1 /* 2 * UBSAN error reporting functions 3 * 4 * Copyright (c) 2014 Samsung Electronics Co., Ltd. 5 * Author: Andrey Ryabinin <ryabinin.a.a@gmail.com> 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 as 9 * published by the Free Software Foundation. 10 * 11 */ 12 13 #include <linux/bitops.h> 14 #include <linux/bug.h> 15 #include <linux/ctype.h> 16 #include <linux/init.h> 17 #include <linux/kernel.h> 18 #include <linux/types.h> 19 #include <linux/sched.h> 20 21 #include "ubsan.h" 22 23 const char *type_check_kinds[] = { 24 "load of", 25 "store to", 26 "reference binding to", 27 "member access within", 28 "member call on", 29 "constructor call on", 30 "downcast of", 31 "downcast of" 32 }; 33 34 #define REPORTED_BIT 31 35 36 #if (BITS_PER_LONG == 64) && defined(__BIG_ENDIAN) 37 #define COLUMN_MASK (~(1U << REPORTED_BIT)) 38 #define LINE_MASK (~0U) 39 #else 40 #define COLUMN_MASK (~0U) 41 #define LINE_MASK (~(1U << REPORTED_BIT)) 42 #endif 43 44 #define VALUE_LENGTH 40 45 46 static bool was_reported(struct source_location *location) 47 { 48 return test_and_set_bit(REPORTED_BIT, &location->reported); 49 } 50 51 static void print_source_location(const char *prefix, 52 struct source_location *loc) 53 { 54 pr_err("%s %s:%d:%d\n", prefix, loc->file_name, 55 loc->line & LINE_MASK, loc->column & COLUMN_MASK); 56 } 57 58 static bool suppress_report(struct source_location *loc) 59 { 60 return current->in_ubsan || was_reported(loc); 61 } 62 63 static bool type_is_int(struct type_descriptor *type) 64 { 65 return type->type_kind == type_kind_int; 66 } 67 68 static bool type_is_signed(struct type_descriptor *type) 69 { 70 WARN_ON(!type_is_int(type)); 71 return type->type_info & 1; 72 } 73 74 static unsigned type_bit_width(struct type_descriptor *type) 75 { 76 return 1 << (type->type_info >> 1); 77 } 78 79 static bool is_inline_int(struct type_descriptor *type) 80 { 81 unsigned inline_bits = sizeof(unsigned long)*8; 82 unsigned bits = type_bit_width(type); 83 84 WARN_ON(!type_is_int(type)); 85 86 return bits <= inline_bits; 87 } 88 89 static s_max get_signed_val(struct type_descriptor *type, unsigned long val) 90 { 91 if (is_inline_int(type)) { 92 unsigned extra_bits = sizeof(s_max)*8 - type_bit_width(type); 93 return ((s_max)val) << extra_bits >> extra_bits; 94 } 95 96 if (type_bit_width(type) == 64) 97 return *(s64 *)val; 98 99 return *(s_max *)val; 100 } 101 102 static bool val_is_negative(struct type_descriptor *type, unsigned long val) 103 { 104 return type_is_signed(type) && get_signed_val(type, val) < 0; 105 } 106 107 static u_max get_unsigned_val(struct type_descriptor *type, unsigned long val) 108 { 109 if (is_inline_int(type)) 110 return val; 111 112 if (type_bit_width(type) == 64) 113 return *(u64 *)val; 114 115 return *(u_max *)val; 116 } 117 118 static void val_to_string(char *str, size_t size, struct type_descriptor *type, 119 unsigned long value) 120 { 121 if (type_is_int(type)) { 122 if (type_bit_width(type) == 128) { 123 #if defined(CONFIG_ARCH_SUPPORTS_INT128) && defined(__SIZEOF_INT128__) 124 u_max val = get_unsigned_val(type, value); 125 126 scnprintf(str, size, "0x%08x%08x%08x%08x", 127 (u32)(val >> 96), 128 (u32)(val >> 64), 129 (u32)(val >> 32), 130 (u32)(val)); 131 #else 132 WARN_ON(1); 133 #endif 134 } else if (type_is_signed(type)) { 135 scnprintf(str, size, "%lld", 136 (s64)get_signed_val(type, value)); 137 } else { 138 scnprintf(str, size, "%llu", 139 (u64)get_unsigned_val(type, value)); 140 } 141 } 142 } 143 144 static DEFINE_SPINLOCK(report_lock); 145 146 static void ubsan_prologue(struct source_location *location, 147 unsigned long *flags) 148 { 149 current->in_ubsan++; 150 spin_lock_irqsave(&report_lock, *flags); 151 152 pr_err("========================================" 153 "========================================\n"); 154 print_source_location("UBSAN: Undefined behaviour in", location); 155 } 156 157 static void ubsan_epilogue(unsigned long *flags) 158 { 159 dump_stack(); 160 pr_err("========================================" 161 "========================================\n"); 162 spin_unlock_irqrestore(&report_lock, *flags); 163 current->in_ubsan--; 164 } 165 166 static