From e08d42cfb5a2e9cb2397236bb2f48b0da64da7ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=A4=8F=E4=B8=8D=E7=99=BD?= Date: Mon, 13 May 2024 23:09:53 +0800 Subject: [PATCH] add one stack protector option only for stack sorting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 夏不白 Change-Id: Ied19dbb23417bf4f09f54714a59cc6cbac06652e Signed-off-by: 夏不白 --- clang/docs/ClangCommandLineReference.rst | 4 ++++ clang/include/clang/Basic/LangOptions.h | 2 +- clang/include/clang/Driver/Options.td | 6 ++++-- clang/lib/CodeGen/CodeGenModule.cpp | 2 ++ clang/lib/Driver/ToolChains/Clang.cpp | 3 +++ clang/lib/Frontend/InitPreprocessor.cpp | 2 ++ llvm/include/llvm/Bitcode/LLVMBitCodes.h | 1 + llvm/include/llvm/IR/Attributes.td | 3 +++ llvm/lib/Bitcode/Reader/BitcodeReader.cpp | 2 ++ llvm/lib/Bitcode/Writer/BitcodeWriter.cpp | 2 ++ llvm/lib/CodeGen/LocalStackSlotAllocation.cpp | 3 ++- llvm/lib/CodeGen/PrologEpilogInserter.cpp | 3 ++- llvm/lib/CodeGen/SafeStack.cpp | 3 ++- llvm/lib/CodeGen/StackProtector.cpp | 4 ++++ llvm/lib/IR/Attributes.cpp | 13 +++++++++++-- llvm/lib/IR/Function.cpp | 3 ++- llvm/lib/Transforms/Utils/CodeExtractor.cpp | 1 + 17 files changed, 48 insertions(+), 9 deletions(-) diff --git a/clang/docs/ClangCommandLineReference.rst b/clang/docs/ClangCommandLineReference.rst index 41fb8f7259eb..dcfd6d0e68cb 100644 --- a/clang/docs/ClangCommandLineReference.rst +++ b/clang/docs/ClangCommandLineReference.rst @@ -2512,6 +2512,10 @@ Enable stack protectors for all functions with return address check .. option:: -fstack-protector-ret-strong +Enable stack protectors for all functions with stack sorting + +.. option:: -fstack-protector-sorting + Enable stack protectors for some functions vulnerable to stack smashing with return address check .. option:: -fstack-protector-strong diff --git a/clang/include/clang/Basic/LangOptions.h b/clang/include/clang/Basic/LangOptions.h index 10b8260b3489..c5f6659583f8 100644 --- a/clang/include/clang/Basic/LangOptions.h +++ b/clang/include/clang/Basic/LangOptions.h @@ -81,7 +81,7 @@ public: using RoundingMode = llvm::RoundingMode; enum GCMode { NonGC, GCOnly, HybridGC }; - enum StackProtectorMode { SSPOff, SSPOn, SSPStrong, SSPReq, SSPRetStrong, SSPRetReq }; // OHOS_LOCAL + enum StackProtectorMode { SSPOff, SSPOn, SSPStrong, SSPReq, SSPRetStrong, SSPRetReq, SSPSort }; // OHOS_LOCAL // Automatic variables live on the stack, and when trivial they're usually // uninitialized because it's undefined behavior to use them without diff --git a/clang/include/clang/Driver/Options.td b/clang/include/clang/Driver/Options.td index 97433f169d14..31b8b45147e6 100644 --- a/clang/include/clang/Driver/Options.td +++ b/clang/include/clang/Driver/Options.td @@ -2743,6 +2743,8 @@ def fstack_protector_ret_all : Flag<["-"], "fstack-protector-ret-all">, Group; def fstack_protector_ret_strong : Flag<["-"], "fstack-protector-ret-strong">, Group, HelpText<"Enable stack protectors for some functions vulnerable to stack smashing with return address check">; +def fstack_protector_sorting : Flag<["-"], "fstack-protector-sorting">, Group, + HelpText<"Enable stack sorting on any functions">; // OHOS_LOCAL end defm stack_clash_protection : BoolFOption<"stack-clash-protection", CodeGenOpts<"StackClashProtector">, DefaultFalse, @@ -6062,9 +6064,9 @@ def static_define : Flag<["-"], "static-define">, MarshallingInfoFlag>; def stack_protector : Separate<["-"], "stack-protector">, HelpText<"Enable stack protectors">, - Values<"0,1,2,3,4,5">, // OHOS_LOCAL + Values<"0,1,2,3,4,5,6">, // OHOS_LOCAL NormalizedValuesScope<"LangOptions">, - NormalizedValues<["SSPOff", "SSPOn", "SSPStrong", "SSPReq", "SSPRetStrong", "SSPRetReq"]>, // OHOS_LOCAL + NormalizedValues<["SSPOff", "SSPOn", "SSPStrong", "SSPReq", "SSPRetStrong", "SSPRetReq", "SSPSort"]>, // OHOS_LOCAL MarshallingInfoEnum, "SSPOff">; def stack_protector_buffer_size : Separate<["-"], "stack-protector-buffer-size">, HelpText<"Lower bound for a buffer to be considered for stack protection">, diff --git a/clang/lib/CodeGen/CodeGenModule.cpp b/clang/lib/CodeGen/CodeGenModule.cpp index a6144180f9c9..fb814d96e99c 100644 --- a/clang/lib/CodeGen/CodeGenModule.cpp +++ b/clang/lib/CodeGen/CodeGenModule.cpp @@ -1960,6 +1960,8 @@ void CodeGenModule::SetLLVMFunctionAttributesForDefinition(const Decl *D, B.addAttribute(llvm::Attribute::StackProtectRetStrong); else if (LangOpts.getStackProtector() == LangOptions::SSPRetReq) B.addAttribute(llvm::Attribute::StackProtectRetReq); + else if (LangOpts.getStackProtector() == LangOptions::SSPSort) + B.addAttribute(llvm::Attribute::StackProtectSorting); // OHOS_LOCAL end } diff --git a/clang/lib/Driver/ToolChains/Clang.cpp b/clang/lib/Driver/ToolChains/Clang.cpp index ba06b28d9661..564c2ec3e1e1 100644 --- a/clang/lib/Driver/ToolChains/Clang.cpp +++ b/clang/lib/Driver/ToolChains/Clang.cpp @@ -3262,6 +3262,7 @@ static void RenderSSPOptions(const Driver &D, const ToolChain &TC, // OHOS_LOCAL begin options::OPT_fstack_protector_ret_all, options::OPT_fstack_protector_ret_strong, + options::OPT_fstack_protector_sorting, // OHOS_LOCAL end options::OPT_fstack_protector_strong, options::OPT_fstack_protector)) { @@ -3275,6 +3276,8 @@ static void RenderSSPOptions(const Driver &D, const ToolChain &TC, StackProtectorLevel = LangOptions::SSPRetStrong; else if (A->getOption().matches(options::OPT_fstack_protector_ret_all)) StackProtectorLevel = LangOptions::SSPRetReq; + else if (A->getOption().matches(options::OPT_fstack_protector_sorting)) + StackProtectorLevel = LangOptions::SSPSort; // OHOS_LOCAL end else if (A->getOption().matches(options::OPT_fstack_protector_all)) StackProtectorLevel = LangOptions::SSPReq; diff --git