This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[RFC][PATCH 11/X][libsanitizer] Uncolour stack frame on function exit

From: Matthew Malcomson <Matthew dot Malcomson at arm dot com>
To: "gcc-patches at gcc dot gnu dot org" <gcc-patches at gcc dot gnu dot org>
Cc: "mliska at suse dot cz" <mliska at suse dot cz>, "dodji at redhat dot com" <dodji at redhat dot com>, nd <nd at arm dot com>, "kcc at google dot com" <kcc at google dot com>, "jakub at redhat dot com" <jakub at redhat dot com>, "dvyukov at google dot com" <dvyukov at google dot com>
Date: Fri, 6 Sep 2019 14:46:19 +0000
Subject: [RFC][PATCH 11/X][libsanitizer] Uncolour stack frame on function exit
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BSFonIJVeP+LNT3zae4u7dvQPM28QvZcGo54lekUSDw=; b=a708YGRRRmlmL94x87SiQ/yBvUNK8+N9mSlHujQLo5Sn84vAarZJei+E4Z18749Fb+We6NcsHNJqsFfjQUHXt981SaVHoPFLgV2jh1aQ3LaEjlLMfoxUTgTvjq1h+aMaNr85ou2sg7sbX/o8a8G4VyqKc9l3Ly5GmbC2M53imzZoGVg/uj4htkv8lS+mJI8NLvAofsUZ//N+HQCqChso4mwBb1WRo5Iz789CACWk3t2gZEbRjg8HH+fxIpQnKJ5/9Sg4EV0VKDu21SxFxL9zJrwR6pRc5cTYI4bqg79HL+ieST5oGvNCEs4ijLgDY+aDst47jijX5j5KNjcISEovEw==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dKs/cX44KHNVavXo2lS3yrAz+NAFcgJMx8SjYA0NVnZ4VsAkcuRn9bdS9DJrbQ+GywLU5CUEpHIhOaQ6KpGMsvrOAeZ2u4B+o5jRBBLR1M7POyyZah2gr3B99KZ4xXA1Tvu+4DEt4TZXcQZ9Sk6ijKTljyXABuSg0kyk8sV49fdjq7iMSoHW5PVPYtp2C9gxzfY8WdONR/pkvdMuchIRZ+2CvBgv/+ZpeS3vRQoYu3ytBMkk2qVaSrBMFoAzhQw+N0zr0mh4a5+48xAKUyA1ijBGKmuWCs8OU3nB2ZrhXmeqIOCUmolEoNDz1+Z+JOLcCjgtuVqCOB5IkroPc47kqA==
Original-authentication-results: spf=none (sender IP is ) smtp.mailfrom=Matthew dot Malcomson at arm dot com;
References: <156778058239.16148.17480879484406897649.scripted-patch-series@arm.com>

When exiting a function we need to ensure the shadow stack for this
function has no remaining colour.  Without clearing the shadow stack
area for this function pointer checks to later function calls could
check untagged areas (such as parameters passed on the stack) against
a shadow stack area with left-over colour causing a false-positive.

Here we ensure that the entire stack frame is cleared on function exit.

gcc/ChangeLog:

2019-09-06  Matthew Malcomson  <matthew.malcomson@arm.com>

	* asan.c (hwasan_emit_uncolour_frame): New.
	* asan.h (hwasan_emit_uncolour_frame): New.
	* cfgexpand.c (expand_used_vars): Uncolour shadow frame on
	function exit.



###############     Attachment also inlined for ease of reply    ###############


diff --git a/gcc/asan.h b/gcc/asan.h
index 028afdd2e7d16245c6cbbe106b7ccb9c5034d542..c5492ce35980d0b26d4707f96482b69dc76a525a 100644
--- a/gcc/asan.h
+++ b/gcc/asan.h
@@ -31,6 +31,7 @@ extern rtx hwasan_with_tag (rtx, poly_int64);
 extern void hwasan_tag_init ();
 extern rtx hwasan_create_untagged_base (rtx);
 extern void hwasan_emit_prologue (rtx *, rtx *, poly_int64 *, uint8_t *, size_t);
+extern rtx_insn *hwasan_emit_uncolour_frame (rtx, rtx, rtx_insn *);
 extern bool memory_tagging_p (void);
 extern rtx_insn *asan_emit_stack_protection (rtx, rtx, unsigned int,
 					     HOST_WIDE_INT *, tree *, int);
diff --git a/gcc/asan.c b/gcc/asan.c
index d361b4b562f75cb0c2e081218073eacb3704f8d0..0e74e32ae6ca4e130b3f13abe110364b119def46 100644
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -3836,6 +3836,46 @@ hwasan_emit_prologue (rtx *bases,
     }
 }
 
+rtx_insn *
+hwasan_emit_uncolour_frame (rtx dynamic, rtx vars, rtx_insn *before)
+{
+  if (before)
+    push_to_sequence (before);
+  else
+    start_sequence ();
+
+  dynamic = convert_memory_address (ptr_mode, dynamic);
+  vars = convert_memory_address (ptr_mode, vars);
+
+  rtx top_rtx;
+  rtx bot_rtx;
+  if (STACK_GROWS_DOWNWARD)
+    {
+      top_rtx = vars;
+      bot_rtx = dynamic;
+    }
+  else
+    {
+      top_rtx = dynamic;
+      bot_rtx = vars;
+    }
+
+  rtx size_rtx = expand_simple_binop (Pmode, MINUS, top_rtx, bot_rtx,
+				  NULL_RTX, /* unsignedp = */0, OPTAB_DIRECT);
+
+  /* TODO Other options (i.e. inline options)  */
+  rtx ret = init_one_libfunc ("__hwasan_tag_memory");
+  emit_library_call (ret, LCT_NORMAL, VOIDmode,
+      bot_rtx, ptr_mode,
+      const0_rtx, QImode,
+      size_rtx, ptr_mode);
+
+  do_pending_stack_adjust ();
+  rtx_insn *insns = get_insns ();
+  end_sequence ();
+  return insns;
+}
+
 rtx
 hwasan_create_untagged_base (rtx orig_base)
 {
diff --git a/gcc/cfgexpand.c b/gcc/cfgexpand.c
index aacf210facc462675a980ee87bd38d4a7d94ad09..9f0872b32354cbc3186f3f2d2600f711a46926d1 100644
--- a/gcc/cfgexpand.c
+++ b/gcc/cfgexpand.c
@@ -2412,6 +2412,14 @@ expand_used_vars (void)
     var_end_seq = asan_emit_allocas_unpoison (virtual_stack_dynamic_rtx,
 					      virtual_stack_vars_rtx,
 					      var_end_seq);
+  /* Here we uncolour the entire frame for this function.
+     We need to uncolour *something* if either we have coloured some local
+     variables or we have coloured some alloca objects.  */
+  else if (memory_tagging_p ()
+	   && (cfun->calls_alloca || stack_vars_num > 0))
+    var_end_seq = hwasan_emit_uncolour_frame (virtual_stack_dynamic_rtx,
+					      virtual_stack_vars_rtx,
+					      var_end_seq);
 
   fini_vars_expansion ();

Attachment: hwasan-implementation10.patch
Description: hwasan-implementation10.patch

References:
- [Patch 0/X] [WIP][RFC][libsanitizer] Introduce HWASAN to GCC
  - From: Matthew Malcomson

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]