[all-commits] [llvm/llvm-project] b7926c: [IR] add fn attr for no_stack_protector; prevent i...
Nick Desaulniers via All-commits
all-commits at lists.llvm.org
Fri Oct 23 11:56:18 PDT 2020
Branch: refs/heads/master
Home: https://github.com/llvm/llvm-project
Commit: b7926ce6d7a83cdf70c68d82bc3389c04009b841
https://github.com/llvm/llvm-project/commit/b7926ce6d7a83cdf70c68d82bc3389c04009b841
Author: Nick Desaulniers <ndesaulniers at google.com>
Date: 2020-10-23 (Fri, 23 Oct 2020)
Changed paths:
M clang/include/clang/Basic/AttrDocs.td
M clang/lib/CodeGen/CodeGenModule.cpp
M clang/test/CodeGen/stack-protector.c
A clang/test/Frontend/optimization-remark-missed-inline-stack-protectors.c
M llvm/bindings/go/llvm/ir_test.go
M llvm/bindings/ocaml/llvm/llvm.ml
M llvm/docs/BitCodeFormat.rst
M llvm/docs/LangRef.rst
M llvm/include/llvm/Bitcode/LLVMBitCodes.h
M llvm/include/llvm/IR/Attributes.td
M llvm/lib/AsmParser/LLLexer.cpp
M llvm/lib/AsmParser/LLParser.cpp
M llvm/lib/AsmParser/LLToken.h
M llvm/lib/Bitcode/Writer/BitcodeWriter.cpp
M llvm/lib/CodeGen/StackProtector.cpp
M llvm/lib/IR/Attributes.cpp
M llvm/lib/IR/Verifier.cpp
M llvm/lib/Transforms/IPO/ForceFunctionAttrs.cpp
M llvm/lib/Transforms/Utils/CodeExtractor.cpp
M llvm/lib/Transforms/Utils/InlineFunction.cpp
M llvm/test/CodeGen/X86/stack-protector-2.ll
M llvm/test/Transforms/CodeExtractor/PartialInlineAttributes.ll
A llvm/test/Transforms/Inline/inline_nossp.ll
M llvm/test/Transforms/Inline/inline_ssp.ll
A llvm/test/Verifier/function-attribute-nossp-ssp-sspreq-sspstrong.ll
M llvm/utils/emacs/llvm-mode.el
M llvm/utils/kate/llvm.xml
M llvm/utils/llvm.grm
M llvm/utils/vim/syntax/llvm.vim
M llvm/utils/vscode/llvm/syntaxes/ll.tmLanguage.yaml
Log Message:
-----------
[IR] add fn attr for no_stack_protector; prevent inlining on mismatch
It's currently ambiguous in IR whether the source language explicitly
did not want a stack a stack protector (in C, via function attribute
no_stack_protector) or doesn't care for any given function.
It's common for code that manipulates the stack via inline assembly or
that has to set up its own stack canary (such as the Linux kernel) would
like to avoid stack protectors in certain functions. In this case, we've
been bitten by numerous bugs where a callee with a stack protector is
inlined into an __attribute__((__no_stack_protector__)) caller, which
generally breaks the caller's assumptions about not having a stack
protector. LTO exacerbates the issue.
While developers can avoid this by putting all no_stack_protector
functions in one translation unit together and compiling those with
-fno-stack-protector, it's generally not very ergonomic or as
ergonomic as a function attribute, and still doesn't work for LTO. See also:
https://lore.kernel.org/linux-pm/20200915172658.1432732-1-rkir@google.com/
https://lore.kernel.org/lkml/20200918201436.2932360-30-samitolvanen@google.com/T/#u
Typically, when inlining a callee into a caller, the caller will be
upgraded in its level of stack protection (see adjustCallerSSPLevel()).
By adding an explicit attribute in the IR when the function attribute is
used in the source language, we can now identify such cases and prevent
inlining. Block inlining when the callee and caller differ in the case that one
contains `nossp` when the other has `ssp`, `sspstrong`, or `sspreq`.
Fixes pr/47479.
Reviewed By: void
Differential Revision: https://reviews.llvm.org/D87956
More information about the All-commits
mailing list