summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/CMakeLists.txt11
-rw-r--r--src/plugins/crypto_ia32/aes_gcm.c6
-rw-r--r--src/plugins/crypto_ia32/aesni.h4
-rw-r--r--src/svm/svm.c4
-rw-r--r--src/svm/svm_common.h4
-rw-r--r--src/vcl/ldp_socket_wrapper.c8
-rw-r--r--src/vcl/ldp_socket_wrapper.h16
-rw-r--r--src/vlib/buffer_node.h6
-rwxr-xr-xsrc/vlib/physmem.c2
-rw-r--r--src/vlibapi/api_common.h20
-rw-r--r--src/vlibmemory/memory_api.c2
-rw-r--r--src/vlibmemory/memory_client.c15
-rw-r--r--src/vlibmemory/memory_shared.c15
-rw-r--r--src/vnet/ethernet/interface.c1
-rw-r--r--src/vnet/l2/l2_fib.h11
-rw-r--r--src/vpp-api/client/client.c2
-rw-r--r--src/vpp-api/vapi/vapi.c5
-rw-r--r--src/vpp/vnet/main.c9
-rw-r--r--src/vppinfra/CMakeLists.txt1
-rw-r--r--src/vppinfra/dlmalloc.c23
-rw-r--r--src/vppinfra/hash.c16
-rw-r--r--src/vppinfra/mem.h43
-rw-r--r--src/vppinfra/mem_dlmalloc.c2
-rw-r--r--src/vppinfra/pool.h13
-rw-r--r--src/vppinfra/sanitizer.h62
-rw-r--r--src/vppinfra/vec.c14
-rw-r--r--src/vppinfra/vec.h3
-rw-r--r--src/vppinfra/vec_bootstrap.h1
28 files changed, 248 insertions, 71 deletions
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 4fa9e5a9b66..89b4b962fdb 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -102,6 +102,17 @@ set_property(CACHE CMAKE_BUILD_TYPE PROPERTY
HELPSTRING "Build type - valid options are: ${BUILD_TYPES}")
##############################################################################
+# sanitizers
+##############################################################################
+
+option(ENABLE_SANITIZE_ADDR "Enable Address Sanitizer" OFF)
+if (ENABLE_SANITIZE_ADDR)
+ set(CMAKE_C_FLAGS "-fsanitize=address --param asan-stack=0 -DCLIB_SANITIZE_ADDR ${CMAKE_C_FLAGS}")
+ set(CMAKE_EXE_LINKER_FLAGS "-fsanitize=address ${CMAKE_EXE_LINKER_FLAGS}")
+ set(CMAKE_SHARED_LINKER_FLAGS "-fsanitize=address ${CMAKE_SHARED_LINKER_FLAGS}")
+endif (ENABLE_SANITIZE_ADDR)
+
+##############################################################################
# install config
##############################################################################
set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib")
diff --git a/src/plugins/crypto_ia32/aes_gcm.c b/src/plugins/crypto_ia32/aes_gcm.c
index c48ee8847b1..a21ecf3e6df 100644
--- a/src/plugins/crypto_ia32/aes_gcm.c
+++ b/src/plugins/crypto_ia32/aes_gcm.c
@@ -63,10 +63,12 @@ aesni_gcm_byte_mask (__m128i x, u8 n_bytes)
static_always_inline __m128i
aesni_gcm_load_partial (__m128i * p, int n_bytes)
{
+ ASSERT (n_bytes <= 16);
#ifdef __AVX512F__
return _mm_mask_loadu_epi8 (zero, (1 << n_bytes) - 1, p);
#else
- return aesni_gcm_byte_mask (_mm_loadu_si128 (p), n_bytes);
+ return aesni_gcm_byte_mask (CLIB_MEM_OVERFLOW_LOAD (_mm_loadu_si128, p),
+ n_bytes);
#endif
}
@@ -591,7 +593,7 @@ aes_gcm (const u8 * in, u8 * out, const u8 * addt, const u8 * iv, u8 * tag,
T = aesni_gcm_ghash (T, kd, (__m128i *) addt, aad_bytes);
/* initalize counter */
- Y0 = _mm_loadu_si128 ((__m128i *) iv);
+ Y0 = CLIB_MEM_OVERFLOW_LOAD (_mm_loadu_si128, (__m128i *) iv);
Y0 = _mm_insert_epi32 (Y0, clib_host_to_net_u32 (1), 3);
/* ghash and encrypt/edcrypt */
diff --git a/src/plugins/crypto_ia32/aesni.h b/src/plugins/crypto_ia32/aesni.h
index ceb28451732..ece61c13cf3 100644
--- a/src/plugins/crypto_ia32/aesni.h
+++ b/src/plugins/crypto_ia32/aesni.h
@@ -18,7 +18,6 @@
#ifndef __aesni_h__
#define __aesni_h__
-
typedef enum
{
AESNI_KEY_128 = 0,
@@ -77,7 +76,8 @@ aes192_key_expand (__m128i * k, u8 * key)
__m128i r1, r2, r3;
k[0] = r1 = _mm_loadu_si128 ((__m128i *) key);
- r3 = _mm_loadu_si128 ((__m128i *) (key + 16));
+ /* load the 24-bytes key as 2 * 16-bytes (and ignore last 8-bytes) */
+ r3 = CLIB_MEM_OVERFLOW_LOAD (_mm_loadu_si128, (__m128i *) (key + 16));
k[1] = r3;
r2 = _mm_aeskeygenassist_si128 (r3, 0x1);
diff --git a/src/svm/svm.c b/src/svm/svm.c
index 421121957f0..cc49eb3c6e2 100644
--- a/src/svm/svm.c
+++ b/src/svm/svm.c
@@ -61,6 +61,10 @@ svm_get_root_rp (void)
u64
svm_get_global_region_base_va ()
{
+#ifdef CLIB_SANITIZE_ADDR
+ return 0x200000000000;
+#endif
+
#if __aarch64__
/* On AArch64 VA space can have different size, from 36 to 48 bits.
