[compiler-rt] r328415 - Mmap interceptor providing mprotect support
Vitaly Buka via llvm-commits
llvm-commits at lists.llvm.org
Sat Mar 24 00:45:25 PDT 2018
Author: vitalybuka
Date: Sat Mar 24 00:45:24 2018
New Revision: 328415
URL: http://llvm.org/viewvc/llvm-project?rev=328415&view=rev
Log:
Mmap interceptor providing mprotect support
Summary:
- Intercepting mprotect calls.
- Fixing forgotten flag check.
Patch by David CARLIER
Reviewers: vitalybuka, vsk
Subscribers: delcypher, srhines, kubamracek, llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D44777
Modified:
compiler-rt/trunk/lib/sanitizer_common/sanitizer_common.h
compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc
compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_libcdep.cc
compiler-rt/trunk/lib/sanitizer_common/sanitizer_mac.cc
compiler-rt/trunk/lib/sanitizer_common/sanitizer_malloc_mac.inc
compiler-rt/trunk/lib/sanitizer_common/sanitizer_posix.cc
compiler-rt/trunk/test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp
Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_common.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_common.h?rev=328415&r1=328414&r2=328415&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_common.h (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_common.h Sat Mar 24 00:45:24 2018
@@ -106,6 +106,8 @@ void *MmapAlignedOrDieOnFatalError(uptr
bool MprotectNoAccess(uptr addr, uptr size);
bool MprotectReadOnly(uptr addr, uptr size);
+void MprotectMallocZones(void *addr, int prot);
+
// Find an available address space.
uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding,
uptr *largest_gap_found, uptr *max_occupied_addr);
@@ -378,7 +380,7 @@ void ReportErrorSummary(const char *erro
void ReportErrorSummary(const char *error_type, const StackTrace *trace,
const char *alt_tool_name = nullptr);
-void ReportMmapWriteExec();
+void ReportMmapWriteExec(int prot);
// Math
#if SANITIZER_WINDOWS && !defined(__clang__) && !defined(__GNUC__)
Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc?rev=328415&r1=328414&r2=328415&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc Sat Mar 24 00:45:24 2018
@@ -6888,13 +6888,26 @@ INTERCEPTOR(void *, mmap, void *addr, SI
OFF_T off) {
void *ctx;
if (common_flags()->detect_write_exec)
- ReportMmapWriteExec();
+ ReportMmapWriteExec(prot);
if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED)
return (void *)internal_mmap(addr, sz, prot, flags, fd, off);
COMMON_INTERCEPTOR_ENTER(ctx, mmap, addr, sz, prot, flags, fd, off);
COMMON_INTERCEPTOR_MMAP_IMPL(ctx, mmap, addr, sz, prot, flags, fd, off);
}
-#define INIT_MMAP COMMON_INTERCEPT_FUNCTION(mmap);
+
+INTERCEPTOR(int, mprotect, void *addr, SIZE_T sz, int prot) {
+ void *ctx;
+ if (common_flags()->detect_write_exec)
+ ReportMmapWriteExec(prot);
+ if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED)
+ return (int)internal_mprotect(addr, sz, prot);
+ COMMON_INTERCEPTOR_ENTER(ctx, mprotect, addr, sz, prot);
+ MprotectMallocZones(addr, prot);
+ return REAL(mprotect)(addr, sz, prot);
+}
+#define INIT_MMAP \
+ COMMON_INTERCEPT_FUNCTION(mmap); \
+ COMMON_INTERCEPT_FUNCTION(mprotect);
#else
#define INIT_MMAP
#endif
@@ -6904,7 +6917,7 @@ INTERCEPTOR(void *, mmap64, void *addr,
OFF64_T off) {
void *ctx;
if (common_flags()->detect_write_exec)
- ReportMmapWriteExec();
+ ReportMmapWriteExec(prot);
if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED)
