[llvm-dev] sanitize=cfi-icall in real life application on x86 and ARM

via llvm-dev llvm-dev at lists.llvm.org
Fri Feb 10 04:14:58 PST 2017


After going through small samples showing that "icall" is working, I wanted to give a try with more complex stuff.
I decided to use nginx. As first, I tried with x86 platform. It went quite smoothly, there is one runtime error reported by CFI, I fixed that the server was working fine, without any issues.
Then I switched to the destination platform, ARMv7 based. This time nginx with cfi-icall enabled flag became completely unusable. Worker processes crashed just after spawning them.
I checked with different "sanitize" flags - like SafeStack, etc. - in all these cases it was fine. So only with "icall" there were problems.
Started debugging it:
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0007e2cc in ngx_execute_proc.cfi ()

(gdb) backtrace
#0  0x0007e2cc in ngx_execute_proc.cfi ()
#1  0x0007e05c in ngx_spawn_process ()
#2  0x0007f8f0 in ngx_master_process_cycle.cfi ()
#3  0x000585dc in main ()

My questions are:
* What exactly is this add-on ".cfi", I can't see it when compiling without "icall" flag
* Any ideas how to continue? I started disabling source folders from cfi checking, as first, with "os", but then segmentation fault occurred in other place - so I would have to blacklist 6 folder out of 7.

I know that "icall" for ARM is quite recent implementation, so might be still something to improve there. 

I tried on 2 different ARMx7 based platforms - i.MX6 and Raspberry Pi 2. Results were the same as one might expect.


More information about the llvm-dev mailing list