[GWP-ASan] Provide runtime configuration through an env var + sysprop.
This patch introduces GWP-ASan system properties and environment
variables to control the internal sampling rates of GWP-ASan. This can
be used for:
1. "Torture testing" the system, i.e. running it under an extremely
high sampling rate under GWP-ASan.
2. Increasing sampling remotely to allow further crash report
collection of rare issues.
There are three sets of system properites:
1. libc.debug.gwp_asan.*.system_default: Default values for native
executables and system apps.
2. libc.debug.gwp_asan.*.app_default: Default values for non-system
apps, and
3. libc.debug.gwp_asan.*.<basename/app_name>: Default values for an
individual app or native process.
There are three variables that can be changed:
1. The allocation sampling rate (default: 2500) - using the environment
variable GWP_ASAN_SAMPLE_RATE or the libc.debug.gwp_asan.sample_rate.*
system property.
2. The process sampling rate (default: 128 for system apps/processes, 1
for opted-in apps) - using the environment variable
GWP_ASAN_PROCESS_SAMPLING or the libc.debug.gwp_asan.process_sampling.*
system property,
3. The number of slots available (default: 32) - using the environment
variable GWP_ASAN_MAX_ALLOCS or the libc.debug.gwp_asan.max_allocs.*
system property.
If not specified, #3 will be calculated as a ratio of the default
|2500 SampleRate : 32 slots|. So, a sample rate of "1250" (i.e. twice as
frequent sampling) will result in a doubling of the max_allocs to "64".
Bug: 219651032
Test: atest bionic-unit-tests
Change-Id: Idb40a2a4d074e01ce3c4e635ad639a91a32d570f
diff --git a/libc/platform/bionic/malloc.h b/libc/platform/bionic/malloc.h
index b56ca74..f0f13d0 100644
--- a/libc/platform/bionic/malloc.h
+++ b/libc/platform/bionic/malloc.h
@@ -96,12 +96,42 @@
// otherwise this mallopt() will internally decide whether to sample the
// process. The program must be single threaded at the point when the
// android_mallopt function is called.
- // arg = bool*
- // arg_size = sizeof(bool)
+ // arg = android_mallopt_gwp_asan_options_t*
+ // arg_size = sizeof(android_mallopt_gwp_asan_options_t)
M_INITIALIZE_GWP_ASAN = 10,
#define M_INITIALIZE_GWP_ASAN M_INITIALIZE_GWP_ASAN
};
+typedef struct {
+ // The null-terminated name that the zygote is spawning. Because native
+ // SpecializeCommon (where the GWP-ASan mallopt() is called from) happens
+ // before argv[0] is set, we need the zygote to tell us the new app name.
+ const char* program_name = nullptr;
+
+ // An android_mallopt(M_INITIALIZE_GWP_ASAN) is always issued on process
+ // startup and app startup, regardless of whether GWP-ASan is desired or not.
+ // This allows the process/app's desire to be overwritten by the
+ // "libc.debug.gwp_asan.*.app_default" or "libc.debug.gwp_asan.*.<name>"
+ // system properties, as well as the "GWP_ASAN_*" environment variables.
+ //
+ // Worth noting, the "libc.debug.gwp_asan.*.app_default" sysprops *do not*
+ // apply to system apps. They use the "libc.debug.gwp_asan.*.system_default"
+ // sysprops.
+ enum Action {
+ // The app has opted-in to GWP-ASan, and should always have it enabled. This
+ // should only be used by apps.
+ TURN_ON_FOR_APP,
+ // System processes apps have GWP-ASan enabled by default, but use the
+ // process sampling method.
+ TURN_ON_WITH_SAMPLING,
+ // Non-system apps don't have GWP-ASan by default.
+ DONT_TURN_ON_UNLESS_OVERRIDDEN,
+ // Note: GWP-ASan cannot be disabled once it's been enabled.
+ };
+
+ Action desire = DONT_TURN_ON_UNLESS_OVERRIDDEN;
+} android_mallopt_gwp_asan_options_t;
+
// Manipulates bionic-specific handling of memory allocation APIs such as
// malloc. Only for use by the Android platform itself.
//