This is an archive of the discontinued LLVM Phabricator instance.

Differential D43669

[cfi] Lazy CFI initialization
ClosedPublic

Authored by vitalybuka on Feb 22 2018, 7:27 PM.

Details

Reviewers
pcc
eugenis
Commits
rG1aa98f429486: [cfi] Lazy initialization of CFI interceptors
rCRT326025: [cfi] Lazy initialization of CFI interceptors
rL326025: [cfi] Lazy initialization of CFI interceptors
Summary

If SANITIZER_CAN_USE_PREINIT_ARRAY=0 interceptors or cfi callbacks can be called
before constructor.

Diff Detail

Repository
rL LLVM

Event Timeline

vitalybuka created this revision.Feb 22 2018, 7:27 PM
Harbormaster completed remote builds in B15345: Diff 135585.Feb 22 2018, 7:29 PM
vitalybuka updated this revision to Diff 135586.Feb 22 2018, 7:35 PM

+static

eugenis added inline comments.Feb 23 2018, 11:28 AM
compiler-rt/lib/cfi/cfi.cc
426 ↗(On Diff #135586)

This mutex is not very useful. An interceptor could still go ahead while cfi_init is running in another thread. And we probably can not afford a lock in cfi_slowpath.

Perhaps add a constructor to all cfi-instrumented binaries? Then we would not need lazy initialization in __cfi_slowpath, and I don't care how many locks dlopen() takes.

eugenis added a comment.Feb 23 2018, 11:28 AM

A constructor would also mitigate the dlopen issue (see the comment before the interceptor). Not that we've seen this issue in the wild.

vitalybuka planned changes to this revision.Feb 23 2018, 1:53 PM

As discussed offline, I going to keep primary initialization unchanged and make lazy only interceptors initialization.

vitalybuka updated this revision to Diff 135716.Feb 23 2018, 3:25 PM

just interceptors

vitalybuka marked an inline comment as done.Feb 23 2018, 3:25 PM
vitalybuka updated this revision to Diff 135717.Feb 23 2018, 3:27 PM

rename

Harbormaster completed remote builds in B15377: Diff 135716.Feb 23 2018, 3:28 PM
Harbormaster completed remote builds in B15378: Diff 135717.
vitalybuka updated this revision to Diff 135763.Feb 23 2018, 6:32 PM

use mutex

eugenis added inline comments.Feb 23 2018, 6:32 PM
compiler-rt/lib/cfi/cfi.cc
416 ↗(On Diff #135717)

This is technically a data race. Let's just take a lock, this is not performance sensitive.

416 ↗(On Diff #135717)

call EnsureInterceptorsInitialized() here, or it may become a surprise if someone adds a new interceptor without that check

Harbormaster completed remote builds in B15390: Diff 135763.Feb 23 2018, 6:32 PM
eugenis accepted this revision.Feb 23 2018, 6:33 PM
eugenis added inline comments.
compiler-rt/lib/cfi/cfi.cc
416 ↗(On Diff #135717)

I see, that's too early for that.

This revision is now accepted and ready to land.Feb 23 2018, 6:33 PM
Closed by commit rL326025: [cfi] Lazy initialization of CFI interceptors (authored by vitalybuka). · Explain WhyFeb 23 2018, 11:01 PM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: delcypher. · View Herald TranscriptFeb 23 2018, 11:01 PM