Here we are trying to detect VA bits by parsing /proc/self/maps
diff --git a/src/svm/svm_common.h b/src/svm/svm_common.h
index ce07c37b24e..ce317229916 100644
--- a/src/svm/svm_common.h
+++ b/src/svm/svm_common.h
@@ -81,7 +81,11 @@ typedef struct svm_map_region_args_
* Memory mapped to high addresses for session/vppcom/vcl/etc...
*/
#if __WORDSIZE == 64
+#ifdef CLIB_SANITIZE_ADDR
+#define HIGH_SEGMENT_BASEVA 0x300000000000
+#else /* CLIB_SANITIZE_ADDR */
#define HIGH_SEGMENT_BASEVA (8ULL << 30) /* 8GB */
+#endif /* CLIB_SANITIZE_ADDR */
#elif __WORDSIZE == 32
#define HIGH_SEGMENT_BASEVA (3584UL << 20) /* 3.5GB */
#else
diff --git a/src/vcl/ldp_socket_wrapper.c b/src/vcl/ldp_socket_wrapper.c
index 81637deedfb..38ee297174c 100644
--- a/src/vcl/ldp_socket_wrapper.c
+++ b/src/vcl/ldp_socket_wrapper.c
@@ -394,7 +394,7 @@ swrap_load_lib_handle (enum swrap_lib lib)
void *handle = NULL;
int i;
-#ifdef RTLD_DEEPBIND
+#if defined(RTLD_DEEPBIND) && !defined(CLIB_SANITIZE_ADDR)
flags |= RTLD_DEEPBIND;
#endif
@@ -547,7 +547,7 @@ libc_eventfd (int count, int flags)
}
#endif
-DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE int
+int
libc_vfcntl (int fd, int cmd, va_list ap)
{
long int args[4];
@@ -569,7 +569,7 @@ libc_vfcntl (int fd, int cmd, va_list ap)
}
#ifdef HAVE_FCNTL64
-DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE int
+int
libc_vfcntl64 (int fd, int cmd, va_list ap)
{
long int args[4];
@@ -592,7 +592,7 @@ libc_vfcntl64 (int fd, int cmd, va_list ap)
}
#endif
-DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE int
+int
libc_vioctl (int fd, int cmd, va_list ap)
{
long int args[4];
diff --git a/src/vcl/ldp_socket_wrapper.h b/src/vcl/ldp_socket_wrapper.h
index b949d97f2f6..94529e3b744 100644
--- a/src/vcl/ldp_socket_wrapper.h
+++ b/src/vcl/ldp_socket_wrapper.h
@@ -90,13 +90,6 @@
#define DESTRUCTOR_ATTRIBUTE
#endif
-#define HAVE_ADDRESS_SANITIZER_ATTRIBUTE
-#ifdef HAVE_ADDRESS_SANITIZER_ATTRIBUTE
-#define DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE __attribute__((no_sanitize_address))
-#else
-#define DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE
-#endif
-
/*
* IMPORTANT
*
@@ -127,14 +120,11 @@ int libc_dup2 (int oldfd, int newfd);
int libc_eventfd (int count, int flags);
#endif
-DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE int
-libc_vfcntl (int fd, int cmd, va_list ap);
+int libc_vfcntl (int fd, int cmd, va_list ap);
-DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE int
-libc_vfcntl64 (int fd, int cmd, va_list ap);
+int libc_vfcntl64 (int fd, int cmd, va_list ap);
-DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE int
-libc_vioctl (int fd, int cmd, va_list ap);
+int libc_vioctl (int fd, int cmd, va_list ap);
int libc_getpeername (int sockfd, struct sockaddr *addr, socklen_t * addrlen);
diff --git a/src/vlib/buffer_node.h b/src/vlib/buffer_node.h
index 96b50ae3551..bd82b1037a9 100644
--- a/src/vlib/buffer_node.h
+++ b/src/vlib/buffer_node.h
@@ -350,17 +350,17 @@ vlib_buffer_enqueue_to_next (vlib_main_t * vm, vlib_node_runtime_t * node,
max = clib_min (n_left_to_next, count);
}
#if defined(CLIB_HAVE_VEC512)
- u16x32 next32 = u16x32_load_unaligned (nexts);
+ u16x32 next32 = CLIB_MEM_OVERFLOW_LOAD (u16x32_load_unaligned, nexts);
next32 = (next32 == u16x32_splat (next32[0]));
u64 bitmap = u16x32_msb_mask (next32);
n_enqueued = count_trailing_zeros (~bitmap);
#elif defined(CLIB_HAVE_VEC256)
- u16x16 next16 = u16x16_load_unaligned (nexts);
+ u16x16 next16 = CLIB_MEM_OVERFLOW_LOAD (u16x16_load_unaligned, nexts);
next16 = (next16 == u16x16_splat (next16[0]));
u64 bitmap = u8x32_msb_mask ((u8x32) next16);
n_enqueued = count_trailing_zeros (~bitmap) / 2;
#elif defined(CLIB_HAVE_VEC128) && defined(CLIB_HAVE_VEC128_MSB_MASK)
- u16x8 next8 = u16x8_load_unaligned (nexts);
+ u16x8 next8 = CLIB_MEM_OVERFLOW_LOAD (u16x8_load_unaligned, nexts);
next8 = (next8 == u16x8_splat (next8[0]));
u64 bitmap = u8x16_msb_mask ((u8x16) next8);
n_enqueued = count_trailing_zeros (~bitmap) / 2;
diff --git a/src/vlib/physmem.c b/src/vlib/physmem.c
index a62309552f5..40346fc2f70 100755
--- a/src/vlib/physmem.c
+++ b/src/vlib/physmem.c
@@ -29,7 +29,7 @@
#include <vlib/pci/pci.h>
#include <vlib/linux/vfio.h>
-#ifdef __x86_64__
+#if defined(__x86_64__) && !defined(CLIB_SANITIZE_ADDR)
/* we keep physmem in low 38 bits of VA address space as some
IOMMU implamentation cannot map above that range */
#define VLIB_PHYSMEM_DEFAULT_BASE_ADDDR (1ULL << 36)
diff --git a/src/vlibapi/api_common.h b/src/vlibapi/api_common.h
index bb1997041f4..fac4c96ee3c 100644
