111
|
1 //===-- sanitizer_common_libcdep.cc ---------------------------------------===//
|
|
2 //
|
|
3 // This file is distributed under the University of Illinois Open Source
|
|
4 // License. See LICENSE.TXT for details.
|
|
5 //
|
|
6 //===----------------------------------------------------------------------===//
|
|
7 //
|
|
8 // This file is shared between AddressSanitizer and ThreadSanitizer
|
|
9 // run-time libraries.
|
|
10 //===----------------------------------------------------------------------===//
|
|
11
|
|
12 #include "sanitizer_common.h"
|
|
13
|
|
14 #include "sanitizer_allocator_interface.h"
|
|
15 #include "sanitizer_file.h"
|
|
16 #include "sanitizer_flags.h"
|
|
17 #include "sanitizer_procmaps.h"
|
|
18 #include "sanitizer_report_decorator.h"
|
|
19 #include "sanitizer_stackdepot.h"
|
|
20 #include "sanitizer_stacktrace.h"
|
|
21 #include "sanitizer_symbolizer.h"
|
|
22
|
|
23 #if SANITIZER_POSIX
|
|
24 #include "sanitizer_posix.h"
|
|
25 #endif
|
|
26
|
|
27 namespace __sanitizer {
|
|
28
|
|
29 #if !SANITIZER_FUCHSIA
|
|
30
|
|
31 bool ReportFile::SupportsColors() {
|
|
32 SpinMutexLock l(mu);
|
|
33 ReopenIfNecessary();
|
|
34 return SupportsColoredOutput(fd);
|
|
35 }
|
|
36
|
|
37 static INLINE bool ReportSupportsColors() {
|
|
38 return report_file.SupportsColors();
|
|
39 }
|
|
40
|
|
41 #else // SANITIZER_FUCHSIA
|
|
42
|
|
43 // Fuchsia's logs always go through post-processing that handles colorization.
|
|
44 static INLINE bool ReportSupportsColors() { return true; }
|
|
45
|
|
46 #endif // !SANITIZER_FUCHSIA
|
|
47
|
|
48 bool ColorizeReports() {
|
|
49 // FIXME: Add proper Windows support to AnsiColorDecorator and re-enable color
|
|
50 // printing on Windows.
|
|
51 if (SANITIZER_WINDOWS)
|
|
52 return false;
|
|
53
|
|
54 const char *flag = common_flags()->color;
|
|
55 return internal_strcmp(flag, "always") == 0 ||
|
|
56 (internal_strcmp(flag, "auto") == 0 && ReportSupportsColors());
|
|
57 }
|
|
58
|
|
59 static void (*sandboxing_callback)();
|
|
60 void SetSandboxingCallback(void (*f)()) {
|
|
61 sandboxing_callback = f;
|
|
62 }
|
|
63
|
|
64 void ReportErrorSummary(const char *error_type, const StackTrace *stack,
|
|
65 const char *alt_tool_name) {
|
|
66 #if !SANITIZER_GO
|
|
67 if (!common_flags()->print_summary)
|
|
68 return;
|
|
69 if (stack->size == 0) {
|
|
70 ReportErrorSummary(error_type);
|
|
71 return;
|
|
72 }
|
|
73 // Currently, we include the first stack frame into the report summary.
|
|
74 // Maybe sometimes we need to choose another frame (e.g. skip memcpy/etc).
|
|
75 uptr pc = StackTrace::GetPreviousInstructionPc(stack->trace[0]);
|
|
76 SymbolizedStack *frame = Symbolizer::GetOrInit()->SymbolizePC(pc);
|
|
77 ReportErrorSummary(error_type, frame->info, alt_tool_name);
|
|
78 frame->ClearAll();
|
|
79 #endif
|
|
80 }
|
|
81
|
|
82 static void (*SoftRssLimitExceededCallback)(bool exceeded);
|
|
83 void SetSoftRssLimitExceededCallback(void (*Callback)(bool exceeded)) {
|
|
84 CHECK_EQ(SoftRssLimitExceededCallback, nullptr);
|
|
85 SoftRssLimitExceededCallback = Callback;
|
|
86 }
|
|
87
|
|
88 #if SANITIZER_LINUX && !SANITIZER_GO
|
|
89 void BackgroundThread(void *arg) {
|
|
90 uptr hard_rss_limit_mb = common_flags()->hard_rss_limit_mb;
|
|
91 uptr soft_rss_limit_mb = common_flags()->soft_rss_limit_mb;
|
|
92 bool heap_profile = common_flags()->heap_profile;
|
|
93 uptr prev_reported_rss = 0;
|
|
94 uptr prev_reported_stack_depot_size = 0;
|
|
95 bool reached_soft_rss_limit = false;
|
|
96 uptr rss_during_last_reported_profile = 0;
|
|
97 while (true) {
|
|
98 SleepForMillis(100);
|
|
99 uptr current_rss_mb = GetRSS() >> 20;
|
|
100 if (Verbosity()) {
|
|
101 // If RSS has grown 10% since last time, print some information.
