This is an archive of the discontinued LLVM Phabricator instance.

Differential D81390

[KernelAddressSanitizer] Make globals constructors compatible with kernel [v2]
ClosedPublic

Authored by melver on Jun 8 2020, 6:59 AM.

Details

Reviewers
glider
aaron.ballman
dvyukov
Commits
rGd3f89314ff20: [KernelAddressSanitizer] Make globals constructors compatible with kernel [v2]
Summary

Note: The first version of this feature was reverted due to modpost causing failures. This v2 fixes this. More info:

https://github.com/ClangBuiltLinux/linux/issues/1045#issuecomment-640381783

This makes -fsanitize=kernel-address emit the correct globals
constructors for the kernel. We had to do the following:

  • Disable generation of constructors that rely on linker features such as dead-global elimination.
  • Only instrument globals *not* in explicit sections. The kernel uses sections for special globals, which we should not touch.
  • Do not instrument globals that are prefixed with "" nor that are aliased by a symbol that is prefixed with "". For example, modpost relies on specially named aliases to find globals and checks their contents. Unfortunately modpost relies on size stored as ELF debug info and any padding of globals currently causes the debug info to cause size reported to be *with* redzone which throws modpost off.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=203493

Tested:

  • With 'clang/test/CodeGen/asan-globals.cpp'.
  • With test_kasan.ko, we can see:

    BUG: KASAN: global-out-of-bounds in kasan_global_oob+0xb3/0xba [test_kasan]
  • allyesconfig, allmodconfig (x86_64)

Diff Detail

Event Timeline

melver created this revision.Jun 8 2020, 6:59 AM
Herald added a reviewer: aaron.ballman. · View Herald TranscriptJun 8 2020, 6:59 AM
Herald added projects: Restricted Project, Restricted Project. · View Herald Transcript
Herald added subscribers: llvm-commits, cfe-commits, hiraditya, aprantl. · View Herald Transcript
melver updated this revision to Diff 269229.Jun 8 2020, 7:46 AM

Also ignore non-alias globals prefixed by __.

melver edited the summary of this revision. (Show Details)Jun 8 2020, 7:54 AM
melver added a reviewer: nathanchance.Jun 8 2020, 7:57 AM
melver added a subscriber: nickdesaulniers.
Harbormaster failed remote builds in B59476: Diff 269211!Jun 8 2020, 8:12 AM
Harbormaster failed remote builds in B59484: Diff 269229!Jun 8 2020, 9:22 AM
melver edited the summary of this revision. (Show Details)Jun 8 2020, 1:28 PM
nathanchance added a comment.Jun 8 2020, 3:23 PM

I do not know enough about KASAN enough to review this patch but I can say that against mainline at https://git.kernel.org/linus/af7b4801030c07637840191c69eb666917e4135d, there appear to be no visible regressions with this version of the patch on top of caa2fddce72f2e8ca3d6346cc2c8fe85252b91d8.

melver added a comment.Jun 9 2020, 12:45 AM
In D81390#2081067, @nathanchance wrote:

I do not know enough about KASAN enough to review this patch but I can say that against mainline at https://git.kernel.org/linus/af7b4801030c07637840191c69eb666917e4135d, there appear to be no visible regressions with this version of the patch on top of caa2fddce72f2e8ca3d6346cc2c8fe85252b91d8.

Thank you for testing this!

melver retitled this revision from [KernelAddressSanitizer] Make globals constructors compatible with kernel to [KernelAddressSanitizer] Make globals constructors compatible with kernel [v2].Jun 9 2020, 12:46 AM
melver removed a reviewer: nathanchance.
melver added a subscriber: nathanchance.
melver added a reviewer: dvyukov.Jun 9 2020, 5:43 AM
glider added inline comments.Jun 9 2020, 7:22 AM
clang/test/CodeGen/asan-globals.cpp
16

Need a comment explaining this case a bit.

llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
759

UseGlobalsGC assumes !this->CompileKernel already, doesn't it?

1796

Maybe it's better to call this function only if CompileKernel is true?
I don't think we need it except for the kernel.

1942

This change looks unrelated to the rest.

melver updated this revision to Diff 269578.Jun 9 2020, 9:53 AM
melver marked 6 inline comments as done.

Address comments.

melver added a comment.Jun 9 2020, 9:55 AM

Thanks! PTAL.

llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
759

I experimented a bit and found that even if one of them is enabled things break (say if you remove UseGlobalsGC here). This is more explicit and less error-prone in case somebody removes UseGlobalsGC from UseCtorComdat. And there is no real penalty here for having it on both.

1796

Done, though the previous version was cleaner. I guarded the call but now we need an assert and a comment to make sure the check is moved when people decide to use this for more than the kernel.

melver updated this revision to Diff 269582.Jun 9 2020, 9:58 AM

Fix test broken by linter.

Harbormaster failed remote builds in B59652: Diff 269578!Jun 9 2020, 11:33 AM
Harbormaster failed remote builds in B59656: Diff 269582!Jun 9 2020, 12:40 PM
melver updated this revision to Diff 269751.Jun 10 2020, 1:01 AM

Fix typos.

Harbormaster failed remote builds in B59749: Diff 269751!Jun 10 2020, 2:09 AM
melver updated this revision to Diff 269780.Jun 10 2020, 3:35 AM

Fix test on windows.

glider accepted this revision.Jun 10 2020, 3:53 AM

LGTM assuming allyesconfig builds.

llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
759

That's strange, but ok.