a/clang/lib/Frontend/InitPreprocessor.cpp b/clang/lib/Frontend/InitPreprocessor.cpp index cf40036385f2..26ce7729e2f4 100644 --- a/clang/lib/Frontend/InitPreprocessor.cpp +++ b/clang/lib/Frontend/InitPreprocessor.cpp @@ -1190,6 +1190,8 @@ static void InitializePredefinedMacros(const TargetInfo &TI, Builder.defineMacro("__SSP_RET_STRONG__", "4"); else if (LangOpts.getStackProtector() == LangOptions::SSPRetReq) Builder.defineMacro("__SSP_RET_ALL__", "5"); + else if (LangOpts.getStackProtector() == LangOptions::SSPSort) + Builder.defineMacro("__SSP_SORT__", "6"); // OHOS_LOCAL end if (PPOpts.SetUpStaticAnalyzer) diff --git a/llvm/include/llvm/Bitcode/LLVMBitCodes.h b/llvm/include/llvm/Bitcode/LLVMBitCodes.h index 6cd0011085e0..5185a671ac28 100644 --- a/llvm/include/llvm/Bitcode/LLVMBitCodes.h +++ b/llvm/include/llvm/Bitcode/LLVMBitCodes.h @@ -692,6 +692,7 @@ enum AttributeKindCodes { /// OHOS_LOCAL begin ATTR_KIND_STACK_PROTECT_RET_REQ = 85, ATTR_KIND_STACK_PROTECT_RET_STRONG = 86, + ATTR_KIND_STACK_PROTECT_SORTING = 87, /// OHOS_LOCAL end }; diff --git a/llvm/include/llvm/IR/Attributes.td b/llvm/include/llvm/IR/Attributes.td index a10d9d9c6b23..f0ec2c4ae1a9 100644 --- a/llvm/include/llvm/IR/Attributes.td +++ b/llvm/include/llvm/IR/Attributes.td @@ -250,6 +250,9 @@ def StackProtectRetReq : EnumAttr<"sspretreq", [FnAttr]>; /// Strong Stack protection with return address check. def StackProtectRetStrong : EnumAttr<"sspretstrong", [FnAttr]>; + +/// Stack protection only stack Order. +def StackProtectSorting : EnumAttr<"sspsort", [FnAttr]>; /// OHOS_LOCAL end /// Stack protection required. diff --git a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp index 4e88d10e7f65..490f5c6c2bcc 100644 --- a/llvm/lib/Bitcode/Reader/BitcodeReader.cpp +++ b/llvm/lib/Bitcode/Reader/BitcodeReader.cpp @@ -1954,6 +1954,8 @@ static Attribute::AttrKind getAttrFromCode(uint64_t Code) { return Attribute::StackProtectRetReq; case bitc::ATTR_KIND_STACK_PROTECT_RET_STRONG: return Attribute::StackProtectRetStrong; + case bitc::ATTR_KIND_STACK_PROTECT_SORTING: + return Attribute::StackProtectSorting; /// OHOS_LOCAL end case bitc::ATTR_KIND_STACK_PROTECT_REQ: return Attribute::StackProtectReq; diff --git a/llvm/lib/Bitcode/Writer/BitcodeWriter.cpp b/llvm/lib/Bitcode/Writer/BitcodeWriter.cpp index 5e05ff26647e..4d06392d5e00 100644 --- a/llvm/lib/Bitcode/Writer/BitcodeWriter.cpp +++ b/llvm/lib/Bitcode/Writer/BitcodeWriter.cpp @@ -733,6 +733,8 @@ static uint64_t getAttrKindEncoding(Attribute::AttrKind Kind) { return bitc::ATTR_KIND_STACK_PROTECT_RET_REQ; case Attribute::StackProtectRetStrong: return bitc::ATTR_KIND_STACK_PROTECT_RET_STRONG; + case Attribute::StackProtectSorting: + return bitc::ATTR_KIND_STACK_PROTECT_SORTING; /// OHOS_LOCAL end case Attribute::StackProtectReq: return bitc::ATTR_KIND_STACK_PROTECT_REQ; diff --git