[safestack] Various Solaris fixes #98469
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Even with the `-u __safestack_init` link order fixed on Solaris, there are still several safestack test issues left: * While 540fd42 enabled safestack on Solaris in the driver unconditionally, it ignored that Solaris also exists on SPARC and forgot to enable SPARC support for the runtime lib. This patch fixes that. - The tests fail to link with undefined references to `__sanitizer_internal_memset` etc. These are from `sanitizer_redefine_builtins.h`. Definitions live in `sanitizer_libc.cpp.o`. This patch adds them to the safestack runtime lib as is already the case e.g. for asan and ubsan. Why GNU ld allows the link to complete with those references undefined is beyond me. - The `pthread*.c` tests `FAIL` with ``` safestack CHECK failed: /vol/llvm/src/llvm-project/local/compiler-rt/lib/safestack/safestack.cpp:227 size ``` The problem is that `pthread_attr_init` initializes the `stacksize` attribute to 0, signifying the default. Unless explicitly overridded, it stays that way. I think this is allowed by XPG7. Since safestack cannot deal with this, I set `size` to the defaults documented in `pthread_create(3C)`. Unfortunately, there's no macro for those values outside of private `libc` headers. - The Solaris `syscall` interface isn't stable. This is not just a theoretical concern, but the syscalls have changed incompatibly several times in the past. Therefore this patch switches the implementations of `TgKill` (where `SYS_lwp_kill` doesn't exist on Solaris 11.4 anyway), `Mmap`, `Munmap`, and `Mprotect` to the same `_REAL*` solution already used in `sanitizer_solaris.cpp`. Instead of duplicating what's already in `sanitizer_common`, it seems way better to me to just reuse those implementations, though. A subsequent patch does just that. With those changes, safestack compiles and all tests `PASS`, so the tests are re-enabled for good. Tested on `amd64-pc-solaris2.11`, `sparcv9-sun-solaris2.11`, `x86_64-pc-linux-gnu`, and `sparc64-unknown-linux-gnu`.
|
This patch was already approved in [safestack] Various Solaris fixes #98001 , therefore I'll commit it shortly. |
You can test this locally with the following command:git-clang-format --diff d4e46f0e864e37085da0c5e56e4f6f278e2f7aee 97a3888b2da8663395967ee76470b41c146522f9 --extensions cpp,h -- compiler-rt/lib/safestack/safestack.cpp compiler-rt/lib/safestack/safestack_platform.hView the diff from clang-format here.diff --git a/compiler-rt/lib/safestack/safestack_platform.h b/compiler-rt/lib/safestack/safestack_platform.h
index 77eeb9cda6..27e29d6ead 100644
--- a/compiler-rt/lib/safestack/safestack_platform.h
+++ b/compiler-rt/lib/safestack/safestack_platform.h
@@ -13,9 +13,6 @@
#ifndef SAFESTACK_PLATFORM_H
#define SAFESTACK_PLATFORM_H
-#include "safestack_util.h"
-#include "sanitizer_common/sanitizer_platform.h"
-
#include <dlfcn.h>
#include <errno.h>
#include <stdint.h>
@@ -26,6 +23,9 @@
#include <sys/types.h>
#include <unistd.h>
+#include "safestack_util.h"
+#include "sanitizer_common/sanitizer_platform.h"
+
#if !(SANITIZER_NETBSD || SANITIZER_FREEBSD || SANITIZER_LINUX || \
SANITIZER_SOLARIS)
# error "Support for your platform has not been implemented"
|
vitalybuka
added a commit
that referenced
this pull request
Jul 11, 2024
This reverts commit 5c205b6.
vitalybuka
added a commit
that referenced
this pull request
Jul 11, 2024
Reverts #98469 We can't add this dependency ``` OBJECT_LIBS RTSanitizerCommon RTSanitizerCommonLibc ``` safestack is security hardening, and RTSanitizerCommon is too fat for that.