return (void *)internal_mmap(addr, sz, prot, flags, fd, off);
COMMON_INTERCEPTOR_ENTER(ctx, mmap64, addr, sz, prot, flags, fd, off);
Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_libcdep.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_libcdep.cc?rev=328415&r1=328414&r2=328415&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_libcdep.cc (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_libcdep.cc Sat Mar 24 00:45:24 2018
@@ -24,6 +24,7 @@
#if SANITIZER_POSIX
#include "sanitizer_posix.h"
+#include <sys/mman.h>
#endif
namespace __sanitizer {
@@ -81,8 +82,11 @@ void ReportErrorSummary(const char *erro
#endif
}
-void ReportMmapWriteExec() {
-#if !SANITIZER_GO && !SANITIZER_ANDROID
+void ReportMmapWriteExec(int prot) {
+#if SANITIZER_POSIX && (!SANITIZER_GO && !SANITIZER_ANDROID)
+ if ((prot & (PROT_WRITE | PROT_EXEC)) != (PROT_WRITE | PROT_EXEC))
+ return;
+
ScopedErrorReportLock l;
SanitizerCommonDecorator d;
Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_mac.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_mac.cc?rev=328415&r1=328414&r2=328415&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_mac.cc (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_mac.cc Sat Mar 24 00:45:24 2018
@@ -61,6 +61,7 @@ extern "C" {
#include <mach/mach.h>
#include <mach/mach_time.h>
#include <mach/vm_statistics.h>
+#include <malloc/malloc.h>
#include <pthread.h>
#include <sched.h>
#include <signal.h>
@@ -343,6 +344,29 @@ uptr GetPageSize() {
return sysconf(_SC_PAGESIZE);
}
+extern unsigned malloc_num_zones;
+extern malloc_zone_t **malloc_zones;
+static malloc_zone_t sanitizer_zone;
+
+// We need to make sure that sanitizer_zone is registered as malloc_zones[0]. If
+// libmalloc tries to set up a different zone as malloc_zones[0], it will call
+// mprotect(malloc_zones, ..., PROT_READ). This interceptor will catch that and
+// make sure we are still the first (default) zone.
+void MprotectMallocZones(void *addr, int prot) {
+ if (addr == malloc_zones && prot == PROT_READ) {
+ if (malloc_num_zones > 1 && malloc_zones[0] != &sanitizer_zone) {
+ for (unsigned i = 1; i < malloc_num_zones; i++) {
+ if (malloc_zones[i] == &sanitizer_zone) {
+ // Swap malloc_zones[0] and malloc_zones[i].
+ malloc_zones[i] = malloc_zones[0];
+ malloc_zones[0] = &sanitizer_zone;
+ break;
+ }
+ }
+ }
+ }
+}
+
BlockingMutex::BlockingMutex() {
internal_memset(this, 0, sizeof(*this));
}
Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_malloc_mac.inc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_malloc_mac.inc?rev=328415&r1=328414&r2=328415&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_malloc_mac.inc (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_malloc_mac.inc Sat Mar 24 00:45:24 2018
@@ -29,8 +29,6 @@
// Similar code is used in Google Perftools,
// https://github.com/gperftools/gperftools.
-static malloc_zone_t sanitizer_zone;
-
INTERCEPTOR(malloc_zone_t *, malloc_create_zone,
vm_size_t start_size, unsigned zone_flags) {
COMMON_MALLOC_ENTER();
@@ -65,29 +63,6 @@ INTERCEPTOR(void, malloc_destroy_zone, m
COMMON_MALLOC_FREE(zone);
}
-extern unsigned malloc_num_zones;
-extern malloc_zone_t **malloc_zones;
-
-// We need to make sure that sanitizer_zone is registered as malloc_zones[0]. If
-// libmalloc tries to set up a different zone as malloc_zones[0], it will call
-// mprotect(malloc_zones, ..., PROT_READ). This interceptor will catch that and
-// make sure we are still the first (default) zone.
