179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov//===-- msandr.cc ---------------------------------------------------------===// 279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// 379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// The LLVM Compiler Infrastructure 479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// 579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// This file is distributed under the University of Illinois Open Source 679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// License. See LICENSE.TXT for details. 779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// 879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov//===----------------------------------------------------------------------===// 979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// 1079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// This file is a part of MemorySanitizer. 1179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// 1279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// DynamoRio client for MemorySanitizer. 1379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// 1479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// MemorySanitizer requires that all program code is instrumented. Any memory 1579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// store that can turn an uninitialized value into an initialized value must be 1679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// observed by the tool, otherwise we risk reporting a false UMR. 1779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// 1879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// This also includes any libraries that the program depends on. 1979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// 2079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// In the case when rebuilding all program dependencies with MemorySanitizer is 2179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// problematic, an experimental MSanDR tool (the code you are currently looking 2279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// at) can be used. It is a DynamoRio-based tool that uses dynamic 2379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// instrumentation to 2479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// * Unpoison all memory stores. 2579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// * Unpoison TLS slots used by MemorySanitizer to pass function arguments and 2679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// return value shadow on anything that looks like a function call or a return 2779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// from a function. 2879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// 2979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// This tool does not detect the use of uninitialized values in uninstrumented 3079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// libraries. It merely gets rid of false positives by marking all data that 3179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// passes through uninstrumented code as fully initialized. 3279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov//===----------------------------------------------------------------------===// 3379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 3479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov#include <dr_api.h> 3579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov#include <drutil.h> 3679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov#include <drmgr.h> 3779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov#include <drsyscall.h> 3879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 3979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov#include <sys/mman.h> 400f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner#include <sys/syscall.h> /* for SYS_mmap */ 4179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 422d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#include <string.h> 432d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines 442d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines// XXX: it seems setting macro in CMakeLists.txt does not work, 452d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines// so manually set it here now. 462d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines 472d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines// Building msandr client for running in DynamoRIO hybrid mode, 482d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines// which allows some module running natively. 492d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines// TODO: turn it on by default when hybrid is stable enough 502d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines// #define MSANDR_NATIVE_EXEC 512d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines 522d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#ifndef MSANDR_NATIVE_EXEC 5379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov#include <algorithm> 5479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov#include <set> 552d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#include <string> 5679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov#include <vector> 572d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif 5879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 5979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov#define TESTALL(mask, var) (((mask) & (var)) == (mask)) 6079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov#define TESTANY(mask, var) (((mask) & (var)) != 0) 6179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 6279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov#define CHECK_IMPL(condition, file, line) \ 6379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov do { \ 6479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (!(condition)) { \ 6579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf("Check failed: `%s`\nat %s:%d\n", #condition, file, line); \ 6679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_abort(); \ 6779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } \ 6879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } while (0) // TODO: stacktrace 6979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 7079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov#define CHECK(condition) CHECK_IMPL(condition, __FILE__, __LINE__) 7179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 7279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov#define VERBOSITY 0 7379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 744b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov// Building msandr client for standalone test that does not need to 754b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov// run with msan build executables. Disable by default. 764b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov// #define MSANDR_STANDALONE_TEST 774b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov 784b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#define NUM_TLS_RETVAL 1 794b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#define NUM_TLS_PARAM 6 804b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov 814b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#ifdef MSANDR_STANDALONE_TEST 824b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov// For testing purpose, we map app to shadow memory at [0x100000, 0x20000). 834b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov// Normally, the app starts at 0x400000: 844b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov// 00400000-004e0000 r-xp 00000000 fc:00 524343 /bin/bash 854b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov// so there should be no problem. 864b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov# define SHADOW_MEMORY_BASE ((void *)0x100000) 874b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov# define SHADOW_MEMORY_SIZE (0x100000) 884b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov# define SHADOW_MEMORY_MASK (SHADOW_MEMORY_SIZE - 4 /* to avoid overflow */) 894b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#else 904b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov// shadow memory range [0x200000000000, 0x400000000000) 914b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov// assuming no app memory below 0x200000000000 924b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov# define SHADOW_MEMORY_MASK 0x3fffffffffffULL 934b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#endif /* MSANDR_STANDALONE_TEST */ 944b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov 952d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hinestypedef void *(*WrapperFn)(void *); 962d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hinesextern "C" void __msan_set_indirect_call_wrapper(WrapperFn wrapper); 972d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hinesextern "C" void __msan_dr_is_initialized(); 9879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 992d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hinesnamespace { 10088732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanov 10188732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanovint msan_retval_tls_offset; 10288732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanovint msan_param_tls_offset; 10388732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanov 10488732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanov#ifndef MSANDR_NATIVE_EXEC 10579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovclass ModuleData { 10679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovpublic: 10779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov ModuleData(); 10879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov ModuleData(const module_data_t *info); 10979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // Yes, we want default copy, assign, and dtor semantics. 11079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 11179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovpublic: 11279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov app_pc start_; 11379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov app_pc end_; 11479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // Full path to the module. 