void handle_overflow(struct overflow_data *data, unsigned long lhs, 167 unsigned long rhs, char op) 168 { 169 170 struct type_descriptor *type = data->type; 171 unsigned long flags; 172 char lhs_val_str[VALUE_LENGTH]; 173 char rhs_val_str[VALUE_LENGTH]; 174 175 if (suppress_report(&data->location)) 176 return; 177 178 ubsan_prologue(&data->location, &flags); 179 180 val_to_string(lhs_val_str, sizeof(lhs_val_str), type, lhs); 181 val_to_string(rhs_val_str, sizeof(rhs_val_str), type, rhs); 182 pr_err("%s integer overflow:\n", 183 type_is_signed(type) ? "signed" : "unsigned"); 184 pr_err("%s %c %s cannot be represented in type %s\n", 185 lhs_val_str, 186 op, 187 rhs_val_str, 188 type->type_name); 189 190 ubsan_epilogue(&flags); 191 } 192 193 void __ubsan_handle_add_overflow(struct overflow_data *data, 194 unsigned long lhs, 195 unsigned long rhs) 196 { 197 198 handle_overflow(data, lhs, rhs, '+'); 199 } 200 EXPORT_SYMBOL(__ubsan_handle_add_overflow); 201 202 void __ubsan_handle_sub_overflow(struct overflow_data *data, 203 unsigned long lhs, 204 unsigned long rhs) 205 { 206 handle_overflow(data, lhs, rhs, '-'); 207 } 208 EXPORT_SYMBOL(__ubsan_handle_sub_overflow); 209 210 void __ubsan_handle_mul_overflow(struct overflow_data *data, 211 unsigned long lhs, 212 unsigned long rhs) 213 { 214 handle_overflow(data, lhs, rhs, '*'); 215 } 216 EXPORT_SYMBOL(__ubsan_handle_mul_overflow); 217 218 void __ubsan_handle_negate_overflow(struct overflow_data *data, 219 unsigned long old_val) 220 { 221 unsigned long flags; 222 char old_val_str[VALUE_LENGTH]; 223 224 if (suppress_report(&data->location)) 225 return; 226 227 ubsan_prologue(&data->location, &flags); 228 229 val_to_string(old_val_str, sizeof(old_val_str), data->type, old_val); 230 231 pr_err("negation of %s cannot be represented in type %s:\n", 232 old_val_str, data->type->type_name); 233 234 ubsan_epilogue(&flags); 235 } 236 EXPORT_SYMBOL(__ubsan_handle_negate_overflow); 237 238 239 void __ubsan_handle_divrem_overflow(struct overflow_data *data, 240 unsigned long lhs, 241 unsigned long rhs) 242 { 243 unsigned long flags; 244 char rhs_val_str[VALUE_LENGTH]; 245 246 if (suppress_report(&data->location)) 247 return; 248 249 ubsan_prologue(&data->location, &flags); 250 251 val_to_string(rhs_val_str, sizeof(rhs_val_str), data->type, rhs); 252 253 if (type_is_signed(data->type) && get_signed_val(data->type, rhs) == -1) 254 pr_err("division of %s by -1 cannot be represented in type %s\n", 255 rhs_val_str, data->type->type_name); 256 else 257 pr_err("division by zero\n"); 258 259 ubsan_epilogue(&flags); 260 } 261 EXPORT_SYMBOL(__ubsan_handle_divrem_overflow); 262 263 static void handle_null_ptr_deref(struct type_mismatch_data_common *data) 264 { 265 unsigned long flags; 266 267 if (suppress_report(data->location)) 268 return; 269 270 ubsan_prologue(data->location, &flags); 271 272 pr_err("%s null pointer of type %s\n", 273 type_check_kinds[data->type_check_kind], 274 data->type->type_name); 275 276 ubsan_epilogue(&flags); 277 } 278 279 static void handle_misaligned_access(struct type_mismatch_data_common *data, 280 unsigned long ptr) 281 { 282 unsigned long flags; 283 284 if (suppress_report(data->location)) 285 return; 286 287 ubsan_prologue(data->location, &flags); 288 289 pr_err("%s misaligned address %p for type %s\n", 290 type_check_kinds[data->type_check_kind], 291 (void *)ptr, data->type->type_name); 292 pr_err("which requires %ld byte alignment\n", data->alignment); 293 294 ubsan_epilogue(&flags); 295 } 296 297 static void handle_object_size_mismatch(struct type_mismatch_data_common *data, 298 unsigned long ptr) 299 { 300 unsigned long flags; 301 302 if (suppress_report(data->location)) 303 return; 304 305 ubsan_prologue(data->location, &flags); 306 pr_err("%s address %p with insufficient space\n", 307 type_check_kinds[data->type_check_kind], 308 (void *) ptr); 309 pr_err("for an object of type %s\n", data->type->type_name); 310 ubsan_epilogue(&flags); 311 } 312 313 static void ubsan_type_mismatch_common(struct type_mismatch_data_common *data, 314 unsigned long ptr) 315 { 316 317 if (!ptr) 318 handle_null_ptr_deref(data); 319 else if (data->alignment && !IS_ALIGNED(ptr, data->alignment)) 320 handle_misaligned_access(data, ptr); 321 else 322 handle_object_size_mismatch(data, ptr); 323 } 324 325 void __ubsan_handle_type_mismatch(struct type_mismatch_data *data, 326 unsigned long ptr) 327 { 328 struct type_mismatch_data_common common_data = { 329 .location = &data->location, 330 .type = data->type, 331 .alignment = data->alignment, 332 .type_check_kind = data->type_check_kind 333 }; 334 335 ubsan_type_mismatch_common(&common_data, ptr); 336 } 337 EXPORT_SYMBOL(__ubsan_handle_type_mismatch); 338 339 void __ubsan_handle_type_mismatch_v1(struct type_mismatch_data_v1 *data, 340 unsigned long ptr) 341 { 342 343 struct type_mismatch_data_common common_data = { 344 .location = &data->location, 345 .type = data->type, 346 .alignment = 1UL << data->log_alignment, 347 .type_check_kind = data->type_check_kind 348 }; 349 350 ubsan_type_mismatch_common(&common_data, ptr); 351 } 352 EXPORT_SYMBOL(__ubsan_handle_type_mismatch_v1); 353 354 void __ubsan_handle_vla_bound_not_positive(struct vla_bound_data *data, 355 unsigned long bound) 356 { 357 unsigned long flags; 358 char bound_str[VALUE_LENGTH]; 359 360 if (suppress_report(&data->location)) 361 return; 362 363 ubsan_prologue(&data->location, &flags); 364 365 val_to_string(bound_str, sizeof(bound_str), data->type, bound); 366 pr_err("variable length array bound value %s <= 0\n", bound_str); 367 368 ubsan_epilogue(&flags); 369 } 370 EXPORT_SYMBOL(__ubsan_handle_vla_bound_not_positive); 371 372 void __ubsan_handle_out_of_bounds(struct out_of_bounds_data *data, 373 unsigned long index) 374 { 375 unsigned long flags; 376 char index_str[VALUE_LENGTH]; 377 378 if (suppress_report(&data->location)) 379 return; 380 381 ubsan_prologue(&data->location, &flags); 382 383 val_to_string(index_str, sizeof(index_str), data->index_type, index); 384 pr_err("index %s is out of range for type %s\n", index_str, 385 data->array_type->type_name); 386 ubsan_epilogue(&flags); 387 } 388 EXPORT_SYMBOL(__ubsan_handle_out_of_bounds); 389 390 void __ubsan_handle_shift_out_of_bounds(struct shift_out_of_bounds_data *data, 391 unsigned long lhs, unsigned long rhs) 392 { 393 unsigned long flags; 394 struct type_descriptor *rhs_type = data->rhs_type; 395 struct type_descriptor *lhs_type = data->lhs_type; 396 char rhs_str[VALUE_LENGTH]; 397 char lhs_str[VALUE_LENGTH]; 398 399 if (suppress_report(&data->location)) 400 return; 401 402 ubsan_prologue(&data->location, &flags); 403 404 val_to_string(rhs_str, sizeof(rhs_str), rhs_type, rhs); 405 val_to_string(lhs_str, sizeof(lhs_str), lhs_type, lhs); 406 407 if (val_is_negative(rhs_type, rhs)) 408 pr_err("shift exponent %s is negative\n", rhs_str); 409 410 else if (get_unsigned_val(rhs_type, rhs) >= 411 type_bit_width(lhs_type)) 412 pr_err("shift exponent %s is too large for %u-bit type %s\n", 413 rhs_str, 414 type_bit_width(lhs_type), 415 lhs_type->type_name); 416 else if (val_is_negative(lhs_type, lhs)) 417 pr_err("left shift of negative value %s\n", 418 lhs_str); 419 else 420 pr_err("left shift of %s by %s places cannot be" 421 " represented in type %s\n", 422 lhs_str, rhs_str, 423 lhs_type->type_name); 424 425 ubsan_epilogue(&flags); 426 } 427 EXPORT_SYMBOL(__ubsan_handle_shift_out_of_bounds); 428 429 430 void __noreturn 431 __ubsan_handle_builtin_unreachable(struct unreachable_data *data) 432 { 433 unsigned long flags; 434 435 ubsan_prologue(&data->location, &flags); 436 pr_err("calling __builtin_unreachable()\n"); 437 ubsan_epilogue(&flags); 438 panic("can't return from __builtin_unreachable()"); 439 } 440 EXPORT_SYMBOL(__ubsan_handle_builtin_unreachable); 441 442 void __ubsan_handle_load_invalid_value(struct invalid_value_data *data, 443 unsigned long val) 444 { 445 unsigned long flags; 446 char val_str[VALUE_LENGTH]; 447 448 if (suppress_report(&data->location)) 449 return; 450 451 ubsan_prologue(&data->location, &flags); 452 453 val_to_string(val_str, sizeof(val_str), data->type, val); 454 455 pr_err("load of value %s is not a valid value for type %s\n", 456 val_str, data->type->type_name); 457 458 ubsan_epilogue(&flags); 459 } 460 EXPORT_SYMBOL(__ubsan_handle_load_invalid_value); 461