asan_fake_stack.cc revision 2679f1904dc5d5eb2ce82014116764c5f5131a2b
1//===-- asan_fake_stack.cc ------------------------------------------------===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file is a part of AddressSanitizer, an address sanity checker. 11// 12// FakeStack is used to detect use-after-return bugs. 13//===----------------------------------------------------------------------===// 14#include "asan_allocator.h" 15#include "asan_thread.h" 16#include "asan_thread_registry.h" 17#include "sanitizer/asan_interface.h" 18 19namespace __asan { 20 21FakeStack::FakeStack() { 22 CHECK(REAL(memset) != 0); 23 REAL(memset)(this, 0, sizeof(*this)); 24} 25 26bool FakeStack::AddrIsInSizeClass(uptr addr, uptr size_class) { 27 uptr mem = allocated_size_classes_[size_class]; 28 uptr size = ClassMmapSize(size_class); 29 bool res = mem && addr >= mem && addr < mem + size; 30 return res; 31} 32 33uptr FakeStack::AddrIsInFakeStack(uptr addr) { 34 for (uptr i = 0; i < kNumberOfSizeClasses; i++) { 35 if (AddrIsInSizeClass(addr, i)) return allocated_size_classes_[i]; 36 } 37 return 0; 38} 39 40// We may want to compute this during compilation. 41inline uptr FakeStack::ComputeSizeClass(uptr alloc_size) { 42 uptr rounded_size = RoundUpToPowerOfTwo(alloc_size); 43 uptr log = Log2(rounded_size); 44 CHECK(alloc_size <= (1UL << log)); 45 if (!(alloc_size > (1UL << (log-1)))) { 46 Printf("alloc_size %zu log %zu\n", alloc_size, log); 47 } 48 CHECK(alloc_size > (1UL << (log-1))); 49 uptr res = log < kMinStackFrameSizeLog ? 0 : log - kMinStackFrameSizeLog; 50 CHECK(res < kNumberOfSizeClasses); 51 CHECK(ClassSize(res) >= rounded_size); 52 return res; 53} 54 55void FakeFrameFifo::FifoPush(FakeFrame *node) { 56 CHECK(node); 57 node->next = 0; 58 if (first_ == 0 && last_ == 0) { 59 first_ = last_ = node; 60 } else { 61 CHECK(first_); 62 CHECK(last_); 63 last_->next = node; 64 last_ = node; 65 } 66} 67 68FakeFrame *FakeFrameFifo::FifoPop() { 69 CHECK(first_ && last_ && "Exhausted fake stack"); 70 FakeFrame *res = 0; 71 if (first_ == last_) { 72 res = first_; 73 first_ = last_ = 0; 74 } else { 75 res = first_; 76 first_ = first_->next; 77 } 78 return res; 79} 80 81void FakeStack::Init(uptr stack_size) { 82 stack_size_ = stack_size; 83 alive_ = true; 84} 85 86void FakeStack::Cleanup() { 87 alive_ = false; 88 for (uptr i = 0; i < kNumberOfSizeClasses; i++) { 89 uptr mem = allocated_size_classes_[i]; 90 if (mem) { 91 PoisonShadow(mem, ClassMmapSize(i), 0); 92 allocated_size_classes_[i] = 0; 93 UnmapOrDie((void*)mem, ClassMmapSize(i)); 94 } 95 } 96} 97 98uptr FakeStack::ClassMmapSize(uptr size_class) { 99 return RoundUpToPowerOfTwo(stack_size_); 100} 101 102void FakeStack::AllocateOneSizeClass(uptr size_class) { 103 CHECK(ClassMmapSize(size_class) >= GetPageSizeCached()); 104 uptr new_mem = (uptr)MmapOrDie( 105 ClassMmapSize(size_class), __FUNCTION__); 106 // Printf("T%d new_mem[%zu]: %p-%p mmap %zu\n", 107 // asanThreadRegistry().GetCurrent()->tid(), 108 // size_class, new_mem, new_mem + ClassMmapSize(size_class), 109 // ClassMmapSize(size_class)); 110 uptr i; 111 for (i = 0; i < ClassMmapSize(size_class); 112 i += ClassSize(size_class)) { 113 size_classes_[size_class].FifoPush((FakeFrame*)(new_mem + i)); 114 } 115 CHECK(i == ClassMmapSize(size_class)); 116 allocated_size_classes_[size_class] = new_mem; 117} 118 119uptr FakeStack::AllocateStack(uptr size, uptr real_stack) { 120 if (!alive_) return real_stack; 121 CHECK(size <= kMaxStackMallocSize && size > 1); 122 uptr size_class = ComputeSizeClass(size); 123 if (!allocated_size_classes_[size_class]) { 124 AllocateOneSizeClass(size_class); 125 } 126 FakeFrame *fake_frame = size_classes_[size_class].FifoPop(); 127 CHECK(fake_frame); 128 fake_frame->size_minus_one = size - 1; 129 fake_frame->real_stack = real_stack; 130 while (FakeFrame *top = call_stack_.top()) { 131 if (top->real_stack > real_stack) break; 132 call_stack_.LifoPop(); 133 DeallocateFrame(top); 134 } 135 call_stack_.LifoPush(fake_frame); 136 uptr ptr = (uptr)fake_frame; 137 PoisonShadow(ptr, size, 0); 138 return ptr; 139} 140 141void FakeStack::DeallocateFrame(FakeFrame *fake_frame) { 142 CHECK(alive_); 143 uptr size = fake_frame->size_minus_one + 1; 144 uptr size_class = ComputeSizeClass(size); 145 CHECK(allocated_size_classes_[size_class]); 146 uptr ptr = (uptr)fake_frame; 147 CHECK(AddrIsInSizeClass(ptr, size_class)); 148 CHECK(AddrIsInSizeClass(ptr + size - 1, size_class)); 149 size_classes_[size_class].FifoPush(fake_frame); 150} 151 152void FakeStack::OnFree(uptr ptr, uptr size, uptr real_stack) { 153 FakeFrame *fake_frame = (FakeFrame*)ptr; 154 CHECK(fake_frame->magic = kRetiredStackFrameMagic); 155 CHECK(fake_frame->descr != 0); 156 CHECK(fake_frame->size_minus_one == size - 1); 157 PoisonShadow(ptr, size, kAsanStackAfterReturnMagic); 158} 159 160} // namespace __asan 161 162// ---------------------- Interface ---------------- {{{1 163using namespace __asan; // NOLINT 164 165uptr __asan_stack_malloc(uptr size, uptr real_stack) { 166 if (!flags()->use_fake_stack) return real_stack; 167 AsanThread *t = asanThreadRegistry().GetCurrent(); 168 if (!t) { 169 // TSD is gone, use the real stack. 170 return real_stack; 171 } 172 uptr ptr = t->fake_stack().AllocateStack(size, real_stack); 173 // Printf("__asan_stack_malloc %p %zu %p\n", ptr, size, real_stack); 174 return ptr; 175} 176 177void __asan_stack_free(uptr ptr, uptr size, uptr real_stack) { 178 if (!flags()->use_fake_stack) return; 179 if (ptr != real_stack) { 180 FakeStack::OnFree(ptr, size, real_stack); 181 } 182} 183