aaryanshukla
pushed a commit
to aaryanshukla/llvm-project
that referenced
this pull request
Jul 14, 2024
Even with the `-u __safestack_init` link order fixed on Solaris, there are still several safestack test issues left: * While 540fd42 enabled safestack on Solaris in the driver unconditionally, it ignored that Solaris also exists on SPARC and forgot to enable SPARC support for the runtime lib. This patch fixes that. - The tests fail to link with undefined references to `__sanitizer_internal_memset` etc. These are from `sanitizer_redefine_builtins.h`. Definitions live in `sanitizer_libc.cpp.o`. This patch adds them to the safestack runtime lib as is already the case e.g. for asan and ubsan. Why GNU ld allows the link to complete with those references undefined is beyond me. - The `pthread*.c` tests `FAIL` with ``` safestack CHECK failed: /vol/llvm/src/llvm-project/local/compiler-rt/lib/safestack/safestack.cpp:227 size ``` The problem is that `pthread_attr_init` initializes the `stacksize` attribute to 0, signifying the default. Unless explicitly overridded, it stays that way. I think this is allowed by XPG7. Since safestack cannot deal with this, I set `size` to the defaults documented in `pthread_create(3C)`. Unfortunately, there's no macro for those values outside of private `libc` headers. - The Solaris `syscall` interface isn't stable. This is not just a theoretical concern, but the syscalls have changed incompatibly several times in the past. Therefore this patch switches the implementations of `TgKill` (where `SYS_lwp_kill` doesn't exist on Solaris 11.4 anyway), `Mmap`, `Munmap`, and `Mprotect` to the same `_REAL*` solution already used in `sanitizer_solaris.cpp`. Instead of duplicating what's already in `sanitizer_common`, it seems way better to me to just reuse those implementations, though. A subsequent patch does just that. With those changes, safestack compiles and all tests `PASS`, so the tests are re-enabled for good. Tested on `amd64-pc-solaris2.11`, `sparcv9-sun-solaris2.11`, `x86_64-pc-linux-gnu`, and `sparc64-unknown-linux-gnu`.
aaryanshukla
pushed a commit
to aaryanshukla/llvm-project
that referenced
this pull request
Jul 14, 2024
Reverts llvm#98469 We can't add this dependency ``` OBJECT_LIBS RTSanitizerCommon RTSanitizerCommonLibc ``` safestack is security hardening, and RTSanitizerCommon is too fat for that.
rorth
added a commit
to rorth/llvm-project
that referenced
this pull request
Jul 17, 2024
Even with the `-u __safestack_init` link order fixed on Solaris, there are still several safestack test issues left: - While 540fd42 enabled safestack on Solaris in the driver unconditionally, it ignored that Solaris also exists on SPARC and forgot to enable SPARC support for the runtime lib. This patch fixes that. - The tests fail to link with undefined references to `__sanitizer_internal_memset` etc. These are from `sanitizer_redefine_builtins.h`. Instead of using the implementations from `sanitizer_common` as done in [[safestack] Various Solaris fixes](llvm#98469), this patch disables the interception as discussed in [Revert "[safestack] Various Solaris fixes"](llvm#98541). Besides disabling interception in `safestack.cpp`, a similar issue affects 32-bit Linux/sparc where compiling `safestack.cpp` with `-ftrivial-auto-var-init=pattern' causes the compiler to generate calls to `memset` which are also intercepted. Both cases are avoided by defining `SANITIZER_COMMON_NO_REDEFINE_BUILTINS` in the affected sources. - The `pthread*.c` tests `FAIL` with ``` safestack CHECK failed: /vol/llvm/src/llvm-project/local/compiler-rt/lib/safestack/safestack.cpp:227 size ``` The problem is that `pthread_attr_init` initializes the `stacksize` attribute to 0, signifying the default. Unless explicitly overridded, it stays that way. I think this is allowed by XPG7. Since safestack cannot deal with this, I set `size` to the defaults documented in `pthread_create(3C)`. Unfortunately, there's no macro for those values outside of private `libc` headers. - The Solaris `syscall` interface isn't stable. This is not just a theoretical concern, but the syscalls have changed incompatibly several times in the past. Therefore this patch switches the implementations of `TgKill` (where `SYS_lwp_kill` doesn't exist on Solaris 11.4 anyway), `Mmap`, `Munmap`, and `Mprotect` to the same `_REAL*` solution already used in `sanitizer_solaris.cpp`. With those changes, safestack compiles and all tests `PASS`, so the tests are re-enabled for good. Tested on `amd64-pc-solaris2.11`, `sparcv9-sun-solaris2.11`, `x86_64-pc-linux-gnu`, and `sparc64-unknown-linux-gnu`.
