36 Commits

Author SHA1 Message Date
Luís Marques
2de4f19ecd [LSan][RISCV] Enable LSan for RISCV64
Fixes the broken RISCV64 implementation of `internal_clone` and
adds RISCV64 support for LSan.

Differential Revision: https://reviews.llvm.org/D92403
2021-01-31 21:53:25 +00:00
Dmitry Vyukov
5cad535ccf tsan: add mips64 support in lib/tsan/go/buildgo.sh
Enable mips64 support in buildgo.sh.

Author: mzh (Meng Zhuo)
Reviewed-in: https://reviews.llvm.org/D90130
2020-10-26 12:19:52 +01:00
Teresa Johnson
31bc55d602 [sanitizer] Convert PrintModuleMap to DumpProcessMap
As discussed in the review for D87120 (specifically at
https://reviews.llvm.org/D87120#inline-831939), clean up PrintModuleMap
and DumpProcessMap usage differences. The former is only implemented for
Mac OSX, whereas the latter is implemented for all OSes. The former is
called by asan and tsan, and the latter by hwasan and now memprof, under
the same option. Simply rename the PrintModuleMap implementation for Mac
to DumpProcessMap, remove other empty PrintModuleMap implementations,
and convert asan/tsan to new name. The existing posix DumpProcessMap is
disabled for SANITIZER_MAC.

Differential Revision: https://reviews.llvm.org/D89630
2020-10-21 12:46:49 -07:00
David Carlier
53065c543f [Sanitizers] Remove OpenBSD support (new attempt)
- Fixing VS compiler and other cases settings this time.

Reviewers: dmajor, hans

Reviewed By: hans

Differential Revision: https://reviews.llvm.org/D89759
2020-10-20 11:16:09 +01:00
Evgenii Stepanov
7ecd60bb70 Revert "[Sanitizers] Remove OpenBSD support" + 1
Revert "Fix compiler-rt build on Windows after D89640"

This reverts commit a7acee89d68473183cc5021d952a56cdf0ae27d3.
This reverts commit d09b08919ca6e206cd981fdea8b19b1d1188e325.

Reason: breaks Linux / x86_64 build.
2020-10-19 16:11:21 -07:00
David Carlier
d09b08919c [Sanitizers] Remove OpenBSD support
- Removing unused and unusable code.

Reviewers: krytarowski

Reviewed By: krytarowski

Differential Revision: https://reviews.llvm.org/D89640
2020-10-18 14:57:07 +01:00
Alexey Baturo
7ce4dfb4dd [RISCV][ASAN] support code for architecture-specific parts of asan
[9/11] patch series to port ASAN for riscv64

Depends On D87579

Reviewed By: luismarques

Differential Revision: https://reviews.llvm.org/D87580
2020-10-04 15:21:48 +03:00
Rainer Orth
dc261d23d0 [sanitizers] Fix internal__exit on Solaris
`TestCases/log-path_test.cpp` currently `FAIL`s on Solaris:

  $ env ASAN_OPTIONS=log_path=`for((i=0;i<10000;i++)); do echo -n $i; done`  ./log-path_test.cpp.tmp
  ==5031==ERROR: Path is too long: 01234567...
  Segmentation Fault (core dumped)

The `SEGV` happens here:

  Thread 2 received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 1 (LWP 1)]
  0x00000000 in ?? ()
  (gdb) where
  #0  0x00000000 in ?? ()
  #1  0x080a1e63 in __interceptor__exit (status=1)
      at /vol/gcc/src/llvm/llvm/local/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:3808
  #2  0x08135ea8 in __sanitizer::internal__exit (exitcode=1)
      at /vol/gcc/src/llvm/llvm/local/projects/compiler-rt/lib/sanitizer_common/sanitizer_solaris.cc:139

when `__interceptor__exit` tries to call `__interception::real__exit` which
is `NULL` at this point because the interceptors haven't been initialized yet.

Ultimately, the problem lies elsewhere, however: `internal__exit` in
`sanitizer_solaris.cpp` calls `_exit` itself since there doesn't exit a
non-intercepted version in `libc`.  Using the `syscall` interface instead
isn't usually an option on Solaris because that interface isn't stable.
However, in the case of `SYS_exit` it can be used nonetheless: `SYS_exit`
has remained unchanged since at least Solaris 2.5.1 in 1996, and this is
what this patch does.

Tested on `amd64-pc-solaris2.11`.

