[compiler-rt] r251331 - [compiler-rt] Fix ptrace interceptor for aarch64
Adhemerval Zanella via llvm-commits
llvm-commits at lists.llvm.org
Mon Oct 26 11:55:05 PDT 2015
Author: azanella
Date: Mon Oct 26 13:55:04 2015
New Revision: 251331
URL: http://llvm.org/viewvc/llvm-project?rev=251331&view=rev
Log:
[compiler-rt] Fix ptrace interceptor for aarch64
This patch fixes the ptrace interceptor for aarch64. The PTRACE_GETREGSET
ptrace syscall with with invalid memory might zero the iovec::iov_base
field and then masking the subsequent check after the syscall (since it
will be 0 and it will not trigger an invalid access). The fix is to copy
the value on a local variable and use its value on the checks.
The patch also adds more coverage on the Linux/ptrace.cc testcase by addding
check for PTRACE_GETREGSET for both general and floating registers (aarch64
definitions added only).
Modified:
compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc
compiler-rt/trunk/test/asan/TestCases/Linux/ptrace.cc
Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc?rev=251331&r1=251330&r2=251331&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc Mon Oct 26 13:55:04 2015
@@ -2446,6 +2446,7 @@ INTERCEPTOR(int, readdir64_r, void *dirp
INTERCEPTOR(uptr, ptrace, int request, int pid, void *addr, void *data) {
void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, ptrace, request, pid, addr, data);
+ __sanitizer_iovec local_iovec;
if (data) {
if (request == ptrace_setregs)
@@ -2458,9 +2459,15 @@ INTERCEPTOR(uptr, ptrace, int request, i
COMMON_INTERCEPTOR_READ_RANGE(ctx, data, struct_user_vfpregs_struct_sz);
else if (request == ptrace_setsiginfo)
COMMON_INTERCEPTOR_READ_RANGE(ctx, data, siginfo_t_sz);
- else if (request == ptrace_setregset) {
- __sanitizer_iovec *iov = (__sanitizer_iovec *)data;
- COMMON_INTERCEPTOR_READ_RANGE(ctx, iov->iov_base, iov->iov_len);
+ // Some kernel might zero the iovec::iov_base in case of invalid
+ // write access. In this case copy the invalid address for further
+ // inspection.
+ else if (request == ptrace_setregset || request == ptrace_getregset) {
+ __sanitizer_iovec *iovec = (__sanitizer_iovec*)data;
+ COMMON_INTERCEPTOR_READ_RANGE(ctx, iovec, sizeof(*iovec));
+ local_iovec = *iovec;
+ if (request == ptrace_setregset)
+ COMMON_INTERCEPTOR_READ_RANGE(ctx, iovec->iov_base, iovec->iov_len);
}
}
@@ -2485,8 +2492,10 @@ INTERCEPTOR(uptr, ptrace, int request, i
else if (request == ptrace_geteventmsg)
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, data, sizeof(unsigned long));
else if (request == ptrace_getregset) {
- __sanitizer_iovec *iov = (__sanitizer_iovec *)data;
- COMMON_INTERCEPTOR_WRITE_RANGE(ctx, iov->iov_base, iov->iov_len);
+ __sanitizer_iovec *iovec = (__sanitizer_iovec*)data;
+ COMMON_INTERCEPTOR_WRITE_RANGE(ctx, iovec, sizeof(*iovec));
+ COMMON_INTERCEPTOR_WRITE_RANGE(ctx, local_iovec.iov_base,
+ local_iovec.iov_len);
}
}
return res;
Modified: compiler-rt/trunk/test/asan/TestCases/Linux/ptrace.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/ptrace.cc?rev=251331&r1=251330&r2=251331&view=diff
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/Linux/ptrace.cc (original)
+++ compiler-rt/trunk/test/asan/TestCases/Linux/ptrace.cc Mon Oct 26 13:55:04 2015
@@ -3,7 +3,6 @@
//
// RUN: %clangxx_asan -O0 %s -o %t && %run %t
// RUN: %clangxx_asan -DPOSITIVE -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
-// REQUIRES: x86_64-supported-target,i386-supported-target
#include <assert.h>
#include <stdio.h>
@@ -12,6 +11,55 @@
#include <sys/user.h>
#include <sys/wait.h>
#include <unistd.h>
+#include <sys/uio.h> // for iovec
