libsanitizer/ChangeLog:
2016-11-11 Maxim Ostapenko <m.ostapenko@samsung.com>
PR sanitizer/78307
* ubsan/ubsan_handlers.cc (__ubsan_handle_cfi_bad_icall): New function.
( __ubsan_handle_cfi_bad_icall_abort): Likewise.
* ubsan/ubsan_handlers.h (struct CFIBadIcallData): New type.
* ubsan/ubsan_handlers_cxx.cc (__ubsan_handle_cfi_bad_type): New
function.
(__ubsan_handle_cfi_bad_type_abort): Likewise.
* ubsan/ubsan_handlers_cxx.h (struct CFIBadTypeData): New type.
(__ubsan_handle_cfi_bad_type): Export function.
(__ubsan_handle_cfi_bad_type_abort): Likewise.
* LOCAL_PATCHES: New file.
* HOWTO_MERGE: Update documentation.
@@ -11,7 +11,8 @@ general list of actions required to perform the merge:
in corresponding CMakeLists.txt and config-ix.cmake files from compiler-rt source
directory.
* Apply all needed GCC-specific patches to libsanitizer (note that some of
- them might be already included to upstream).
+ them might be already included to upstream). The list of these patches is stored
+ into LOCAL_PATCHES file.
* Apply all necessary compiler changes. Be especially careful here, you must
not break ABI between compiler and library. You can reveal these changes by
inspecting the history of AddressSanitizer.cpp and ThreadSanitizer.cpp files
@@ -37,3 +38,4 @@ general list of actions required to perform the merge:
in libasan, configure/Makefile changes). The review process has O(N^2) complexity, so you
would simplify and probably speed up the review process by doing this.
* Send your patches for review to GCC Patches Mailing List (gcc-patches@gcc.gnu.org).
+* Update LOCAL_PATCHES file when you've committed the whole patch set with new revisions numbers.
@@ -558,6 +558,21 @@ static void HandleCFIBadType(CFICheckFailData *Data, ValueHandle Vtable,
#endif
} // namespace __ubsan
+void __ubsan::__ubsan_handle_cfi_bad_icall(CFIBadIcallData *CallData,
+ ValueHandle Function) {
+ GET_REPORT_OPTIONS(false);
+ CFICheckFailData Data = {CFITCK_ICall, CallData->Loc, CallData->Type};
+ handleCFIBadIcall(&Data, Function, Opts);
+}
+
+void __ubsan::__ubsan_handle_cfi_bad_icall_abort(CFIBadIcallData *CallData,
+ ValueHandle Function) {
+ GET_REPORT_OPTIONS(true);
+ CFICheckFailData Data = {CFITCK_ICall, CallData->Loc, CallData->Type};
+ handleCFIBadIcall(&Data, Function, Opts);
+ Die();
+}
+
void __ubsan::__ubsan_handle_cfi_check_fail(CFICheckFailData *Data,
ValueHandle Value,
uptr ValidVtable) {
@@ -156,12 +156,20 @@ enum CFITypeCheckKind : unsigned char {
CFITCK_ICall,
};
+struct CFIBadIcallData {
+ SourceLocation Loc;
+ const TypeDescriptor &Type;
+};
+
struct CFICheckFailData {
CFITypeCheckKind CheckKind;
SourceLocation Loc;
const TypeDescriptor &Type;
};
+/// \brief Handle control flow integrity failure for indirect function calls.
+RECOVERABLE(cfi_bad_icall, CFIBadIcallData *Data, ValueHandle Function)
+
/// \brief Handle control flow integrity failures.
