diff --git a/CMakeLists.txt b/CMakeLists.txt index 0c20f9ae3b1..5b83d5e2570 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -110,6 +110,11 @@ include_directories(.) include_directories(${CMAKE_BINARY_DIR}) add_subdirectory(Meta/Lagom) + +if (ENABLE_UNDEFINED_SANITIZER) + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=undefined") +endif() + add_subdirectory(Userland/DevTools/IPCCompiler) add_subdirectory(Userland/DevTools/StateMachineGenerator) add_subdirectory(Userland/Libraries/LibWeb/CodeGenerators) @@ -233,6 +238,15 @@ include_directories(${CMAKE_CURRENT_BINARY_DIR}/Userland/Services) include_directories(${CMAKE_CURRENT_BINARY_DIR}/Userland/Libraries) include_directories(${CMAKE_CURRENT_BINARY_DIR}/Userland) +# FIXME: vptr sanitizing requires.. intense ABI wrangling of std::type_info +# And would be better served by porting ubsan_type_hash_itanium.cpp from compiler-rt +# We don't set this along with the original fsanitize=undefined because for host tools, we can rely on +# the host's libubsan to provide the ABI-specific vptr type cache. +# This is not a problem for the Kernel, because it does not have RTTI enabled :^) +if (ENABLE_UNDEFINED_SANITIZER) + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-sanitize=vptr") +endif() + add_subdirectory(AK) add_subdirectory(Kernel) add_subdirectory(Userland) diff --git a/Userland/DynamicLoader/CMakeLists.txt b/Userland/DynamicLoader/CMakeLists.txt index dd9cb3dc03d..8c7a883e54e 100644 --- a/Userland/DynamicLoader/CMakeLists.txt +++ b/Userland/DynamicLoader/CMakeLists.txt @@ -18,6 +18,10 @@ endif() file(GLOB LIBSYSTEM_SOURCES "../Libraries/LibSystem/*.cpp") +if (ENABLE_UNDEFINED_SANITIZER) + set(LOADER_SOURCES ${LOADER_SOURCES} ../Libraries/LibSanitizer/UBSanitizer.cpp) +endif() + add_definitions(-D_DYNAMIC_LOADER) set(SOURCES ${LOADER_SOURCES} ${AK_SOURCES} ${ELF_SOURCES} ${LIBC_SOURCES1} ${LIBC_SOURCES2} ${LIBC_SOURCES3} ${LIBSYSTEM_SOURCES}) diff --git a/Userland/Libraries/CMakeLists.txt b/Userland/Libraries/CMakeLists.txt index e3ae34ecaff..d4c55908b73 100644 --- a/Userland/Libraries/CMakeLists.txt +++ b/Userland/Libraries/CMakeLists.txt @@ -31,6 +31,7 @@ add_subdirectory(LibPDF) add_subdirectory(LibProtocol) add_subdirectory(LibPthread) add_subdirectory(LibRegex) +add_subdirectory(LibSanitizer) add_subdirectory(LibSQL) add_subdirectory(LibSymbolication) add_subdirectory(LibSyntax) diff --git a/Userland/Libraries/LibC/CMakeLists.txt b/Userland/Libraries/LibC/CMakeLists.txt index 9df1b2a559e..f5d9722bc76 100644 --- a/Userland/Libraries/LibC/CMakeLists.txt +++ b/Userland/Libraries/LibC/CMakeLists.txt @@ -95,15 +95,16 @@ set(SOURCES ${LIBC_SOURCES} ${AK_SOURCES} ${ELF_SOURCES} ${ASM_SOURCES}) set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -static-libstdc++") add_library(LibCStaticWithoutDeps STATIC ${SOURCES}) target_link_libraries(LibCStaticWithoutDeps ssp) -add_dependencies(LibCStaticWithoutDeps LibM LibSystem) +add_dependencies(LibCStaticWithoutDeps LibM LibSystem LibUBSanitizer) add_custom_target(LibCStatic COMMAND ${CMAKE_AR} -x $ COMMAND ${CMAKE_AR} -x $ COMMAND ${CMAKE_AR} -x $ + COMMAND ${CMAKE_AR} -x $ COMMAND ${CMAKE_AR} -qcs ${CMAKE_CURRENT_BINARY_DIR}/libc.a *.o WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} - DEPENDS LibCStaticWithoutDeps ssp LibSystemStatic + DEPENDS LibCStaticWithoutDeps ssp LibSystemStatic LibUBSanitizerStatic ) install(FILES ${CMAKE_CURRENT_BINARY_DIR}/libc.a DESTINATION ${CMAKE_INSTALL_PREFIX}/usr/lib/) diff --git a/Userland/Libraries/LibSanitizer/CMakeLists.txt b/Userland/Libraries/LibSanitizer/CMakeLists.txt new file mode 100644 index 00000000000..0666db50f5f --- /dev/null +++ b/Userland/Libraries/LibSanitizer/CMakeLists.txt @@ -0,0 +1,12 @@ +set(SOURCES + UBSanitizer.cpp + ../LibC/ssp.cpp +) + +set_source_files_properties (../LibC/ssp.cpp PROPERTIES COMPILE_FLAGS + "-fno-stack-protector") + +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -nostdlib") +serenity_libc(LibUBSanitizer ubsan) + +add_library(LibUBSanitizerStatic STATIC ${SOURCES}) diff --git a/Userland/Libraries/LibSanitizer/UBSanitizer.cpp b/Userland/Libraries/LibSanitizer/UBSanitizer.cpp new file mode 100644 index 00000000000..7195b4d1453 --- /dev/null +++ b/Userland/Libraries/LibSanitizer/UBSanitizer.cpp @@ -0,0 +1,225 @@ +/* + * Copyright (c) 2021, Andreas Kling + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include +#include + +using namespace AK::UBSanitizer; + +// FIXME: Parse option from UBSAN_OPTIONS: halt_on_error=0 or 1 +bool AK::UBSanitizer::g_ubsan_is_deadly { false }; // FIXME: Make true!! + +#define WARNLN_AND_DBGLN(fmt, ...) \ + warnln(fmt, ##__VA_ARGS__); \ + dbgln(fmt, ##__VA_ARGS__); + +extern "C" { + +static void print_location(const SourceLocation& location) +{ + if (!location.filename()) { + WARNLN_AND_DBGLN("UBSAN: in unknown file"); + } else { + WARNLN_AND_DBGLN("UBSAN: at {}, line {}, column: {}", location.filename(), location.line(), location.column()); + } + // FIXME: Dump backtrace of this process (with symbols? without symbols?) in case the user wants non-deadly UBSAN + // Should probably go through the kernel for SC_dump_backtrace, then access the loader's symbol tables rather than + // going through the symbolizer service? + if (g_ubsan_is_deadly) { + WARNLN_AND_DBGLN("UB is configured to be deadly"); + VERIFY_NOT_REACHED(); + } +} + +void __ubsan_handle_load_invalid_value(const InvalidValueData&, ValueHandle) __attribute__((used)); +void __ubsan_handle_load_invalid_value(const InvalidValueData& data, ValueHandle) +{ + WARNLN_AND_DBGLN("UBSAN: load-invalid-value: {} ({}-bit)", data.type.name(), data.type.bit_width()); + print_location(data.location); +} + +void __ubsan_handle_nonnull_arg(const NonnullArgData&) __attribute__((used)); +void __ubsan_handle_nonnull_arg(const NonnullArgData& data) +{ + WARNLN_AND_DBGLN("UBSAN: null pointer passed as argument {}, which is declared to never be null", data.argument_index); + print_location(data.location); +} + +void __ubsan_handle_nullability_arg(const NonnullArgData&) __attribute__((used)); +void __ubsan_handle_nullability_arg(const NonnullArgData& data) +{ + WARNLN_AND_DBGLN("UBSAN: null pointer passed as argument {}, which is declared to never be null", data.argument_index); + print_location(data.location); +} + +void __ubsan_handle_nonnull_return_v1(const NonnullReturnData&, const SourceLocation&) __attribute__((used)); +void __ubsan_handle_nonnull_return_v1(const NonnullReturnData&, const SourceLocation& location) +{ + WARNLN_AND_DBGLN("UBSAN: null pointer return from function declared to never return null"); + print_location(location); +} + +void __ubsan_handle_nullability_return_v1(const NonnullReturnData& data, const SourceLocation& location) __attribute__((used)); +void __ubsan_handle_nullability_return_v1(const NonnullReturnData&, const SourceLocation& location) +{ + WARNLN_AND_DBGLN("UBSAN: null pointer return from function declared to never return null"); + print_location(location); +} + +void __ubsan_handle_vla_bound_not_positive(const VLABoundData&, ValueHandle) __attribute__((used)); +void __ubsan_handle_vla_bound_not_positive(const VLABoundData& data, ValueHandle) +{ + WARNLN_AND_DBGLN("UBSAN: VLA bound not positive {} ({}-bit)", data.type.name(), data.type.bit_width()); + print_location(data.location); +} + +void __ubsan_handle_add_overflow(const OverflowData&, ValueHandle lhs, ValueHandle rhs) __attribute__((used)); +void __ubsan_handle_add_overflow(const OverflowData& data, ValueHandle, ValueHandle) +{ + WARNLN_AND_DBGLN("UBSAN: addition overflow, {} ({}-bit)", data.type.name(), data.type.bit_width()); + + print_location(data.location); +} + +void __ubsan_handle_sub_overflow(const OverflowData&, ValueHandle lhs, ValueHandle rhs) __attribute__((used)); +void __ubsan_handle_sub_overflow(const OverflowData& data, ValueHandle, ValueHandle) +{ + WARNLN_AND_DBGLN("UBSAN: subtraction overflow, {} ({}-bit)", data.type.name(), data.type.bit_width()); + + print_location(data.location); +} + +void __ubsan_handle_negate_overflow(const OverflowData&, ValueHandle) __attribute__((used)); +void __ubsan_handle_negate_overflow(const OverflowData& data, ValueHandle) +{ + WARNLN_AND_DBGLN("UBSAN: negation overflow, {} ({}-bit)", data.type.name(), data.type.bit_width()); + + print_location(data.location); +} + +void __ubsan_handle_mul_overflow(const OverflowData&, ValueHandle lhs, ValueHandle rhs) __attribute__((used)); +void __ubsan_handle_mul_overflow(const OverflowData& data, ValueHandle, ValueHandle) +{ + WARNLN_AND_DBGLN("UBSAN: multiplication overflow, {} ({}-bit)", data.type.name(), data.type.bit_width()); + print_location(data.location); +} + +void __ubsan_handle_shift_out_of_bounds(const ShiftOutOfBoundsData&, ValueHandle lhs, ValueHandle rhs) __attribute__((used)); +void __ubsan_handle_shift_out_of_bounds(const ShiftOutOfBoundsData& data, ValueHandle, ValueHandle) +{ + WARNLN_AND_DBGLN("UBSAN: shift out of bounds, {} ({}-bit) shifted by {} ({}-bit)", data.lhs_type.name(), data.lhs_type.bit_width(), data.rhs_type.name(), data.rhs_type.bit_width()); + print_location(data.location); +} + +void __ubsan_handle_divrem_overflow(const OverflowData&, ValueHandle lhs, ValueHandle rhs) __attribute__((used)); +void __ubsan_handle_divrem_overflow(const OverflowData& data, ValueHandle, ValueHandle) +{ + WARNLN_AND_DBGLN("UBSAN: divrem overflow, {} ({}-bit)", data.type.name(), data.type.bit_width()); + print_location(data.location); +} + +void __ubsan_handle_out_of_bounds(const OutOfBoundsData&, ValueHandle) __attribute__((used)); +void __ubsan_handle_out_of_bounds(const OutOfBoundsData& data, ValueHandle) +{ + WARNLN_AND_DBGLN("UBSAN: out of bounds access into array of {} ({}-bit), index type {} ({}-bit)", data.array_type.name(), data.array_type.bit_width(), data.index_type.name(), data.index_type.bit_width()); + print_location(data.location); +} + +void __ubsan_handle_type_mismatch_v1(const TypeMismatchData&, ValueHandle) __attribute__((used)); +void __ubsan_handle_type_mismatch_v1(const TypeMismatchData& data, ValueHandle ptr) +{ + constexpr StringView kinds[] = { + "load of", + "store to", + "reference binding to", + "member access within", + "member call on", + "constructor call on", + "downcast of", + "downcast of", + "upcast of", + "cast to virtual base