parent
31a2443317
commit
dec0f76c14
|
@ -53,7 +53,7 @@ static inline bool QuickCheckForUnpoisonedRegion(uptr beg, uptr size) {
|
|||
} while (0)
|
||||
|
||||
#define ASAN_READ_RANGE(offset, size) ACCESS_MEMORY_RANGE(offset, size, false)
|
||||
#define ASAN_WRITE_RANGE(offset, size) ACCESS_MEMORY_RANGE(offset, size, true);
|
||||
#define ASAN_WRITE_RANGE(offset, size) ACCESS_MEMORY_RANGE(offset, size, true)
|
||||
|
||||
// Behavior of functions like "memcpy" or "strcpy" is undefined
|
||||
// if memory intervals overlap. We report error in this case.
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
// RUN: %clangxx_asan -O0 %s -o %t && %t
|
||||
// RUN: %clangxx_asan -DPOSITIVE -O0 %s -o %t && %t 2>&1 | %symbolize | FileCheck %s
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/ptrace.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/user.h>
|
||||
#include <sys/wait.h>
|
||||
#include <unistd.h>
|
||||
|
||||
int main(void) {
|
||||
pid_t pid;
|
||||
pid = fork();
|
||||
if (pid == 0) { // child
|
||||
ptrace(PTRACE_TRACEME, 0, NULL, NULL);
|
||||
execl("/bin/true", "true", NULL);
|
||||
} else {
|
||||
wait(NULL);
|
||||
user_regs_struct regs;
|
||||
int res;
|
||||
user_regs_struct * volatile pregs = ®s;
|
||||
#ifdef POSITIVE
|
||||
++pregs;
|
||||
#endif
|
||||
res = ptrace(PTRACE_GETREGS, pid, NULL, pregs);
|
||||
// CHECK: AddressSanitizer: stack-buffer-overflow
|
||||
// CHECK: {{.*ptrace.cc:}}[[@LINE-2]]
|
||||
assert(!res);
|
||||
#if __WORDSIZE == 64
|
||||
printf("%zx\n", regs.rip);
|
||||
#else
|
||||
printf("%lx\n", regs.eip);
|
||||
#endif
|
||||
|
||||
user_fpregs_struct fpregs;
|
||||
res = ptrace(PTRACE_GETFPREGS, pid, NULL, &fpregs);
|
||||
assert(!res);
|
||||
printf("%lx\n", (unsigned long)fpregs.cwd);
|
||||
|
||||
#if __WORDSIZE == 32
|
||||
user_fpxregs_struct fpxregs;
|
||||
res = ptrace(PTRACE_GETFPXREGS, pid, NULL, &fpxregs);
|
||||
assert(!res);
|
||||
printf("%lx\n", (unsigned long)fpxregs.mxcsr);
|
||||
#endif
|
||||
|
||||
ptrace(PTRACE_CONT, pid, NULL, NULL);
|
||||
wait(NULL);
|
||||
}
|
||||
return 0;
|
||||
}
|
|
@ -0,0 +1,36 @@
|
|||
// RUN: %clangxx_msan -m64 -O0 %s -o %t && %t
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/ptrace.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/user.h>
|
||||
#include <sys/wait.h>
|
||||
#include <unistd.h>
|
||||
|
||||
int main(void) {
|
||||
pid_t pid;
|
||||
pid = fork();
|
||||
if (pid == 0) { // child
|
||||
ptrace(PTRACE_TRACEME, 0, NULL, NULL);
|
||||
execl("/bin/true", "true", NULL);
|
||||
} else {
|
||||
wait(NULL);
|
||||
user_regs_struct regs;
|
||||
int res;
|
||||
res = ptrace(PTRACE_GETREGS, pid, NULL, ®s);
|
||||
assert(!res);
|
||||
if (regs.rip)
|
||||
printf("%zx\n", regs.rip);
|
||||
|
||||
user_fpregs_struct fpregs;
|
||||
res = ptrace(PTRACE_GETFPREGS, pid, NULL, &fpregs);
|
||||
assert(!res);
|
||||
if (fpregs.mxcsr)
|
||||
printf("%x\n", fpregs.mxcsr);
|
||||
|
||||
ptrace(PTRACE_CONT, pid, NULL, NULL);
|
||||
wait(NULL);
|
||||
}
|
||||
return 0;
|
||||
}
|
|
@ -70,8 +70,10 @@ bool IsInInterceptorScope() {
|
|||
|
||||
// Check that [x, x+n) range is unpoisoned unless we are in a nested
|
||||
// interceptor.
