1
//===-- hwasan_fuchsia.cpp --------------------------------------*- C++ -*-===//
2
//
3
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4
// See https://llvm.org/LICENSE.txt for license information.
5
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6
//
7
//===----------------------------------------------------------------------===//
8
///
9
/// \file
10
/// This file is a part of HWAddressSanitizer and contains Fuchsia-specific
11
/// code.
12
///
13
//===----------------------------------------------------------------------===//
14

15
#include "sanitizer_common/sanitizer_fuchsia.h"
16
#if SANITIZER_FUCHSIA
17

18
#include <zircon/features.h>
19
#include <zircon/syscalls.h>
20

21
#include "hwasan.h"
22
#include "hwasan_interface_internal.h"
23
#include "hwasan_report.h"
24
#include "hwasan_thread.h"
25
#include "hwasan_thread_list.h"
26

27
// This TLS variable contains the location of the stack ring buffer and can be
28
// used to always find the hwasan thread object associated with the current
29
// running thread.
30
[[gnu::tls_model("initial-exec")]]
31
SANITIZER_INTERFACE_ATTRIBUTE
32
THREADLOCAL uptr __hwasan_tls;
33

34
namespace __hwasan {
35

36
bool InitShadow() {
37
  __sanitizer::InitShadowBounds();
38
  CHECK_NE(__sanitizer::ShadowBounds.shadow_limit, 0);
39

40
  // These variables are used by MemIsShadow for asserting we have a correct
41
  // shadow address. On Fuchsia, we only have one region of shadow, so the
42
  // bounds of Low shadow can be zero while High shadow represents the true
43
  // bounds. Note that these are inclusive ranges.
44
  kLowShadowStart = 0;
45
  kLowShadowEnd = 0;
46
  kHighShadowStart = __sanitizer::ShadowBounds.shadow_base;
47
  kHighShadowEnd = __sanitizer::ShadowBounds.shadow_limit - 1;
48

49
  return true;
50
}
51

52
bool MemIsApp(uptr p) {
53
  CHECK(GetTagFromPointer(p) == 0);
54
  return __sanitizer::ShadowBounds.shadow_limit <= p &&
55
         p <= (__sanitizer::ShadowBounds.memory_limit - 1);
56
}
57

58
// These are known parameters passed to the hwasan runtime on thread creation.
59
struct Thread::InitState {
60
  uptr stack_bottom, stack_top;
61
};
62

63
static void FinishThreadInitialization(Thread *thread);
64

65
void InitThreads() {
66
  // This is the minimal alignment needed for the storage where hwasan threads
67
  // and their stack ring buffers are placed. This alignment is necessary so the
68
  // stack ring buffer can perform a simple calculation to get the next element
69
  // in the RB. The instructions for this calculation are emitted by the
70
  // compiler. (Full explanation in hwasan_thread_list.h.)
71
  uptr alloc_size = UINT64_C(1) << kShadowBaseAlignment;
72
  uptr thread_start = reinterpret_cast<uptr>(
73
      MmapAlignedOrDieOnFatalError(alloc_size, alloc_size, __func__));
74

75
  InitThreadList(thread_start, alloc_size);
76

77
  // Create the hwasan thread object for the current (main) thread. Stack info
78
  // for this thread is known from information passed via
79
  // __sanitizer_startup_hook.
80
  const Thread::InitState state = {
81
      .stack_bottom = __sanitizer::MainThreadStackBase,
82
      .stack_top =
83
          __sanitizer::MainThreadStackBase + __sanitizer::MainThreadStackSize,
84
  };
85
  FinishThreadInitialization(hwasanThreadList().CreateCurrentThread(&state));
86
}
87

88
uptr *GetCurrentThreadLongPtr() { return &__hwasan_tls; }
89

90
// This is called from the parent thread before the new thread is created. Here
91
// we can propagate known info like the stack bounds to Thread::Init before
92
// jumping into the thread. We cannot initialize the stack ring buffer yet since
93
// we have not entered the new thread.
94
static void *BeforeThreadCreateHook(uptr user_id, bool detached,
95
                                    const char *name, uptr stack_bottom,
96
                                    uptr stack_size) {
97
  const Thread::InitState state = {
98
      .stack_bottom = stack_bottom,
99
      .stack_top = stack_bottom + stack_size,
100
  };
101
  return hwasanThreadList().CreateCurrentThread(&state);
102
}
103

104
// This sets the stack top and bottom according to the InitState passed to
105
// CreateCurrentThread above.
106
void Thread::InitStackAndTls(const InitState *state) {
107
  CHECK_NE(state->stack_bottom, 0);
108
  CHECK_NE(state->stack_top, 0);
109
  stack_bottom_ = state->stack_bottom;
110
  stack_top_ = state->stack_top;
111
  tls_end_ = tls_begin_ = 0;
112
}
113

114
// This is called after creating a new thread with the pointer returned by
115
// BeforeThreadCreateHook. We are still in the creating thread and should check
116
// if it was actually created correctly.
117
static void ThreadCreateHook(void *hook, bool aborted) {
118
  Thread *thread = static_cast<Thread *>(hook);
119
  if (!aborted) {
120
    // The thread was created successfully.
121
    // ThreadStartHook can already be running in the new thread.
122
  } else {
123
    // The thread wasn't created after all.
124
    // Clean up everything we set up in BeforeThreadCreateHook.
125
    atomic_signal_fence(memory_order_seq_cst);
126
    hwasanThreadList().ReleaseThread(thread);
127
  }
128
}
129

