Page MenuHomePhabricator

mlemay-intel (Michael LeMay)
User

Projects

User does not belong to any projects.

User Details

User Since
Dec 16 2015, 4:37 PM (208 w, 2 d)

Recent Activity

Feb 9 2017

mlemay-intel updated the diff for D29655: [X86] Link safestacksepseg runtime.

Added test.

Feb 9 2017, 9:00 PM
mlemay-intel updated the diff for D29655: [X86] Link safestacksepseg runtime.

Only link safestacksepseg, not safestack. I changed the build configuration for safestacksepseg to also include the files in safestack.

Feb 9 2017, 6:10 PM
mlemay-intel updated the diff for D29657: [safestack] Add runtime support for MPX-based hardening.
  • Reserve space during runtime library initialization for safe stacks to be allocated later. This helps to prevent ordinary data from being allocated at addresses that could lead to bound check violations.
  • Protect the variable that records the address of the most recent safe stack by moving it above the bound.
  • Add MprotectReadWrite to sanitizer_posix.cc.
Feb 9 2017, 6:08 PM

Feb 7 2017

mlemay-intel added a comment to D29657: [safestack] Add runtime support for MPX-based hardening.
In D29657#669919, @kcc wrote:

Michael ,
Please excuse me if I missed some email thread on llvm-dev describing at the high level what you are doing with MPX.
If there was no such thread I encourage you to start one.

I am personally extremely skeptical about anything related to MPX
(see https://github.com/google/sanitizers/wiki/AddressSanitizerIntelMemoryProtectionExtensions and the more recent and detailed intel-mpx.github.io).
Now, from a quick glance it looks like you are using the MPX instructions for something else,
but it deserves a discussion before we look at the patches.

Feb 7 2017, 2:07 PM
mlemay-intel added a parent revision for D29655: [X86] Link safestacksepseg runtime: D17092: [X86] Add -mseparate-stack-seg.
Feb 7 2017, 8:39 AM
mlemay-intel added a child revision for D17092: [X86] Add -mseparate-stack-seg: D29655: [X86] Link safestacksepseg runtime.
Feb 7 2017, 8:39 AM
mlemay-intel added a child revision for D29646: [X86] Add separate-stack-seg feature: D29649: [X86] Add X86SafeStackBoundsChecking pass.
Feb 7 2017, 8:38 AM
mlemay-intel added a parent revision for D29649: [X86] Add X86SafeStackBoundsChecking pass: D29646: [X86] Add separate-stack-seg feature.
Feb 7 2017, 8:38 AM
mlemay-intel added a parent revision for D29652: [X86] Add X86SafeStackBoundsCheckingCombiner pass: D29649: [X86] Add X86SafeStackBoundsChecking pass.
Feb 7 2017, 8:38 AM
mlemay-intel added a child revision for D29649: [X86] Add X86SafeStackBoundsChecking pass: D29652: [X86] Add X86SafeStackBoundsCheckingCombiner pass.
Feb 7 2017, 8:38 AM
mlemay-intel updated subscribers of D29655: [X86] Link safestacksepseg runtime.
Feb 7 2017, 8:37 AM
mlemay-intel created D29657: [safestack] Add runtime support for MPX-based hardening.
Feb 7 2017, 8:36 AM
mlemay-intel created D29655: [X86] Link safestacksepseg runtime.
Feb 7 2017, 8:30 AM
mlemay-intel updated the summary of D17092: [X86] Add -mseparate-stack-seg.
Feb 7 2017, 8:28 AM
mlemay-intel updated the diff for D17092: [X86] Add -mseparate-stack-seg.

Removed the portions that are specific to 32-bit segmentation. I plan to resubmit those later as a separate patch.

Feb 7 2017, 8:27 AM
mlemay-intel added a child revision for D29652: [X86] Add X86SafeStackBoundsCheckingCombiner pass: D27169: [x86] Fix getAddressFromInstr.
Feb 7 2017, 8:23 AM
mlemay-intel added a parent revision for D27169: [x86] Fix getAddressFromInstr: D29652: [X86] Add X86SafeStackBoundsCheckingCombiner pass.
Feb 7 2017, 8:23 AM
mlemay-intel updated the diff for D27169: [x86] Fix getAddressFromInstr.

Added test.

Feb 7 2017, 8:23 AM
mlemay-intel created D29652: [X86] Add X86SafeStackBoundsCheckingCombiner pass.
Feb 7 2017, 8:22 AM
mlemay-intel created D29649: [X86] Add X86SafeStackBoundsChecking pass.
Feb 7 2017, 8:20 AM
mlemay-intel created D29646: [X86] Add separate-stack-seg feature.
Feb 7 2017, 8:17 AM

Jan 27 2017

mlemay-intel added inline comments to D27169: [x86] Fix getAddressFromInstr.
Jan 27 2017, 11:59 AM
mlemay-intel added a comment to D27169: [x86] Fix getAddressFromInstr.

