This is an archive of the discontinued LLVM Phabricator instance.

Mark REAL(swapcontext) with indirect_return attribute on x86
ClosedPublic

Authored by hjl.tools on Jul 20 2018, 10:33 AM.

Download Raw Diff

Details

Reviewers

kcc
eugenis

Commits

rG0cb55919eca7: Mark REAL(swapcontext) with indirect_return attribute on x86
rL337603: Mark REAL(swapcontext) with indirect_return attribute on x86
rCRT337603: Mark REAL(swapcontext) with indirect_return attribute on x86

Summary

When shadow stack from Intel CET is enabled, the first instruction of all
indirect branch targets must be a special instruction, ENDBR.

lib/asan/asan_interceptors.cc has

...

int res = REAL(swapcontext)(oucp, ucp);

...

REAL(swapcontext) is a function pointer to swapcontext in libc. Since
swapcontext may return via indirect branch on x86 when shadow stack is
enabled, as in this case,

int res = REAL(swapcontext)(oucp, ucp);

^^^^^^^^^^^^^^^^^^^^^^^^^^^^  This function may be

returned via an indirect branch.

Here compiler must insert ENDBR after call, like

call *bar(%rip)
endbr64

I opened an LLVM bug:

https://bugs.llvm.org/show_bug.cgi?id=38207

to add the indirect_return attribute so that it can be used to inform
compiler to insert ENDBR after REAL(swapcontext) call. We mark
REAL(swapcontext) with the indirect_return attribute if it is available.

Diff Detail

Repository: rCRT Compiler Runtime

Event Timeline

hjl.tools created this revision.Jul 20 2018, 10:33 AM

Herald added subscribers: Restricted Project, kubamracek. · View Herald TranscriptJul 20 2018, 10:33 AM

eugenis added a subscriber: eugenis.Jul 20 2018, 11:07 AM

eugenis added inline comments.

lib/asan/asan_interceptors.cc
278	Please add a __ has_attribute compatibility definition here (same as __ has_feature): http://llvm-cs.pcc.me.uk/projects/compiler-rt/lib/sanitizer_common/sanitizer_internal_defs.h#122

Added a __ has_attribute compatibility definition.

eugenis added inline comments.Jul 20 2018, 12:14 PM

lib/sanitizer_common/sanitizer_internal_defs.h
127	an extra ")"

Remove the extra ")".

LGTM

This revision is now accepted and ready to land.Jul 20 2018, 12:20 PM

Closed by commit rCRT337603: Mark REAL(swapcontext) with indirect_return attribute on x86 (authored by hjl). · Explain WhyJul 20 2018, 12:29 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

lib/

asan/

asan_interceptors.cc

8 lines

sanitizer_common/

sanitizer_internal_defs.h

5 lines

Diff 156566

lib/asan/asan_interceptors.cc

Show First 20 Lines • Show All 269 Lines • ▼ Show 20 Lines	Report("WARNING: ASan doesn't fully support makecontext/swapcontext "
"functions and may produce false positives in some cases!\n");		"functions and may produce false positives in some cases!\n");
reported_warning = true;		reported_warning = true;
}		}
// Clear shadow memory for new context (it may share stack		// Clear shadow memory for new context (it may share stack
// with current context).		// with current context).
uptr stack, ssize;		uptr stack, ssize;
ReadContextStack(ucp, &stack, &ssize);		ReadContextStack(ucp, &stack, &ssize);
ClearShadowMemoryForContextStack(stack, ssize);		ClearShadowMemoryForContextStack(stack, ssize);
		#if __has_attribute(__indirect_return__) && \
		eugenisUnsubmitted Not Done Reply Inline Actions Please add a __ has_attribute compatibility definition here (same as __ has_feature): http://llvm-cs.pcc.me.uk/projects/compiler-rt/lib/sanitizer_common/sanitizer_internal_defs.h#122 eugenis: Please add a __ has_attribute compatibility definition here (same as __ has_feature): http…
		(defined(__x86_64__) \|\| defined(__i386__))
		int (real_swapcontext)(struct ucontext_t , struct ucontext_t *)
		__attribute__((__indirect_return__))
		= REAL(swapcontext);
		int res = real_swapcontext(oucp, ucp);
		#else
int res = REAL(swapcontext)(oucp, ucp);		int res = REAL(swapcontext)(oucp, ucp);
		#endif
// swapcontext technically does not return, but program may swap context to		// swapcontext technically does not return, but program may swap context to
// "oucp" later, that would look as if swapcontext() returned 0.		// "oucp" later, that would look as if swapcontext() returned 0.
// We need to clear shadow for ucp once again, as it may be in arbitrary		// We need to clear shadow for ucp once again, as it may be in arbitrary
// state.		// state.
ClearShadowMemoryForContextStack(stack, ssize);		ClearShadowMemoryForContextStack(stack, ssize);
return res;		return res;
}		}
#endif // ASAN_INTERCEPT_SWAPCONTEXT		#endif // ASAN_INTERCEPT_SWAPCONTEXT
▲ Show 20 Lines • Show All 373 Lines • Show Last 20 Lines

lib/sanitizer_common/sanitizer_internal_defs.h

	Show First 20 Lines • Show All 116 Lines • ▼ Show 20 Lines
	#endif			#endif
	#endif // SANITIZER_CAN_USE_PREINIT_ARRAY			#endif // SANITIZER_CAN_USE_PREINIT_ARRAY

	// GCC does not understand __has_feature			// GCC does not understand __has_feature
	#if !defined(__has_feature)			#if !defined(__has_feature)
	# define __has_feature(x) 0			# define __has_feature(x) 0
	#endif			#endif

				// Older GCCs do not understand __has_attribute.
				#if !defined(__has_attribute)
				# define __has_attribute(x) 0
				eugenisUnsubmitted Not Done Reply Inline Actions an extra ")" eugenis: an extra ")"
				#endif

	// For portability reasons we do not include stddef.h, stdint.h or any other			// For portability reasons we do not include stddef.h, stdint.h or any other
	// system header, but we do need some basic types that are not defined			// system header, but we do need some basic types that are not defined
	// in a portable way by the language itself.			// in a portable way by the language itself.
	namespace __sanitizer {			namespace __sanitizer {

	#if defined(_WIN64)			#if defined(_WIN64)
	// 64-bit Windows uses LLP64 data model.			// 64-bit Windows uses LLP64 data model.
	typedef unsigned long long uptr; // NOLINT			typedef unsigned long long uptr; // NOLINT
	▲ Show 20 Lines • Show All 299 Lines • Show Last 20 Lines