This is an archive of the discontinued LLVM Phabricator instance.

Differential D18505

Enable the SafeStack sanitizer on CloudABI by default.
ClosedPublic

Authored by ed on Mar 27 2016, 3:13 PM.

Details

Reviewers
kcc
eugenis
pcc
Commits
rGfc79d2ca42be: Enable the SafeStack sanitizer on CloudABI by default.
rC264787: Enable the SafeStack sanitizer on CloudABI by default.
rL264787: Enable the SafeStack sanitizer on CloudABI by default.
Summary

Over the last month we've been testing SafeStack extensively. As far as
we know, it works perfectly fine. That why I'd like to see us having
this enabled by default for CloudABI.

This change introduces a getDefaultSanitizers() function that toolchains
can use to specify which sanitizers are enabled by default. Once all
flags are processed, only flags that had no -fno-sanitize overrides are
enabled.

Extend the thests for CloudABI to test both the default case and the
case in which we want to explicitly disable SafeStack

Diff Detail

Repository
rL LLVM

Event Timeline

ed updated this revision to Diff 51752.Mar 27 2016, 3:13 PM
ed retitled this revision from to Enable the SafeStack sanitizer on CloudABI by default..
ed updated this object.
ed added reviewers: kcc, pcc, eugenis.
eugenis accepted this revision.Mar 28 2016, 1:13 PM
eugenis edited edge metadata.

LGTM

This revision is now accepted and ready to land.Mar 28 2016, 1:13 PM
pcc edited edge metadata.Mar 28 2016, 1:20 PM

I assume you're aware of http://clang.llvm.org/docs/SafeStack.html#known-security-limitations and the remarks at http://www.openwall.com/lists/oss-security/2016/02/17/9 ?

But I guess it's up to you whether you want to enable this by default on your platform.

ed added a comment.Mar 29 2016, 2:17 PM
In D18505#384949, @pcc wrote:

I assume you're aware of http://clang.llvm.org/docs/SafeStack.html#known-security-limitations and the remarks at http://www.openwall.com/lists/oss-security/2016/02/17/9 ?

But I guess it's up to you whether you want to enable this by default on your platform.

Thanks for sharing those links with me! My interpretation is that the concerns raised in that mailing list post are specific to ASan, UBSan, etc. Though SafeStack is mentioned, I think the author of that email probably referred to the limitations already discussed on the first page.

The question that I asked myself was whether we should have some form of stack smashing protection enabled by default, and I think the answer to that is yes. What I take away from all of this is that SafeStack and -fstack-protector offer a similar level of protection, but the former has the advantage that the performance overhead is less. Though there may well be ways to circumvent these technologies, it doesn't justify avoiding them entirely.

Closed by commit rL264787: Enable the SafeStack sanitizer on CloudABI by default. (authored by ed). · Explain WhyMar 29 2016, 2:19 PM
This revision was automatically updated to reflect the committed changes.
eugenis added a comment.Mar 29 2016, 2:22 PM

We are actually considering adding stack protector cookies to safestack to get the best of the two. Since we know that there can be no overflows on the safe stack, the cookies will only be added to the unsafe stack frames, reducing the overhead.

ed added a comment.Mar 29 2016, 10:20 PM
In D18505#386217, @eugenis wrote:

We are actually considering adding stack protector cookies to safestack to get the best of the two. Since we know that there can be no overflows on the safe stack, the cookies will only be added to the unsafe stack frames, reducing the overhead.

That sounds interesting. Be sure to keep me in the loop if there's anything you want to have tested!

Revision Contents

PathSize
cfe/
trunk/
include/
clang/
Driver/
3 lines
lib/
Driver/
3 lines
1 line
4 lines
test/
Driver/
11 lines
11 lines

Diff 51984

cfe/trunk/include/clang/Driver/ToolChain.h

Show First 20 LinesShow All 413 Lines▼ Show 20 Lines virtual void addProfileRTLibs(const llvm::opt::ArgList &Args,
llvm::opt::ArgStringList &CmdArgs) const; llvm::opt::ArgStringList &CmdArgs) const;
/// \brief Add arguments to use system-specific CUDA includes. /// \brief Add arguments to use system-specific CUDA includes.
virtual void AddCudaIncludeArgs(const llvm::opt::ArgList &DriverArgs, virtual void AddCudaIncludeArgs(const llvm::opt::ArgList &DriverArgs,
llvm::opt::ArgStringList &CC1Args) const; llvm::opt::ArgStringList &CC1Args) const;
/// \brief Return sanitizers which are available in this toolchain. /// \brief Return sanitizers which are available in this toolchain.
virtual SanitizerMask getSupportedSanitizers() const; virtual SanitizerMask getSupportedSanitizers() const;
/// \brief Return sanitizers which are enabled by default.
virtual SanitizerMask getDefaultSanitizers() const { return 0; }
}; };
} // end namespace driver } // end namespace driver
} // end namespace clang } // end namespace clang
#endif #endif

