head 1.1; branch 1.1.1; access; symbols netbsd-11-0-RC4:1.1.1.1 netbsd-11-0-RC3:1.1.1.1 netbsd-11-0-RC2:1.1.1.1 netbsd-11-0-RC1:1.1.1.1 gcc-14-3-0:1.1.1.2 perseant-exfatfs-base-20250801:1.1.1.1 netbsd-11:1.1.1.1.0.4 netbsd-11-base:1.1.1.1 gcc-12-5-0:1.1.1.1 perseant-exfatfs-base-20240630:1.1.1.1 gcc-12-4-0:1.1.1.1 perseant-exfatfs:1.1.1.1.0.2 perseant-exfatfs-base:1.1.1.1 gcc-12-3-0:1.1.1.1 FSF:1.1.1; locks; strict; comment @// @; 1.1 date 2023.07.30.05.20.41; author mrg; state Exp; branches 1.1.1.1; next ; commitid tk6nV4mbc9nVEMyE; 1.1.1.1 date 2023.07.30.05.20.41; author mrg; state Exp; branches; next 1.1.1.2; commitid tk6nV4mbc9nVEMyE; 1.1.1.2 date 2025.09.13.23.45.04; author mrg; state Exp; branches; next ; commitid KwhwN4krNWa6XBaG; desc @@ 1.1 log @Initial revision @ text @//===-- hwasan_linux.cpp ----------------------------------------*- C++ -*-===// // // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // See https://llvm.org/LICENSE.txt for license information. // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // //===----------------------------------------------------------------------===// /// /// \file /// This file is a part of HWAddressSanitizer and contains Linux-, NetBSD- and /// FreeBSD-specific code. /// //===----------------------------------------------------------------------===// #include "sanitizer_common/sanitizer_platform.h" #if SANITIZER_FREEBSD || SANITIZER_LINUX || SANITIZER_NETBSD # include # include # include # include # include # include # include # include # include # include # include # include # include # include "hwasan.h" # include "hwasan_dynamic_shadow.h" # include "hwasan_interface_internal.h" # include "hwasan_mapping.h" # include "hwasan_report.h" # include "hwasan_thread.h" # include "hwasan_thread_list.h" # include "sanitizer_common/sanitizer_common.h" # include "sanitizer_common/sanitizer_procmaps.h" # include "sanitizer_common/sanitizer_stackdepot.h" // Configurations of HWASAN_WITH_INTERCEPTORS and SANITIZER_ANDROID. // // HWASAN_WITH_INTERCEPTORS=OFF, SANITIZER_ANDROID=OFF // Not currently tested. // HWASAN_WITH_INTERCEPTORS=OFF, SANITIZER_ANDROID=ON // Integration tests downstream exist. // HWASAN_WITH_INTERCEPTORS=ON, SANITIZER_ANDROID=OFF // Tested with check-hwasan on x86_64-linux. // HWASAN_WITH_INTERCEPTORS=ON, SANITIZER_ANDROID=ON // Tested with check-hwasan on aarch64-linux-android. # if !SANITIZER_ANDROID SANITIZER_INTERFACE_ATTRIBUTE THREADLOCAL uptr __hwasan_tls; # endif namespace __hwasan { // With the zero shadow base we can not actually map pages starting from 0. // This constant is somewhat arbitrary. constexpr uptr kZeroBaseShadowStart = 0; constexpr uptr kZeroBaseMaxShadowStart = 1 << 18; static void ProtectGap(uptr addr, uptr size) { __sanitizer::ProtectGap(addr, size, kZeroBaseShadowStart, kZeroBaseMaxShadowStart); } uptr kLowMemStart; uptr kLowMemEnd; uptr kHighMemStart; uptr kHighMemEnd; static void PrintRange(uptr start, uptr end, const char *name) { Printf("|| [%p, %p] || %.