Google Git
Sign in
chromium / external / sawbuck / a95cd57565c6f709a07e8512679b1d0b7b1f0d6d / . / syzygy / agent / asan / asan_rtl_utils.cc
blob: f319869df81bb5be6bd4c179f49ebb14c82db016 [file] [log] [blame]
// Copyright 2014 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "syzygy/agent/asan/asan_rtl_utils.h"
#include "base/bind.h"
#include "base/callback.h"
#include "base/logging.h"
#include "base/debug/alias.h"
#include "base/memory/scoped_ptr.h"
#include "syzygy/agent/asan/asan_heap_checker.h"
#include "syzygy/agent/asan/asan_runtime.h"
#include "syzygy/agent/asan/shadow.h"
#include "syzygy/agent/asan/stack_capture.h"
#include "syzygy/agent/common/scoped_last_error_keeper.h"
namespace {
// The asan runtime manager.
agent::asan::AsanRuntime* asan_runtime = NULL;
} // namespace
namespace agent {
namespace asan {
void SetAsanRuntimeInstance(AsanRuntime* runtime) {
asan_runtime = runtime;
}
void ReportBadMemoryAccess(void* location,
AccessMode access_mode,
size_t access_size,
const AsanContext& asan_context) {
// Capture the context and restore the value of the register as before calling
// the asan hook.
// Save the last error value so this function will be able to restore it.
agent::common::ScopedLastErrorKeeper scoped_last_error_keeper;
// We keep a structure with all the useful information about this bad access
// on the stack.
AsanErrorInfo bad_access_info = {};
// We need to call ::RtlCaptureContext if we want SegSS and SegCS to be
// properly set.
::RtlCaptureContext(&bad_access_info.context);
bad_access_info.context.ContextFlags = CONTEXT_INTEGER | CONTEXT_CONTROL;
// Restore the original value of the registers.
bad_access_info.context.Eip = asan_context.original_eip;
bad_access_info.context.Eax = asan_context.original_eax;
bad_access_info.context.Ecx = asan_context.original_ecx;
bad_access_info.context.Edx = asan_context.original_edx;
bad_access_info.context.Ebx = asan_context.original_ebx;
bad_access_info.context.Ebp = asan_context.original_ebp;
bad_access_info.context.Esp = asan_context.original_esp;
bad_access_info.context.Esi = asan_context.original_esi;
bad_access_info.context.Edi = asan_context.original_edi;
bad_access_info.context.EFlags = asan_context.original_eflags;
StackCapture stack;
stack.InitFromStack();
// We need to compute a relative stack id so that for the same stack trace
// we'll get the same value every time even if the modules are loaded at a
// different base address.
stack.set_stack_id(stack.ComputeRelativeStackId());
// Check if we can ignore this error.
if (asan_runtime->ShouldIgnoreError(stack.stack_id()))
return;
bad_access_info.crash_stack_id = stack.stack_id();
bad_access_info.location = location;
bad_access_info.access_mode = access_mode;
bad_access_info.access_size = access_size;
bad_access_info.alloc_stack_size = 0U;
bad_access_info.alloc_tid = 0U;
bad_access_info.error_type = UNKNOWN_BAD_ACCESS;
bad_access_info.free_stack_size = 0U;
bad_access_info.free_tid = 0U;
bad_access_info.milliseconds_since_free = 0U;
bad_access_info.corrupt_ranges = NULL;
bad_access_info.corrupt_range_count = 0;
// Make sure this structure is not optimized out.
base::debug::Alias(&bad_access_info);
// TODO(sebmarchand): Check if the heap is corrupt and store the information
// about the corrupt blocks if it's the case.
bad_access_info.heap_is_corrupt = false;
asan_runtime->GetBadAccessInformation(&bad_access_info);
// Report this error.
asan_runtime->OnError(&bad_access_info);
}
void ContextToAsanContext(const CONTEXT& context, AsanContext* asan_context) {
DCHECK(asan_context != NULL);
asan_context->original_eax = context.Eax;
asan_context->original_ebp = context.Ebp;
asan_context->original_ebx = context.Ebx;
asan_context->original_ecx = context.Ecx;
asan_context->original_edi = context.Edi;
asan_context->original_edx = context.Edx;
asan_context->original_eflags = context.EFlags;
asan_context->original_eip = context.Eip;
asan_context->original_esi = context.Esi;
asan_context->original_esp = context.Esp;
}
void ReportBadAccess(const uint8* location, AccessMode access_mode) {
AsanContext asan_context = {};
CONTEXT context = {};
::RtlCaptureContext(&context);
ContextToAsanContext(context, &asan_context);
ReportBadMemoryAccess(const_cast<uint8*>(location),
access_mode,
1U,
asan_context);
}
void TestMemoryRange(const uint8* memory,
size_t size,
AccessMode access_mode) {
if (size == 0U)
return;
// TODO(sebmarchand): This approach is pretty limited because it only checks
// if the first and the last elements are accessible. Once we have the
// plumbing in place we should benchmark a check that looks at each
// address to be touched (via the shadow memory, 8 bytes at a time).
if (!Shadow::IsAccessible(memory) ||
!Shadow::IsAccessible(memory + size - 1)) {
const uint8* location = NULL;
if (!Shadow::IsAccessible(memory)) {
location = memory;
} else {
location = memory + size - 1;
}
ReportBadAccess(location, access_mode);
}
}
} // namespace asan
} // namespace agent