[win/asan] GetInstructionSize: Support some more 7 or 8 byte instructions. (#124011)

This patch adds several instructions seen when trying to run a
executable built with ASan with llvm-mingw.
(x86

[win/asan] GetInstructionSize: Support some more 7 or 8 byte instructions. (#124011)

This patch adds several instructions seen when trying to run a
executable built with ASan with llvm-mingw.
(x86 and x86_64, using the git tip in llvm-project).

Also includes instructions collected by
Roman Pišl and Eric Pouech in the Wine bug reports below.

```
Related: https://github.com/llvm/llvm-project/issues/96270

Co-authored-by: Roman Pišl <rpisl@seznam.cz>
https://bugs.winehq.org/show_bug.cgi?id=50993
https://bugs.winehq.org/attachment.cgi?id=70233
Co-authored-by: Eric Pouech <eric.pouech@gmail.com>
https://bugs.winehq.org/show_bug.cgi?id=52386
https://bugs.winehq.org/attachment.cgi?id=71626
```

show more ...

[win/asan] GetInstructionSize: Support some more 6 byte instructions. (#124006)

This patch adds several instructions seen when trying to run a
executable built with ASan with llvm-mingw.
(x86 and

[win/asan] GetInstructionSize: Support some more 6 byte instructions. (#124006)

This patch adds several instructions seen when trying to run a
executable built with ASan with llvm-mingw.
(x86 and x86_64, using the git tip in llvm-project).

Also includes instructions collected by
Roman Pišl and Eric Pouech in the Wine bug reports below.

```
Related: https://github.com/llvm/llvm-project/issues/96270

Co-authored-by: Roman Pišl <rpisl@seznam.cz>
https://bugs.winehq.org/show_bug.cgi?id=50993
https://bugs.winehq.org/attachment.cgi?id=70233
Co-authored-by: Eric Pouech <eric.pouech@gmail.com>
https://bugs.winehq.org/show_bug.cgi?id=52386
https://bugs.winehq.org/attachment.cgi?id=71626
```

show more ...

[win/asan] GetInstructionSize: Support some more 4 byte instructions. (#123709)

This patch adds several instructions seen when trying to run a
executable built with ASan with llvm-mingw.
(x86 and

[win/asan] GetInstructionSize: Support some more 4 byte instructions. (#123709)

This patch adds several instructions seen when trying to run a
executable built with ASan with llvm-mingw.
(x86 and x86_64, using the git tip in llvm-project).

Also includes instructions collected by
Roman Pišl and Eric Pouech in the Wine bug reports below.

```
Related: https://github.com/llvm/llvm-project/issues/96270

Co-authored-by: Roman Pišl <rpisl@seznam.cz>
https://bugs.winehq.org/show_bug.cgi?id=50993
https://bugs.winehq.org/attachment.cgi?id=70233
Co-authored-by: Eric Pouech <eric.pouech@gmail.com>
https://bugs.winehq.org/show_bug.cgi?id=52386
https://bugs.winehq.org/attachment.cgi?id=71626
```

show more ...

[win/asan] GetInstructionSize: Support some more 5 byte instructions. (#123844)

This patch adds several instructions seen when trying to run a
executable built with ASan with llvm-mingw.
(x86 and

[win/asan] GetInstructionSize: Support some more 5 byte instructions. (#123844)

This patch adds several instructions seen when trying to run a
executable built with ASan with llvm-mingw.
(x86 and x86_64, using the git tip in llvm-project).

Also includes instructions collected by
Roman Pišl and Eric Pouech in the Wine bug reports below.
```
Related: https://github.com/llvm/llvm-project/issues/96270

Co-authored-by: Roman Pišl <rpisl@seznam.cz>
https://bugs.winehq.org/show_bug.cgi?id=50993
https://bugs.winehq.org/attachment.cgi?id=70233
Co-authored-by: Eric Pouech <eric.pouech@gmail.com>
https://bugs.winehq.org/show_bug.cgi?id=52386
https://bugs.winehq.org/attachment.cgi?id=71626
```

show more ...

