[compiler-rt] r278292 - tsan: Remove __pointer_chk_guard at GLIBC_PRIVATE requirement for AArch64
Adhemerval Zanella via llvm-commits
llvm-commits at lists.llvm.org
Wed Aug 10 14:39:28 PDT 2016
Author: azanella
Date: Wed Aug 10 16:39:28 2016
New Revision: 278292
URL: http://llvm.org/viewvc/llvm-project?rev=278292&view=rev
Log:
tsan: Remove __pointer_chk_guard at GLIBC_PRIVATE requirement for AArch64
Current AArch64 {sig}{set,long}jmp interposing requires accessing glibc
private __pointer_chk_guard to get process xor mask to demangled the
internal {sig}jmp_buf function pointers.
It causes some packing issues, as described in gcc PR#71042 [1], and is
is not a godd practice to rely on a private glibc namespace (since ABI is
not meant to be stable).
This patch fixes it by changing how libtsan obtains the guarded pointer
value: at initialization a specific routine issues a setjmp call and
using the mangled function pointer and the original value derive the
random guarded pointer.
Checked on aarch64 39-bit VMA.
[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71042
Modified:
compiler-rt/trunk/lib/tsan/rtl/tsan_platform_linux.cc
compiler-rt/trunk/lib/tsan/rtl/tsan_rtl_aarch64.S
Modified: compiler-rt/trunk/lib/tsan/rtl/tsan_platform_linux.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/tsan/rtl/tsan_platform_linux.cc?rev=278292&r1=278291&r2=278292&view=diff
==============================================================================
--- compiler-rt/trunk/lib/tsan/rtl/tsan_platform_linux.cc (original)
+++ compiler-rt/trunk/lib/tsan/rtl/tsan_platform_linux.cc Wed Aug 10 16:39:28 2016
@@ -38,6 +38,7 @@
#include <sys/mman.h>
#if SANITIZER_LINUX
#include <sys/personality.h>
+#include <setjmp.h>
#endif
#include <sys/syscall.h>
#include <sys/socket.h>
@@ -67,6 +68,10 @@ extern "C" void *__libc_stack_end;
void *__libc_stack_end = 0;
#endif
+#if SANITIZER_LINUX && defined(__aarch64__)
+void InitializeGuardPtr() __attribute__((visibility("hidden")));
+#endif
+
namespace __tsan {
#ifdef TSAN_RUNTIME_VMA
@@ -264,6 +269,8 @@ void InitializePlatform() {
CHECK_NE(personality(old_personality | ADDR_NO_RANDOMIZE), -1);
reexec = true;
}
+ // Initialize the guard pointer used in {sig}{set,long}jump.
+ InitializeGuardPtr();
#endif
if (reexec)
ReExec();
Modified: compiler-rt/trunk/lib/tsan/rtl/tsan_rtl_aarch64.S
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/tsan/rtl/tsan_rtl_aarch64.S?rev=278292&r1=278291&r2=278292&view=diff
==============================================================================
--- compiler-rt/trunk/lib/tsan/rtl/tsan_rtl_aarch64.S (original)
+++ compiler-rt/trunk/lib/tsan/rtl/tsan_rtl_aarch64.S Wed Aug 10 16:39:28 2016
@@ -1,6 +1,62 @@
#include "sanitizer_common/sanitizer_asm.h"
+
+.section .bss
+.type __tsan_pointer_chk_guard, %object
+.size __tsan_pointer_chk_guard, 8
+__tsan_pointer_chk_guard:
+.zero 8
+
.section .text
+// GLIBC mangles the function pointers in jmp_buf (used in {set,long}*jmp
+// functions) by XORing them with a random guard pointer. For AArch64 it is a
+// global variable rather than a TCB one (as for x86_64/powerpc) and althought
+// its value is exported by the loader, it lies within a private GLIBC
+// namespace (meaning it should be only used by GLIBC itself and the ABI is
+// not stable). So InitializeGuardPtr obtains the pointer guard value by
+// issuing a setjmp and checking the resulting pointers values against the
+// original ones.
