AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-09-19 16:10:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
31be941e43
glibc/gmon/gmon.c
Simon Kissane 31be941e43 gmon: improve mcount overflow handling [BZ# 27576] 
When mcount overflows, no gmon.out file is generated, but no message is printed
to the user, leaving the user with no idea why, and thinking maybe there is
some bug - which is how BZ 27576 ended up being logged. Print a message to
stderr in this case so the user knows what is going on.

As a comment in sys/gmon.h acknowledges, the hardcoded MAXARCS value is too
small for some large applications, including the test case in that BZ. Rather
than increase it, add tunables to enable MINARCS and MAXARCS to be overridden
at runtime (glibc.gmon.minarcs and glibc.gmon.maxarcs). So if a user gets the
mcount overflow error, they can try increasing maxarcs (they might need to
increase minarcs too if the heuristic is wrong in their case.)

Note setting minarcs/maxarcs too large can cause monstartup to fail with an
out of memory error. If you set them large enough, it can cause an integer
overflow in calculating the buffer size. I haven't done anything to defend
against that - it would not generally be a security vulnerability, since these
tunables will be ignored in suid/sgid programs (due to the SXID_ERASE default),
and if you can set GLIBC_TUNABLES in the environment of a process, you can take
it over anyway (LD_PRELOAD, LD_LIBRARY_PATH, etc). I thought about modifying
the code of monstartup to defend against integer overflows, but doing so is
complicated, and I realise the existing code is susceptible to them even prior
to this change (e.g. try passing a pathologically large highpc argument to
monstartup), so I decided just to leave that possibility in-place.

Add a test case which demonstrates mcount overflow and the tunables.

Document the new tunables in the manual.

Signed-off-by: Simon Kissane <skissane@gmail.com>
Reviewed-by: DJ Delorie <dj@redhat.com>
2023-02-22 21:00:14 -05:00