--- a/src/vlibapi/api_common.h
+++ b/src/vlibapi/api_common.h
@@ -142,6 +142,26 @@ typedef struct msgbuf_
u8 data[0]; /**< actual message begins here */
} msgbuf_t;
+CLIB_NOSANITIZE_ADDR static inline void
+VL_MSG_API_UNPOISON (const void *a)
+{
+ const msgbuf_t *m = &((const msgbuf_t *) a)[-1];
+ CLIB_MEM_UNPOISON (m, sizeof (*m) + ntohl (m->data_len));
+}
+
+CLIB_NOSANITIZE_ADDR static inline void
+VL_MSG_API_SVM_QUEUE_UNPOISON (const svm_queue_t * q)
+{
+ CLIB_MEM_UNPOISON (q, sizeof (*q) + q->elsize * q->maxsize);
+}
+
+static inline void
+VL_MSG_API_POISON (const void *a)
+{
+ const msgbuf_t *m = &((const msgbuf_t *) a)[-1];
+ CLIB_MEM_POISON (m, sizeof (*m) + ntohl (m->data_len));
+}
+
/* api_shared.c prototypes */
void vl_msg_api_handler (void *the_msg);
void vl_msg_api_handler_no_free (void *the_msg);
diff --git a/src/vlibmemory/memory_api.c b/src/vlibmemory/memory_api.c
index c9eebabfc50..42d1ee08a9f 100644
--- a/src/vlibmemory/memory_api.c
+++ b/src/vlibmemory/memory_api.c
@@ -210,6 +210,7 @@ vl_api_memclnt_create_t_handler (vl_api_memclnt_create_t * mp)
regp->clib_file_index = am->shmem_hdr->clib_file_index;
q = regp->vl_input_queue = (svm_queue_t *) (uword) mp->input_queue;
+ VL_MSG_API_SVM_QUEUE_UNPOISON (q);
regp->name = format (0, "%s", mp->name);
vec_add1 (regp->name, 0);
@@ -713,6 +714,7 @@ void_mem_api_handle_msg_i (api_main_t * am, vlib_main_t * vm,
uword mp;
if (!svm_queue_sub2 (q, (u8 *) & mp))
{
+ VL_MSG_API_UNPOISON ((void *) mp);
vl_msg_api_handler_with_vm_node (am, (void *) mp, vm, node);
return 0;
}
diff --git a/src/vlibmemory/memory_client.c b/src/vlibmemory/memory_client.c
index c61c3cbdd51..bb377f1b531 100644
--- a/src/vlibmemory/memory_client.c
+++ b/src/vlibmemory/memory_client.c
@@ -97,6 +97,13 @@ vl_api_name_and_crc_free (void)
hash_free (am->msg_index_by_name_and_crc);
}
+CLIB_NOSANITIZE_ADDR static void
+VL_API_VEC_UNPOISON (const void *v)
+{
+ const vec_header_t *vh = &((vec_header_t *) v)[-1];
+ CLIB_MEM_UNPOISON (vh, sizeof (*vh) + vec_len (v));
+}
+
static void
vl_api_memclnt_create_reply_t_handler (vl_api_memclnt_create_reply_t * mp)
{
@@ -121,6 +128,8 @@ vl_api_memclnt_create_reply_t_handler (vl_api_memclnt_create_reply_t * mp)
unserialize_open_data (sm, tblv, vec_len (tblv));
unserialize_integer (sm, &nmsgs, sizeof (u32));
+ VL_API_VEC_UNPOISON (tblv);
+
for (i = 0; i < nmsgs; i++)
{
msg_index = unserialize_likely_small_unsigned_integer (sm);
@@ -168,6 +177,9 @@ vl_client_connect (const char *name, int ctx_quota, int input_queue_size)
return -1;
}
+ CLIB_MEM_UNPOISON (shmem_hdr, sizeof (*shmem_hdr));
+ VL_MSG_API_SVM_QUEUE_UNPOISON (shmem_hdr->vl_input_queue);
+
pthread_mutex_lock (&svm->mutex);
oldheap = svm_push_data_heap (svm);
vl_input_queue = svm_queue_alloc_and_init (input_queue_size, sizeof (uword),
@@ -211,6 +223,7 @@ vl_client_connect (const char *name, int ctx_quota, int input_queue_size)
return -1;
read_one_msg:
+ VL_MSG_API_UNPOISON (rp);
if (ntohs (rp->_vl_msg_id) != VL_API_MEMCLNT_CREATE_REPLY)
{
clib_warning ("unexpected reply: id %d", ntohs (rp->_vl_msg_id));
@@ -295,6 +308,8 @@ vl_client_disconnect (void)
if (svm_queue_sub (vl_input_queue, (u8 *) & rp, SVM_Q_NOWAIT, 0) < 0)
continue;
+ VL_MSG_API_UNPOISON (rp);
+
/* drain the queue */
if (ntohs (rp->_vl_msg_id) != VL_API_MEMCLNT_DELETE_REPLY)
{
diff --git a/src/vlibmemory/memory_shared.c b/src/vlibmemory/memory_shared.c
index f44ab7c4106..6c8ec3092f1 100644
--- a/src/vlibmemory/memory_shared.c
+++ b/src/vlibmemory/memory_shared.c
@@ -42,7 +42,7 @@
#define DEBUG_MESSAGE_BUFFER_OVERRUN 0
-static inline void *
+CLIB_NOSANITIZE_ADDR static inline void *
vl_msg_api_alloc_internal (int nbytes, int pool, int may_return_null)
{
int i;
@@ -192,6 +192,7 @@ out:
#endif
rv->data_len = htonl (nbytes - sizeof (msgbuf_t));
+ VL_MSG_API_UNPOISON (rv->data);
return (rv->data);
}
@@ -296,6 +297,7 @@ vl_msg_api_free (void *a)
ASSERT (*overrun == 0x1badbabe);
}
#endif
+ VL_MSG_API_POISON (rv->data);
return;
}
@@ -331,6 +333,7 @@ vl_msg_api_free_nolock (void *a)
if (rv->q)
{
rv->q = 0;
+ VL_MSG_API_POISON (rv->data);
return;
}
@@ -753,10 +756,10 @@ void
vl_msg_api_send_shmem (svm_queue_t * q, u8 * elem)
{
api_main_t *am = &api_main;
- uword *trace = (uword *) elem;
+ void *msg = (void *) *(uword *) elem;
if (am->tx_trace && am->tx_trace->enabled)
- vl_msg_api_trace (am, am->tx_trace, (void *) trace[0]);
+ vl_msg_api_trace (am, am->tx_trace, msg);
/*
* Announce a probable binary API client bug:
@@ -786,6 +789,7 @@ vl_msg_api_send_shmem (svm_queue_t * q, u8 * elem)