|
|
102 if (prev_reported_rss * 11 / 10 < current_rss_mb) {
|
|
103 Printf("%s: RSS: %zdMb\n", SanitizerToolName, current_rss_mb);
|
|
104 prev_reported_rss = current_rss_mb;
|
|
105 }
|
|
106 // If stack depot has grown 10% since last time, print it too.
|
|
107 StackDepotStats *stack_depot_stats = StackDepotGetStats();
|
|
108 if (prev_reported_stack_depot_size * 11 / 10 <
|
|
109 stack_depot_stats->allocated) {
|
|
110 Printf("%s: StackDepot: %zd ids; %zdM allocated\n",
|
|
111 SanitizerToolName,
|
|
112 stack_depot_stats->n_uniq_ids,
|
|
113 stack_depot_stats->allocated >> 20);
|
|
114 prev_reported_stack_depot_size = stack_depot_stats->allocated;
|
|
115 }
|
|
116 }
|
|
117 // Check RSS against the limit.
|
|
118 if (hard_rss_limit_mb && hard_rss_limit_mb < current_rss_mb) {
|
|
119 Report("%s: hard rss limit exhausted (%zdMb vs %zdMb)\n",
|
|
120 SanitizerToolName, hard_rss_limit_mb, current_rss_mb);
|
|
121 DumpProcessMap();
|
|
122 Die();
|
|
123 }
|
|
124 if (soft_rss_limit_mb) {
|
|
125 if (soft_rss_limit_mb < current_rss_mb && !reached_soft_rss_limit) {
|
|
126 reached_soft_rss_limit = true;
|
|
127 Report("%s: soft rss limit exhausted (%zdMb vs %zdMb)\n",
|
|
128 SanitizerToolName, soft_rss_limit_mb, current_rss_mb);
|
|
129 if (SoftRssLimitExceededCallback)
|
|
130 SoftRssLimitExceededCallback(true);
|
|
131 } else if (soft_rss_limit_mb >= current_rss_mb &&
|
|
132 reached_soft_rss_limit) {
|
|
133 reached_soft_rss_limit = false;
|
|
134 if (SoftRssLimitExceededCallback)
|
|
135 SoftRssLimitExceededCallback(false);
|
|
136 }
|
|
137 }
|
|
138 if (heap_profile &&
|
|
139 current_rss_mb > rss_during_last_reported_profile * 1.1) {
|
|
140 Printf("\n\nHEAP PROFILE at RSS %zdMb\n", current_rss_mb);
|
|
141 __sanitizer_print_memory_profile(90, 20);
|
|
142 rss_during_last_reported_profile = current_rss_mb;
|
|
143 }
|
|
144 }
|
|
145 }
|
|
146 #endif
|
|
147
|
|
148 #if !SANITIZER_FUCHSIA && !SANITIZER_GO
|
|
149 void StartReportDeadlySignal() {
|
|
150 // Write the first message using fd=2, just in case.
|
|
151 // It may actually fail to write in case stderr is closed.
