1 //===-- esan_interceptors.cpp ---------------------------------------------===//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // This file is a part of EfficiencySanitizer, a family of performance tuners.
12 // Interception routines for the esan run-time.
13 //===----------------------------------------------------------------------===//
16 #include "esan_shadow.h"
17 #include "interception/interception.h"
18 #include "sanitizer_common/sanitizer_common.h"
19 #include "sanitizer_common/sanitizer_libc.h"
20 #include "sanitizer_common/sanitizer_linux.h"
21 #include "sanitizer_common/sanitizer_stacktrace.h"
23 using namespace __esan
; // NOLINT
25 #define CUR_PC() (StackTrace::GetCurrentPc())
27 //===----------------------------------------------------------------------===//
28 // Interception via sanitizer common interceptors
29 //===----------------------------------------------------------------------===//
31 // Get the per-platform defines for what is possible to intercept
32 #include "sanitizer_common/sanitizer_platform_interceptors.h"
34 DECLARE_REAL_AND_INTERCEPTOR(void *, malloc
, uptr
)
36 // TODO(bruening): tsan disables several interceptors (getpwent, etc.) claiming
37 // that interception is a perf hit: should we do the same?
39 // We have no need to intercept:
40 #undef SANITIZER_INTERCEPT_TLS_GET_ADDR
42 // TODO(bruening): the common realpath interceptor assumes malloc is
43 // intercepted! We should try to parametrize that, though we'll
44 // intercept malloc soon ourselves and can then remove this undef.
45 #undef SANITIZER_INTERCEPT_REALPATH
47 // We provide our own version:
48 #undef SANITIZER_INTERCEPT_SIGPROCMASK
50 #define COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED (!EsanIsInitialized)
52 #define COMMON_INTERCEPT_FUNCTION(name) INTERCEPT_FUNCTION(name)
53 #define COMMON_INTERCEPT_FUNCTION_VER(name, ver) \
54 INTERCEPT_FUNCTION_VER(name, ver)
56 // We must initialize during early interceptors, to support tcmalloc.
57 // This means that for some apps we fully initialize prior to
58 // __esan_init() being called.
59 // We currently do not use ctx.
60 #define COMMON_INTERCEPTOR_ENTER(ctx, func, ...) \
62 if (UNLIKELY(COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED)) { \
63 if (!UNLIKELY(EsanDuringInit)) \
64 initializeLibrary(__esan_which_tool); \
65 return REAL(func)(__VA_ARGS__); \
71 #define COMMON_INTERCEPTOR_ENTER_NOIGNORE(ctx, func, ...) \
72 COMMON_INTERCEPTOR_ENTER(ctx, func, __VA_ARGS__)
74 #define COMMON_INTERCEPTOR_WRITE_RANGE(ctx, ptr, size) \
75 processRangeAccess(CUR_PC(), (uptr)ptr, size, true)
77 #define COMMON_INTERCEPTOR_READ_RANGE(ctx, ptr, size) \
78 processRangeAccess(CUR_PC(), (uptr)ptr, size, false)
80 // This is only called if the app explicitly calls exit(), not on
82 #define COMMON_INTERCEPTOR_ON_EXIT(ctx) finalizeLibrary()
84 #define COMMON_INTERCEPTOR_FILE_OPEN(ctx, file, path) \