1152ecccf8aca0f3f67d43e6395699aab0bb19ee277Evgeniy Stepanov std::string path_; 11679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov module_handle_t handle_; 11779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov bool should_instrument_; 11879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov bool executed_; 11979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov}; 12079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 12179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// A vector of loaded modules sorted by module bounds. We lookup the current PC 12279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// in here from the bb event. This is better than an rb tree because the lookup 12379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// is faster and the bb event occurs far more than the module load event. 12479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovstd::vector<ModuleData> g_module_list; 12579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 12679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy StepanovModuleData::ModuleData() 12779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov : start_(NULL), end_(NULL), path_(""), handle_(NULL), 12879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov should_instrument_(false), executed_(false) { 12979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 13079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 13179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy StepanovModuleData::ModuleData(const module_data_t *info) 13279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov : start_(info->start), end_(info->end), path_(info->full_path), 13379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov handle_(info->handle), 13479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // We'll check the black/white lists later and adjust this. 13579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov should_instrument_(true), executed_(false) { 13679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 13788732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanov#endif /* !MSANDR_NATIVE_EXEC */ 13879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 13979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovint(*__msan_get_retval_tls_offset)(); 14079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovint(*__msan_get_param_tls_offset)(); 1410f92deb81207c80481ff0257fbaba640fe669633Reid Klecknervoid (*__msan_unpoison)(void *base, size_t size); 1420f92deb81207c80481ff0257fbaba640fe669633Reid Klecknerbool (*__msan_is_in_loader)(); 1430f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner 1444b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#ifdef MSANDR_STANDALONE_TEST 1454b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanovuint mock_msan_retval_tls_offset; 1464b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanovuint mock_msan_param_tls_offset; 1474b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanovstatic int mock_msan_get_retval_tls_offset() { 1484b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov return (int)mock_msan_retval_tls_offset; 1494b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov} 1504b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov 1514b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanovstatic int mock_msan_get_param_tls_offset() { 1524b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov return (int)mock_msan_param_tls_offset; 1534b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov} 1544b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov 1554b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanovstatic void mock_msan_unpoison(void *base, size_t size) { 1564b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov /* do nothing */ 1574b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov} 1584b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov 1594b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanovstatic bool mock_msan_is_in_loader() { 1604b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov return false; 1614b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov} 1624b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#endif /* MSANDR_STANDALONE_TEST */ 1634b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov 1640f92deb81207c80481ff0257fbaba640fe669633Reid Klecknerstatic generic_func_t LookupCallback(module_data_t *app, const char *name) { 1654b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#ifdef MSANDR_STANDALONE_TEST 1664b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov if (strcmp("__msan_get_retval_tls_offset", name) == 0) { 1674b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov return (generic_func_t)mock_msan_get_retval_tls_offset; 1684b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov } else if (strcmp("__msan_get_param_tls_offset", name) == 0) { 1694b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov return (generic_func_t)mock_msan_get_param_tls_offset; 1704b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov } else if (strcmp("__msan_unpoison", name) == 0) { 1714b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov return (generic_func_t)mock_msan_unpoison; 1724b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov } else if (strcmp("__msan_is_in_loader", name) == 0) { 1734b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov return (generic_func_t)mock_msan_is_in_loader; 1744b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov } 1754b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov CHECK(false); 1764b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov return NULL; 1774b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#else /* !MSANDR_STANDALONE_TEST */ 1780f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner generic_func_t callback = dr_get_proc_address(app->handle, name); 1790f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner if (callback == NULL) { 1800f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner dr_printf("Couldn't find `%s` in %s\n", name, app->full_path); 1810f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner CHECK(callback); 1820f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner } 1830f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner return callback; 1844b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#endif /* !MSANDR_STANDALONE_TEST */ 1850f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner} 18679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 18779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovvoid InitializeMSanCallbacks() { 18879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov module_data_t *app = dr_lookup_module_by_name(dr_get_application_name()); 18979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (!app) { 19079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf("%s - oops, dr_lookup_module_by_name failed!\n", 19179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_get_application_name()); 19279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(app); 19379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 19479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 1950f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner __msan_get_retval_tls_offset = (int (*)()) 1960f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner LookupCallback(app, "__msan_get_retval_tls_offset"); 1970f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner __msan_get_param_tls_offset = (int (*)()) 1980f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner LookupCallback(app, "__msan_get_param_tls_offset"); 1990f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner __msan_unpoison = (void(*)(void *, size_t)) 2000f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner LookupCallback(app, "__msan_unpoison"); 2010f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner __msan_is_in_loader = (bool (*)()) 2020f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner LookupCallback(app, "__msan_is_in_loader"); 20379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 2040f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner dr_free_module_data(app); 20579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 20679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 20779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// FIXME: Handle absolute addresses and PC-relative addresses. 20879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// FIXME: Handle TLS accesses via FS or GS. DR assumes all other segments have 20979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// a zero base anyway. 21079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovbool OperandIsInteresting(opnd_t opnd) { 21179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return (opnd_is_base_disp(opnd) && opnd_get_segment(opnd) != DR_SEG_FS && 21279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov opnd_get_segment(opnd) != DR_SEG_GS); 21379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 21479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 21579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovbool WantToInstrument(instr_t *instr) { 21679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // TODO: skip push instructions? 