Gitiles
Code Review Sign In
gerrit.omnirom.org / android_bionic / f3968e89cb72400951f93a2a8237ac1428d2627c / . / libc / bionic / gwp_asan_wrappers.cpp
blob: 680c5e7a9272650cb283a4115c10c9cf7097e60c [file] [log] [blame]
Mitch Phillipsf3968e82020-01-31 19:57:04 -0800[diff] [blame^]1/*
2 * Copyright (C) 2020 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29#include <platform/bionic/malloc.h>
30#include <private/bionic_malloc_dispatch.h>
31#include <stddef.h>
32#include <stdint.h>
33#include <stdio.h>
34#include <string.h>
35#include <sys/types.h>
36
37#include "bionic/gwp_asan_wrappers.h"
38#include "gwp_asan/guarded_pool_allocator.h"
39#include "gwp_asan/options.h"
40#include "gwp_asan/random.h"
41#include "malloc_common.h"
42
43#ifndef LIBC_STATIC
44#include "bionic/malloc_common_dynamic.h"
45#endif // LIBC_STATIC
46
47static gwp_asan::GuardedPoolAllocator GuardedAlloc;
48static const MallocDispatch* prev_dispatch;
49
50using Options = gwp_asan::options::Options;
51
52// ============================================================================
53// Implementation of gFunctions.
54// ============================================================================
55
56// This function handles initialisation as asked for by MallocInitImpl. This
57// should always be called in a single-threaded context.
58bool gwp_asan_initialize(const MallocDispatch* dispatch, bool*, const char*) {
59 prev_dispatch = dispatch;
60
61 Options Opts;
62 Opts.Enabled = true;
63 Opts.MaxSimultaneousAllocations = 32;
64 Opts.SampleRate = 2500;
65 Opts.InstallSignalHandlers = false;
66 Opts.InstallForkHandlers = true;
67
68 GuardedAlloc.init(Opts);
69 info_log("GWP-ASan has been enabled.");
70 return true;
71}
72
73void gwp_asan_finalize() {
74}
75
76void gwp_asan_get_malloc_leak_info(uint8_t**, size_t*, size_t*, size_t*, size_t*) {
77}
78
79void gwp_asan_free_malloc_leak_info(uint8_t*) {
80}
81
82ssize_t gwp_asan_malloc_backtrace(void*, uintptr_t*, size_t) {
83 // TODO(mitchp): GWP-ASan might be able to return the backtrace for the
84 // provided address.
85 return -1;
86}
87
88bool gwp_asan_write_malloc_leak_info(FILE*) {
89 return false;
90}
91
92void* gwp_asan_gfunctions[] = {
93 (void*)gwp_asan_initialize, (void*)gwp_asan_finalize,
94 (void*)gwp_asan_get_malloc_leak_info, (void*)gwp_asan_free_malloc_leak_info,
95 (void*)gwp_asan_malloc_backtrace, (void*)gwp_asan_write_malloc_leak_info,
96};
97
98// ============================================================================
99// Implementation of GWP-ASan malloc wrappers.
100// ============================================================================
101
102void* gwp_asan_calloc(size_t n_elements, size_t elem_size) {
103 if (__predict_false(GuardedAlloc.shouldSample())) {
104 size_t bytes;
105 if (!__builtin_mul_overflow(n_elements, elem_size, &bytes)) {
106 if (void* result = GuardedAlloc.allocate(bytes)) {
107 return result;
108 }
109 }
110 }
111 return prev_dispatch->calloc(n_elements, elem_size);
112}
113
114void gwp_asan_free(void* mem) {
115 if (__predict_false(GuardedAlloc.pointerIsMine(mem))) {
116 GuardedAlloc.deallocate(mem);
117 return;
118 }
119 prev_dispatch->free(mem);
120}
121
122void* gwp_asan_malloc(size_t bytes) {
123 if (__predict_false(GuardedAlloc.shouldSample())) {
124 if (void* result = GuardedAlloc.allocate(bytes)) {
125 return result;
126 }
127 }
128 return prev_dispatch->malloc(bytes);
129}
130
131size_t gwp_asan_malloc_usable_size(const void* mem) {
132 if (__predict_false(GuardedAlloc.pointerIsMine(mem))) {
133 return GuardedAlloc.getSize(mem);
134 }
135 return prev_dispatch->malloc_usable_size(mem);
136}
137
138void* gwp_asan_realloc(void* old_mem, size_t bytes) {
139 if (__predict_false(GuardedAlloc.pointerIsMine(old_mem))) {
140 size_t old_size = GuardedAlloc.getSize(old_mem);
141 void* new_ptr = gwp_asan_malloc(bytes);
142 if (new_ptr) memcpy(new_ptr, old_mem, (bytes < old_size) ? bytes : old_size);
143 GuardedAlloc.deallocate(old_mem);
144 return new_ptr;
145 }
146 return prev_dispatch->realloc(old_mem, bytes);
147}
148
149int gwp_asan_malloc_iterate(uintptr_t base, size_t size,
150 void (*callback)(uintptr_t base, size_t size, void* arg), void* arg) {
151 if (__predict_false(GuardedAlloc.pointerIsMine(reinterpret_cast<void*>(base)))) {
152 // TODO(mitchp): GPA::iterate() returns void, but should return int.