90 #define COMMON_INTERCEPTOR_FILE_CLOSE(ctx, file) \
95 #define COMMON_INTERCEPTOR_LIBRARY_LOADED(filename, handle) \
100 #define COMMON_INTERCEPTOR_LIBRARY_UNLOADED() \
103 #define COMMON_INTERCEPTOR_ACQUIRE(ctx, u) \
108 #define COMMON_INTERCEPTOR_RELEASE(ctx, u) \
113 #define COMMON_INTERCEPTOR_DIR_ACQUIRE(ctx, path) \
118 #define COMMON_INTERCEPTOR_FD_ACQUIRE(ctx, fd) \
123 #define COMMON_INTERCEPTOR_FD_RELEASE(ctx, fd) \
128 #define COMMON_INTERCEPTOR_FD_ACCESS(ctx, fd) \
133 #define COMMON_INTERCEPTOR_FD_SOCKET_ACCEPT(ctx, fd, newfd) \
139 #define COMMON_INTERCEPTOR_SET_THREAD_NAME(ctx, name) \
144 #define COMMON_INTERCEPTOR_SET_PTHREAD_NAME(ctx, thread, name) \
150 #define COMMON_INTERCEPTOR_BLOCK_REAL(name) REAL(name)
151 #define COMMON_INTERCEPTOR_MUTEX_LOCK(ctx, m) \
156 #define COMMON_INTERCEPTOR_MUTEX_UNLOCK(ctx, m) \
161 #define COMMON_INTERCEPTOR_MUTEX_REPAIR(ctx, m) \
166 #define COMMON_INTERCEPTOR_HANDLE_RECVMSG(ctx, msg) \
171 #define COMMON_INTERCEPTOR_USER_CALLBACK_START() \
174 #define COMMON_INTERCEPTOR_USER_CALLBACK_END() \
178 #include "sanitizer_common/sanitizer_common_interceptors.inc"
180 //===----------------------------------------------------------------------===//
181 // Syscall interception
182 //===----------------------------------------------------------------------===//
184 // We want the caller's PC b/c unlike the other function interceptors these
185 // are separate pre and post functions called around the app's syscall().
187 #define COMMON_SYSCALL_PRE_READ_RANGE(ptr, size) \
188 processRangeAccess(GET_CALLER_PC(), (uptr)ptr, size, false)
190 #define COMMON_SYSCALL_PRE_WRITE_RANGE(ptr, size) \
196 #define COMMON_SYSCALL_POST_READ_RANGE(ptr, size) \
202 // The actual amount written is in post, not pre.
203 #define COMMON_SYSCALL_POST_WRITE_RANGE(ptr, size) \
204 processRangeAccess(GET_CALLER_PC(), (uptr)ptr, size, true)
206 #define COMMON_SYSCALL_ACQUIRE(addr) \
210 #define COMMON_SYSCALL_RELEASE(addr) \
214 #define COMMON_SYSCALL_FD_CLOSE(fd) \
218 #define COMMON_SYSCALL_FD_ACQUIRE(fd) \
222 #define COMMON_SYSCALL_FD_RELEASE(fd) \
226 #define COMMON_SYSCALL_PRE_FORK() \
229 #define COMMON_SYSCALL_POST_FORK(res) \
234 #include "sanitizer_common/sanitizer_common_syscalls.inc"
236 //===----------------------------------------------------------------------===//
237 // Custom interceptors
238 //===----------------------------------------------------------------------===//
240 // TODO(bruening): move more of these to the common interception pool as they
241 // are shared with tsan and asan.
242 // While our other files match LLVM style, here we match sanitizer style as we
243 // expect to move these to the common pool.
245 INTERCEPTOR(char *, strcpy
, char *dst
, const char *src
) { // NOLINT
247 COMMON_INTERCEPTOR_ENTER(ctx
, strcpy
, dst
, src
);
248 uptr srclen