[win/asan] GetInstructionSize: Support some more 3 byte instructions. (#120474)

This patch adds several instructions seen when trying to run a
executable built with ASan with llvm-mingw.
(x86 and

[win/asan] GetInstructionSize: Support some more 3 byte instructions. (#120474)

This patch adds several instructions seen when trying to run a
executable built with ASan with llvm-mingw.
(x86 and x86_64, using the git tip in llvm-project).

Also includes instructions collected by
Roman Pišl and Eric Pouech in the Wine bug reports below.

```
Related: https://github.com/llvm/llvm-project/issues/96270

Co-authored-by: Roman Pišl <rpisl@seznam.cz>
https://bugs.winehq.org/show_bug.cgi?id=50993
https://bugs.winehq.org/attachment.cgi?id=70233
Co-authored-by: Eric Pouech <eric.pouech@gmail.com>
https://bugs.winehq.org/show_bug.cgi?id=52386
https://bugs.winehq.org/attachment.cgi?id=71626
```

show more ...

[win/asan] GetInstructionSize: Support some more 2 byte instructions. (#120235)

This patch adds several instructions seen when trying to run a
executable built with ASan with llvm-mingw.
(x86 and

[win/asan] GetInstructionSize: Support some more 2 byte instructions. (#120235)

This patch adds several instructions seen when trying to run a
executable built with ASan with llvm-mingw.
(x86 and x86_64, using the git tip in llvm-project).

Also includes instructions collected by
Roman Pišl and Eric Pouech in the Wine bug reports below.

```
Related: https://github.com/llvm/llvm-project/issues/96270

Co-authored-by: Roman Pišl <rpisl@seznam.cz>
https://bugs.winehq.org/show_bug.cgi?id=50993
https://bugs.winehq.org/attachment.cgi?id=70233
Co-authored-by: Eric Pouech <eric.pouech@gmail.com>
https://bugs.winehq.org/show_bug.cgi?id=52386
https://bugs.winehq.org/attachment.cgi?id=71626
```

CC: @zmodem

show more ...

[win/asan] Don't intercept memset etc. in ntdll (#120397)

When ntdll was added to the list of of "interesting DLLs" list (in
d58230b9dcb3b312a2da8f874daa0cc8dc27da9b), the intention was not to
int

[win/asan] Don't intercept memset etc. in ntdll (#120397)

When ntdll was added to the list of of "interesting DLLs" list (in
d58230b9dcb3b312a2da8f874daa0cc8dc27da9b), the intention was not to
intercept the "mini CRT" functions it exports. OverrideFunction would
only intercept the *first* function it found when searching the list of
DLLs, and ntdll was put last in that list.

However, after 42cdfbcf3e92466754c175cb0e1e237e9f66749e,
OverrideFunction intercepts *all* matching functions in those DLLs. As
a side-effect, the runtime would now intercept functions like memset
etc. also in ntdll.

This causes a problem when ntdll-internal functions like
RtlDispatchException call the intercepted memset, which tries to
inspect uncommitted shadow memory, raising an exception, and getting
stuck in that loop until the stack overflows.

Since we never intended to intercept ntdll's memset etc., the simplest
fix seems to be to actively ignore ntdll when intercepting those
functions.

Fixes #114793

show more ...

[win/asan] GetInstructionSize: Fix `83 E4 XX` to return 3. (#119644)

This consolidates the two different lines for x86 and x86_64 into a
single line for both architectures.
And adds a test line.

[win/asan] GetInstructionSize: Fix `83 E4 XX` to return 3. (#119644)

This consolidates the two different lines for x86 and x86_64 into a
single line for both architectures.
And adds a test line.

CC: @zmodem

show more ...

[win/asan] GetInstructionSize: Make `83 EC XX` a generic entry. (#119537)

This consolidates the two different lines for x86 and x86_64 into a
single line for both architectures.
And adds a test li

[win/asan] GetInstructionSize: Make `83 EC XX` a generic entry. (#119537)

This consolidates the two different lines for x86 and x86_64 into a
single line for both architectures.
And adds a test line.

CC: @zmodem

show more ...

