This is an archive of the discontinued LLVM Phabricator instance.

Differential D118171

[HWASan] Add __hwasan_init to .preinit_array.
ClosedPublic

Authored by morehouse on Jan 25 2022, 11:51 AM.

Details

Reviewers
vitalybuka
eugenis
pcc
Commits
rG95d609b549bb: [HWASan] Add __hwasan_init to .preinit_array.
Summary

Fixes segfaults on x86_64 caused by instrumented code running before
shadow is set up.

Diff Detail

Event Timeline

morehouse created this revision.Jan 25 2022, 11:51 AM
Herald added subscribers: pengfei, mgorny. · View Herald TranscriptJan 25 2022, 11:51 AM
morehouse requested review of this revision.Jan 25 2022, 11:51 AM
Herald added a project: Restricted Project. · View Herald TranscriptJan 25 2022, 11:51 AM
Herald added a subscriber: Restricted Project. · View Herald Transcript
eugenis added a comment.Jan 25 2022, 2:31 PM

I'm concerned that this might break android by moving hwasan initialization before libc constructor, and there are things that you can not do that early, and these things are libc-specific.
Please test on Android. LLVM buildbot is insufficient because it does not cover the interesting case of non-interceptor (platform) build.

Harbormaster completed remote builds in B145567: Diff 402989.Jan 26 2022, 7:33 PM
fmayer added a subscriber: fmayer.Jan 31 2022, 5:10 PM
In D118171#3270800, @eugenis wrote:

I'm concerned that this might break android by moving hwasan initialization before libc constructor, and there are things that you can not do that early, and these things are libc-specific.
Please test on Android. LLVM buildbot is insufficient because it does not cover the interesting case of non-interceptor (platform) build.

I cherry picked this onto the Android LLVM toolchain, and built Android. It still boots and works okay.

eugenis added a comment.Jan 31 2022, 5:16 PM

Could you test with a fully static binary, too?

fmayer added a comment.Jan 31 2022, 6:14 PM
In D118171#3286064, @eugenis wrote:

Could you test with a fully static binary, too?

I statically compiled a Hello World executable and it works.

eugenis added a comment.Feb 1 2022, 10:51 AM

This change does not handle the -shared-libsan case, and does not have any effect on Android other than in static executables. It also makes the comment in hwasan_preinit.cpp incorrect - that code is NOT linked into the main executable. I think we should replicate the "asan-preinit" driver logic for hwasan.

Note that ASan does not link the static preinit bit on Android. I believe that's a bug in the initial implementation of -shared-libsan - the code comment says "Do not link static runtime to DSOs or if compiling for Android", but that is clearly meant to refer to the full runtime library (because Android historically used shared runtime only) and not the preinit stub. See https://reviews.llvm.org/D3043.

morehouse added a comment.Feb 1 2022, 2:59 PM
In D118171#3288089, @eugenis wrote:

This change does not handle the -shared-libsan case, and does not have any effect on Android other than in static executables. It also makes the comment in hwasan_preinit.cpp incorrect - that code is NOT linked into the main executable. I think we should replicate the "asan-preinit" driver logic for hwasan.

Note that ASan does not link the static preinit bit on Android. I believe that's a bug in the initial implementation of -shared-libsan - the code comment says "Do not link static runtime to DSOs or if compiling for Android", but that is clearly meant to refer to the full runtime library (because Android historically used shared runtime only) and not the preinit stub. See https://reviews.llvm.org/D3043.

I don't see any existing tests for HWASan + -shared-libsan. Is this a mode we really care about?

I can mimic the asan-preinit logic, but I'm not sure how to test it.

eugenis added a comment.Feb 1 2022, 3:13 PM

It is the mode that we use on Android, so yes. LLVM buildbot runs android tests with shared runtime library + interceptors, it should reproduce the issue.

morehouse updated this revision to Diff 405283.Feb 2 2022, 7:59 AM
  • In shared library mode, link preinit stub with every DSO.
Herald added a project: Restricted Project. · View Herald TranscriptFeb 2 2022, 7:59 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
Harbormaster completed remote builds in B147149: Diff 405283.Feb 2 2022, 9:05 AM
eugenis added a subscriber: pcc.Feb 2 2022, 1:20 PM

