1 #include "sanitizer_common/sanitizer_atomic.h" 2 3 #include <stdlib.h> 4 #include <stdint.h> 5 #include <string.h> 6 #include <unistd.h> 7 8 #ifdef KERNEL_USE 9 extern "C" void ubsan_message(const char *msg); 10 static void message(const char *msg) { ubsan_message(msg); } 11 #else 12 static void message(const char *msg) { 13 (void)write(2, msg, strlen(msg)); 14 } 15 #endif 16 17 static const int kMaxCallerPcs = 20; 18 static __sanitizer::atomic_uintptr_t caller_pcs[kMaxCallerPcs]; 19 // Number of elements in caller_pcs. A special value of kMaxCallerPcs + 1 means 20 // that "too many errors" has already been reported. 21 static __sanitizer::atomic_uint32_t caller_pcs_sz; 22 23 static char *append_str(const char *s, char *buf, const char *end) { 24 for (const char *p = s; (buf < end) && (*p != '\0'); ++p, ++buf) 25 *buf = *p; 26 return buf; 27 } 28 29 static char *append_hex(uintptr_t d, char *buf, const char *end) { 30 // Print the address by nibbles. 31 for (unsigned shift = sizeof(uintptr_t) * 8; shift && buf < end;) { 32 shift -= 4; 33 unsigned nibble = (d >> shift) & 0xf; 34 *(buf++) = nibble < 10 ? nibble + '0' : nibble - 10 + 'a'; 35 } 36 return buf; 37 } 38 39 static void format_msg(const char *kind, uintptr_t caller, char *buf, 40 const char *end) { 41 buf = append_str("ubsan: ", buf, end); 42 buf = append_str(kind, buf, end); 43 buf = append_str(" by 0x", buf, end); 44 buf = append_hex(caller, buf, end); 45 buf = append_str("\n", buf, end); 46 if (buf == end) 47 --buf; // Make sure we don't cause a buffer overflow. 48 *buf = '\0'; 49 } 50 51 SANITIZER_INTERFACE_WEAK_DEF(void, __ubsan_report_error, const char *kind, 52 uintptr_t caller) { 53 if (caller == 0) 54 return; 55 while (true) { 56 unsigned sz = __sanitizer::atomic_load_relaxed(&caller_pcs_sz); 57 if (sz > kMaxCallerPcs) 58 return; // early exit 59 // when sz==kMaxCallerPcs print "too many errors", but only when cmpxchg 60 // succeeds in order to not print it multiple times. 61 if (sz > 0 && sz < kMaxCallerPcs) { 62 uintptr_t p; 63 for (unsigned i = 0; i < sz; ++i) { 64 p = __sanitizer::atomic_load_relaxed(&caller_pcs[i]); 65 if (p == 0) break; // Concurrent update. 66 if (p == caller) 67 return; 68 } 69 if (p == 0) continue; // FIXME: yield? 70 } 71 72 if (!__sanitizer::atomic_compare_exchange_strong( 73 &caller_pcs_sz, &sz, sz + 1, __sanitizer::memory_order_seq_cst)) 74 continue; // Concurrent update! Try again from the start. 75 76 if (sz == kMaxCallerPcs) { 77 message("ubsan: too many errors\n"); 78 return; 79 } 80 __sanitizer::atomic_store_relaxed(&caller_pcs[sz], caller); 81 82 char msg_buf[128]; 83 format_msg(kind, caller, msg_buf, msg_buf + sizeof(msg_buf)); 84 message(msg_buf); 85 } 86 } 87 88 #if defined(__ANDROID__) 89 extern "C" __attribute__((weak)) void android_set_abort_message(const char *); 90 static void abort_with_message(const char *kind, uintptr_t caller) { 91 char msg_buf[128]; 92 format_msg(kind, caller, msg_buf, msg_buf + sizeof(msg_buf)); 93 if (&android_set_abort_message) 94 android_set_abort_message(msg_buf); 95 abort(); 96 } 97 #else 98 static void abort_with_message(const char *kind, uintptr_t caller) { abort(); } 99 #endif 100 101 #if SANITIZER_DEBUG 102 namespace __sanitizer { 103 // The DCHECK macro needs this symbol to be defined. 104 void NORETURN CheckFailed(const char *file, int, const char *cond, u64, u64) { 105 message("Sanitizer CHECK failed: "); 106 message(file); 107 message(":?? : "); // FIXME: Show line number. 108 message(cond); 109 abort(); 110 } 111 } // namespace __sanitizer 112 #endif 113 114 #define INTERFACE extern "C" __attribute__((visibility("default"))) 115 116 #define HANDLER_RECOVER(name, kind) \ 117 INTERFACE void __ubsan_handle_##name##_minimal() { \ 118 __ubsan_report_error(kind, GET_CALLER_PC()); \ 119 } 120 121 #define HANDLER_NORECOVER(name, kind) \ 122 INTERFACE void __ubsan_handle_##name##_minimal_abort() { \ 123 uintptr_t caller = GET_CALLER_PC(); \ 124 __ubsan_report_error(kind, caller); \ 125 abort_with_message(kind, caller); \ 126 } 127 128 #define HANDLER(name, kind) \ 129 HANDLER_RECOVER(name, kind) \ 130 HANDLER_NORECOVER(name, kind) 131 132 HANDLER(type_mismatch, "type-mismatch") 133 HANDLER(alignment_assumption, "alignment-assumption") 134 HANDLER(add_overflow, "add-overflow") 135 HANDLER(sub_overflow, "sub-overflow") 136 HANDLER(mul_overflow, "mul-overflow") 137 HANDLER(negate_overflow, "negate-overflow") 138 HANDLER(divrem_overflow, "divrem-overflow") 139 HANDLER(shift_out_of_bounds, "shift-out-of-bounds") 140 HANDLER(out_of_bounds, "out-of-bounds") 141 HANDLER(local_out_of_bounds, "local-out-of-bounds") 142 HANDLER_RECOVER(builtin_unreachable, "builtin-unreachable") 143 HANDLER_RECOVER(missing_return, "missing-return") 144 HANDLER(vla_bound_not_positive, "vla-bound-not-positive") 145 HANDLER(float_cast_overflow, "float-cast-overflow") 146 HANDLER(load_invalid_value, "load-invalid-value") 147 HANDLER(invalid_builtin, "invalid-builtin") 148 HANDLER(invalid_objc_cast, "invalid-objc-cast") 149 HANDLER(function_type_mismatch, "function-type-mismatch") 150 HANDLER(implicit_conversion, "implicit-conversion") 151 HANDLER(nonnull_arg, "nonnull-arg") 152 HANDLER(nonnull_return, "nonnull-return") 153 HANDLER(nullability_arg, "nullability-arg") 154 HANDLER(nullability_return, "nullability-return") 155 HANDLER(pointer_overflow, "pointer-overflow") 156 HANDLER(cfi_check_fail, "cfi-check-fail") 157