[win/asan] GetInstructionSize: Make `F6 C1 XX` a generic entry. (#118144)

[win/asan] GetInstructionSize: Fix `41 81 7c ...` to return 9. (#117828)

Trying to populate the recently added test for GetInstructionSize I
stumbled over this.
gdb and bddisasm have the opinion t

[win/asan] GetInstructionSize: Fix `41 81 7c ...` to return 9. (#117828)

Trying to populate the recently added test for GetInstructionSize I
stumbled over this.
gdb and bddisasm have the opinion this instruction is 9 bytes.
Also lldb shows this:
```
(lldb) disassemble --bytes --start-address 0x0000555555556004 --end-address 0x0000555555556024
0x555555556004: 41 81 7b 73 74 75 76 77 cmpl $0x77767574, 0x73(%r11) ; imm = 0x77767574
0x55555555600c: 41 81 7c 73 74 75 76 77 78 cmpl $0x78777675, 0x74(%r11,%rsi,2) ; imm = 0x78777675
0x555555556015: 41 81 7d 73 74 75 76 77 cmpl $0x77767574, 0x73(%r13) ; imm = 0x77767574
0x55555555601d: 00 00 addb %al, (%rax)
```

There is also a handy tool in llvm to directly feed in the byte sequence
- `41 81 7c` also uses 9 bytes here:
```
$ echo -n -e "0x41, 0x81, 0x7b, 0x73, 0x74, 0x75, 0x76, 0x77, 0x90" | ./llvm/build/bin/llvm-mc --disassemble --show-encoding
.text
cmpl $2004252020, 115(%r11) # encoding: [0x41,0x81,0x7b,0x73,0x74,0x75,0x76,0x77]
# imm = 0x77767574
nop # encoding: [0x90]
$ echo -n -e "0x41, 0x81, 0x7c, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x90" | ./llvm/build/bin/llvm-mc --disassemble --show-encoding
.text
cmpl $2021095029, 116(%r11,%rsi,2) # encoding: [0x41,0x81,0x7c,0x73,0x74,0x75,0x76,0x77,0x78]
# imm = 0x78777675
nop # encoding: [0x90]
```

show more ...

[win/asan] Avoid warnings in interception_win.cpp. (#118143)

warning: format specifies type 'void *' but the argument has type 'uptr'
(aka 'unsigned long long') [-Wformat] (observed at x86_64, in

[win/asan] Avoid warnings in interception_win.cpp. (#118143)

warning: format specifies type 'void *' but the argument has type 'uptr'
(aka 'unsigned long long') [-Wformat] (observed at x86_64, in
AllocateTrampolineRegion)

warning: format specifies type 'char *' but the argument has type
'RVAPtr<char>' [-Wformat] (observed at x86_64, in
InternalGetProcAddress)

show more ...

[win/asan] GetInstructionSize: Remove duplicate instruction `FF 25 ...`. (#116894)

It appears already some lines above with this comment:
"Cannot overwrite control-instruction. Return 0 to indica

[win/asan] GetInstructionSize: Remove duplicate instruction `FF 25 ...`. (#116894)

It appears already some lines above with this comment:
"Cannot overwrite control-instruction. Return 0 to indicate failure.".

Replacing just the comment in the first appearance.

Found after creating the test in #113085.

show more ...

[win/asan] Add a test skeleton for function GetInstructionSize. (#116948)

Was first part of PR #113085.

[win/asan] Recognize mov QWORD PTR [rip + X], reg (#117335)

This comes up when intercepting clang-built `__sanitizer_cov` functions.

[win/asan] GetInstructionSize: Fix `8A 05 ...` to return 6 again. (#116889)

This was already the case before 3bd8f4e,
which probably accidentally inserted
a few new instructions and a return 4 in

[win/asan] GetInstructionSize: Fix `8A 05 ...` to return 6 again. (#116889)

This was already the case before 3bd8f4e,
which probably accidentally inserted
a few new instructions and a return 4 in between.

show more ...

[win/asan] Search both higher and lower in AllocateTrampolineRegion (#114212)

There may not always be available virtual memory at higher addresses
than the target function. Therefore, search also l

[win/asan] Search both higher and lower in AllocateTrampolineRegion (#114212)

There may not always be available virtual memory at higher addresses
than the target function. Therefore, search also lower addresses while
ensuring that we stay within the accessible memory range.