This revision is now accepted and ready to land.Jun 10 2020, 3:53 AM
Harbormaster completed remote builds in B59764: Diff 269780.Jun 10 2020, 4:52 AM
Closed by commit rGd3f89314ff20: [KernelAddressSanitizer] Make globals constructors compatible with kernel [v2] (authored by melver). · Explain WhyJun 10 2020, 6:32 AM
This revision was automatically updated to reflect the committed changes.
thakis added a subscriber: thakis.Jun 10 2020, 9:49 AM

This breaks mac again: http://45.33.8.238/mac/15259/step_7.txt

Revision Contents

PathSize
clang/
test/
CodeGen/
52 lines
llvm/
include/
llvm/
Transforms/
Utils/
4 lines
lib/
Transforms/
Instrumentation/
94 lines
Utils/
16 lines

Diff 269828

clang/test/CodeGen/asan-globals.cpp

// RUN: echo "int extra_global;" > %t.extra-source.cpp // RUN: echo "int extra_global;" > %t.extra-source.cpp
// RUN: echo "global:*blacklisted_global*" > %t.blacklist // RUN: echo "global:*blacklisted_global*" > %t.blacklist
// RUN: %clang_cc1 -include %t.extra-source.cpp -fsanitize=address -fsanitize-blacklist=%t.blacklist -emit-llvm -o - %s | FileCheck %s // RUN: %clang_cc1 -include %t.extra-source.cpp -fsanitize=address -fsanitize-blacklist=%t.blacklist -emit-llvm -o - %s | FileCheck %s --check-prefixes=CHECK,ASAN
// RUN: %clang_cc1 -include %t.extra-source.cpp -fsanitize=kernel-address -fsanitize-blacklist=%t.blacklist -emit-llvm -o - %s | FileCheck %s --check-prefixes=CHECK,KASAN
// The blacklist file uses regexps, so Windows path backslashes. // The blacklist file uses regexps, so Windows path backslashes.
// RUN: echo "src:%s" | sed -e 's/\\/\\\\/g' > %t.blacklist-src // RUN: echo "src:%s" | sed -e 's/\\/\\\\/g' > %t.blacklist-src
// RUN: %clang_cc1 -include %t.extra-source.cpp -fsanitize=address -fsanitize-blacklist=%t.blacklist-src -emit-llvm -o - %s | FileCheck %s --check-prefix=BLACKLIST-SRC // RUN: %clang_cc1 -include %t.extra-source.cpp -fsanitize=address -fsanitize-blacklist=%t.blacklist-src -emit-llvm -o - %s | FileCheck %s --check-prefix=BLACKLIST-SRC
// RUN: %clang_cc1 -include %t.extra-source.cpp -fsanitize=kernel-address -fsanitize-blacklist=%t.blacklist-src -emit-llvm -o - %s | FileCheck %s --check-prefix=BLACKLIST-SRC
int global; int global;
int dyn_init_global = global; int dyn_init_global = global;
int __attribute__((no_sanitize("address"))) attributed_global; int __attribute__((no_sanitize("address"))) attributed_global;
int blacklisted_global; int blacklisted_global;
int __attribute__((section("__DATA, __common"))) sectioned_global; // [KASAN] ignore globals in a section
extern "C" {
gliderUnsubmitted
Done
ReplyInline Actions

Need a comment explaining this case a bit.

