This is an archive of the discontinued LLVM Phabricator instance.

Differential D155736

Fix __cfi_check not aligned to 4k on relocatable files with no executable code
ClosedPublic

Authored by kongyi on Jul 19 2023, 11:25 AM.

Details

Reviewers
eugenis
pcc
Commits
rGc7cacb2f6efe: Fix __cfi_check not aligned to 4k on relocatable files with no executable code
Summary

CrossDSOCFIPass is supposed to replace this stub function to a properly aligned function. However the pass is not ran if the file has no executable code, thus producing incorrectly aligned __cfi_check.




Fixes https://github.com/llvm/llvm-project/issues/45638.
Diff Detail
Event Timeline
kongyi created this revision.Jul 19 2023, 11:25 AM
Herald added a project: Restricted Project.  ·  View Herald TranscriptJul 19 2023, 11:25 AM
kongyi requested review of this revision.Jul 19 2023, 11:25 AM
kongyi added a reviewer: pcc.
kongyi edited the summary of this revision. (Show Details)Jul 19 2023, 11:32 AM
eugenis added a comment.Jul 20 2023, 11:03 AM
Hmm, this is not 100% correct.  CFI by design respects caller's settings for -fsanitize-recover and -fsanitize-trap, communicated through the DiagData argument to __cfi_check. A better default implementation would call __cfi_check_fail instead of trap unconditionally.



I do not see straight away why CrossDSOCFI pass is not run on no-code modules. Do you know the reason? If that's hard to change, we could modify clang codegen to call __cfi_check_fail from the stub __cfi_check. In that case, we also would not need to add __cfi_check_fail to the used globals list.
kongyi updated this revision to Diff 543617.Jul 24 2023, 10:19 AM
kongyi added a comment.Jul 24 2023, 10:27 AM


In D155736#4519795, @eugenis wrote:


Hmm, this is not 100% correct.  CFI by design respects caller's settings for -fsanitize-recover and -fsanitize-trap, communicated through the DiagData argument to __cfi_check. A better default implementation would call __cfi_check_fail instead of trap unconditionally.



I do not see straight away why CrossDSOCFI pass is not run on no-code modules. Do you know the reason? If that's hard to change, we could modify clang codegen to call __cfi_check_fail from the stub __cfi_check. In that case, we also would not need to add __cfi_check_fail to the used globals list.





Seems quite difficult to make CrossDSOCFI run with no code (a lot of interactions with other passes). I implemented your alternative suggestion, ptal.
Harbormaster completed remote builds in B247729: Diff 543617.Jul 24 2023, 4:39 PM
eugenis added inline comments.Aug 2 2023, 3:46 AM
clang/lib/CodeGen/CGExpr.cpp


3452
I think the order is actually reversed? Pls compare codegen with a module that has some code (so that the pass runs) but no valid cfi targets.


clang/test/CodeGen/cfi-cross-dso-align.c


7
Please check the generated code in the test.
kongyi updated this revision to Diff 546732.Aug 3 2023, 12:40 AM
kongyi marked 2 inline comments as done.
Harbormaster completed remote builds in B249975: Diff 546732.Aug 3 2023, 2:54 AM
eugenis accepted this revision.Aug 3 2023, 3:24 AM
LGTM, thank you.
This revision is now accepted and ready to land.Aug 3 2023, 3:24 AM
This revision was landed with ongoing or failed builds.Aug 3 2023, 3:54 AM
Closed by commit rGc7cacb2f6efe: Fix __cfi_check not aligned to 4k on relocatable files with no executable code (authored by kongyi).  ·  Explain Why
This revision was automatically updated to reflect the committed changes.
kongyi added a commit: rGc7cacb2f6efe: Fix __cfi_check not aligned to 4k on relocatable files with no executable code.
Herald added a project: Restricted Project.  ·  View Herald TranscriptAug 3 2023, 3:54 AM
Herald added a subscriber: cfe-commits.  ·  View Herald Transcript
ro added a subscriber: ro.Aug 3 2023, 5:03 AM
It seems this patch broke the Solaris/amd64 buildbot:



FAIL: Clang::cfi-check-fail.c
thakis added a subscriber: thakis.Aug 3 2023, 5:07 AM
Looks like this breaks check-clang: http://45.33.8.238/linux/114361/step_7.txt



Please take a look and revert for now if it takes a while to fix.
kongyi added a reverting change: rGa093598e50e7: Revert "Fix __cfi_check not aligned to 4k on relocatable files with no….Aug 3 2023, 6:04 AM
Revision Contents
PathSize
clang/
lib/
CodeGen/
13 lines
test/
CodeGen/
8 lines
Diff 546795
clang/lib/CodeGen/CGExpr.cpp
Show First 20 LinesShow All 3,439 Lines▼ Show 20 Lines
// Emit a stub for __cfi_check function so that the linker knows about this
// Emit a stub for __cfi_check function so that the linker knows about this

// symbol in LTO mode.
// symbol in LTO mode.