= internal_strlen(src
);
249 COMMON_INTERCEPTOR_WRITE_RANGE(ctx
, dst
, srclen
+ 1);
250 COMMON_INTERCEPTOR_READ_RANGE(ctx
, src
, srclen
+ 1);
251 return REAL(strcpy
)(dst
, src
); // NOLINT
254 INTERCEPTOR(char *, strncpy
, char *dst
, char *src
, uptr n
) {
256 COMMON_INTERCEPTOR_ENTER(ctx
, strncpy
, dst
, src
, n
);
257 uptr srclen
= internal_strnlen(src
, n
);
258 uptr copied_size
= srclen
+ 1 > n
? n
: srclen
+ 1;
259 COMMON_INTERCEPTOR_WRITE_RANGE(ctx
, dst
, copied_size
);
260 COMMON_INTERCEPTOR_READ_RANGE(ctx
, src
, copied_size
);
261 return REAL(strncpy
)(dst
, src
, n
);
264 INTERCEPTOR(int, open
, const char *name
, int flags
, int mode
) {
266 COMMON_INTERCEPTOR_ENTER(ctx
, open
, name
, flags
, mode
);
267 COMMON_INTERCEPTOR_READ_STRING(ctx
, name
, 0);
268 return REAL(open
)(name
, flags
, mode
);
272 INTERCEPTOR(int, open64
, const char *name
, int flags
, int mode
) {
274 COMMON_INTERCEPTOR_ENTER(ctx
, open64
, name
, flags
, mode
);
275 COMMON_INTERCEPTOR_READ_STRING(ctx
, name
, 0);
276 return REAL(open64
)(name
, flags
, mode
);
278 #define ESAN_MAYBE_INTERCEPT_OPEN64 INTERCEPT_FUNCTION(open64)
280 #define ESAN_MAYBE_INTERCEPT_OPEN64
283 INTERCEPTOR(int, creat
, const char *name
, int mode
) {
285 COMMON_INTERCEPTOR_ENTER(ctx
, creat
, name
, mode
);
286 COMMON_INTERCEPTOR_READ_STRING(ctx
, name
, 0);
287 return REAL(creat
)(name
, mode
);
291 INTERCEPTOR(int, creat64
, const char *name
, int mode
) {
293 COMMON_INTERCEPTOR_ENTER(ctx
, creat64
, name
, mode
);
294 COMMON_INTERCEPTOR_READ_STRING(ctx
, name
, 0);
295 return REAL(creat64
)(name
, mode
);
297 #define ESAN_MAYBE_INTERCEPT_CREAT64 INTERCEPT_FUNCTION(creat64)
299 #define ESAN_MAYBE_INTERCEPT_CREAT64
302 INTERCEPTOR(int, unlink
, char *path
) {
304 COMMON_INTERCEPTOR_ENTER(ctx
, unlink
, path
);
305 COMMON_INTERCEPTOR_READ_STRING(ctx
, path
, 0);
306 return REAL(unlink
)(path
);
309 INTERCEPTOR(int, puts
, const char *s
) {
311 COMMON_INTERCEPTOR_ENTER(ctx
, puts
, s
);
312 COMMON_INTERCEPTOR_READ_RANGE(ctx
, s
, internal_strlen(s
));
313 return REAL(puts
)(s
);
316 INTERCEPTOR(int, rmdir
, char *path
) {
318 COMMON_INTERCEPTOR_ENTER(ctx
, rmdir
, path
);
319 COMMON_INTERCEPTOR_READ_STRING(ctx
, path
, 0);
320 return REAL(rmdir
)(path
);
323 //===----------------------------------------------------------------------===//
324 // Shadow-related interceptors
325 //===----------------------------------------------------------------------===//
327 // These are candidates for sharing with all sanitizers if shadow memory
328 // support is also standardized.
330 INTERCEPTOR(void *, mmap
, void *addr
, SIZE_T sz
, int prot
, int flags
,
332 if (UNLIKELY(REAL(mmap
) == nullptr)) {
333 // With esan init during interceptor init and a static libc preventing
334 // our early-calloc from triggering, we can end up here before our
335 // REAL pointer is set up.