of", + "_Nonnull binding to", + "dynamic operation on" + }; + + FlatPtr alignment = (FlatPtr)1 << data.log_alignment; + auto kind = kinds[data.type_check_kind]; + + if (!ptr) { + WARNLN_AND_DBGLN("UBSAN: {} null pointer of type {}", kind, data.type.name()); + } else if ((FlatPtr)ptr & (alignment - 1)) { + WARNLN_AND_DBGLN("UBSAN: {} misaligned address {:p} of type {}", kind, ptr, data.type.name()); + } else { + WARNLN_AND_DBGLN("UBSAN: {} address {:p} with insufficient space for type {}", kind, ptr, data.type.name()); + } + + print_location(data.location); +} + +void __ubsan_handle_alignment_assumption(const AlignmentAssumptionData&, ValueHandle, ValueHandle, ValueHandle) __attribute__((used)); +void __ubsan_handle_alignment_assumption(const AlignmentAssumptionData& data, ValueHandle pointer, ValueHandle alignment, ValueHandle offset) +{ + if (offset) { + WARNLN_AND_DBGLN( + "UBSAN: assumption of {:p} byte alignment (with offset of {:p} byte) for pointer {:p}" + "of type {} failed", + alignment, offset, pointer, data.type.name()); + } else { + WARNLN_AND_DBGLN("UBSAN: assumption of {:p} byte alignment for pointer {:p}" + "of type {} failed", + alignment, pointer, data.type.name()); + } + + print_location(data.location); +} + +void __ubsan_handle_builtin_unreachable(const UnreachableData&) __attribute__((used)); +void __ubsan_handle_builtin_unreachable(const UnreachableData& data) +{ + WARNLN_AND_DBGLN("UBSAN: execution reached an unreachable program point"); + print_location(data.location); +} + +void __ubsan_handle_missing_return(const UnreachableData&) __attribute__((used)); +void __ubsan_handle_missing_return(const UnreachableData& data) +{ + WARNLN_AND_DBGLN("UBSAN: execution reached the end of a value-returning function without returning a value"); + print_location(data.location); +} + +void __ubsan_handle_implicit_conversion(const ImplicitConversionData&, ValueHandle, ValueHandle) __attribute__((used)); +void __ubsan_handle_implicit_conversion(const ImplicitConversionData& data, ValueHandle, ValueHandle) +{ + const char* src_signed = data.from_type.is_signed() ? "" : "un"; + const char* dst_signed = data.to_type.is_signed() ? "" : "un"; + WARNLN_AND_DBGLN("UBSAN: implicit conversion from type {} ({}-bit, {}signed) to type {} ({}-bit, {}signed)", + data.from_type.name(), data.from_type.bit_width(), src_signed, data.to_type.name(), data.to_type.bit_width(), dst_signed); + print_location(data.location); +} + +void __ubsan_handle_invalid_builtin(const InvalidBuiltinData) __attribute__((used)); +void __ubsan_handle_invalid_builtin(const InvalidBuiltinData data) +{ + WARNLN_AND_DBGLN("UBSAN: passing invalid argument"); + print_location(data.location); +} + +void __ubsan_handle_pointer_overflow(const PointerOverflowData&, ValueHandle, ValueHandle) __attribute__((used)); +void __ubsan_handle_pointer_overflow(const PointerOverflowData& data, ValueHandle base, ValueHandle result) +{ + if (base == 0 && result == 0) { + WARNLN_AND_DBGLN("UBSAN: applied zero offset to nullptr"); + } else if (base == 0 && result != 0) { + WARNLN_AND_DBGLN("UBSAN: applied non-zero offset {:p} to nullptr", result); + } else if (base != 0 && result == 0) { + WARNLN_AND_DBGLN("UBSAN: applying non-zero offset to non-null pointer {:p} produced null pointer", base); + } else { + WARNLN_AND_DBGLN("UBSAN: addition of unsigned offset to {:p} overflowed to {:p}", base, result); + } + print_location(data.location); +} +}