1 //===-- hwasan_checks.h -----------------------------------------*- C++ -*-===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file is a part of HWAddressSanitizer.
10 //
11 //===----------------------------------------------------------------------===//
12
13 #ifndef HWASAN_CHECKS_H
14 #define HWASAN_CHECKS_H
15
16 #include "hwasan_allocator.h"
17 #include "hwasan_mapping.h"
18 #include "sanitizer_common/sanitizer_common.h"
19
20 namespace __hwasan {
21 template <unsigned X>
22 __attribute__((always_inline)) static void SigTrap(uptr p) {
23 #if defined(__aarch64__)
24 (void)p;
25 // 0x900 is added to do not interfere with the kernel use of lower values of
26 // brk immediate.
27 register uptr x0 asm("x0") = p;
28 asm("brk %1\n\t" ::"r"(x0), "n"(0x900 + X));
29 #elif defined(__x86_64__)
30 // INT3 + NOP DWORD ptr [EAX + X] to pass X to our signal handler, 5 bytes
31 // total. The pointer is passed via rdi.
32 // 0x40 is added as a safeguard, to help distinguish our trap from others and
33 // to avoid 0 offsets in the command (otherwise it'll be reduced to a
34 // different nop command, the three bytes one).
35 asm volatile(
36 "int3\n"
37 "nopl %c0(%%rax)\n" ::"n"(0x40 + X),
38 "D"(p));
39 #elif SANITIZER_RISCV64
40 // Put pointer into x10
41 // addiw contains immediate of 0x40 + X, where 0x40 is magic number and X
42 // encodes access size
43 register uptr x10 asm("x10") = p;
44 asm volatile(
45 "ebreak\n"
46 "addiw x0, x0, %1\n" ::"r"(x10),
47 "I"(0x40 + X));
48 #else
49 // FIXME: not always sigill.
50 __builtin_trap();
51 #endif
52 // __builtin_unreachable();
53 }
54
55 // Version with access size which is not power of 2
56 template <unsigned X>
57 __attribute__((always_inline)) static void SigTrap(uptr p, uptr size) {
58 #if defined(__aarch64__)
59 register uptr x0 asm("x0") = p;
60 register uptr x1 asm("x1") = size;
61 asm("brk %2\n\t" ::"r"(x0), "r"(x1), "n"(0x900 + X));
62 #elif defined(__x86_64__)
63 // Size is stored in rsi.
64 asm volatile(
65 "int3\n"
66 "nopl %c0(%%rax)\n" ::"n"(0x40 + X),
67 "D"(p), "S"(size));
68 #elif SANITIZER_RISCV64
69 // Put access size into x11
70 register uptr x10 asm("x10") = p;
71 register uptr x11 asm("x11") = size;
72 asm volatile(
73 "ebreak\n"
74 "addiw x0, x0, %2\n" ::"r"(x10),
75 "r"(x11), "I"(0x40 + X));
76 #else
77 __builtin_trap();
78 #endif
79 // __builtin_unreachable();
80 }
81
82 __attribute__((always_inline, nodebug)) static bool PossiblyShortTagMatches(
83 tag_t mem_tag, uptr ptr, uptr sz) {
84 tag_t ptr_tag = GetTagFromPointer(ptr);
85 if (ptr_tag == mem_tag)
86 return true;
87 if (mem_tag >= kShadowAlignment)
88 return false;
89 if ((ptr & (kShadowAlignment - 1)) + sz > mem_tag)
90 return false;
91 #if !defined(__aarch64__) && !(SANITIZER_RISCV64)
92 ptr = UntagAddr(ptr);
93 #endif
94 return *(u8 *)(ptr | (kShadowAlignment - 1)) == ptr_tag;
95 }
96
97 enum class ErrorAction { Abort, Recover };
98 enum class AccessType { Load, Store };
99
100 template <ErrorAction EA, AccessType AT, unsigned LogSize>
101 __attribute__((always_inline, nodebug)) static void CheckAddress(uptr p) {
102 if (!InTaggableRegion(p))
103 return;
104 uptr ptr_raw = p & ~kAddressTagMask;
105 tag_t mem_tag = *(tag_t *)MemToShadow(ptr_raw);
106 if (UNLIKELY(!PossiblyShortTagMatches(mem_tag, p, 1 << LogSize))) {
107 SigTrap<0x20 * (EA == ErrorAction::Recover) +
108 0x10 * (AT == AccessType::Store) + LogSize>(p);
109 if (EA == ErrorAction::Abort)
110 __builtin_unreachable();
111 }
112 }
113
114 template <ErrorAction EA, AccessType AT>
115 __attribute__((always_inline, nodebug)) static void CheckAddressSized(uptr p,
116 uptr sz) {
117 if (sz == 0 || !InTaggableRegion(p))
118 return;
119 tag_t ptr_tag = GetTagFromPointer(p);
120 uptr ptr_raw = p & ~kAddressTagMask;
121 tag_t *shadow_first = (tag_t *)MemToShadow(ptr_raw);
122 tag_t *shadow_last = (tag_t *)MemToShadow(ptr_raw + sz);
123 for (tag_t *t = shadow_first; t < shadow_last; ++t)
124 if (UNLIKELY(ptr_tag != *t)) {
125 SigTrap<0x20 * (EA == ErrorAction::Recover) +
126 0x10 * (AT == AccessType::Store) + 0xf>(p, sz);
127 if (EA == ErrorAction::Abort)
128 __builtin_unreachable();
129 }
130 uptr end = p + sz;
131 uptr tail_sz = end & 0xf;
132 if (UNLIKELY(tail_sz != 0 &&
133 !PossiblyShortTagMatches(
134 *shadow_last, end & ~(kShadowAlignment - 1), tail_sz))) {
135 SigTrap<0x20 * (EA == ErrorAction::Recover) +
136 0x10 * (AT == AccessType::Store) + 0xf>(p, sz);
137 if (EA == ErrorAction::Abort)
138 __builtin_unreachable();
139 }
140 }
141
142 } // end namespace __hwasan
143
144 #endif // HWASAN_CHECKS_H