//===-- hwasan_checks.h -----------------------------------------*- C++ -*-===// // // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // See https://llvm.org/LICENSE.txt for license information. // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // //===----------------------------------------------------------------------===// // // This file is a part of HWAddressSanitizer. // //===----------------------------------------------------------------------===// #ifndef HWASAN_CHECKS_H #define HWASAN_CHECKS_H #include "hwasan_allocator.h" #include "hwasan_mapping.h" #include "sanitizer_common/sanitizer_common.h" namespace __hwasan { template __attribute__((always_inline)) static void SigTrap(uptr p) { #if defined(__aarch64__) (void)p; // 0x900 is added to do not interfere with the kernel use of lower values of // brk immediate. register uptr x0 asm("x0") = p; asm("brk %1\n\t" ::"r"(x0), "n"(0x900 + X)); #elif defined(__x86_64__) // INT3 + NOP DWORD ptr [EAX + X] to pass X to our signal handler, 5 bytes // total. The pointer is passed via rdi. // 0x40 is added as a safeguard, to help distinguish our trap from others and // to avoid 0 offsets in the command (otherwise it'll be reduced to a // different nop command, the three bytes one). asm volatile( "int3\n" "nopl %c0(%%rax)\n" ::"n"(0x40 + X), "D"(p)); #elif SANITIZER_RISCV64 // Put pointer into x10 // addiw contains immediate of 0x40 + X, where 0x40 is magic number and X // encodes access size register uptr x10 asm("x10") = p; asm volatile( "ebreak\n" "addiw x0, x0, %1\n" ::"r"(x10), "I"(0x40 + X)); #else // FIXME: not always sigill. __builtin_trap(); #endif // __builtin_unreachable(); } // Version with access size which is not power of 2 template __attribute__((always_inline)) static void SigTrap(uptr p, uptr size) { #if defined(__aarch64__) register uptr x0 asm("x0") = p; register uptr x1 asm("x1") = size; asm("brk %2\n\t" ::"r"(x0), "r"(x1), "n"(0x900 + X)); #elif defined(__x86_64__) // Size is stored in rsi. asm volatile( "int3\n" "nopl %c0(%%rax)\n" ::"n"(0x40 + X), "D"(p), "S"(size)); #elif SANITIZER_RISCV64 // Put access size into x11 register uptr x10 asm("x10") = p; register uptr x11 asm("x11") = size; asm volatile( "ebreak\n" "addiw x0, x0, %2\n" ::"r"(x10), "r"(x11), "I"(0x40 + X)); #else __builtin_trap(); #endif // __builtin_unreachable(); } __attribute__((always_inline, nodebug)) static bool PossiblyShortTagMatches( tag_t mem_tag, uptr ptr, uptr sz) { tag_t ptr_tag = GetTagFromPointer(ptr); if (ptr_tag == mem_tag) return true; if (mem_tag >= kShadowAlignment) return false; if ((ptr & (kShadowAlignment - 1)) + sz > mem_tag) return false; #if !defined(__aarch64__) && !(SANITIZER_RISCV64) ptr = UntagAddr(ptr); #endif return *(u8 *)(ptr | (kShadowAlignment - 1)) == ptr_tag; } enum class ErrorAction { Abort, Recover }; enum class AccessType { Load, Store }; template __attribute__((always_inline, nodebug)) static void CheckAddress(uptr p) { if (!InTaggableRegion(p)) return; uptr ptr_raw = p & ~kAddressTagMask; tag_t mem_tag = *(tag_t *)MemToShadow(ptr_raw); if (UNLIKELY(!PossiblyShortTagMatches(mem_tag, p, 1 << LogSize))) { SigTrap<0x20 * (EA == ErrorAction::Recover) + 0x10 * (AT == AccessType::Store) + LogSize>(p); if (EA == ErrorAction::Abort) __builtin_unreachable(); } } template __attribute__((always_inline, nodebug)) static void CheckAddressSized(uptr p, uptr sz) { if (sz == 0 || !InTaggableRegion(p)) return; tag_t ptr_tag = GetTagFromPointer(p); uptr ptr_raw = p & ~kAddressTagMask; tag_t *shadow_first = (tag_t *)MemToShadow(ptr_raw); tag_t *shadow_last = (tag_t *)MemToShadow(ptr_raw + sz); for (tag_t *t = shadow_first; t < shadow_last; ++t) if (UNLIKELY(ptr_tag != *t)) { SigTrap<0x20 * (EA == ErrorAction::Recover) + 0x10 * (AT == AccessType::Store) + 0xf>(p, sz); if (EA == ErrorAction::Abort) __builtin_unreachable(); } uptr end = p + sz; uptr tail_sz = end & 0xf; if (UNLIKELY(tail_sz != 0 && !PossiblyShortTagMatches( *shadow_last, end & ~(kShadowAlignment - 1), tail_sz))) { SigTrap<0x20 * (EA == ErrorAction::Recover) + 0x10 * (AT == AccessType::Store) + 0xf>(p, sz); if (EA == ErrorAction::Abort) __builtin_unreachable(); } } } // end namespace __hwasan #endif // HWASAN_CHECKS_H