q);
}
}
+ VL_MSG_API_POISON (msg);
(void) svm_queue_add (q, elem, 0 /* nowait */ );
}
@@ -799,12 +803,13 @@ void
vl_msg_api_send_shmem_nolock (svm_queue_t * q, u8 * elem)
{
api_main_t *am = &api_main;
- uword *trace = (uword *) elem;
+ void *msg = (void *) *(uword *) elem;
if (am->tx_trace && am->tx_trace->enabled)
- vl_msg_api_trace (am, am->tx_trace, (void *) trace[0]);
+ vl_msg_api_trace (am, am->tx_trace, msg);
(void) svm_queue_add_nolock (q, elem);
+ VL_MSG_API_POISON (msg);
}
/*
diff --git a/src/vnet/ethernet/interface.c b/src/vnet/ethernet/interface.c
index 7b2b162f1a0..d79669206a9 100644
--- a/src/vnet/ethernet/interface.c
+++ b/src/vnet/ethernet/interface.c
@@ -311,6 +311,7 @@ ethernet_register_interface (vnet_main_t * vnm,
clib_memcpy (ei->address, address, sizeof (ei->address));
vec_add (hi->hw_address, address, sizeof (ei->address));
+ CLIB_MEM_UNPOISON (hi->hw_address, 8);
if (error)
{
diff --git a/src/vnet/l2/l2_fib.h b/src/vnet/l2/l2_fib.h
index 20ba3da9aa3..a1dbc9db5c7 100644
--- a/src/vnet/l2/l2_fib.h
+++ b/src/vnet/l2/l2_fib.h
@@ -214,12 +214,7 @@ l2fib_compute_hash_bucket (l2fib_entry_key_t * key)
return result % L2FIB_NUM_BUCKETS;
}
-/**
- * make address sanitizer skip this:
- * The 6-Bytes mac-address is cast into an 8-Bytes u64, with 2 additional Bytes.
- * l2fib_make_key() does read those two Bytes but does not use them.
- */
-always_inline u64 __attribute__ ((no_sanitize_address))
+always_inline u64
l2fib_make_key (const u8 * mac_address, u16 bd_index)
{
u64 temp;
@@ -233,14 +228,14 @@ l2fib_make_key (const u8 * mac_address, u16 bd_index)
* Create the in-register key as F:E:D:C:B:A:H:L
* In memory the key is L:H:A:B:C:D:E:F
*/
- temp = *((u64 *) (mac_address)) << 16;
+ temp = CLIB_MEM_OVERFLOW_LOAD (*, (u64 *) mac_address) << 16;
temp = (temp & ~0xffff) | (u64) (bd_index);
#else
/*
* Create the in-register key as H:L:A:B:C:D:E:F
* In memory the key is H:L:A:B:C:D:E:F
*/
- temp = *((u64 *) (mac_address)) >> 16;
+ temp = CLIB_MEM_OVERFLOW_LOAD (*, (u64 *) mac_address) >> 16;
temp = temp | (((u64) bd_index) << 48);
#endif
diff --git a/src/vpp-api/client/client.c b/src/vpp-api/client/client.c
index 50d088c1bfb..fa83696ec34 100644
--- a/src/vpp-api/client/client.c
+++ b/src/vpp-api/client/client.c
@@ -186,6 +186,7 @@ vac_rx_thread_fn (void *arg)
while (1)
while (!svm_queue_sub(q, (u8 *)&msg, SVM_Q_WAIT, 0))
{
+ VL_MSG_API_UNPOISON((void *)msg);
u16 id = ntohs(*((u16 *)msg));
switch (id) {
case VL_API_RX_THREAD_EXIT:
@@ -468,6 +469,7 @@ vac_read (char **p, int *l, u16 timeout)
rv = svm_queue_sub(q, (u8 *)&msg, SVM_Q_WAIT, 0);
if (rv == 0) {
+ VL_MSG_API_UNPOISON((void *)msg);
u16 msg_id = ntohs(*((u16 *)msg));
switch (msg_id) {
case VL_API_RX_THREAD_EXIT:
diff --git a/src/vpp-api/vapi/vapi.c b/src/vpp-api/vapi/vapi.c
index ef31724356d..859a811d178 100644
--- a/src/vpp-api/vapi/vapi.c
+++ b/src/vpp-api/vapi/vapi.c
@@ -474,6 +474,8 @@ vapi_send (vapi_ctx_t ctx, void *msg)
{
rv = VAPI_EAGAIN;
}
+ else
+ VL_MSG_API_POISON (msg);
out:
VAPI_DBG ("vapi_send() rv = %d", rv);
return rv;
@@ -518,6 +520,8 @@ vapi_send2 (vapi_ctx_t ctx, void *msg1, void *msg2)
{
rv = VAPI_EAGAIN;
}
+ else
+ VL_MSG_API_POISON (msg1);
out:
VAPI_DBG ("vapi_send() rv = %d", rv);
return rv;
@@ -548,6 +552,7 @@ again:
if (tmp == 0)
{
+ VL_MSG_API_UNPOISON ((void *) data);
#if VAPI_DEBUG_ALLOC
vapi_add_to_be_freed ((void *) data);
#endif
diff --git a/src/vpp/vnet/main.c b/src/vpp/vnet/main.c
index 673120a2a97..ea8e4f88718 100644
--- a/src/vpp/vnet/main.c
+++ b/src/vpp/vnet/main.c
@@ -496,6 +496,15 @@ VLIB_CLI_COMMAND (show_bihash_command, static) =
};
/* *INDENT-ON* */
+#ifdef CLIB_SANITIZE_ADDR
+/* default options for Address Sanitizer */
+const char *
+__asan_default_options (void)
+{
+ return "unmap_shadow_on_exit=1:disable_coredump=0:abort_on_error=1";
+}
+#endif /* CLIB_SANITIZE_ADDR */
+
/*
* fd.io coding-style-patch-verification: ON
*
diff --git a/src/vppinfra/CMakeLists.txt b/src/vppinfra/CMakeLists.txt
index accce6d004f..1c234cce234 100644
--- a/src/vppinfra/CMakeLists.txt
+++ b/src/vppinfra/CMakeLists.txt
@@ -88,6 +88,7 @@ set(VPPINFRA_SRCS
)
set(VPPINFRA_HEADERS
+ sanitizer.h
bihash_16_8.h
bihash_24_8.h
bihash_40_8.h
diff --git a/src/vppinfra/dlmalloc.c b/src/vppinfra/dlmalloc.c
index 524c57b210b..451666e4c9c 100644
--- a/src/vppinfra/dlmalloc.c
+++ b/src/vppinfra/dlmalloc.c
@@ -6,6 +6,7 @@
*/
#include <vppinfra/dlmalloc.h>
+#include <vppinfra/sanitizer.h>
/*------------------------------ internal #includes ---------------------- */