glider: Need a comment explaining this case a bit.
int aliased_global; // [KASAN] ignore globals prefixed by aliases with __-prefix [below]
extern int __attribute__((alias("aliased_global"))) __global_alias; // [KASAN] aliased_global ignored
int __special_global; // [KASAN] ignore globals with __-prefix
}
void func() { void func() {
static int static_var = 0; static int static_var = 0;
const char *literal = "Hello, world!"; const char *literal = "Hello, world!";
} }
// CHECK: !llvm.asan.globals = !{![[EXTRA_GLOBAL:[0-9]+]], ![[GLOBAL:[0-9]+]], ![[DYN_INIT_GLOBAL:[0-9]+]], ![[ATTR_GLOBAL:[0-9]+]], ![[BLACKLISTED_GLOBAL:[0-9]+]], ![[STATIC_VAR:[0-9]+]], ![[LITERAL:[0-9]+]]} // ASAN: sectioned_global{{.*}}{ i32, [60 x i8] }{{.*}}align 32
// KASAN: sectioned_global{{.*}}i32
// ASAN: @aliased_global{{.*}}{ i32, [60 x i8] }{{.*}}align 32
// KASAN: @aliased_global{{.*}}i32
// ASAN: @__special_global{{.*}}{ i32, [60 x i8] }{{.*}}align 32
// KASAN: @__special_global{{.*}}i32
// CHECK-LABEL: define internal void @asan.module_ctor
// ASAN-NEXT: call void @__asan_init
// ASAN-NEXT: call void @__asan_version_mismatch_check
// KASAN-NOT: call void @__asan_init
// KASAN-NOT: call void @__asan_version_mismatch_check
// ASAN-NEXT: call void @__asan_register_globals({{.*}}, i{{32|64}} 8)
// KASAN-NEXT: call void @__asan_register_globals({{.*}}, i{{32|64}} 5)
// CHECK-NEXT: ret void
// CHECK-LABEL: define internal void @asan.module_dtor
// CHECK-NEXT: call void @__asan_unregister_globals
// CHECK-NEXT: ret void
// CHECK: !llvm.asan.globals = !{![[EXTRA_GLOBAL:[0-9]+]], ![[GLOBAL:[0-9]+]], ![[DYN_INIT_GLOBAL:[0-9]+]], ![[ATTR_GLOBAL:[0-9]+]], ![[BLACKLISTED_GLOBAL:[0-9]+]], ![[SECTIONED_GLOBAL:[0-9]+]], ![[ALIASED_GLOBAL:[0-9]+]], ![[SPECIAL_GLOBAL:[0-9]+]], ![[STATIC_VAR:[0-9]+]], ![[LITERAL:[0-9]+]]}
// CHECK: ![[EXTRA_GLOBAL]] = !{{{.*}} ![[EXTRA_GLOBAL_LOC:[0-9]+]], !"extra_global", i1 false, i1 false} // CHECK: ![[EXTRA_GLOBAL]] = !{{{.*}} ![[EXTRA_GLOBAL_LOC:[0-9]+]], !"extra_global", i1 false, i1 false}
// CHECK: ![[EXTRA_GLOBAL_LOC]] = !{!"{{.*}}extra-source.cpp", i32 1, i32 5} // CHECK: ![[EXTRA_GLOBAL_LOC]] = !{!"{{.*}}extra-source.cpp", i32 1, i32 5}
// CHECK: ![[GLOBAL]] = !{{{.*}} ![[GLOBAL_LOC:[0-9]+]], !"global", i1 false, i1 false} // CHECK: ![[GLOBAL]] = !{{{.*}} ![[GLOBAL_LOC:[0-9]+]], !"global", i1 false, i1 false}
// CHECK: ![[GLOBAL_LOC]] = !{!"{{.*}}asan-globals.cpp", i32 8, i32 5} // CHECK: ![[GLOBAL_LOC]] = !{!"{{.*}}asan-globals.cpp", i32 10, i32 5}
// CHECK: ![[DYN_INIT_GLOBAL]] = !{{{.*}} ![[DYN_INIT_LOC:[0-9]+]], !"dyn_init_global", i1 true, i1 false} // CHECK: ![[DYN_INIT_GLOBAL]] = !{{{.*}} ![[DYN_INIT_LOC:[0-9]+]], !"dyn_init_global", i1 true, i1 false}
// CHECK: ![[DYN_INIT_LOC]] = !{!"{{.*}}asan-globals.cpp", i32 9, i32 5} // CHECK: ![[DYN_INIT_LOC]] = !{!"{{.*}}asan-globals.cpp", i32 11, i32 5}
// CHECK: ![[ATTR_GLOBAL]] = !{{{.*}}, null, null, i1 false, i1 true} // CHECK: ![[ATTR_GLOBAL]] = !{{{.*}}, null, null, i1 false, i1 true}
// CHECK: ![[BLACKLISTED_GLOBAL]] = !{{{.*}}, null, null, i1 false, i1 true} // CHECK: ![[BLACKLISTED_GLOBAL]] = !{{{.*}}, null, null, i1 false, i1 true}
// CHECK: ![[SECTIONED_GLOBAL]] = !{{{.*}} ![[SECTIONED_GLOBAL_LOC:[0-9]+]], !"sectioned_global", i1 false, i1 false}
// CHECK: ![[SECTIONED_GLOBAL_LOC]] = !{!"{{.*}}asan-globals.cpp", i32 15, i32 50}
// CHECK: ![[ALIASED_GLOBAL]] = !{{{.*}} ![[ALIASED_GLOBAL_LOC:[0-9]+]], !"aliased_global", i1 false, i1 false}
// CHECK: ![[ALIASED_GLOBAL_LOC]] = !{!"{{.*}}asan-globals.cpp", i32 17, i32 5}
// CHECK: ![[SPECIAL_GLOBAL]] = !{{{.*}} ![[SPECIAL_GLOBAL_LOC:[0-9]+]], !"__special_global", i1 false, i1 false}
// CHECK: ![[SPECIAL_GLOBAL_LOC]] = !{!"{{.*}}asan-globals.cpp", i32 19, i32 5}
// CHECK: ![[STATIC_VAR]] = !{{{.*}} ![[STATIC_LOC:[0-9]+]], !"static_var", i1 false, i1 false} // CHECK: ![[STATIC_VAR]] = !{{{.*}} ![[STATIC_LOC:[0-9]+]], !"static_var", i1 false, i1 false}
// CHECK: ![[STATIC_LOC]] = !{!"{{.*}}asan-globals.cpp", i32 14, i32 14} // CHECK: ![[STATIC_LOC]] = !{!"{{.*}}asan-globals.cpp", i32 23, i32 14}
// CHECK: ![[LITERAL]] = !{{{.*}} ![[LITERAL_LOC:[0-9]+]], !"<string literal>", i1 false, i1 false} // CHECK: ![[LITERAL]] = !{{{.*}} ![[LITERAL_LOC:[0-9]+]], !"<string literal>", i1 false, i1 false}
// CHECK: ![[LITERAL_LOC]] = !{!"{{.*}}asan-globals.cpp", i32 15, i32 25} // CHECK: ![[LITERAL_LOC]] = !{!"{{.*}}asan-globals.cpp", i32 24, i32 25}
// BLACKLIST-SRC: !llvm.asan.globals = !{![[EXTRA_GLOBAL:[0-9]+]], ![[GLOBAL:[0-9]+]], ![[DYN_INIT_GLOBAL:[0-9]+]], ![[ATTR_GLOBAL:[0-9]+]], ![[BLACKLISTED_GLOBAL:[0-9]+]], ![[STATIC_VAR:[0-9]+]], ![[LITERAL:[0-9]+]]} // BLACKLIST-SRC: !llvm.asan.globals = !{![[EXTRA_GLOBAL:[0-9]+]], ![[GLOBAL:[0-9]+]], ![[DYN_INIT_GLOBAL:[0-9]+]], ![[ATTR_GLOBAL:[0-9]+]], ![[BLACKLISTED_GLOBAL:[0-9]+]], ![[SECTIONED_GLOBAL:[0-9]+]], ![[ALIASED_GLOBAL:[0-9]+]], ![[SPECIAL_GLOBAL:[0-9]+]], ![[STATIC_VAR:[0-9]+]], ![[LITERAL:[0-9]+]]}
// BLACKLIST-SRC: ![[EXTRA_GLOBAL]] = !{{{.*}} ![[EXTRA_GLOBAL_LOC:[0-9]+]], !"extra_global", i1 false, i1 false} // BLACKLIST-SRC: ![[EXTRA_GLOBAL]] = !{{{.*}} ![[EXTRA_GLOBAL_LOC:[0-9]+]], !"extra_global", i1 false, i1 false}
// BLACKLIST-SRC: ![[EXTRA_GLOBAL_LOC]] = !{!"{{.*}}extra-source.cpp", i32 1, i32 5} // BLACKLIST-SRC: ![[EXTRA_GLOBAL_LOC]] = !{!"{{.*}}extra-source.cpp", i32 1, i32 5}
// BLACKLIST-SRC: ![[GLOBAL]] = !{{{.*}} null, null, i1 false, i1 true} // BLACKLIST-SRC: ![[GLOBAL]] = !{{{.*}} null, null, i1 false, i1 true}
// BLACKLIST-SRC: ![[DYN_INIT_GLOBAL]] = !{{{.*}} null, null, i1 true, i1 true} // BLACKLIST-SRC: ![[DYN_INIT_GLOBAL]] = !{{{.*}} null, null, i1 true, i1 true}
// BLACKLIST-SRC: ![[ATTR_GLOBAL]] = !{{{.*}}, null, null, i1 false, i1 true} // BLACKLIST-SRC: ![[ATTR_GLOBAL]] = !{{{.*}}, null, null, i1 false, i1 true}
// BLACKLIST-SRC: ![[BLACKLISTED_GLOBAL]] = !{{{.*}}, null, null, i1 false, i1 true} // BLACKLIST-SRC: ![[BLACKLISTED_GLOBAL]] = !{{{.*}}, null, null, i1 false, i1 true}
// BLACKLIST-SRC: ![[SECTIONED_GLOBAL]] = !{{{.*}} null, null, i1 false, i1 true}
// BLACKLIST-SRC: ![[ALIASED_GLOBAL]] = !{{{.*}} null, null, i1 false, i1 true}
// BLACKLIST-SRC: ![[SPECIAL_GLOBAL]] = !{{{.*}} null, null, i1 false, i1 true}
// BLACKLIST-SRC: ![[STATIC_VAR]] = !{{{.*}} null, null, i1 false, i1 true} // BLACKLIST-SRC: ![[STATIC_VAR]] = !{{{.*}} null, null, i1 false, i1 true}
// BLACKLIST-SRC: ![[LITERAL]] = !{{{.*}} null, null, i1 false, i1 true} // BLACKLIST-SRC: ![[LITERAL]] = !{{{.*}} null, null, i1 false, i1 true}