-INTERCEPTOR(int, mprotect, void *addr, size_t len, int prot) {
- if (addr == malloc_zones && prot == PROT_READ) {
- if (malloc_num_zones > 1 && malloc_zones[0] != &sanitizer_zone) {
- for (unsigned i = 1; i < malloc_num_zones; i++) {
- if (malloc_zones[i] == &sanitizer_zone) {
- // Swap malloc_zones[0] and malloc_zones[i].
- malloc_zones[i] = malloc_zones[0];
- malloc_zones[0] = &sanitizer_zone;
- break;
- }
- }
- }
- }
- return REAL(mprotect)(addr, len, prot);
-}
-
INTERCEPTOR(malloc_zone_t *, malloc_default_zone, void) {
COMMON_MALLOC_ENTER();
return &sanitizer_zone;
Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_posix.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_posix.cc?rev=328415&r1=328414&r2=328415&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_posix.cc (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_posix.cc Sat Mar 24 00:45:24 2018
@@ -153,6 +153,10 @@ bool MprotectReadOnly(uptr addr, uptr si
return 0 == internal_mprotect((void *)addr, size, PROT_READ);
}
+#if !SANITIZER_MAC
+void MprotectMallocZones(void *addr, int prot) {}
+#endif
+
fd_t OpenFile(const char *filename, FileAccessMode mode, error_t *errno_p) {
int flags;
switch (mode) {
Modified: compiler-rt/trunk/test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp?rev=328415&r1=328414&r2=328415&view=diff
==============================================================================
--- compiler-rt/trunk/test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp (original)
+++ compiler-rt/trunk/test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp Sat Mar 24 00:45:24 2018
@@ -1,15 +1,37 @@
// RUN: %clangxx %s -o %t
// RUN: %env_tool_opts=detect_write_exec=1 %run %t 2>&1 | FileCheck %s
-// ubsan and lsan do not install mmap interceptors
-// UNSUPPORTED: ubsan, lsan
+// RUN: %env_tool_opts=detect_write_exec=0 %run %t 2>&1 | FileCheck %s \
+// RUN: --check-prefix=CHECK-DISABLED
+// ubsan and lsan do not install mmap interceptors UNSUPPORTED: ubsan, lsan
// TODO: Fix option on Android, it hangs there for unknown reasons.
// XFAIL: android
+#include <stdio.h>
#include <sys/mman.h>
int main(int argc, char **argv) {
char *p = (char *)mmap(0, 1024, PROT_READ | PROT_WRITE | PROT_EXEC,
MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
// CHECK: WARNING: {{.*}}Sanitizer: writable-executable page usage
+ // CHECK: #{{[0-9]+.*}}main{{.*}}mmap_write_exec.cpp:[[@LINE-3]]
+ // CHECK: SUMMARY: {{.*}}Sanitizer: w-and-x-usage
+
+ char *q = (char *)mmap(p, 64, PROT_READ | PROT_WRITE,
+ MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ (void)mprotect(q, 64, PROT_WRITE | PROT_EXEC);
+ // CHECK: WARNING: {{.*}}Sanitizer: writable-executable page usage
+ // CHECK: #{{[0-9]+.*}}main{{.*}}mmap_write_exec.cpp:[[@LINE-2]]
+ // CHECK: SUMMARY: {{.*}}Sanitizer: w-and-x-usage
+
+ char *a = (char *)mmap(0, 1024, PROT_READ | PROT_WRITE,
+ MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
+ char *b = (char *)mmap(a, 64, PROT_READ | PROT_WRITE,
+ MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0);
+ (void)mprotect(q, 64, PROT_READ | PROT_EXEC);
+ // CHECK-NOT: Sanitizer
+
+ printf("done\n");
+ // CHECK-DISABLED-NOT: Sanitizer
+ // CHECK-DISABLED: done
}
More information about the llvm-commits
mailing list