I don't have a test case yet, since I have only encountered this issue while developing a pass that I have not yet open-sourced. However, I'll look for where else this routine is used and I'll see if I can generate a test based on that.

Jan 27 2017, 11:54 AM

Jan 18 2017

mlemay-intel added a comment to D27169: [x86] Fix getAddressFromInstr.

ping

Jan 18 2017, 3:12 PM

Dec 5 2016

mlemay-intel retitled D27437: [TargetInstrInfo] replace redundant expression in getMemOpBaseRegImmOfs from to [TargetInstrInfo] replace redundant expression in getMemOpBaseRegImmOfs.
Dec 5 2016, 5:31 PM
mlemay-intel added a reviewer for D27169: [x86] Fix getAddressFromInstr: craig.topper.
Dec 5 2016, 9:08 AM

Nov 29 2016

mlemay-intel updated the diff for D17095: [X86] Add X86FixupSeparateStack pass.

Mark EAX as not being derived from any possible stack pointer registers after calls.

Nov 29 2016, 3:47 PM

Nov 28 2016

mlemay-intel retitled D27169: [x86] Fix getAddressFromInstr from to [x86] Fix getAddressFromInstr.
Nov 28 2016, 9:46 AM

Nov 16 2016

mlemay-intel updated the diff for D17095: [X86] Add X86FixupSeparateStack pass.

Revised comments.
Converted a condition into an assertion in AddrRegReqs::lookupRoots.

Nov 16 2016, 4:53 PM

Nov 2 2016

mlemay-intel updated the diff for D26064: [ADT] IntervalMap: fix setStart and setStop.

Eliminated unnecessary space in template instantiation.
Revised test for half-open intervals to cover using setStop to create an interval with a length of 1.

Nov 2 2016, 4:19 PM

Nov 1 2016

mlemay-intel retitled D19170: [safestack] Do not link SafeStack runtime for musl environments from [safestack] Link SafeStack runtime only when not using separate stack segment to [safestack] Do not link SafeStack runtime for musl environments.
Nov 1 2016, 2:41 PM
mlemay-intel updated the diff for D19170: [safestack] Do not link SafeStack runtime for musl environments.

Disabled linking of the compiler-rt SafeStack runtime library for musl
environments rather than for targets that use the separate stack segment
feature. This reflects changes in my proposed musl libc patches to add
architecture-independent support for storing USP in the TCB.

Nov 1 2016, 2:39 PM

Oct 31 2016

mlemay-intel updated D19762: [safestack] Support USP in TCB for musl libc.
Oct 31 2016, 10:31 AM
mlemay-intel updated the diff for D19762: [safestack] Support USP in TCB for musl libc.

Updated so that USP is stored in TCB for all musl libc environments on X86,
rather than just those on Linux with the separate stack segment feature enabled.

Oct 31 2016, 10:31 AM

Oct 29 2016

mlemay-intel added a comment to D26064: [ADT] IntervalMap: fix setStart and setStop.
In D26064#582725, @vsk wrote:

LGTM. Could you wait a day or two before committing? I haven't worked on IntervalMap before, so it'd be nice to others a chance to chime in.

Oct 29 2016, 7:52 AM

Oct 28 2016

mlemay-intel updated the diff for D26064: [ADT] IntervalMap: fix setStart and setStop.

Added unit tests.

Oct 28 2016, 4:48 PM
mlemay-intel added a comment to D26064: [ADT] IntervalMap: fix setStart and setStop.
In D26064#582202, @vsk wrote:
In D26064#581794, @vsk wrote:

...

  • If we create a 0-element interval using setStart/setStop, it just gets deleted.

The revised assertion will fail in that case. Is deleting the interval actually the desired behavior?

Looking at it more, it shouldn't be possible to do what I described (creating a 0-element interval using setStart/setStop). I'm walking the request for that test back :).

Sounds good, thanks. :)

Oct 28 2016, 11:15 AM
mlemay-intel added a comment to D26064: [ADT] IntervalMap: fix setStart and setStop.
In D26064#581794, @vsk wrote:

...

  • If we create a 0-element interval using setStart/setStop, it just gets deleted.

The revised assertion will fail in that case. Is deleting the interval actually the desired behavior?