RECOVERABLE(cfi_check_fail, CFICheckFailData *Data, ValueHandle Function,
uptr VtableIsValid)
@@ -142,4 +142,22 @@ void HandleCFIBadType(CFICheckFailData *Data, ValueHandle Vtable,
}
} // namespace __ubsan
+void __ubsan::__ubsan_handle_cfi_bad_type(CFIBadTypeData *TypeData,
+ ValueHandle Vtable) {
+ GET_REPORT_OPTIONS(false);
+ CFITypeCheckKind TypeCheckKind
+ = static_cast<CFITypeCheckKind> (TypeData->TypeCheckKind);
+ CFICheckFailData Data = {TypeCheckKind, TypeData->Loc, TypeData->Type};
+ HandleCFIBadType(&Data, Vtable, false, Opts);
+}
+
+void __ubsan::__ubsan_handle_cfi_bad_type_abort(CFIBadTypeData *TypeData,
+ ValueHandle Vtable) {
+ GET_REPORT_OPTIONS(true);
+ CFITypeCheckKind TypeCheckKind
+ = static_cast<CFITypeCheckKind> (TypeData->TypeCheckKind);
+ CFICheckFailData Data = {TypeCheckKind, TypeData->Loc, TypeData->Type};
+ HandleCFIBadType(&Data, Vtable, false, Opts);
+}
+
#endif // CAN_SANITIZE_UB
@@ -23,6 +23,12 @@ struct DynamicTypeCacheMissData {
unsigned char TypeCheckKind;
};
+struct CFIBadTypeData {
+ SourceLocation Loc;
+ const TypeDescriptor &Type;
+ unsigned char TypeCheckKind;
+};
+
/// \brief Handle a runtime type check failure, caused by an incorrect vptr.
/// When this handler is called, all we know is that the type was not in the
/// cache; this does not necessarily imply the existence of a bug.
@@ -32,6 +38,13 @@ void __ubsan_handle_dynamic_type_cache_miss(
extern "C" SANITIZER_INTERFACE_ATTRIBUTE
void __ubsan_handle_dynamic_type_cache_miss_abort(
DynamicTypeCacheMissData *Data, ValueHandle Pointer, ValueHandle Hash);
+
+/// \brief Handle a control flow integrity check failure by printing a
+/// diagnostic.
+extern "C" SANITIZER_INTERFACE_ATTRIBUTE void
+__ubsan_handle_cfi_bad_type(CFIBadTypeData *Data, ValueHandle Vtable);
+extern "C" SANITIZER_INTERFACE_ATTRIBUTE void
+__ubsan_handle_cfi_bad_type_abort(CFIBadTypeData *Data, ValueHandle Vtable);
}
#endif // UBSAN_HANDLERS_H
Hi, this patch fixes PR sanitizer/78307 by adding removed by last merge (although unused in GCC) interface functions: __ubsan_handle_cfi_bad_icall __ubsan_handle_cfi_bad_icall_abort __ubsan_handle_cfi_bad_type __ubsan_handle_cfi_bad_type_abort Just added missed stubs via corresponding arguments translation logic. I've also added new libsanitizer/LOCAL_PATCHES file to track GCC local changes in libsanitizer. The abidiff output now looks like this: Functions changes summary: 0 Removed, 0 Changed (1 filtered out), 7 Added functions Variables changes summary: 0 Removed, 0 Changed, 0 Added variable Function symbols changes summary: 0 Removed, 10 Added function symbols not referenced by debug info Variable symbols changes summary: 0 Removed, 0 Added variable symbol not referenced by debug info 7 Added functions: 'function void __sanitizer_cov_trace_pc_guard_init()' {__sanitizer_cov_trace_pc_guard_init} 'function int __sanitizer_install_malloc_and_free_hooks(void (typedef __sanitizer::uptr)*, void ()*)' {__sanitizer_install_malloc_and_free_hooks} 'function void __sanitizer_set_report_fd(void*)' {__sanitizer_set_report_fd} 'function void __sanitizer_symbolize_global(__sanitizer::uptr, const char*, char*, __sanitizer::uptr)' {__sanitizer_symbolize_global} 'function void __sanitizer_symbolize_pc(__sanitizer::uptr, const char*, char*, __sanitizer::uptr)' {__sanitizer_symbolize_pc} 'function void __ubsan::__ubsan_handle_cfi_check_fail(__ubsan::CFICheckFailData*, __ubsan::ValueHandle, __sanitizer::uptr)' {__ubsan_handle_cfi_check_fail} 'function void __ubsan::__ubsan_handle_cfi_check_fail_abort(__ubsan::CFICheckFailData*, __ubsan::ValueHandle, __sanitizer::uptr)' {__ubsan_handle_cfi_check_fail_abort} 10 Added function symbols not referenced by debug info: __sanitizer_cov_trace_cmp1 __sanitizer_cov_trace_cmp2 __sanitizer_cov_trace_cmp4 __sanitizer_cov_trace_cmp8 __sanitizer_cov_trace_div4 __sanitizer_cov_trace_div8 __sanitizer_cov_trace_gep __sanitizer_cov_trace_pc_guard __sanitizer_cov_trace_pc_indir internal_sigreturn Tested on x86_64-unknown-linux-gnu. OK for mainline? -Maxim