*s ||\n", (void *)start, (void *)end, 10, name); } static void PrintAddressSpaceLayout() { PrintRange(kHighMemStart, kHighMemEnd, "HighMem"); if (kHighShadowEnd + 1 < kHighMemStart) PrintRange(kHighShadowEnd + 1, kHighMemStart - 1, "ShadowGap"); else CHECK_EQ(kHighShadowEnd + 1, kHighMemStart); PrintRange(kHighShadowStart, kHighShadowEnd, "HighShadow"); if (kLowShadowEnd + 1 < kHighShadowStart) PrintRange(kLowShadowEnd + 1, kHighShadowStart - 1, "ShadowGap"); else CHECK_EQ(kLowMemEnd + 1, kHighShadowStart); PrintRange(kLowShadowStart, kLowShadowEnd, "LowShadow"); if (kLowMemEnd + 1 < kLowShadowStart) PrintRange(kLowMemEnd + 1, kLowShadowStart - 1, "ShadowGap"); else CHECK_EQ(kLowMemEnd + 1, kLowShadowStart); PrintRange(kLowMemStart, kLowMemEnd, "LowMem"); CHECK_EQ(0, kLowMemStart); } static uptr GetHighMemEnd() { // HighMem covers the upper part of the address space. uptr max_address = GetMaxUserVirtualAddress(); // Adjust max address to make sure that kHighMemEnd and kHighMemStart are // properly aligned: max_address |= (GetMmapGranularity() << kShadowScale) - 1; return max_address; } static void InitializeShadowBaseAddress(uptr shadow_size_bytes) { __hwasan_shadow_memory_dynamic_address = FindDynamicShadowStart(shadow_size_bytes); } void InitializeOsSupport() { # define PR_SET_TAGGED_ADDR_CTRL 55 # define PR_GET_TAGGED_ADDR_CTRL 56 # define PR_TAGGED_ADDR_ENABLE (1UL << 0) // Check we're running on a kernel that can use the tagged address ABI. int local_errno = 0; if (internal_iserror(internal_prctl(PR_GET_TAGGED_ADDR_CTRL, 0, 0, 0, 0), &local_errno) && local_errno == EINVAL) { # if SANITIZER_ANDROID || defined(HWASAN_ALIASING_MODE) // Some older Android kernels have the tagged pointer ABI on // unconditionally, and hence don't have the tagged-addr prctl while still // allow the ABI. // If targeting Android and the prctl is not around we assume this is the // case. return; # else if (flags()->fail_without_syscall_abi) { Printf( "FATAL: " "HWAddressSanitizer requires a kernel with tagged address ABI.\n"); Die(); } # endif } // Turn on the tagged address ABI. if ((internal_iserror(internal_prctl(PR_SET_TAGGED_ADDR_CTRL, PR_TAGGED_ADDR_ENABLE, 0, 0, 0)) || !internal_prctl(PR_GET_TAGGED_ADDR_CTRL, 0, 0, 0, 0))) { # if defined(__x86_64__) && !defined(HWASAN_ALIASING_MODE) // Try the new prctl API for Intel LAM. The API is based on a currently // unsubmitted patch to the Linux kernel (as of May 2021) and is thus // subject to change. Patch is here: // https://lore.kernel.org/linux-mm/20210205151631.43511-12-kirill.shutemov@@linux.intel.com/ int tag_bits = kTagBits; int tag_shift = kAddressTagShift; if (!internal_iserror( internal_prctl(PR_SET_TAGGED_ADDR_CTRL, PR_TAGGED_ADDR_ENABLE, reinterpret_cast(&tag_bits), reinterpret_cast(&tag_shift), 0))) { CHECK_EQ(tag_bits, kTagBits); CHECK_EQ(tag_shift, kAddressTagShift); return; } # endif // defined(__x86_64__) && !defined(HWASAN_ALIASING_MODE) if (flags()->fail_without_syscall_abi) { Printf( "FATAL: HWAddressSanitizer failed to enable tagged address syscall " "ABI.\nSuggest check `sysctl abi.tagged_addr_disabled` " "configuration.