[sanitizer] Intercept ptrace.

llvm-svn: 185142

compiler-rt/lib/asan/asan_interceptors.cc

@@ -53,7 +53,7 @@ static inline bool QuickCheckForUnpoisonedRegion(uptr beg, uptr size) {
   } while (0)
 
 #define ASAN_READ_RANGE(offset, size) ACCESS_MEMORY_RANGE(offset, size, false)
-#define ASAN_WRITE_RANGE(offset, size) ACCESS_MEMORY_RANGE(offset, size, true);
+#define ASAN_WRITE_RANGE(offset, size) ACCESS_MEMORY_RANGE(offset, size, true)
 
 // Behavior of functions like "memcpy" or "strcpy" is undefined
 // if memory intervals overlap. We report error in this case.

compiler-rt/lib/asan/lit_tests/TestCases/Linux/ptrace.cc

@@ -0,0 +1,52 @@
+// RUN: %clangxx_asan -O0 %s -o %t && %t
+// RUN: %clangxx_asan -DPOSITIVE -O0 %s -o %t && %t 2>&1 | %symbolize | FileCheck %s
+
+#include <assert.h>
+#include <stdio.h>
+#include <sys/ptrace.h>
+#include <sys/types.h>
+#include <sys/user.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+int main(void) {
+  pid_t pid;
+  pid = fork();
+  if (pid == 0) { // child
+    ptrace(PTRACE_TRACEME, 0, NULL, NULL);
+    execl("/bin/true", "true", NULL);
+  } else {
+    wait(NULL);
+    user_regs_struct regs;
+    int res;
+    user_regs_struct * volatile pregs = &regs;
+#ifdef POSITIVE
+    ++pregs;
+#endif
+    res = ptrace(PTRACE_GETREGS, pid, NULL, pregs);
+    // CHECK: AddressSanitizer: stack-buffer-overflow
+    // CHECK: {{.*ptrace.cc:}}[[@LINE-2]]
+    assert(!res);
+#if __WORDSIZE == 64
+    printf("%zx\n", regs.rip);
+#else
+    printf("%lx\n", regs.eip);
+#endif
+
+    user_fpregs_struct fpregs;
+    res = ptrace(PTRACE_GETFPREGS, pid, NULL, &fpregs);
+    assert(!res);
+    printf("%lx\n", (unsigned long)fpregs.cwd);
+
+#if __WORDSIZE == 32
+    user_fpxregs_struct fpxregs;
+    res = ptrace(PTRACE_GETFPXREGS, pid, NULL, &fpxregs);
+    assert(!res);
+    printf("%lx\n", (unsigned long)fpxregs.mxcsr);
+#endif
+
+    ptrace(PTRACE_CONT, pid, NULL, NULL);
+    wait(NULL);
+  }
+  return 0;
+}

compiler-rt/lib/msan/lit_tests/ptrace.cc

@@ -0,0 +1,36 @@
+// RUN: %clangxx_msan -m64 -O0 %s -o %t && %t
+
+#include <assert.h>
+#include <stdio.h>
+#include <sys/ptrace.h>
+#include <sys/types.h>
+#include <sys/user.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+int main(void) {
+  pid_t pid;
+  pid = fork();
+  if (pid == 0) { // child
+    ptrace(PTRACE_TRACEME, 0, NULL, NULL);
+    execl("/bin/true", "true", NULL);
+  } else {
+    wait(NULL);
+    user_regs_struct regs;
+    int res;
+    res = ptrace(PTRACE_GETREGS, pid, NULL, &regs);
+    assert(!res);
+    if (regs.rip)
+      printf("%zx\n", regs.rip);
+
+    user_fpregs_struct fpregs;
+    res = ptrace(PTRACE_GETFPREGS, pid, NULL, &fpregs);
+    assert(!res);
+    if (fpregs.mxcsr)
+      printf("%x\n", fpregs.mxcsr);
+
+    ptrace(PTRACE_CONT, pid, NULL, NULL);
+    wait(NULL);
+  }
+  return 0;
+}

compiler-rt/lib/msan/msan_interceptors.cc

@@ -70,8 +70,10 @@ bool IsInInterceptorScope() {
 
 // Check that [x, x+n) range is unpoisoned unless we are in a nested
 // interceptor.
-#define CHECK_UNPOISONED(x, n) \
-  if (!IsInInterceptorScope()) CHECK_UNPOISONED_0(x, n);
+#define CHECK_UNPOISONED(x, n)                             \
+  do {                                                     \
+    if (!IsInInterceptorScope()) CHECK_UNPOISONED_0(x, n); \
+  } while (0);
 
 static void *fast_memset(void *ptr, int c, SIZE_T n);
 static void *fast_memcpy(void *dst, const void *src, SIZE_T n);
@@ -969,14 +971,16 @@ struct MSanInterceptorContext {
 