@@ -459,6 +460,7 @@ static FORCEINLINE void x86_clear_lock(int* sl) {
#if !defined(USE_RECURSIVE_LOCKS) || USE_RECURSIVE_LOCKS == 0
/* Plain spin locks use single word (embedded in malloc_states) */
+CLIB_NOSANITIZE_ADDR
static int spin_acquire_lock(int *sl) {
int spins = 0;
while (*(volatile int *)sl != 0 || CAS_LOCK(sl)) {
@@ -1284,6 +1286,7 @@ static struct malloc_state _gm_;
((char*)(A) >= S->base && (char*)(A) < S->base + S->size)
/* Return segment holding given address */
+CLIB_NOSANITIZE_ADDR
static msegmentptr segment_holding(mstate m, char* addr) {
msegmentptr sp = &m->seg;
for (;;) {
@@ -1295,6 +1298,7 @@ static msegmentptr segment_holding(mstate m, char* addr) {
}
/* Return true if segment contains a segment link */
+CLIB_NOSANITIZE_ADDR
static int has_segment_link(mstate m, msegmentptr ss) {
msegmentptr sp = &m->seg;
for (;;) {
@@ -1612,6 +1616,7 @@ static size_t traverse_and_check(mstate m);
#if (FOOTERS && !INSECURE)
/* Check if (alleged) mstate m has expected magic field */
+CLIB_NOSANITIZE_ADDR
static inline int
ok_magic (const mstate m)
{
@@ -2078,6 +2083,7 @@ static void do_check_malloc_state(mstate m) {
/* ----------------------------- statistics ------------------------------ */
#if !NO_MALLINFO
+CLIB_NOSANITIZE_ADDR
static struct dlmallinfo internal_mallinfo(mstate m) {
struct dlmallinfo nm = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
ensure_initialization();
@@ -2842,6 +2848,7 @@ static void* sys_alloc(mstate m, size_t nb) {
/* ----------------------- system deallocation -------------------------- */
/* Unmap and unlink any mmapped segments that don't contain used chunks */
+CLIB_NOSANITIZE_ADDR
static size_t release_unused_segments(mstate m) {
size_t released = 0;
int nsegs = 0;
@@ -2889,6 +2896,7 @@ static size_t release_unused_segments(mstate m) {
return released;
}
+CLIB_NOSANITIZE_ADDR
static int sys_trim(mstate m, size_t pad) {
size_t released = 0;
ensure_initialization();
@@ -2957,6 +2965,7 @@ static int sys_trim(mstate m, size_t pad) {
/* Consolidate and bin a chunk. Differs from exported versions
of free mainly in that the chunk need not be marked as inuse.
*/
+CLIB_NOSANITIZE_ADDR
static void dispose_chunk(mstate m, mchunkptr p, size_t psize) {
mchunkptr next = chunk_plus_offset(p, psize);
if (!pinuse(p)) {
@@ -3028,6 +3037,7 @@ static void dispose_chunk(mstate m, mchunkptr p, size_t psize) {
/* ---------------------------- malloc --------------------------- */
/* allocate a large request from the best fitting chunk in a treebin */
+CLIB_NOSANITIZE_ADDR
static void* tmalloc_large(mstate m, size_t nb) {
tchunkptr v = 0;
size_t rsize = -nb; /* Unsigned negation */
@@ -3099,6 +3109,7 @@ static void* tmalloc_large(mstate m, size_t nb) {
}
/* allocate a small request from the best fitting chunk in a treebin */
+CLIB_NOSANITIZE_ADDR
static void* tmalloc_small(mstate m, size_t nb) {
tchunkptr t, v;
size_t rsize;
@@ -3484,6 +3495,7 @@ static mchunkptr try_realloc_chunk(mstate m, mchunkptr p, size_t nb,
return newp;
}
+CLIB_NOSANITIZE_ADDR
static void* internal_memalign(mstate m, size_t alignment, size_t bytes) {
void* mem = 0;
if (alignment < MIN_CHUNK_SIZE) /* must be at least a minimum chunk size */
@@ -4101,6 +4113,7 @@ void mspace_get_address_and_size (mspace msp, char **addrp, size_t *sizep)
*sizep = this_seg->size;
}
+CLIB_NOSANITIZE_ADDR
int mspace_is_heap_object (mspace msp, void *p)
{
msegment *this_seg;
@@ -4155,6 +4168,7 @@ int mspace_enable_disable_trace (mspace msp, int enable)
return (was_enabled);
}
+CLIB_NOSANITIZE_ADDR
int mspace_is_traced (mspace msp)
{
mstate ms = (mstate)msp;
@@ -4164,6 +4178,7 @@ int mspace_is_traced (mspace msp)
return 0;
}
+CLIB_NOSANITIZE_ADDR
void* mspace_get_aligned (mspace msp,
unsigned long n_user_data_bytes,
unsigned long align,
@@ -4264,6 +4279,7 @@ void* mspace_get_aligned (mspace msp,
return (void *) searchp;
}
+CLIB_NOSANITIZE_ADDR
void mspace_put (mspace msp, void *p_arg)
{
char *object_header;
@@ -4287,7 +4303,7 @@ void mspace_put (mspace msp, void *p_arg)
mheap_put_trace ((unsigned long)p_arg, psize);
}
-#if CLIB_DEBUG > 0
+#if CLIB_DEBUG > 0 && !defined(CLIB_SANITIZE_ADDR)
/* Poison the object */
{
size_t psize = mspace_usable_size (object_header);
@@ -4313,6 +4329,7 @@ void mspace_put_no_offset (mspace msp, void *p_arg)
mspace_free (msp, p_arg);
}
+CLIB_NOSANITIZE_ADDR
size_t mspace_usable_size_with_delta (const void *p)
{
size_t usable_size;
@@ -4338,6 +4355,7 @@ size_t mspace_usable_size_with_delta (const void *p)
versions. This is not so nice but better than the alternatives.
