From 9fb6d40eb3d4a2da8f45187de773498b784596e6 Mon Sep 17 00:00:00 2001
From: Benoît Ganne <bganne@cisco.com>
Date: Mon, 15 Apr 2019 15:28:21 +0200
Subject: misc: add address sanitizer heap instrumentation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Introduce AddressSanitizer support: https://github.com/google/sanitizers/
This starts with heap instrumentation. vlib_buffer, bihash and stack
instrumentation should follow.

Type: feature

Change-Id: I7f20e235b2f79db72efd0e756f22c75f717a9884
Signed-off-by: Benoît Ganne <bganne@cisco.com>
---
 src/vlibmemory/memory_api.c    |  2 ++
 src/vlibmemory/memory_client.c | 15 +++++++++++++++
 src/vlibmemory/memory_shared.c | 15 ++++++++++-----
 3 files changed, 27 insertions(+), 5 deletions(-)

(limited to 'src/vlibmemory')

diff --git a/src/vlibmemory/memory_api.c b/src/vlibmemory/memory_api.c
index c9eebabfc50..42d1ee08a9f 100644
--- a/src/vlibmemory/memory_api.c
+++ b/src/vlibmemory/memory_api.c
@@ -210,6 +210,7 @@ vl_api_memclnt_create_t_handler (vl_api_memclnt_create_t * mp)
   regp->clib_file_index = am->shmem_hdr->clib_file_index;
 
   q = regp->vl_input_queue = (svm_queue_t *) (uword) mp->input_queue;
+  VL_MSG_API_SVM_QUEUE_UNPOISON (q);
 
   regp->name = format (0, "%s", mp->name);
   vec_add1 (regp->name, 0);
@@ -713,6 +714,7 @@ void_mem_api_handle_msg_i (api_main_t * am, vlib_main_t * vm,
   uword mp;
   if (!svm_queue_sub2 (q, (u8 *) & mp))
     {
+      VL_MSG_API_UNPOISON ((void *) mp);
       vl_msg_api_handler_with_vm_node (am, (void *) mp, vm, node);
       return 0;
     }
diff --git a/src/vlibmemory/memory_client.c b/src/vlibmemory/memory_client.c
index c61c3cbdd51..bb377f1b531 100644
--- a/src/vlibmemory/memory_client.c
+++ b/src/vlibmemory/memory_client.c
@@ -97,6 +97,13 @@ vl_api_name_and_crc_free (void)
   hash_free (am->msg_index_by_name_and_crc);
 }
 
+CLIB_NOSANITIZE_ADDR static void
+VL_API_VEC_UNPOISON (const void *v)
+{
+  const vec_header_t *vh = &((vec_header_t *) v)[-1];
+  CLIB_MEM_UNPOISON (vh, sizeof (*vh) + vec_len (v));
+}
+
 static void
 vl_api_memclnt_create_reply_t_handler (vl_api_memclnt_create_reply_t * mp)
 {
@@ -121,6 +128,8 @@ vl_api_memclnt_create_reply_t_handler (vl_api_memclnt_create_reply_t * mp)
   unserialize_open_data (sm, tblv, vec_len (tblv));
   unserialize_integer (sm, &nmsgs, sizeof (u32));
 
+  VL_API_VEC_UNPOISON (tblv);
+
   for (i = 0; i < nmsgs; i++)
     {
       msg_index = unserialize_likely_small_unsigned_integer (sm);
@@ -168,6 +177,9 @@ vl_client_connect (const char *name, int ctx_quota, int input_queue_size)
       return -1;
     }
 
+  CLIB_MEM_UNPOISON (shmem_hdr, sizeof (*shmem_hdr));
+  VL_MSG_API_SVM_QUEUE_UNPOISON (shmem_hdr->vl_input_queue);
+
   pthread_mutex_lock (&svm->mutex);
   oldheap = svm_push_data_heap (svm);
   vl_input_queue = svm_queue_alloc_and_init (input_queue_size, sizeof (uword),
@@ -211,6 +223,7 @@ vl_client_connect (const char *name, int ctx_quota, int input_queue_size)
       return -1;
 
     read_one_msg:
+      VL_MSG_API_UNPOISON (rp);
       if (ntohs (rp->_vl_msg_id) != VL_API_MEMCLNT_CREATE_REPLY)
 	{
 	  clib_warning ("unexpected reply: id %d", ntohs (rp->_vl_msg_id));
@@ -295,6 +308,8 @@ vl_client_disconnect (void)
       if (svm_queue_sub (vl_input_queue, (u8 *) & rp, SVM_Q_NOWAIT, 0) < 0)
 	continue;
 
+      VL_MSG_API_UNPOISON (rp);
+
       /* drain the queue */
       if (ntohs (rp->_vl_msg_id) != VL_API_MEMCLNT_DELETE_REPLY)
 	{
diff --git a/src/vlibmemory/memory_shared.c b/src/vlibmemory/memory_shared.c
index f44ab7c4106..6c8ec3092f1 100644
--- a/src/vlibmemory/memory_shared.c
+++ b/src/vlibmemory/memory_shared.c
@@ -42,7 +42,7 @@
 
 #define DEBUG_MESSAGE_BUFFER_OVERRUN 0
 
-static inline void *
+CLIB_NOSANITIZE_ADDR static inline void *
 vl_msg_api_alloc_internal (int nbytes, int pool, int may_return_null)
 {
   int i;
@@ -192,6 +192,7 @@ out:
 #endif
   rv->data_len = htonl (nbytes - sizeof (msgbuf_t));
 
+  VL_MSG_API_UNPOISON (rv->data);
   return (rv->data);
 }
 
@@ -296,6 +297,7 @@ vl_msg_api_free (void *a)
 	ASSERT (*overrun == 0x1badbabe);
       }
 #endif
+      VL_MSG_API_POISON (rv->data);
       return;
     }
 
@@ -331,6 +333,7 @@ vl_msg_api_free_nolock (void *a)
   if (rv->q)
     {
       rv->q = 0;
+      VL_MSG_API_POISON (rv->data);
       return;
     }
 
@@ -753,10 +756,10 @@ void
 vl_msg_api_send_shmem (svm_queue_t * q, u8 * elem)
 {
   api_main_t *am = &api_main;
-  uword *trace = (uword *) elem;
+  void *msg = (void *) *(uword *) elem;
 
   if (am->tx_trace && am->tx_trace->enabled)
-    vl_msg_api_trace (am, am->tx_trace, (void *) trace[0]);
+    vl_msg_api_trace (am, am->tx_trace, msg);
 
   /*
    * Announce a probable binary API client bug:
@@ -786,6 +789,7 @@ vl_msg_api_send_shmem (svm_queue_t * q, u8 * elem)
 			q);
 	}
     }
+  VL_MSG_API_POISON (msg);
   (void) svm_queue_add (q, elem, 0 /* nowait */ );
 }
 
@@ -799,12 +803,13 @@ void
 vl_msg_api_send_shmem_nolock (svm_queue_t * q, u8 * elem)
 {
   api_main_t *am = &api_main;
-  uword *trace = (uword *) elem;
+  void *msg = (void *) *(uword *) elem;
 
   if (am->tx_trace && am->tx_trace->enabled)
-    vl_msg_api_trace (am, am->tx_trace, (void *) trace[0]);
+    vl_msg_api_trace (am, am->tx_trace, msg);
 
   (void) svm_queue_add_nolock (q, elem);
+  VL_MSG_API_POISON (msg);
 }
 
 /*
-- 
cgit 1.2.3-korg