aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVitaly Buka <vitalybuka@google.com>2018-03-16 21:25:09 +0000
committerVitaly Buka <vitalybuka@google.com>2018-03-16 21:25:09 +0000
commitf4140e284d9c82989841f94d9f916a2fc186da3e (patch)
tree07eb28554cb0e632f9b58d51fba9d3761d860f42
parent957b9624d6f70e4df40237dc6d41f9b2f8391c95 (diff)
Mmap interceptor new option, Write Exec runtime detector
Summary: Following-up the refactoring of mmap interceptors, adding a new common option to detect PROT_WRITE|PROT_EXEC pages request. Patch by David CARLIER Reviewers: vitalybuka, vsk Reviewed By: vitalybuka Subscribers: krytarowski, #sanitizers Differential Revision: https://reviews.llvm.org/D44194 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@327747 91177308-0d34-0410-b5e6-96231b3b80d8
-rw-r--r--lib/sanitizer_common/sanitizer_common.h2
-rw-r--r--lib/sanitizer_common/sanitizer_common_interceptors.inc4
-rw-r--r--lib/sanitizer_common/sanitizer_common_libcdep.cc26
-rw-r--r--lib/sanitizer_common/sanitizer_flags.inc3
-rw-r--r--test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp12
5 files changed, 47 insertions, 0 deletions
diff --git a/lib/sanitizer_common/sanitizer_common.h b/lib/sanitizer_common/sanitizer_common.h
index 0a92e7768..b49e3d874 100644
--- a/lib/sanitizer_common/sanitizer_common.h
+++ b/lib/sanitizer_common/sanitizer_common.h
@@ -378,6 +378,8 @@ void ReportErrorSummary(const char *error_type, const AddressInfo &info,
void ReportErrorSummary(const char *error_type, const StackTrace *trace,
const char *alt_tool_name = nullptr);
+void ReportMmapWriteExec();
+
// Math
#if SANITIZER_WINDOWS && !defined(__clang__) && !defined(__GNUC__)
extern "C" {
diff --git a/lib/sanitizer_common/sanitizer_common_interceptors.inc b/lib/sanitizer_common/sanitizer_common_interceptors.inc
index 0950f6a07..8c0c3f0f5 100644
--- a/lib/sanitizer_common/sanitizer_common_interceptors.inc
+++ b/lib/sanitizer_common/sanitizer_common_interceptors.inc
@@ -6887,6 +6887,8 @@ INTERCEPTOR(SIZE_T, strlcat, char *dst, char *src, SIZE_T size) {
INTERCEPTOR(void *, mmap, void *addr, SIZE_T sz, int prot, int flags, int fd,
OFF_T off) {
void *ctx;
+ if (common_flags()->detect_write_exec)
+ ReportMmapWriteExec();
if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED)
return (void *)internal_mmap(addr, sz, prot, flags, fd, off);
COMMON_INTERCEPTOR_ENTER(ctx, mmap, addr, sz, prot, flags, fd, off);
@@ -6901,6 +6903,8 @@ INTERCEPTOR(void *, mmap, void *addr, SIZE_T sz, int prot, int flags, int fd,
INTERCEPTOR(void *, mmap64, void *addr, SIZE_T sz, int prot, int flags, int fd,
OFF64_T off) {
void *ctx;
+ if (common_flags()->detect_write_exec)
+ ReportMmapWriteExec();
if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED)
return (void *)internal_mmap(addr, sz, prot, flags, fd, off);
COMMON_INTERCEPTOR_ENTER(ctx, mmap64, addr, sz, prot, flags, fd, off);
diff --git a/lib/sanitizer_common/sanitizer_common_libcdep.cc b/lib/sanitizer_common/sanitizer_common_libcdep.cc
index 5cdfbbb27..2e028bc08 100644
--- a/lib/sanitizer_common/sanitizer_common_libcdep.cc
+++ b/lib/sanitizer_common/sanitizer_common_libcdep.cc
@@ -81,6 +81,32 @@ void ReportErrorSummary(const char *error_type, const StackTrace *stack,
#endif
}
+void ReportMmapWriteExec() {
+#if !SANITIZER_GO
+ ScopedErrorReportLock l;
+ SanitizerCommonDecorator d;
+
+ InternalScopedBuffer<BufferedStackTrace> stack_buffer(1);
+ BufferedStackTrace *stack = stack_buffer.data();
+ stack->Reset();
+ uptr top = 0;
+ uptr bottom = 0;
+ GET_CALLER_PC_BP_SP;
+ (void)sp;
+ bool fast = common_flags()->fast_unwind_on_fatal;
+ if (fast)
+ GetThreadStackTopAndBottom(false, &top, &bottom);
+ stack->Unwind(kStackTraceMax, pc, bp, nullptr, top, bottom, fast);
+
+ Printf("%s", d.Warning());
+ Report("WARNING: %s: writable-executable page usage\n", SanitizerToolName);
+ Printf("%s", d.Default());
+
+ stack->Print();
+ ReportErrorSummary("w-and-x-usage", stack);
+#endif
+}
+
static void (*SoftRssLimitExceededCallback)(bool exceeded);
void SetSoftRssLimitExceededCallback(void (*Callback)(bool exceeded)) {
CHECK_EQ(SoftRssLimitExceededCallback, nullptr);
diff --git a/lib/sanitizer_common/sanitizer_flags.inc b/lib/sanitizer_common/sanitizer_flags.inc
index e231a8a30..e607e5101 100644
--- a/lib/sanitizer_common/sanitizer_flags.inc
+++ b/lib/sanitizer_common/sanitizer_flags.inc
@@ -240,3 +240,6 @@ COMMON_FLAG(bool, dump_instruction_bytes, false,
COMMON_FLAG(bool, dump_registers, true,
"If true, dump values of CPU registers when SEGV happens. Only "
"available on OS X for now.")
+COMMON_FLAG(bool, detect_write_exec, false,
+ "If true, triggers warning when writable-executable pages requests "
+ "are being made")
diff --git a/test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp b/test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp
new file mode 100644
index 000000000..2758322c5
--- /dev/null
+++ b/test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp
@@ -0,0 +1,12 @@
+// RUN: %clangxx %s -o %t
+// RUN: %env_tool_opts=detect_write_exec=1 %run %t 2>&1 | FileCheck %s
+// ubsan and lsan do not install mmap interceptors
+// UNSUPPORTED: ubsan, lsan
+
+#include <sys/mman.h>
+
+int main(int argc, char **argv) {
+ char *p = (char *)mmap(0, 1024, PROT_READ | PROT_WRITE | PROT_EXEC,
+ MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
+ // CHECK: WARNING: {{.*}}Sanitizer: writable-executable page usage
+}