*/
+CLIB_NOSANITIZE_ADDR
void* mspace_malloc(mspace msp, size_t bytes) {
mstate ms = (mstate)msp;
if (!ok_magic(ms)) {
@@ -4452,6 +4470,7 @@ void* mspace_malloc(mspace msp, size_t bytes) {
return 0;
}
+CLIB_NOSANITIZE_ADDR
void mspace_free(mspace msp, void* mem) {
if (mem != 0) {
mchunkptr p = mem2chunk(mem);
@@ -4789,6 +4808,7 @@ size_t mspace_set_footprint_limit(mspace msp, size_t bytes) {
}
#if !NO_MALLINFO
+CLIB_NOSANITIZE_ADDR
struct dlmallinfo mspace_mallinfo(mspace msp) {
mstate ms = (mstate)msp;
if (!ok_magic(ms)) {
@@ -4798,6 +4818,7 @@ struct dlmallinfo mspace_mallinfo(mspace msp) {
}
#endif /* NO_MALLINFO */
+CLIB_NOSANITIZE_ADDR
size_t mspace_usable_size(const void* mem) {
if (mem != 0) {
mchunkptr p = mem2chunk(mem);
diff --git a/src/vppinfra/hash.c b/src/vppinfra/hash.c
index b6f0901dd68..6115b0cffd6 100644
--- a/src/vppinfra/hash.c
+++ b/src/vppinfra/hash.c
@@ -109,7 +109,7 @@ zap64 (u64 x, word n)
* The above is true *unless* the extra bytes cross a page boundary
* into unmapped or no-access space, hence the boundary crossing check.
*/
-static inline u64 __attribute__ ((no_sanitize_address))
+static inline u64
hash_memory64 (void *p, word n_bytes, u64 state)
{
u64 *q = p;
@@ -154,7 +154,9 @@ hash_memory64 (void *p, word n_bytes, u64 state)
{
if (PREDICT_TRUE (page_boundary_crossing == 0))
c +=
- zap64 (clib_mem_unaligned (q + 2, u64), n % sizeof (u64)) << 8;
+ zap64 (CLIB_MEM_OVERFLOW
+ (clib_mem_unaligned (q + 2, u64), q + 2, sizeof (u64)),
+ n % sizeof (u64)) << 8;
else
{
clib_memcpy_fast (tmp.as_u8, q + 2, n % sizeof (u64));
@@ -168,7 +170,10 @@ hash_memory64 (void *p, word n_bytes, u64 state)
if (n % sizeof (u64))
{
if (PREDICT_TRUE (page_boundary_crossing == 0))
- b += zap64 (clib_mem_unaligned (q + 1, u64), n % sizeof (u64));
+ b +=
+ zap64 (CLIB_MEM_OVERFLOW
+ (clib_mem_unaligned (q + 1, u64), q + 1, sizeof (u64)),
+ n % sizeof (u64));
else
{
clib_memcpy_fast (tmp.as_u8, q + 1, n % sizeof (u64));
@@ -181,7 +186,10 @@ hash_memory64 (void *p, word n_bytes, u64 state)
if (n % sizeof (u64))
{
if (PREDICT_TRUE (page_boundary_crossing == 0))
- a += zap64 (clib_mem_unaligned (q + 0, u64), n % sizeof (u64));
+ a +=
+ zap64 (CLIB_MEM_OVERFLOW
+ (clib_mem_unaligned (q + 0, u64), q + 0, sizeof (u64)),
+ n % sizeof (u64));
else
{
clib_memcpy_fast (tmp.as_u8, q, n % sizeof (u64));
diff --git a/src/vppinfra/mem.h b/src/vppinfra/mem.h
index 14b2761c881..d4819b7f989 100644
--- a/src/vppinfra/mem.h
+++ b/src/vppinfra/mem.h
@@ -53,6 +53,7 @@
#include <vppinfra/os.h>
#include <vppinfra/string.h> /* memcpy, clib_memset */
+#include <vppinfra/sanitizer.h>
#define CLIB_MAX_MHEAPS 256
@@ -96,6 +97,17 @@ clib_mem_set_per_cpu_heap (u8 * new_heap)
return old;
}
+always_inline uword
+clib_mem_size_nocheck (void *p)
+{
+#if USE_DLMALLOC == 0
+ mheap_elt_t *e = mheap_user_pointer_to_elt (p);
+ return mheap_elt_data_bytes (e);
+#else
+ return mspace_usable_size_with_delta (p);
+#endif
+}
+
/* Memory allocator which may call os_out_of_memory() if it fails */
always_inline void *
clib_mem_alloc_aligned_at_offset (uword size, uword align, uword align_offset,
@@ -119,29 +131,21 @@ clib_mem_alloc_aligned_at_offset (uword size, uword align, uword align_offset,
uword offset;
heap = mheap_get_aligned (heap, size, align, align_offset, &offset);
clib_per_cpu_mheaps[cpu] = heap;
-
- if (offset != ~0)
- {
- p = heap + offset;
- return p;
- }
- else
- {
- if (os_out_of_memory_on_failure)
- os_out_of_memory ();
- return 0;
- }
+ if (PREDICT_TRUE (offset != ~0))
+ p = heap + offset;
#else
p = mspace_get_aligned (heap, size, align, align_offset);
- if (PREDICT_FALSE (p == 0))
+#endif /* USE_DLMALLOC */
+
+ if (PREDICT_FALSE (0 == p))
{
if (os_out_of_memory_on_failure)
os_out_of_memory ();
return 0;
}
+ CLIB_MEM_UNPOISON (p, size);
return p;
-#endif /* USE_DLMALLOC */
}