336 return (void *)internal_mmap(addr
, sz
, prot
, flags
, fd
, off
);
339 COMMON_INTERCEPTOR_ENTER(ctx
, mmap
, addr
, sz
, prot
, flags
, fd
, off
);
340 if (!fixMmapAddr(&addr
, sz
, flags
))
342 void *result
= REAL(mmap
)(addr
, sz
, prot
, flags
, fd
, off
);
343 return (void *)checkMmapResult((uptr
)result
, sz
);
347 INTERCEPTOR(void *, mmap64
, void *addr
, SIZE_T sz
, int prot
, int flags
,
348 int fd
, OFF64_T off
) {
350 COMMON_INTERCEPTOR_ENTER(ctx
, mmap64
, addr
, sz
, prot
, flags
, fd
, off
);
351 if (!fixMmapAddr(&addr
, sz
, flags
))
353 void *result
= REAL(mmap64
)(addr
, sz
, prot
, flags
, fd
, off
);
354 return (void *)checkMmapResult((uptr
)result
, sz
);
356 #define ESAN_MAYBE_INTERCEPT_MMAP64 INTERCEPT_FUNCTION(mmap64)
358 #define ESAN_MAYBE_INTERCEPT_MMAP64
361 //===----------------------------------------------------------------------===//
362 // Signal-related interceptors
363 //===----------------------------------------------------------------------===//
366 typedef void (*signal_handler_t
)(int);
367 INTERCEPTOR(signal_handler_t
, signal
, int signum
, signal_handler_t handler
) {
369 COMMON_INTERCEPTOR_ENTER(ctx
, signal
, signum
, handler
);
370 signal_handler_t result
;
371 if (!processSignal(signum
, handler
, &result
))
374 return REAL(signal
)(signum
, handler
);
376 #define ESAN_MAYBE_INTERCEPT_SIGNAL INTERCEPT_FUNCTION(signal)
378 #error Platform not supported
379 #define ESAN_MAYBE_INTERCEPT_SIGNAL
383 DECLARE_REAL(int, sigaction
, int signum
, const struct sigaction
*act
,
384 struct sigaction
*oldact
)
385 INTERCEPTOR(int, sigaction
, int signum
, const struct sigaction
*act
,
386 struct sigaction
*oldact
) {
388 COMMON_INTERCEPTOR_ENTER(ctx
, sigaction
, signum
, act
, oldact
);
389 if (!processSigaction(signum
, act
, oldact
))
392 return REAL(sigaction
)(signum
, act
, oldact
);
395 // This is required to properly use internal_sigaction.
396 namespace __sanitizer
{
397 int real_sigaction(int signum
, const void *act
, void *oldact
) {
398 if (REAL(sigaction
) == nullptr) {
399 // With an instrumented allocator, this is called during interceptor init
400 // and we need a raw syscall solution.
401 return internal_sigaction_syscall(signum
, act
, oldact
);
403 return REAL(sigaction
)(signum
, (const struct sigaction
*)act
,
404 (struct sigaction
*)oldact
);
406 } // namespace __sanitizer
408 #define ESAN_MAYBE_INTERCEPT_SIGACTION INTERCEPT_FUNCTION(sigaction)
410 #error Platform not supported
411 #define ESAN_MAYBE_INTERCEPT_SIGACTION
415 INTERCEPTOR(int, sigprocmask
, int how
, __sanitizer_sigset_t
*set
,
416 __sanitizer_sigset_t
*oldset
) {
418 COMMON_INTERCEPTOR_ENTER(ctx
, sigprocmask
, how
, set
, oldset
);
420 if (processSigprocmask(how
, set
, oldset
))
421 res
= REAL(sigprocmask
)(how
, set
, oldset
);
423 COMMON_INTERCEPTOR_WRITE_RANGE(ctx
, oldset
, sizeof(*oldset
));
426 #define ESAN_MAYBE_INTERCEPT_SIGPROCMASK INTERCEPT_FUNCTION(sigprocmask)
428 #define ESAN_MAYBE_INTERCEPT_SIGPROCMASK
431 #if !SANITIZER_WINDOWS
432 INTERCEPTOR(int, pthread_sigmask
, int how
, __sanitizer_sigset_t
*set
,
433 __sanitizer_sigset_t
*oldset
) {
435 COMMON_INTERCEPTOR_ENTER(ctx
, pthread_sigmask
, how
, set
, oldset
);
437 if (processSigprocmask(how
, set
, oldset
))
438 res
= REAL(sigprocmask
)(how
, set
, oldset
);
440 COMMON_INTERCEPTOR_WRITE_RANGE(ctx
, oldset
, sizeof(*oldset
));
443 #define ESAN_MAYBE_INTERCEPT_PTHREAD_SIGMASK INTERCEPT_FUNCTION(pthread_sigmask)
445 #define ESAN_MAYBE_INTERCEPT_PTHREAD_SIGMASK
448 //===----------------------------------------------------------------------===//
449 // Malloc interceptors
450 //===----------------------------------------------------------------------===//
452 static const uptr early_alloc_buf_size
= 4096;
453 static uptr allocated_bytes
;
454 static char early_alloc_buf
[early_alloc_buf_size
];
456 static bool isInEarlyAllocBuf(const void *ptr
) {
457 return ((uptr
)ptr
>= (uptr
)early_alloc_buf
&&
458 ((uptr
)ptr
- (uptr
)early_alloc_buf
) < sizeof(early_alloc_buf
));
461 static void *handleEarlyAlloc(uptr size
) {
462 // If esan is initialized during an interceptor (which happens with some
463 // tcmalloc implementations that call pthread_mutex_lock), the call from
464 // dlsym to calloc will deadlock.