472 lines
13 KiB
C
Raw Blame History

/*-
* Copyright (c) 1983, 1992, 1993, 2011
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/param.h>
#include <sys/time.h>
#include <sys/gmon.h>
#include <sys/gmon_out.h>
#include <sys/uio.h>
#include <errno.h>
#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>
#include <wchar.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stddef.h>
#include <unistd.h>
#include <libc-internal.h>
#include <not-cancel.h>
#if HAVE_TUNABLES
# define TUNABLE_NAMESPACE gmon
# include <elf/dl-tunables.h>
#endif
#ifdef PIC
# include <link.h>
static int
callback (struct dl_phdr_info *info, size_t size, void *data)
{
if (info->dlpi_name[0] == '\0')
{
/* The link map for the executable is created by calling
_dl_new_object with "" as filename. dl_iterate_phdr
calls the callback function with filename from the
link map as dlpi_name. */
u_long *load_address = data;
*load_address = (u_long) info->dlpi_addr;
return 1;
}
return 0;
}
#endif
/* Head of basic-block list or NULL. */
struct __bb *__bb_head attribute_hidden;
struct gmonparam _gmonparam attribute_hidden = { GMON_PROF_OFF };
/*
* See profil(2) where this is described:
*/
static int s_scale;
#define SCALE_1_TO_1 0x10000L
#define ERR(s) __write_nocancel (STDERR_FILENO, s, sizeof (s) - 1)
void moncontrol (int mode);
void __moncontrol (int mode);
libc_hidden_proto (__moncontrol)
static void write_hist (int fd, u_long load_address);
static void write_call_graph (int fd, u_long load_address);
static void write_bb_counts (int fd);
/*
* Control profiling
* profiling is what mcount checks to see if
* all the data structures are ready.
*/
void
__moncontrol (int mode)
{
struct gmonparam *p = &_gmonparam;
/* Don't change the state if we ran into an error. */
if (p->state == GMON_PROF_ERROR)
return;
if (mode)
{
/* start */
__profil((void *) p->kcount, p->kcountsize, p->lowpc, s_scale);
p->state = GMON_PROF_ON;
}
else
{
/* stop */
__profil(NULL, 0, 0, 0);
p->state = GMON_PROF_OFF;
}
}
libc_hidden_def (__moncontrol)
weak_alias (__moncontrol, moncontrol)
void
__monstartup (u_long lowpc, u_long highpc)
{
int o;
char *cp;
struct gmonparam *p = &_gmonparam;
long int minarcs, maxarcs;
#if HAVE_TUNABLES
/* Read minarcs/maxarcs tunables. */
minarcs = TUNABLE_GET (minarcs, int32_t, NULL);
maxarcs = TUNABLE_GET (maxarcs, int32_t, NULL);
if (maxarcs < minarcs)
{
ERR("monstartup: maxarcs < minarcs, setting maxarcs = minarcs\n");
maxarcs = minarcs;
}
#else
/* No tunables, we use hardcoded defaults */
minarcs = MINARCS;
maxarcs = MAXARCS;
#endif
/*
* round lowpc and highpc to multiples of the density we're using
* so the rest of the scaling (here and in gprof) stays in ints.
*/
p->lowpc = ROUNDDOWN(lowpc, HISTFRACTION * sizeof(HISTCOUNTER));
p->highpc = ROUNDUP(highpc, HISTFRACTION * sizeof(HISTCOUNTER));
p->textsize = p->highpc - p->lowpc;
/* This looks like a typo, but it's here to align the p->froms
section. */
p->kcountsize = ROUNDUP(p->textsize / HISTFRACTION, sizeof(*p->froms));
p->hashfraction = HASHFRACTION;
p->log_hashfraction = -1;
/* The following test must be kept in sync with the corresponding
test in mcount.c. */
if ((HASHFRACTION & (HASHFRACTION - 1)) == 0) {
/* if HASHFRACTION is a power of two, mcount can use shifting
instead of integer division. Precompute shift amount. */
p->log_hashfraction = ffs(p->hashfraction * sizeof(*p->froms)) - 1;
}
p->fromssize = ROUNDUP(p->textsize / HASHFRACTION, sizeof(*p->froms));
p->tolimit = p->textsize * ARCDENSITY / 100;