void CodeGenFunction::EmitCfiCheckStub() {
void CodeGenFunction::EmitCfiCheckStub() {

  llvm::Module *M = &CGM.getModule();
  llvm::Module *M = &CGM.getModule();

  auto &Ctx = M->getContext();
  auto &Ctx = M->getContext();

  llvm::Function *F = llvm::Function::Create(
  llvm::Function *F = llvm::Function::Create(

      llvm::FunctionType::get(VoidTy, {Int64Ty, Int8PtrTy, Int8PtrTy}, false),
      llvm::FunctionType::get(VoidTy, {Int64Ty, Int8PtrTy, Int8PtrTy}, false),

      llvm::GlobalValue::WeakAnyLinkage, "__cfi_check", M);
      llvm::GlobalValue::WeakAnyLinkage, "__cfi_check", M);

  F->setAlignment(llvm::Align(4096));

  CGM.setDSOLocal(F);
  CGM.setDSOLocal(F);

  llvm::BasicBlock *BB = llvm::BasicBlock::Create(Ctx, "entry", F);
  llvm::BasicBlock *BB = llvm::BasicBlock::Create(Ctx, "entry", F);

  // FIXME: consider emitting an intrinsic call like
  // CrossDSOCFI pass is not executed if there is no executable code.

  // call void @llvm.cfi_check(i64 %0, i8* %1, i8* %2)
  SmallVector<llvm::Value*> Args{F->getArg(2), F->getArg(1)};

eugenisUnsubmitted
Done
ReplyInline Actions
I think the order is actually reversed? Pls compare codegen with a module that has some code (so that the pass runs) but no valid cfi targets.
eugenis: I think the order is actually reversed? Pls compare codegen with a module that has some code…
  // which can be lowered in CrossDSOCFI pass to the actual contents of
  llvm::CallInst::Create(M->getFunction("__cfi_check_fail"), Args, "", BB);

  // __cfi_check. This would allow inlining of __cfi_check calls.

  llvm::CallInst::Create(

      llvm::Intrinsic::getDeclaration(M, llvm::Intrinsic::trap), "", BB);

  llvm::ReturnInst::Create(Ctx, nullptr, BB);
  llvm::ReturnInst::Create(Ctx, nullptr, BB);

}
}




// This function is basically a switch over the CFI failure kind, which is
// This function is basically a switch over the CFI failure kind, which is

// extracted from CFICheckFailData (1st function argument). Each case is either
// extracted from CFICheckFailData (1st function argument). Each case is either

// llvm.trap or a call to one of the two runtime handlers, based on
// llvm.trap or a call to one of the two runtime handlers, based on

// -fsanitize-trap and -fsanitize-recover settings.  Default case (invalid
// -fsanitize-trap and -fsanitize-recover settings.  Default case (invalid

// failure kind) traps, but this should really never happen.  CFICheckFailData
// failure kind) traps, but this should really never happen.  CFICheckFailData

▲ Show 20 LinesShow All 77 Lines▼ Show 20 Lines  for (auto CheckKindMaskPair : CheckKinds) {

    if (CGM.getLangOpts().Sanitize.has(Mask))
    if (CGM.getLangOpts().Sanitize.has(Mask))

      EmitCheck(std::make_pair(Cond, Mask), SanitizerHandler::CFICheckFail, {},
      EmitCheck(std::make_pair(Cond, Mask), SanitizerHandler::CFICheckFail, {},

                {Data, Addr, ValidVtable});
                {Data, Addr, ValidVtable});

    else
    else

      EmitTrapCheck(Cond, SanitizerHandler::CFICheckFail);
      EmitTrapCheck(Cond, SanitizerHandler::CFICheckFail);

  }
  }




  FinishFunction();
  FinishFunction();

  // The only reference to this function will be created during LTO link.

  // Make sure it survives until then.

  CGM.addUsedGlobal(F);

}
}




void CodeGenFunction::EmitUnreachable(SourceLocation Loc) {
void CodeGenFunction::EmitUnreachable(SourceLocation Loc) {

  if (SanOpts.has(SanitizerKind::Unreachable)) {
  if (SanOpts.has(SanitizerKind::Unreachable)) {

    SanitizerScope SanScope(this);
    SanitizerScope SanScope(this);

    EmitCheck(std::make_pair(static_cast<llvm::Value *>(Builder.getFalse()),
    EmitCheck(std::make_pair(static_cast<llvm::Value *>(Builder.getFalse()),

                             SanitizerKind::Unreachable),
                             SanitizerKind::Unreachable),

              SanitizerHandler::BuiltinUnreachable,
              SanitizerHandler::BuiltinUnreachable,

▲ Show 20 LinesShow All 2,153 LinesShow Last 20 Lines
clang/test/CodeGen/cfi-cross-dso-align.c
  • This file was added.
// RUN: %clang_cc1 -triple x86_64-unknown-linux -O0 -fsanitize-cfi-cross-dso \

// RUN:     -emit-llvm -o - %s | FileCheck %s



int a;



// CHECK: define weak void @__cfi_check(i64 %[[TYPE:.*]], ptr %[[ADDR:.*]], ptr %[[DATA:.*]]) align 4096

// CHECK-NEXT: entry:

eugenisUnsubmitted
Done
ReplyInline Actions
Please check the generated code in the test.
eugenis: Please check the generated code in the test.
// CHECK-NEXT: call void @__cfi_check_fail(ptr %[[DATA]], ptr %[[ADDR]])