Oct 28 2016, 10:51 AM

Oct 27 2016

mlemay-intel retitled D26064: [ADT] IntervalMap: fix setStart and setStop from to [ADT] IntervalMap: fix setStart and setStop.
Oct 27 2016, 9:30 PM

Oct 25 2016

mlemay-intel abandoned D19853: [safestack] Add -fruntime-init to support invoking functions during runtime init.

I was able to setup a temporary thread control block early enough in musl libc initialization to obviate the need for an attribute like runtime_init.

Oct 25 2016, 8:29 PM
mlemay-intel abandoned D19761: [safestack] Support safestack_call_for_usp attribute.

I was able to setup a temporary thread control block early enough in musl libc initialization to obviate the need for this patch.

Oct 25 2016, 8:25 PM

Oct 24 2016

mlemay-intel added a comment to D19761: [safestack] Support safestack_call_for_usp attribute.

Do you really need all this complexity, and even a magic function attribute (which is btw entirely safestack-specific, so should have "safestack" in the name)?

You're correct that there are simpler ways to handle runtime initialization. I have been able to modify musl libc to successfully initialize based on this revised patch. I also no longer need D19853. I use -force-attribute instead.

We've had the same problem on Android, and were able to solve it entirely on the libc side:
https://android-review.googlesource.com/#/c/170988/23/linker/linker_main.cpp

I'll try to move initialization of a basic thread control block containing the USP early enough in musl libc to avoid the need for this patch. I'll report back after I've had a chance to try that.

Alternatively, consider moving this code into a runtime library function. Then SafeStack instrumentation would just call a function in the prologue instead of reading from a global. This would be good for code size.

This revised patch uses the existing code that calls out to __safestack_pointer_address.

Oct 24 2016, 4:58 PM
mlemay-intel retitled D19761: [safestack] Support safestack_call_for_usp attribute from [safestack] Support runtime_init attribute in SafeStack pass to [safestack] Support safestack_call_for_usp attribute.
Oct 24 2016, 4:11 PM
mlemay-intel updated the diff for D19761: [safestack] Support safestack_call_for_usp attribute.

Changed name of attribute to safestack_call_for_usp.
Invoke a __safestack_pointer_address function instead of generating inline code to select and access multiple USPs.

Oct 24 2016, 4:10 PM
mlemay-intel updated the diff for D17095: [X86] Add X86FixupSeparateStack pass.

Added -sep-stk-seg-flat-mem-func option to specify functions that use a flat memory model.
Fixed bug in StackPtrSpillReqs::supply to prevent coalescing of ranges that need to remain separate.

Oct 24 2016, 3:57 PM

Oct 20 2016

mlemay-intel updated the diff for D19761: [safestack] Support safestack_call_for_usp attribute.

Updated LangRef.

Oct 20 2016, 9:14 AM

Oct 19 2016

mlemay-intel updated the diff for D19762: [safestack] Support USP in TCB for musl libc.

Revised patch so that it no longer modifies X86 subtarget.

Oct 19 2016, 4:44 PM
mlemay-intel added a parent revision for D17094: [safestack] Move allocations to support separate stack segment: D17095: [X86] Add X86FixupSeparateStack pass.
Oct 19 2016, 4:40 PM
mlemay-intel added a child revision for D17095: [X86] Add X86FixupSeparateStack pass: D17094: [safestack] Move allocations to support separate stack segment.
Oct 19 2016, 4:40 PM
mlemay-intel updated the diff for D19761: [safestack] Support safestack_call_for_usp attribute.

Rebased.

Oct 19 2016, 4:35 PM

Oct 11 2016

mlemay-intel updated the diff for D17095: [X86] Add X86FixupSeparateStack pass.

Add new pass to registry.
Convert tests to MIR form.
Update tests to reflect previous removal of assertion for certain stores of stack pointers.

Oct 11 2016, 11:24 AM

Oct 10 2016

mlemay-intel added a comment to D25340: [safestack] Move tests into X86 subdirectory.

@pcc @andrew.w.kaylor: Can you please both confirm whether this patch is still acceptable as a short term solution for the build issue discussed in D24896?

Oct 10 2016, 12:04 PM
mlemay-intel added a reviewer for D25340: [safestack] Move tests into X86 subdirectory: andrew.w.kaylor.
Oct 10 2016, 12:01 PM
mlemay-intel updated the diff for D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS.

Use Subtarget.getTargetTriple().isOSContiki instead of Subtarget.isTargetContiki.
Make TargetLoweringBase::getDefaultSafeStackPointerLocation non-virtual.

Oct 10 2016, 11:56 AM
mlemay-intel updated the diff for D24897: Define "contiki" OS specifier..

Remove isTargetContiki from X86Subtarget.