if (p->tolimit < minarcs)
p->tolimit = minarcs;
else if (p->tolimit > maxarcs)
p->tolimit = maxarcs;
p->tossize = p->tolimit * sizeof(struct tostruct);
cp = calloc (p->kcountsize + p->fromssize + p->tossize, 1);
if (! cp)
{
ERR("monstartup: out of memory\n");
p->tos = NULL;
p->state = GMON_PROF_ERROR;
return;
}
p->tos = (struct tostruct *)cp;
cp += p->tossize;
p->kcount = (HISTCOUNTER *)cp;
cp += p->kcountsize;
p->froms = (ARCINDEX *)cp;
p->tos[0].link = 0;
o = p->highpc - p->lowpc;
if (p->kcountsize < (u_long) o)
{
#ifndef hp300
s_scale = ((float)p->kcountsize / o ) * SCALE_1_TO_1;
#else
/* avoid floating point operations */
int quot = o / p->kcountsize;
if (quot >= 0x10000)
s_scale = 1;
else if (quot >= 0x100)
s_scale = 0x10000 / quot;
else if (o >= 0x800000)
s_scale = 0x1000000 / (o / (p->kcountsize >> 8));
else
s_scale = 0x1000000 / ((o << 8) / p->kcountsize);
#endif
} else
s_scale = SCALE_1_TO_1;
__moncontrol(1);
}
weak_alias (__monstartup, monstartup)
static void
write_hist (int fd, u_long load_address)
{
u_char tag = GMON_TAG_TIME_HIST;
if (_gmonparam.kcountsize > 0)
{
struct real_gmon_hist_hdr
{
char *low_pc;
char *high_pc;
int32_t hist_size;
int32_t prof_rate;
char dimen[15];
char dimen_abbrev;
} thdr;
struct iovec iov[3] =
{
{ &tag, sizeof (tag) },
{ &thdr, sizeof (struct gmon_hist_hdr) },
{ _gmonparam.kcount, _gmonparam.kcountsize }
};
if (sizeof (thdr) != sizeof (struct gmon_hist_hdr)
|| (offsetof (struct real_gmon_hist_hdr, low_pc)
!= offsetof (struct gmon_hist_hdr, low_pc))
|| (offsetof (struct real_gmon_hist_hdr, high_pc)
!= offsetof (struct gmon_hist_hdr, high_pc))
|| (offsetof (struct real_gmon_hist_hdr, hist_size)
!= offsetof (struct gmon_hist_hdr, hist_size))
|| (offsetof (struct real_gmon_hist_hdr, prof_rate)
!= offsetof (struct gmon_hist_hdr, prof_rate))
|| (offsetof (struct real_gmon_hist_hdr, dimen)
!= offsetof (struct gmon_hist_hdr, dimen))
|| (offsetof (struct real_gmon_hist_hdr, dimen_abbrev)
!= offsetof (struct gmon_hist_hdr, dimen_abbrev)))
abort ();
thdr.low_pc = (char *) _gmonparam.lowpc - load_address;
thdr.high_pc = (char *) _gmonparam.highpc - load_address;
thdr.hist_size = _gmonparam.kcountsize / sizeof (HISTCOUNTER);
thdr.prof_rate = __profile_frequency ();
strncpy (thdr.dimen, "seconds", sizeof (thdr.dimen));
thdr.dimen_abbrev = 's';
__writev_nocancel_nostatus (fd, iov, 3);
}
}
static void
write_call_graph (int fd, u_long load_address)
{
#define NARCS_PER_WRITEV 32
u_char tag = GMON_TAG_CG_ARC;
struct gmon_cg_arc_record raw_arc[NARCS_PER_WRITEV]
__attribute__ ((aligned (__alignof__ (char*))));
ARCINDEX from_index, to_index;
u_long from_len;
u_long frompc;
struct iovec iov[2 * NARCS_PER_WRITEV];
int nfilled;
for (nfilled = 0; nfilled < NARCS_PER_WRITEV; ++nfilled)
{
iov[2 * nfilled].iov_base = &tag;
iov[2 * nfilled].iov_len = sizeof (tag);
iov[2 * nfilled + 1].iov_base = &raw_arc[nfilled];
iov[2 * nfilled + 1].iov_len = sizeof (struct gmon_cg_arc_record);
}
nfilled = 0;
from_len = _gmonparam.fromssize / sizeof (*_gmonparam.froms);
for (from_index = 0; from_index < from_len; ++from_index)
{
if (_gmonparam.froms[from_index] == 0)
continue;
frompc = _gmonparam.lowpc;
frompc += (from_index * _gmonparam.hashfraction
* sizeof (*_gmonparam.froms));
for (to_index = _gmonparam.froms[from_index];
to_index != 0;
to_index = _gmonparam.tos[to_index].link)
{
struct arc
{
char *frompc;
char *selfpc;
int32_t count;
}
arc;
arc.frompc = (char *) frompc - load_address;