Revision Contents

PathSize
compiler-rt/
trunk/
lib/
cfi/
21 lines

Diff 135786

compiler-rt/trunk/lib/cfi/cfi.cc

Show First 20 LinesShow All 373 Lines▼ Show 20 Lines
#ifdef CFI_ENABLE_DIAG #ifdef CFI_ENABLE_DIAG
extern "C" SANITIZER_INTERFACE_ATTRIBUTE void extern "C" SANITIZER_INTERFACE_ATTRIBUTE void
__cfi_slowpath_diag(u64 CallSiteTypeId, void *Ptr, void *DiagData) { __cfi_slowpath_diag(u64 CallSiteTypeId, void *Ptr, void *DiagData) {
CfiSlowPathCommon(CallSiteTypeId, Ptr, DiagData); CfiSlowPathCommon(CallSiteTypeId, Ptr, DiagData);
} }
#endif #endif
static void EnsureInterceptorsInitialized();
// Setup shadow for dlopen()ed libraries. // Setup shadow for dlopen()ed libraries.
// The actual shadow setup happens after dlopen() returns, which means that // The actual shadow setup happens after dlopen() returns, which means that
// a library can not be a target of any CFI checks while its constructors are // a library can not be a target of any CFI checks while its constructors are
// running. It's unclear how to fix this without some extra help from libc. // running. It's unclear how to fix this without some extra help from libc.
// In glibc, mmap inside dlopen is not interceptable. // In glibc, mmap inside dlopen is not interceptable.
// Maybe a seccomp-bpf filter? // Maybe a seccomp-bpf filter?
// We could insert a high-priority constructor into the library, but that would // We could insert a high-priority constructor into the library, but that would
// not help with the uninstrumented libraries. // not help with the uninstrumented libraries.
INTERCEPTOR(void*, dlopen, const char *filename, int flag) { INTERCEPTOR(void*, dlopen, const char *filename, int flag) {
EnsureInterceptorsInitialized();
EnterLoader(); EnterLoader();
void *handle = REAL(dlopen)(filename, flag); void *handle = REAL(dlopen)(filename, flag);
ExitLoader(); ExitLoader();
return handle; return handle;
} }
INTERCEPTOR(int, dlclose, void *handle) { INTERCEPTOR(int, dlclose, void *handle) {
EnsureInterceptorsInitialized();
EnterLoader(); EnterLoader();
int res = REAL(dlclose)(handle); int res = REAL(dlclose)(handle);
ExitLoader(); ExitLoader();
return res; return res;
} }
static BlockingMutex interceptor_init_lock(LINKER_INITIALIZED);
static bool interceptors_inited = false;
static void EnsureInterceptorsInitialized() {
BlockingMutexLock lock(&interceptor_init_lock);
if (interceptors_inited)
return;
INTERCEPT_FUNCTION(dlopen);
INTERCEPT_FUNCTION(dlclose);
interceptors_inited = true;
}
extern "C" SANITIZER_INTERFACE_ATTRIBUTE extern "C" SANITIZER_INTERFACE_ATTRIBUTE
#if !SANITIZER_CAN_USE_PREINIT_ARRAY #if !SANITIZER_CAN_USE_PREINIT_ARRAY
// On ELF platforms, the constructor is invoked using .preinit_array (see below) // On ELF platforms, the constructor is invoked using .preinit_array (see below)
__attribute__((constructor(0))) __attribute__((constructor(0)))
#endif #endif
void __cfi_init() { void __cfi_init() {
SanitizerToolName = "CFI"; SanitizerToolName = "CFI";
InitializeFlags(); InitializeFlags();
InitShadow(); InitShadow();
INTERCEPT_FUNCTION(dlopen);
INTERCEPT_FUNCTION(dlclose);
#ifdef CFI_ENABLE_DIAG #ifdef CFI_ENABLE_DIAG
__ubsan::InitAsPlugin(); __ubsan::InitAsPlugin();
#endif #endif
} }
#if SANITIZER_CAN_USE_PREINIT_ARRAY #if SANITIZER_CAN_USE_PREINIT_ARRAY
// On ELF platforms, run cfi initialization before any other constructors. // On ELF platforms, run cfi initialization before any other constructors.
// On other platforms we use the constructor attribute to arrange to run our // On other platforms we use the constructor attribute to arrange to run our
// initialization early. // initialization early.
extern "C" { extern "C" {
__attribute__((section(".preinit_array"), __attribute__((section(".preinit_array"),
used)) void (*__cfi_preinit)(void) = __cfi_init; used)) void (*__cfi_preinit)(void) = __cfi_init;
} }
#endif #endif