+.hidden _Z18InitializeGuardPtrv
+.global _Z18InitializeGuardPtrv
+.type _Z18InitializeGuardPtrv, @function
+_Z18InitializeGuardPtrv:
+ CFI_STARTPROC
+ // Allocates a jmp_buf for the setjmp call.
+ stp x29, x30, [sp, -336]!
+ CFI_DEF_CFA_OFFSET (336)
+ CFI_OFFSET (29, -336)
+ CFI_OFFSET (30, -328)
+ add x29, sp, 0
+ CFI_DEF_CFA_REGISTER (29)
+ add x0, x29, 24
+
+ // Call libc setjmp that mangle the stack pointer value
+ adrp x1, :got:_ZN14__interception12real__setjmpE
+ ldr x1, [x1, #:got_lo12:_ZN14__interception12real__setjmpE]
+ ldr x1, [x1]
+ blr x1
+
+ // glibc setjmp mangles both the frame pointer (FP, pc+4 on blr) and the
+ // stack pointer (SP). FP will be placed on ((uintptr*)jmp_buf)[11] and
+ // SP at ((uintptr*)jmp_buf)[13].
+ // The mangle operation is just 'value' xor 'pointer guard value' and
+ // if we know the original value (SP) and the expected one, we can derive
+ // the guard pointer value.
+ mov x0, sp
+
+ // Loads the mangled SP pointer.
+ ldr x1, [x29, 128]
+ eor x0, x0, x1
+ adrp x2, __tsan_pointer_chk_guard
+ str x0, [x2, #:lo12:__tsan_pointer_chk_guard]
+ ldp x29, x30, [sp], 336
+ CFI_RESTORE (30)
+ CFI_RESTORE (19)
+ CFI_DEF_CFA (31, 0)
+ ret
+ CFI_ENDPROC
+.size _Z18InitializeGuardPtrv, .-_Z18InitializeGuardPtrv
+
.hidden __tsan_setjmp
.comm _ZN14__interception11real_setjmpE,8,8
.type setjmp, @function
@@ -23,10 +79,9 @@ setjmp:
mov x19, x0
// SP pointer mangling (see glibc setjmp)
- adrp x2, :got:__pointer_chk_guard
- ldr x2, [x2, #:got_lo12:__pointer_chk_guard]
+ adrp x2, __tsan_pointer_chk_guard
+ ldr x2, [x2, #:lo12:__tsan_pointer_chk_guard]
add x0, x29, 32
- ldr x2, [x2]
eor x1, x2, x0
// call tsan interceptor
@@ -71,10 +126,9 @@ _setjmp:
mov x19, x0
// SP pointer mangling (see glibc setjmp)
- adrp x2, :got:__pointer_chk_guard
- ldr x2, [x2, #:got_lo12:__pointer_chk_guard]
+ adrp x2, __tsan_pointer_chk_guard
+ ldr x2, [x2, #:lo12:__tsan_pointer_chk_guard]
add x0, x29, 32
- ldr x2, [x2]
eor x1, x2, x0
// call tsan interceptor
@@ -121,10 +175,9 @@ sigsetjmp:
mov x19, x0
// SP pointer mangling (see glibc setjmp)
- adrp x2, :got:__pointer_chk_guard
- ldr x2, [x2, #:got_lo12:__pointer_chk_guard]
+ adrp x2, __tsan_pointer_chk_guard
+ ldr x2, [x2, #:lo12:__tsan_pointer_chk_guard]
add x0, x29, 32
- ldr x2, [x2]
eor x1, x2, x0
// call tsan interceptor
@@ -173,10 +226,9 @@ __sigsetjmp:
mov x19, x0
// SP pointer mangling (see glibc setjmp)
- adrp x2, :got:__pointer_chk_guard
- ldr x2, [x2, #:got_lo12:__pointer_chk_guard]
+ adrp x2, __tsan_pointer_chk_guard
+ ldr x2, [x2, #:lo12:__tsan_pointer_chk_guard]
add x0, x29, 32
- ldr x2, [x2]
eor x1, x2, x0
// call tsan interceptor
More information about the llvm-commits
mailing list