/* Memory allocator which calls os_out_of_memory() when it fails */
@@ -226,6 +230,8 @@ clib_mem_free (void *p)
/* Make sure object is in the correct heap. */
ASSERT (clib_mem_is_heap_object (p));
+ CLIB_MEM_POISON (p, clib_mem_size_nocheck (p));
+
#if USE_DLMALLOC == 0
mheap_put (heap, (u8 *) p - heap);
#else
@@ -254,20 +260,15 @@ clib_mem_realloc (void *p, uword new_size, uword old_size)
always_inline uword
clib_mem_size (void *p)
{
-#if USE_DLMALLOC == 0
- mheap_elt_t *e = mheap_user_pointer_to_elt (p);
ASSERT (clib_mem_is_heap_object (p));
- return mheap_elt_data_bytes (e);
-#else
- ASSERT (clib_mem_is_heap_object (p));
- return mspace_usable_size_with_delta (p);
-#endif
+ return clib_mem_size_nocheck (p);
}
always_inline void
clib_mem_free_s (void *p)
{
uword size = clib_mem_size (p);
+ CLIB_MEM_UNPOISON (p, size);
memset_s_inline (p, size, 0, size);
clib_mem_free (p);
}
diff --git a/src/vppinfra/mem_dlmalloc.c b/src/vppinfra/mem_dlmalloc.c
index 7a53a8bb43b..5628e2714c7 100644
--- a/src/vppinfra/mem_dlmalloc.c
+++ b/src/vppinfra/mem_dlmalloc.c
@@ -19,6 +19,7 @@
#include <vppinfra/lock.h>
#include <vppinfra/hash.h>
#include <vppinfra/elf_clib.h>
+#include <vppinfra/sanitizer.h>
void *clib_per_cpu_mheaps[CLIB_MAX_MHEAPS];
@@ -219,6 +220,7 @@ clib_mem_init (void *memory, uword memory_size)
if (mheap_trace_main.lock == 0)
clib_spinlock_init (&mheap_trace_main.lock);
+ CLIB_MEM_POISON (mspace_least_addr (heap), mspace_footprint (heap));
return heap;
}
diff --git a/src/vppinfra/pool.h b/src/vppinfra/pool.h
index 747a7170800..e6ffe1e874a 100644
--- a/src/vppinfra/pool.h
+++ b/src/vppinfra/pool.h
@@ -205,6 +205,7 @@ do { \
clib_bitmap_andnoti_notrim (_pool_var (p)->free_bitmap, \
_pool_var (i)); \
_vec_len (_pool_var (p)->free_indices) = _pool_var (l) - 1; \
+ CLIB_MEM_UNPOISON((E), sizeof((E)[0])); \
} \
else \
{ \
@@ -285,10 +286,12 @@ do { \
/** Free an object E in pool P. */
#define pool_put(P,E) \
do { \
- pool_header_t * _pool_var (p) = pool_header (P); \
- uword _pool_var (l) = (E) - (P); \
- ASSERT (vec_is_member (P, E)); \
- ASSERT (! pool_is_free (P, E)); \
+ typeof (P) _pool_var(p__) = (P); \
+ typeof (E) _pool_var(e__) = (E); \
+ pool_header_t * _pool_var (p) = pool_header (_pool_var(p__)); \
+ uword _pool_var (l) = _pool_var(e__) - _pool_var(p__); \
+ ASSERT (vec_is_member (_pool_var(p__), _pool_var(e__))); \
+ ASSERT (! pool_is_free (_pool_var(p__), _pool_var(e__))); \
\
/* Add element to free bitmap and to free list. */ \
_pool_var (p)->free_bitmap = \
@@ -305,6 +308,8 @@ do { \
} \
else \
vec_add1 (_pool_var (p)->free_indices, _pool_var (l)); \
+ \
+ CLIB_MEM_POISON(_pool_var(e__), sizeof(_pool_var(e__)[0])); \
} while (0)
/** Free pool element with given index. */
diff --git a/src/vppinfra/sanitizer.h b/src/vppinfra/sanitizer.h
new file mode 100644
index 00000000000..d099d3a941f
--- /dev/null
+++ b/src/vppinfra/sanitizer.h
@@ -0,0 +1,62 @@
+#ifndef _included_clib_sanitizer_h
+#define _included_clib_sanitizer_h
+
+#ifdef CLIB_SANITIZE_ADDR
+
+#include <sanitizer/asan_interface.h>
+#include <vppinfra/clib.h>
+
+#define CLIB_NOSANITIZE_ADDR __attribute__((no_sanitize_address))
+#define CLIB_MEM_POISON(a, s) ASAN_POISON_MEMORY_REGION((a), (s))
+#define CLIB_MEM_UNPOISON(a, s) ASAN_UNPOISON_MEMORY_REGION((a), (s))
+
+#define CLIB_MEM_OVERFLOW(f, src, n) \
+ ({ \
+ typeof (f) clib_mem_overflow_ret__; \
+ const void *clib_mem_overflow_src__ = (src); \
+ size_t clib_mem_overflow_n__ = (n); \
+ const void *clib_mem_overflow_start__ = __asan_region_is_poisoned((void *)clib_mem_overflow_src__, clib_mem_overflow_n__); \
+ clib_mem_overflow_n__ -= (size_t)(clib_mem_overflow_start__ - clib_mem_overflow_src__); \
+ if (clib_mem_overflow_start__) \
+ CLIB_MEM_UNPOISON(clib_mem_overflow_start__, clib_mem_overflow_n__); \
+ clib_mem_overflow_ret__ = f; \
+ if (clib_mem_overflow_start__) \