llvm/include/llvm/Transforms/Utils/ModuleUtils.h

Show All 36 Lines
/// Same as appendToGlobalCtors(), but for global dtors. /// Same as appendToGlobalCtors(), but for global dtors.
void appendToGlobalDtors(Module &M, Function *F, int Priority, void appendToGlobalDtors(Module &M, Function *F, int Priority,
Constant *Data = nullptr); Constant *Data = nullptr);
FunctionCallee declareSanitizerInitFunction(Module &M, StringRef InitName, FunctionCallee declareSanitizerInitFunction(Module &M, StringRef InitName,
ArrayRef<Type *> InitArgTypes); ArrayRef<Type *> InitArgTypes);
/// Creates sanitizer constructor function.
/// \return Returns pointer to constructor.
Function *createSanitizerCtor(Module &M, StringRef CtorName);
/// Creates sanitizer constructor function, and calls sanitizer's init /// Creates sanitizer constructor function, and calls sanitizer's init
/// function from it. /// function from it.
/// \return Returns pair of pointers to constructor, and init functions /// \return Returns pair of pointers to constructor, and init functions
/// respectively. /// respectively.
std::pair<Function *, FunctionCallee> createSanitizerCtorAndInitFunctions( std::pair<Function *, FunctionCallee> createSanitizerCtorAndInitFunctions(
Module &M, StringRef CtorName, StringRef InitName, Module &M, StringRef CtorName, StringRef InitName,
ArrayRef<Type *> InitArgTypes, ArrayRef<Value *> InitArgs, ArrayRef<Type *> InitArgTypes, ArrayRef<Value *> InitArgs,
StringRef VersionCheckName = StringRef()); StringRef VersionCheckName = StringRef());
▲ Show 20 LinesShow All 67 LinesShow Last 20 Lines

llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp

Show First 20 LinesShow All 583 Lines▼ Show 20 Lines
char ASanGlobalsMetadataWrapperPass::ID = 0; char ASanGlobalsMetadataWrapperPass::ID = 0;
/// AddressSanitizer: instrument the code in module to find memory bugs. /// AddressSanitizer: instrument the code in module to find memory bugs.
struct AddressSanitizer { struct AddressSanitizer {
AddressSanitizer(Module &M, const GlobalsMetadata *GlobalsMD, AddressSanitizer(Module &M, const GlobalsMetadata *GlobalsMD,
bool CompileKernel = false, bool Recover = false, bool CompileKernel = false, bool Recover = false,
bool UseAfterScope = false) bool UseAfterScope = false)
: UseAfterScope(UseAfterScope || ClUseAfterScope), GlobalsMD(*GlobalsMD) { : CompileKernel(ClEnableKasan.getNumOccurrences() > 0 ? ClEnableKasan
this->Recover = ClRecover.getNumOccurrences() > 0 ? ClRecover : Recover; : CompileKernel),
this->CompileKernel = Recover(ClRecover.getNumOccurrences() > 0 ? ClRecover : Recover),
ClEnableKasan.getNumOccurrences() > 0 ? ClEnableKasan : CompileKernel; UseAfterScope(UseAfterScope || ClUseAfterScope), GlobalsMD(*GlobalsMD) {
C = &(M.getContext()); C = &(M.getContext());
LongSize = M.getDataLayout().getPointerSizeInBits(); LongSize = M.getDataLayout().getPointerSizeInBits();
IntptrTy = Type::getIntNTy(*C, LongSize); IntptrTy = Type::getIntNTy(*C, LongSize);
TargetTriple = Triple(M.getTargetTriple()); TargetTriple = Triple(M.getTargetTriple());
Mapping = getShadowMapping(TargetTriple, LongSize, this->CompileKernel); Mapping = getShadowMapping(TargetTriple, LongSize, this->CompileKernel);
} }
▲ Show 20 LinesShow All 132 Lines▼ Show 20 Linesprivate:
bool UseAfterScope; bool UseAfterScope;
}; };
class ModuleAddressSanitizer { class ModuleAddressSanitizer {
public: public:
ModuleAddressSanitizer(Module &M, const GlobalsMetadata *GlobalsMD, ModuleAddressSanitizer(Module &M, const GlobalsMetadata *GlobalsMD,
bool CompileKernel = false, bool Recover = false, bool CompileKernel = false, bool Recover = false,
bool UseGlobalsGC = true, bool UseOdrIndicator = false) bool UseGlobalsGC = true, bool UseOdrIndicator = false)
: GlobalsMD(*GlobalsMD), UseGlobalsGC(UseGlobalsGC && ClUseGlobalsGC), : GlobalsMD(*GlobalsMD),
CompileKernel(ClEnableKasan.getNumOccurrences() > 0 ? ClEnableKasan
: CompileKernel),
Recover(ClRecover.getNumOccurrences() > 0 ? ClRecover : Recover),
UseGlobalsGC(UseGlobalsGC && ClUseGlobalsGC && !this->CompileKernel),
// Enable aliases as they should have no downside with ODR indicators. // Enable aliases as they should have no downside with ODR indicators.
UsePrivateAlias(UseOdrIndicator || ClUsePrivateAlias), UsePrivateAlias(UseOdrIndicator || ClUsePrivateAlias),
UseOdrIndicator(UseOdrIndicator || ClUseOdrIndicator), UseOdrIndicator(UseOdrIndicator || ClUseOdrIndicator),
// Not a typo: ClWithComdat is almost completely pointless without // Not a typo: ClWithComdat is almost completely pointless without
// ClUseGlobalsGC (because then it only works on modules without // ClUseGlobalsGC (because then it only works on modules without
// globals, which are rare); it is a prerequisite for ClUseGlobalsGC; // globals, which are rare); it is a prerequisite for ClUseGlobalsGC;
// and both suffer from gold PR19002 for which UseGlobalsGC constructor // and both suffer from gold PR19002 for which UseGlobalsGC constructor
// argument is designed as workaround. Therefore, disable both // argument is designed as workaround. Therefore, disable both
// ClWithComdat and ClUseGlobalsGC unless the frontend says it's ok to // ClWithComdat and ClUseGlobalsGC unless the frontend says it's ok to
// do globals-gc. // do globals-gc.
UseCtorComdat(UseGlobalsGC && ClWithComdat) { UseCtorComdat(UseGlobalsGC && ClWithComdat && !this->CompileKernel) {
gliderUnsubmitted
Not Done
ReplyInline Actions

UseGlobalsGC assumes !this->CompileKernel already, doesn't it?

glider: `UseGlobalsGC` assumes `!this->CompileKernel` already, doesn't it?
melverAuthorUnsubmitted
Done
ReplyInline Actions

I experimented a bit and found that even if one of them is enabled things break (say if you remove UseGlobalsGC here). This is more explicit and less error-prone in case somebody removes UseGlobalsGC from UseCtorComdat. And there is no real penalty here for having it on both.

melver: I experimented a bit and found that even if one of them is enabled things break (say if you…
gliderUnsubmitted
Not Done
ReplyInline Actions

That's strange, but ok.

