From 14407332de6185462ceda785c620bb1206e7ca40 Mon Sep 17 00:00:00 2001 From: Andrew Browne Date: Thu, 17 Jun 2021 14:52:09 -0700 Subject: [PATCH] [DFSan] Cleanup code for platforms other than Linux x86_64. These other platforms are unsupported and untested. They could be re-added later based on MSan code. Reviewed By: gbalats, stephan.yichao.zhao Differential Revision: https://reviews.llvm.org/D104481 --- compiler-rt/lib/dfsan/dfsan.cpp | 86 +--------------------- compiler-rt/lib/dfsan/dfsan_platform.h | 51 ------------- .../Instrumentation/DataFlowSanitizer.cpp | 42 ++--------- .../Instrumentation/DataFlowSanitizer/basic.ll | 1 - .../DataFlowSanitizer/external_mask.ll | 13 ---- 5 files changed, 9 insertions(+), 184 deletions(-) delete mode 100644 llvm/test/Instrumentation/DataFlowSanitizer/external_mask.ll diff --git a/compiler-rt/lib/dfsan/dfsan.cpp b/compiler-rt/lib/dfsan/dfsan.cpp index 6e9ad10..e1e3cfa 100644 --- a/compiler-rt/lib/dfsan/dfsan.cpp +++ b/compiler-rt/lib/dfsan/dfsan.cpp @@ -52,8 +52,6 @@ SANITIZER_INTERFACE_ATTRIBUTE THREADLOCAL u64 SANITIZER_INTERFACE_ATTRIBUTE THREADLOCAL u32 __dfsan_arg_origin_tls[kDFsanArgOriginTlsSize / sizeof(u32)]; -SANITIZER_INTERFACE_ATTRIBUTE uptr __dfsan_shadow_ptr_mask; - // Instrumented code may set this value in terms of -dfsan-track-origins. // * undefined or 0: do not track origins. // * 1: track origins at memory store operations. @@ -88,72 +86,8 @@ int __dfsan_get_track_origins() { // 45-46 are cleared to bring the address into the range // [0x100000008000,0x200000000000). See the function shadow_for below. // -// On Linux/MIPS64, memory is laid out as follows: -// -// +--------------------+ 0x10000000000 (top of memory) -// | application memory | -// +--------------------+ 0xF000008000 (kAppAddr) -// | | -// | unused | -// | | -// +--------------------+ 0x2000000000 (kUnusedAddr) -// | shadow memory | -// +--------------------+ 0x1000008000 (kShadowAddr) -// | unused | -// +--------------------+ 0x0000010000 -// | reserved by kernel | -// +--------------------+ 0x0000000000 - -// On Linux/AArch64 (39-bit VMA), memory is laid out as follow: -// -// +--------------------+ 0x8000000000 (top of memory) -// | application memory | -// +--------------------+ 0x7000008000 (kAppAddr) -// | | -// | unused | -// | | -// +--------------------+ 0x1000000000 (kUnusedAddr) -// | shadow memory | -// +--------------------+ 0x0000010000 (kShadowAddr) -// | reserved by kernel | -// +--------------------+ 0x0000000000 - -// On Linux/AArch64 (42-bit VMA), memory is laid out as follow: -// -// +--------------------+ 0x40000000000 (top of memory) -// | application memory | -// +--------------------+ 0x3ff00008000 (kAppAddr) -// | | -// | unused | -// | | -// +--------------------+ 0x8000000000 (kUnusedAddr) -// | shadow memory | -// +--------------------+ 0x0000010000 (kShadowAddr) -// | reserved by kernel | -// +--------------------+ 0x0000000000 - -// On Linux/AArch64 (48-bit VMA), memory is laid out as follow: // -// +--------------------+ 