21779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov switch (instr_get_opcode(instr)) { 21879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // FIXME: support the instructions excluded below: 21979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov case OP_rep_cmps: 22079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // f3 a6 rep cmps %ds:(%rsi) %es:(%rdi) %rsi %rdi %rcx -> %rsi %rdi %rcx 22179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return false; 22279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 22379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 22479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // Labels appear due to drutil_expand_rep_string() 22579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (instr_is_label(instr)) 22679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return false; 22779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 22879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(instr_ok_to_mangle(instr) == true); 22979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 23079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (instr_writes_memory(instr)) { 23179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov for (int d = 0; d < instr_num_dsts(instr); d++) { 23279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov opnd_t op = instr_get_dst(instr, d); 23379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (OperandIsInteresting(op)) 23479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return true; 23579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 23679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 23779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 23879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return false; 23979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 24079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 24179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov#define PRE(at, what) instrlist_meta_preinsert(bb, at, INSTR_CREATE_##what); 24279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov#define PREF(at, what) instrlist_meta_preinsert(bb, at, what); 24379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 24479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovvoid InstrumentMops(void *drcontext, instrlist_t *bb, instr_t *instr, opnd_t op, 24579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov bool is_write) { 24679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov bool need_to_restore_eflags = false; 24779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov uint flags = instr_get_arith_flags(instr); 24879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // TODO: do something smarter with flags and spills in general? 24979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // For example, spill them only once for a sequence of instrumented 25079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // instructions that don't change/read flags. 25179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 25279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (!TESTALL(EFLAGS_WRITE_6, flags) || TESTANY(EFLAGS_READ_6, flags)) { 25379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (VERBOSITY > 1) 25479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf("Spilling eflags...\n"); 25579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov need_to_restore_eflags = true; 25679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // TODO: Maybe sometimes don't need to 'seto'. 25779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // TODO: Maybe sometimes don't want to spill XAX here? 25879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // TODO: No need to spill XAX here if XAX is not used in the BB. 25979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_save_reg(drcontext, bb, instr, DR_REG_XAX, SPILL_SLOT_1); 26079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_save_arith_flags_to_xax(drcontext, bb, instr); 26179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_save_reg(drcontext, bb, instr, DR_REG_XAX, SPILL_SLOT_3); 26279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_restore_reg(drcontext, bb, instr, DR_REG_XAX, SPILL_SLOT_1); 26379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 26479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 26579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov#if 0 26679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf("==DRMSAN== DEBUG: %d %d %d %d %d %d\n", 26779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov opnd_is_memory_reference(op), opnd_is_base_disp(op), 26879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov opnd_is_base_disp(op) ? opnd_get_index(op) : -1, 26979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov opnd_is_far_memory_reference(op), opnd_is_reg_pointer_sized(op), 27079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov opnd_is_base_disp(op) ? opnd_get_disp(op) : -1); 27179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov#endif 27279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 27379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov reg_id_t R1; 27479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov bool address_in_R1 = false; 27579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (opnd_is_base_disp(op) && opnd_get_index(op) == DR_REG_NULL && 27679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov opnd_get_disp(op) == 0) { 27779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // If this is a simple access with no offset or index, we can just use the 27879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // base for R1. 27979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov address_in_R1 = true; 28079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov R1 = opnd_get_base(op); 28179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } else { 28279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // Otherwise, we need to compute the addr into R1. 28379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // TODO: reuse some spare register? e.g. r15 on x64 28479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // TODO: might be used as a non-mem-ref register? 28579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov R1 = DR_REG_XAX; 28679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 28779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(reg_is_pointer_sized(R1)); // otherwise R2 may be wrong. 28879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 289a0475713cdac8a55ed2a62cf9553ae6fbb2dbbc2Evgeniy Stepanov // Pick R2 from R8 to R15. 290a0475713cdac8a55ed2a62cf9553ae6fbb2dbbc2Evgeniy Stepanov // It's OK if the instr uses R2 elsewhere, since we'll restore it before instr. 291a0475713cdac8a55ed2a62cf9553ae6fbb2dbbc2Evgeniy Stepanov reg_id_t R2; 292a0475713cdac8a55ed2a62cf9553ae6fbb2dbbc2Evgeniy Stepanov for (R2 = DR_REG_R8; R2 <= DR_REG_R15; R2++) { 293a0475713cdac8a55ed2a62cf9553ae6fbb2dbbc2Evgeniy Stepanov if (!opnd_uses_reg(op, R2)) 294a0475713cdac8a55ed2a62cf9553ae6fbb2dbbc2Evgeniy Stepanov break; 29579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 296a0475713cdac8a55ed2a62cf9553ae6fbb2dbbc2Evgeniy Stepanov CHECK((R2 <= DR_REG_R15) && R1 != R2); 29779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 29879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // Save the current values of R1 and R2. 29979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_save_reg(drcontext, bb, instr, R1, SPILL_SLOT_1); 30079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // TODO: Something smarter than spilling a "fixed" register R2? 30179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_save_reg(drcontext, bb, instr, R2, SPILL_SLOT_2); 30279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 30379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (!address_in_R1) 30479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(drutil_insert_get_mem_addr(drcontext, bb, instr, op, R1, R2)); 30579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov PRE(instr, mov_imm(drcontext, opnd_create_reg(R2), 3064b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov OPND_CREATE_INT64(SHADOW_MEMORY_MASK))); 30779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov PRE(instr, and(drcontext, opnd_create_reg(R1), opnd_create_reg(R2))); 3084b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#ifdef MSANDR_STANDALONE_TEST 3094b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov PRE(instr, add(drcontext, opnd_create_reg(R1), 3104b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov OPND_CREATE_INT32(SHADOW_MEMORY_BASE))); 3114b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#endif 31279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // There is no mov_st of a 64-bit immediate, so... 31379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov opnd_size_t op_size = opnd_get_size(op); 31479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(op_size != OPSZ_NA); 31579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov uint access_size = opnd_size_in_bytes(op_size); 3164b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov if (access_size <= 4 || op_size == OPSZ_PTR /* x64 support sign extension */) { 3179afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov instr_t *label = INSTR_CREATE_label(drcontext); 3189afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov opnd_t immed; 3199afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov if (op_size == OPSZ_PTR || op_size == OPSZ_4) 3209afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov immed = OPND_CREATE_INT32(0); 3219afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov else 3229afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov immed = opnd_create_immed_int((ptr_int_t) 0, op_size); 3239afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov // we check if target is 0 before write to reduce unnecessary memory stores. 3249afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov PRE(instr, cmp(drcontext, 3259afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov opnd_create_base_disp(R1, DR_REG_NULL, 0, 0, op_size), 3269afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov immed)); 3279afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov PRE(instr, jcc(drcontext, OP_je, opnd_create_instr(label))); 3289afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov PRE(instr, mov_st(drcontext, 3299afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov opnd_create_base_disp(R1, DR_REG_NULL, 0, 0, op_size), 3309afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov immed)); 3319afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov PREF(instr, label); 33279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } else { 33379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // FIXME: tail? 33479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov for (uint ofs = 0; ofs < access_size; ofs += 4) { 3359afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov instr_t *label = INSTR_CREATE_label(drcontext); 3369afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov opnd_t immed = OPND_CREATE_INT32(0); 3379afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov PRE(instr, cmp(drcontext, OPND_CREATE_MEM32(R1, ofs), immed)); 3389afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov PRE(instr, jcc(drcontext, OP_je, opnd_create_instr(label))); 3399afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov PRE(instr, mov_st(drcontext, OPND_CREATE_MEM32(R1, ofs), immed)); 3409afa4528e02c1531885ccaad903acd28dda54556Evgeniy Stepanov PREF(instr, label) 34179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 34279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 34379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 34479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // Restore the registers and flags. 