libsanitizer/hwasan/hwasan_thread.cpp

   1
   2 #include "hwasan.h"
   3 #include "hwasan_mapping.h"
   4 #include "hwasan_thread.h"
   5 #include "hwasan_poisoning.h"
   6 #include "hwasan_interface_internal.h"
   7
   8 #include "sanitizer_common/sanitizer_file.h"
   9 #include "sanitizer_common/sanitizer_placement_new.h"
  10 #include "sanitizer_common/sanitizer_tls_get_addr.h"
  11
  12
  13 namespace __hwasan {
  14
  15 static u32 RandomSeed() {
  16   u32 seed;
  17   do {
  18     if (UNLIKELY(!GetRandom(reinterpret_cast<void *>(&seed), sizeof(seed),
  19                             /*blocking=*/false))) {
  20       seed = static_cast<u32>(
  21           (NanoTime() >> 12) ^
  22           (reinterpret_cast<uptr>(__builtin_frame_address(0)) >> 4));
  23     }
  24   } while (!seed);
  25   return seed;
  26 }
  27
  28 void Thread::InitRandomState() {
  29   random_state_ = flags()->random_tags ? RandomSeed() : unique_id_;
  30
  31   // Push a random number of zeros onto the ring buffer so that the first stack
  32   // tag base will be random.
  33   for (tag_t i = 0, e = GenerateRandomTag(); i != e; ++i)
  34     stack_allocations_->push(0);
  35 }
  36
  37 void Thread::Init(uptr stack_buffer_start, uptr stack_buffer_size) {
  38   CHECK_EQ(0, unique_id_);  // try to catch bad stack reuse
  39   CHECK_EQ(0, stack_top_);
  40   CHECK_EQ(0, stack_bottom_);
  41
  42   static u64 unique_id;
  43   unique_id_ = unique_id++;
  44   if (auto sz = flags()->heap_history_size)
  45     heap_allocations_ = HeapAllocationsRingBuffer::New(sz);
  46
  47   HwasanTSDThreadInit();  // Only needed with interceptors.
  48   uptr *ThreadLong = GetCurrentThreadLongPtr();
  49   // The following implicitly sets (this) as the current thread.
  50   stack_allocations_ = new (ThreadLong)
  51       StackAllocationsRingBuffer((void *)stack_buffer_start, stack_buffer_size);
  52   // Check that it worked.
  53   CHECK_EQ(GetCurrentThread(), this);
  54
  55   // ScopedTaggingDisable needs GetCurrentThread to be set up.
  56   ScopedTaggingDisabler disabler;
  57
  58   uptr tls_size;
  59   uptr stack_size;
  60   GetThreadStackAndTls(IsMainThread(), &stack_bottom_, &stack_size, &tls_begin_,
  61                        &tls_size);
  62   stack_top_ = stack_bottom_ + stack_size;
  63   tls_end_ = tls_begin_ + tls_size;
  64
  65   if (stack_bottom_) {
  66     int local;
  67     CHECK(AddrIsInStack((uptr)&local));
  68     CHECK(MemIsApp(stack_bottom_));
  69     CHECK(MemIsApp(stack_top_ - 1));
  70   }
  71
  72   if (flags()->verbose_threads) {
  73     if (IsMainThread()) {
  74       Printf("sizeof(Thread): %zd sizeof(HeapRB): %zd sizeof(StackRB): %zd\n",
  75              sizeof(Thread), heap_allocations_->SizeInBytes(),
  76              stack_allocations_->size() * sizeof(uptr));
  77     }
  78     Print("Creating  : ");
  79   }
  80 }
  81
  82 void Thread::ClearShadowForThreadStackAndTLS() {
  83   if (stack_top_ != stack_bottom_)
  84     TagMemory(stack_bottom_, stack_top_ - stack_bottom_, 0);
  85   if (tls_begin_ != tls_end_)
  86     TagMemory(tls_begin_, tls_end_ - tls_begin_, 0);
  87 }
  88
  89 void Thread::Destroy() {
  90   if (flags()->verbose_threads)
  91     Print("Destroying: ");
  92   AllocatorSwallowThreadLocalCache(allocator_cache());
  93   ClearShadowForThreadStackAndTLS();
  94   if (heap_allocations_)
  95     heap_allocations_->Delete();
  96   DTLS_Destroy();
  97   // Unregister this as the current thread.
  98   // Instrumented code can not run on this thread from this point onwards, but
  99   // malloc/free can still be served. Glibc may call free() very late, after all
 100   // TSD destructors are done.
 101   CHECK_EQ(GetCurrentThread(), this);
 102   *GetCurrentThreadLongPtr() = 0;
 103 }
 104
 105 void Thread::Print(const char *Prefix) {
 106   Printf("%sT%zd %p stack: [%p,%p) sz: %zd tls: [%p,%p)\n", Prefix,
 107          unique_id_, this, stack_bottom(), stack_top(),
 108          stack_top() - stack_bottom(),
 109          tls_begin(), tls_end());
 110 }
 111
 112 static u32 xorshift(u32 state) {
 113   state ^= state << 13;
 114   state ^= state >> 17;
 115   state ^= state << 5;
 116   return state;
 117 }
 118
 119 // Generate a (pseudo-)random non-zero tag.
 120 tag_t Thread::GenerateRandomTag(uptr num_bits) {
 121   DCHECK_GT(num_bits, 0);
 122   if (tagging_disabled_) return 0;
 123   tag_t tag;
 124   const uptr tag_mask = (1ULL << num_bits) - 1;
 125   do {
 126     if (flags()->random_tags) {
 127       if (!random_buffer_)
 128         random_buffer_ = random_state_ = xorshift(random_state_);
 129       CHECK(random_buffer_);
 130       tag = random_buffer_ & tag_mask;
 131       random_buffer_ >>= num_bits;
 132     } else {
 133       random_state_ += 1;
 134       tag = random_state_ & tag_mask;
 135     }
 136   } while (!tag);
 137   return tag;
 138 }
 139
 140 } // namespace __hwasan