From 5bd669dc8fcd7bb28909493744463da47808a0f8 Mon Sep 17 00:00:00 2001 From: Evgeniy Stepanov Date: Wed, 17 Jan 2018 23:24:38 +0000 Subject: [PATCH] [hwasan] LLVM-level flags for linux kernel-compatible hwasan instrumentation. Summary: -hwasan-mapping-offset defines the non-zero shadow base address. -hwasan-kernel disables calls to __hwasan_init in module constructors. Unlike ASan, -hwasan-kernel does not force callback instrumentation. This is controlled separately with -hwasan-instrument-with-calls. Reviewers: kcc Subscribers: srhines, hiraditya, llvm-commits Differential Revision: https://reviews.llvm.org/D42141 llvm-svn: 322785 --- .../Instrumentation/HWAddressSanitizer.cpp | 30 ++++++++++++++----- .../HWAddressSanitizer/kernel.ll | 27 +++++++++++++++++ 2 files changed, 50 insertions(+), 7 deletions(-) create mode 100644 llvm/test/Instrumentation/HWAddressSanitizer/kernel.ll diff --git a/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp b/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp index 3da9fe7e2017..15d97b3ae6f6 100644 --- a/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp +++ b/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp @@ -96,6 +96,15 @@ static cl::opt ClGenerateTagsWithCalls( cl::desc("generate new tags with runtime library calls"), cl::Hidden, cl::init(false)); +static cl::opt ClMappingOffset( + "hwasan-mapping-offset", + cl::desc("offset of hwasan shadow mapping [EXPERIMENTAL]"), cl::Hidden, + cl::init(0)); + +static cl::opt ClEnableKhwasan( + "hwasan-kernel", cl::desc("Enable KernelHWAddressSanitizer instrumentation"), + cl::Hidden, cl::init(false)); + namespace { /// \brief An instrumentation pass implementing detection of addressability bugs @@ -177,12 +186,14 @@ bool HWAddressSanitizer::doInitialization(Module &M) { IntptrTy = IRB.getIntPtrTy(DL); Int8Ty = IRB.getInt8Ty(); - std::tie(HwasanCtorFunction, std::ignore) = - createSanitizerCtorAndInitFunctions(M, kHwasanModuleCtorName, - kHwasanInitName, - /*InitArgTypes=*/{}, - /*InitArgs=*/{}); - appendToGlobalCtors(M, HwasanCtorFunction, 0); + if (!ClEnableKhwasan) { + std::tie(HwasanCtorFunction, std::ignore) = + createSanitizerCtorAndInitFunctions(M, kHwasanModuleCtorName, + kHwasanInitName, + /*InitArgTypes=*/{}, + /*InitArgs=*/{}); + appendToGlobalCtors(M, HwasanCtorFunction, 0); + } return true; } @@ -282,7 +293,12 @@ void HWAddressSanitizer::instrumentMemAccessInline(Value *PtrLong, bool IsWrite, IRB.CreateAnd(PtrLong, ConstantInt::get(PtrLong->getType(), ~(0xFFULL << kPointerTagShift))); Value *ShadowLong = IRB.CreateLShr(AddrLong, kShadowScale); - Value *MemTag = IRB.CreateLoad(IRB.CreateIntToPtr(ShadowLong, IRB.getInt8PtrTy())); + if (ClMappingOffset) + ShadowLong = IRB.CreateAdd( + ShadowLong, ConstantInt::get(PtrLong->getType(), ClMappingOffset, + /*isSigned=*/false)); + Value *MemTag = + IRB.CreateLoad(IRB.CreateIntToPtr(ShadowLong, IRB.getInt8PtrTy())); Value *TagMismatch = IRB.CreateICmpNE(PtrTag, MemTag); TerminatorInst *CheckTerm = diff --git a/llvm/test/Instrumentation/HWAddressSanitizer/kernel.ll b/llvm/test/Instrumentation/HWAddressSanitizer/kernel.ll new file mode 100644 index 000000000000..d6919aad21cb --- /dev/null +++ b/llvm/test/Instrumentation/HWAddressSanitizer/kernel.ll @@ -0,0 +1,27 @@ +; Test kernel hwasan instrumentation. +; +; RUN: opt < %s -hwasan -hwasan-kernel=1 -S | FileCheck %s --allow-empty --check-prefixes=KERNEL +; RUN: opt < %s -hwasan -hwasan-mapping-offset=12345678 -S | FileCheck %s --check-prefixes=OFFSET + +target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128" +target triple = "aarch64--linux-android" + +define i8 @test_load(i8* %a) sanitize_hwaddress { +; OFFSET-LABEL: @test_load( +; OFFSET: %[[A:[^ ]*]] = ptrtoint i8* %a to i64 +; OFFSET: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 +; OFFSET: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 +; OFFSET: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; OFFSET: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 +; OFFSET: %[[D1:[^ ]*]] = add i64 %[[D]], 12345678 +; OFFSET: %[[E:[^ ]*]] = inttoptr i64 %[[D1]] to i8* +; OFFSET: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] +; OFFSET: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] +; OFFSET: br i1 %[[F]], + +entry: + %b = load i8, i8* %a, align 4 + ret i8 %b +} + +; KERNEL-NOT: call void @__hwasan_init