 // A version of CHECK_UNPOISED using a saved scope value. Used in common
 // interceptors.
-#define CHECK_UNPOISONED_CTX(ctx, x, n)                        \
-  if (!((MSanInterceptorContext *) ctx)->in_interceptor_scope) \
-    CHECK_UNPOISONED_0(x, n);
+#define CHECK_UNPOISONED_CTX(ctx, x, n)                         \
+  do {                                                          \
+    if (!((MSanInterceptorContext *)ctx)->in_interceptor_scope) \
+      CHECK_UNPOISONED_0(x, n);                                 \
+  } while (0)
 
 #define COMMON_INTERCEPTOR_WRITE_RANGE(ctx, ptr, size) \
   __msan_unpoison(ptr, size)
 #define COMMON_INTERCEPTOR_READ_RANGE(ctx, ptr, size) \
-  CHECK_UNPOISONED_CTX(ctx, ptr, size);
+  CHECK_UNPOISONED_CTX(ctx, ptr, size)
 #define COMMON_INTERCEPTOR_ENTER(ctx, func, ...)              \
   if (msan_init_is_running) return REAL(func)(__VA_ARGS__);   \
   MSanInterceptorContext msan_ctx = {IsInInterceptorScope()}; \

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc

@@ -1327,6 +1327,53 @@ INTERCEPTOR(int, readdir64_r, void *dirp, __sanitizer_dirent64 *entry, __sanitiz
 #define INIT_READDIR64
 #endif
 
+#if SANITIZER_INTERCEPT_PTRACE
+INTERCEPTOR(uptr, ptrace, int request, int pid, void *addr, void *data) {
+  void *ctx;
+  COMMON_INTERCEPTOR_ENTER(ctx, ptrace, request, pid, addr, data);
+
+  if (data) {
+    if (request == ptrace_setregs)
+      COMMON_INTERCEPTOR_READ_RANGE(ctx, data, struct_user_regs_struct_sz);
+    else if (request == ptrace_setfpregs)
+      COMMON_INTERCEPTOR_READ_RANGE(ctx, data, struct_user_fpregs_struct_sz);
+    else if (request == ptrace_setfpxregs)
+      COMMON_INTERCEPTOR_READ_RANGE(ctx, data, struct_user_fpxregs_struct_sz);
+    else if (request == ptrace_setsiginfo)
+      COMMON_INTERCEPTOR_READ_RANGE(ctx, data, siginfo_t_sz);
+    else if (request == ptrace_setregset) {
+      __sanitizer_iovec *iov = (__sanitizer_iovec *)data;
+      COMMON_INTERCEPTOR_READ_RANGE(ctx, iov->iov_base, iov->iov_len);
+    }
+  }
+
+  uptr res = REAL(ptrace)(request, pid, addr, data);
+
+  if (!res && data) {
+    // Note that PEEK* requests assing different meaning to the return value.
+    // This function does not handle them (nor does it need to).
+    if (request == ptrace_getregs)
+      COMMON_INTERCEPTOR_WRITE_RANGE(ctx, data, struct_user_regs_struct_sz);
+    else if (request == ptrace_getfpregs)
+      COMMON_INTERCEPTOR_WRITE_RANGE(ctx, data, struct_user_fpregs_struct_sz);
+    else if (request == ptrace_getfpxregs)
+      COMMON_INTERCEPTOR_WRITE_RANGE(ctx, data, struct_user_fpxregs_struct_sz);
+    else if (request == ptrace_getsiginfo)
+      COMMON_INTERCEPTOR_WRITE_RANGE(ctx, data, siginfo_t_sz);
+    else if (request == ptrace_getregset) {
+      __sanitizer_iovec *iov = (__sanitizer_iovec *)data;
+      COMMON_INTERCEPTOR_WRITE_RANGE(ctx, iov->iov_base, iov->iov_len);
+    }
+  }
+  return res;
+}
+
+#define INIT_PTRACE           \
+  INTERCEPT_FUNCTION(ptrace);
+#else
+#define INIT_PTRACE
+#endif
+
 