rorth
added a commit
to rorth/llvm-project
that referenced
this pull request
Jul 17, 2024
Even with the `-u __safestack_init` link order fixed on Solaris, there are still several safestack test issues left: - While 540fd42 enabled safestack on Solaris in the driver unconditionally, it ignored that Solaris also exists on SPARC and forgot to enable SPARC support for the runtime lib. This patch fixes that. - The tests fail to link with undefined references to `__sanitizer_internal_memset` etc in `safestack.cpp.o` and `interception_linux.cpp.o`. These are from indirectly including `sanitizer_redefine_builtins.h`. Instead of using the implementations from `sanitizer_common` as was done in [[safestack] Various Solaris fixes](llvm#98469), this patch disables the interception as discussed in [Revert "[safestack] Various Solaris fixes"](llvm#98541). A similar issue affects 32-bit Linux/sparc where compiling `safestack.cpp` with `-ftrivial-auto-var-init=pattern` causes the compiler to generate calls to `memset` to initialize a `pthread_attr_t` which is larger than can be handled inline. Both cases are avoided by defining `SANITIZER_COMMON_NO_REDEFINE_BUILTINS` in the affected sources. - The `pthread*.c` tests `FAIL` with ``` safestack CHECK failed: /vol/llvm/src/llvm-project/local/compiler-rt/lib/safestack/safestack.cpp:227 size ``` The problem is that `pthread_attr_init` initializes the `stacksize` attribute to 0, signifying the default. Unless explicitly overridded, it stays that way. I think this is allowed by XPG7. Since safestack cannot deal with this, I set `size` to the defaults documented in `pthread_create(3C)`. Unfortunately, there's no macro for those values outside of private `libc` headers. - The Solaris `syscall` interface isn't stable. This is not just a theoretical concern, but the syscalls have changed incompatibly several times in the past. Therefore this patch switches the implementations of `TgKill` (where `SYS_lwp_kill` doesn't exist on Solaris 11.4 anyway), `Mmap`, `Munmap`, and `Mprotect` to the same `_REAL*` solution already used in `sanitizer_solaris.cpp`. With those changes, safestack compiles and all tests `PASS`, so the tests are re-enabled for good. Tested on `amd64-pc-solaris2.11`, `sparcv9-sun-solaris2.11`, `x86_64-pc-linux-gnu`, and `sparc64-unknown-linux-gnu`.
rorth
added a commit
that referenced
this pull request
Jul 18, 2024
Even with the `-u __safestack_init` link order fixed on Solaris, there are still several safestack test issues left: - While 540fd42 enabled safestack on Solaris in the driver unconditionally, it ignored that Solaris also exists on SPARC and forgot to enable SPARC support for the runtime lib. This patch fixes that. - The tests fail to link with undefined references to `__sanitizer_internal_memset` etc in `safestack.cpp.o` and `interception_linux.cpp.o`. These are from indirectly including `sanitizer_redefine_builtins.h`. Instead of using the implementations from `sanitizer_common` as was done in [[safestack] Various Solaris fixes](#98469), this patch disables the interception as discussed in [Revert "[safestack] Various Solaris fixes"](#98541). A similar issue affects 32-bit Linux/sparc where compiling `safestack.cpp` with `-ftrivial-auto-var-init=pattern` causes the compiler to generate calls to `memset` to initialize a `pthread_attr_t` which is larger than can be handled inline. This is avoided by defining `SANITIZER_COMMON_NO_REDEFINE_BUILTINS` in `safestack.cpp` and also adding definitions of the interceptors that just forward to `libc` for the benefit of `interception_linux.cpp`. - The `pthread*.c` tests `FAIL` with ``` safestack CHECK failed: /vol/llvm/src/llvm-project/local/compiler-rt/lib/safestack/safestack.cpp:227 size ``` The problem is that `pthread_attr_init` initializes the `stacksize` attribute to 0, signifying the default. Unless explicitly overridded, it stays that way. I think this is allowed by XPG7. Since safestack cannot deal with this, I set `size` to the defaults documented in `pthread_create(3C)`. Unfortunately, there's no macro for those values outside of private `libc` headers. - The Solaris `syscall` interface isn't stable. This is not just a theoretical concern, but the syscalls have changed incompatibly several times in the past. Therefore this patch switches the implementations of `TgKill` (where `SYS_lwp_kill` doesn't exist on Solaris 11.4 anyway), `Mmap`, `Munmap`, and `Mprotect` to the same `_REAL*` solution already used in `sanitizer_solaris.cpp`. With those changes, safestack compiles and all tests `PASS`, so the tests are re-enabled for good. Tested on `amd64-pc-solaris2.11`, `sparcv9-sun-solaris2.11`, `x86_64-pc-linux-gnu`, and `sparc64-unknown-linux-gnu`.