LGTM, but I'd like @pcc to take a look.

pcc added a comment.Feb 2 2022, 1:45 PM

What guarantee do we have that the __hwasan_init .preinit_array entry will be placed before the user's .preinit_array entries?

clang/lib/Driver/ToolChains/CommonArgs.cpp
842

Shouldn't it be added to HelperStaticRuntimes? Otherwise I'm not sure how this would work because the library would need to be enclosed in --whole-archive in order to be included in the link.

compiler-rt/lib/hwasan/hwasan_preinit.cpp
23

Can it be static?

eugenis added a comment.Feb 2 2022, 1:47 PM

The driver seems to always add sanitizer runtimes first on the linker command line.

clang/lib/Driver/ToolChains/CommonArgs.cpp
842

Right, good point.

morehouse updated this revision to Diff 405435.Feb 2 2022, 1:59 PM
morehouse marked 3 inline comments as done.
  • Make __local_hwasan_preinit static.
  • Use HelperStaticRuntimes.
clang/lib/Driver/ToolChains/CommonArgs.cpp
842

Yes, good catch!

pcc added inline comments.Feb 2 2022, 2:02 PM
clang/lib/Driver/ToolChains/CommonArgs.cpp
842

Thanks. We'd better test on Android again because I imagine that the previous patch wouldn't have had any effect.

Harbormaster completed remote builds in B147250: Diff 405435.Feb 2 2022, 4:58 PM
fmayer added inline comments.Feb 2 2022, 5:42 PM
clang/lib/Driver/ToolChains/CommonArgs.cpp
842

I patched the Android LLVM toolchain with this, build Android, it booted. Built static Hello World executable and it works.

pcc accepted this revision.Feb 3 2022, 1:05 PM

LGTM

This revision is now accepted and ready to land.Feb 3 2022, 1:05 PM
This revision was landed with ongoing or failed builds.Feb 3 2022, 1:08 PM
Closed by commit rG95d609b549bb: [HWASan] Add __hwasan_init to .preinit_array. (authored by morehouse). · Explain Why
This revision was automatically updated to reflect the committed changes.
morehouse added a commit: rG95d609b549bb: [HWASan] Add __hwasan_init to .preinit_array..

Revision Contents

PathSize
clang/
lib/
Driver/
ToolChains/
2 lines
compiler-rt/
lib/
hwasan/
18 lines
23 lines
test/
hwasan/
TestCases/
12 lines

Diff 405756

clang/lib/Driver/ToolChains/CommonArgs.cpp

Show First 20 LinesShow All 832 Lines▼ Show 20 Lines if (SanArgs.needsSharedRt()) {
} }
if (SanArgs.needsTsanRt() && SanArgs.linkRuntimes()) if (SanArgs.needsTsanRt() && SanArgs.linkRuntimes())
SharedRuntimes.push_back("tsan"); SharedRuntimes.push_back("tsan");
if (SanArgs.needsHwasanRt() && SanArgs.linkRuntimes()) { if (SanArgs.needsHwasanRt() && SanArgs.linkRuntimes()) {
if (SanArgs.needsHwasanAliasesRt()) if (SanArgs.needsHwasanAliasesRt())
SharedRuntimes.push_back("hwasan_aliases"); SharedRuntimes.push_back("hwasan_aliases");
else else
SharedRuntimes.push_back("hwasan"); SharedRuntimes.push_back("hwasan");
if (!Args.hasArg(options::OPT_shared))
HelperStaticRuntimes.push_back("hwasan-preinit");
pccUnsubmitted
Done
ReplyInline Actions

Shouldn't it be added to HelperStaticRuntimes? Otherwise I'm not sure how this would work because the library would need to be enclosed in --whole-archive in order to be included in the link.

pcc: Shouldn't it be added to `HelperStaticRuntimes`? Otherwise I'm not sure how this would work…
eugenisUnsubmitted
Done
ReplyInline Actions

Right, good point.

eugenis: Right, good point.
morehouseAuthorUnsubmitted
Done
ReplyInline Actions

Yes, good catch!

morehouse: Yes, good catch!
pccUnsubmitted
Not Done
ReplyInline Actions

Thanks. We'd better test on Android again because I imagine that the previous patch wouldn't have had any effect.

