From: Vitaly Buka <vitalybuka@google.com>
Date: Fri, 23 Mar 2018 20:59:51 +0000 (+0000)
Subject: Mmap interceptor providing mprotect support
X-Git-Tag: llvmorg-7.0.0-rc1~9781
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e4d34c0d56eb78693c0d0521304b7e3b133cc2c7;p=platform%2Fupstream%2Fllvm.git

Mmap interceptor providing mprotect support

Summary:
- Intercepting mprotect calls.
- Fixing forgotten flag check.

Patch by David CARLIER

Reviewers: vitalybuka, vsk

Reviewed By: vitalybuka

Subscribers: srhines, kubamracek, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D44777

llvm-svn: 328369
---

diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_common.h b/compiler-rt/lib/sanitizer_common/sanitizer_common.h
index c1f4985..326c56e 100644
--- a/compiler-rt/lib/sanitizer_common/sanitizer_common.h
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_common.h
@@ -378,7 +378,7 @@ void ReportErrorSummary(const char *error_type, const AddressInfo &info,
 void ReportErrorSummary(const char *error_type, const StackTrace *trace,
                         const char *alt_tool_name = nullptr);
 
-void ReportMmapWriteExec();
+void ReportMmapWriteExec(int prot);
 
 // Math
 #if SANITIZER_WINDOWS && !defined(__clang__) && !defined(__GNUC__)
diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
index 8c0c3f0..8ea8b3e 100644
--- a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
@@ -6888,13 +6888,25 @@ INTERCEPTOR(void *, mmap, void *addr, SIZE_T sz, int prot, int flags, int fd,
             OFF_T off) {
   void *ctx;
   if (common_flags()->detect_write_exec)
-    ReportMmapWriteExec();
+    ReportMmapWriteExec(prot);
   if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED)
     return (void *)internal_mmap(addr, sz, prot, flags, fd, off);
   COMMON_INTERCEPTOR_ENTER(ctx, mmap, addr, sz, prot, flags, fd, off);
   COMMON_INTERCEPTOR_MMAP_IMPL(ctx, mmap, addr, sz, prot, flags, fd, off);
 }
-#define INIT_MMAP COMMON_INTERCEPT_FUNCTION(mmap);
+
+INTERCEPTOR(int, mprotect, void *addr, SIZE_T sz, int prot) {
+  void *ctx;
+  if (common_flags()->detect_write_exec)
+    ReportMmapWriteExec(prot);
+  if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED)
+    return (int)internal_mprotect(addr, sz, prot);
+  COMMON_INTERCEPTOR_ENTER(ctx, mprotect, addr, sz, prot);
+  return REAL(mprotect)(addr, sz, prot);
+}
+#define INIT_MMAP \
+  COMMON_INTERCEPT_FUNCTION(mmap); \
+  COMMON_INTERCEPT_FUNCTION(mprotect);
 #else
 #define INIT_MMAP
 #endif
@@ -6904,7 +6916,7 @@ INTERCEPTOR(void *, mmap64, void *addr, SIZE_T sz, int prot, int flags, int fd,
             OFF64_T off) {
   void *ctx;
   if (common_flags()->detect_write_exec)
-    ReportMmapWriteExec();
+    ReportMmapWriteExec(prot);
   if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED)
     return (void *)internal_mmap(addr, sz, prot, flags, fd, off);
   COMMON_INTERCEPTOR_ENTER(ctx, mmap64, addr, sz, prot, flags, fd, off);
diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_common_libcdep.cc b/compiler-rt/lib/sanitizer_common/sanitizer_common_libcdep.cc
index 7f07bcf..224f6b1 100644
--- a/compiler-rt/lib/sanitizer_common/sanitizer_common_libcdep.cc
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_common_libcdep.cc
@@ -24,6 +24,7 @@
 
 #if SANITIZER_POSIX
 #include "sanitizer_posix.h"
+#include <sys/mman.h>
 #endif
 
 namespace __sanitizer {
@@ -81,8 +82,11 @@ void ReportErrorSummary(const char *error_type, const StackTrace *stack,
 #endif
 }
 
-void ReportMmapWriteExec() {
-#if !SANITIZER_GO && !SANITIZER_ANDROID
+void ReportMmapWriteExec(int prot) {
+#if SANITIZER_POSIX && (!SANITIZER_GO && !SANITIZER_ANDROID)
+  if ((prot & (PROT_WRITE | PROT_EXEC)) != (PROT_WRITE | PROT_EXEC))
+    return;
+
   ScopedErrorReportLock l;
   SanitizerCommonDecorator d;
 
diff --git a/compiler-rt/test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp b/compiler-rt/test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp
index 6b72717..4949540 100644
--- a/compiler-rt/test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp
+++ b/compiler-rt/test/sanitizer_common/TestCases/Linux/mmap_write_exec.cpp
@@ -1,15 +1,37 @@
 // RUN: %clangxx %s -o %t
 // RUN: %env_tool_opts=detect_write_exec=1 %run %t 2>&1 | FileCheck %s
-// ubsan and lsan do not install mmap interceptors
-// UNSUPPORTED: ubsan, lsan
+// RUN: %env_tool_opts=detect_write_exec=0 %run %t 2>&1 | FileCheck %s \
+// RUN:   --check-prefix=CHECK-DISABLED
+// ubsan and lsan do not install mmap interceptors UNSUPPORTED: ubsan, lsan
 
 // TODO: Fix option on Android, it hangs there for unknown reasons.
 // XFAIL: android
 
+#include <stdio.h>
 #include <sys/mman.h>
 
 int main(int argc, char **argv) {
   char *p = (char *)mmap(0, 1024, PROT_READ | PROT_WRITE | PROT_EXEC,
                          MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
   // CHECK: WARNING: {{.*}}Sanitizer: writable-executable page usage
+  // CHECK: #{{[0-9]+.*}}main{{.*}}mmap_write_exec.cpp:[[@LINE-3]]
+  // CHECK: SUMMARY: {{.*}}Sanitizer: w-and-x-usage
+
+  char *q = (char *)mmap(p, 64, PROT_READ | PROT_WRITE,
+                         MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0);
+  (void)mprotect(q, 64, PROT_WRITE | PROT_EXEC);
+  // CHECK: WARNING: {{.*}}Sanitizer: writable-executable page usage
+  // CHECK: #{{[0-9]+.*}}main{{.*}}mmap_write_exec.cpp:[[@LINE-2]]
+  // CHECK: SUMMARY: {{.*}}Sanitizer: w-and-x-usage
+
+  char *a = (char *)mmap(0, 1024, PROT_READ | PROT_WRITE,
+                         MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
+  char *b = (char *)mmap(a, 64, PROT_READ | PROT_WRITE,
+                         MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0);
+  (void)mprotect(q, 64, PROT_READ | PROT_EXEC);
+  // CHECK-NOT: Sanitizer
+
+  printf("done\n");
+  // CHECK-DISABLED-NOT: Sanitizer
+  // CHECK-DISABLED: done
 }