\n"); Die(); } } # undef PR_SET_TAGGED_ADDR_CTRL # undef PR_GET_TAGGED_ADDR_CTRL # undef PR_TAGGED_ADDR_ENABLE } bool InitShadow() { // Define the entire memory range. kHighMemEnd = GetHighMemEnd(); // Determine shadow memory base offset. InitializeShadowBaseAddress(MemToShadowSize(kHighMemEnd)); // Place the low memory first. kLowMemEnd = __hwasan_shadow_memory_dynamic_address - 1; kLowMemStart = 0; // Define the low shadow based on the already placed low memory. kLowShadowEnd = MemToShadow(kLowMemEnd); kLowShadowStart = __hwasan_shadow_memory_dynamic_address; // High shadow takes whatever memory is left up there (making sure it is not // interfering with low memory in the fixed case). kHighShadowEnd = MemToShadow(kHighMemEnd); kHighShadowStart = Max(kLowMemEnd, MemToShadow(kHighShadowEnd)) + 1; // High memory starts where allocated shadow allows. kHighMemStart = ShadowToMem(kHighShadowStart); // Check the sanity of the defined memory ranges (there might be gaps). CHECK_EQ(kHighMemStart % GetMmapGranularity(), 0); CHECK_GT(kHighMemStart, kHighShadowEnd); CHECK_GT(kHighShadowEnd, kHighShadowStart); CHECK_GT(kHighShadowStart, kLowMemEnd); CHECK_GT(kLowMemEnd, kLowMemStart); CHECK_GT(kLowShadowEnd, kLowShadowStart); CHECK_GT(kLowShadowStart, kLowMemEnd); if (Verbosity()) PrintAddressSpaceLayout(); // Reserve shadow memory. ReserveShadowMemoryRange(kLowShadowStart, kLowShadowEnd, "low shadow"); ReserveShadowMemoryRange(kHighShadowStart, kHighShadowEnd, "high shadow"); // Protect all the gaps. ProtectGap(0, Min(kLowMemStart, kLowShadowStart)); if (kLowMemEnd + 1 < kLowShadowStart) ProtectGap(kLowMemEnd + 1, kLowShadowStart - kLowMemEnd - 1); if (kLowShadowEnd + 1 < kHighShadowStart) ProtectGap(kLowShadowEnd + 1, kHighShadowStart - kLowShadowEnd - 1); if (kHighShadowEnd + 1 < kHighMemStart) ProtectGap(kHighShadowEnd + 1, kHighMemStart - kHighShadowEnd - 1); return true; } void InitThreads() { CHECK(__hwasan_shadow_memory_dynamic_address); uptr guard_page_size = GetMmapGranularity(); uptr thread_space_start = __hwasan_shadow_memory_dynamic_address - (1ULL << kShadowBaseAlignment); uptr thread_space_end = __hwasan_shadow_memory_dynamic_address - guard_page_size; ReserveShadowMemoryRange(thread_space_start, thread_space_end - 1, "hwasan threads", /*madvise_shadow*/ false); ProtectGap(thread_space_end, __hwasan_shadow_memory_dynamic_address - thread_space_end); InitThreadList(thread_space_start, thread_space_end - thread_space_start); hwasanThreadList().CreateCurrentThread(); } bool MemIsApp(uptr p) { // Memory outside the alias range has non-zero tags. # if !defined(HWASAN_ALIASING_MODE) CHECK(GetTagFromPointer(p) == 0); # endif return (p >= kHighMemStart && p <= kHighMemEnd) || (p >= kLowMemStart && p <= kLowMemEnd); } void InstallAtExitHandler() { atexit(HwasanAtExit); } // ---------------------- TSD ---------------- {{{1 extern "C" void __hwasan_thread_enter() { hwasanThreadList().CreateCurrentThread()->EnsureRandomStateInited(); } extern "C" void __hwasan_thread_exit() { Thread *t = GetCurrentThread(); // Make sure that signal handler can not see a stale current thread pointer. atomic_signal_fence(memory_order_seq_cst); if (t) hwasanThreadList().ReleaseThread(t); } # if HWASAN_WITH_INTERCEPTORS static pthread_key_t tsd_key; static bool tsd_key_inited = false; void HwasanTSDThreadInit() { if (tsd_key_inited) CHECK_EQ(0, pthread_setspecific(tsd_key, (void *)GetPthreadDestructorIterations())); } void HwasanTSDDtor(void *tsd) { uptr iterations = (uptr)tsd; if (iterations > 1) { CHECK_EQ(0, pthread_setspecific(tsd_key, (void *)(iterations - 1))); return; } __hwasan_thread_exit(); } void