1 //===-- hwasan_linux.cc -----------------------------------------------------===//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // This file is a part of HWAddressSanitizer.
12 // Linux-, NetBSD- and FreeBSD-specific code.
13 //===----------------------------------------------------------------------===//
15 #include "sanitizer_common/sanitizer_platform.h"
16 #if SANITIZER_FREEBSD || SANITIZER_LINUX || SANITIZER_NETBSD
19 #include "hwasan_thread.h"
30 #include <sys/resource.h>
32 #include "sanitizer_common/sanitizer_common.h"
33 #include "sanitizer_common/sanitizer_procmaps.h"
37 void ReserveShadowMemoryRange(uptr beg, uptr end, const char *name) {
38 CHECK_EQ((beg % GetMmapGranularity()), 0);
39 CHECK_EQ(((end + 1) % GetMmapGranularity()), 0);
40 uptr size = end - beg + 1;
41 DecreaseTotalMmap(size); // Don't count the shadow against mmap_limit_mb.
42 void *res = MmapFixedNoReserve(beg, size, name);
43 if (res != (void *)beg) {
45 "ReserveShadowMemoryRange failed while trying to map 0x%zx bytes. "
46 "Perhaps you're using ulimit -v\n",
50 if (common_flags()->no_huge_pages_for_shadow) NoHugePagesInRegion(beg, size);
51 if (common_flags()->use_madv_dontdump) DontDumpShadowMemory(beg, size);
54 static void ProtectGap(uptr addr, uptr size) {
55 void *res = MmapFixedNoAccess(addr, size, "shadow gap");
56 if (addr == (uptr)res) return;
57 // A few pages at the start of the address space can not be protected.
58 // But we really want to protect as much as possible, to prevent this memory
59 // being returned as a result of a non-FIXED mmap().
61 uptr step = GetMmapGranularity();
65 void *res = MmapFixedNoAccess(addr, size, "shadow gap");
66 if (addr == (uptr)res) return;
71 "ERROR: Failed to protect the shadow gap. "
72 "ASan cannot proceed correctly. ABORTING.\n");
78 const uptr maxVirtualAddress = GetMaxUserVirtualAddress();
80 // LowMem covers as much of the first 4GB as possible.
81 const uptr kLowMemEnd = 1UL<<32;
82 const uptr kLowShadowEnd = kLowMemEnd >> kShadowScale;
83 const uptr kLowShadowStart = kLowShadowEnd >> kShadowScale;
85 // HighMem covers the upper part of the address space.
86 const uptr kHighShadowEnd = (maxVirtualAddress >> kShadowScale) + 1;
87 const uptr kHighShadowStart = Max(kLowMemEnd, kHighShadowEnd >> kShadowScale);
88 CHECK(kHighShadowStart < kHighShadowEnd);
90 const uptr kHighMemStart = kHighShadowStart << kShadowScale;
91 CHECK(kHighShadowEnd <= kHighMemStart);
94 Printf("|| `[%p, %p]` || HighMem ||\n", (void *)kHighMemStart,
95 (void *)maxVirtualAddress);
96 if (kHighMemStart > kHighShadowEnd)
97 Printf("|| `[%p, %p]` || ShadowGap2 ||\n", (void *)kHighShadowEnd,
98 (void *)kHighMemStart);
99 Printf("|| `[%p, %p]` || HighShadow ||\n", (void *)kHighShadowStart,
100 (void *)kHighShadowEnd);
101 if (kHighShadowStart > kLowMemEnd)
102 Printf("|| `[%p, %p]` || ShadowGap2 ||\n", (void *)kHighShadowEnd,
103 (void *)kHighMemStart);
104 Printf("|| `[%p, %p]` || LowMem ||\n", (void *)kLowShadowEnd,
106 Printf("|| `[%p, %p]` || LowShadow ||\n", (void *)kLowShadowStart,
107 (void *)kLowShadowEnd);
108 Printf("|| `[%p, %p]` || ShadowGap1 ||\n", (void *)0,
109 (void *)kLowShadowStart);
112 ReserveShadowMemoryRange(kLowShadowStart, kLowShadowEnd - 1, "low shadow");
113 ReserveShadowMemoryRange(kHighShadowStart, kHighShadowEnd - 1, "high shadow");
114 ProtectGap(0, kLowShadowStart);
115 if (kHighShadowStart > kLowMemEnd)
116 ProtectGap(kLowMemEnd, kHighShadowStart - kLowMemEnd);
117 if (kHighMemStart > kHighShadowEnd)
118 ProtectGap(kHighShadowEnd, kHighMemStart - kHighShadowEnd);
123 static void HwasanAtExit(void) {
124 if (flags()->print_stats && (flags()->atexit || hwasan_report_count > 0))
126 if (hwasan_report_count > 0) {
127 // ReportAtExitStatistics();
128 if (common_flags()->exitcode)
129 internal__exit(common_flags()->exitcode);
133 void InstallAtExitHandler() {
134 atexit(HwasanAtExit);
137 // ---------------------- TSD ---------------- {{{1
139 static pthread_key_t tsd_key;
140 static bool tsd_key_inited = false;
142 void HwasanTSDInit(void (*destructor)(void *tsd)) {
143 CHECK(!tsd_key_inited);
144 tsd_key_inited = true;
145 CHECK_EQ(0, pthread_key_create(&tsd_key, destructor));
148 HwasanThread *GetCurrentThread() {
149 return (HwasanThread*)pthread_getspecific(tsd_key);
152 void SetCurrentThread(HwasanThread *t) {
153 // Make sure that HwasanTSDDtor gets called at the end.