34579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_restore_reg(drcontext, bb, instr, R1, SPILL_SLOT_1); 34679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_restore_reg(drcontext, bb, instr, R2, SPILL_SLOT_2); 34779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 348a0475713cdac8a55ed2a62cf9553ae6fbb2dbbc2Evgeniy Stepanov // TODO: move aflags save/restore to per instr instead of per opnd 34979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (need_to_restore_eflags) { 35079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (VERBOSITY > 1) 35179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf("Restoring eflags\n"); 35279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // TODO: Check if it's reverse to the dr_restore_reg above and optimize. 35379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_save_reg(drcontext, bb, instr, DR_REG_XAX, SPILL_SLOT_1); 35479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_restore_reg(drcontext, bb, instr, DR_REG_XAX, SPILL_SLOT_3); 35579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_restore_arith_flags_from_xax(drcontext, bb, instr); 35679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_restore_reg(drcontext, bb, instr, DR_REG_XAX, SPILL_SLOT_1); 35779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 35879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 35979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // The original instruction is left untouched. The above instrumentation is just 36079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // a prefix. 36179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 36279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 36379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovvoid InstrumentReturn(void *drcontext, instrlist_t *bb, instr_t *instr) { 3644b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#ifdef MSANDR_STANDALONE_TEST 3654b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov PRE(instr, 3664b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov mov_st(drcontext, 3674b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov opnd_create_far_base_disp(DR_SEG_GS /* DR's TLS */, 3684b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov DR_REG_NULL, DR_REG_NULL, 3694b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov 0, msan_retval_tls_offset, 3704b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov OPSZ_PTR), 3714b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov OPND_CREATE_INT32(0))); 3724b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#else /* !MSANDR_STANDALONE_TEST */ 3732d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines# ifdef MSANDR_NATIVE_EXEC 3742d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines /* For optimized native exec, -mangle_app_seg and -private_loader are turned off, 3752d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines * so we can reference msan_retval_tls_offset directly. 3762d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines */ 3772d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PRE(instr, 3782d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines mov_st(drcontext, 3792d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines opnd_create_far_base_disp(DR_SEG_FS, DR_REG_NULL, DR_REG_NULL, 0, 3802d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines msan_retval_tls_offset, OPSZ_PTR), 3812d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines OPND_CREATE_INT32(0))); 3822d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines# else /* !MSANDR_NATIVE_EXEC */ 3834b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov /* XXX: the code below only works if -mangle_app_seg and -private_loader, 3842d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines * which is turned off for optimized native exec 3854b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov */ 38679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_save_reg(drcontext, bb, instr, DR_REG_XAX, SPILL_SLOT_1); 38779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 38879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // Clobbers nothing except xax. 38979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov bool res = 39079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_insert_get_seg_base(drcontext, bb, instr, DR_SEG_FS, DR_REG_XAX); 39179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(res); 39279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 39379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // TODO: unpoison more bytes? 39479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov PRE(instr, 39579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov mov_st(drcontext, OPND_CREATE_MEM64(DR_REG_XAX, msan_retval_tls_offset), 39679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov OPND_CREATE_INT32(0))); 39779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 39879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_restore_reg(drcontext, bb, instr, DR_REG_XAX, SPILL_SLOT_1); 3992d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines# endif /* !MSANDR_NATIVE_EXEC */ 40079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // The original instruction is left untouched. The above instrumentation is just 40179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // a prefix. 4024b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#endif /* !MSANDR_STANDALONE_TEST */ 40379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 40479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 40579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovvoid InstrumentIndirectBranch(void *drcontext, instrlist_t *bb, 40679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov instr_t *instr) { 4074b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#ifdef MSANDR_STANDALONE_TEST 4084b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov for (int i = 0; i < NUM_TLS_PARAM; ++i) { 4094b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov PRE(instr, 4104b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov mov_st(drcontext, 4114b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov opnd_create_far_base_disp(DR_SEG_GS /* DR's TLS */, 4124b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov DR_REG_NULL, DR_REG_NULL, 4134b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov 0, 4144b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov msan_param_tls_offset + 4154b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov i * sizeof(void *), 4164b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov OPSZ_PTR), 4174b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov OPND_CREATE_INT32(0))); 4184b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov } 4194b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#else /* !MSANDR_STANDALONE_TEST */ 4202d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines# ifdef MSANDR_NATIVE_EXEC 4212d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines for (int i = 0; i < NUM_TLS_PARAM; ++i) { 4222d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines PRE(instr, 4232d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines mov_st(drcontext, 4242d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines opnd_create_far_base_disp(DR_SEG_FS, DR_REG_NULL, DR_REG_NULL, 0, 4252d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines msan_param_tls_offset + i*sizeof(void*), 4262d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines OPSZ_PTR), 4272d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines OPND_CREATE_INT32(0))); 4282d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines } 4292d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines# else /* !MSANDR_NATIVE_EXEC */ 4304b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov /* XXX: the code below only works if -mangle_app_seg and -private_loader, 4314b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov * which is turned off for optimized native exec 4324b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov */ 43379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_save_reg(drcontext, bb, instr, DR_REG_XAX, SPILL_SLOT_1); 43479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 43579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // Clobbers nothing except xax. 43679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov bool res = 43779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_insert_get_seg_base(drcontext, bb, instr, DR_SEG_FS, DR_REG_XAX); 43879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(res); 43979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 44079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // TODO: unpoison more bytes? 4414b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov for (int i = 0; i < NUM_TLS_PARAM; ++i) { 44279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov PRE(instr, 44379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov mov_st(drcontext, OPND_CREATE_MEMPTR(DR_REG_XAX, msan_param_tls_offset + 44479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov i * sizeof(void *)), 44579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov OPND_CREATE_INT32(0))); 44679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 44779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 44879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_restore_reg(drcontext, bb, instr, DR_REG_XAX, SPILL_SLOT_1); 4492d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines# endif /* !MSANDR_NATIVE_EXEC */ 45079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // The original instruction is left untouched. The above instrumentation is just 45179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // a prefix. 