a/llvm/lib/CodeGen/LocalStackSlotAllocation.cpp b/llvm/lib/CodeGen/LocalStackSlotAllocation.cpp index e2d3349938b7..159589711ec9 100644 --- a/llvm/lib/CodeGen/LocalStackSlotAllocation.cpp +++ b/llvm/lib/CodeGen/LocalStackSlotAllocation.cpp @@ -250,7 +250,8 @@ void LocalStackSlotPass::calculateFrameObjectOffsets(MachineFunction &Fn) { Offset, MaxAlign); /// OHOS_LOCAL begin } else if (F.hasFnAttribute(Attribute::StackProtectRetReq) || - F.hasFnAttribute(Attribute::StackProtectRetStrong)) { + F.hasFnAttribute(Attribute::StackProtectRetStrong) || + F.hasFnAttribute(Attribute::StackProtectSorting)) { StackObjSet LargeArrayObjs; StackObjSet SmallArrayObjs; StackObjSet AddrOfObjs; diff --git a/llvm/lib/CodeGen/PrologEpilogInserter.cpp b/llvm/lib/CodeGen/PrologEpilogInserter.cpp index 5dbcd0facfd1..deaec4956689 100644 --- a/llvm/lib/CodeGen/PrologEpilogInserter.cpp +++ b/llvm/lib/CodeGen/PrologEpilogInserter.cpp @@ -1217,7 +1217,8 @@ void PEI::calculateFrameObjectOffsets(MachineFunction &MF) { AssignProtectedObjSet(AddrOfObjs, ProtectedObjs, MFI, StackGrowsDown, Offset, MaxAlign, Skew); } else if (F.hasFnAttribute(Attribute::StackProtectRetReq) || - F.hasFnAttribute(Attribute::StackProtectRetStrong)) { + F.hasFnAttribute(Attribute::StackProtectRetStrong) || + F.hasFnAttribute(Attribute::StackProtectSorting)) { StackObjSet LargeArrayObjs; StackObjSet SmallArrayObjs; StackObjSet AddrOfObjs; diff --git a/llvm/lib/CodeGen/SafeStack.cpp b/llvm/lib/CodeGen/SafeStack.cpp index 6ec99ed8631e..94b560c9d858 100644 --- a/llvm/lib/CodeGen/SafeStack.cpp +++ b/llvm/lib/CodeGen/SafeStack.cpp @@ -811,7 +811,8 @@ bool SafeStack::run() { F.hasFnAttribute(Attribute::StackProtectReq) || // OHOS_LOCAL begin F.hasFnAttribute(Attribute::StackProtectRetStrong) || - F.hasFnAttribute(Attribute::StackProtectRetReq)) { + F.hasFnAttribute(Attribute::StackProtectRetReq) || + F.hasFnAttribute(Attribute::StackProtectSorting)) { // OHOS_LOCAL end Value *StackGuard = getStackGuard(IRB, F); StackGuardSlot = IRB.CreateAlloca(StackPtrTy, nullptr); diff --git a/llvm/lib/CodeGen/StackProtector.cpp b/llvm/lib/CodeGen/StackProtector.cpp index bf48cee310ff..c8180a7f4c26 100644 --- a/llvm/lib/CodeGen/StackProtector.cpp +++ b/llvm/lib/CodeGen/StackProtector.cpp @@ -125,6 +125,8 @@ bool StackProtector::runOnFunction(Function &Fn) { // StackProtectRet requires special code generation methods for backward // cfi. return false; + } else if (Fn.hasFnAttribute(Attribute::StackProtectSorting)) { + return false; } // OHOS_LOCAL end @@ -344,6 +346,8 @@ bool StackProtector::RequiresStackProtector() { Strong = true; } else if (F->hasFnAttribute(Attribute::StackProtectRetStrong)) { Strong = true; + } else if (F->hasFnAttribute(Attribute::StackProtectSorting)) { + Strong = true; // OHOS_LOCAL end } else if (F->hasFnAttribute(Attribute::StackProtectStrong)) Strong = true; diff --git