| Age | Commit message (Collapse) | Author |
|---|
|
When landing 141c2b I didn't realize that none of these files actually
got built either locally or by premerge. I had some minor syntax
mistakes that caused the build to fail. This patch fixes those issues
and has been verified on a Windows machine.
|
|
These instructions show up when building asan in the premerge container
and do not on other bots, likely due to different standard library
versions.
|
|
Created for Wine's memset by clang or mingw-gcc,
the latter places it quite at the start of the function:
```
0x00006ffffb67e210 <memset+0>: 0f b6 d2 movzbl %dl,%edx
0x00006ffffb67e213 <memset+3>: 48 b8 01 01 01 01 01 01 01 01 movabs $0x101010101010101,%rax
```
`3200 uint64_t v = 0x101010101010101ull * (unsigned char)c;`
https://gitlab.winehq.org/wine/wine/-/blob/290fd532ee7376442d272e3833528256bfe5e9dc/dlls/msvcrt/string.c#L3200
|
|
(#132267)
Observed in Wine when trying to intercept `ExitThread`, which forwards
to `ntdll.RtlExitUserThread`.
`gdb` interprets it as `xchg %ax,%ax`.
`llvm-mc` outputs simply `nop`.
```
==Asan-i386-calls-Dynamic-Test.exe==964==interception_win: unhandled instruction at 0x7be27cf0: 66 90 55 89 e5 56 50 8b
```
```
Wine-gdb> bt
#0 0x789a1766 in __interception::GetInstructionSize (address=<optimized out>, rel_offset=<optimized out>) at C:/llvm-mingw/llvm-mingw/llvm-project/compiler-rt/lib/interception/interception_win.cpp:983
#1 0x789ab480 in __sanitizer::SharedPrintfCode(bool, char const*, char*) () at C:/llvm-mingw/llvm-mingw/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_printf.cpp:311
#2 0x789a18e7 in __interception::OverrideFunctionWithHotPatch (old_func=2078440688, new_func=2023702608, orig_old_func=warning: (Internal error: pc 0x792f1a2c in read in CU, but not in symtab.)warning: (Error: pc 0x792f1a2c in address map, but not in symtab.)0x792f1a2c) at C:/llvm-mingw/llvm-mingw/llvm-project/compiler-rt/lib/interception/interception_win.cpp:1118
#3 0x789a1f34 in __interception::OverrideFunction (old_func=2078440688, new_func=2023702608, orig_old_func=warning: (Internal error: pc 0x792f1a2c in read in CU, but not in symtab.)warning: (Error: pc 0x792f1a2c in address map, but not in symtab.)0x792f1a2c) at C:/llvm-mingw/llvm-mingw/llvm-project/compiler-rt/lib/interception/interception_win.cpp:1224
#4 0x789a24ce in __interception::OverrideFunction (func_name=0x78a0bc43 <vtable for __asan::AsanThreadContext+1163> "ExitThread", new_func=2023702608, orig_old_func=warning: (Internal error: pc 0x792f1a2c in read in CU, but not in symtab.)warning: (Error: pc 0x792f1a2c in address map, but not in symtab.)0x792f1a2c) at C:/llvm-mingw/llvm-mingw/llvm-project/compiler-rt/lib/interception/interception_win.cpp:1369
#5 0x789f40ef in __asan::InitializePlatformInterceptors () at C:/llvm-mingw/llvm-mingw/llvm-project/compiler-rt/lib/asan/asan_win.cpp:190
#6 0x789e0c3c in __asan::InitializeAsanInterceptors () at C:/llvm-mingw/llvm-mingw/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:802
#7 0x789ee6b5 in __asan::AsanInitInternal () at C:/llvm-mingw/llvm-mingw/llvm-project/compiler-rt/lib/asan/asan_rtl.cpp:442
#8 0x789eefb0 in __asan::AsanInitFromRtl () at C:/llvm-mingw/llvm-mingw/llvm-project/compiler-rt/lib/asan/asan_rtl.cpp:522
#9 __asan::AsanInitializer::AsanInitializer (this=<optimized out>) at C:/llvm-mingw/llvm-mingw/llvm-project/compiler-rt/lib/asan/asan_rtl.cpp:542
#10 __cxx_global_var_init () at C:/llvm-mingw/llvm-mingw/llvm-project/compiler-rt/lib/asan/asan_rtl.cpp:546
...
Wine-gdb> disassemble /r 2078440688,2078440688+20
Dump of assembler code from 0x7be27cf0 to 0x7be27d04:
0x7be27cf0 <_RtlExitUserThread@4+0>: 66 90 xchg %ax,%ax
...
```
|
|
(#124011)
This patch adds several instructions seen when trying to run a
executable built with ASan with llvm-mingw.