4524b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#endif /* !MSANDR_STANDALONE_TEST */ 45379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 45479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 45588732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanov#ifndef MSANDR_NATIVE_EXEC 45679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// For use with binary search. Modules shouldn't overlap, so we shouldn't have 45779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// to look at end_. If that can happen, we won't support such an application. 45879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovbool ModuleDataCompareStart(const ModuleData &left, const ModuleData &right) { 45979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return left.start_ < right.start_; 46079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 46179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 46279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// Look up the module containing PC. Should be relatively fast, as its called 46379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// for each bb instrumentation. 46479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy StepanovModuleData *LookupModuleByPC(app_pc pc) { 46579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov ModuleData fake_mod_data; 46679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov fake_mod_data.start_ = pc; 46779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov std::vector<ModuleData>::iterator it = 46879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov lower_bound(g_module_list.begin(), g_module_list.end(), fake_mod_data, 46979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov ModuleDataCompareStart); 47079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // if (it == g_module_list.end()) 47179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // return NULL; 47279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (it == g_module_list.end() || pc < it->start_) 47379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov --it; 47479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(it->start_ <= pc); 47579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (pc >= it->end_) { 47679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // We're past the end of this module. We shouldn't be in the next module, 47779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // or lower_bound lied to us. 47879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov ++it; 47979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(it == g_module_list.end() || pc < it->start_); 48079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return NULL; 48179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 48279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 48379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // OK, we found the module. 48479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return &*it; 48579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 48679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 48779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovbool ShouldInstrumentNonModuleCode() { return true; } 48879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 48979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovbool ShouldInstrumentModule(ModuleData *mod_data) { 49079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // TODO(rnk): Flags for blacklist would get wired in here. 49179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov generic_func_t p = 49279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_get_proc_address(mod_data->handle_, "__msan_track_origins"); 49379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return !p; 49479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 49579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 49679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovbool ShouldInstrumentPc(app_pc pc, ModuleData **pmod_data) { 49779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov ModuleData *mod_data = LookupModuleByPC(pc); 49879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (pmod_data) 49979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov *pmod_data = mod_data; 50079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (mod_data != NULL) { 50179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // This module is on a blacklist. 50279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (!mod_data->should_instrument_) { 50379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return false; 50479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 50579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } else if (!ShouldInstrumentNonModuleCode()) { 50679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return false; 50779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 50879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return true; 50979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 5104b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#endif /* !MSANDR_NATIVE_CLIENT */ 51179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 51279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// TODO(rnk): Make sure we instrument after __msan_init. 51379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovdr_emit_flags_t 51479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovevent_basic_block_app2app(void *drcontext, void *tag, instrlist_t *bb, 51579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov bool for_trace, bool translating) { 51688732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanov#ifndef MSANDR_NATIVE_EXEC 51779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov app_pc pc = dr_fragment_app_pc(tag); 51879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (ShouldInstrumentPc(pc, NULL)) 51979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(drutil_expand_rep_string(drcontext, bb)); 52088732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanov#else /* MSANDR_NATIVE_EXEC */ 52188732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanov CHECK(drutil_expand_rep_string(drcontext, bb)); 52288732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanov#endif /* MSANDR_NATIVE_EXEC */ 52379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return DR_EMIT_PERSISTABLE; 52479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 52579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 52679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovdr_emit_flags_t event_basic_block(void *drcontext, void *tag, instrlist_t *bb, 52779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov bool for_trace, bool translating) { 52879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov app_pc pc = dr_fragment_app_pc(tag); 52988732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanov#ifndef MSANDR_NATIVE_EXEC 53079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov ModuleData *mod_data; 53179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 53279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (!ShouldInstrumentPc(pc, &mod_data)) 53379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return DR_EMIT_PERSISTABLE; 53479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 53579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (VERBOSITY > 1) 53679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf("============================================================\n"); 53779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (VERBOSITY > 0) { 5382ecccf8aca0f3f67d43e6395699aab0bb19ee277Evgeniy Stepanov std::string mod_path = (mod_data ? mod_data->path_ : "<no module, JITed?>"); 53979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (mod_data && !mod_data->executed_) { 54079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov mod_data->executed_ = true; // Nevermind this race. 54179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf("Executing from new module: %s\n", mod_path.c_str()); 54279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 54379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf("BB to be instrumented: %p [from %s]; translating = %s\n", pc, 54479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov mod_path.c_str(), translating ? "true" : "false"); 54579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (mod_data) { 54679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // Match standard sanitizer trace format for free symbols. 54779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // #0 0x7f6e35cf2e45 (/blah/foo.so+0x11fe45) 54879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf(" #0 %p (%s+%p)\n", pc, mod_data->path_.c_str(), 54979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov pc - mod_data->start_); 55079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 55179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 55288732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanov#endif /* !MSANDR_NATIVE_EXEC */ 55388732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanov 55479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (VERBOSITY > 1) { 55579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov instrlist_disassemble(drcontext, pc, bb, STDOUT); 55679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov instr_t *instr; 55779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov for (instr = instrlist_first(bb); instr; instr = instr_get_next(instr)) { 55879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf("opcode: %d\n", instr_get_opcode(instr)); 55979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 56079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 56179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 56279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov for (instr_t *i = instrlist_first(bb); i != NULL; i = instr_get_next(i)) { 56379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov int opcode = instr_get_opcode(i); 56479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (opcode == OP_ret || opcode == OP_ret_far) { 56579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov InstrumentReturn(drcontext, bb, i); 56679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov continue; 56779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 56879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 56979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // These instructions hopefully cover all cases where control is transferred 57079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // to a function in a different module (we only care about calls into 57179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // compiler-instrumented modules). 