|
|
152 CatastrophicErrorWrite(SanitizerToolName, internal_strlen(SanitizerToolName));
|
|
153 static const char kDeadlySignal[] = ":DEADLYSIGNAL\n";
|
|
154 CatastrophicErrorWrite(kDeadlySignal, sizeof(kDeadlySignal) - 1);
|
|
155 }
|
|
156
|
|
157 static void MaybeReportNonExecRegion(uptr pc) {
|
|
158 #if SANITIZER_FREEBSD || SANITIZER_LINUX || SANITIZER_NETBSD
|
|
159 MemoryMappingLayout proc_maps(/*cache_enabled*/ true);
|
|
160 MemoryMappedSegment segment;
|
|
161 while (proc_maps.Next(&segment)) {
|
|
162 if (pc >= segment.start && pc < segment.end && !segment.IsExecutable())
|
|
163 Report("Hint: PC is at a non-executable region. Maybe a wild jump?\n");
|
|
164 }
|
|
165 #endif
|
|
166 }
|
|
167
|
|
168 static void PrintMemoryByte(InternalScopedString *str, const char *before,
|
|
169 u8 byte) {
|
|
170 SanitizerCommonDecorator d;
|
|
171 str->append("%s%s%x%x%s ", before, d.MemoryByte(), byte >> 4, byte & 15,
|
|
172 d.Default());
|
|
173 }
|
|
174
|
|
175 static void MaybeDumpInstructionBytes(uptr pc) {
|
|
176 if (!common_flags()->dump_instruction_bytes || (pc < GetPageSizeCached()))
|
|
177 return;
|
|
178 InternalScopedString str(1024);
|
|
179 str.append("First 16 instruction bytes at pc: ");
|
|
180 if (IsAccessibleMemoryRange(pc, 16)) {
|
|
181 for (int i = 0; i < 16; ++i) {
|
|
182 PrintMemoryByte(&str, "", ((u8 *)pc)[i]);
|
|
183 }
|
|
184 str.append("\n");
|
|
185 } else {
|
|
186 str.append("unaccessible\n");
|
|
187 }
|
|
188 Report("%s", str.data());
|
|
189 }
|
|
190
|
|
191 static void MaybeDumpRegisters(void *context) {
|
|
192 if (!common_flags()->dump_registers) return;
|
|
193 SignalContext::DumpAllRegisters(context);
|
|
194 }
|
|
195
|
|
196 static void ReportStackOverflowImpl(const SignalContext &sig, u32 tid,
|
|
197 UnwindSignalStackCallbackType unwind,
|
|
198 const void *unwind_context) {
|
|
199 SanitizerCommonDecorator d;
|
|
200 Printf("%s", d.Warning());
|
|
201 static const char kDescription[] = "stack-overflow";
|
|
202 Report("ERROR: %s: %s on address %p (pc %p bp %p sp %p T%d)\n",
|
|
203 SanitizerToolName, kDescription, (void *)sig.addr, (void *)sig.pc,
|
|
204 (void *)sig.bp, (void *)sig.sp, tid);
|
|
205 Printf("%s", d.Default());
|
|
206 InternalScopedBuffer<BufferedStackTrace> stack_buffer(1);
|
|
207 BufferedStackTrace *stack = stack_buffer.data();
|
|
208 stack->Reset();
|
|
209 unwind(sig, unwind_context, stack);
|
|
210 stack->Print();
|
|
211 ReportErrorSummary(kDescription, stack);
|
|
212 }
|
|
213
|
|
214 static void ReportDeadlySignalImpl(const SignalContext &sig, u32 tid,
|
|
215 UnwindSignalStackCallbackType unwind,
|
|
216 const void *unwind_context) {
|
|
217 SanitizerCommonDecorator d;
|
|
218 Printf("%s", d.Warning());
|
|
219 const char *description = sig.Describe();
|
|
220 Report("ERROR: %s: %s on unknown address %p (pc %p bp %p sp %p T%d)\n",
|
|
221 SanitizerToolName, description, (void *)sig.addr, (void *)sig.pc,
|
|
222 (void *)sig.bp, (void *)sig.sp, tid);
|
|
223 Printf("%s", d.Default());
|
|
224 if (sig.pc < GetPageSizeCached())
|
|
225 Report("Hint: pc points to the zero page.\n");
|
|
226 if (sig.is_memory_access) {
|
|
227 const char *access_type =
|
|
228 sig.write_flag == SignalContext::WRITE
|
|
229 ? "WRITE"
|
|
230 : (sig.write_flag == SignalContext::READ ? "READ" : "UNKNOWN");
|
|
231 Report("The signal is caused by a %s memory access.\n", access_type);
|
|
232 if (sig.addr < GetPageSizeCached())
|
|
233 Report("Hint: address points to the zero page.\n");
|
|
234 }
|
|
235 MaybeReportNonExecRegion(sig.pc);
|
|
236 InternalScopedBuffer<BufferedStackTrace> stack_buffer(1);
|
|
237 BufferedStackTrace *stack = stack_buffer.data();
|
|
238 stack->Reset();
|
|
239 unwind(sig, unwind_context, stack);
|
|
240 stack->Print();
|
|
241 MaybeDumpInstructionBytes(sig.pc);
|
|
242 MaybeDumpRegisters(sig.context);
|
|
243 Printf("%s can not provide additional info.\n", SanitizerToolName);
|
|
244 ReportErrorSummary(description, stack);
|
|
245 }
|
|
246
|
|
247 void ReportDeadlySignal(const SignalContext &sig, u32 tid,
|
|
248 UnwindSignalStackCallbackType unwind,
|
|
249 const void *unwind_context) {
|
|
250 if (sig.IsStackOverflow())
|
|
251 ReportStackOverflowImpl(sig, tid, unwind, unwind_context);
|
|
252 else
|
|
253 ReportDeadlySignalImpl(sig, tid, unwind, unwind_context);
|
|
254 }
|
|
255
|
|
256 void HandleDeadlySignal(void *siginfo, void *context, u32 tid,
|
|
257 UnwindSignalStackCallbackType unwind,
|
|
258 const void *unwind_context) {
|
|
259 StartReportDeadlySignal();
|
|
260 ScopedErrorReportLock rl;
|
|
261 SignalContext sig(siginfo, context);
|
|
262 ReportDeadlySignal(sig, tid, unwind, unwind_context);
|
|
263 Report("ABORTING\n");
|
|
264 Die();
|
|
265 }
|
|
266
|
|
267 #endif // !SANITIZER_FUCHSIA && !SANITIZER_GO
|
|
268
|
|
269 void WriteToSyslog(const char *msg) {
|
|
270 InternalScopedString msg_copy(kErrorMessageBufferSize);
|
|
271 msg_copy.append("%s", msg);
|
|
272 char *p = msg_copy.data();
|
|
273 char *q;
|
|
274
|
|
275 // Print one line at a time.
