[PATCH] Protection against stack-based memory corruption errors using SafeStack: Clang command line option and function attribute

Peter Collingbourne peter at pcc.me.uk
Thu May 7 13:12:14 PDT 2015 

================
Comment at: docs/AttributeReference.rst:486
@@ -485,1 +485,3 @@
 
+no_safe_stack
+-------------
----------------
samsonov wrote:
> Do you need this attribute right now? If we decide to finally implement universal no_sanitize attribute, this attribute will become deprecated in favor of `__attribute__((no_sanitize("safe-stack")))`.
It's needed for Chromium and FreeBSD so far as I understand it.

================
Comment at: lib/CodeGen/CodeGenModule.cpp:747
@@ -746,1 +746,3 @@
     B.addAttribute(llvm::Attribute::StackProtectReq);
+  else if (LangOpts.getStackProtector() == LangOptions::SSPSafeStack)
+    if (!D->hasAttr<NoSafeStackAttr>())
----------------
samsonov wrote:
> Do you need to respect -fsanitize-blacklist for this?
Done

================
Comment at: lib/Driver/ToolChains.cpp:13
@@ -12,2 +12,3 @@
 #include "clang/Basic/Version.h"
+#include "clang/Basic/LangOptions.h"
 #include "clang/Config/config.h" // for GCC_INSTALL_PREFIX
----------------
samsonov wrote:
> Accidental change?
Reverted

================
Comment at: lib/Driver/Tools.cpp:2296
@@ +2295,3 @@
+  // Safestack runtime requires dl on Linux
+  if (TC.getTriple().isOSLinux())
+    CmdArgs.push_back("-ldl");
----------------
samsonov wrote:
> Note that you're adding -ldl here, but we tend to add dependencies of compiler-rt runtimes later in the linker invocation (see `NeedsSanitizerDeps` vars)  - so that they are added after `AddLinkerInputs` is called.
This now works like the other sanitizers.

================
Comment at: lib/Driver/Tools.cpp:8392
@@ -8343,1 +8391,3 @@
 
+  addSafeStackRT(getToolChain(), Args, CmdArgs);
+
----------------
samsonov wrote:
> Do we really want to support OS we don't build safestack runtime for? I'd just use Linux/MacOS for a start.
`addSafeStackRT` is now gone, as well as these call sites.

http://reviews.llvm.org/D6095

EMAIL PREFERENCES
  http://reviews.llvm.org/settings/panel/emailpreferences/

More information about the cfe-commits mailing list