Differential Revision: https://reviews.llvm.org/D88404
2020-09-30 16:30:18 +02:00
Anatoly Parshintsev
96034cb3d1 [RISCV][ASAN] implementation of clone interceptor for riscv64
[4/11] patch series to port ASAN for riscv64

Depends On D87572

Reviewed By: eugenis, vitalybuka

Differential Revision: https://reviews.llvm.org/D87573
2020-09-22 22:11:20 -07:00
Alex Richardson
7be8682921 [tsan] Fix "failed to intercept sysctlnametomib" on FreeBSD
The sysctlnametomib function is called from __tsan::Initialize via
__sanitizer::internal_sysctlbyname (see stack trace below). This results
in a fatal error since sysctlnametomib has not been intercepted yet.
This patch allows internal_sysctlbyname to be called before
__tsan::Initialize() has completed. On FreeBSD >= 1300045 sysctlbyname()
is a real syscall, but for older versions it calls sysctlnametomib()
followed by sysctl(). To avoid calling the intercepted version, look up
the real sysctlnametomib() followed by internal_sysctl() if the
syscall is not available.

This reduces check-sanitizer failures from 62 to 11 for me.

==34433==FATAL: ThreadSanitizer: failed to intercept sysctlnametomib
    at /exports/users/alr48/sources/upstream-llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:51
    name=0x7fffffffce10, namelenp=0x7fffffffce08)
    at /exports/users/alr48/sources/upstream-llvm-project/compiler-rt/lib/tsan/../sanitizer_common/sanitizer_common_interceptors.inc:7908
    oldp=0x7fffffffcf2c, oldlenp=0x7fffffffcf20, newp=0x0, newlen=0)
    at /exports/users/alr48/sources/upstream-llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp:803
    at /exports/users/alr48/sources/upstream-llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp:2152
    at /exports/users/alr48/sources/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp:367
    fname=0x21c731 "readlink", pc=34366042556)
    at /exports/users/alr48/sources/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:255
    bufsiz=1024)
    at /exports/users/alr48/sources/upstream-llvm-project/compiler-rt/lib/tsan/../sanitizer_common/sanitizer_common_interceptors.inc:7151

Reviewed By: #sanitizers, vitalybuka

Differential Revision: https://reviews.llvm.org/D85292
2020-09-01 18:25:22 +01:00
Peter Collingbourne
9f8c4039f2 sanitizer_common: Introduce internal_madvise and start using it.
A recent change to sanitizer_common caused us to issue the syscall
madvise(MADV_HUGEPAGE) during HWASAN initialization. This may lead to a
problem if madvise is instrumented (e.g. because libc is instrumented
or the user intercepted it). For example, on Android the syscall may
fail if the kernel does not support transparent hugepages, which leads
to an attempt to set errno in a HWASAN instrumented function. Avoid
this problem by introducing a syscall wrapper and using it to issue
this syscall.

Tested only on Linux; includes untested updates for the other
platforms.

Differential Revision: https://reviews.llvm.org/D85870
2020-08-13 13:09:02 -07:00
Rainer Orth
f0e9b76c35 [compiler-rt][sanitizers] Fix GetPcSpBp determination of SP on 32-bit Solaris/x86
A dozen 32-bit `AddressSanitizer` testcases FAIL on the latest beta of Solaris 11.4/x86, e.g.
`AddressSanitizer-i386-sunos :: TestCases/null_deref.cpp` produces

  AddressSanitizer:DEADLYSIGNAL
  =================================================================
  ==29274==ERROR: AddressSanitizer: stack-overflow on address 0x00000028 (pc 0x08135efd bp 0xfeffdfd8 sp 0x00000000 T0)
      #0 0x8135efd in NullDeref(int*) /vol/llvm/src/llvm-project/dist/compiler-rt/test/asan/TestCases/null_deref.cpp:15:10
      #1 0x8135ea6 in main /vol/llvm/src/llvm-project/dist/compiler-rt/test/asan/TestCases/null_deref.cpp:21:3
      #2 0x8084b85 in _start (null_deref.cpp.tmp+0x8084b85)