HwasanTSDInit() { CHECK(!tsd_key_inited); tsd_key_inited = true; CHECK_EQ(0, pthread_key_create(&tsd_key, HwasanTSDDtor)); } # else void HwasanTSDInit() {} void HwasanTSDThreadInit() {} # endif # if SANITIZER_ANDROID uptr *GetCurrentThreadLongPtr() { return (uptr *)get_android_tls_ptr(); } # else uptr *GetCurrentThreadLongPtr() { return &__hwasan_tls; } # endif # if SANITIZER_ANDROID void AndroidTestTlsSlot() { uptr kMagicValue = 0x010203040A0B0C0D; uptr *tls_ptr = GetCurrentThreadLongPtr(); uptr old_value = *tls_ptr; *tls_ptr = kMagicValue; dlerror(); if (*(uptr *)get_android_tls_ptr() != kMagicValue) { Printf( "ERROR: Incompatible version of Android: TLS_SLOT_SANITIZER(6) is used " "for dlerror().\n"); Die(); } *tls_ptr = old_value; } # else void AndroidTestTlsSlot() {} # endif static AccessInfo GetAccessInfo(siginfo_t *info, ucontext_t *uc) { // Access type is passed in a platform dependent way (see below) and encoded // as 0xXY, where X&1 is 1 for store, 0 for load, and X&2 is 1 if the error is // recoverable. Valid values of Y are 0 to 4, which are interpreted as // log2(access_size), and 0xF, which means that access size is passed via // platform dependent register (see below). # if defined(__aarch64__) // Access type is encoded in BRK immediate as 0x900 + 0xXY. For Y == 0xF, // access size is stored in X1 register. Access address is always in X0 // register. uptr pc = (uptr)info->si_addr; const unsigned code = ((*(u32 *)pc) >> 5) & 0xffff; if ((code & 0xff00) != 0x900) return AccessInfo{}; // Not ours. const bool is_store = code & 0x10; const bool recover = code & 0x20; const uptr addr = uc->uc_mcontext.regs[0]; const unsigned size_log = code & 0xf; if (size_log > 4 && size_log != 0xf) return AccessInfo{}; // Not ours. const uptr size = size_log == 0xf ? uc->uc_mcontext.regs[1] : 1U << size_log; # elif defined(__x86_64__) // Access type is encoded in the instruction following INT3 as // NOP DWORD ptr [EAX + 0x40 + 0xXY]. For Y == 0xF, access size is stored in // RSI register. Access address is always in RDI register. uptr pc = (uptr)uc->uc_mcontext.gregs[REG_RIP]; uint8_t *nop = (uint8_t *)pc; if (*nop != 0x0f || *(nop + 1) != 0x1f || *(nop + 2) != 0x40 || *(nop + 3) < 0x40) return AccessInfo{}; // Not ours. const unsigned code = *(nop + 3); const bool is_store = code & 0x10; const bool recover = code & 0x20; const uptr addr = uc->uc_mcontext.gregs[REG_RDI]; const unsigned size_log = code & 0xf; if (size_log > 4 && size_log != 0xf) return AccessInfo{}; // Not ours. const uptr size = size_log == 0xf ? uc->uc_mcontext.gregs[REG_RSI] : 1U << size_log; # else # error Unsupported architecture # endif return AccessInfo{addr, size, is_store, !is_store, recover}; } static bool HwasanOnSIGTRAP(int signo, siginfo_t *info, ucontext_t *uc) { AccessInfo ai = GetAccessInfo(info, uc); if (!ai.is_store && !ai.is_load) return false; SignalContext sig{info, uc}; HandleTagMismatch(ai, StackTrace::GetNextInstructionPc(sig.pc), sig.bp, uc); # if defined(__aarch64__) uc->uc_mcontext.pc += 4; # elif defined(__x86_64__) # else # error Unsupported architecture # endif return true; } static void OnStackUnwind(const SignalContext &sig, const void *, BufferedStackTrace *stack) { stack->Unwind(StackTrace::GetNextInstructionPc(sig.pc), sig.bp, sig.context, common_flags()->fast_unwind_on_fatal); } void HwasanOnDeadlySignal(int signo, void *info, void *context) { // Probably a tag mismatch. if (signo == SIGTRAP) if (HwasanOnSIGTRAP(signo, (siginfo_t *)info, (ucontext_t *)context)) return; HandleDeadlySignal(info, context, GetTid(), &OnStackUnwind, nullptr); } void Thread::InitStackAndTls(const InitState *) { uptr tls_size; uptr stack_size; GetThreadStackAndTls(IsMainThread(), &stack_bottom_, &stack_size, &tls_begin_, &tls_size); stack_top_ = stack_bottom_ + stack_size; tls_end_ = tls_begin_ + tls_size; } uptr TagMemoryAligned(uptr p, uptr size, tag_t tag) { CHECK(IsAligned(p, kShadowAlignment)); CHECK(IsAligned(size, kShadowAlignment)); uptr shadow_start = MemToShadow(p); uptr shadow_size = MemToShadowSize(size); uptr page_size = GetPageSizeCached(); uptr page_start = RoundUpTo(shadow_start, page_size); uptr page_end = RoundDownTo(shadow_start + shadow_size, page_size); uptr threshold = common_flags()->clear_shadow_mmap_threshold; if (SANITIZER_LINUX && UNLIKELY(page_end >= page_start + threshold && tag == 0)) { internal_memset((void *)shadow_start, tag, page_start - shadow_start); internal_memset((void *)page_end, tag, shadow_start + shadow_size - page_end); // For an anonymous private mapping MADV_DONTNEED will return a zero page on // Linux. ReleaseMemoryPagesToOSAndZeroFill(page_start, page_end); } else { internal_memset((void *)shadow_start, tag, shadow_size); } return AddTagToPointer(p, tag); } void HwasanInstallAtForkHandler() { auto before = []() { HwasanAllocatorLock(); StackDepotLockAll(); }; auto after = []() { StackDepotUnlockAll(); HwasanAllocatorUnlock(); }; pthread_atfork(before, after, after); } } // namespace __hwasan #endif // SANITIZER_FREEBSD || SANITIZER_LINUX || SANITIZER_NETBSD @ 1.1.1.1 log @initial import of GCC 12.3.0. major changes in GCC 11 included: - The default mode for C++ is now -std=gnu++17 instead of -std=gnu++14. - When building GCC itself, the host compiler must now support C++11, rather than C++98. - Some short options of the gcov tool have been renamed: -i to -j and -j to -H. - ThreadSanitizer improvements. - Introduce Hardware-assisted AddressSanitizer support. - For targets that produce DWARF debugging information GCC now defaults to DWARF version 5. This can produce up to 25% more compact debug information compared to earlier versions. - Many optimisations. - The existing malloc attribute has been extended so that it can be used to identify allocator/deallocator API pairs. A pair of new -Wmismatched-dealloc and -Wmismatched-new-delete warnings are added. - Other new warnings: -Wsizeof-array-div, enabled by -Wall, warns about divisions of two sizeof operators when the first one is applied to an array and the divisor does not equal the size of the array element. -Wstringop-overread, enabled by default, warns about calls to string functions reading past the end of the arrays passed to them as arguments. -Wtsan, enabled by default, warns about unsupported features in ThreadSanitizer (currently std::atomic_thread_fence). - Enchanced warnings: -Wfree-nonheap-object detects many more instances of calls to deallocation functions with pointers not returned from