0x1000000000000 (top of memory) -// | application memory | -// +--------------------+ 0xffff00008000 (kAppAddr) -// | unused | -// +--------------------+ 0xaaaab0000000 (top of PIE address) -// | application PIE | -// +--------------------+ 0xaaaaa0000000 (top of PIE address) -// | | -// | unused | -// | | -// +--------------------+ 0x8000000000 (kUnusedAddr) -// | shadow memory | -// +--------------------+ 0x0000010000 (kShadowAddr) -// | reserved by kernel | -// +--------------------+ 0x0000000000 -#ifdef DFSAN_RUNTIME_VMA -// Runtime detected VMA size. -int __dfsan::vmaSize; -#endif extern "C" SANITIZER_INTERFACE_ATTRIBUTE dfsan_label __dfsan_union_load(const dfsan_label *ls, uptr n) { @@ -899,22 +833,6 @@ void dfsan_clear_thread_local_state() { } } -static void InitializePlatformEarly() { - AvoidCVE_2016_2143(); -#ifdef DFSAN_RUNTIME_VMA - __dfsan::vmaSize = - (MostSignificantSetBitIndex(GET_CURRENT_FRAME()) + 1); - if (__dfsan::vmaSize == 39 || __dfsan::vmaSize == 42 || - __dfsan::vmaSize == 48) { - __dfsan_shadow_ptr_mask = ShadowMask(); - } else { - Printf("FATAL: DataFlowSanitizer: unsupported VMA range\n"); - Printf("FATAL: Found %d - Supported 39, 42, and 48\n", __dfsan::vmaSize); - Die(); - } -#endif -} - extern "C" void dfsan_flush() { if (!MmapFixedSuperNoReserve(ShadowAddr(), UnusedAddr() - ShadowAddr())) Die(); @@ -927,9 +845,9 @@ static void DFsanInit(int argc, char **argv, char **envp) { dfsan_init_is_running = true; SanitizerToolName = "DataflowSanitizer"; - InitializeFlags(); + AvoidCVE_2016_2143(); - ::InitializePlatformEarly(); + InitializeFlags(); dfsan_flush(); if (common_flags()->use_madv_dontdump) diff --git a/compiler-rt/lib/dfsan/dfsan_platform.h b/compiler-rt/lib/dfsan/dfsan_platform.h index 8f64227..64a093ff 100644 --- a/compiler-rt/lib/dfsan/dfsan_platform.h +++ b/compiler-rt/lib/dfsan/dfsan_platform.h @@ -20,7 +20,6 @@ namespace __dfsan { using __sanitizer::uptr; -#if defined(__x86_64__) struct Mapping { static const uptr kShadowAddr = 0x100000008000; static const uptr kOriginAddr = 0x200000008000; @@ -28,46 +27,10 @@ struct Mapping { static const uptr kAppAddr = 0x700000008000; static const uptr kShadowMask = ~0x600000000000; }; -#elif defined(__mips64) -struct Mapping { - static const uptr kShadowAddr = 0x1000008000; - static const uptr kUnusedAddr = 0x2000000000; - static const uptr kAppAddr = 0xF000008000; - static const uptr kShadowMask = ~0xE000000000; -}; -#elif defined(__aarch64__) -struct Mapping39 { - static const uptr kShadowAddr = 0x10000; - static const uptr kUnusedAddr = 0x1000000000; - static const uptr kAppAddr = 0x7000008000; - static const uptr kShadowMask = ~0x7800000000; -}; - -struct Mapping42 { - static const uptr kShadowAddr = 0x10000; - static const uptr kUnusedAddr = 0x8000000000; - static const uptr kAppAddr = 0x3ff00008000; - static const uptr kShadowMask = ~0x3c000000000; -}; - -struct Mapping48 { - static const uptr kShadowAddr = 0x10000; - static const uptr kUnusedAddr = 0x8000000000; - static const uptr