153 // TODO(mitchp): GPA::iterate() should take uintptr_t, not void*.
154 GuardedAlloc.iterate(reinterpret_cast<void*>(base), size, callback, arg);
155 return 0;
156 }
157 return prev_dispatch->malloc_iterate(base, size, callback, arg);
158}
159
160void gwp_asan_malloc_disable() {
161 GuardedAlloc.disable();
162 prev_dispatch->malloc_disable();
163}
164
165void gwp_asan_malloc_enable() {
166 GuardedAlloc.enable();
167 prev_dispatch->malloc_enable();
168}
169
170static const MallocDispatch gwp_asan_dispatch __attribute__((unused)) = {
171 gwp_asan_calloc,
172 gwp_asan_free,
173 Malloc(mallinfo),
174 gwp_asan_malloc,
175 gwp_asan_malloc_usable_size,
176 Malloc(memalign),
177 Malloc(posix_memalign),
178#if defined(HAVE_DEPRECATED_MALLOC_FUNCS)
179 Malloc(pvalloc),
180#endif
181 gwp_asan_realloc,
182#if defined(HAVE_DEPRECATED_MALLOC_FUNCS)
183 Malloc(valloc),
184#endif
185 gwp_asan_malloc_iterate,
186 gwp_asan_malloc_disable,
187 gwp_asan_malloc_enable,
188 Malloc(mallopt),
189 Malloc(aligned_alloc),
190 Malloc(malloc_info),
191};
192
193// TODO(mitchp): Turn on GWP-ASan here probabilistically.
194bool ShouldGwpAsanSampleProcess() {
195 return false;
196}
197
198bool MaybeInitGwpAsanFromLibc() {
199 // Never initialize the Zygote here. A Zygote chosen for sampling would also
200 // have all of its children sampled. Instead, the Zygote child will choose
201 // whether it samples or not just after the Zygote forks. For
202 // libc_scudo-preloaded executables (like mediaswcodec), the program name
203 // might not be available yet. The zygote never uses dynamic libc_scudo.
204 const char* progname = getprogname();
205 if (progname && strncmp(progname, "app_process", 11) == 0) {
206 return false;
207 }
208 return MaybeInitGwpAsan(false);
209}
210
211static bool GwpAsanInitialized = false;
212
213// Maybe initializes GWP-ASan. Called by android_mallopt() and libc's
214// initialisation. This should always be called in a single-threaded context.
215bool MaybeInitGwpAsan(bool force_init) {
216 if (GwpAsanInitialized) {
217 error_log("GWP-ASan was already initialized for this process.");
218 return false;
219 }
220
221 // If the caller hasn't forced GWP-ASan on, check whether we should sample
222 // this process.
223 if (!force_init && !ShouldGwpAsanSampleProcess()) {
224 return false;
225 }
226
227 // GWP-ASan is compatible with heapprofd/malloc_debug/malloc_hooks iff
228 // GWP-ASan was installed first. If one of these other libraries was already
229 // installed, we don't enable GWP-ASan. These libraries are normally enabled
230 // in libc_init after GWP-ASan, but if the new process is a zygote child and
231 // trying to initialize GWP-ASan through mallopt(), one of these libraries may
232 // be installed. It may be possible to change this in future by modifying the
233 // internal dispatch pointers of these libraries at this point in time, but
234 // given that they're all debug-only, we don't really mind for now.
235 if (GetDefaultDispatchTable() != nullptr) {
236 // Something else is installed.
237 return false;
238 }
239
240 // GWP-ASan's initialization is always called in a single-threaded context, so
241 // we can initialize lock-free.
242 __libc_globals.mutate([](libc_globals* globals) {
243 // Set GWP-ASan as the malloc dispatch table.
244 globals->malloc_dispatch_table = gwp_asan_dispatch;
245 atomic_store(&globals->default_dispatch_table, &gwp_asan_dispatch);
246
247 // If malloc_limit isn't installed, we can skip the default_dispatch_table
248 // lookup.
249 if (GetDispatchTable() == nullptr) {
250 atomic_store(&globals->current_dispatch_table, &gwp_asan_dispatch);
251 }
252 });
253
254#ifndef LIBC_STATIC
255 SetGlobalFunctions(gwp_asan_gfunctions);
256#endif // LIBC_STATIC
257
258 GwpAsanInitialized = true;
259
260 gwp_asan_initialize(NativeAllocatorDispatch(), nullptr, nullptr);
261
262 return true;
263}