130
// This is called in the newly-created thread before it runs anything else,
131
// with the pointer returned by BeforeThreadCreateHook (above). Here we can
132
// setup the stack ring buffer.
133
static void ThreadStartHook(void *hook, thrd_t self) {
134
  Thread *thread = static_cast<Thread *>(hook);
135
  FinishThreadInitialization(thread);
136
  thread->EnsureRandomStateInited();
137
}
138

139
// This is the function that sets up the stack ring buffer and enables us to use
140
// GetCurrentThread. This function should only be called while IN the thread
141
// that we want to create the hwasan thread object for so __hwasan_tls can be
142
// properly referenced.
143
static void FinishThreadInitialization(Thread *thread) {
144
  CHECK_NE(thread, nullptr);
145

146
  // The ring buffer is located immediately before the thread object.
147
  uptr stack_buffer_size = hwasanThreadList().GetRingBufferSize();
148
  uptr stack_buffer_start = reinterpret_cast<uptr>(thread) - stack_buffer_size;
149
  thread->InitStackRingBuffer(stack_buffer_start, stack_buffer_size);
150
}
151

152
static void ThreadExitHook(void *hook, thrd_t self) {
153
  Thread *thread = static_cast<Thread *>(hook);
154
  atomic_signal_fence(memory_order_seq_cst);
155
  hwasanThreadList().ReleaseThread(thread);
156
}
157

158
uptr TagMemoryAligned(uptr p, uptr size, tag_t tag) {
159
  CHECK(IsAligned(p, kShadowAlignment));
160
  CHECK(IsAligned(size, kShadowAlignment));
161
  __sanitizer_fill_shadow(p, size, tag,
162
                          common_flags()->clear_shadow_mmap_threshold);
163
  return AddTagToPointer(p, tag);
164
}
165

166
// Not implemented because Fuchsia does not use signal handlers.
167
void HwasanOnDeadlySignal(int signo, void *info, void *context) {}
168

169
// Not implemented because Fuchsia does not use interceptors.
170
void InitializeInterceptors() {}
171

172
// Not implemented because this is only relevant for Android.
173
void AndroidTestTlsSlot() {}
174

175
// TSD was normally used on linux as a means of calling the hwasan thread exit
176
// handler passed to pthread_key_create. This is not needed on Fuchsia because
177
// we will be using __sanitizer_thread_exit_hook.
178
void HwasanTSDInit() {}
179
void HwasanTSDThreadInit() {}
180

181
// On linux, this just would call `atexit(HwasanAtExit)`. The functions in
182
// HwasanAtExit are unimplemented for Fuchsia and effectively no-ops, so this
183
// function is unneeded.
184
void InstallAtExitHandler() {}
185

186
void HwasanInstallAtForkHandler() {}
187

188
void InstallAtExitCheckLeaks() {}
189

190
void InitializeOsSupport() {
191
#ifdef __aarch64__
192
  uint32_t features = 0;
193
  CHECK_EQ(zx_system_get_features(ZX_FEATURE_KIND_ADDRESS_TAGGING, &features),
194
           ZX_OK);
195
  if (!(features & ZX_ARM64_FEATURE_ADDRESS_TAGGING_TBI) &&
196
      flags()->fail_without_syscall_abi) {
197
    Printf(
198
        "FATAL: HWAddressSanitizer requires "
199
        "ZX_ARM64_FEATURE_ADDRESS_TAGGING_TBI.\n");
200
    Die();
201
  }
202
#endif
203
}
204

205
}  // namespace __hwasan
206

207
namespace __lsan {
208

209
bool UseExitcodeOnLeak() { return __hwasan::flags()->halt_on_error; }
210

211
}  // namespace __lsan
212

213
extern "C" {
214

215
void *__sanitizer_before_thread_create_hook(thrd_t thread, bool detached,
216
                                            const char *name, void *stack_base,
217
                                            size_t stack_size) {
218
  return __hwasan::BeforeThreadCreateHook(
219
      reinterpret_cast<uptr>(thread), detached, name,
220
      reinterpret_cast<uptr>(stack_base), stack_size);
221
}
222

223
void __sanitizer_thread_create_hook(void *hook, thrd_t thread, int error) {
224
  __hwasan::ThreadCreateHook(hook, error != thrd_success);
225
}
226

227
void __sanitizer_thread_start_hook(void *hook, thrd_t self) {
228
  __hwasan::ThreadStartHook(hook, reinterpret_cast<uptr>(self));
229
}
230

231
void __sanitizer_thread_exit_hook(void *hook, thrd_t self) {
232
  __hwasan::ThreadExitHook(hook, self);
233
}
234

235
void __sanitizer_module_loaded(const struct dl_phdr_info *info, size_t) {
236
  __hwasan_library_loaded(info->dlpi_addr, info->dlpi_phdr, info->dlpi_phnum);
237
}
238

239
}  // extern "C"
240

241
#endif  // SANITIZER_FUCHSIA
242

243