cfe/trunk/lib/Driver/SanitizerArgs.cpp

Show First 20 LinesShow All 262 Lines▼ Show 20 Lines if (Arg->getOption().matches(options::OPT_fsanitize_EQ)) {
Kinds |= Add; Kinds |= Add;
} else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) { } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
Arg->claim(); Arg->claim();
SanitizerMask Remove = parseArgValues(D, Arg, true); SanitizerMask Remove = parseArgValues(D, Arg, true);
AllRemove |= expandSanitizerGroups(Remove); AllRemove |= expandSanitizerGroups(Remove);
} }
} }
// Enable toolchain specific default sanitizers if not explicitly disabled.
Kinds |= TC.getDefaultSanitizers() & ~AllRemove;
// We disable the vptr sanitizer if it was enabled by group expansion but RTTI // We disable the vptr sanitizer if it was enabled by group expansion but RTTI
// is disabled. // is disabled.
if ((Kinds & Vptr) && if ((Kinds & Vptr) &&
(RTTIMode == ToolChain::RM_DisabledImplicitly || (RTTIMode == ToolChain::RM_DisabledImplicitly ||
RTTIMode == ToolChain::RM_DisabledExplicitly)) { RTTIMode == ToolChain::RM_DisabledExplicitly)) {
Kinds &= ~Vptr; Kinds &= ~Vptr;
} }
▲ Show 20 LinesShow All 488 LinesShow Last 20 Lines

cfe/trunk/lib/Driver/ToolChains.h

Show First 20 LinesShow All 614 Lines▼ Show 20 Lines void AddClangCXXStdlibIncludeArgs(
const llvm::opt::ArgList &DriverArgs, const llvm::opt::ArgList &DriverArgs,
llvm::opt::ArgStringList &CC1Args) const override; llvm::opt::ArgStringList &CC1Args) const override;
void AddCXXStdlibLibArgs(const llvm::opt::ArgList &Args, void AddCXXStdlibLibArgs(const llvm::opt::ArgList &Args,
llvm::opt::ArgStringList &CmdArgs) const override; llvm::opt::ArgStringList &CmdArgs) const override;
bool isPIEDefault() const override { return false; } bool isPIEDefault() const override { return false; }
SanitizerMask getSupportedSanitizers() const override; SanitizerMask getSupportedSanitizers() const override;
SanitizerMask getDefaultSanitizers() const override;
protected: protected:
Tool *buildLinker() const override; Tool *buildLinker() const override;
}; };
class LLVM_LIBRARY_VISIBILITY Solaris : public Generic_GCC { class LLVM_LIBRARY_VISIBILITY Solaris : public Generic_GCC {
public: public:
Solaris(const Driver &D, const llvm::Triple &Triple, Solaris(const Driver &D, const llvm::Triple &Triple,
▲ Show 20 LinesShow All 549 LinesShow Last 20 Lines

cfe/trunk/lib/Driver/ToolChains.cpp

Show First 20 LinesShow All 2,982 Lines▼ Show 20 Lines
} }
SanitizerMask CloudABI::getSupportedSanitizers() const { SanitizerMask CloudABI::getSupportedSanitizers() const {
SanitizerMask Res = ToolChain::getSupportedSanitizers(); SanitizerMask Res = ToolChain::getSupportedSanitizers();
Res |= SanitizerKind::SafeStack; Res |= SanitizerKind::SafeStack;
return Res; return Res;
} }
SanitizerMask CloudABI::getDefaultSanitizers() const {
return SanitizerKind::SafeStack;
}
/// OpenBSD - OpenBSD tool chain which can call as(1) and ld(1) directly. /// OpenBSD - OpenBSD tool chain which can call as(1) and ld(1) directly.
OpenBSD::OpenBSD(const Driver &D, const llvm::Triple &Triple, OpenBSD::OpenBSD(const Driver &D, const llvm::Triple &Triple,
const ArgList &Args) const ArgList &Args)
: Generic_ELF(D, Triple, Args) { : Generic_ELF(D, Triple, Args) {
getFilePaths().push_back(getDriver().Dir + "/../lib"); getFilePaths().push_back(getDriver().Dir + "/../lib");
getFilePaths().push_back("/usr/lib"); getFilePaths().push_back("/usr/lib");
} }
▲ Show 20 LinesShow All 1,575 LinesShow Last 20 Lines

