[compiler-rt] Fix ptrace interceptor for aarch64
This patch fixes the ptrace interceptor for aarch64. The PTRACE_GETREGSET ptrace syscall with with invalid memory might zero the iovec::iov_base field and then masking the subsequent check after the syscall (since it will be 0 and it will not trigger an invalid access). The fix is to copy the value on a local variable and use its value on the checks. The patch also adds more coverage on the Linux/ptrace.cc testcase by addding check for PTRACE_GETREGSET for both general and floating registers (aarch64 definitions added only). llvm-svn: 251331
This commit is contained in:
parent
7963ea1996
commit
6153ecc4fd
|
@ -2446,6 +2446,7 @@ INTERCEPTOR(int, readdir64_r, void *dirp, __sanitizer_dirent64 *entry,
|
|||
INTERCEPTOR(uptr, ptrace, int request, int pid, void *addr, void *data) {
|
||||
void *ctx;
|
||||
COMMON_INTERCEPTOR_ENTER(ctx, ptrace, request, pid, addr, data);
|
||||
__sanitizer_iovec local_iovec;
|
||||
|
||||
if (data) {
|
||||
if (request == ptrace_setregs)
|
||||
|
@ -2458,9 +2459,15 @@ INTERCEPTOR(uptr, ptrace, int request, int pid, void *addr, void *data) {
|
|||
COMMON_INTERCEPTOR_READ_RANGE(ctx, data, struct_user_vfpregs_struct_sz);
|
||||
else if (request == ptrace_setsiginfo)
|
||||
COMMON_INTERCEPTOR_READ_RANGE(ctx, data, siginfo_t_sz);
|
||||
else if (request == ptrace_setregset) {
|
||||
__sanitizer_iovec *iov = (__sanitizer_iovec *)data;
|
||||
COMMON_INTERCEPTOR_READ_RANGE(ctx, iov->iov_base, iov->iov_len);
|
||||
// Some kernel might zero the iovec::iov_base in case of invalid
|
||||
// write access. In this case copy the invalid address for further
|
||||
// inspection.
|
||||
else if (request == ptrace_setregset || request == ptrace_getregset) {
|
||||
__sanitizer_iovec *iovec = (__sanitizer_iovec*)data;
|
||||
COMMON_INTERCEPTOR_READ_RANGE(ctx, iovec, sizeof(*iovec));
|
||||
local_iovec = *iovec;
|
||||
if (request == ptrace_setregset)
|
||||
COMMON_INTERCEPTOR_READ_RANGE(ctx, iovec->iov_base, iovec->iov_len);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -2485,8 +2492,10 @@ INTERCEPTOR(uptr, ptrace, int request, int pid, void *addr, void *data) {
|
|||
else if (request == ptrace_geteventmsg)
|
||||
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, data, sizeof(unsigned long));
|
||||
else if (request == ptrace_getregset) {
|
||||
__sanitizer_iovec *iov = (__sanitizer_iovec *)data;
|
||||
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, iov->iov_base, iov->iov_len);
|
||||
__sanitizer_iovec *iovec = (__sanitizer_iovec*)data;
|
||||
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, iovec, sizeof(*iovec));
|
||||
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, local_iovec.iov_base,
|
||||
local_iovec.iov_len);
|
||||
}
|
||||
}
|
||||
return res;
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
//
|
||||
// RUN: %clangxx_asan -O0 %s -o %t && %run %t
|
||||
// RUN: %clangxx_asan -DPOSITIVE -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
|
||||
// REQUIRES: x86_64-supported-target,i386-supported-target
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdio.h>
|
||||
|
@ -12,6 +11,55 @@
|
|||
#include <sys/user.h>
|
||||
#include <sys/wait.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/uio.h> // for iovec
|
||||
#include <elf.h> // for NT_PRSTATUS
|
||||
#ifdef __aarch64__
|
||||
# include <asm/ptrace.h>
|
||||
#endif
|
||||
|
||||
#if defined(__i386__) || defined(__x86_64__)
|
||||
typedef user_regs_struct regs_struct;
|
||||
typedef user_fpregs_struct fpregs_struct;
|
||||
#if defined(__i386__)
|
||||
#define REG_IP eip
|
||||
#else
|
||||
#define REG_IP rip
|
||||
#endif
|
||||
#define PRINT_REG_PC(__regs) printf ("%lx\n", (unsigned long) (__regs.REG_IP))
|
||||