|
||||
#define CHECK_UNPOISONED(x, n) \
|
||||
if (!IsInInterceptorScope()) CHECK_UNPOISONED_0(x, n);
|
||||
#define CHECK_UNPOISONED(x, n) \
|
||||
do { \
|
||||
if (!IsInInterceptorScope()) CHECK_UNPOISONED_0(x, n); \
|
||||
} while (0);
|
||||
|
||||
static void *fast_memset(void *ptr, int c, SIZE_T n);
|
||||
static void *fast_memcpy(void *dst, const void *src, SIZE_T n);
|
||||
|
@ -969,14 +971,16 @@ struct MSanInterceptorContext {
|
|||
|
||||
// A version of CHECK_UNPOISED using a saved scope value. Used in common
|
||||
// interceptors.
|
||||
#define CHECK_UNPOISONED_CTX(ctx, x, n) \
|
||||
if (!((MSanInterceptorContext *) ctx)->in_interceptor_scope) \
|
||||
CHECK_UNPOISONED_0(x, n);
|
||||
#define CHECK_UNPOISONED_CTX(ctx, x, n) \
|
||||
do { \
|
||||
if (!((MSanInterceptorContext *)ctx)->in_interceptor_scope) \
|
||||
CHECK_UNPOISONED_0(x, n); \
|
||||
} while (0)
|
||||
|
||||
#define COMMON_INTERCEPTOR_WRITE_RANGE(ctx, ptr, size) \
|
||||
__msan_unpoison(ptr, size)
|
||||
#define COMMON_INTERCEPTOR_READ_RANGE(ctx, ptr, size) \
|
||||
CHECK_UNPOISONED_CTX(ctx, ptr, size);
|
||||
CHECK_UNPOISONED_CTX(ctx, ptr, size)
|
||||
#define COMMON_INTERCEPTOR_ENTER(ctx, func, ...) \
|
||||
if (msan_init_is_running) return REAL(func)(__VA_ARGS__); \
|
||||
MSanInterceptorContext msan_ctx = {IsInInterceptorScope()}; \
|
||||
|
|
|
@ -1327,6 +1327,53 @@ INTERCEPTOR(int, readdir64_r, void *dirp, __sanitizer_dirent64 *entry, __sanitiz
|
|||
#define INIT_READDIR64
|
||||
#endif
|
||||
|
||||
#if SANITIZER_INTERCEPT_PTRACE
|
||||
INTERCEPTOR(uptr, ptrace, int request, int pid, void *addr, void *data) {
|
||||
void *ctx;
|
||||
COMMON_INTERCEPTOR_ENTER(ctx, ptrace, request, pid, addr, data);
|
||||
|
||||
if (data) {
|
||||
if (request == ptrace_setregs)
|
||||
COMMON_INTERCEPTOR_READ_RANGE(ctx, data, struct_user_regs_struct_sz);
|
||||
else if (request == ptrace_setfpregs)
|
||||
COMMON_INTERCEPTOR_READ_RANGE(ctx, data, struct_user_fpregs_struct_sz);
|
||||
else if (request == ptrace_setfpxregs)
|
||||
COMMON_INTERCEPTOR_READ_RANGE(ctx, data, struct_user_fpxregs_struct_sz);
|
||||
else if (request == ptrace_setsiginfo)
|
||||
COMMON_INTERCEPTOR_READ_RANGE(ctx, data, siginfo_t_sz);
|
||||
else if (request == ptrace_setregset) {
|
||||
__sanitizer_iovec *iov = (__sanitizer_iovec *)data;
|
||||
COMMON_INTERCEPTOR_READ_RANGE(ctx, iov->iov_base, iov->iov_len);
|
||||
}
|
||||
}
|
||||
|
||||
uptr res = REAL(ptrace)(request, pid, addr, data);
|
||||
|
||||
if (!res && data) {
|
||||
// Note that PEEK* requests assing different meaning to the return value.
|
||||
// This function does not handle them (nor does it need to).