|
|
276 // syslog, at least on Android, has an implicit message length limit.
|
|
277 do {
|
|
278 q = internal_strchr(p, '\n');
|
|
279 if (q)
|
|
280 *q = '\0';
|
|
281 WriteOneLineToSyslog(p);
|
|
282 if (q)
|
|
283 p = q + 1;
|
|
284 } while (q);
|
|
285 }
|
|
286
|
|
287 void MaybeStartBackgroudThread() {
|
|
288 #if SANITIZER_LINUX && \
|
|
289 !SANITIZER_GO // Need to implement/test on other platforms.
|
|
290 // Start the background thread if one of the rss limits is given.
|
|
291 if (!common_flags()->hard_rss_limit_mb &&
|
|
292 !common_flags()->soft_rss_limit_mb &&
|
|
293 !common_flags()->heap_profile) return;
|
|
294 if (!&real_pthread_create) return; // Can't spawn the thread anyway.
|
|
295 internal_start_thread(BackgroundThread, nullptr);
|
|
296 #endif
|
|
297 }
|
|
298
|
|
299 static atomic_uintptr_t reporting_thread = {0};
|
|
300
|
|
301 ScopedErrorReportLock::ScopedErrorReportLock() {
|
|
302 uptr current = GetThreadSelf();
|
|
303 for (;;) {
|
|
304 uptr expected = 0;
|
|
305 if (atomic_compare_exchange_strong(&reporting_thread, &expected, current,
|
|
306 memory_order_relaxed)) {
|
|
307 // We've claimed reporting_thread so proceed.
|
|
308 CommonSanitizerReportMutex.Lock();
|
|
309 return;
|
|
310 }
|
|
311
|
|
312 if (expected == current) {
|
|
313 // This is either asynch signal or nested error during error reporting.
|
|
314 // Fail simple to avoid deadlocks in Report().
|
|
315
|
|
316 // Can't use Report() here because of potential deadlocks in nested
|
|
317 // signal handlers.
|
|
318 CatastrophicErrorWrite(SanitizerToolName,
|
|
319 internal_strlen(SanitizerToolName));
|
|
320 static const char msg[] = ": nested bug in the same thread, aborting.\n";
|
|
321 CatastrophicErrorWrite(msg, sizeof(msg) - 1);
|
|
322
|
|
323 internal__exit(common_flags()->exitcode);
|
|
324 }
|
|
325
|
|
326 internal_sched_yield();
|
|
327 }
|
|
328 }
|
|
329
|
|
330 ScopedErrorReportLock::~ScopedErrorReportLock() {
|
|
331 CommonSanitizerReportMutex.Unlock();
|
|
332 atomic_store_relaxed(&reporting_thread, 0);
|
|
333 }
|
|
334
|
|
335 void ScopedErrorReportLock::CheckLocked() {
|
|
336 CommonSanitizerReportMutex.CheckLocked();
|
|
337 }
|
|
338
|
|
339 } // namespace __sanitizer
|
|
340
|
|
341 SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_sandbox_on_notify,
|
|
342 __sanitizer_sandbox_arguments *args) {
|
|
343 __sanitizer::PrepareForSandboxing(args);
|
|
344 if (__sanitizer::sandboxing_callback)
|
|
345 __sanitizer::sandboxing_callback();
|
|
346 }
|