+#include <elf.h> // for NT_PRSTATUS
+#ifdef __aarch64__
+# include <asm/ptrace.h>
+#endif
+
+#if defined(__i386__) || defined(__x86_64__)
+typedef user_regs_struct regs_struct;
+typedef user_fpregs_struct fpregs_struct;
+#if defined(__i386__)
+#define REG_IP eip
+#else
+#define REG_IP rip
+#endif
+#define PRINT_REG_PC(__regs) printf ("%lx\n", (unsigned long) (__regs.REG_IP))
+#define PRINT_REG_FP(__fpregs) printf ("%lx\n", (unsigned long) (__fpregs.cwd))
+#define __PTRACE_FPREQUEST PTRACE_GETFPREGS
+
+#elif defined(__aarch64__)
+typedef struct user_pt_regs regs_struct;
+typedef struct user_fpsimd_state fpregs_struct;
+#define PRINT_REG_PC(__regs) printf ("%x\n", (unsigned) (__regs.pc))
+#define PRINT_REG_FP(__fpregs) printf ("%x\n", (unsigned) (__fpregs.fpsr))
+#define ARCH_IOVEC_FOR_GETREGSET
+
+#elif defined(__powerpc64__)
+typedef struct pt_regs regs_struct;
+typedef elf_fpregset_t fpregs_struct;
+#define PRINT_REG_PC(__regs) printf ("%lx\n", (unsigned long) (__regs.nip))
+#define PRINT_REG_FP(__fpregs) printf ("%lx\n", (elf_greg_t)fpregs[32])
+#define ARCH_IOVEC_FOR_GETREGSET
+
+#elif defined(__mips64)
+typedef struct pt_regs regs_struct;
+typedef elf_fpregset_t fpregs_struct;
+#define PRINT_REG_PC(__regs) printf ("%lx\n", (unsigned long) (__regs.cp0_epc))
+#define PRINT_REG_FP(__fpregs) printf ("%lx\n", (elf_greg_t) (__fpregs[32]))
+#define __PTRACE_FPREQUEST PTRACE_GETFPREGS
+
+#elif defined(__arm__)
+# include <asm/ptrace.h>
+# include <sys/procfs.h>
+typedef struct pt_regs regs_struct;
+typedef char fpregs_struct[ARM_VFPREGS_SIZE];
+#define PRINT_REG_PC(__regs) printf ("%x\n", (unsigned) (__regs.ARM_pc))
+#define PRINT_REG_FP(__fpregs) printf ("%x\n", (unsigned) (__fpregs + 32 * 8))
+#define __PTRACE_FPREQUEST PTRACE_GETVFPREGS
+#endif
+
int main(void) {
pid_t pid;
@@ -21,28 +69,48 @@ int main(void) {
execl("/bin/true", "true", NULL);
} else {
wait(NULL);
- user_regs_struct regs;
+ regs_struct regs;
+ regs_struct* volatile pregs = ®s;
+#ifdef ARCH_IOVEC_FOR_GETREGSET
+ struct iovec regset_io;
+#endif
int res;
- user_regs_struct * volatile pregs = ®s;
+
#ifdef POSITIVE
++pregs;
#endif
- res = ptrace(PTRACE_GETREGS, pid, NULL, pregs);
+
+#ifdef ARCH_IOVEC_FOR_GETREGSET
+# define __PTRACE_REQUEST PTRACE_GETREGSET
+# define __PTRACE_ARGS (void*)NT_PRSTATUS, (void*)®set_io
+ regset_io.iov_base = pregs;
+ regset_io.iov_len = sizeof(regs_struct);
+#else
+# define __PTRACE_REQUEST PTRACE_GETREGS
+# define __PTRACE_ARGS NULL, pregs
+#endif
+ res = ptrace((enum __ptrace_request)__PTRACE_REQUEST, pid, __PTRACE_ARGS);
// CHECK: AddressSanitizer: stack-buffer-overflow
// CHECK: {{.*ptrace.cc:}}[[@LINE-2]]
assert(!res);
-#ifdef __x86_64__
- printf("%lx\n", (unsigned long)regs.rip);
+ PRINT_REG_PC(regs);
+
+ fpregs_struct fpregs;
+#ifdef ARCH_IOVEC_FOR_GETREGSET
+# define __PTRACE_FPREQUEST PTRACE_GETREGSET
+# define __PTRACE_FPARGS (void*)NT_PRSTATUS, (void*)®set_io
+ regset_io.iov_base = &fpregs;
+ regset_io.iov_len = sizeof(fpregs_struct);
+ res = ptrace((enum __ptrace_request)PTRACE_GETREGSET, pid, (void*)NT_FPREGSET,
+ (void*)®set_io);
#else
- printf("%lx\n", regs.eip);
+# define __PTRACE_FPARGS NULL, &fpregs
#endif
-
- user_fpregs_struct fpregs;
- res = ptrace(PTRACE_GETFPREGS, pid, NULL, &fpregs);
+ res = ptrace((enum __ptrace_request)__PTRACE_FPREQUEST, pid, __PTRACE_FPARGS);
assert(!res);
- printf("%lx\n", (unsigned long)fpregs.cwd);
+ PRINT_REG_FP(fpregs);
-#ifndef __x86_64__
+#ifdef __i386__
user_fpxregs_struct fpxregs;
res = ptrace(PTRACE_GETFPXREGS, pid, NULL, &fpxregs);
assert(!res);
More information about the llvm-commits
mailing list