glider: That's strange, but ok.
this->Recover = ClRecover.getNumOccurrences() > 0 ? ClRecover : Recover;
this->CompileKernel =
ClEnableKasan.getNumOccurrences() > 0 ? ClEnableKasan : CompileKernel;
C = &(M.getContext()); C = &(M.getContext());
int LongSize = M.getDataLayout().getPointerSizeInBits(); int LongSize = M.getDataLayout().getPointerSizeInBits();
IntptrTy = Type::getIntNTy(*C, LongSize); IntptrTy = Type::getIntNTy(*C, LongSize);
TargetTriple = Triple(M.getTargetTriple()); TargetTriple = Triple(M.getTargetTriple());
Mapping = getShadowMapping(TargetTriple, LongSize, this->CompileKernel); Mapping = getShadowMapping(TargetTriple, LongSize, this->CompileKernel);
} }
bool instrumentModule(Module &); bool instrumentModule(Module &);
Show All 18 Lines InstrumentGlobalsWithMetadataArray(IRBuilder<> &IRB, Module &M,
ArrayRef<Constant *> MetadataInitializers); ArrayRef<Constant *> MetadataInitializers);
GlobalVariable *CreateMetadataGlobal(Module &M, Constant *Initializer, GlobalVariable *CreateMetadataGlobal(Module &M, Constant *Initializer,
StringRef OriginalName); StringRef OriginalName);
void SetComdatForGlobalMetadata(GlobalVariable *G, GlobalVariable *Metadata, void SetComdatForGlobalMetadata(GlobalVariable *G, GlobalVariable *Metadata,
StringRef InternalSuffix); StringRef InternalSuffix);
Instruction *CreateAsanModuleDtor(Module &M); Instruction *CreateAsanModuleDtor(Module &M);
bool ShouldInstrumentGlobal(GlobalVariable *G); bool canInstrumentAliasedGlobal(const GlobalAlias &GA) const;
bool shouldInstrumentGlobal(GlobalVariable *G) const;
bool ShouldUseMachOGlobalsSection() const; bool ShouldUseMachOGlobalsSection() const;
StringRef getGlobalMetadataSection() const; StringRef getGlobalMetadataSection() const;
void poisonOneInitializer(Function &GlobalInit, GlobalValue *ModuleName); void poisonOneInitializer(Function &GlobalInit, GlobalValue *ModuleName);
void createInitializerPoisonCalls(Module &M, GlobalValue *ModuleName); void createInitializerPoisonCalls(Module &M, GlobalValue *ModuleName);
size_t MinRedzoneSizeForGlobal() const { size_t MinRedzoneSizeForGlobal() const {
return RedzoneSizeForScale(Mapping.Scale); return RedzoneSizeForScale(Mapping.Scale);
} }
int GetAsanVersion(const Module &M) const; int GetAsanVersion(const Module &M) const;
▲ Show 20 LinesShow All 982 Lines▼ Show 20 Lines if (Function *F = dyn_cast<Function>(CS->getOperand(1))) {
// Don't instrument CTORs that will run before asan.module_ctor. // Don't instrument CTORs that will run before asan.module_ctor.
if (Priority->getLimitedValue() <= GetCtorAndDtorPriority(TargetTriple)) if (Priority->getLimitedValue() <= GetCtorAndDtorPriority(TargetTriple))
continue; continue;
poisonOneInitializer(*F, ModuleName); poisonOneInitializer(*F, ModuleName);
} }
} }
} }
bool ModuleAddressSanitizer::ShouldInstrumentGlobal(GlobalVariable *G) { bool ModuleAddressSanitizer::canInstrumentAliasedGlobal(
const GlobalAlias &GA) const {
// In case this function should be expanded to include rules that do not just
gliderUnsubmitted
Done
ReplyInline Actions

Maybe it's better to call this function only if CompileKernel is true?
I don't think we need it except for the kernel.

glider: Maybe it's better to call this function only if CompileKernel is true? I don't think we need it…
melverAuthorUnsubmitted
Done
ReplyInline Actions

Done, though the previous version was cleaner. I guarded the call but now we need an assert and a comment to make sure the check is moved when people decide to use this for more than the kernel.

melver: Done, though the previous version was cleaner. I guarded the call but now we need an assert and…
// apply when CompileKernel is true, either guard all existing rules with an
// 'if (CompileKernel) { ... }' or be absolutely sure that all these rules
// should also apply to user space.
assert(CompileKernel && "Only expecting to be called when compiling kernel");
// When compiling the kernel, globals that are aliased by symbols prefixed
// by "__" are special and cannot be padded with a redzone.
if (GA.getName().startswith("__"))
return false;
return true;
}
bool ModuleAddressSanitizer::shouldInstrumentGlobal(GlobalVariable *G) const {
Type *Ty = G->getValueType(); Type *Ty = G->getValueType();
LLVM_DEBUG(dbgs() << "GLOBAL: " << *G << "\n"); LLVM_DEBUG(dbgs() << "GLOBAL: " << *G << "\n");
// FIXME: Metadata should be attched directly to the global directly instead // FIXME: Metadata should be attched directly to the global directly instead
// of being added to llvm.asan.globals. // of being added to llvm.asan.globals.
if (GlobalsMD.get(G).IsBlacklisted) return false; if (GlobalsMD.get(G).IsBlacklisted) return false;
if (!Ty->isSized()) return false; if (!Ty->isSized()) return false;
if (!G->hasInitializer()) return false; if (!G->hasInitializer()) return false;
Show All 30 Lines case Comdat::NoDuplicates:
break; break;
case Comdat::Largest: case Comdat::Largest:
case Comdat::SameSize: case Comdat::SameSize:
return false; return false;
} }
} }
if (G->hasSection()) { if (G->hasSection()) {
// The kernel uses explicit sections for mostly special global variables
// that we should not instrument. E.g. the kernel may rely on their layout
// without redzones, or remove them at link time ("discard.*"), etc.
if (CompileKernel)
return false;
StringRef Section = G->getSection(); StringRef Section = G->getSection();
// Globals from llvm.metadata aren't emitted, do not instrument them. // Globals from llvm.metadata aren't emitted, do not instrument them.
if (Section == "llvm.metadata") return false; if (Section == "llvm.metadata") return false;
// Do not instrument globals from special LLVM sections. // Do not instrument globals from special LLVM sections.
if (Section.find("__llvm") != StringRef::npos || Section.find("__LLVM") != StringRef::npos) return false; if (Section.find("__llvm") != StringRef::npos || Section.find("__LLVM") != StringRef::npos) return false;
// Do not instrument function pointers to initialization and termination // Do not instrument function pointers to initialization and termination
▲ Show 20 LinesShow All 50 Lines▼ Show 20 Lines if (TargetTriple.isOSBinFormatMachO()) {
// trailing zeroes. // trailing zeroes.
if (ParsedSegment == "__TEXT" && (TAA & MachO::S_CSTRING_LITERALS)) { if (ParsedSegment == "__TEXT" && (TAA & MachO::S_CSTRING_LITERALS)) {
LLVM_DEBUG(dbgs() << "Ignoring a cstring literal: " << *G << "\n"); LLVM_DEBUG(dbgs() << "Ignoring a cstring literal: " << *G << "\n");
return false; return false;
} }
} }
} }
if (CompileKernel) {
// Globals that prefixed by "__" are special and cannot be padded with a
// redzone.
if (G->getName().startswith("__"))
return false;
}
return true; return true;
} }
// On Mach-O platforms, we emit global metadata in a separate section of the // On Mach-O platforms, we emit global metadata in a separate section of the
// binary in order to allow the linker to properly dead strip. This is only // binary in order to allow the linker to properly dead strip. This is only
// supported on recent versions of ld64. // supported on recent versions of ld64.
bool ModuleAddressSanitizer::ShouldUseMachOGlobalsSection() const { bool ModuleAddressSanitizer::ShouldUseMachOGlobalsSection() const {
gliderUnsubmitted
Done
ReplyInline Actions