(x86 and x86_64, using the git tip in llvm-project).
Also includes instructions collected by
Roman Pišl and Eric Pouech in the Wine bug reports below.
```
Related: https://github.com/llvm/llvm-project/issues/96270
Co-authored-by: Roman Pišl <rpisl@seznam.cz>
https://bugs.winehq.org/show_bug.cgi?id=50993
https://bugs.winehq.org/attachment.cgi?id=70233
Co-authored-by: Eric Pouech <eric.pouech@gmail.com>
https://bugs.winehq.org/show_bug.cgi?id=52386
https://bugs.winehq.org/attachment.cgi?id=71626
```
|
|
This patch adds several instructions seen when trying to run a
executable built with ASan with llvm-mingw.
(x86 and x86_64, using the git tip in llvm-project).
Also includes instructions collected by
Roman Pišl and Eric Pouech in the Wine bug reports below.
```
Related: https://github.com/llvm/llvm-project/issues/96270
Co-authored-by: Roman Pišl <rpisl@seznam.cz>
https://bugs.winehq.org/show_bug.cgi?id=50993
https://bugs.winehq.org/attachment.cgi?id=70233
Co-authored-by: Eric Pouech <eric.pouech@gmail.com>
https://bugs.winehq.org/show_bug.cgi?id=52386
https://bugs.winehq.org/attachment.cgi?id=71626
```
|
|
This patch adds several instructions seen when trying to run a
executable built with ASan with llvm-mingw.
(x86 and x86_64, using the git tip in llvm-project).
Also includes instructions collected by
Roman Pišl and Eric Pouech in the Wine bug reports below.
```
Related: https://github.com/llvm/llvm-project/issues/96270
Co-authored-by: Roman Pišl <rpisl@seznam.cz>
https://bugs.winehq.org/show_bug.cgi?id=50993
https://bugs.winehq.org/attachment.cgi?id=70233
Co-authored-by: Eric Pouech <eric.pouech@gmail.com>
https://bugs.winehq.org/show_bug.cgi?id=52386
https://bugs.winehq.org/attachment.cgi?id=71626
```
|
|
This patch adds several instructions seen when trying to run a
executable built with ASan with llvm-mingw.
(x86 and x86_64, using the git tip in llvm-project).
Also includes instructions collected by
Roman Pišl and Eric Pouech in the Wine bug reports below.
```
Related: https://github.com/llvm/llvm-project/issues/96270
Co-authored-by: Roman Pišl <rpisl@seznam.cz>
https://bugs.winehq.org/show_bug.cgi?id=50993
https://bugs.winehq.org/attachment.cgi?id=70233
Co-authored-by: Eric Pouech <eric.pouech@gmail.com>
https://bugs.winehq.org/show_bug.cgi?id=52386
https://bugs.winehq.org/attachment.cgi?id=71626
```
|
|
This patch adds several instructions seen when trying to run a
executable built with ASan with llvm-mingw.
(x86 and x86_64, using the git tip in llvm-project).
Also includes instructions collected by
Roman Pišl and Eric Pouech in the Wine bug reports below.
```
Related: https://github.com/llvm/llvm-project/issues/96270
Co-authored-by: Roman Pišl <rpisl@seznam.cz>
https://bugs.winehq.org/show_bug.cgi?id=50993
https://bugs.winehq.org/attachment.cgi?id=70233
Co-authored-by: Eric Pouech <eric.pouech@gmail.com>
https://bugs.winehq.org/show_bug.cgi?id=52386
https://bugs.winehq.org/attachment.cgi?id=71626
```
|
|
This patch adds several instructions seen when trying to run a
executable built with ASan with llvm-mingw.
(x86 and x86_64, using the git tip in llvm-project).
Also includes instructions collected by
Roman Pišl and Eric Pouech in the Wine bug reports below.
```
Related: https://github.com/llvm/llvm-project/issues/96270
Co-authored-by: Roman Pišl <rpisl@seznam.cz>
https://bugs.winehq.org/show_bug.cgi?id=50993
https://bugs.winehq.org/attachment.cgi?id=70233
Co-authored-by: Eric Pouech <eric.pouech@gmail.com>
https://bugs.winehq.org/show_bug.cgi?id=52386
https://bugs.winehq.org/attachment.cgi?id=71626
```
CC: @zmodem
|
|
This adds a test line and updates a comment.
|
|
This consolidates the two different lines for x86 and x86_64 into a
single line for both architectures.
And adds a test line.
CC: @zmodem
|
|
This consolidates the two different lines for x86 and x86_64 into a
single line for both architectures.
And adds a test line.
