1
//===-- asan_malloc_linux.cpp ---------------------------------------------===//
2
//
3
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4
// See https://llvm.org/LICENSE.txt for license information.
5
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6
//
7
//===----------------------------------------------------------------------===//
8
//
9
// This file is a part of AddressSanitizer, an address sanity checker.
10
//
11
// Linux-specific malloc interception.
12
// We simply define functions like malloc, free, realloc, etc.
13
// They will replace the corresponding libc functions automagically.
14
//===----------------------------------------------------------------------===//
15

16
#include "sanitizer_common/sanitizer_platform.h"
17
#if SANITIZER_FREEBSD || SANITIZER_FUCHSIA || SANITIZER_LINUX || \
18
    SANITIZER_NETBSD || SANITIZER_SOLARIS
19

20
#  include "asan_allocator.h"
21
#  include "asan_interceptors.h"
22
#  include "asan_internal.h"
23
#  include "asan_stack.h"
24
#  include "lsan/lsan_common.h"
25
#  include "sanitizer_common/sanitizer_allocator_checks.h"
26
#  include "sanitizer_common/sanitizer_allocator_dlsym.h"
27
#  include "sanitizer_common/sanitizer_errno.h"
28
#  include "sanitizer_common/sanitizer_tls_get_addr.h"
29

30
// ---------------------- Replacement functions ---------------- {{{1
31
using namespace __asan;
32

33
struct DlsymAlloc : public DlSymAllocator<DlsymAlloc> {
34
  static bool UseImpl() { return !TryAsanInitFromRtl(); }
35
  static void OnAllocate(const void *ptr, uptr size) {
36
#  if CAN_SANITIZE_LEAKS
37
    // Suppress leaks from dlerror(). Previously dlsym hack on global array was
38
    // used by leak sanitizer as a root region.
39
    __lsan_register_root_region(ptr, size);
40
#  endif
41
  }
42
  static void OnFree(const void *ptr, uptr size) {
43
#  if CAN_SANITIZE_LEAKS
44
    __lsan_unregister_root_region(ptr, size);
45
#  endif
46
  }
47
};
48

49
INTERCEPTOR(void, free, void *ptr) {
50
  if (DlsymAlloc::PointerIsMine(ptr))
51
    return DlsymAlloc::Free(ptr);
52
  GET_STACK_TRACE_FREE;
53
  asan_free(ptr, &stack, FROM_MALLOC);
54
}
55

56
#if SANITIZER_INTERCEPT_CFREE
57
INTERCEPTOR(void, cfree, void *ptr) {
58
  if (DlsymAlloc::PointerIsMine(ptr))
59
    return DlsymAlloc::Free(ptr);
60
  GET_STACK_TRACE_FREE;
61
  asan_free(ptr, &stack, FROM_MALLOC);
62
}
63
#endif // SANITIZER_INTERCEPT_CFREE
64

65
INTERCEPTOR(void*, malloc, uptr size) {
66
  if (DlsymAlloc::Use())
67
    return DlsymAlloc::Allocate(size);
68
  GET_STACK_TRACE_MALLOC;
69
  return asan_malloc(size, &stack);
70
}
71

72
INTERCEPTOR(void*, calloc, uptr nmemb, uptr size) {
73
  if (DlsymAlloc::Use())
74
    return DlsymAlloc::Callocate(nmemb, size);
75
  GET_STACK_TRACE_MALLOC;
76
  return asan_calloc(nmemb, size, &stack);
77
}
78

79
INTERCEPTOR(void*, realloc, void *ptr, uptr size) {
80
  if (DlsymAlloc::Use() || DlsymAlloc::PointerIsMine(ptr))
81
    return DlsymAlloc::Realloc(ptr, size);
82
  GET_STACK_TRACE_MALLOC;
83
  return asan_realloc(ptr, size, &stack);
84
}
85

86
#if SANITIZER_INTERCEPT_REALLOCARRAY
87
INTERCEPTOR(void*, reallocarray, void *ptr, uptr nmemb, uptr size) {
88
  AsanInitFromRtl();
89
  GET_STACK_TRACE_MALLOC;
90
  return asan_reallocarray(ptr, nmemb, size, &stack);
91
}
92
#endif  // SANITIZER_INTERCEPT_REALLOCARRAY
93

94
#if SANITIZER_INTERCEPT_MEMALIGN
95
INTERCEPTOR(void*, memalign, uptr boundary, uptr size) {
96
  GET_STACK_TRACE_MALLOC;
97
  return asan_memalign(boundary, size, &stack, FROM_MALLOC);
98
}
99

100
INTERCEPTOR(void*, __libc_memalign, uptr boundary, uptr size) {
101
  GET_STACK_TRACE_MALLOC;
102
  void *res = asan_memalign(boundary, size, &stack, FROM_MALLOC);
103
  DTLS_on_libc_memalign(res, size);
104
  return res;
105
}
106
#endif // SANITIZER_INTERCEPT_MEMALIGN
107

108
#if SANITIZER_INTERCEPT_ALIGNED_ALLOC
109
INTERCEPTOR(void*, aligned_alloc, uptr boundary, uptr size) {
110
  GET_STACK_TRACE_MALLOC;
111
  return asan_aligned_alloc(boundary, size, &stack);
112
}
113
#endif // SANITIZER_INTERCEPT_ALIGNED_ALLOC
114