This change looks unrelated to the rest.

glider: This change looks unrelated to the rest.
if (!TargetTriple.isOSBinFormatMachO()) if (!TargetTriple.isOSBinFormatMachO())
return false; return false;
if (TargetTriple.isMacOSX() && !TargetTriple.isMacOSXVersionLT(10, 11)) if (TargetTriple.isMacOSX() && !TargetTriple.isMacOSXVersionLT(10, 11))
return true; return true;
if (TargetTriple.isiOS() /* or tvOS */ && !TargetTriple.isOSVersionLT(9)) if (TargetTriple.isiOS() /* or tvOS */ && !TargetTriple.isOSVersionLT(9))
return true; return true;
if (TargetTriple.isWatchOS() && !TargetTriple.isOSVersionLT(2)) if (TargetTriple.isWatchOS() && !TargetTriple.isOSVersionLT(2))
▲ Show 20 LinesShow All 306 Lines▼ Show 20 Lines
// trailing redzones. It also creates a function that poisons // trailing redzones. It also creates a function that poisons
// redzones and inserts this function into llvm.global_ctors. // redzones and inserts this function into llvm.global_ctors.
// Sets *CtorComdat to true if the global registration code emitted into the // Sets *CtorComdat to true if the global registration code emitted into the
// asan constructor is comdat-compatible. // asan constructor is comdat-compatible.
bool ModuleAddressSanitizer::InstrumentGlobals(IRBuilder<> &IRB, Module &M, bool ModuleAddressSanitizer::InstrumentGlobals(IRBuilder<> &IRB, Module &M,
bool *CtorComdat) { bool *CtorComdat) {
*CtorComdat = false; *CtorComdat = false;
SmallVector<GlobalVariable *, 16> GlobalsToChange; // Build set of globals that are aliased by some GA, where
// canInstrumentAliasedGlobal(GA) returns false.
SmallPtrSet<const GlobalVariable *, 16> AliasedGlobalBlacklist;
if (CompileKernel) {
for (auto &GA : M.aliases()) {
if (const auto *GV = dyn_cast<GlobalVariable>(GA.getAliasee())) {
if (!canInstrumentAliasedGlobal(GA))
AliasedGlobalBlacklist.insert(GV);
}
}
}
SmallVector<GlobalVariable *, 16> GlobalsToChange;
for (auto &G : M.globals()) { for (auto &G : M.globals()) {
if (ShouldInstrumentGlobal(&G)) GlobalsToChange.push_back(&G); if (!AliasedGlobalBlacklist.count(&G) && shouldInstrumentGlobal(&G))
GlobalsToChange.push_back(&G);
} }
size_t n = GlobalsToChange.size(); size_t n = GlobalsToChange.size();
if (n == 0) { if (n == 0) {
*CtorComdat = true; *CtorComdat = true;
return false; return false;
} }
▲ Show 20 LinesShow All 192 Lines▼ Show 20 Linesint ModuleAddressSanitizer::GetAsanVersion(const Module &M) const {
// shadow. // shadow.
Version += (LongSize == 32 && isAndroid); Version += (LongSize == 32 && isAndroid);
return Version; return Version;
} }
bool ModuleAddressSanitizer::instrumentModule(Module &M) { bool ModuleAddressSanitizer::instrumentModule(Module &M) {
initializeCallbacks(M); initializeCallbacks(M);
if (CompileKernel)
return false;
// Create a module constructor. A destructor is created lazily because not all // Create a module constructor. A destructor is created lazily because not all
// platforms, and not all modules need it. // platforms, and not all modules need it.
if (CompileKernel) {
// The kernel always builds with its own runtime, and therefore does not
// need the init and version check calls.
AsanCtorFunction = createSanitizerCtor(M, kAsanModuleCtorName);
} else {
std::string AsanVersion = std::to_string(GetAsanVersion(M)); std::string AsanVersion = std::to_string(GetAsanVersion(M));
std::string VersionCheckName = std::string VersionCheckName =
ClInsertVersionCheck ? (kAsanVersionCheckNamePrefix + AsanVersion) : ""; ClInsertVersionCheck ? (kAsanVersionCheckNamePrefix + AsanVersion) : "";
std::tie(AsanCtorFunction, std::ignore) = createSanitizerCtorAndInitFunctions( std::tie(AsanCtorFunction, std::ignore) =
M, kAsanModuleCtorName, kAsanInitName, /*InitArgTypes=*/{}, createSanitizerCtorAndInitFunctions(M, kAsanModuleCtorName,
kAsanInitName, /*InitArgTypes=*/{},
/*InitArgs=*/{}, VersionCheckName); /*InitArgs=*/{}, VersionCheckName);
}
bool CtorComdat = true; bool CtorComdat = true;
// TODO(glider): temporarily disabled globals instrumentation for KASan.
if (ClGlobals) { if (ClGlobals) {
IRBuilder<> IRB(AsanCtorFunction->getEntryBlock().getTerminator()); IRBuilder<> IRB(AsanCtorFunction->getEntryBlock().getTerminator());
InstrumentGlobals(IRB, M, &CtorComdat); InstrumentGlobals(IRB, M, &CtorComdat);
} }
const uint64_t Priority = GetCtorAndDtorPriority(TargetTriple); const uint64_t Priority = GetCtorAndDtorPriority(TargetTriple);
// Put the constructor and destructor in comdat if both // Put the constructor and destructor in comdat if both
▲ Show 20 LinesShow All 963 LinesShow Last 20 Lines