cfe/trunk/test/Driver/cloudabi.c

// RUN: %clang %s -### -target x86_64-unknown-cloudabi 2>&1 | FileCheck %s // RUN: %clang %s -### -target x86_64-unknown-cloudabi 2>&1 | FileCheck %s -check-prefix=SAFESTACK
// CHECK: "-cc1" "-triple" "x86_64-unknown-cloudabi" {{.*}} "-ffunction-sections" "-fdata-sections" // SAFESTACK: "-cc1" "-triple" "x86_64-unknown-cloudabi" {{.*}} "-ffunction-sections" "-fdata-sections" {{.*}} "-fsanitize=safe-stack"
// CHECK: "-Bstatic" "--eh-frame-hdr" "--gc-sections" "-o" "a.out" "crt0.o" "crtbegin.o" "{{.*}}" "{{.*}}" "-lc" "-lcompiler_rt" "crtend.o" // SAFESTACK: "-Bstatic" "--eh-frame-hdr" "--gc-sections" "-o" "a.out" "crt0.o" "crtbegin.o" "{{.*}}" "{{.*}}" "-lc" "-lcompiler_rt" "crtend.o"
// RUN: %clang %s -### -target x86_64-unknown-cloudabi -fno-sanitize=safe-stack 2>&1 | FileCheck %s -check-prefix=NOSAFESTACK
// NOSAFESTACK: "-cc1" "-triple" "x86_64-unknown-cloudabi" {{.*}} "-ffunction-sections" "-fdata-sections"
// NOSAFESTACK-NOT: "-fsanitize=safe-stack"
// NOSAFESTACK: "-Bstatic" "--eh-frame-hdr" "--gc-sections" "-o" "a.out" "crt0.o" "crtbegin.o" "{{.*}}" "{{.*}}" "-lc" "-lcompiler_rt" "crtend.o"

cfe/trunk/test/Driver/cloudabi.cpp

// RUN: %clangxx %s -### -target x86_64-unknown-cloudabi 2>&1 | FileCheck %s // RUN: %clangxx %s -### -target x86_64-unknown-cloudabi 2>&1 | FileCheck %s -check-prefix=SAFESTACK
// CHECK: "-cc1" "-triple" "x86_64-unknown-cloudabi" {{.*}} "-ffunction-sections" "-fdata-sections" // SAFESTACK: "-cc1" "-triple" "x86_64-unknown-cloudabi" {{.*}} "-ffunction-sections" "-fdata-sections" {{.*}} "-fsanitize=safe-stack"
// CHECK: "-Bstatic" "--eh-frame-hdr" "--gc-sections" "-o" "a.out" "crt0.o" "crtbegin.o" "{{.*}}" "{{.*}}" "-lc++" "-lc++abi" "-lunwind" "-lc" "-lcompiler_rt" "crtend.o" // SAFESTACK: "-Bstatic" "--eh-frame-hdr" "--gc-sections" "-o" "a.out" "crt0.o" "crtbegin.o" "{{.*}}" "{{.*}}" "-lc++" "-lc++abi" "-lunwind" "-lc" "-lcompiler_rt" "crtend.o"
// RUN: %clangxx %s -### -target x86_64-unknown-cloudabi -fno-sanitize=safe-stack 2>&1 | FileCheck %s -check-prefix=NOSAFESTACk
// NOSAFESTACK: "-cc1" "-triple" "x86_64-unknown-cloudabi" {{.*}} "-ffunction-sections" "-fdata-sections"
// NOSAFESTACK-NOT: "-fsanitize=safe-stack"
// NOSAFESTACk: "-Bstatic" "--eh-frame-hdr" "--gc-sections" "-o" "a.out" "crt0.o" "crtbegin.o" "{{.*}}" "{{.*}}" "-lc++" "-lc++abi" "-lunwind" "-lc" "-lcompiler_rt" "crtend.o"