+ CLIB_MEM_POISON(clib_mem_overflow_start__, clib_mem_overflow_n__); \
+ clib_mem_overflow_ret__; \
+ })
+
+#define CLIB_MEM_OVERFLOW_LOAD(f, src) \
+ ({ \
+ typeof(src) clib_mem_overflow_load_src__ = (src); \
+ CLIB_MEM_OVERFLOW(f(clib_mem_overflow_load_src__), clib_mem_overflow_load_src__, sizeof(typeof(f(clib_mem_overflow_load_src__)))); \
+ })
+
+static_always_inline void
+CLIB_MEM_POISON_LEN (void *src, size_t oldlen, size_t newlen)
+{
+ if (oldlen > newlen)
+ CLIB_MEM_POISON (src + newlen, oldlen - newlen);
+ else if (newlen > oldlen)
+ CLIB_MEM_UNPOISON (src + oldlen, newlen - oldlen);
+}
+
+#else /* CLIB_SANITIZE_ADDR */
+
+#define CLIB_NOSANITIZE_ADDR
+#define CLIB_MEM_POISON(a, s) (void)(a)
+#define CLIB_MEM_UNPOISON(a, s) (void)(a)
+#define CLIB_MEM_OVERFLOW(a, b, c) a
+#define CLIB_MEM_OVERFLOW_LOAD(f, src) f(src)
+#define CLIB_MEM_POISON_LEN(a, b, c)
+
+#endif /* CLIB_SANITIZE_ADDR */
+
+#endif /* _included_clib_sanitizer_h */
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
diff --git a/src/vppinfra/vec.c b/src/vppinfra/vec.c
index 32788286a63..16372e9ef22 100644
--- a/src/vppinfra/vec.c
+++ b/src/vppinfra/vec.c
@@ -58,8 +58,10 @@ vec_resize_allocate_memory (void *v,
{
new = clib_mem_alloc_aligned_at_offset (data_bytes, data_align, header_bytes, 1 /* yes, call os_out_of_memory */
);
- data_bytes = clib_mem_size (new);
- clib_memset (new, 0, data_bytes);
+ new_alloc_bytes = clib_mem_size (new);
+ CLIB_MEM_UNPOISON (new + data_bytes, new_alloc_bytes - data_bytes);
+ clib_memset (new, 0, new_alloc_bytes);
+ CLIB_MEM_POISON (new + data_bytes, new_alloc_bytes - data_bytes);
v = new + header_bytes;
_vec_len (v) = length_increment;
return v;
@@ -75,7 +77,10 @@ vec_resize_allocate_memory (void *v,
/* Need to resize? */
if (data_bytes <= old_alloc_bytes)
- return v;
+ {
+ CLIB_MEM_UNPOISON (v, data_bytes);
+ return v;
+ }
new_alloc_bytes = (old_alloc_bytes * 3) / 2;
if (new_alloc_bytes < data_bytes)
@@ -92,6 +97,7 @@ vec_resize_allocate_memory (void *v,
("vec_resize fails, length increment %d, data bytes %d, alignment %d",
length_increment, data_bytes, data_align);
+ CLIB_MEM_UNPOISON (old, old_alloc_bytes);
clib_memcpy_fast (new, old, old_alloc_bytes);
clib_mem_free (old);
@@ -100,7 +106,9 @@ vec_resize_allocate_memory (void *v,
v = new;
/* Zero new memory. */
+ CLIB_MEM_UNPOISON (new + data_bytes, new_alloc_bytes - data_bytes);
memset (v + old_alloc_bytes, 0, new_alloc_bytes - old_alloc_bytes);
+ CLIB_MEM_POISON (new + data_bytes, new_alloc_bytes - data_bytes);
return v + header_bytes;
}
diff --git a/src/vppinfra/vec.h b/src/vppinfra/vec.h
index 461c0de3347..021b2295964 100644
--- a/src/vppinfra/vec.h
+++ b/src/vppinfra/vec.h
@@ -138,6 +138,7 @@ _vec_resize_inline (void *v,
/* Typically we'll not need to resize. */
if (new_data_bytes <= clib_mem_size (p))
{
+ CLIB_MEM_UNPOISON (v, data_bytes);
vh->len += length_increment;
return v;
}
@@ -794,6 +795,7 @@ do { \
if (_v(n) > 0) \
clib_memset ((V) + _v(l) - _v(n), 0, _v(n) * sizeof ((V)[0])); \
_vec_len (V) -= _v(n); \
+ CLIB_MEM_POISON(vec_end(V), _v(n) * sizeof ((V)[0])); \
} while (0)
/** \brief Delete the element at index I
@@ -808,6 +810,7 @@ do { \
if (_vec_del_i < _vec_del_l) \
(v)[_vec_del_i] = (v)[_vec_del_l]; \
_vec_len (v) = _vec_del_l; \
+ CLIB_MEM_POISON(vec_end(v), sizeof ((v)[0])); \
} while (0)
/** \brief Append v2 after v1. Result in v1.
diff --git a/src/vppinfra/vec_bootstrap.h b/src/vppinfra/vec_bootstrap.h
index 5c42e5ea914..fbb01b685ca 100644
--- a/src/vppinfra/vec_bootstrap.h
+++ b/src/vppinfra/vec_bootstrap.h
@@ -164,6 +164,7 @@ vec_aligned_header_end (void *v, uword header_bytes, uword align)
#define vec_set_len(v, l) do { \
ASSERT(v); \
ASSERT((l) <= vec_max_len(v)); \
+ CLIB_MEM_POISON_LEN((void *)(v), _vec_len(v) * sizeof((v)[0]), (l) * sizeof((v)[0])); \
_vec_len(v) = (l); \
} while (0)
#else /* __COVERITY__ */