arc.selfpc = ((char *) _gmonparam.tos[to_index].selfpc
- load_address);
arc.count = _gmonparam.tos[to_index].count;
memcpy (raw_arc + nfilled, &arc, sizeof (raw_arc [0]));
if (++nfilled == NARCS_PER_WRITEV)
{
__writev_nocancel_nostatus (fd, iov, 2 * nfilled);
nfilled = 0;
}
}
}
if (nfilled > 0)
__writev_nocancel_nostatus (fd, iov, 2 * nfilled);
}
static void
write_bb_counts (int fd)
{
struct __bb *grp;
u_char tag = GMON_TAG_BB_COUNT;
size_t ncounts;
size_t i;
struct iovec bbhead[2] =
{
{ &tag, sizeof (tag) },
{ &ncounts, sizeof (ncounts) }
};
struct iovec bbbody[8];
size_t nfilled;
for (i = 0; i < (sizeof (bbbody) / sizeof (bbbody[0])); i += 2)
{
bbbody[i].iov_len = sizeof (grp->addresses[0]);
bbbody[i + 1].iov_len = sizeof (grp->counts[0]);
}
/* Write each group of basic-block info (all basic-blocks in a
compilation unit form a single group). */
for (grp = __bb_head; grp; grp = grp->next)
{
ncounts = grp->ncounts;
__writev_nocancel_nostatus (fd, bbhead, 2);
for (nfilled = i = 0; i < ncounts; ++i)
{
if (nfilled > (sizeof (bbbody) / sizeof (bbbody[0])) - 2)
{
__writev_nocancel_nostatus (fd, bbbody, nfilled);
nfilled = 0;
}
bbbody[nfilled++].iov_base = (char *) &grp->addresses[i];
bbbody[nfilled++].iov_base = &grp->counts[i];
}
if (nfilled > 0)
__writev_nocancel_nostatus (fd, bbbody, nfilled);
}
}
static void
write_gmon (void)
{
int fd = -1;
char *env;
env = getenv ("GMON_OUT_PREFIX");
if (env != NULL && !__libc_enable_secure)
{
size_t len = strlen (env);
char buf[len + 20];
__snprintf (buf, sizeof (buf), "%s.%u", env, __getpid ());
fd = __open_nocancel (buf, O_CREAT|O_TRUNC|O_WRONLY|O_NOFOLLOW, 0666);
}
if (fd == -1)
{
fd = __open_nocancel ("gmon.out", O_CREAT|O_TRUNC|O_WRONLY|O_NOFOLLOW,
0666);
if (fd < 0)
{
char buf[300];
int errnum = errno;
__fxprintf (NULL, "_mcleanup: gmon.out: %s\n",
__strerror_r (errnum, buf, sizeof buf));
return;
}
}
/* write gmon.out header: */
struct real_gmon_hdr
{
char cookie[4];
int32_t version;
char spare[3 * 4];
} ghdr;
if (sizeof (ghdr) != sizeof (struct gmon_hdr)
|| (offsetof (struct real_gmon_hdr, cookie)
!= offsetof (struct gmon_hdr, cookie))
|| (offsetof (struct real_gmon_hdr, version)
!= offsetof (struct gmon_hdr, version)))
abort ();
memcpy (&ghdr.cookie[0], GMON_MAGIC, sizeof (ghdr.cookie));
ghdr.version = GMON_VERSION;
memset (ghdr.spare, '\0', sizeof (ghdr.spare));
__write_nocancel (fd, &ghdr, sizeof (struct gmon_hdr));
/* Get load_address to profile PIE. */
u_long load_address = 0;
#ifdef PIC
__dl_iterate_phdr (callback, &load_address);
#endif
/* write PC histogram: */
write_hist (fd, load_address);
/* write call-graph: */
write_call_graph (fd, load_address);
/* write basic-block execution counts: */
write_bb_counts (fd);
__close_nocancel_nostatus (fd);
}
void
__write_profiling (void)
{
int save = _gmonparam.state;
_gmonparam.state = GMON_PROF_OFF;
if (save == GMON_PROF_ON)
write_gmon ();
_gmonparam.state = save;
}
#ifndef SHARED
/* This symbol isn't used anywhere in the DSO and it is not exported.
This would normally mean it should be removed to get the same API
in static libraries. But since profiling is special in static libs
anyway we keep it. But not when building the DSO since some
quality assurance tests will otherwise trigger. */
weak_alias (__write_profiling, write_profiling)
#endif
void
_mcleanup (void)
{
__moncontrol (0);
if (_gmonparam.state != GMON_PROF_ERROR)
write_gmon ();
/* free the memory. */
free (_gmonparam.tos);
}
Reference in New Issue View Git Blame Copy Permalink