154 CHECK(tsd_key_inited);
155 // Make sure we do not reset the current HwasanThread.
156 CHECK_EQ(0, pthread_getspecific(tsd_key));
157 pthread_setspecific(tsd_key, (void *)t);
160 void HwasanTSDDtor(void *tsd) {
161 HwasanThread *t = (HwasanThread*)tsd;
162 if (t->destructor_iterations_ > 1) {
163 t->destructor_iterations_--;
164 CHECK_EQ(0, pthread_setspecific(tsd_key, tsd));
167 // Make sure that signal handler can not see a stale current thread pointer.
168 atomic_signal_fence(memory_order_seq_cst);
169 HwasanThread::TSDDtor(tsd);
180 #if defined(__aarch64__)
181 static AccessInfo GetAccessInfo(siginfo_t *info, ucontext_t *uc) {
182 // Access type is encoded in HLT immediate as 0x1XY,
183 // where X&1 is 1 for store, 0 for load,
184 // and X&2 is 1 if the error is recoverable.
185 // Valid values of Y are 0 to 4, which are interpreted as log2(access_size),
186 // and 0xF, which means that access size is stored in X1 register.
187 // Access address is always in X0 register.
189 uptr pc = (uptr)info->si_addr;
190 unsigned code = ((*(u32 *)pc) >> 5) & 0xffff;
191 if ((code & 0xff00) != 0x100)
192 return AccessInfo{0, 0, false, false}; // Not ours.
193 bool is_store = code & 0x10;
194 bool recover = code & 0x20;
195 unsigned size_log = code & 0xf;
196 if (size_log > 4 && size_log != 0xf)
197 return AccessInfo{0, 0, false, false}; // Not ours.
199 ai.is_store = is_store;
200 ai.is_load = !is_store;
201 ai.addr = uc->uc_mcontext.regs[0];
203 ai.size = uc->uc_mcontext.regs[1];
205 ai.size = 1U << size_log;
206 ai.recover = recover;
210 static AccessInfo GetAccessInfo(siginfo_t *info, ucontext_t *uc) {
211 return AccessInfo{0, 0, false, false};
215 static bool HwasanOnSIGILL(int signo, siginfo_t *info, ucontext_t *uc) {
216 SignalContext sig{info, uc};
217 AccessInfo ai = GetAccessInfo(info, uc);
218 if (!ai.is_store && !ai.is_load)
221 InternalScopedBuffer<BufferedStackTrace> stack_buffer(1);
222 BufferedStackTrace *stack = stack_buffer.data();
224 GetStackTrace(stack, kStackTraceMax, sig.pc, sig.bp, uc,
225 common_flags()->fast_unwind_on_fatal);
227 ReportTagMismatch(stack, ai.addr, ai.size, ai.is_store);
229 ++hwasan_report_count;
230 if (flags()->halt_on_error || !ai.recover)
233 uc->uc_mcontext.pc += 4;
237 static void OnStackUnwind(const SignalContext &sig, const void *,
238 BufferedStackTrace *stack) {
239 GetStackTrace(stack, kStackTraceMax, sig.pc, sig.bp, sig.context,
240 common_flags()->fast_unwind_on_fatal);
243 void HwasanOnDeadlySignal(int signo, void *info, void *context) {
244 // Probably a tag mismatch.
246 if (HwasanOnSIGILL(signo, (siginfo_t *)info, (ucontext_t*)context))
249 HandleDeadlySignal(info, context, GetTid(), &OnStackUnwind, nullptr);
253 } // namespace __hwasan
255 #endif // SANITIZER_FREEBSD || SANITIZER_LINUX || SANITIZER_NETBSD