Implement protection of stack variables

This patch implements the protection of stack variables. It lays out stack variables as well as the different red zones, emits some prologue code to populate the shadow memory as to poison (mark as non-accessible) the regions of the red zones and mark the regions of stack variables as accessible, and emit some epilogue code to un-poison (mark as accessible) the regions of red zones right before the function exits. * Makefile.in (asan.o): Depend on $(EXPR_H) $(OPTABS_H). (cfgexpand.o): Depend on asan.h. * asan.c: Include expr.h and optabs.h. (asan_shadow_set): New variable. (asan_shadow_cst, asan_emit_stack_protection): New functions. (asan_init_shadow_ptr_types): Initialize also asan_shadow_set. * cfgexpand.c: Include asan.h. Define HOST_WIDE_INT heap vector. (partition_stack_vars): If i is large alignment and j small alignment or vice versa, break out of the loop instead of continue, and put the test earlier. If flag_asan, break out of the loop if for small alignment size is different. (struct stack_vars_data): New type. (expand_stack_vars): Add DATA argument. Change PRED type to function taking size_t argument instead of tree. Adjust pred calls. Fill DATA in and add needed padding in between variables if -faddress-sanitizer. (defer_stack_allocation): Defer everything for flag_asan. (stack_protect_decl_phase_1, stack_protect_decl_phase_2): Take size_t index into stack_vars array instead of the decl directly. (asan_decl_phase_3): New function. (expand_used_vars): Return var destruction sequence. Adjust expand_stack_vars calls, add another one for flag_asan. Call asan_emit_stack_protection if expand_stack_vars added anything to the vectors. (expand_gimple_basic_block): Add disable_tail_calls argument. (gimple_expand_cfg): Pass true to it if expand_used_vars returned non-NULL. Emit the sequence returned by expand_used_vars after return_label. * asan.h (asan_emit_stack_protection): New prototype. (asan_shadow_set): New decl. (ASAN_RED_ZONE_SIZE, ASAN_STACK_MAGIC_LEFT, ASAN_STACK_MAGIC_MIDDLE, ASAN_STACK_MAGIC_RIGHT, ASAN_STACK_FRAME_MAGIC): Define. (asan_protect_stack_decl): New inline. * toplev.c (process_options): Also disable -faddress-sanitizer on !FRAME_GROWS_DOWNWARDS targets. From-SVN: r193436

Implement protection of stack variables
This patch implements the protection of stack variables. It lays out stack variables as well as the different red zones, emits some prologue code to populate the shadow memory as to poison (mark as non-accessible) the regions of the red zones and mark the regions of stack variables as accessible, and emit some epilogue code to un-poison (mark as accessible) the regions of red zones right before the function exits. * Makefile.in (asan.o): Depend on $(EXPR_H) $(OPTABS_H). (cfgexpand.o): Depend on asan.h. * asan.c: Include expr.h and optabs.h. (asan_shadow_set): New variable. (asan_shadow_cst, asan_emit_stack_protection): New functions. (asan_init_shadow_ptr_types): Initialize also asan_shadow_set. * cfgexpand.c: Include asan.h. Define HOST_WIDE_INT heap vector. (partition_stack_vars): If i is large alignment and j small alignment or vice versa, break out of the loop instead of continue, and put the test earlier. If flag_asan, break out of the loop if for small alignment size is different. (struct stack_vars_data): New type. (expand_stack_vars): Add DATA argument. Change PRED type to function taking size_t argument instead of tree. Adjust pred calls. Fill DATA in and add needed padding in between variables if -faddress-sanitizer. (defer_stack_allocation): Defer everything for flag_asan. (stack_protect_decl_phase_1, stack_protect_decl_phase_2): Take size_t index into stack_vars array instead of the decl directly. (asan_decl_phase_3): New function. (expand_used_vars): Return var destruction sequence. Adjust expand_stack_vars calls, add another one for flag_asan. Call asan_emit_stack_protection if expand_stack_vars added anything to the vectors. (expand_gimple_basic_block): Add disable_tail_calls argument. (gimple_expand_cfg): Pass true to it if expand_used_vars returned non-NULL. Emit the sequence returned by expand_used_vars after return_label. * asan.h (asan_emit_stack_protection): New prototype. (asan_shadow_set): New decl. (ASAN_RED_ZONE_SIZE, ASAN_STACK_MAGIC_LEFT, ASAN_STACK_MAGIC_MIDDLE, ASAN_STACK_MAGIC_RIGHT, ASAN_STACK_FRAME_MAGIC): Define. (asan_protect_stack_decl): New inline. * toplev.c (process_options): Also disable -faddress-sanitizer on !FRAME_GROWS_DOWNWARDS targets. From-SVN: r193436
f3ddd692 · Jakub Jelinek · Dodji Seketeli · dfb9e332 · f3ddd692 · f3ddd692
Commit f3ddd692 authored Nov 12, 2012 by Jakub Jelinek Committed by Dodji Seketeli Nov 12, 2012
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 217 additions and 25 deletions

