diff options
| author | Andrew Kaster <andrewdkaster@gmail.com> | 2021-05-23 19:40:22 -0600 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2021-05-27 15:18:03 +0200 |
| commit | 4a5a1e864894a2d3ac80fdf061a34f5e6a29abfb (patch) | |
| tree | 8e33a4f87838764c0b8df85a3065def5e0037ced | |
| parent | 505f84daae62ff6b0c94eb2551fd69e87e56823f (diff) | |
| download | serenity-4a5a1e864894a2d3ac80fdf061a34f5e6a29abfb.zip | |
Userland: Port UBSAN implementation to userspace
Take Kernel/UBSanitizer.cpp and make a copy in LibSanitizer.
We can use LibSanitizer to hold other sanitizers as people implement
them :^).
To enable UBSAN for LibC, DynamicLoader, and other low level system
libraries, LibUBSanitizer is built as a serenity_libc, and has a static
version for LibCStatic to use. The approach is the same as that taken in
Note that this means now UBSAN is enabled for code generators, Lagom,
Kernel, and Userspace with -DENABLE_UNDEFINED_SANTIZER=ON. In userspace
however, UBSAN is not deadly (yet).
Co-authored-by: ForLoveOfCats <ForLoveOfCats@vivaldi.net>
| -rw-r--r-- | CMakeLists.txt | 14 | ||||
| -rw-r--r-- | Userland/DynamicLoader/CMakeLists.txt | 4 | ||||
| -rw-r--r-- | Userland/Libraries/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | Userland/Libraries/LibC/CMakeLists.txt | 5 | ||||
| -rw-r--r-- | Userland/Libraries/LibSanitizer/CMakeLists.txt | 12 | ||||
| -rw-r--r-- | Userland/Libraries/LibSanitizer/UBSanitizer.cpp | 225 |
6 files changed, 259 insertions, 2 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 0c20f9ae3b..5b83d5e257 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -110,6 +110,11 @@ include_directories(.) include_directories(${CMAKE_BINARY_DIR}) add_subdirectory(Meta/Lagom) + +if (ENABLE_UNDEFINED_SANITIZER) + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=undefined") +endif() + add_subdirectory(Userland/DevTools/IPCCompiler) add_subdirectory(Userland/DevTools/StateMachineGenerator) add_subdirectory(Userland/Libraries/LibWeb/CodeGenerators) @@ -233,6 +238,15 @@ include_directories(${CMAKE_CURRENT_BINARY_DIR}/Userland/Services) include_directories(${CMAKE_CURRENT_BINARY_DIR}/Userland/Libraries) include_directories(${CMAKE_CURRENT_BINARY_DIR}/Userland) +# FIXME: vptr sanitizing requires.. intense ABI wrangling of std::type_info +# And would be better served by porting ubsan_type_hash_itanium.cpp from compiler-rt +# We don't set this along with the original fsanitize=undefined because for host tools, we can rely on +# the host's libubsan to provide the ABI-specific vptr type cache. +# This is not a problem for the Kernel, because it does not have RTTI enabled :^) +if (ENABLE_UNDEFINED_SANITIZER) + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-sanitize=vptr") +endif() + add_subdirectory(AK) add_subdirectory(Kernel) add_subdirectory(Userland) diff --git a/Userland/DynamicLoader/CMakeLists.txt b/Userland/DynamicLoader/CMakeLists.txt index dd9cb3dc03..8c7a883e54 100644 --- a/Userland/DynamicLoader/CMakeLists.txt +++ b/Userland/DynamicLoader/CMakeLists.txt @@ -18,6 +18,10 @@ endif() file(GLOB LIBSYSTEM_SOURCES "../Libraries/LibSystem/*.cpp") +if (ENABLE_UNDEFINED_SANITIZER) + set(LOADER_SOURCES ${LOADER_SOURCES} ../Libraries/LibSanitizer/UBSanitizer.cpp) +endif() + add_definitions(-D_DYNAMIC_LOADER) set(SOURCES ${LOADER_SOURCES} ${AK_SOURCES} ${ELF_SOURCES} ${LIBC_SOURCES1} ${LIBC_SOURCES2} ${LIBC_SOURCES3} ${LIBSYSTEM_SOURCES}) diff --git a/Userland/Libraries/CMakeLists.txt b/Userland/Libraries/CMakeLists.txt index e3ae34ecaf..d4c55908b7 100644 --- a/Userland/Libraries/CMakeLists.txt +++ b/Userland/Libraries/CMakeLists.txt @@ -31,6 +31,7 @@ add_subdirectory(LibPDF) add_subdirectory(LibProtocol) add_subdirectory(LibPthread) add_subdirectory(LibRegex) +add_subdirectory(LibSanitizer) add_subdirectory(LibSQL) add_subdirectory(LibSymbolication) add_subdirectory(LibSyntax) diff --git a/Userland/Libraries/LibC/CMakeLists.txt b/Userland/Libraries/LibC/CMakeLists.txt index 9df1b2a559..f5d9722bc7 100644 --- a/Userland/Libraries/LibC/CMakeLists.txt +++ b/Userland/Libraries/LibC/CMakeLists.txt @@ -95,15 +95,16 @@ set(SOURCES ${LIBC_SOURCES} ${AK_SOURCES} ${ELF_SOURCES} ${ASM_SOURCES}) set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -static-libstdc++") add_library(LibCStaticWithoutDeps STATIC ${SOURCES}) target_link_libraries(LibCStaticWithoutDeps ssp) -add_dependencies(LibCStaticWithoutDeps LibM LibSystem) +add_dependencies(LibCStaticWithoutDeps LibM LibSystem LibUBSanitizer) add_custom_target(LibCStatic COMMAND ${CMAKE_AR} -x $<TARGET_FILE:LibCStaticWithoutDeps> COMMAND ${CMAKE_AR} -x $<TARGET_FILE:ssp> COMMAND ${CMAKE_AR} -x $<TARGET_FILE:LibSystemStatic> + COMMAND ${CMAKE_AR} -x $<TARGET_FILE:LibUBSanitizerStatic> COMMAND ${CMAKE_AR} -qcs ${CMAKE_CURRENT_BINARY_DIR}/libc.a *.o WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} - DEPENDS LibCStaticWithoutDeps ssp LibSystemStatic + DEPENDS LibCStaticWithoutDeps ssp LibSystemStatic LibUBSanitizerStatic ) install(FILES ${CMAKE_CURRENT_BINARY_DIR}/libc.a DESTINATION ${CMAKE_INSTALL_PREFIX}/usr/lib/) diff --git a/Userland/Libraries/LibSanitizer/CMakeLists.txt b/Userland/Libraries/LibSanitizer/CMakeLists.txt new file mode 100644 index 0000000000..0666db50f5 --- /dev/null +++ b/Userland/Libraries/LibSanitizer/CMakeLists.txt @@ -0,0 +1,12 @@ +set(SOURCES + UBSanitizer.cpp + ../LibC/ssp.cpp +) + +set_source_files_properties (../LibC/ssp.cpp PROPERTIES COMPILE_FLAGS + "-fno-stack-protector") + +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -nostdlib") +serenity_libc(LibUBSanitizer ubsan) + +add_library(LibUBSanitizerStatic STATIC ${SOURCES}) diff --git a/Userland/Libraries/LibSanitizer/UBSanitizer.cpp b/Userland/Libraries/LibSanitizer/UBSanitizer.cpp new file mode 100644 index 0000000000..7195b4d145 --- /dev/null +++ b/Userland/Libraries/LibSanitizer/UBSanitizer.cpp @@ -0,0 +1,225 @@ +/* + * Copyright (c) 2021, Andreas Kling <kling@serenityos.org> + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include <AK/Format.h> +#include <AK/UBSanitizer.h> + +using namespace AK::UBSanitizer; + +// FIXME: Parse option from UBSAN_OPTIONS: halt_on_error=0 or 1 +bool AK::UBSanitizer::g_ubsan_is_deadly { false }; // FIXME: Make true!! + +#define WARNLN_AND_DBGLN(fmt, ...) \ + warnln(fmt, ##__VA_ARGS__); \ + dbgln(fmt, ##__VA_ARGS__); + +extern "C" { + +static void print_location(const SourceLocation& location) +{ + if (!location.filename()) { + WARNLN_AND_DBGLN("UBSAN: in unknown file"); + } else { + WARNLN_AND_DBGLN("UBSAN: at {}, line {}, column: {}", location.filename(), location.line(), location.column()); + } + // FIXME: Dump backtrace of this process (with symbols? without symbols?) in case the user wants non-deadly UBSAN + // Should probably go through the kernel for SC_dump_backtrace, then access the loader's symbol tables rather than + // going through the symbolizer service? + if (g_ubsan_is_deadly) { + WARNLN_AND_DBGLN("UB is configured to be deadly"); + VERIFY_NOT_REACHED(); + } +} + +void __ubsan_handle_load_invalid_value(const InvalidValueData&, ValueHandle) __attribute__((used)); +void __ubsan_handle_load_invalid_value(const InvalidValueData& data, ValueHandle) +{ + WARNLN_AND_DBGLN("UBSAN: load-invalid-value: {} ({}-bit)", data.type.name(), data.type.bit_width()); + print_location(data.location); +} + +void __ubsan_handle_nonnull_arg(const NonnullArgData&) __attribute__((used)); +void __ubsan_handle_nonnull_arg(const NonnullArgData& data) +{ + WARNLN_AND_DBGLN("UBSAN: null pointer passed as argument {}, which is declared to never be null", data.argument_index); + print_location(data.location); +} + +void __ubsan_handle_nullability_arg(const NonnullArgData&) __attribute__((used)); +void __ubsan_handle_nullability_arg(const NonnullArgData& data) +{ + WARNLN_AND_DBGLN("UBSAN: null pointer passed as argument {}, which is declared to never be null", data.argument_index); + print_location(data.location); +} + +void __ubsan_handle_nonnull_return_v1(const NonnullReturnData&, const SourceLocation&) __attribute__((used)); +void __ubsan_handle_nonnull_return_v1(const NonnullReturnData&, const SourceLocation& location) +{ + WARNLN_AND_DBGLN("UBSAN: null pointer return from function declared to never return null"); + print_location(location); +} + +void __ubsan_handle_nullability_return_v1(const NonnullReturnData& data, const SourceLocation& location) __attribute__((used)); +void __ubsan_handle_nullability_return_v1(const NonnullReturnData&, const SourceLocation& location) +{ + WARNLN_AND_DBGLN("UBSAN: null pointer return from function declared to never return null"); + print_location(location); +} + +void __ubsan_handle_vla_bound_not_positive(const VLABoundData&, ValueHandle) __attribute__((used)); +void __ubsan_handle_vla_bound_not_positive(const VLABoundData& data, ValueHandle) +{ + WARNLN_AND_DBGLN("UBSAN: VLA bound not positive {} ({}-bit)", data.type.name(), data.type.bit_width()); + print_location(data.location); +} + +void __ubsan_handle_add_overflow(const OverflowData&, ValueHandle lhs, ValueHandle rhs) __attribute__((used)); +void __ubsan_handle_add_overflow(const OverflowData& data, ValueHandle, ValueHandle) +{ + WARNLN_AND_DBGLN("UBSAN: addition overflow, {} ({}-bit)", data.type.name(), data.type.bit_width()); + + print_location(data.location); +} + +void __ubsan_handle_sub_overflow(const OverflowData&, ValueHandle lhs, ValueHandle rhs) __attribute__((used)); +void __ubsan_handle_sub_overflow(const OverflowData& data, ValueHandle, ValueHandle) +{ + WARNLN_AND_DBGLN("UBSAN: subtraction overflow, {} ({}-bit)", data.type.name(), data.type.bit_width()); + + print_location(data.location); +} + +void __ubsan_handle_negate_overflow(const OverflowData&, ValueHandle) __attribute__((used)); +void __ubsan_handle_negate_overflow(const OverflowData& data, ValueHandle) +{ + WARNLN_AND_DBGLN("UBSAN: negation overflow, {} ({}-bit)", data.type.name(), data.type.bit_width()); + + print_location(data.location); +} + +void __ubsan_handle_mul_overflow(const OverflowData&, ValueHandle lhs, ValueHandle rhs) __attribute__((used)); +void __ubsan_handle_mul_overflow(const OverflowData& data, ValueHandle, ValueHandle) +{ + WARNLN_AND_DBGLN("UBSAN: multiplication overflow, {} ({}-bit)", data.type.name(), data.type.bit_width()); + print_location(data.location); +} + +void __ubsan_handle_shift_out_of_bounds(const ShiftOutOfBoundsData&, ValueHandle lhs, ValueHandle rhs) __attribute__((used)); +void __ubsan_handle_shift_out_of_bounds(const ShiftOutOfBoundsData& data, ValueHandle, ValueHandle) +{ + WARNLN_AND_DBGLN("UBSAN: shift out of bounds, {} ({}-bit) shifted by {} ({}-bit)", data.lhs_type.name(), data.lhs_type.bit_width(), data.rhs_type.name(), data.rhs_type.bit_width()); + print_location(data.location); +} + +void __ubsan_handle_divrem_overflow(const OverflowData&, ValueHandle lhs, ValueHandle rhs) __attribute__((used)); +void __ubsan_handle_divrem_overflow(const OverflowData& data, ValueHandle, ValueHandle) +{ + WARNLN_AND_DBGLN("UBSAN: divrem overflow, {} ({}-bit)", data.type.name(), data.type.bit_width()); + print_location(data.location); +} + +void __ubsan_handle_out_of_bounds(const OutOfBoundsData&, ValueHandle) __attribute__((used)); +void __ubsan_handle_out_of_bounds(const OutOfBoundsData& data, ValueHandle) +{ + WARNLN_AND_DBGLN("UBSAN: out of bounds access into array of {} ({}-bit), index type {} ({}-bit)", data.array_type.name(), data.array_type.bit_width(), data.index_type.name(), data.index_type.bit_width()); + print_location(data.location); +} + +void __ubsan_handle_type_mismatch_v1(const TypeMismatchData&, ValueHandle) __attribute__((used)); +void __ubsan_handle_type_mismatch_v1(const TypeMismatchData& data, ValueHandle ptr) +{ + constexpr StringView kinds[] = { + "load of", + "store to", + "reference binding to", + "member access within", + "member call on", + "constructor call on", + "downcast of", + "downcast of", + "upcast of", + "cast to virtual base of", + "_Nonnull binding to", + "dynamic operation on" + }; + + FlatPtr alignment = (FlatPtr)1 << data.log_alignment; + auto kind = kinds[data.type_check_kind]; + + if (!ptr) { + WARNLN_AND_DBGLN("UBSAN: {} null pointer of type {}", kind, data.type.name()); + } else if ((FlatPtr)ptr & (alignment - 1)) { + WARNLN_AND_DBGLN("UBSAN: {} misaligned address {:p} of type {}", kind, ptr, data.type.name()); + } else { + WARNLN_AND_DBGLN("UBSAN: {} address {:p} with insufficient space for type {}", kind, ptr, data.type.name()); + } + + print_location(data.location); +} + +void __ubsan_handle_alignment_assumption(const AlignmentAssumptionData&, ValueHandle, ValueHandle, ValueHandle) __attribute__((used)); +void __ubsan_handle_alignment_assumption(const AlignmentAssumptionData& data, ValueHandle pointer, ValueHandle alignment, ValueHandle offset) +{ + if (offset) { + WARNLN_AND_DBGLN( + "UBSAN: assumption of {:p} byte alignment (with offset of {:p} byte) for pointer {:p}" + "of type {} failed", + alignment, offset, pointer, data.type.name()); + } else { + WARNLN_AND_DBGLN("UBSAN: assumption of {:p} byte alignment for pointer {:p}" + "of type {} failed", + alignment, pointer, data.type.name()); + } + + print_location(data.location); +} + +void __ubsan_handle_builtin_unreachable(const UnreachableData&) __attribute__((used)); +void __ubsan_handle_builtin_unreachable(const UnreachableData& data) +{ + WARNLN_AND_DBGLN("UBSAN: execution reached an unreachable program point"); + print_location(data.location); +} + +void __ubsan_handle_missing_return(const UnreachableData&) __attribute__((used)); +void __ubsan_handle_missing_return(const UnreachableData& data) +{ + WARNLN_AND_DBGLN("UBSAN: execution reached the end of a value-returning function without returning a value"); + print_location(data.location); +} + +void __ubsan_handle_implicit_conversion(const ImplicitConversionData&, ValueHandle, ValueHandle) __attribute__((used)); +void __ubsan_handle_implicit_conversion(const ImplicitConversionData& data, ValueHandle, ValueHandle) +{ + const char* src_signed = data.from_type.is_signed() ? "" : "un"; + const char* dst_signed = data.to_type.is_signed() ? "" : "un"; + WARNLN_AND_DBGLN("UBSAN: implicit conversion from type {} ({}-bit, {}signed) to type {} ({}-bit, {}signed)", + data.from_type.name(), data.from_type.bit_width(), src_signed, data.to_type.name(), data.to_type.bit_width(), dst_signed); + print_location(data.location); +} + +void __ubsan_handle_invalid_builtin(const InvalidBuiltinData) __attribute__((used)); +void __ubsan_handle_invalid_builtin(const InvalidBuiltinData data) +{ + WARNLN_AND_DBGLN("UBSAN: passing invalid argument"); + print_location(data.location); +} + +void __ubsan_handle_pointer_overflow(const PointerOverflowData&, ValueHandle, ValueHandle) __attribute__((used)); +void __ubsan_handle_pointer_overflow(const PointerOverflowData& data, ValueHandle base, ValueHandle result) +{ + if (base == 0 && result == 0) { + WARNLN_AND_DBGLN("UBSAN: applied zero offset to nullptr"); + } else if (base == 0 && result != 0) { + WARNLN_AND_DBGLN("UBSAN: applied non-zero offset {:p} to nullptr", result); + } else if (base != 0 && result == 0) { + WARNLN_AND_DBGLN("UBSAN: applying non-zero offset to non-null pointer {:p} produced null pointer", base); + } else { + WARNLN_AND_DBGLN("UBSAN: addition of unsigned offset to {:p} overflowed to {:p}", base, result); + } + print_location(data.location); +} +} |