kAppAddr = 0xffff00008000; - static const uptr kShadowMask = ~0xfffff0000000; -}; - -extern int vmaSize; -# define DFSAN_RUNTIME_VMA 1 -#else -# error "DFSan not supported for this platform!" -#endif enum MappingType { MAPPING_SHADOW_ADDR, -#if defined(__x86_64__) MAPPING_ORIGIN_ADDR, -#endif MAPPING_UNUSED_ADDR, MAPPING_APP_ADDR, MAPPING_SHADOW_MASK @@ -90,17 +53,7 @@ uptr MappingImpl(void) { template uptr MappingArchImpl(void) { -#ifdef __aarch64__ - switch (vmaSize) { - case 39: return MappingImpl(); - case 42: return MappingImpl(); - case 48: return MappingImpl(); - } - DCHECK(0); - return 0; -#else return MappingImpl(); -#endif } ALWAYS_INLINE @@ -110,11 +63,7 @@ uptr ShadowAddr() { ALWAYS_INLINE uptr OriginAddr() { -#if defined(__x86_64__) return MappingArchImpl(); -#else - return 0; -#endif } ALWAYS_INLINE diff --git a/llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp b/llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp index 47aaf65..b36fd72 100644 --- a/llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp +++ b/llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp @@ -123,11 +123,6 @@ static const Align MinOriginAlignment = Align(4); static const unsigned ArgTLSSize = 800; static const unsigned RetvalTLSSize = 800; -// External symbol to be used when generating the shadow address for -// architectures with multiple VMAs. Instead of using a constant integer -// the runtime will set the external mask based on the VMA range. -const char DFSanExternShadowPtrMask[] = "__dfsan_shadow_ptr_mask"; - // The -dfsan-preserve-alignment flag controls whether this pass assumes that // alignment requirements provided by the input IR are correct. For example, // if the input IR contains a load with alignment 8, this flag will cause @@ -403,7 +398,6 @@ class DataFlowSanitizer { Constant *ArgOriginTLS; Constant *RetvalTLS; Constant *RetvalOriginTLS; - Constant *ExternalShadowMask; FunctionType *DFSanUnionLoadFnTy; FunctionType *DFSanLoadLabelAndOriginFnTy; FunctionType *DFSanUnimplementedFnTy; @@ -437,7 +431,6 @@ class DataFlowSanitizer { DFSanABIList ABIList; DenseMap UnwrappedFnMap; AttrBuilder ReadOnlyNoneAttrs; - bool DFSanRuntimeShadowMask = false; Value *getShadowOffset(Value *Addr, IRBuilder<> &IRB); Value *getShadowAddress(Value *Addr, Instruction *Pos); @@ -1013,6 +1006,11 @@ bool DataFlowSanitizer::init(Module &M) { Triple TargetTriple(M.getTargetTriple()); const DataLayout &DL = M.getDataLayout(); + if (TargetTriple.getOS() != Triple::Linux) + report_fatal_error("unsupported operating system"); + if (TargetTriple.getArch() != Triple::x86_64) + report_fatal_error("unsupported architecture"); + Mod = &M; Ctx = &M.getContext(); Int8Ptr = Type::getInt8PtrTy(*Ctx); @@ -1024,27 +1022,9 @@ bool DataFlowSanitizer::init(Module &M) { ZeroPrimitiveShadow = ConstantInt::getSigned(PrimitiveShadowTy, 0); ZeroOrigin = ConstantInt::getSigned(OriginTy, 0); - // TODO: these should be platform-specific and set in the switch-stmt below. ShadowBase = ConstantInt::get(IntptrTy, 