465 // dlsym may also call malloc before REAL(malloc) is retrieved from dlsym.
466 // We work around it by using a static buffer for the early malloc/calloc
468 // This solution will also allow us to deliberately intercept malloc & family
469 // in the future (to perform tool actions on each allocation, without
470 // replacing the allocator), as it also solves the problem of intercepting
471 // calloc when it will itself be called before its REAL pointer is
473 // We do not handle multiple threads here. This only happens at process init
474 // time, and while it's possible for a shared library to create early threads
475 // that race here, we consider that to be a corner case extreme enough that
476 // it's not worth the effort to handle.
477 void *mem
= (void *)&early_alloc_buf
[allocated_bytes
];
478 allocated_bytes
+= size
;
479 CHECK_LT(allocated_bytes
, early_alloc_buf_size
);
483 INTERCEPTOR(void*, calloc
, uptr size
, uptr n
) {
484 if (EsanDuringInit
&& REAL(calloc
) == nullptr)
485 return handleEarlyAlloc(size
* n
);
487 COMMON_INTERCEPTOR_ENTER(ctx
, calloc
, size
, n
);
488 void *res
= REAL(calloc
)(size
, n
);
489 // The memory is zeroed and thus is all written.
490 COMMON_INTERCEPTOR_WRITE_RANGE(nullptr, (uptr
)res
, size
* n
);
494 INTERCEPTOR(void*, malloc
, uptr size
) {
495 if (EsanDuringInit
&& REAL(malloc
) == nullptr)
496 return handleEarlyAlloc(size
);
498 COMMON_INTERCEPTOR_ENTER(ctx
, malloc
, size
);
499 return REAL(malloc
)(size
);
502 INTERCEPTOR(void, free
, void *p
) {
504 // There are only a few early allocation requests, so we simply skip the free.
505 if (isInEarlyAllocBuf(p
))
507 COMMON_INTERCEPTOR_ENTER(ctx
, free
, p
);
513 void initializeInterceptors() {
514 InitializeCommonInterceptors();
516 INTERCEPT_FUNCTION(strcpy
); // NOLINT
517 INTERCEPT_FUNCTION(strncpy
);
519 INTERCEPT_FUNCTION(open
);
520 ESAN_MAYBE_INTERCEPT_OPEN64
;
521 INTERCEPT_FUNCTION(creat
);
522 ESAN_MAYBE_INTERCEPT_CREAT64
;
523 INTERCEPT_FUNCTION(unlink
);
524 INTERCEPT_FUNCTION(fread
);
525 INTERCEPT_FUNCTION(fwrite
);
526 INTERCEPT_FUNCTION(puts
);
527 INTERCEPT_FUNCTION(rmdir
);
529 INTERCEPT_FUNCTION(mmap
);
530 ESAN_MAYBE_INTERCEPT_MMAP64
;
532 ESAN_MAYBE_INTERCEPT_SIGNAL
;
533 ESAN_MAYBE_INTERCEPT_SIGACTION
;
534 ESAN_MAYBE_INTERCEPT_SIGPROCMASK
;
535 ESAN_MAYBE_INTERCEPT_PTHREAD_SIGMASK
;
537 INTERCEPT_FUNCTION(calloc
);
538 INTERCEPT_FUNCTION(malloc
);
539 INTERCEPT_FUNCTION(free
);
541 // TODO(bruening): intercept routines that other sanitizers intercept that
542 // are not in the common pool or here yet, ideally by adding to the common
543 // pool. Examples include wcslen and bcopy.
545 // TODO(bruening): there are many more libc routines that read or write data
546 // structures that no sanitizer is intercepting: sigaction, strtol, etc.
549 } // namespace __esan