This is an archive of the discontinued LLVM Phabricator instance.

shadowcallstack: Make runtime tests compatible with aarch64.
ClosedPublic

Authored by pcc on Apr 4 2018, 5:05 PM.

Details

Summary

This at least appears to work if I manually compile the tests and
run them on an Android aarch64 device, but I'm not set up to run lit
on Android.

Depends on D45239

Event Timeline

pcc created this revision.Apr 4 2018, 5:05 PM
pcc updated this revision to Diff 141092.Apr 4 2018, 5:10 PM
  • Only aarch64 has the custom entry point
pcc updated this revision to Diff 141419.Apr 6 2018, 2:08 PM
  • Add boilerplate that allows the tests to pass on Android
eugenis added inline comments.Apr 6 2018, 2:10 PM
compiler-rt/test/shadowcallstack/CMakeLists.txt
2

MSAN?

19–20

HWASAN?

pcc updated this revision to Diff 141423.Apr 6 2018, 2:15 PM
pcc marked 2 inline comments as done.
  • Fix copy-pasteos
eugenis added inline comments.Apr 6 2018, 2:38 PM
compiler-rt/test/shadowcallstack/libc_support.h
32

use NR_MMAP?

compiler-rt/test/shadowcallstack/minimal_runtime.h
28

Why do you need anything above this line to not use libc? Why does it matter if they clobber x18 before it is set? It looks like scs_mmap_anon, for example, could be just libc mmap.

pcc added inline comments.Apr 6 2018, 2:51 PM
compiler-rt/test/shadowcallstack/minimal_runtime.h
28

Hmm, I think you're right. I will check whether that works.

I guess my only concern would be that these functions could somehow depend on having used the regular libc entry point, but it's hard to see how that could happen in practice.

That said, it occurred to me that we can avoid defining our own entry point just by defining main in this function and having it initialize the SCS and call an scs_main function which would be provided by the test. That would also work on x86 so we could avoid having two code paths. What do you think?

eugenis added inline comments.Apr 6 2018, 2:53 PM
compiler-rt/test/shadowcallstack/minimal_runtime.h
28

Sounds great.

pcc updated this revision to Diff 141445.Apr 6 2018, 3:43 PM
pcc marked an inline comment as done.
  • Use more libc, and define a custom main instead of a custom entry point
compiler-rt/test/shadowcallstack/libc_support.h
24

Attribute also belongs on the definition below

compiler-rt/test/shadowcallstack/minimal_runtime.h
39

Not sure I follow, if scs_main corrupted the RA don't we want to allow it to crash to satisfy the test? print_and_exit() also calls exit() directly so it shouldn't be required in that case.

pcc added inline comments.Apr 9 2018, 12:12 PM
compiler-rt/test/shadowcallstack/libc_support.h
24

Probably doesn't matter much in this case because we won't be inlining fputs. But I guess there's no harm in doing it.

compiler-rt/test/shadowcallstack/minimal_runtime.h
39

For aarch64 we don't crash on an RA mismatch, we just return to the address on the SCS. That means that when testing SCS + iterations=12 scs_main will return to main even though the RA on the stack is corrupted. Then when main, a non-SCS function, returns it will read the RA from the corrupted stack and return to it. We need to prevent that from happening because we want to simulate the behaviour when the entire system is built with SCS.

vlad.tsyrklevich accepted this revision.Apr 9 2018, 12:31 PM
vlad.tsyrklevich added inline comments.
compiler-rt/test/shadowcallstack/minimal_runtime.h
39

Ah, that makes sense.

This revision is now accepted and ready to land.Apr 9 2018, 12:31 PM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: Restricted Project. · View Herald TranscriptApr 9 2018, 1:21 PM