a dynamic memory allocation function. -Wmaybe-uninitialized diagnoses passing pointers or references to uninitialized memory to functions taking const-qualified arguments. -Wuninitialized detects reads from uninitialized dynamically allocated memory. -Warray-parameter warns about functions with inconsistent array forms. -Wvla-parameter warns about functions with inconsistent VLA forms. - Several new features from the upcoming C2X revision of the ISO C standard are supported with -std=c2x and -std=gnu2x. - Several C++20 features have been implemented. - The C++ front end has experimental support for some of the upcoming C++23 draft. - Several new C++ warnings. - Enhanced Arm, AArch64, x86, and RISC-V CPU support. - The implementation of how program state is tracked within -fanalyzer has been completely rewritten with many enhancements. see https://gcc.gnu.org/gcc-11/changes.html for a full list. major changes in GCC 12 include: - An ABI incompatibility between C and C++ when passing or returning by value certain aggregates containing zero width bit-fields has been discovered on various targets. x86-64, ARM and AArch64 will always ignore them (so there is a C ABI incompatibility between GCC 11 and earlier with GCC 12 or later), PowerPC64 ELFv2 always take them into account (so there is a C++ ABI incompatibility, GCC 4.4 and earlier compatible with GCC 12 or later, incompatible with GCC 4.5 through GCC 11). RISC-V has changed the handling of these already starting with GCC 10. As the ABI requires, MIPS takes them into account handling function return values so there is a C++ ABI incompatibility with GCC 4.5 through 11. - STABS: Support for emitting the STABS debugging format is deprecated and will be removed in the next release. All ports now default to emit DWARF (version 2 or later) debugging info or are obsoleted. - Vectorization is enabled at -O2 which is now equivalent to the original -O2 -ftree-vectorize -fvect-cost-model=very-cheap. - GCC now supports the ShadowCallStack sanitizer. - Support for __builtin_shufflevector compatible with the clang language extension was added. - Support for attribute unavailable was added. - Support for __builtin_dynamic_object_size compatible with the clang language extension was added. - New warnings: -Wbidi-chars warns about potentially misleading UTF-8 bidirectional control characters. -Warray-compare warns about comparisons between two operands of array type. - Some new features from the upcoming C2X revision of the ISO C standard are supported with -std=c2x and -std=gnu2x. - Several C++23 features have been implemented. - Many C++ enhancements across warnings and -f options. see https://gcc.gnu.org/gcc-12/changes.html for a full list. @ text @@ 1.1.1.2 log @initial import of GCC 14.3.0. major changes in GCC 13: - improved sanitizer - zstd debug info compression - LTO improvements - SARIF based diagnostic support - new warnings: -Wxor-used-as-pow, -Wenum-int-mismatch, -Wself-move, -Wdangling-reference - many new -Wanalyzer* specific warnings - enhanced warnings: -Wpessimizing-move, -Wredundant-move - new attributes to mark file descriptors, c++23 "assume" - several C23 features added - several C++23 features added - many new features for Arm, x86, RISC-V