This is an archive of the discontinued LLVM Phabricator instance.

Differential D17092

[X86] Add -mseparate-stack-seg
Needs ReviewPublic

Authored by mlemay-intel on Feb 10 2016, 1:20 PM.

Details

Reviewers
eugenis
craig.topper
Summary

This patch adds the -mseparate-stack-seg option to enable restricting accesses to help prevent stack corruption.

Diff Detail

Event Timeline

mlemay-intel updated this revision to Diff 47511.Feb 10 2016, 1:20 PM
mlemay-intel retitled this revision from to [X86] Add -mseparate-stack-seg.
mlemay-intel updated this object.
mlemay-intel added a reviewer: eugenis.Feb 10 2016, 1:28 PM
mlemay-intel added a reviewer: qcolombet.Feb 11 2016, 12:59 PM
mlemay-intel added a reviewer: hjl.tools.Feb 18 2016, 7:00 AM
mlemay-intel added a subscriber: cfe-commits.Feb 18 2016, 9:30 AM
delena added a subscriber: delena.Feb 22 2016, 11:12 PM
delena added inline comments.
lib/CodeGen/TargetInfo.cpp
1569

Hi,
I'm not clang reviewer at all and you can ignore my comment.

Searching string looks strange for me. I suppose that this string should be defined in another form. Something like
options::OPT_separate_stack_seg.

1577

You should not use 258 as a constant. It should be defined somewhere as address space enum.

1578

This line alignment does not match LLVM style.

1580

Again, not sure that I'm right. You are trying to create addressspacecast. Is it the right way to create ptrtoint + inttoptr?

mlemay-intel added a comment.Feb 23 2016, 9:26 AM

Thank you for your feedback!

lib/CodeGen/TargetInfo.cpp
1569

I haven't quite found an example of how an option like this should be handled. String comparisons of this form are performed in clang/lib/Basic/Targets.cpp, but there they are used to initialize variables. Furthermore, all of those tests are for CPU features, whereas this one is for a particular segment configuration.

1577

I agree with this principle. However, the address space numbers for FS and GS are listed in the Clang documentation [1] and are used as literals in LLVM code. Thus, I think this patch is consistent with existing usage of address space numbers.

[1] http://clang.llvm.org/docs/LanguageExtensions.html#memory-references-off-the-gs-segment

1578

I'll fix it.

1580

I first attempted to create an address space cast, but LLVM disallows that. I think it is necessary to perform the conversion through an int, but I am not entirely sure of that.

mlemay-intel removed a reviewer: hjl.tools.Feb 23 2016, 9:26 AM
qcolombet resigned from this revision.Mar 8 2016, 2:51 PM
qcolombet edited reviewers, added: craig.topper; removed: qcolombet.

Hi Craig,

Could you have a look? I am not confident enough with clang to give more feedback than Elena.

Cheers,
-Quentin

mlemay-intel updated this revision to Diff 53920.Apr 15 2016, 11:07 AM

Revise patch to fix line alignment.

mlemay-intel added a reviewer: mkuper.Apr 25 2016, 8:40 AM
mkuper resigned from this revision.May 6 2016, 12:58 PM
mkuper removed a reviewer: mkuper.

I really don't know enough about this part of clang either.

mlemay-intel mentioned this in D19170: [safestack] Do not link SafeStack runtime for musl environments.Sep 23 2016, 4:20 PM
mlemay-intel added a child revision: D19170: [safestack] Do not link SafeStack runtime for musl environments.Sep 23 2016, 4:25 PM
mlemay-intel updated this revision to Diff 87453.Feb 7 2017, 8:27 AM

Removed the portions that are specific to 32-bit segmentation. I plan to resubmit those later as a separate patch.

mlemay-intel edited the summary of this revision. (Show Details)Feb 7 2017, 8:28 AM
mlemay-intel added a child revision: D29655: [X86] Link safestacksepseg runtime.Feb 7 2017, 8:39 AM

Revision Contents

PathSize
include/
clang/
Driver/
1 line
lib/
CodeGen/
23 lines
test/
CodeGen/
2 lines