a/llvm/lib/IR/Attributes.cpp b/llvm/lib/IR/Attributes.cpp index b70b6fafe8ec..383cf29c716e 100644 --- a/llvm/lib/IR/Attributes.cpp +++ b/llvm/lib/IR/Attributes.cpp @@ -1912,7 +1912,8 @@ static void adjustCallerSSPLevel(Function &Caller, const Function &Callee) { .addAttribute(Attribute::StackProtectStrong) .addAttribute(Attribute::StackProtectRetStrong) // OHOS_LOCAL .addAttribute(Attribute::StackProtectReq) - .addAttribute(Attribute::StackProtectRetReq); // OHOS_LOCAL + .addAttribute(Attribute::StackProtectRetReq) + .addAttribute(Attribute::StackProtectSorting); // OHOS_LOCAL // OHOS_LOCAL begin // sspretreq > sspreq > sspretstrong > sspstrong > ssp @@ -1934,11 +1935,19 @@ static void adjustCallerSSPLevel(Function &Caller, const Function &Callee) { !Caller.hasFnAttribute(Attribute::StackProtectRetStrong)) { Caller.removeFnAttrs(OldSSPAttr); Caller.addFnAttr(Attribute::StackProtectStrong); + } else if (Callee.hasFnAttribute(Attribute::StackProtectSorting) && + !Caller.hasFnAttribute(Attribute::StackProtectRetReq) && + !Caller.hasFnAttribute(Attribute::StackProtectReq) && + !Caller.hasFnAttribute(Attribute::StackProtectRetStrong) && + !Caller.hasFnAttribute(Attribute::StackProtectRetStrong)) { + Caller.removeFnAttrs(OldSSPAttr); + Caller.addFnAttr(Attribute::StackProtectSorting); } else if (Callee.hasFnAttribute(Attribute::StackProtect) && !Caller.hasFnAttribute(Attribute::StackProtectReq) && !Caller.hasFnAttribute(Attribute::StackProtectStrong) && !Caller.hasFnAttribute(Attribute::StackProtectRetReq) && - !Caller.hasFnAttribute(Attribute::StackProtectRetStrong)) + !Caller.hasFnAttribute(Attribute::StackProtectRetStrong) && + !Caller.hasFnAttribute(Attribute::StackProtectSorting)) Caller.addFnAttr(Attribute::StackProtect); // OHOS_LOCAL end } diff --git a/llvm/lib/IR/Function.cpp b/llvm/lib/IR/Function.cpp index 5a073632d385..c5080bf977b2 100644 --- a/llvm/lib/IR/Function.cpp +++ b/llvm/lib/IR/Function.cpp @@ -709,7 +709,8 @@ bool Function::hasStackProtectorFnAttr() const { hasFnAttribute(Attribute::StackProtectReq) || /// OHOS_LOCAL begin hasFnAttribute(Attribute::StackProtectRetStrong) || - hasFnAttribute(Attribute::StackProtectRetReq); + hasFnAttribute(Attribute::StackProtectRetReq) || + hasFnAttribute(Attribute::StackProtectSorting); /// OHOS_LOCAL end } diff --git a/llvm/lib/Transforms/Utils/CodeExtractor.cpp b/llvm/lib/Transforms/Utils/CodeExtractor.cpp index 10134e26671f..228d6f731d72 100644 --- a/llvm/lib/Transforms/Utils/CodeExtractor.cpp +++ b/llvm/lib/Transforms/Utils/CodeExtractor.cpp @@ -958,6 +958,7 @@ Function *CodeExtractor::constructFunction(const ValueSet &inputs, // OHOS_LOCAL begin case Attribute::StackProtectRetReq: case Attribute::StackProtectRetStrong: + case Attribute::StackProtectSorting: // OHOS_LOCAL end case Attribute::StackProtectReq: case Attribute::StackProtectStrong: -- Gitee