pcc: Thanks. We'd better test on Android again because I imagine that the previous patch wouldn't…
fmayerUnsubmitted
Not Done
ReplyInline Actions

I patched the Android LLVM toolchain with this, build Android, it booted. Built static Hello World executable and it works.

fmayer: I patched the Android LLVM toolchain with this, build Android, it booted. Built static Hello…
} }
} }
// The stats_client library is also statically linked into DSOs. // The stats_client library is also statically linked into DSOs.
if (SanArgs.needsStatsRt() && SanArgs.linkRuntimes()) if (SanArgs.needsStatsRt() && SanArgs.linkRuntimes())
StaticRuntimes.push_back("stats_client"); StaticRuntimes.push_back("stats_client");
// Always link the static runtime regardless of DSO or executable. // Always link the static runtime regardless of DSO or executable.
▲ Show 20 LinesShow All 1,205 LinesShow Last 20 Lines

compiler-rt/lib/hwasan/CMakeLists.txt

Show All 21 Linesset(HWASAN_RTL_SOURCES
hwasan_thread_list.cpp hwasan_thread_list.cpp
hwasan_type_test.cpp hwasan_type_test.cpp
) )
set(HWASAN_RTL_CXX_SOURCES set(HWASAN_RTL_CXX_SOURCES
hwasan_new_delete.cpp hwasan_new_delete.cpp
) )
set(HWASAN_RTL_PREINIT_SOURCES
hwasan_preinit.cpp
)
set(HWASAN_RTL_HEADERS set(HWASAN_RTL_HEADERS
hwasan.h hwasan.h
hwasan_allocator.h hwasan_allocator.h
hwasan_dynamic_shadow.h hwasan_dynamic_shadow.h
hwasan_flags.h hwasan_flags.h
hwasan_flags.inc hwasan_flags.inc
hwasan_globals.h hwasan_globals.h
hwasan_interface_internal.h hwasan_interface_internal.h
▲ Show 20 LinesShow All 60 Lines▼ Show 20 Linesadd_compiler_rt_object_libraries(RTHwasan_cxx
CFLAGS ${HWASAN_RTL_CFLAGS} CFLAGS ${HWASAN_RTL_CFLAGS}
DEFS ${HWASAN_DEFINITIONS}) DEFS ${HWASAN_DEFINITIONS})
add_compiler_rt_object_libraries(RTHwasan_dynamic add_compiler_rt_object_libraries(RTHwasan_dynamic
ARCHS ${HWASAN_SUPPORTED_ARCH} ARCHS ${HWASAN_SUPPORTED_ARCH}
SOURCES ${HWASAN_RTL_SOURCES} ${HWASAN_RTL_CXX_SOURCES} SOURCES ${HWASAN_RTL_SOURCES} ${HWASAN_RTL_CXX_SOURCES}
ADDITIONAL_HEADERS ${HWASAN_RTL_HEADERS} ADDITIONAL_HEADERS ${HWASAN_RTL_HEADERS}
CFLAGS ${HWASAN_DYNAMIC_CFLAGS} CFLAGS ${HWASAN_DYNAMIC_CFLAGS}
DEFS ${HWASAN_DEFINITIONS}) DEFS ${HWASAN_DEFINITIONS})
add_compiler_rt_object_libraries(RTHwasan_preinit
ARCHS ${HWASAN_SUPPORTED_ARCH}
SOURCES ${HWASAN_RTL_PREINIT_SOURCES}
ADDITIONAL_HEADERS ${HWASAN_RTL_HEADERS}
CFLAGS ${HWASAN_RTL_CFLAGS}
DEFS ${HWASAN_DEFINITIONS})
file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/dummy.cpp "") file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/dummy.cpp "")
add_compiler_rt_object_libraries(RTHwasan_dynamic_version_script_dummy add_compiler_rt_object_libraries(RTHwasan_dynamic_version_script_dummy
ARCHS ${HWASAN_SUPPORTED_ARCH} ARCHS ${HWASAN_SUPPORTED_ARCH}
SOURCES ${CMAKE_CURRENT_BINARY_DIR}/dummy.cpp SOURCES ${CMAKE_CURRENT_BINARY_DIR}/dummy.cpp
CFLAGS ${HWASAN_DYNAMIC_CFLAGS} CFLAGS ${HWASAN_DYNAMIC_CFLAGS}
DEFS ${HWASAN_DEFINITIONS}) DEFS ${HWASAN_DEFINITIONS})
Show All 24 Lines if(use_aliases)
set(hwasan_object_lib RTHwasanAliases) set(hwasan_object_lib RTHwasanAliases)
set(hwasan_object_dyn_lib RTHwasanAliases_dynamic) set(hwasan_object_dyn_lib RTHwasanAliases_dynamic)
set(hwasan_runtime clang_rt.hwasan_aliases) set(hwasan_runtime clang_rt.hwasan_aliases)
endif() endif()
add_compiler_rt_runtime(${hwasan_runtime} add_compiler_rt_runtime(${hwasan_runtime}
STATIC STATIC
ARCHS ${arch} ARCHS ${arch}
OBJECT_LIBS ${hwasan_object_lib} OBJECT_LIBS ${hwasan_object_lib}
RTHwasan_preinit
RTInterception RTInterception
RTSanitizerCommon RTSanitizerCommon
RTSanitizerCommonLibc RTSanitizerCommonLibc
RTSanitizerCommonCoverage RTSanitizerCommonCoverage
RTSanitizerCommonSymbolizer RTSanitizerCommonSymbolizer
RTUbsan RTUbsan
CFLAGS ${hwasan_rtl_flags} CFLAGS ${hwasan_rtl_flags}
PARENT_TARGET hwasan) PARENT_TARGET hwasan)
▲ Show 20 LinesShow All 59 Lines▼ Show 20 Lines
foreach(arch ${HWASAN_SUPPORTED_ARCH}) foreach(arch ${HWASAN_SUPPORTED_ARCH})
add_hwasan_runtimes(${arch} FALSE) add_hwasan_runtimes(${arch} FALSE)
if(${arch} MATCHES "x86_64") if(${arch} MATCHES "x86_64")
add_hwasan_runtimes(${arch} TRUE) add_hwasan_runtimes(${arch} TRUE)
endif() endif()
endforeach() endforeach()
add_compiler_rt_runtime(clang_rt.hwasan-preinit
STATIC
ARCHS ${HWASAN_SUPPORTED_ARCH}
OBJECT_LIBS RTHwasan_preinit
CFLAGS ${HWASAN_RTL_CFLAGS}
PARENT_TARGET hwasan)
add_compiler_rt_resource_file(hwasan_ignorelist hwasan_ignorelist.txt hwasan) add_compiler_rt_resource_file(hwasan_ignorelist hwasan_ignorelist.txt hwasan)
add_subdirectory("scripts") add_subdirectory("scripts")
# if(COMPILER_RT_INCLUDE_TESTS) # if(COMPILER_RT_INCLUDE_TESTS)
# add_subdirectory(tests) # add_subdirectory(tests)
# endif() # endif()