|
||||
if (request == ptrace_getregs)
|
||||
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, data, struct_user_regs_struct_sz);
|
||||
else if (request == ptrace_getfpregs)
|
||||
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, data, struct_user_fpregs_struct_sz);
|
||||
else if (request == ptrace_getfpxregs)
|
||||
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, data, struct_user_fpxregs_struct_sz);
|
||||
else if (request == ptrace_getsiginfo)
|
||||
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, data, siginfo_t_sz);
|
||||
else if (request == ptrace_getregset) {
|
||||
__sanitizer_iovec *iov = (__sanitizer_iovec *)data;
|
||||
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, iov->iov_base, iov->iov_len);
|
||||
}
|
||||
}
|
||||
return res;
|
||||
}
|
||||
|
||||
#define INIT_PTRACE \
|
||||
INTERCEPT_FUNCTION(ptrace);
|
||||
#else
|
||||
#define INIT_PTRACE
|
||||
#endif
|
||||
|
||||
|
||||
#define SANITIZER_COMMON_INTERCEPTORS_INIT \
|
||||
INIT_STRCASECMP; \
|
||||
|
@ -1371,4 +1418,5 @@ INTERCEPTOR(int, readdir64_r, void *dirp, __sanitizer_dirent64 *entry, __sanitiz
|
|||
INIT_INET_ATON; \
|
||||
INIT_SYSINFO; \
|
||||
INIT_READDIR; \
|
||||
INIT_READDIR64;
|
||||
INIT_READDIR64; \
|
||||
INIT_PTRACE;
|
||||
|
|
|
@ -94,5 +94,6 @@
|
|||
# define SANITIZER_INTERCEPT_SYSINFO SI_LINUX
|
||||
# define SANITIZER_INTERCEPT_READDIR SI_NOT_WINDOWS
|
||||
# define SANITIZER_INTERCEPT_READDIR64 SI_LINUX_NOT_ANDROID
|
||||
# define SANITIZER_INTERCEPT_PTRACE SI_LINUX
|
||||
|
||||
#endif // #ifndef SANITIZER_PLATFORM_INTERCEPTORS_H
|
||||
|
|
|
@ -41,7 +41,9 @@
|
|||
|
||||
#if SANITIZER_LINUX
|
||||
#include <sys/mount.h>
|
||||
#include <sys/ptrace.h>
|
||||
#include <sys/sysinfo.h>
|
||||
#include <sys/user.h>
|
||||
#include <sys/vt.h>
|
||||
#include <linux/cdrom.h>
|
||||
#include <linux/fd.h>
|
||||
|
@ -160,6 +162,27 @@ namespace __sanitizer {
|
|||
return 0;
|
||||
}
|
||||
|
||||
#ifdef SANITIZER_LINUX
|
||||
unsigned struct_user_regs_struct_sz = sizeof(struct user_regs_struct);
|
||||
unsigned struct_user_fpregs_struct_sz = sizeof(struct user_fpregs_struct);
|
||||
#if __WORDSIZE == 64
|
||||
unsigned struct_user_fpxregs_struct_sz = 0;
|
||||
#else
|
||||
unsigned struct_user_fpxregs_struct_sz = sizeof(struct user_fpxregs_struct);
|
||||
#endif
|
||||
|
||||
int ptrace_getregs = PTRACE_GETREGS;
|
||||
int ptrace_setregs = PTRACE_SETREGS;
|
||||
int ptrace_getfpregs = PTRACE_GETFPREGS;
|
||||
int ptrace_setfpregs = PTRACE_SETFPREGS;
|
||||
int ptrace_getfpxregs = PTRACE_GETFPXREGS;
|
||||
int ptrace_setfpxregs = PTRACE_SETFPXREGS;
|
||||
int ptrace_getsiginfo = PTRACE_GETSIGINFO;
|
||||
int ptrace_setsiginfo = PTRACE_SETSIGINFO;
|
||||
int ptrace_getregset = PTRACE_GETREGSET;
|
||||
int ptrace_setregset = PTRACE_SETREGSET;
|
||||
#endif
|
||||
|
||||
// ioctl arguments
|
||||
unsigned struct_arpreq_sz = sizeof(struct arpreq);
|
||||
unsigned struct_ifreq_sz = sizeof(struct ifreq);
|
||||
|
|
|
@ -180,6 +180,23 @@ namespace __sanitizer {
|
|||
char **h_addr_list;
|
||||
};
|
||||
|
||||
#ifdef SANITIZER_LINUX
|
||||
extern unsigned struct_user_regs_struct_sz;
|
||||
extern unsigned struct_user_fpregs_struct_sz;
|
||||
extern unsigned struct_user_fpxregs_struct_sz;
|
||||
|
||||
extern int ptrace_getregs;
|
||||
extern int ptrace_setregs;
|
||||
extern int ptrace_getfpregs;
|
||||
extern int ptrace_setfpregs;
|
||||
extern int ptrace_getfpxregs;
|
||||
extern int ptrace_setfpxregs;
|
||||
extern int ptrace_getsiginfo;
|
||||
extern int ptrace_setsiginfo;
|
||||
extern int ptrace_getregset;
|
||||
extern int ptrace_setregset;
|
||||
#endif
|
||||
|
||||
// ioctl arguments
|
||||
struct __sanitizer_ifconf {
|
||||
int ifc_len;
|
||||
|
|
|
@ -335,6 +335,7 @@ void StatOutput(u64 *stat) {
|
|||
name[StatInt_readdir64] = " readdir64 ";
|
||||
name[StatInt_readdir_r] = " readdir_r ";
|
||||
name[StatInt_readdir64_r] = " readdir64_r ";
|
||||
name[StatInt_ptrace] = " ptrace ";
|
||||
|
||||
name[StatAnnotation] = "Dynamic annotations ";
|
||||
name[StatAnnotateHappensBefore] = " HappensBefore ";
|
||||
|
|
|
@ -330,6 +330,7 @@ enum StatType {
|
|||
StatInt_readdir64,
|
||||
StatInt_readdir_r,
|
||||
StatInt_readdir64_r,
|
||||
StatInt_ptrace,
|
||||
|
||||
// Dynamic annotations.
|
||||
StatAnnotation,
|
||||
|
|
Loading…
Reference in New Issue