESAN_MAYBE_INTERCEPT_SIGACTION;
497 ESAN_MAYBE_INTERCEPT_SIGPROCMASK;
498 ESAN_MAYBE_INTERCEPT_PTHREAD_SIGMASK;
500 INTERCEPT_FUNCTION(calloc);
501 INTERCEPT_FUNCTION(malloc);
502 INTERCEPT_FUNCTION(free);
504 // TODO(bruening): intercept routines that other sanitizers intercept that
505 // are not in the common pool or here yet, ideally by adding to the common
506 // pool. Examples include wcslen and bcopy.
508 // TODO(bruening): there are many more libc routines that read or write data
509 // structures that no sanitizer is intercepting: sigaction, strtol, etc.
512 } // namespace __esan