compiler-rt/lib/hwasan/hwasan_preinit.cpp

  • This file was added.
//===-- hwasan_preinit.cpp ------------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// This file is a part of HWAddressSanitizer, an address sanity checker.
//
// Call __hwasan_init at the very early stage of process startup.
//===----------------------------------------------------------------------===//
#include "hwasan_interface_internal.h"
#include "sanitizer_common/sanitizer_internal_defs.h"
#if SANITIZER_CAN_USE_PREINIT_ARRAY
// The symbol is called __local_hwasan_preinit, because it's not intended to
// be exported.
// This code linked into the main executable when -fsanitize=hwaddress is in
// the link flags. It can only use exported interface functions.
__attribute__((section(".preinit_array"), used)) static void (
*__local_hwasan_preinit)(void) = __hwasan_init;
#endif
pccUnsubmitted
Done
ReplyInline Actions

Can it be static?

pcc: Can it be static?

compiler-rt/test/hwasan/TestCases/preinit_array.c

  • This file was added.
// Test that HWASan shadow is initialized before .preinit_array functions run.
// RUN: %clang_hwasan %s -o %t
// RUN: %run %t
volatile int Global;
void StoreToGlobal() { Global = 42; }
__attribute__((section(".preinit_array"), used))
void (*__StoreToGlobal_preinit)() = StoreToGlobal;
int main() { return Global != 42; }