1 //===-- msan_poisoning.cc ---------------------------------------*- C++ -*-===//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // This file is a part of MemorySanitizer.
12 //===----------------------------------------------------------------------===//
14 #include "msan_poisoning.h"
16 #include "interception/interception.h"
17 #include "msan_origin.h"
18 #include "sanitizer_common/sanitizer_common.h"
20 DECLARE_REAL(void *, memset, void *dest, int c, uptr n)
21 DECLARE_REAL(void *, memcpy, void *dest, const void *src, uptr n)
22 DECLARE_REAL(void *, memmove, void *dest, const void *src, uptr n)
26 u32 GetOriginIfPoisoned(uptr addr, uptr size) {
27 unsigned char *s = (unsigned char *)MEM_TO_SHADOW(addr);
28 for (uptr i = 0; i < size; ++i)
29 if (s[i]) return *(u32 *)SHADOW_TO_ORIGIN(((uptr)s + i) & ~3UL);
33 void SetOriginIfPoisoned(uptr addr, uptr src_shadow, uptr size,
35 uptr dst_s = MEM_TO_SHADOW(addr);
36 uptr src_s = src_shadow;
37 uptr src_s_end = src_s + size;
39 for (; src_s < src_s_end; ++dst_s, ++src_s)
40 if (*(u8 *)src_s) *(u32 *)SHADOW_TO_ORIGIN(dst_s & ~3UL) = src_origin;
43 void CopyOrigin(const void *dst, const void *src, uptr size,
45 if (!MEM_IS_APP(dst) || !MEM_IS_APP(src)) return;
49 // Copy left unaligned origin if that memory is poisoned.
51 u32 o = GetOriginIfPoisoned((uptr)src, d - beg);
53 if (__msan_get_track_origins() > 1) o = ChainOrigin(o, stack);
54 *(u32 *)MEM_TO_ORIGIN(beg) = o;
59 uptr end = (d + size) & ~3UL;
60 // If both ends fall into the same 4-byte slot, we are done.
61 if (end < beg) return;
63 // Copy right unaligned origin if that memory is poisoned.
65 u32 o = GetOriginIfPoisoned((uptr)src + (end - d), (d + size) - end);
67 if (__msan_get_track_origins() > 1) o = ChainOrigin(o, stack);
68 *(u32 *)MEM_TO_ORIGIN(end) = o;
74 uptr s = ((uptr)src + 3) & ~3UL;
75 // FIXME: factor out to msan_copy_origin_aligned
76 if (__msan_get_track_origins() > 1) {
77 u32 *src = (u32 *)MEM_TO_ORIGIN(s);
78 u32 *src_s = (u32 *)MEM_TO_SHADOW(s);
79 u32 *src_end = (u32 *)MEM_TO_ORIGIN(s + (end - beg));
80 u32 *dst = (u32 *)MEM_TO_ORIGIN(beg);
83 for (; src < src_end; ++src, ++src_s, ++dst) {
84 if (!*src_s) continue;
87 dst_o = ChainOrigin(src_o, stack);
92 REAL(memcpy)((void *)MEM_TO_ORIGIN(beg), (void *)MEM_TO_ORIGIN(s),
98 void MoveShadowAndOrigin(const void *dst, const void *src, uptr size,
100 if (!MEM_IS_APP(dst)) return;
101 if (!MEM_IS_APP(src)) return;
102 if (src == dst) return;
103 REAL(memmove)((void *)MEM_TO_SHADOW((uptr)dst),
104 (void *)MEM_TO_SHADOW((uptr)src), size);
105 if (__msan_get_track_origins()) CopyOrigin(dst, src, size, stack);
108 void CopyShadowAndOrigin(const void *dst, const void *src, uptr size,
110 if (!MEM_IS_APP(dst)) return;
111 if (!MEM_IS_APP(src)) return;
112 REAL(memcpy)((void *)MEM_TO_SHADOW((uptr)dst),
113 (void *)MEM_TO_SHADOW((uptr)src), size);
114 if (__msan_get_track_origins()) CopyOrigin(dst, src, size, stack);
117 void CopyMemory(void *dst, const void *src, uptr size, StackTrace *stack) {
118 REAL(memcpy)(dst, src, size);
119 CopyShadowAndOrigin(dst, src, size, stack);
122 void SetShadow(const void *ptr, uptr size, u8 value) {
123 uptr PageSize = GetPageSizeCached();
124 uptr shadow_beg = MEM_TO_SHADOW(ptr);
125 uptr shadow_end = shadow_beg + size;
127 shadow_end - shadow_beg < common_flags()->clear_shadow_mmap_threshold) {
128 REAL(memset)((void *)shadow_beg, value, shadow_end - shadow_beg);
130 uptr page_beg = RoundUpTo(shadow_beg, PageSize);
131 uptr page_end = RoundDownTo(shadow_end, PageSize);
133 if (page_beg >= page_end) {
134 REAL(memset)((void *)shadow_beg, 0, shadow_end - shadow_beg);
136 if (page_beg != shadow_beg) {
137 REAL(memset)((void *)shadow_beg, 0, page_beg - shadow_beg);
139 if (page_end != shadow_end) {
140 REAL(memset)((void *)page_end, 0, shadow_end - page_end);
142 if (!MmapFixedNoReserve(page_beg, page_end - page_beg))
148 void SetOrigin(const void *dst, uptr size, u32 origin) {
149 // Origin mapping is 4 bytes per 4 bytes of application memory.
150 // Here we extend the range such that its left and right bounds are both
152 uptr x = MEM_TO_ORIGIN((uptr)dst);
153 uptr beg = x & ~3UL; // align down.
154 uptr end = (x + size + 3) & ~3UL; // align up.
155 u64 origin64 = ((u64)origin << 32) | origin;
156 // This is like memset, but the value is 32-bit. We unroll by 2 to write
157 // 64 bits at once. May want to unroll further to get 128-bit stores.
159 *(u32 *)beg = origin;
162 for (uptr addr = beg; addr < (end & ~7UL); addr += 8) *(u64 *)addr = origin64;
163 if (end & 7ULL) *(u32 *)(end - 4) = origin;
166 void PoisonMemory(const void *dst, uptr size, StackTrace *stack) {
167 SetShadow(dst, size, (u8)-1);
169 if (__msan_get_track_origins()) {
170 Origin o = Origin::CreateHeapOrigin(stack);
171 SetOrigin(dst, size, o.raw_id());
175 } // namespace __msan
projects / FreeBSD / FreeBSD.git / blob