Additionally, add more ReportError calls to make the reasons for
interception failure more clear.

show more ...

[win/asan] Fix instruction size for 44 0f b6 1a

movzx r11d,BYTE PTR [rdx]

is four bytes long.

Follow-up to #111638

[ASan][windows] Recognize movzx r11d, BYTE PTR [rdx] in interception_win (#111638)

The instruction is present in some library in the 24H2 update for
Windows 11:

==8508==interception_win: unhandl

[ASan][windows] Recognize movzx r11d, BYTE PTR [rdx] in interception_win (#111638)

The instruction is present in some library in the 24H2 update for
Windows 11:

==8508==interception_win: unhandled instruction at 0x7ff83e193a40: 44 0f
b6 1a 4c 8b d2 48

This could be generalized, but getting all the ModR/M byte combinations
right is tricky. Many other classes of instructions handled in this file
could use some generalization too.

show more ...

[sanitizer][asan][msvc] Teach GetInstructionSize about many instructions that appear in MSVC generated code. (#69490)

MSVC can sometimes generate instructions in function prologues that asan
previou

[sanitizer][asan][msvc] Teach GetInstructionSize about many instructions that appear in MSVC generated code. (#69490)

MSVC can sometimes generate instructions in function prologues that asan
previously didn't know the size of. This teaches asan those sizes. This isn't
super useful for using ASAN with non-msvc compilers, but it does stand alone.

From https://reviews.llvm.org/D151008

show more ...

Fix typos in interception_win.cpp

[win/asan] AllocateMemoryForTrampoline within 2 GB of the module's base address (#108822)

Since we may copy code (see CopyInstructions) to the trampoline which
could reference data inside the origi

[win/asan] AllocateMemoryForTrampoline within 2 GB of the module's base address (#108822)

Since we may copy code (see CopyInstructions) to the trampoline which
could reference data inside the original module, we really want the
trampoline to be within 2 GB of not just the original function, but
within anything that function may have rip-relative accesses to, i.e.
within 2 GB of that function's whole module.

This fixes interception failures like the following scenario:

1. Intercept `CreateProcess` in kernel32.dll, allocating a trampoline
region right after
2. Start intercepting `memcpy` in the main executable, which is loaded
at a lower address than kernel32.dll, but still within 2 GB of the
trampoline region so we keep using it.
3. Try to copy instructions from `memcpy` to the trampoline. Turns out
one instruction references data that is more than 2GB away from the
trampoline, so it can't be relocated.
4. The process exits due to a CHECK failure

(Full story at https://crbug.com/341936875#comment45 and following.)

show more ...

Revert "[compiler-rt] Remove duplicates of sanitizer_common functions"

This works for MinGW, but the MSVC linker apparently doens't pull in
those symbols. Reverting for now since I won't be able to

Revert "[compiler-rt] Remove duplicates of sanitizer_common functions"

This works for MinGW, but the MSVC linker apparently doens't pull in
those symbols. Reverting for now since I won't be able to reproduce it today.

https://lab.llvm.org/buildbot/#/builders/107/builds/2337

This reverts commit 9df92cbd1addb03c7169f05cf3b628f88c610224.

show more ...

[compiler-rt] Remove duplicates of sanitizer_common functions

These functions in interception_win.cpp already exist in
sanitizer_common. Use those instead.

Reviewed By: mstorsjo

Pull Request: http

[compiler-rt] Remove duplicates of sanitizer_common functions

These functions in interception_win.cpp already exist in
sanitizer_common. Use those instead.

Reviewed By: mstorsjo

Pull Request: https://github.com/llvm/llvm-project/pull/106488

show more ...

[asan][windows] Weak function interception support in instruction size decoder. (#86570)

This makes it so we'll be able to decode the instructions used in the
weak function stubs from
https://gith

[asan][windows] Weak function interception support in instruction size decoder. (#86570)

This makes it so we'll be able to decode the instructions used in the
weak function stubs from
https://github.com/llvm/llvm-project/pull/81677. This code doesn't
technically require those changes.

Co-authored-by: Amy Wishnousky <amyw@microsoft.com>

show more ...