Harini0924
pushed a commit
to Harini0924/llvm-project
that referenced
this pull request
Jul 22, 2024
Even with the `-u __safestack_init` link order fixed on Solaris, there are still several safestack test issues left: - While 540fd42 enabled safestack on Solaris in the driver unconditionally, it ignored that Solaris also exists on SPARC and forgot to enable SPARC support for the runtime lib. This patch fixes that. - The tests fail to link with undefined references to `__sanitizer_internal_memset` etc in `safestack.cpp.o` and `interception_linux.cpp.o`. These are from indirectly including `sanitizer_redefine_builtins.h`. Instead of using the implementations from `sanitizer_common` as was done in [[safestack] Various Solaris fixes](llvm#98469), this patch disables the interception as discussed in [Revert "[safestack] Various Solaris fixes"](llvm#98541). A similar issue affects 32-bit Linux/sparc where compiling `safestack.cpp` with `-ftrivial-auto-var-init=pattern` causes the compiler to generate calls to `memset` to initialize a `pthread_attr_t` which is larger than can be handled inline. This is avoided by defining `SANITIZER_COMMON_NO_REDEFINE_BUILTINS` in `safestack.cpp` and also adding definitions of the interceptors that just forward to `libc` for the benefit of `interception_linux.cpp`. - The `pthread*.c` tests `FAIL` with ``` safestack CHECK failed: /vol/llvm/src/llvm-project/local/compiler-rt/lib/safestack/safestack.cpp:227 size ``` The problem is that `pthread_attr_init` initializes the `stacksize` attribute to 0, signifying the default. Unless explicitly overridded, it stays that way. I think this is allowed by XPG7. Since safestack cannot deal with this, I set `size` to the defaults documented in `pthread_create(3C)`. Unfortunately, there's no macro for those values outside of private `libc` headers. - The Solaris `syscall` interface isn't stable. This is not just a theoretical concern, but the syscalls have changed incompatibly several times in the past. Therefore this patch switches the implementations of `TgKill` (where `SYS_lwp_kill` doesn't exist on Solaris 11.4 anyway), `Mmap`, `Munmap`, and `Mprotect` to the same `_REAL*` solution already used in `sanitizer_solaris.cpp`. With those changes, safestack compiles and all tests `PASS`, so the tests are re-enabled for good. Tested on `amd64-pc-solaris2.11`, `sparcv9-sun-solaris2.11`, `x86_64-pc-linux-gnu`, and `sparc64-unknown-linux-gnu`.
sgundapa
pushed a commit
to sgundapa/upstream_effort
that referenced
this pull request
Jul 23, 2024
Even with the `-u __safestack_init` link order fixed on Solaris, there are still several safestack test issues left: - While 540fd42 enabled safestack on Solaris in the driver unconditionally, it ignored that Solaris also exists on SPARC and forgot to enable SPARC support for the runtime lib. This patch fixes that. - The tests fail to link with undefined references to `__sanitizer_internal_memset` etc in `safestack.cpp.o` and `interception_linux.cpp.o`. These are from indirectly including `sanitizer_redefine_builtins.h`. Instead of using the implementations from `sanitizer_common` as was done in [[safestack] Various Solaris fixes](llvm#98469), this patch disables the interception as discussed in [Revert "[safestack] Various Solaris fixes"](llvm#98541). A similar issue affects 32-bit Linux/sparc where compiling `safestack.cpp` with `-ftrivial-auto-var-init=pattern` causes the compiler to generate calls to `memset` to initialize a `pthread_attr_t` which is larger than can be handled inline. This is avoided by defining `SANITIZER_COMMON_NO_REDEFINE_BUILTINS` in `safestack.cpp` and also adding definitions of the interceptors that just forward to `libc` for the benefit of `interception_linux.cpp`. - The `pthread*.c` tests `FAIL` with ``` safestack CHECK failed: /vol/llvm/src/llvm-project/local/compiler-rt/lib/safestack/safestack.cpp:227 size ``` The problem is that `pthread_attr_init` initializes the `stacksize` attribute to 0, signifying the default. Unless explicitly overridded, it stays that way. I think this is allowed by XPG7. Since safestack cannot deal with this, I set `size` to the defaults documented in `pthread_create(3C)`. Unfortunately, there's no macro for those values outside of private `libc` headers. - The Solaris `syscall` interface isn't stable. This is not just a theoretical concern, but the syscalls have changed incompatibly several times in the past. Therefore this patch switches the implementations of `TgKill` (where `SYS_lwp_kill` doesn't exist on Solaris 11.4 anyway), `Mmap`, `Munmap`, and `Mprotect` to the same `_REAL*` solution already used in `sanitizer_solaris.cpp`. With those changes, safestack compiles and all tests `PASS`, so the tests are re-enabled for good. Tested on `amd64-pc-solaris2.11`, `sparcv9-sun-solaris2.11`, `x86_64-pc-linux-gnu`, and `sparc64-unknown-linux-gnu`.