major changes in GCC 14: - more strict C99 or newer support - ia64* marked deprecated (but seemingly still in GCC 15.) - several new hardening features - support for "hardbool", which can have user supplied values of true/false - explicit support for stack scrubbing upon function exit - better auto-vectorisation support - added clang-compatible __has_feature and __has_extension - more C23, including -std=c23 - several C++26 features added - better diagnostics in C++ templates - new warnings: -Wnrvo, Welaborated-enum-base - many new features for Arm, x86, RISC-V - possible ABI breaking change for SPARC64 and small structures with arrays of floats. @ text @d113 1 a113 7 static void MaybeDieIfNoTaggingAbi(const char *message) { if (!flags()->fail_without_syscall_abi) return; Printf("FATAL: %s\n", message); Die(); } a116 64 # define ARCH_GET_UNTAG_MASK 0x4001 # define ARCH_ENABLE_TAGGED_ADDR 0x4002 # define ARCH_GET_MAX_TAG_BITS 0x4003 static bool CanUseTaggingAbi() { # if defined(__x86_64__) unsigned long num_bits = 0; // Check for x86 LAM support. This API is based on a currently unsubmitted // patch to the Linux kernel (as of August 2022) and is thus subject to // change. The patch is here: // https://lore.kernel.org/all/20220815041803.17954-1-kirill.shutemov@@linux.intel.com/ // // arch_prctl(ARCH_GET_MAX_TAG_BITS, &bits) returns the maximum number of tag // bits the user can request, or zero if LAM is not supported by the hardware. if (internal_iserror(internal_arch_prctl(ARCH_GET_MAX_TAG_BITS, reinterpret_cast(&num_bits)))) return false; // The platform must provide enough bits for HWASan tags. if (num_bits < kTagBits) return false; return true; # else // Check for ARM TBI support. return !internal_iserror(internal_prctl(PR_GET_TAGGED_ADDR_CTRL, 0, 0, 0, 0)); # endif // __x86_64__ } static bool EnableTaggingAbi() { # if defined(__x86_64__) // Enable x86 LAM tagging for the process. // // arch_prctl(ARCH_ENABLE_TAGGED_ADDR, bits) enables tagging if the number of // tag bits requested by the user does not exceed that provided by the system. // arch_prctl(ARCH_GET_UNTAG_MASK, &mask) returns the mask of significant // address bits. It is ~0ULL if either LAM is disabled for the process or LAM // is not supported by the hardware. if (internal_iserror(internal_arch_prctl(ARCH_ENABLE_TAGGED_ADDR, kTagBits))) return false; unsigned long mask = 0; // Make sure the tag bits are where we expect them to be. if (internal_iserror(internal_arch_prctl(ARCH_GET_UNTAG_MASK, reinterpret_cast(&mask)))) return false; // @@mask has ones for non-tag bits, whereas @@kAddressTagMask has ones for tag // bits. Therefore these masks must not overlap. if (mask & kAddressTagMask) return false; return true; # else // Enable ARM TBI tagging for the process. If for some reason tagging is not // supported, prctl(PR_SET_TAGGED_ADDR_CTRL, PR_TAGGED_ADDR_ENABLE) returns // -EINVAL. if (internal_iserror(internal_prctl(PR_SET_TAGGED_ADDR_CTRL, PR_TAGGED_ADDR_ENABLE, 0, 0, 0))) return false; // Ensure that TBI is enabled. if (internal_prctl(PR_GET_TAGGED_ADDR_CTRL, 0, 0, 0, 0) != PR_TAGGED_ADDR_ENABLE) return false; return true; # endif // __x86_64__ } void InitializeOsSupport() { d118 4 a121 3 bool has_abi = CanUseTaggingAbi(); if (!has_abi) { d130 6 a135 2 MaybeDieIfNoTaggingAbi( "HWAddressSanitizer requires a kernel with tagged address ABI."); d139 31 a169 11 if (EnableTaggingAbi()) return; # if SANITIZER_ANDROID MaybeDieIfNoTaggingAbi( "HWAddressSanitizer failed to enable tagged address syscall ABI.