gcc/ChangeLog
+38 -0

gcc/Makefile.in
+2 -2

gcc/asan.c
+0 -0

gcc/asan.h
+30 -1

gcc/cfgexpand.c
+144 -21

gcc/toplev.c
+3 -1

No files found.
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
 2012-11-12  Jakub Jelinek  <jakub@redhat.com>

+	* Makefile.in (asan.o): Depend on $(EXPR_H) $(OPTABS_H).
+	(cfgexpand.o): Depend on asan.h.
+	* asan.c: Include expr.h and optabs.h.
+	(asan_shadow_set): New variable.
+	(asan_shadow_cst, asan_emit_stack_protection): New functions.
+	(asan_init_shadow_ptr_types): Initialize also asan_shadow_set.
+	* cfgexpand.c: Include asan.h.  Define HOST_WIDE_INT heap vector.
+	(partition_stack_vars): If i is large alignment and j small
+	alignment or vice versa, break out of the loop instead of continue,
+	and put the test earlier.  If flag_asan, break out of the loop
+	if for small alignment size is different.
+	(struct stack_vars_data): New type.
+	(expand_stack_vars): Add DATA argument.  Change PRED type to
+	function taking size_t argument instead of tree.  Adjust pred
+	calls.  Fill DATA in and add needed padding in between variables
+	if -faddress-sanitizer.
+	(defer_stack_allocation): Defer everything for flag_asan.
+	(stack_protect_decl_phase_1, stack_protect_decl_phase_2): Take
+	size_t index into stack_vars array instead of the decl directly.
+	(asan_decl_phase_3): New function.
+	(expand_used_vars): Return var destruction sequence.  Adjust
+	expand_stack_vars calls, add another one for flag_asan.  Call
+	asan_emit_stack_protection if expand_stack_vars added anything
+	to the vectors.
+	(expand_gimple_basic_block): Add disable_tail_calls argument.
+	(gimple_expand_cfg): Pass true to it if expand_used_vars returned
+	non-NULL.  Emit the sequence returned by expand_used_vars after
+	return_label.
+	* asan.h (asan_emit_stack_protection): New prototype.
+	(asan_shadow_set): New decl.
+	(ASAN_RED_ZONE_SIZE, ASAN_STACK_MAGIC_LEFT, ASAN_STACK_MAGIC_MIDDLE,
+	ASAN_STACK_MAGIC_RIGHT, ASAN_STACK_FRAME_MAGIC): Define.
+	(asan_protect_stack_decl): New inline.
+	* toplev.c (process_options): Also disable -faddress-sanitizer on
+	!FRAME_GROWS_DOWNWARDS targets.
+
+2012-11-12  Jakub Jelinek  <jakub@redhat.com>
+
 	* asan.c (build_check_stmt): Rename join_bb variable to else_bb.
 	(gate_asan_O0): New function.
 	(pass_asan_O0): New variable.
--- a/gcc/Makefile.in
+++ b/gcc/Makefile.in
@@ -2211,7 +2211,7 @@ stor-layout.o : stor-layout.c $(CONFIG_H) $(SYSTEM_H) coretypes.h $(TM_H) \
 asan.o : asan.c asan.h $(CONFIG_H) $(SYSTEM_H) $(GIMPLE_H) \
   output.h coretypes.h $(GIMPLE_PRETTY_PRINT_H) \
   tree-iterator.h $(TREE_FLOW_H) $(TREE_PASS_H) \
-   $(TARGET_H)
+   $(TARGET_H) $(EXPR_H) $(OPTABS_H)
 tree-ssa-tail-merge.o: tree-ssa-tail-merge.c \
   $(SYSTEM_H) $(CONFIG_H) coretypes.h $(TM_H) $(BITMAP_H) \
   $(FLAGS_H) $(TM_P_H) $(BASIC_BLOCK_H) \
@@ -3082,7 +3082,7 @@ cfgexpand.o : cfgexpand.c $(TREE_FLOW_H) $(CONFIG_H) $(SYSTEM_H) \
   $(DIAGNOSTIC_H) toplev.h $(DIAGNOSTIC_CORE_H) $(BASIC_BLOCK_H) $(FLAGS_H) debug.h $(PARAMS_H) \
   value-prof.h $(TREE_INLINE_H) $(TARGET_H) $(SSAEXPAND_H) $(REGS_H) \
   $(GIMPLE_PRETTY_PRINT_H) $(BITMAP_H) sbitmap.h \
-   $(INSN_ATTR_H) $(CFGLOOP_H)
+   $(INSN_ATTR_H) $(CFGLOOP_H) asan.h
 cfgrtl.o : cfgrtl.c $(CONFIG_H) $(SYSTEM_H) coretypes.h $(TM_H) $(RTL_ERROR_H) \
   $(FLAGS_H) insn-config.h $(BASIC_BLOCK_H) $(REGS_H) hard-reg-set.h \
   $(FUNCTION_H) $(EXCEPT_H) $(TM_P_H) $(INSN_ATTR_H) \

