[PATCH] D49675: [cfi-verify] Detect more protected calls using cross-DSO.
Joel Galenson via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed Jul 25 09:57:13 PDT 2018
jgalenson updated this revision to Diff 157298.
jgalenson edited the summary of this revision.
jgalenson added a comment.
Note that this could be combined with its parent patch, as that is now about supporting cross-DSO.
https://reviews.llvm.org/D49675
Files:
test/tools/llvm-cfi-verify/X86/Inputs/function-only-check.o
test/tools/llvm-cfi-verify/X86/function_only_check.s
tools/llvm-cfi-verify/lib/FileAnalysis.cpp
tools/llvm-cfi-verify/lib/GraphBuilder.cpp
Index: tools/llvm-cfi-verify/lib/GraphBuilder.cpp
===================================================================
--- tools/llvm-cfi-verify/lib/GraphBuilder.cpp
+++ tools/llvm-cfi-verify/lib/GraphBuilder.cpp
@@ -311,6 +311,24 @@
Result.ConditionalBranchNodes.push_back(BranchNode);
}
+ // When using cross-DSO, some indirect calls are not guarded by a branch to a
+ // trap but instead follow a call to __cfi_slowpath. For example:
+ // if (!InlinedFastCheck(f))
+ // call *f
+ // else {
+ // __cfi_slowpath(CallSiteTypeId, f);
+ // call *f
+ // }
+ // To mark the second call as protected, we recognize indirect calls that
+ // directly follow calls to functions that will trap on CFI violations.
+ if (CFCrossRefs.empty()) {
+ const Instr *PrevInstr = Analysis.getPrevInstructionSequential(ChildMeta);
+ if (PrevInstr && Analysis.willTrapOnCFIViolation(*PrevInstr)) {
+ Result.IntermediateNodes[PrevInstr->VMAddress] = Address;
+ HasValidCrossRef = true;
+ }
+ }
+
if (!HasValidCrossRef)
Result.OrphanedNodes.push_back(Address);
Index: tools/llvm-cfi-verify/lib/FileAnalysis.cpp
===================================================================
--- tools/llvm-cfi-verify/lib/FileAnalysis.cpp
+++ tools/llvm-cfi-verify/lib/FileAnalysis.cpp
@@ -445,6 +445,11 @@
if (!(object::ELFSectionRef(Section).getFlags() & ELF::SHF_EXECINSTR))
continue;
+ // Avoid checking the PLT since it produces spurious failures on AArch64.
+ StringRef SectionName;
+ if (!Section.getName(SectionName) && SectionName == ".plt")
+ continue;
+
StringRef SectionContents;
if (Section.getContents(SectionContents))
return make_error<StringError>("Failed to retrieve section contents",
Index: test/tools/llvm-cfi-verify/X86/function_only_check.s
===================================================================
--- /dev/null
+++ test/tools/llvm-cfi-verify/X86/function_only_check.s
@@ -0,0 +1,8 @@
+# RUN: llvm-cfi-verify %S/Inputs/function-only-check.o | FileCheck %s
+
+# CHECK-LABEL: {{^Instruction: .* \(PROTECTED\)}}
+
+# CHECK: Expected Protected: 1 (100.00%)
+# CHECK: Unexpected Protected: 0 (0.00%)
+# CHECK: Expected Unprotected: 0 (0.00%)
+# CHECK: Unexpected Unprotected (BAD): 0 (0.00%)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D49675.157298.patch
Type: text/x-patch
Size: 2290 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180725/97ad89c9/attachment.bin>
More information about the llvm-commits
mailing list