 #define SANITIZER_COMMON_INTERCEPTORS_INIT \
   INIT_STRCASECMP;                         \
@@ -1371,4 +1418,5 @@ INTERCEPTOR(int, readdir64_r, void *dirp, __sanitizer_dirent64 *entry, __sanitiz
   INIT_INET_ATON;                          \
   INIT_SYSINFO;                            \
   INIT_READDIR;                            \
-  INIT_READDIR64;
+  INIT_READDIR64;                          \
+  INIT_PTRACE;

compiler-rt/lib/sanitizer_common/sanitizer_platform_interceptors.h

@@ -94,5 +94,6 @@
 # define SANITIZER_INTERCEPT_SYSINFO SI_LINUX
 # define SANITIZER_INTERCEPT_READDIR SI_NOT_WINDOWS
 # define SANITIZER_INTERCEPT_READDIR64 SI_LINUX_NOT_ANDROID
+# define SANITIZER_INTERCEPT_PTRACE SI_LINUX
 
 #endif  // #ifndef SANITIZER_PLATFORM_INTERCEPTORS_H

compiler-rt/lib/sanitizer_common/sanitizer_platform_limits_posix.cc

@@ -41,7 +41,9 @@
 
 #if SANITIZER_LINUX
 #include <sys/mount.h>
+#include <sys/ptrace.h>
 #include <sys/sysinfo.h>
+#include <sys/user.h>
 #include <sys/vt.h>
 #include <linux/cdrom.h>
 #include <linux/fd.h>
@@ -160,6 +162,27 @@ namespace __sanitizer {
       return 0;
   }
 
+#ifdef SANITIZER_LINUX
+  unsigned struct_user_regs_struct_sz = sizeof(struct user_regs_struct);
+  unsigned struct_user_fpregs_struct_sz = sizeof(struct user_fpregs_struct);
+#if __WORDSIZE == 64
+  unsigned struct_user_fpxregs_struct_sz = 0;
+#else
+  unsigned struct_user_fpxregs_struct_sz = sizeof(struct user_fpxregs_struct);
+#endif
+  
+  int ptrace_getregs = PTRACE_GETREGS;
+  int ptrace_setregs = PTRACE_SETREGS;
+  int ptrace_getfpregs = PTRACE_GETFPREGS;
+  int ptrace_setfpregs = PTRACE_SETFPREGS;
+  int ptrace_getfpxregs = PTRACE_GETFPXREGS;
+  int ptrace_setfpxregs = PTRACE_SETFPXREGS;
+  int ptrace_getsiginfo = PTRACE_GETSIGINFO;
+  int ptrace_setsiginfo = PTRACE_SETSIGINFO;
+  int ptrace_getregset = PTRACE_GETREGSET;
+  int ptrace_setregset = PTRACE_SETREGSET;
+#endif
+
   // ioctl arguments
   unsigned struct_arpreq_sz = sizeof(struct arpreq);
   unsigned struct_ifreq_sz = sizeof(struct ifreq);

compiler-rt/lib/sanitizer_common/sanitizer_platform_limits_posix.h

@@ -180,6 +180,23 @@ namespace __sanitizer {
     char **h_addr_list;
   };
 
+#ifdef SANITIZER_LINUX
+  extern unsigned struct_user_regs_struct_sz;
+  extern unsigned struct_user_fpregs_struct_sz;
+  extern unsigned struct_user_fpxregs_struct_sz;
+
+  extern int ptrace_getregs;
+  extern int ptrace_setregs;
+  extern int ptrace_getfpregs;
+  extern int ptrace_setfpregs;
+  extern int ptrace_getfpxregs;
+  extern int ptrace_setfpxregs;
+  extern int ptrace_getsiginfo;
+  extern int ptrace_setsiginfo;
+  extern int ptrace_getregset;
+  extern int ptrace_setregset;
+#endif
+
   // ioctl arguments
   struct __sanitizer_ifconf {
     int ifc_len;

compiler-rt/lib/tsan/rtl/tsan_stat.cc

@@ -335,6 +335,7 @@ void StatOutput(u64 *stat) {
   name[StatInt_readdir64]                = "  readdir64                       ";
   name[StatInt_readdir_r]                = "  readdir_r                       ";
   name[StatInt_readdir64_r]              = "  readdir64_r                     ";
+  name[StatInt_ptrace]                   = "  ptrace                          ";
 
   name[StatAnnotation]                   = "Dynamic annotations               ";
   name[StatAnnotateHappensBefore]        = "  HappensBefore                   ";

compiler-rt/lib/tsan/rtl/tsan_stat.h

@@ -330,6 +330,7 @@ enum StatType {
   StatInt_readdir64,
   StatInt_readdir_r,
   StatInt_readdir64_r,
+  StatInt_ptrace,
 
   // Dynamic annotations.
   StatAnnotation,