Oct 10 2016, 11:50 AM
mlemay-intel added a comment to D17095: [X86] Add X86FixupSeparateStack pass.
In D17095#565252, @zvi wrote:

I may be able to look at this next week, but it is a bit outside of my area of expertise. Maybe find another reviewer?

Thank you. I added you as a reviewer to all of these since they are all related to SafeStack, but I'll also look for another reviewer as you suggested.

Also, this needs tests. A lot of tests.

I haven't yet found any existing tests in LLVM for a pass like this that I can use as an example, but I'll keep looking. The challenge in writing a test for this pass that fits in the LLVM testing framework is that this pass modifies particular instructions depending on which registers get allocated as base registers for the instructions' memory operands, etc. When a test is written as IR, I don't know of a way to control which registers get selected.

Now that tests were added to this patch in .ll form, would it be better to change them to machine IR (.mir) form?

Oct 10 2016, 10:35 AM

Oct 6 2016

mlemay-intel added inline comments to D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS.
Oct 6 2016, 2:00 PM
mlemay-intel added a parent revision for D24896: [safestack] Require TargetMachine to be provided.: D25340: [safestack] Move tests into X86 subdirectory.
Oct 6 2016, 12:59 PM
mlemay-intel added a child revision for D25340: [safestack] Move tests into X86 subdirectory: D24896: [safestack] Require TargetMachine to be provided..
Oct 6 2016, 12:59 PM
mlemay-intel retitled D25340: [safestack] Move tests into X86 subdirectory from to [safestack] Move tests into X86 subdirectory.
Oct 6 2016, 11:58 AM
mlemay-intel added a comment to D24896: [safestack] Require TargetMachine to be provided..
In D24896#562745, @pcc wrote:

You could add REQUIRES: x86-registered-target to each of the failing tests

Oct 6 2016, 10:35 AM

Oct 5 2016

mlemay-intel added a comment to D24896: [safestack] Require TargetMachine to be provided..

The hexagon-build-02 buildbot detected failures caused by this patch: http://lab.llvm.org:8011/builders/llvm-hexagon-elf/builds/34095 The "Target machine is required" error is being reported. I was able to reproduce those failures by building a version of LLVM that only targets Hexagon. I'm surprised by these failures, since I would expect such a toolchain to simply report that the test is unsupported given that X86 triples are specified on the opt command lines. I don't yet know of a good way to revise this patch to resolve those failures while still avoiding duplicating code in D19852.

Oct 5 2016, 2:34 PM

Sep 28 2016

mlemay-intel updated the diff for D17095: [X86] Add X86FixupSeparateStack pass.

Avoids erasing previous derivation data when a register is both used and defined in an instruction.
Ignores implicit and undef registers when tracking derivation.
Removes code and associated options for tracking variadic argument pointers.
Eliminates assert on storing stack pointers to memory.

Sep 28 2016, 8:59 AM

Sep 27 2016

mlemay-intel added a reviewer for D24897: Define "contiki" OS specifier.: RKSimon.
Sep 27 2016, 3:52 PM

Sep 26 2016

mlemay-intel added a comment to D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS.
Sep 26 2016, 9:00 PM
mlemay-intel updated the diff for D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS.

Reworded a comment.

Sep 26 2016, 9:00 PM
mlemay-intel added a reviewer for D24897: Define "contiki" OS specifier.: davide.
Sep 26 2016, 8:21 PM
mlemay-intel updated the diff for D24896: [safestack] Require TargetMachine to be provided..

Convert assert to report_fatal_error.

Sep 26 2016, 2:20 PM
mlemay-intel updated D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS.
Sep 26 2016, 8:22 AM

Sep 24 2016

mlemay-intel updated the diff for D24897: Define "contiki" OS specifier..

Added test.

Sep 24 2016, 9:00 PM
mlemay-intel added parent revisions for D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS: D24896: [safestack] Require TargetMachine to be provided., D24897: Define "contiki" OS specifier..
Sep 24 2016, 4:58 PM
mlemay-intel added a child revision for D24896: [safestack] Require TargetMachine to be provided.: D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS.
Sep 24 2016, 4:58 PM
mlemay-intel added a child revision for D24897: Define "contiki" OS specifier.: D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS.
Sep 24 2016, 4:58 PM
mlemay-intel updated the diff for D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS.

Refactored to avoid duplicating code.

