| Benoît Ganne | 9fb6d40 | 2019-04-15 15:28:21 +0200 | [diff] [blame] | 1 | #ifndef _included_clib_sanitizer_h |
| 2 | #define _included_clib_sanitizer_h |
| 3 | |
| 4 | #ifdef CLIB_SANITIZE_ADDR |
| 5 | |
| 6 | #include <sanitizer/asan_interface.h> |
| 7 | #include <vppinfra/clib.h> |
| Benoît Ganne | d4721b2 | 2021-06-09 17:20:16 +0200 | [diff] [blame] | 8 | #include <vppinfra/error_bootstrap.h> |
| 9 | |
| 10 | typedef struct |
| 11 | { |
| 12 | size_t shadow_scale; |
| 13 | size_t shadow_offset; |
| 14 | } clib_sanitizer_main_t; |
| 15 | |
| 16 | extern clib_sanitizer_main_t sanitizer_main; |
| Benoît Ganne | 9fb6d40 | 2019-04-15 15:28:21 +0200 | [diff] [blame] | 17 | |
| 18 | #define CLIB_NOSANITIZE_ADDR __attribute__((no_sanitize_address)) |
| 19 | #define CLIB_MEM_POISON(a, s) ASAN_POISON_MEMORY_REGION((a), (s)) |
| 20 | #define CLIB_MEM_UNPOISON(a, s) ASAN_UNPOISON_MEMORY_REGION((a), (s)) |
| 21 | |
| Benoît Ganne | d4721b2 | 2021-06-09 17:20:16 +0200 | [diff] [blame] | 22 | #define CLIB_MEM_OVERFLOW_MAX 64 |
| 23 | |
| 24 | static_always_inline void |
| 25 | sanitizer_unpoison__ (u64 *restrict *shadow_ptr, size_t *shadow_len, |
| 26 | const void *ptr, size_t len) |
| 27 | { |
| 28 | size_t scale, off; |
| 29 | |
| 30 | if (PREDICT_FALSE (~0 == sanitizer_main.shadow_scale)) |
| 31 | __asan_get_shadow_mapping (&sanitizer_main.shadow_scale, |
| 32 | &sanitizer_main.shadow_offset); |
| 33 | |
| 34 | scale = sanitizer_main.shadow_scale; |
| 35 | off = sanitizer_main.shadow_offset; |
| 36 | |
| 37 | /* compute the shadow address and length */ |
| 38 | *shadow_len = len >> scale; |
| 39 | ASSERT (*shadow_len <= CLIB_MEM_OVERFLOW_MAX); |
| 40 | *shadow_ptr = (void *) (((clib_address_t) ptr >> scale) + off); |
| 41 | } |
| 42 | |
| 43 | static_always_inline CLIB_NOSANITIZE_ADDR void |
| 44 | sanitizer_unpoison_push__ (u64 *restrict shadow, const void *ptr, size_t len) |
| 45 | { |
| 46 | u64 *restrict shadow_ptr; |
| 47 | size_t shadow_len; |
| 48 | int i; |
| 49 | |
| 50 | sanitizer_unpoison__ (&shadow_ptr, &shadow_len, ptr, len); |
| 51 | |
| 52 | /* save the shadow area */ |
| 53 | for (i = 0; i < shadow_len; i++) |
| 54 | shadow[i] = shadow_ptr[i]; |
| 55 | |
| 56 | /* unpoison */ |
| 57 | for (i = 0; i < shadow_len; i++) |
| 58 | shadow_ptr[i] = 0; |
| 59 | } |
| 60 | |
| 61 | static_always_inline CLIB_NOSANITIZE_ADDR void |
| 62 | sanitizer_unpoison_pop__ (const u64 *restrict shadow, const void *ptr, |
| 63 | size_t len) |
| 64 | { |
| 65 | u64 *restrict shadow_ptr; |
| 66 | size_t shadow_len; |
| 67 | int i; |
| 68 | |
| 69 | sanitizer_unpoison__ (&shadow_ptr, &shadow_len, ptr, len); |
| 70 | |
| 71 | /* restore the shadow area */ |
| 72 | for (i = 0; i < shadow_len; i++) |