\n" "Check the `sysctl abi.tagged_addr_disabled` configuration."); # else MaybeDieIfNoTaggingAbi( "HWAddressSanitizer failed to enable tagged address syscall ABI.\n"); # endif d241 1 a241 1 CHECK_EQ(GetTagFromPointer(p), 0); d260 1 a260 7 if (t) { // Block async signals on the thread as the handler can be instrumented. // After this point instrumented code can't access essential data from TLS // and will crash. // Bionic already calls __hwasan_thread_exit with blocked signals. if (SANITIZER_GLIBC) BlockSignals(); a261 1 } a360 41 # elif SANITIZER_RISCV64 // Access type is encoded in the instruction following EBREAK as // ADDI x0, x0, [0x40 + 0xXY]. For Y == 0xF, access size is stored in // X11 register. Access address is always in X10 register. uptr pc = (uptr)uc->uc_mcontext.__gregs[REG_PC]; uint8_t byte1 = *((u8 *)(pc + 0)); uint8_t byte2 = *((u8 *)(pc + 1)); uint8_t byte3 = *((u8 *)(pc + 2)); uint8_t byte4 = *((u8 *)(pc + 3)); uint32_t ebreak = (byte1 | (byte2 << 8) | (byte3 << 16) | (byte4 << 24)); bool isFaultShort = false; bool isEbreak = (ebreak == 0x100073); bool isShortEbreak = false; # if defined(__riscv_compressed) isFaultShort = ((ebreak & 0x3) != 0x3); isShortEbreak = ((ebreak & 0xffff) == 0x9002); # endif // faulted insn is not ebreak, not our case if (!(isEbreak || isShortEbreak)) return AccessInfo{}; // advance pc to point after ebreak and reconstruct addi instruction pc += isFaultShort ? 2 : 4; byte1 = *((u8 *)(pc + 0)); byte2 = *((u8 *)(pc + 1)); byte3 = *((u8 *)(pc + 2)); byte4 = *((u8 *)(pc + 3)); // reconstruct instruction uint32_t instr = (byte1 | (byte2 << 8) | (byte3 << 16) | (byte4 << 24)); // check if this is really 32 bit instruction // code is encoded in top 12 bits, since instruction is supposed to be with // imm const unsigned code = (instr >> 20) & 0xffff; const uptr addr = uc->uc_mcontext.__gregs[10]; const bool is_store = code & 0x10; const bool recover = code & 0x20; const unsigned size_log = code & 0xf; if (size_log > 4 && size_log != 0xf) return AccessInfo{}; // Not our case const uptr size = size_log == 0xf ? uc->uc_mcontext.__gregs[11] : 1U << size_log; a378 13 # elif SANITIZER_RISCV64 // pc points to EBREAK which is 2 bytes long uint8_t *exception_source = (uint8_t *)(uc->uc_mcontext.__gregs[REG_PC]); uint8_t byte1 = (uint8_t)(*(exception_source + 0)); uint8_t byte2 = (uint8_t)(*(exception_source + 1)); uint8_t byte3 = (uint8_t)(*(exception_source + 2)); uint8_t byte4 = (uint8_t)(*(exception_source + 3)); uint32_t faulted = (byte1 | (byte2 << 8) | (byte3 << 16) | (byte4 << 24)); bool isFaultShort = false; # if defined(__riscv_compressed) isFaultShort = ((faulted & 0x3) != 0x3); # endif uc->uc_mcontext.__gregs[REG_PC] += isFaultShort ? 2 : 4; a444 11 void InstallAtExitCheckLeaks() { if (CAN_SANITIZE_LEAKS) { if (common_flags()->detect_leaks && common_flags()->leak_check_at_exit) { if (flags()->halt_on_error) Atexit(__lsan::DoLeakCheck); else Atexit(__lsan::DoRecoverableLeakCheckVoid); } } } @