Permalink
Browse files

[xray] Detect MPROTECT and error out when it's enabled (on NetBSD)

Add a CheckMPROTECT() routine to detect when pax MPROTECT is enabled
on NetBSD, and error xray out when it is.  The solution is adapted
from existing CheckASLR().

Differential Revision: https://reviews.llvm.org/D56049

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@350030 91177308-0d34-0410-b5e6-96231b3b80d8
  • Loading branch information...
mgorny committed Dec 23, 2018
1 parent aa2e555 commit 4448e3b115b9efa3850abd2a0c1d9a5887e350e1
@@ -223,6 +223,7 @@ bool SetEnv(const char *name, const char *value);
u32 GetUid();
void ReExec();
void CheckASLR();
void CheckMPROTECT();
char **GetArgv();
char **GetEnviron();
void PrintCmdline();
@@ -89,6 +89,7 @@ void GetThreadStackTopAndBottom(bool, uptr *stack_top, uptr *stack_bottom) {
void InitializePlatformEarly() {}
void MaybeReexec() {}
void CheckASLR() {}
void CheckMPROTECT() {}
void PlatformPrepareForSandboxing(__sanitizer_sandbox_arguments *args) {}
void DisableCoreDumperIfNecessary() {}
void InstallDeadlySignalHandlers(SignalHandlerType handler) {}
@@ -2023,6 +2023,30 @@ void CheckASLR() {
#endif
}

void CheckMPROTECT() {
#if SANITIZER_NETBSD
int mib[3];
int paxflags;
uptr len = sizeof(paxflags);

mib[0] = CTL_PROC;
mib[1] = internal_getpid();
mib[2] = PROC_PID_PAXFLAGS;

if (UNLIKELY(internal_sysctl(mib, 3, &paxflags, &len, NULL, 0) == -1)) {
Printf("sysctl failed\n");
Die();
}

if (UNLIKELY(paxflags & CTL_PROC_PAXFLAGS_MPROTECT)) {
Printf("This sanitizer is not compatible with enabled MPROTECT\n");
Die();
}
#else
// Do nothing
#endif
}

void PrintModuleMap() { }

void CheckNoDeepBind(const char *filename, int flag) {
@@ -377,6 +377,10 @@ void CheckASLR() {
// Do nothing
}

void CheckMPROTECT() {
// Do nothing
}

uptr GetPageSize() {
return sysconf(_SC_PAGESIZE);
}
@@ -98,6 +98,7 @@ void GetThreadStackAndTls(bool main, uptr *stk_addr, uptr *stk_size,
void InitializePlatformEarly() {}
void MaybeReexec() {}
void CheckASLR() {}
void CheckMPROTECT() {}
void DisableCoreDumperIfNecessary() {}
void InstallDeadlySignalHandlers(SignalHandlerType handler) {}
void SetAlternateSignalStack() {}
@@ -1016,6 +1016,10 @@ void CheckASLR() {
// Do nothing
}

void CheckMPROTECT() {
// Do nothing
}

char **GetArgv() {
// FIXME: Actually implement this function.
return 0;
@@ -67,6 +67,9 @@ void __xray_init() XRAY_NEVER_INSTRUMENT {
if (atomic_load(&XRayInitialized, memory_order_acquire))
return;

// XRAY is not compatible with PaX MPROTECT
CheckMPROTECT();

if (!atomic_load(&XRayFlagsInitialized, memory_order_acquire)) {
initializeFlags();
atomic_store(&XRayFlagsInitialized, true, memory_order_release);

0 comments on commit 4448e3b

Please sign in to comment.