57279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // * call_ind is used for normal indirect calls. 57379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // * jmp_ind is used for indirect tail calls, and calls through PLT (PLT 57479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // stub includes a jump to an address from GOT). 57579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (opcode == OP_call_ind || opcode == OP_call_far_ind || 57679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov opcode == OP_jmp_ind || opcode == OP_jmp_far_ind) { 57779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov InstrumentIndirectBranch(drcontext, bb, i); 57879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov continue; 57979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 58079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 58179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (!WantToInstrument(i)) 58279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov continue; 58379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 58479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (VERBOSITY > 1) { 58579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov app_pc orig_pc = dr_fragment_app_pc(tag); 58679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov uint flags = instr_get_arith_flags(i); 58779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf("+%d -> to be instrumented! [opcode=%d, flags = 0x%08X]\n", 58879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov instr_get_app_pc(i) - orig_pc, instr_get_opcode(i), flags); 58979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 59079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 59179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (instr_writes_memory(i)) { 59279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // Instrument memory writes 59379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // bool instrumented_anything = false; 59479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov for (int d = 0; d < instr_num_dsts(i); d++) { 59579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov opnd_t op = instr_get_dst(i, d); 59679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (!OperandIsInteresting(op)) 59779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov continue; 59879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 59979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // CHECK(!instrumented_anything); 60079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // instrumented_anything = true; 60179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov InstrumentMops(drcontext, bb, i, op, true); 60279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov break; // only instrumenting the first dst 60379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 60479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 60579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 60679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 60779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov// TODO: optimize away redundant restore-spill pairs? 60879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 60979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (VERBOSITY > 1) { 61079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov pc = dr_fragment_app_pc(tag); 61179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf("\nFinished instrumenting dynamorio_basic_block(PC=" PFX ")\n", pc); 61279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov instrlist_disassemble(drcontext, pc, bb, STDOUT); 61379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 61479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return DR_EMIT_PERSISTABLE; 61579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 61679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 61788732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanov#ifndef MSANDR_NATIVE_EXEC 61879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovvoid event_module_load(void *drcontext, const module_data_t *info, 61979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov bool loaded) { 62079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // Insert the module into the list while maintaining the ordering. 62179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov ModuleData mod_data(info); 62279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov std::vector<ModuleData>::iterator it = 62379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov upper_bound(g_module_list.begin(), g_module_list.end(), mod_data, 62479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov ModuleDataCompareStart); 62579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov it = g_module_list.insert(it, mod_data); 62679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // Check if we should instrument this module. 62779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov it->should_instrument_ = ShouldInstrumentModule(&*it); 62879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_module_set_should_instrument(info->handle, it->should_instrument_); 62979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 63079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (VERBOSITY > 0) 63179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf("==DRMSAN== Loaded module: %s [%p...%p], instrumentation is %s\n", 63279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov info->full_path, info->start, info->end, 63379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov it->should_instrument_ ? "on" : "off"); 63479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 63579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 63679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovvoid event_module_unload(void *drcontext, const module_data_t *info) { 63779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (VERBOSITY > 0) 63879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf("==DRMSAN== Unloaded module: %s [%p...%p]\n", info->full_path, 63979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov info->start, info->end); 64079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 64179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // Remove the module from the list. 64279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov ModuleData mod_data(info); 64379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov std::vector<ModuleData>::iterator it = 64479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov lower_bound(g_module_list.begin(), g_module_list.end(), mod_data, 64579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov ModuleDataCompareStart); 64679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // It's a bug if we didn't actually find the module. 64779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(it != g_module_list.end() && it->start_ == mod_data.start_ && 64879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov it->end_ == mod_data.end_ && it->path_ == mod_data.path_); 64979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov g_module_list.erase(it); 65079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 65188732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanov#endif /* !MSANDR_NATIVE_EXEC */ 65279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 65379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovvoid event_exit() { 6547a53bca1db2adfb22c9e830f3e91833214b12663Reid Kleckner // Clean up so DR doesn't tell us we're leaking memory. 6557a53bca1db2adfb22c9e830f3e91833214b12663Reid Kleckner drsys_exit(); 6567a53bca1db2adfb22c9e830f3e91833214b12663Reid Kleckner drutil_exit(); 6577a53bca1db2adfb22c9e830f3e91833214b12663Reid Kleckner drmgr_exit(); 6587a53bca1db2adfb22c9e830f3e91833214b12663Reid Kleckner 6594b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#ifdef MSANDR_STANDALONE_TEST 6604b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov /* free tls */ 6614b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov bool res; 6624b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov res = dr_raw_tls_cfree(msan_retval_tls_offset, NUM_TLS_RETVAL); 6634b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov CHECK(res); 6644b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov res = dr_raw_tls_cfree(msan_param_tls_offset, NUM_TLS_PARAM); 6654b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov CHECK(res); 6664b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov /* we do not bother to free the shadow memory */ 6674b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#endif /* !MSANDR_STANDALONE_TEST */ 66879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (VERBOSITY > 0) 66979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf("==DRMSAN== DONE\n"); 67079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 67179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 67279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovbool event_filter_syscall(void *drcontext, int sysnum) { 67379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // FIXME: only intercept syscalls with memory effects. 