yuxuanchen1997
pushed a commit
that referenced
this pull request
Jul 25, 2024
Summary: Even with the `-u __safestack_init` link order fixed on Solaris, there are still several safestack test issues left: - While 540fd42 enabled safestack on Solaris in the driver unconditionally, it ignored that Solaris also exists on SPARC and forgot to enable SPARC support for the runtime lib. This patch fixes that. - The tests fail to link with undefined references to `__sanitizer_internal_memset` etc in `safestack.cpp.o` and `interception_linux.cpp.o`. These are from indirectly including `sanitizer_redefine_builtins.h`. Instead of using the implementations from `sanitizer_common` as was done in [[safestack] Various Solaris fixes](#98469), this patch disables the interception as discussed in [Revert "[safestack] Various Solaris fixes"](#98541). A similar issue affects 32-bit Linux/sparc where compiling `safestack.cpp` with `-ftrivial-auto-var-init=pattern` causes the compiler to generate calls to `memset` to initialize a `pthread_attr_t` which is larger than can be handled inline. This is avoided by defining `SANITIZER_COMMON_NO_REDEFINE_BUILTINS` in `safestack.cpp` and also adding definitions of the interceptors that just forward to `libc` for the benefit of `interception_linux.cpp`. - The `pthread*.c` tests `FAIL` with ``` safestack CHECK failed: /vol/llvm/src/llvm-project/local/compiler-rt/lib/safestack/safestack.cpp:227 size ``` The problem is that `pthread_attr_init` initializes the `stacksize` attribute to 0, signifying the default. Unless explicitly overridded, it stays that way. I think this is allowed by XPG7. Since safestack cannot deal with this, I set `size` to the defaults documented in `pthread_create(3C)`. Unfortunately, there's no macro for those values outside of private `libc` headers. - The Solaris `syscall` interface isn't stable. This is not just a theoretical concern, but the syscalls have changed incompatibly several times in the past. Therefore this patch switches the implementations of `TgKill` (where `SYS_lwp_kill` doesn't exist on Solaris 11.4 anyway), `Mmap`, `Munmap`, and `Mprotect` to the same `_REAL*` solution already used in `sanitizer_solaris.cpp`. With those changes, safestack compiles and all tests `PASS`, so the tests are re-enabled for good. Tested on `amd64-pc-solaris2.11`, `sparcv9-sun-solaris2.11`, `x86_64-pc-linux-gnu`, and `sparc64-unknown-linux-gnu`. Test Plan: Reviewers: Subscribers: Tasks: Tags: Differential Revision: https://phabricator.intern.facebook.com/D60250973
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Even with the
-u __safestack_initlink order fixed on Solaris, there are still several safestack test issues left:The tests fail to link with undefined references to
__sanitizer_internal_memsetetc. These are fromsanitizer_redefine_builtins.h. Definitions live insanitizer_libc.cpp.o. This patch adds them to the safestack runtime lib as is already the case e.g. for asan and ubsan. Why GNU ld allows the link to complete with those references undefined is beyond me.The
pthread*.ctestsFAILwithsafestack CHECK failed: /vol/llvm/src/llvm-project/local/compiler-rt/lib/safestack/safestack.cpp:227 sizeThe problem is that
pthread_attr_initinitializes thestacksizeattribute to 0, signifying the default. Unless explicitly overridded, it stays that way. I think this is allowed by XPG7. Since safestack cannot deal with this, I setsizeto the defaults documented inpthread_create(3C). Unfortunately, there's no macro for those values outside of privatelibcheaders.The Solaris
syscallinterface isn't stable. This is not just a theoretical concern, but the syscalls have changed incompatibly several times in the past. Therefore this patch switches the implementations ofTgKill(whereSYS_lwp_killdoesn't exist on Solaris 11.4 anyway),Mmap,Munmap, andMprotectto the same_REAL*solution already used insanitizer_solaris.cpp. Instead of duplicating what's already insanitizer_common, it seems way better to me to just reuse those implementations, though. A subsequent patch does just that.With those changes, safestack compiles and all tests
PASS, so the tests are re-enabled for good.Tested on
amd64-pc-solaris2.11,sparcv9-sun-solaris2.11,x86_64-pc-linux-gnu, andsparc64-unknown-linux-gnu.