CC: @zmodem
|
|
|
|
Trying to populate the recently added test for GetInstructionSize I
stumbled over this.
gdb and bddisasm have the opinion this instruction is 9 bytes.
Also lldb shows this:
```
(lldb) disassemble --bytes --start-address 0x0000555555556004 --end-address 0x0000555555556024
0x555555556004: 41 81 7b 73 74 75 76 77 cmpl $0x77767574, 0x73(%r11) ; imm = 0x77767574
0x55555555600c: 41 81 7c 73 74 75 76 77 78 cmpl $0x78777675, 0x74(%r11,%rsi,2) ; imm = 0x78777675
0x555555556015: 41 81 7d 73 74 75 76 77 cmpl $0x77767574, 0x73(%r13) ; imm = 0x77767574
0x55555555601d: 00 00 addb %al, (%rax)
```
There is also a handy tool in llvm to directly feed in the byte sequence
- `41 81 7c` also uses 9 bytes here:
```
$ echo -n -e "0x41, 0x81, 0x7b, 0x73, 0x74, 0x75, 0x76, 0x77, 0x90" | ./llvm/build/bin/llvm-mc --disassemble --show-encoding
.text
cmpl $2004252020, 115(%r11) # encoding: [0x41,0x81,0x7b,0x73,0x74,0x75,0x76,0x77]
# imm = 0x77767574
nop # encoding: [0x90]
$ echo -n -e "0x41, 0x81, 0x7c, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x90" | ./llvm/build/bin/llvm-mc --disassemble --show-encoding
.text
cmpl $2021095029, 116(%r11,%rsi,2) # encoding: [0x41,0x81,0x7c,0x73,0x74,0x75,0x76,0x77,0x78]
# imm = 0x78777675
nop # encoding: [0x90]
```
|
|
This puts the content of GetInstructionSize into a test.
There are 5 cases missing, which I have already or would like to propose
a fix later.
|
|
Was first part of PR #113085.
|
|
Example:
warning: unused variable 'kPatchableCode12' [-Wunused-const-variable]
|
|
1. Differentiate SANITIZER_WINDOWS64 for x64 and arm64
2. turn off interception tests that expect x86 assembly
---------
Co-authored-by: Farzon Lotfi <farzon@farzon.com>
|
|
Add a callback from interception to allow asan on Windows to produce
better error messages. If an unrecoverable error occured when
intercepting functions, print a message before terminating.
Additionally, when encountering unknown instructions, a more helpful
message containing the address and the bytes of the unknown instruction
is now printed to help identify the issue and make it easier to propose
a fix.
Depends on D149549
Differential Revision: https://reviews.llvm.org/D149002
|
|
Do not treat unknown instructions as a fatal error. In most cases,
failure to intercept a function is reported by the caller, though
requires setting verbosity to 1 or higher to be visible.
Better error message reporting for asan will be added in a separate
patch.
Differential Revision: https://reviews.llvm.org/D149549
|
|
These assembly patterns are needed to intercept some libc++ and
libunwind functions built by Clang for i686-w64-windows-gnu target.
Differential Revision: https://reviews.llvm.org/D148990
|
|
To reproduce: Download and run the latest Firefox ASAN build (https://firefox-ci-tc.services.mozilla.com/api/index/v1/task/gecko.v2.mozilla-central.latest.firefox.win64-asan-opt/artifacts/public/build/target.zip) on Windows 11 (version 10.0.22621 Build 22621); it will crash on launch. Note that this doesn't seem to crash on another Windows 11 VM I've tried, so I'm not sure how reproducible it is across machines, but it reproduces on my machine every time.
The problem seems to be that when overriding the memset function in OverrideFunctionWithRedirectJump(), the relative_offset is stored as a uptr. Per the Intel x64 instruction set reference (https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf - warning: large PDF), on page 646 the jmp instruction (specifically the near jump flavors that start with E9, which are the ones the OverrideFunctionWithRedirectJump() considers) treats the offset as a signed displacement. This causes an incorrect value to be stored for REAL(memset) which points to uninitialized memory, and a crash the next time that gets called.
The fix is to simply treat that offset as signed. I have also added a test case.
Fixes https://github.com/llvm/llvm-project/issues/58846
Differential Revision: https://reviews.llvm.org/D137788
|
|
To intercept the functions in Win11's ntdll.dll, we need to use the trampoline
technique because there are bytes other than 0x90 or 0xcc in the gaps between
exported functions. This patch adds more patterns that appear in ntdll's
functions.
Bug: https://bugs.llvm.org/show_bug.cgi?id=51721
Reviewed By: rnk
Differential Revision: https://reviews.llvm.org/D109941
|
|
Like r367463, but for interception/tests and safestack.
llvm-svn: 367560
|