   SUMMARY: AddressSanitizer: stack-overflow /vol/llvm/src/llvm-project/dist/compiler-rt/test/asan/TestCases/null_deref.cpp:15:10 in NullDeref(int*)
  ==29274==ABORTING

instead of the expected

  AddressSanitizer:DEADLYSIGNAL
  =================================================================
  ==29276==ERROR: AddressSanitizer: SEGV on unknown address 0x00000028 (pc 0x08135f1f bp 0xfeffdf48 sp 0xfeffdf40 T0)
  ==29276==The signal is caused by a WRITE memory access.
  ==29276==Hint: address points to the zero page.
      #0 0x8135f1f in NullDeref(int*) /vol/llvm/src/llvm-project/local/compiler-rt/test/asan/TestCases/null_deref.cpp:15:10
      #1 0x8135efa in main /vol/llvm/src/llvm-project/local/compiler-rt/test/asan/TestCases/null_deref.cpp:21:3
      #2 0x8084be5 in _start (null_deref.cpp.tmp+0x8084be5)

  AddressSanitizer can not provide additional info.
   SUMMARY: AddressSanitizer: SEGV /vol/llvm/src/llvm-project/local/compiler-rt/test/asan/TestCases/null_deref.cpp:15:10 in NullDeref(int*)
  ==29276==ABORTING

I managed to trace this to a change in `<sys/regset.h>`: previously the header would
primarily define the short register indices (like `UESP`). While they are required by the
i386 psABI, they are only required in `<ucontext.h>` and could previously leak into
unsuspecting user code, polluting the namespace and requiring elaborate workarounds
like that in `llvm/include/llvm/Support/Solaris/sys/regset.h`. The change fixed that by restricting
the definition of the short forms appropriately, at the same time defining all `REG_` prefixed
forms for compatiblity with other systems.  This exposed a bug in `compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp`, however:
Previously, the index for the user stack pointer would be hardcoded if `REG_ESP`
wasn't defined. Now with that definition present, it turned out that `REG_ESP` was the wrong index to use: the previous value 17 (and `REG_SP`) corresponds to `REG_UESP`
instead.

With that change, the failures are all gone.

Tested on `amd-pc-solaris2.11`.

Differential Revision: https://reviews.llvm.org/D83664
2020-07-14 12:56:18 +02:00
Eric Christopher
371c94fca0 Fix a typo in an error message. 2020-07-08 20:43:05 -07:00
Vitaly Buka
55ed35ecb9 [sanitizer] Avoid unneeded deferefence 2020-06-11 00:17:32 -07:00
Dmitry Vyukov
efeb35e195 tsan: disable ASLR in Go test on NetBSD
Tsan does not support ASLR on NetBSD.
Disable ASLR in the Go test and extend
the error message to be more actionable.

Reported-by: Keith Randall (khr)
2020-04-11 09:46:45 +02:00
Ilya Leoshkevich
aaba9a7761 [compiler-rt] Don't use __libc_stack_end on ARM
Summary:
Commit b684c1a50f70 ("Add a `Symbolizer::GetEnvP()` method that allows
symbolizer implementations to customise the environment of the
symbolizer binary.") exposed a latent ARM issue, and that broke

http://lab.llvm.org:8011/builders/clang-cmake-thumbv7-full-sh

This coincided with breakage caused by my commit 5f5fb56c68e4
("[compiler-rt] Intercept the uname() function"), so I had to
investigate.

The issue is that GetArgsAndEnv does not work on ARM: there glibc's
_start overwrites argc value stored at __libc_start_end, breaking the
existing argv/envp parsing logic.

Fix by inferring argc from argv.

Reviewers: eugenis, vitalybuka

Reviewed By: eugenis

Subscribers: dberris, kristof.beyls, danielkiss, #sanitizers, delcypher

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D77400
2020-04-08 14:25:59 +02:00
Dmitry Vyukov
2db63723a8 tsan: fix Go/ppc build
PPC now requires ReExec due to ASLR.
Pull in more functions for Go build.

Suggested-by: Keith Randall (khr)
2020-04-07 16:40:59 +02:00
Luís Marques
ad1466f8cb [sanitizer][RISCV] Implement SignalContext::GetWriteFlag for RISC-V
This patch follows the approach also used for MIPS, where we decode the
offending instruction to determine if the fault was caused by a read or
write operation, as that seems to be the only relevant information we have
in the signal context structure to determine that.

Differential Revision: https://reviews.llvm.org/D75168
2020-03-26 19:55:35 +00:00
Ilya Leoshkevich
2ca7fe3796 [compiler-rt] Use uname syscall in GetKernelAreaSize()
Commit 5f5fb56c68e4 ("[compiler-rt] Intercept the uname() function")
broke clang-cmake-thumbv7-full-sh build:

http://lab.llvm.org:8011/builders/clang-cmake-thumbv7-full-sh/builds/4296

This also affects i386.