| 73 | { |
| 74 | ASSERT (0 == shadow_ptr[i]); |
| 75 | shadow_ptr[i] = shadow[i]; |
| 76 | } |
| 77 | } |
| 78 | |
| 79 | #define CLIB_MEM_OVERFLOW(f, src, n) \ |
| 80 | ({ \ |
| 81 | typeof (f) clib_mem_overflow_ret__; \ |
| 82 | const void *clib_mem_overflow_src__ = (src); \ |
| 83 | size_t clib_mem_overflow_n__ = (n); \ |
| 84 | u64 clib_mem_overflow_shadow__[CLIB_MEM_OVERFLOW_MAX]; \ |
| 85 | sanitizer_unpoison_push__ (clib_mem_overflow_shadow__, \ |
| 86 | clib_mem_overflow_src__, \ |
| 87 | clib_mem_overflow_n__); \ |
| 88 | clib_mem_overflow_ret__ = f; \ |
| 89 | sanitizer_unpoison_pop__ (clib_mem_overflow_shadow__, \ |
| 90 | clib_mem_overflow_src__, \ |
| 91 | clib_mem_overflow_n__); \ |
| 92 | clib_mem_overflow_ret__; \ |
| 93 | }) |
| Benoît Ganne | 9fb6d40 | 2019-04-15 15:28:21 +0200 | [diff] [blame] | 94 | |
| 95 | #define CLIB_MEM_OVERFLOW_LOAD(f, src) \ |
| 96 | ({ \ |
| 97 | typeof(src) clib_mem_overflow_load_src__ = (src); \ |
| 98 | CLIB_MEM_OVERFLOW(f(clib_mem_overflow_load_src__), clib_mem_overflow_load_src__, sizeof(typeof(f(clib_mem_overflow_load_src__)))); \ |
| 99 | }) |
| 100 | |
| 101 | static_always_inline void |
| 102 | CLIB_MEM_POISON_LEN (void *src, size_t oldlen, size_t newlen) |
| 103 | { |
| 104 | if (oldlen > newlen) |
| 105 | CLIB_MEM_POISON (src + newlen, oldlen - newlen); |
| 106 | else if (newlen > oldlen) |
| 107 | CLIB_MEM_UNPOISON (src + oldlen, newlen - oldlen); |
| 108 | } |
| 109 | |
| 110 | #else /* CLIB_SANITIZE_ADDR */ |
| 111 | |
| 112 | #define CLIB_NOSANITIZE_ADDR |
| 113 | #define CLIB_MEM_POISON(a, s) (void)(a) |
| 114 | #define CLIB_MEM_UNPOISON(a, s) (void)(a) |
| 115 | #define CLIB_MEM_OVERFLOW(a, b, c) a |
| 116 | #define CLIB_MEM_OVERFLOW_LOAD(f, src) f(src) |
| 117 | #define CLIB_MEM_POISON_LEN(a, b, c) |
| 118 | |
| 119 | #endif /* CLIB_SANITIZE_ADDR */ |
| 120 | |
| Benoît Ganne | 01a103b | 2020-07-09 14:23:51 +0200 | [diff] [blame] | 121 | /* |
| 122 | * clang tends to force alignment of all sections when compiling for address |
| 123 | * sanitizer. This confuse VPP plugin infra, prevent clang to do that |
| 124 | * On the contrary, GCC does not support this kind of attribute on sections |
| 125 | * sigh. |
| 126 | */ |
| 127 | #ifdef __clang__ |
| 128 | #define CLIB_NOSANITIZE_PLUGIN_REG_SECTION CLIB_NOSANITIZE_ADDR |
| 129 | #else |
| 130 | #define CLIB_NOSANITIZE_PLUGIN_REG_SECTION |
| 131 | #endif |
| 132 | |
| Benoît Ganne | 9fb6d40 | 2019-04-15 15:28:21 +0200 | [diff] [blame] | 133 | #endif /* _included_clib_sanitizer_h */ |
| 134 | |
| 135 | /* |
| 136 | * fd.io coding-style-patch-verification: ON |
| 137 | * |
| 138 | * Local Variables: |
| 139 | * eval: (c-set-style "gnu") |
| 140 | * End: |
| 141 | */ |