diff options
author | Vitaly Buka <vitalybuka@google.com> | 2018-03-16 21:25:09 +0000 |
---|---|---|
committer | Vitaly Buka <vitalybuka@google.com> | 2018-03-16 21:25:09 +0000 |
commit | f4140e284d9c82989841f94d9f916a2fc186da3e (patch) | |
tree | 07eb28554cb0e632f9b58d51fba9d3761d860f42 | |
parent | 957b9624d6f70e4df40237dc6d41f9b2f8391c95 (diff) |
Mmap interceptor new option, Write Exec runtime detector
Summary: Following-up the refactoring of mmap interceptors, adding a new common option to detect PROT_WRITE|PROT_EXEC pages request.
Patch by David CARLIER
Reviewers: vitalybuka, vsk
Reviewed By: vitalybuka
Subscribers: krytarowski, #sanitizers
Differential Revision: https://reviews.llvm.org/D44194
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@327747 91177308-0d34-0410-b5e6-96231b3b80d8
-rw-r--r-- | lib/sanitizer_common/sanitizer_common.h | 2 | ||||
-rw-r--r-- | lib/sanitizer_common/sanitizer_common_interceptors.inc | 4 | ||||
-rw-r--r-- | lib/sanitizer_common/sanitizer_common_libcdep.cc | 26 | ||||
-rw-r--r-- | lib/sanitizer_common/sanitizer_flags.inc | 3 | ||||
-rw-r--r-- | test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp | 12 |
5 files changed, 47 insertions, 0 deletions
diff --git a/lib/sanitizer_common/sanitizer_common.h b/lib/sanitizer_common/sanitizer_common.h index 0a92e7768..b49e3d874 100644 --- a/lib/sanitizer_common/sanitizer_common.h +++ b/lib/sanitizer_common/sanitizer_common.h @@ -378,6 +378,8 @@ void ReportErrorSummary(const char *error_type, const AddressInfo &info, void ReportErrorSummary(const char *error_type, const StackTrace *trace, const char *alt_tool_name = nullptr); +void ReportMmapWriteExec(); + // Math #if SANITIZER_WINDOWS && !defined(__clang__) && !defined(__GNUC__) extern "C" { diff --git a/lib/sanitizer_common/sanitizer_common_interceptors.inc b/lib/sanitizer_common/sanitizer_common_interceptors.inc index 0950f6a07..8c0c3f0f5 100644 --- a/lib/sanitizer_common/sanitizer_common_interceptors.inc +++ b/lib/sanitizer_common/sanitizer_common_interceptors.inc @@ -6887,6 +6887,8 @@ INTERCEPTOR(SIZE_T, strlcat, char *dst, char *src, SIZE_T size) { INTERCEPTOR(void *, mmap, void *addr, SIZE_T sz, int prot, int flags, int fd, OFF_T off) { void *ctx; + if (common_flags()->detect_write_exec) + ReportMmapWriteExec(); if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED) return (void *)internal_mmap(addr, sz, prot, flags, fd, off); COMMON_INTERCEPTOR_ENTER(ctx, mmap, addr, sz, prot, flags, fd, off); @@ -6901,6 +6903,8 @@ INTERCEPTOR(void *, mmap, void *addr, SIZE_T sz, int prot, int flags, int fd, INTERCEPTOR(void *, mmap64, void *addr, SIZE_T sz, int prot, int flags, int fd, OFF64_T off) { void *ctx; + if (common_flags()->detect_write_exec) + ReportMmapWriteExec(); if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED) return (void *)internal_mmap(addr, sz, prot, flags, fd, off); COMMON_INTERCEPTOR_ENTER(ctx, mmap64, addr, sz, prot, flags, fd, off); diff --git a/lib/sanitizer_common/sanitizer_common_libcdep.cc b/lib/sanitizer_common/sanitizer_common_libcdep.cc index 5cdfbbb27..2e028bc08 100644 --- a/lib/sanitizer_common/sanitizer_common_libcdep.cc +++ b/lib/sanitizer_common/sanitizer_common_libcdep.cc @@ -81,6 +81,32 @@ void ReportErrorSummary(const char *error_type, const StackTrace *stack, #endif } +void ReportMmapWriteExec() { +#if !SANITIZER_GO + ScopedErrorReportLock l; + SanitizerCommonDecorator d; + + InternalScopedBuffer<BufferedStackTrace> stack_buffer(1); + BufferedStackTrace *stack = stack_buffer.data(); + stack->Reset(); + uptr top = 0; + uptr bottom = 0; + GET_CALLER_PC_BP_SP; + (void)sp; + bool fast = common_flags()->fast_unwind_on_fatal; + if (fast) + GetThreadStackTopAndBottom(false, &top, &bottom); + stack->Unwind(kStackTraceMax, pc, bp, nullptr, top, bottom, fast); + + Printf("%s", d.Warning()); + Report("WARNING: %s: writable-executable page usage\n", SanitizerToolName); + Printf("%s", d.Default()); + + stack->Print(); + ReportErrorSummary("w-and-x-usage", stack); +#endif +} + static void (*SoftRssLimitExceededCallback)(bool exceeded); void SetSoftRssLimitExceededCallback(void (*Callback)(bool exceeded)) { CHECK_EQ(SoftRssLimitExceededCallback, nullptr); diff --git a/lib/sanitizer_common/sanitizer_flags.inc b/lib/sanitizer_common/sanitizer_flags.inc index e231a8a30..e607e5101 100644 --- a/lib/sanitizer_common/sanitizer_flags.inc +++ b/lib/sanitizer_common/sanitizer_flags.inc @@ -240,3 +240,6 @@ COMMON_FLAG(bool, dump_instruction_bytes, false, COMMON_FLAG(bool, dump_registers, true, "If true, dump values of CPU registers when SEGV happens. Only " "available on OS X for now.") +COMMON_FLAG(bool, detect_write_exec, false, + "If true, triggers warning when writable-executable pages requests " + "are being made") diff --git a/test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp b/test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp new file mode 100644 index 000000000..2758322c5 --- /dev/null +++ b/test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp @@ -0,0 +1,12 @@ +// RUN: %clangxx %s -o %t +// RUN: %env_tool_opts=detect_write_exec=1 %run %t 2>&1 | FileCheck %s +// ubsan and lsan do not install mmap interceptors +// UNSUPPORTED: ubsan, lsan + +#include <sys/mman.h> + +int main(int argc, char **argv) { + char *p = (char *)mmap(0, 1024, PROT_READ | PROT_WRITE | PROT_EXEC, + MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + // CHECK: WARNING: {{.*}}Sanitizer: writable-executable page usage +} |