#define PRINT_REG_FP(__fpregs) printf ("%lx\n", (unsigned long) (__fpregs.cwd))
|
||||
#define __PTRACE_FPREQUEST PTRACE_GETFPREGS
|
||||
|
||||
#elif defined(__aarch64__)
|
||||
typedef struct user_pt_regs regs_struct;
|
||||
typedef struct user_fpsimd_state fpregs_struct;
|
||||
#define PRINT_REG_PC(__regs) printf ("%x\n", (unsigned) (__regs.pc))
|
||||
#define PRINT_REG_FP(__fpregs) printf ("%x\n", (unsigned) (__fpregs.fpsr))
|
||||
#define ARCH_IOVEC_FOR_GETREGSET
|
||||
|
||||
#elif defined(__powerpc64__)
|
||||
typedef struct pt_regs regs_struct;
|
||||
typedef elf_fpregset_t fpregs_struct;
|
||||
#define PRINT_REG_PC(__regs) printf ("%lx\n", (unsigned long) (__regs.nip))
|
||||
#define PRINT_REG_FP(__fpregs) printf ("%lx\n", (elf_greg_t)fpregs[32])
|
||||
#define ARCH_IOVEC_FOR_GETREGSET
|
||||
|
||||
#elif defined(__mips64)
|
||||
typedef struct pt_regs regs_struct;
|
||||
typedef elf_fpregset_t fpregs_struct;
|
||||
#define PRINT_REG_PC(__regs) printf ("%lx\n", (unsigned long) (__regs.cp0_epc))
|
||||
#define PRINT_REG_FP(__fpregs) printf ("%lx\n", (elf_greg_t) (__fpregs[32]))
|
||||
#define __PTRACE_FPREQUEST PTRACE_GETFPREGS
|
||||
|
||||
#elif defined(__arm__)
|
||||
# include <asm/ptrace.h>
|
||||
# include <sys/procfs.h>
|
||||
typedef struct pt_regs regs_struct;
|
||||
typedef char fpregs_struct[ARM_VFPREGS_SIZE];
|
||||
#define PRINT_REG_PC(__regs) printf ("%x\n", (unsigned) (__regs.ARM_pc))
|
||||
#define PRINT_REG_FP(__fpregs) printf ("%x\n", (unsigned) (__fpregs + 32 * 8))
|
||||
#define __PTRACE_FPREQUEST PTRACE_GETVFPREGS
|
||||
#endif
|
||||
|
||||
|
||||
int main(void) {
|
||||
pid_t pid;
|
||||
|
@ -21,28 +69,48 @@ int main(void) {
|
|||
execl("/bin/true", "true", NULL);
|
||||
} else {
|
||||
wait(NULL);
|
||||
user_regs_struct regs;
|
||||
regs_struct regs;
|
||||
regs_struct* volatile pregs = ®s;
|
||||
#ifdef ARCH_IOVEC_FOR_GETREGSET
|
||||
struct iovec regset_io;
|
||||
#endif
|
||||
int res;
|
||||
user_regs_struct * volatile pregs = ®s;
|
||||
|
||||
#ifdef POSITIVE
|
||||
++pregs;
|
||||
#endif
|
||||
res = ptrace(PTRACE_GETREGS, pid, NULL, pregs);
|
||||
|
||||
#ifdef ARCH_IOVEC_FOR_GETREGSET
|
||||
# define __PTRACE_REQUEST PTRACE_GETREGSET
|
||||
# define __PTRACE_ARGS (void*)NT_PRSTATUS, (void*)®set_io
|
||||
regset_io.iov_base = pregs;
|
||||
regset_io.iov_len = sizeof(regs_struct);
|
||||
#else
|
||||
# define __PTRACE_REQUEST PTRACE_GETREGS
|
||||
# define __PTRACE_ARGS NULL, pregs
|
||||
#endif
|
||||
res = ptrace((enum __ptrace_request)__PTRACE_REQUEST, pid, __PTRACE_ARGS);
|
||||
// CHECK: AddressSanitizer: stack-buffer-overflow
|
||||
// CHECK: {{.*ptrace.cc:}}[[@LINE-2]]
|
||||
assert(!res);
|
||||
#ifdef __x86_64__
|
||||
printf("%lx\n", (unsigned long)regs.rip);
|
||||
PRINT_REG_PC(regs);
|
||||
|
||||
fpregs_struct fpregs;
|
||||
#ifdef ARCH_IOVEC_FOR_GETREGSET
|
||||
# define __PTRACE_FPREQUEST PTRACE_GETREGSET
|
||||
# define __PTRACE_FPARGS (void*)NT_PRSTATUS, (void*)®set_io
|
||||
regset_io.iov_base = &fpregs;
|
||||
regset_io.iov_len = sizeof(fpregs_struct);
|
||||
res = ptrace((enum __ptrace_request)PTRACE_GETREGSET, pid, (void*)NT_FPREGSET,
|
||||
(void*)®set_io);
|
||||
#else
|
||||
printf("%lx\n", regs.eip);
|
||||
# define __PTRACE_FPARGS NULL, &fpregs
|
||||
#endif
|
||||
|
||||
user_fpregs_struct fpregs;
|
||||
res = ptrace(PTRACE_GETFPREGS, pid, NULL, &fpregs);
|
||||
res = ptrace((enum __ptrace_request)__PTRACE_FPREQUEST, pid, __PTRACE_FPARGS);
|
||||
assert(!res);
|
||||
printf("%lx\n", (unsigned long)fpregs.cwd);
|
||||
PRINT_REG_FP(fpregs);
|
||||
|
||||
#ifndef __x86_64__
|
||||
#ifdef __i386__
|
||||
user_fpxregs_struct fpxregs;
|
||||
res = ptrace(PTRACE_GETFPXREGS, pid, NULL, &fpxregs);
|
||||
assert(!res);
|
||||
|
|
Loading…
Reference in New Issue