0x100000008000LL); OriginBase = ConstantInt::get(IntptrTy, 0x200000008000LL); - - switch (TargetTriple.getArch()) { - case Triple::x86_64: - ShadowPtrMask = ConstantInt::getSigned(IntptrTy, ~0x600000000000LL); - break; - case Triple::mips64: - case Triple::mips64el: - ShadowPtrMask = ConstantInt::getSigned(IntptrTy, ~0xE000000000LL); - break; - case Triple::aarch64: - case Triple::aarch64_be: - // AArch64 supports multiple VMAs and the shadow mask is set at runtime. - DFSanRuntimeShadowMask = true; - break; - default: - report_fatal_error("unsupported triple"); - } - + ShadowPtrMask = ConstantInt::getSigned(IntptrTy, ~0x600000000000LL); Type *DFSanUnionLoadArgs[2] = {PrimitiveShadowPtrTy, IntptrTy}; DFSanUnionLoadFnTy = FunctionType::get(PrimitiveShadowTy, DFSanUnionLoadArgs, /*isVarArg=*/false); @@ -1395,9 +1375,6 @@ bool DataFlowSanitizer::runImpl(Module &M) { injectMetadataGlobals(M); - ExternalShadowMask = - Mod->getOrInsertGlobal(DFSanExternShadowPtrMask, IntptrTy); - initializeCallbackFunctions(M); initializeRuntimeFunctions(M); @@ -1747,13 +1724,8 @@ void DFSanFunction::setShadow(Instruction *I, Value *Shadow) { Value *DataFlowSanitizer::getShadowOffset(Value *Addr, IRBuilder<> &IRB) { // Returns Addr & shadow_mask assert(Addr != RetvalTLS && "Reinstrumenting?"); - Value *ShadowPtrMaskValue; - if (DFSanRuntimeShadowMask) - ShadowPtrMaskValue = IRB.CreateLoad(IntptrTy, ExternalShadowMask); - else - ShadowPtrMaskValue = ShadowPtrMask; return IRB.CreateAnd(IRB.CreatePtrToInt(Addr, IntptrTy), - IRB.CreatePtrToInt(ShadowPtrMaskValue, IntptrTy)); + IRB.CreatePtrToInt(ShadowPtrMask, IntptrTy)); } std::pair diff --git a/llvm/test/Instrumentation/DataFlowSanitizer/basic.ll b/llvm/test/Instrumentation/DataFlowSanitizer/basic.ll index f736029..f8d4281 100644 --- a/llvm/test/Instrumentation/DataFlowSanitizer/basic.ll +++ b/llvm/test/Instrumentation/DataFlowSanitizer/basic.ll @@ -11,7 +11,6 @@ target triple = "x86_64-unknown-linux-gnu" ; CHECK_ORIGIN: @__dfsan_track_origins = weak_odr constant i32 1 ; CHECK: @__dfsan_shadow_width_bits = weak_odr constant i32 [[#SBITS:]] ; CHECK: @__dfsan_shadow_width_bytes = weak_odr constant i32 [[#SBYTES:]] -; CHECK: @__dfsan_shadow_ptr_mask = external global i64 define i8 @load(i8* %p) { ; CHECK-LABEL: define i8 @load.dfsan diff --git a/llvm/test/Instrumentation/DataFlowSanitizer/external_mask.ll b/llvm/test/Instrumentation/DataFlowSanitizer/external_mask.ll deleted file mode 100644 index 05c33a3..0000000 --- a/llvm/test/Instrumentation/DataFlowSanitizer/external_mask.ll +++ /dev/null @@ -1,13 +0,0 @@ -; RUN: opt < %s -dfsan -S | FileCheck %s -target datalayout = "e-m:e-i64:64-i128:128-n32:64-S128" -target triple = "aarch64-unknown-linux-gnu" - -define i32 @test(i32 %a, i32* nocapture readonly %b) #0 { - ; CHECK: @test.dfsan - ; CHECK: %[[RV:.*]] load{{.*}}__dfsan_shadow_ptr_mask - ; CHECK: ptrtoint i32* {{.*}} to i64 - ; CHECK: and {{.*}}%[[RV:.*]] - %1 = load i32, i32* %b, align 4 - %2 = add nsw i32 %1, %a - ret i32 %2 -} -- 2.7.4