67479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return true; /* intercept everything */ 67579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 67679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 67779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovbool drsys_iter_memarg_cb(drsys_arg_t *arg, void *user_data) { 67879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(arg->valid); 67979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 68079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (arg->pre) 68179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return true; 6820f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner if (!TESTANY(DRSYS_PARAM_OUT, arg->mode)) 68379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return true; 68479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 68579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov size_t sz = arg->size; 68679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 68779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (sz > 0xFFFFFFFF) { 68879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drmf_status_t res; 68979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drsys_syscall_t *syscall = (drsys_syscall_t *)user_data; 69079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov const char *name; 69179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov res = drsys_syscall_name(syscall, &name); 69279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(res == DRMF_SUCCESS); 69379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 69479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf("SANITY: syscall '%s' arg %d writes %llu bytes memory?!" 69579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov " Clipping to %llu.\n", 69679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov name, arg->ordinal, (unsigned long long) sz, 69779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov (unsigned long long)(sz & 0xFFFFFFFF)); 69879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 69979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 7000f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner if (VERBOSITY > 0) { 7010f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner drmf_status_t res; 7020f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner drsys_syscall_t *syscall = (drsys_syscall_t *)user_data; 7030f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner const char *name; 7040f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner res = drsys_syscall_name(syscall, &name); 70588732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanov CHECK(res == DRMF_SUCCESS); 7060f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner dr_printf("drsyscall: syscall '%s' arg %d wrote range [%p, %p)\n", 7070f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner name, arg->ordinal, arg->start_addr, 7080f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner (char *)arg->start_addr + sz); 7090f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner } 7100f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner 7110f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner // We don't switch to the app context because __msan_unpoison() doesn't need 7120f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner // TLS segments. 7130f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner __msan_unpoison(arg->start_addr, sz); 71479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 71579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return true; /* keep going */ 71679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 71779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 71879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovbool event_pre_syscall(void *drcontext, int sysnum) { 71979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drsys_syscall_t *syscall; 72079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drsys_sysnum_t sysnum_full; 72179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov bool known; 72279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drsys_param_type_t ret_type; 72379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drmf_status_t res; 72479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov const char *name; 72579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 72679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov res = drsys_cur_syscall(drcontext, &syscall); 72779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(res == DRMF_SUCCESS); 72879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 72979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov res = drsys_syscall_number(syscall, &sysnum_full); 73079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(res == DRMF_SUCCESS); 73179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(sysnum == sysnum_full.number); 73279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 73379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov res = drsys_syscall_is_known(syscall, &known); 73479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(res == DRMF_SUCCESS); 73579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 73679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov res = drsys_syscall_name(syscall, &name); 73779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(res == DRMF_SUCCESS); 73879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 73979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov res = drsys_syscall_return_type(syscall, &ret_type); 74079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(res == DRMF_SUCCESS); 74179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(ret_type != DRSYS_TYPE_INVALID); 74279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(!known || ret_type != DRSYS_TYPE_UNKNOWN); 74379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 74479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov res = drsys_iterate_memargs(drcontext, drsys_iter_memarg_cb, NULL); 74579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(res == DRMF_SUCCESS); 74679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 74779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return true; 74879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 74979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 7500f92deb81207c80481ff0257fbaba640fe669633Reid Klecknerstatic bool IsInLoader(void *drcontext) { 7510f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner // TODO: This segment swap is inefficient. DR should just let us query the 7520f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner // app segment base, which it has. Alternatively, if we disable 7530f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner // -mangle_app_seg, then we won't need the swap. 7540f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner bool need_swap = !dr_using_app_state(drcontext); 7550f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner if (need_swap) 7560f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner dr_switch_to_app_state(drcontext); 7570f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner bool is_in_loader = __msan_is_in_loader(); 7580f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner if (need_swap) 7590f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner dr_switch_to_dr_state(drcontext); 7600f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner return is_in_loader; 7610f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner} 7620f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner 76379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanovvoid event_post_syscall(void *drcontext, int sysnum) { 76479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drsys_syscall_t *syscall; 76579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drsys_sysnum_t sysnum_full; 76679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov bool success = false; 76779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drmf_status_t res; 76879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 76979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov res = drsys_cur_syscall(drcontext, &syscall); 77079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(res == DRMF_SUCCESS); 77179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 77279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov res = drsys_syscall_number(syscall, &sysnum_full); 77379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(res == DRMF_SUCCESS); 77479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(sysnum == sysnum_full.number); 77579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 77679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov res = drsys_syscall_succeeded(syscall, dr_syscall_get_result(drcontext), 77779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov &success); 77879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(res == DRMF_SUCCESS); 77979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 78079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (success) { 78179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov res = 78279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drsys_iterate_memargs(drcontext, drsys_iter_memarg_cb, (void *)syscall); 78379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(res == DRMF_SUCCESS); 78479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 7850f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner 7860f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner // Our normal mmap interceptor can't intercept calls from the loader itself. 7870f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner // This means we don't clear the shadow for calls to dlopen. For now, we 7880f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner // solve this by intercepting mmap from ld.so here, but ideally we'd have a 7890f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner // solution that doesn't rely on msandr. 7900f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner // 7910f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner // Be careful not to intercept maps done by the msan rtl. Otherwise we end up 7920f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner // unpoisoning vast regions of memory and OOMing. 