Sep 24 2016, 4:55 PM
mlemay-intel retitled D24897: Define "contiki" OS specifier. from to Define "contiki" OS specifier..
Sep 24 2016, 4:51 PM
mlemay-intel retitled D24896: [safestack] Require TargetMachine to be provided. from to [safestack] Require TargetMachine to be provided..
Sep 24 2016, 4:50 PM

Sep 23 2016

mlemay-intel added inline comments to D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS.
Sep 23 2016, 4:52 PM
mlemay-intel added a parent revision for D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS: D19854: Define Contiki OS toolchain.
Sep 23 2016, 4:27 PM
mlemay-intel added a child revision for D19854: Define Contiki OS toolchain: D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS.
Sep 23 2016, 4:27 PM
mlemay-intel added parent revisions for D19170: [safestack] Do not link SafeStack runtime for musl environments: D17092: [X86] Add -mseparate-stack-seg, D17094: [safestack] Move allocations to support separate stack segment, D17095: [X86] Add X86FixupSeparateStack pass.
Sep 23 2016, 4:25 PM
mlemay-intel added a child revision for D17092: [X86] Add -mseparate-stack-seg: D19170: [safestack] Do not link SafeStack runtime for musl environments.
Sep 23 2016, 4:25 PM
mlemay-intel added a child revision for D17094: [safestack] Move allocations to support separate stack segment: D19170: [safestack] Do not link SafeStack runtime for musl environments.
Sep 23 2016, 4:25 PM
mlemay-intel added a child revision for D17095: [X86] Add X86FixupSeparateStack pass: D19170: [safestack] Do not link SafeStack runtime for musl environments.
Sep 23 2016, 4:25 PM
mlemay-intel added a comment to D19170: [safestack] Do not link SafeStack runtime for musl environments.

Looks like patch was not committed.

Sep 23 2016, 4:20 PM
mlemay-intel added inline comments to D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS.
Sep 23 2016, 4:00 PM
mlemay-intel added a comment to D19854: Define Contiki OS toolchain.

Looks like patch was not committed.

Sep 23 2016, 3:09 PM

Sep 22 2016

mlemay-intel updated the diff for D17095: [X86] Add X86FixupSeparateStack pass.

Fixed a bug in how segment switching instructions were inserted around string instructions.
Made comment indentation more consistent.
Added support for tracking the flow of stack pointer values through instructions with multiple register inputs (e.g. CMOV instructions).
Enhanced spill/fill tracking to support functions with eliminated frame pointers.
Selected more efficient data structures.
Revised AddrRegReqs::derive to reflect the fact that stack pointer values do not flow through the flags register.

Sep 22 2016, 12:39 PM

Sep 19 2016

mlemay-intel added a reviewer for D19762: [safestack] Support USP in TCB for musl libc: zlei.
Sep 19 2016, 10:38 AM
mlemay-intel added a comment to D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS.

ping. Please keep in mind that this is independent of my patches for supporting a separate stack segment. This patch is needed to enable SafeStack for Contiki OS.

Sep 19 2016, 9:13 AM

Sep 9 2016

mlemay-intel added a comment to D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS.

ping

Sep 9 2016, 1:59 PM

Sep 2 2016

mlemay-intel added a comment to D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS.
Sep 2 2016, 2:28 PM
mlemay-intel updated the diff for D19761: [safestack] Support safestack_call_for_usp attribute.

Rebase.

Sep 2 2016, 2:22 PM
mlemay-intel updated D19762: [safestack] Support USP in TCB for musl libc.
Sep 2 2016, 2:17 PM
mlemay-intel updated the diff for D19762: [safestack] Support USP in TCB for musl libc.

Rebase.

Sep 2 2016, 2:16 PM
mlemay-intel updated the diff for D17095: [X86] Add X86FixupSeparateStack pass.

Rebase.
Revise StackPtrSpillReqs::addPredecessor to correctly handle the case when Demand is empty.
Revise comments and fix whitespace.

Sep 2 2016, 2:12 PM

Sep 1 2016

mlemay-intel updated the diff for D19854: Define Contiki OS toolchain.

Fixed indentation of Contiki constructor in ToolChains.h.

Sep 1 2016, 2:54 PM
mlemay-intel updated the diff for D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS.

Moved new OS type definition to end of list.

Sep 1 2016, 2:44 PM

Jun 10 2016

mlemay-intel updated the diff for D19854: Define Contiki OS toolchain.

Added driver test.

Jun 10 2016, 8:25 AM

Jun 9 2016

mlemay-intel added inline comments to D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS.
Jun 9 2016, 1:44 PM

Jun 8 2016

mlemay-intel added a comment to D19852: [safestack] Use non-thread-local unsafe stack pointer for Contiki OS.

This patch and D19854 are useful independent of my segmentation-related patches. I also have a Contiki OS patch that is blocked on these. So, I would appreciate having these reviewed separately from my other patches. Thanks!

Jun 8 2016, 4:13 PM