1#include "sanitizer_common/sanitizer_atomic.h"
2
3#include <stdlib.h>
4#include <stdint.h>
5#include <string.h>
6#include <unistd.h>
7
8#ifdef KERNEL_USE
9extern "C" void ubsan_message(const char *msg);
10static void message(const char *msg) { ubsan_message(msg); }
11#else
12static void message(const char *msg) {
13  write(2, msg, strlen(msg));
14}
15#endif
16
17static const int kMaxCallerPcs = 20;
18static __sanitizer::atomic_uintptr_t caller_pcs[kMaxCallerPcs];
19// Number of elements in caller_pcs. A special value of kMaxCallerPcs + 1 means
20// that "too many errors" has already been reported.
21static __sanitizer::atomic_uint32_t caller_pcs_sz;
22
23__attribute__((noinline)) static bool report_this_error(void *caller_p) {
24  uintptr_t caller = reinterpret_cast<uintptr_t>(caller_p);
25  if (caller == 0) return false;
26  while (true) {
27    unsigned sz = __sanitizer::atomic_load_relaxed(&caller_pcs_sz);
28    if (sz > kMaxCallerPcs) return false;  // early exit
29    // when sz==kMaxCallerPcs print "too many errors", but only when cmpxchg
30    // succeeds in order to not print it multiple times.
31    if (sz > 0 && sz < kMaxCallerPcs) {
32      uintptr_t p;
33      for (unsigned i = 0; i < sz; ++i) {
34        p = __sanitizer::atomic_load_relaxed(&caller_pcs[i]);
35        if (p == 0) break;  // Concurrent update.
36        if (p == caller) return false;
37      }
38      if (p == 0) continue;  // FIXME: yield?
39    }
40
41    if (!__sanitizer::atomic_compare_exchange_strong(
42            &caller_pcs_sz, &sz, sz + 1, __sanitizer::memory_order_seq_cst))
43      continue;  // Concurrent update! Try again from the start.
44
45    if (sz == kMaxCallerPcs) {
46      message("ubsan: too many errors\n");
47      return false;
48    }
49    __sanitizer::atomic_store_relaxed(&caller_pcs[sz], caller);
50    return true;
51  }
52}
53
54#if defined(__ANDROID__)
55extern "C" __attribute__((weak)) void android_set_abort_message(const char *);
56static void abort_with_message(const char *msg) {
57  if (&android_set_abort_message) android_set_abort_message(msg);
58  abort();
59}
60#else
61static void abort_with_message(const char *) { abort(); }
62#endif
63
64#if SANITIZER_DEBUG
65namespace __sanitizer {
66// The DCHECK macro needs this symbol to be defined.
67void NORETURN CheckFailed(const char *file, int, const char *cond, u64, u64) {
68  message("Sanitizer CHECK failed: ");
69  message(file);
70  message(":?? : "); // FIXME: Show line number.
71  message(cond);
72  abort();
73}
74} // namespace __sanitizer
75#endif
76
77#define INTERFACE extern "C" __attribute__((visibility("default")))
78
79// FIXME: add caller pc to the error message (possibly as "ubsan: error-type
80// @1234ABCD").
81#define HANDLER_RECOVER(name, msg)                               \
82  INTERFACE void __ubsan_handle_##name##_minimal() {             \
83    if (!report_this_error(__builtin_return_address(0))) return; \
84    message("ubsan: " msg "\n");                                 \
85  }
86
87#define HANDLER_NORECOVER(name, msg)                             \
88  INTERFACE void __ubsan_handle_##name##_minimal_abort() {       \
89    message("ubsan: " msg "\n");                                 \
90    abort_with_message("ubsan: " msg);                           \
91  }
92
93#define HANDLER(name, msg)                                       \
94  HANDLER_RECOVER(name, msg)                                     \
95  HANDLER_NORECOVER(name, msg)
96
97HANDLER(type_mismatch, "type-mismatch")
98HANDLER(alignment_assumption, "alignment-assumption")
99HANDLER(add_overflow, "add-overflow")
100HANDLER(sub_overflow, "sub-overflow")
101HANDLER(mul_overflow, "mul-overflow")
102HANDLER(negate_overflow, "negate-overflow")
103HANDLER(divrem_overflow, "divrem-overflow")
104HANDLER(shift_out_of_bounds, "shift-out-of-bounds")
105HANDLER(out_of_bounds, "out-of-bounds")
106HANDLER_RECOVER(builtin_unreachable, "builtin-unreachable")
107HANDLER_RECOVER(missing_return, "missing-return")
108HANDLER(vla_bound_not_positive, "vla-bound-not-positive")
109HANDLER(float_cast_overflow, "float-cast-overflow")
110HANDLER(load_invalid_value, "load-invalid-value")
111HANDLER(invalid_builtin, "invalid-builtin")
112HANDLER(invalid_objc_cast, "invalid-objc-cast")
113HANDLER(function_type_mismatch, "function-type-mismatch")
114HANDLER(implicit_conversion, "implicit-conversion")
115HANDLER(nonnull_arg, "nonnull-arg")
116HANDLER(nonnull_return, "nonnull-return")
117HANDLER(nullability_arg, "nullability-arg")
118HANDLER(nullability_return, "nullability-return")
119HANDLER(pointer_overflow, "pointer-overflow")
120HANDLER(cfi_check_fail, "cfi-check-fail")
121