llvm/lib/Transforms/Utils/ModuleUtils.cpp

Show First 20 LinesShow All 113 Lines▼ Show 20 Linesllvm::declareSanitizerInitFunction(Module &M, StringRef InitName,
ArrayRef<Type *> InitArgTypes) { ArrayRef<Type *> InitArgTypes) {
assert(!InitName.empty() && "Expected init function name"); assert(!InitName.empty() && "Expected init function name");
return M.getOrInsertFunction( return M.getOrInsertFunction(
InitName, InitName,
FunctionType::get(Type::getVoidTy(M.getContext()), InitArgTypes, false), FunctionType::get(Type::getVoidTy(M.getContext()), InitArgTypes, false),
AttributeList()); AttributeList());
} }
Function *llvm::createSanitizerCtor(Module &M, StringRef CtorName) {
Function *Ctor = Function::Create(
FunctionType::get(Type::getVoidTy(M.getContext()), false),
GlobalValue::InternalLinkage, CtorName, &M);
BasicBlock *CtorBB = BasicBlock::Create(M.getContext(), "", Ctor);
ReturnInst::Create(M.getContext(), CtorBB);
return Ctor;
}
std::pair<Function *, FunctionCallee> llvm::createSanitizerCtorAndInitFunctions( std::pair<Function *, FunctionCallee> llvm::createSanitizerCtorAndInitFunctions(
Module &M, StringRef CtorName, StringRef InitName, Module &M, StringRef CtorName, StringRef InitName,
ArrayRef<Type *> InitArgTypes, ArrayRef<Value *> InitArgs, ArrayRef<Type *> InitArgTypes, ArrayRef<Value *> InitArgs,
StringRef VersionCheckName) { StringRef VersionCheckName) {
assert(!InitName.empty() && "Expected init function name"); assert(!InitName.empty() && "Expected init function name");
assert(InitArgs.size() == InitArgTypes.size() && assert(InitArgs.size() == InitArgTypes.size() &&
"Sanitizer's init function expects different number of arguments"); "Sanitizer's init function expects different number of arguments");
FunctionCallee InitFunction = FunctionCallee InitFunction =
declareSanitizerInitFunction(M, InitName, InitArgTypes); declareSanitizerInitFunction(M, InitName, InitArgTypes);
Function *Ctor = Function::Create( Function *Ctor = createSanitizerCtor(M, CtorName);
FunctionType::get(Type::getVoidTy(M.getContext()), false), IRBuilder<> IRB(Ctor->getEntryBlock().getTerminator());
GlobalValue::InternalLinkage, CtorName, &M);
BasicBlock *CtorBB = BasicBlock::Create(M.getContext(), "", Ctor);
IRBuilder<> IRB(ReturnInst::Create(M.getContext(), CtorBB));
IRB.CreateCall(InitFunction, InitArgs); IRB.CreateCall(InitFunction, InitArgs);
if (!VersionCheckName.empty()) { if (!VersionCheckName.empty()) {
FunctionCallee VersionCheckFunction = M.getOrInsertFunction( FunctionCallee VersionCheckFunction = M.getOrInsertFunction(
VersionCheckName, FunctionType::get(IRB.getVoidTy(), {}, false), VersionCheckName, FunctionType::get(IRB.getVoidTy(), {}, false),
AttributeList()); AttributeList());
IRB.CreateCall(VersionCheckFunction, {}); IRB.CreateCall(VersionCheckFunction, {});
} }
return std::make_pair(Ctor, InitFunction); return std::make_pair(Ctor, InitFunction);
▲ Show 20 LinesShow All 171 LinesShow Last 20 Lines