7930f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner // TODO: __msan_unpoison() could "flush" large regions of memory like tsan 7940f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner // does instead of doing a large memset. However, we need the memory to be 7950f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner // zeroed, where as tsan does not, so plain madvise is not enough. 7960f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner if (success && (sysnum == SYS_mmap IF_NOT_X64(|| sysnum == SYS_mmap2))) { 7970f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner if (IsInLoader(drcontext)) { 7980f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner app_pc base = (app_pc)dr_syscall_get_result(drcontext); 7990f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner ptr_uint_t size; 8000f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner drmf_status_t res = drsys_pre_syscall_arg(drcontext, 1, &size); 8010f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner CHECK(res == DRMF_SUCCESS); 8020f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner if (VERBOSITY > 0) 8030f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner dr_printf("unpoisoning for dlopen: [%p-%p]\n", base, base + size); 8040f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner // We don't switch to the app context because __msan_unpoison() doesn't 8050f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner // need TLS segments. 8060f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner __msan_unpoison(base, size); 8070f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner } 8080f92deb81207c80481ff0257fbaba640fe669633Reid Kleckner } 80979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 81079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 81179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} // namespace 81279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 81379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy StepanovDR_EXPORT void dr_init(client_id_t id) { 81479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drmf_status_t res; 81579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 81679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drmgr_init(); 81779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drutil_init(); 81879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 8192d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#ifndef MSANDR_NATIVE_EXEC 8202d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines // We should use drconfig to ignore these applications. 8212ecccf8aca0f3f67d43e6395699aab0bb19ee277Evgeniy Stepanov std::string app_name = dr_get_application_name(); 82279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // This blacklist will still run these apps through DR's code cache. On the 82379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // other hand, we are able to follow children of these apps. 82479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // FIXME: Once DR has detach, we could just detach here. Alternatively, 82579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // if DR had a fork or exec hook to let us decide there, that would be nice. 82679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // FIXME: make the blacklist cmd-adjustable. 82779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (app_name == "python" || app_name == "python2.7" || app_name == "bash" || 82879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov app_name == "sh" || app_name == "true" || app_name == "exit" || 82979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov app_name == "yes" || app_name == "echo") 83079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov return; 8312d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines#endif /* !MSANDR_NATIVE_EXEC */ 83279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 83379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drsys_options_t ops; 83479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov memset(&ops, 0, sizeof(ops)); 83579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov ops.struct_size = sizeof(ops); 83679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov ops.analyze_unknown_syscalls = false; 83779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 83879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov res = drsys_init(id, &ops); 83979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(res == DRMF_SUCCESS); 84079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 84179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_register_filter_syscall_event(event_filter_syscall); 84279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drmgr_register_pre_syscall_event(event_pre_syscall); 84379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drmgr_register_post_syscall_event(event_post_syscall); 84479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov res = drsys_filter_all_syscalls(); 84579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov CHECK(res == DRMF_SUCCESS); 84679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 8474b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#ifdef MSANDR_STANDALONE_TEST 8484b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov reg_id_t reg_seg; 8494b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov /* alloc tls */ 8504b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov if (!dr_raw_tls_calloc(®_seg, &mock_msan_retval_tls_offset, NUM_TLS_RETVAL, 0)) 8514b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov CHECK(false); 8524b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov CHECK(reg_seg == DR_SEG_GS /* x64 only! */); 8534b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov if (!dr_raw_tls_calloc(®_seg, &mock_msan_param_tls_offset, NUM_TLS_PARAM, 0)) 8544b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov CHECK(false); 8554b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov CHECK(reg_seg == DR_SEG_GS /* x64 only! */); 8564b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov /* alloc shadow memory */ 8574b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov if (mmap(SHADOW_MEMORY_BASE, SHADOW_MEMORY_SIZE, PROT_READ|PROT_WRITE, 8584b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov MAP_PRIVATE | MAP_ANON, -1, 0) != SHADOW_MEMORY_BASE) { 8594b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov CHECK(false); 8604b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov } 8614b26afda2f4c7465260b22f1094c6699886cc55dEvgeniy Stepanov#endif /* MSANDR_STANDALONE_TEST */ 86279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov InitializeMSanCallbacks(); 86379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 86479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // FIXME: the shadow is initialized earlier when DR calls one of our wrapper 86579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // functions. This may change one day. 86679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // TODO: make this more robust. 86779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 86879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov void *drcontext = dr_get_current_drcontext(); 86979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 87079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_switch_to_app_state(drcontext); 87179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov msan_retval_tls_offset = __msan_get_retval_tls_offset(); 87279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov msan_param_tls_offset = __msan_get_param_tls_offset(); 87379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_switch_to_dr_state(drcontext); 87479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (VERBOSITY > 0) { 87579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf("__msan_retval_tls offset: %d\n", msan_retval_tls_offset); 87679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf("__msan_param_tls offset: %d\n", msan_param_tls_offset); 87779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov } 87879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 87979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov // Standard DR events. 88079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_register_exit_event(event_exit); 88179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 88279b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drmgr_priority_t priority = { 88379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov sizeof(priority), /* size of struct */ 88479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov "msandr", /* name of our operation */ 88579b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov NULL, /* optional name of operation we should precede */ 88679b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov NULL, /* optional name of operation we should follow */ 88779b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 0 88879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov }; /* numeric priority */ 88979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov 89079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drmgr_register_bb_app2app_event(event_basic_block_app2app, &priority); 89179b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drmgr_register_bb_instru2instru_event(event_basic_block, &priority); 89288732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanov#ifndef MSANDR_NATIVE_EXEC 89379b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drmgr_register_module_load_event(event_module_load); 89479b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov drmgr_register_module_unload_event(event_module_unload); 89588732a3c78d8f46bebd4a519a1cf927edf28e2cbEvgeniy Stepanov#endif /* MSANDR_NATIVE_EXEC */ 8962d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines __msan_dr_is_initialized(); 8972d1fdb26e458c4ddc04155c1d421bced3ba90cd0Stephen Hines __msan_set_indirect_call_wrapper(dr_app_handle_mbr_target); 89879b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov if (VERBOSITY > 0) 89979b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov dr_printf("==MSANDR== Starting!\n"); 90079b2d17fbaed2afa1a5a8f7bda42e45322709636Evgeniy Stepanov} 901