115
INTERCEPTOR(uptr, malloc_usable_size, void *ptr) {
116
  GET_CURRENT_PC_BP_SP;
117
  (void)sp;
118
  return asan_malloc_usable_size(ptr, pc, bp);
119
}
120

121
#if SANITIZER_INTERCEPT_MALLOPT_AND_MALLINFO
122
// We avoid including malloc.h for portability reasons.
123
// man mallinfo says the fields are "long", but the implementation uses int.
124
// It doesn't matter much -- we just need to make sure that the libc's mallinfo
125
// is not called.
126
struct fake_mallinfo {
127
  int x[10];
128
};
129

130
INTERCEPTOR(struct fake_mallinfo, mallinfo, void) {
131
  struct fake_mallinfo res;
132
  REAL(memset)(&res, 0, sizeof(res));
133
  return res;
134
}
135

136
INTERCEPTOR(int, mallopt, int cmd, int value) {
137
  return 0;
138
}
139
#endif // SANITIZER_INTERCEPT_MALLOPT_AND_MALLINFO
140

141
INTERCEPTOR(int, posix_memalign, void **memptr, uptr alignment, uptr size) {
142
  GET_STACK_TRACE_MALLOC;
143
  return asan_posix_memalign(memptr, alignment, size, &stack);
144
}
145

146
INTERCEPTOR(void*, valloc, uptr size) {
147
  GET_STACK_TRACE_MALLOC;
148
  return asan_valloc(size, &stack);
149
}
150

151
#if SANITIZER_INTERCEPT_PVALLOC
152
INTERCEPTOR(void*, pvalloc, uptr size) {
153
  GET_STACK_TRACE_MALLOC;
154
  return asan_pvalloc(size, &stack);
155
}
156
#endif // SANITIZER_INTERCEPT_PVALLOC
157

158
INTERCEPTOR(void, malloc_stats, void) {
159
  __asan_print_accumulated_stats();
160
}
161

162
#if SANITIZER_ANDROID
163
// Format of __libc_malloc_dispatch has changed in Android L.
164
// While we are moving towards a solution that does not depend on bionic
165
// internals, here is something to support both K* and L releases.
166
struct MallocDebugK {
167
  void *(*malloc)(uptr bytes);
168
  void (*free)(void *mem);
169
  void *(*calloc)(uptr n_elements, uptr elem_size);
170
  void *(*realloc)(void *oldMem, uptr bytes);
171
  void *(*memalign)(uptr alignment, uptr bytes);
172
  uptr (*malloc_usable_size)(void *mem);
173
};
174

175
struct MallocDebugL {
176
  void *(*calloc)(uptr n_elements, uptr elem_size);
177
  void (*free)(void *mem);
178
  fake_mallinfo (*mallinfo)(void);
179
  void *(*malloc)(uptr bytes);
180
  uptr (*malloc_usable_size)(void *mem);
181
  void *(*memalign)(uptr alignment, uptr bytes);
182
  int (*posix_memalign)(void **memptr, uptr alignment, uptr size);
183
  void* (*pvalloc)(uptr size);
184
  void *(*realloc)(void *oldMem, uptr bytes);
185
  void* (*valloc)(uptr size);
186
};
187

188
alignas(32) const MallocDebugK asan_malloc_dispatch_k = {
189
    WRAP(malloc),  WRAP(free),     WRAP(calloc),
190
    WRAP(realloc), WRAP(memalign), WRAP(malloc_usable_size)};
191

192
alignas(32) const MallocDebugL asan_malloc_dispatch_l = {
193
    WRAP(calloc),         WRAP(free),               WRAP(mallinfo),
194
    WRAP(malloc),         WRAP(malloc_usable_size), WRAP(memalign),
195
    WRAP(posix_memalign), WRAP(pvalloc),            WRAP(realloc),
196
    WRAP(valloc)};
197

198
namespace __asan {
199
void ReplaceSystemMalloc() {
200
  void **__libc_malloc_dispatch_p =
201
      (void **)AsanDlSymNext("__libc_malloc_dispatch");
202
  if (__libc_malloc_dispatch_p) {
203
    // Decide on K vs L dispatch format by the presence of
204
    // __libc_malloc_default_dispatch export in libc.
205
    void *default_dispatch_p = AsanDlSymNext("__libc_malloc_default_dispatch");
206
    if (default_dispatch_p)
207
      *__libc_malloc_dispatch_p = (void *)&asan_malloc_dispatch_k;
208
    else
209
      *__libc_malloc_dispatch_p = (void *)&asan_malloc_dispatch_l;
210
  }
211
}
212
}  // namespace __asan
213

214
#else  // SANITIZER_ANDROID
215

216
namespace __asan {
217
void ReplaceSystemMalloc() {
218
}
219
}  // namespace __asan
220
#endif  // SANITIZER_ANDROID
221

222
#endif  // SANITIZER_FREEBSD || SANITIZER_FUCHSIA || SANITIZER_LINUX ||
223
        // SANITIZER_NETBSD || SANITIZER_SOLARIS
224

225