The reason is that intercepted uname() is called by GetKernelAreaSize()
during ASAN initialization on 32-bit platforms, but the respective
interceptor is not initialized yet at this point, leading to null
pointer dereference.

Introduce internal_uname() wrapper around uname syscall, and use it in
GetKernelAreaSize() and in FixedCVE_2016_2143().

Author: Ilya Leoshkevich
Reviewed By: Evgenii Stepanov

Differential Revision: https://reviews.llvm.org/D76776
2020-03-26 13:35:09 +01:00
Dmitry Vyukov
5f149ef51f compiler-rt: allow golang race detector to run on musl-c
tsan while used by golang's race detector was not working on alpine
linux, since it is using musl-c instead of glibc. Since alpine is very
popular distribution for container deployments, having working race
detector would be nice. This commits adds some ifdefs to get it working.

It fixes https://github.com/golang/go/issues/14481 on golang's issue tracker.

Reviewed-in: https://reviews.llvm.org/D75849
Author: graywolf-at-work (Tomas Volf)
2020-03-25 17:05:45 +01:00
Kamil Rytarowski
b664321ff1 [compiler-rt] Restrict sanitizer_linux.cpp dlinfo(3) to FreeBSD
FreeBSD is currently the only user in this file.
Accessing this symbol on Linux does not work as is.
2020-02-11 12:10:03 +01:00
Dimitry Andric
52f2df1ecd [Sanitizers] Get link map on FreeBSD and NetBSD via documented API
Summary:
Instead of hand-crafting an offset into the structure returned by
dlopen(3) to get at the link map, use the documented API.  This is
described in dlinfo(3): by calling it with `RTLD_DI_LINKMAP`, the
dynamic linker ensures the right address is returned.

This is a recommit of 92e267a94dc4272511be674062f8a3e8897b7083, with
dlinfo(3) expliclity being referenced only for FreeBSD, non-Android
Linux, NetBSD and Solaris.  Other OSes will have to add their own
implementation.

Reviewers: devnexen, emaste, MaskRay, krytarowski

Reviewed By: krytarowski

Subscribers: krytarowski, vitalybuka, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D73990
2020-02-10 23:43:20 +01:00
Dimitry Andric
480eea4e45 Revert "[Sanitizers] Get link map on FreeBSD via documented API"
This reverts commit 92e267a94dc4272511be674062f8a3e8897b7083, as it
appears Android is missing dlinfo(3).
2020-02-10 23:26:33 +01:00
Dimitry Andric
92e267a94d [Sanitizers] Get link map on FreeBSD via documented API
Summary:
Instead of hand-crafting an offset into the structure returned by
dlopen(3) to get at the link map, use the documented API.  This is
described in dlinfo(3): by calling it with `RTLD_DI_LINKMAP`, the
dynamic linker ensures the right address is returned.

Reviewers: devnexen, emaste, MaskRay, krytarowski

Reviewed By: krytarowski

Subscribers: krytarowski, vitalybuka, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D73990
2020-02-10 19:21:19 +01:00
Evgenii Stepanov
966b5182ba Change internal_start_thread arguments to match pthread_create.
This avoids a CFI-unfriendly function pointer type cast in
internal_start_thread.
2020-01-23 13:15:16 -08:00
Lirong Yuan
a5a6fd3f95 Summary: update macro for OFF_T so that sanitizer works on AARCH64.
Reviewers: vitalybuka, eugenis, MaskRay

Reviewed By: eugenis, MaskRay

Subscribers: MaskRay, kristof.beyls, #sanitizers, llvm-commits, jkz, scw

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D72367
2020-01-10 13:34:49 -08:00
Sam Elliott
977205b595 [Sanitizers] Add support for RISC-V 64-bit
Summary:
This has been tested with gcc trunk on openSUSE Tumbleweed on the HiFive Unleashed.