Diff 47511

include/clang/Driver/Options.td

Show First 20 LinesShow All 1,374 Lines▼ Show 20 Lines
def mno_adx : Flag<["-"], "mno-adx">, Group<m_x86_Features_Group>; def mno_adx : Flag<["-"], "mno-adx">, Group<m_x86_Features_Group>;
def mno_sha : Flag<["-"], "mno-sha">, Group<m_x86_Features_Group>; def mno_sha : Flag<["-"], "mno-sha">, Group<m_x86_Features_Group>;
def mno_fxsr : Flag<["-"], "mno-fxsr">, Group<m_x86_Features_Group>; def mno_fxsr : Flag<["-"], "mno-fxsr">, Group<m_x86_Features_Group>;
def mno_xsave : Flag<["-"], "mno-xsave">, Group<m_x86_Features_Group>; def mno_xsave : Flag<["-"], "mno-xsave">, Group<m_x86_Features_Group>;
def mno_xsaveopt : Flag<["-"], "mno-xsaveopt">, Group<m_x86_Features_Group>; def mno_xsaveopt : Flag<["-"], "mno-xsaveopt">, Group<m_x86_Features_Group>;
def mno_xsavec : Flag<["-"], "mno-xsavec">, Group<m_x86_Features_Group>; def mno_xsavec : Flag<["-"], "mno-xsavec">, Group<m_x86_Features_Group>;
def mno_xsaves : Flag<["-"], "mno-xsaves">, Group<m_x86_Features_Group>; def mno_xsaves : Flag<["-"], "mno-xsaves">, Group<m_x86_Features_Group>;
def mno_pku : Flag<["-"], "mno-pku">, Group<m_x86_Features_Group>; def mno_pku : Flag<["-"], "mno-pku">, Group<m_x86_Features_Group>;
def mseparate_stack_seg : Flag<["-"], "mseparate-stack-seg">, Group<m_x86_Features_Group>;
def munaligned_access : Flag<["-"], "munaligned-access">, Group<m_arm_Features_Group>, def munaligned_access : Flag<["-"], "munaligned-access">, Group<m_arm_Features_Group>,
HelpText<"Allow memory accesses to be unaligned (AArch32/AArch64 only)">; HelpText<"Allow memory accesses to be unaligned (AArch32/AArch64 only)">;
def mno_unaligned_access : Flag<["-"], "mno-unaligned-access">, Group<m_arm_Features_Group>, def mno_unaligned_access : Flag<["-"], "mno-unaligned-access">, Group<m_arm_Features_Group>,
HelpText<"Force all memory accesses to be aligned (AArch32/AArch64 only)">; HelpText<"Force all memory accesses to be aligned (AArch32/AArch64 only)">;
def mstrict_align : Flag<["-"], "mstrict-align">, Alias<mno_unaligned_access>, Flags<[CC1Option,HelpHidden]>, def mstrict_align : Flag<["-"], "mstrict-align">, Alias<mno_unaligned_access>, Flags<[CC1Option,HelpHidden]>,
HelpText<"Force all memory accesses to be aligned (same as mno-unaligned-access)">; HelpText<"Force all memory accesses to be aligned (same as mno-unaligned-access)">;
def mno_thumb : Flag<["-"], "mno-thumb">, Group<m_arm_Features_Group>; def mno_thumb : Flag<["-"], "mno-thumb">, Group<m_arm_Features_Group>;
▲ Show 20 LinesShow All 753 LinesShow Last 20 Lines

lib/CodeGen/TargetInfo.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,554 Lines▼ Show 20 LinesAddress X86_32ABIInfo::EmitVAArg(CodeGenFunction &CGF,
// x86-32 changes the alignment of certain arguments on the stack. // x86-32 changes the alignment of certain arguments on the stack.
// //
// Just messing with TypeInfo like this works because we never pass // Just messing with TypeInfo like this works because we never pass
// anything indirectly. // anything indirectly.
TypeInfo.second = CharUnits::fromQuantity( TypeInfo.second = CharUnits::fromQuantity(
getTypeStackAlignInBytes(Ty, TypeInfo.second.getQuantity())); getTypeStackAlignInBytes(Ty, TypeInfo.second.getQuantity()));
return emitVoidPtrVAArg(CGF, VAListAddr, Ty, /*Indirect*/ false, const Address Addr = emitVoidPtrVAArg(CGF, VAListAddr, Ty, /*Indirect*/ false,
TypeInfo, CharUnits::fromQuantity(4), TypeInfo, CharUnits::fromQuantity(4),
/*AllowHigherAlign*/ true); /*AllowHigherAlign*/ true);
const std::vector<std::string> &TargetFeatures =
CGF.getTarget().getTargetOpts().Features;
if (std::find(TargetFeatures.begin(), TargetFeatures.end(),
delenaUnsubmitted
Not Done
ReplyInline Actions

Hi,
I'm not clang reviewer at all and you can ignore my comment.