--- a/gcc/asan.c
+++ b/gcc/asan.c
--- a/gcc/asan.h
+++ b/gcc/asan.h
@@ -21,10 +21,39 @@ along with GCC; see the file COPYING3.  If not see
 #ifndef TREE_ASAN
 #define TREE_ASAN

-extern void asan_finish_file(void);
+extern void asan_finish_file (void);
+extern rtx asan_emit_stack_protection (rtx, HOST_WIDE_INT *, tree *, int);
+
+/* Alias set for accessing the shadow memory.  */
+extern alias_set_type asan_shadow_set;

 /* Shadow memory is found at
   (address >> ASAN_SHADOW_SHIFT) + targetm.asan_shadow_offset ().  */
 #define ASAN_SHADOW_SHIFT	3

+/* Red zone size, stack and global variables are padded by ASAN_RED_ZONE_SIZE
+   up to 2 * ASAN_RED_ZONE_SIZE - 1 bytes.  */
+#define ASAN_RED_ZONE_SIZE	32
+
+/* Shadow memory values for stack protection.  Left is below protected vars,
+   the first pointer in stack corresponding to that offset contains
+   ASAN_STACK_FRAME_MAGIC word, the second pointer to a string describing
+   the frame.  Middle is for padding in between variables, right is
+   above the last protected variable and partial immediately after variables
+   up to ASAN_RED_ZONE_SIZE alignment.  */
+#define ASAN_STACK_MAGIC_LEFT		0xf1
+#define ASAN_STACK_MAGIC_MIDDLE		0xf2
+#define ASAN_STACK_MAGIC_RIGHT		0xf3
+#define ASAN_STACK_MAGIC_PARTIAL	0xf4
+
+#define ASAN_STACK_FRAME_MAGIC	0x41b58ab3
+
+/* Return true if DECL should be guarded on the stack.  */
+
+static inline bool
+asan_protect_stack_decl (tree decl)
+{
+  return DECL_P (decl) && !DECL_ARTIFICIAL (decl);
+}
+
 #endif /* TREE_ASAN */
--- a/gcc/cfgexpand.c
+++ b/gcc/cfgexpand.c
--- a/gcc/toplev.c
+++ b/gcc/toplev.c
@@ -1542,7 +1542,9 @@ process_options (void)
    }

  /* Address Sanitizer needs porting to each target architecture.  */
-  if (flag_asan && targetm.asan_shadow_offset == NULL)
+  if (flag_asan
+      && (targetm.asan_shadow_offset == NULL
+	  || !FRAME_GROWS_DOWNWARD))
    {
      warning (0, "-faddress-sanitizer not supported for this target");
      flag_asan = 0;