Patch by Andreas Schwab (schwab)

Reviewers: luismarques

Reviewed By: luismarques

Subscribers: mhorne, emaste, luismarques, asb, mgorny, fedor.sergeev, simoncook, kito-cheng, shiva0217, rogfer01, rkruppe, lenary, s.egerton, #sanitizers, llvm-commits

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D66870
2019-10-23 14:12:52 +01:00
Sam Elliott
d4b7a60b92 Revert [Sanitizers] Add support for RISC-V 64-bit
This reverts r375132 (git commit 00bbe990c5d4472d5413479a539b3d6edbb3ca7a)

llvm-svn: 375136
2019-10-17 17:24:28 +00:00
Sam Elliott
00bbe990c5 [Sanitizers] Add support for RISC-V 64-bit
Summary:
This has been tested with gcc trunk on openSUSE Tumbleweed on the HiFive Unleashed.

Patch by Andreas Schwab (schwab)

Reviewers: luismarques

Reviewed By: luismarques

Subscribers: mhorne, emaste, luismarques, asb, mgorny, fedor.sergeev, simoncook, kito-cheng, shiva0217, rogfer01, rkruppe, lenary, s.egerton, #sanitizers, llvm-commits

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D66870

llvm-svn: 375132
2019-10-17 16:36:27 +00:00
Julian Lettner
99c9d7bd63 Reland "[ASan] Do not misrepresent high value address dereferences as null dereferences"
Updated: Removed offending TODO comment.

Dereferences with addresses above the 48-bit hardware addressable range
produce "invalid instruction" (instead of "invalid access") hardware
exceptions (there is no hardware address decoding logic for those bits),
and the address provided by this exception is the address of the
instruction (not the faulting address).  The kernel maps the "invalid
instruction" to SEGV, but fails to provide the real fault address.

Because of this ASan lies and says that those cases are null
dereferences.  This downgrades the severity of a found bug in terms of
security.  In the ASan signal handler, we can not provide the real
faulting address, but at least we can try not to lie.

rdar://50366151

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D68676

> llvm-svn: 374265

llvm-svn: 374384
2019-10-10 17:19:58 +00:00
Russell Gallop
c48e0873af Revert "[ASan] Do not misrepresent high value address dereferences as null dereferences"
As it was breaking bots running sanitizer lint check

This reverts r374265 (git b577efe4567f1f6a711ad36e1d17280dd1c4f009)

llvm-svn: 374308
2019-10-10 10:56:52 +00:00
Julian Lettner
b577efe456 [ASan] Do not misrepresent high value address dereferences as null dereferences
Dereferences with addresses above the 48-bit hardware addressable range
produce "invalid instruction" (instead of "invalid access") hardware
exceptions (there is no hardware address decoding logic for those bits),
and the address provided by this exception is the address of the
instruction (not the faulting address).  The kernel maps the "invalid
instruction" to SEGV, but fails to provide the real fault address.

Because of this ASan lies and says that those cases are null
dereferences.  This downgrades the severity of a found bug in terms of
security.  In the ASan signal handler, we can not provide the real
faulting address, but at least we can try not to lie.

rdar://50366151

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D68676

llvm-svn: 374265
2019-10-10 00:33:04 +00:00
Kamil Rytarowski
02519fc7a6 Add getauxval() compat for NetBSD
Summary:
getauxval() is not available on NetBSD and there is no a direct equivalent.

Add a function that implements the same semantics with NetBSD internals.

Reorder the GetPageSize() functions to prefer the sysctl approach for NetBSD.
It no longer makes a difference which approach is better. Avoid changing
conditional code path.

Reviewers: vitalybuka, dvyukov, mgorny, joerg

Reviewed By: vitalybuka

Subscribers: llvm-commits, #sanitizers

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D67329

llvm-svn: 371758
2019-09-12 18:57:58 +00:00
David Carlier
f2003f4cb8 Fixing buildbot due to style.
llvm-svn: 369711
2019-08-22 21:53:21 +00:00
David Carlier
e2ed800d62 [Sanitizer] checks ASLR on FreeBSD
- Especially MemorySanitizer fails if those sysctl configs are enabled.

Reviewers: vitalybuka, emaste, dim

Reviewed By: dim

Differential Revision: https://reviews.llvm.org/D66582

llvm-svn: 369708
2019-08-22 21:36:35 +00:00
Nico Weber
65492d959b compiler-rt: Rename .cc file in lib/sanitizer_common to .cpp
See https://reviews.llvm.org/D58620 for discussion, and for the commands
I ran. In addition I also ran

  for f in $(svn diff | diffstat | grep .cc | cut -f 2 -d ' '); do rg $f . ; done

and manually updated (many) references to renamed files found by that.

llvm-svn: 367463
2019-07-31 18:51:27 +00:00