Searching string looks strange for me. I suppose that this string should be defined in another form. Something like
options::OPT_separate_stack_seg.

delena: Hi, I'm not clang reviewer at all and you can ignore my comment. Searching string looks…
mlemay-intelAuthorUnsubmitted
Not Done
ReplyInline Actions

I haven't quite found an example of how an option like this should be handled. String comparisons of this form are performed in clang/lib/Basic/Targets.cpp, but there they are used to initialize variables. Furthermore, all of those tests are for CPU features, whereas this one is for a particular segment configuration.

mlemay-intel: I haven't quite found an example of how an option like this should be handled. String…
"+separate-stack-seg") != TargetFeatures.end()) {
// Cast the pointer into the address space for the stack segment.
// This is to help support multi-segment memory models in which DS and SS
// may differ from each other.
llvm::Type *DirectTy = CGF.ConvertTypeForMem(Ty);
llvm::Value *PtrAsInt =
CGF.Builder.CreatePtrToInt(Addr.getPointer(), CGF.IntPtrTy);
llvm::Value *PtrInStackSeg = CGF.Builder.CreateIntToPtr(PtrAsInt,
delenaUnsubmitted
Not Done
ReplyInline Actions

You should not use 258 as a constant. It should be defined somewhere as address space enum.

delena: You should not use 258 as a constant. It should be defined somewhere as address space enum.
mlemay-intelAuthorUnsubmitted
Not Done
ReplyInline Actions

I agree with this principle. However, the address space numbers for FS and GS are listed in the Clang documentation [1] and are used as literals in LLVM code. Thus, I think this patch is consistent with existing usage of address space numbers.

[1] http://clang.llvm.org/docs/LanguageExtensions.html#memory-references-off-the-gs-segment

mlemay-intel: I agree with this principle. However, the address space numbers for FS and GS are listed in…
DirectTy->getPointerTo(258));
delenaUnsubmitted
Not Done
ReplyInline Actions

This line alignment does not match LLVM style.

delena: This line alignment does not match LLVM style.
mlemay-intelAuthorUnsubmitted
Not Done
ReplyInline Actions

I'll fix it.

mlemay-intel: I'll fix it.
return Address(PtrInStackSeg, Addr.getAlignment());
}
delenaUnsubmitted
Not Done
ReplyInline Actions

Again, not sure that I'm right. You are trying to create addressspacecast. Is it the right way to create ptrtoint + inttoptr?

delena: Again, not sure that I'm right. You are trying to create addressspacecast. Is it the right way…
mlemay-intelAuthorUnsubmitted
Not Done
ReplyInline Actions

I first attempted to create an address space cast, but LLVM disallows that. I think it is necessary to perform the conversion through an int, but I am not entirely sure of that.

mlemay-intel: I first attempted to create an address space cast, but LLVM disallows that. I think it is…
return Addr;
} }
bool X86_32TargetCodeGenInfo::isStructReturnInRegABI( bool X86_32TargetCodeGenInfo::isStructReturnInRegABI(
const llvm::Triple &Triple, const CodeGenOptions &Opts) { const llvm::Triple &Triple, const CodeGenOptions &Opts) {
assert(Triple.getArch() == llvm::Triple::x86); assert(Triple.getArch() == llvm::Triple::x86);
switch (Opts.getStructReturnConvention()) { switch (Opts.getStructReturnConvention()) {
case CodeGenOptions::SRCK_Default: case CodeGenOptions::SRCK_Default:
▲ Show 20 LinesShow All 6,049 LinesShow Last 20 Lines

test/CodeGen/varargs.c

// RUN: %clang_cc1 -triple i386-unknown-unknown -emit-llvm -o - %s | FileCheck %s // RUN: %clang_cc1 -triple i386-unknown-unknown -emit-llvm -o - %s | FileCheck %s
// RUN: %clang_cc1 -triple i386-unknown-unknown -target-feature +separate-stack-seg -emit-llvm -o - %s | FileCheck -check-prefix=SEPARATE-SS %s
// PR6433 - Don't crash on va_arg(typedef). // PR6433 - Don't crash on va_arg(typedef).
typedef double gdouble; typedef double gdouble;
void focus_changed_cb () { void focus_changed_cb () {
__builtin_va_list pa; __builtin_va_list pa;
double mfloat; double mfloat;
mfloat = __builtin_va_arg((pa), gdouble); mfloat = __builtin_va_arg((pa), gdouble);
} }
void vararg(int, ...); void vararg(int, ...);
void function_as_vararg() { void function_as_vararg() {
// CHECK: define {{.*}}function_as_vararg // CHECK: define {{.*}}function_as_vararg
// CHECK-NOT: llvm.trap // CHECK-NOT: llvm.trap
vararg(0, focus_changed_cb); vararg(0, focus_changed_cb);
} }
void vla(int n, ...) void vla(int n, ...)
{ {
__builtin_va_list ap; __builtin_va_list ap;
void *p; void *p;
p = __builtin_va_arg(ap, typeof (int (*)[++n])); // CHECK: add nsw i32 {{.*}}, 1 p = __builtin_va_arg(ap, typeof (int (*)[++n])); // CHECK: add nsw i32 {{.*}}, 1
// SEPARATE-SS: load i32*, i32* addrspace(258)* {{.*}}
} }