Author: Mitch Phillips Date: 2023-11-01T11:43:28+01:00 New Revision: ba31ed472577aea1f4b5d6669bb1e717aaf1fb4f
URL: https://github.com/llvm/llvm-project/commit/ba31ed472577aea1f4b5d6669bb1e717aaf1fb4f DIFF: https://github.com/llvm/llvm-project/commit/ba31ed472577aea1f4b5d6669bb1e717aaf1fb4f.diff LOG: Disable memtag sanitization for global fnptrs going into .ctors (#70186) Looks like there's code out there that, instead of using '__attribute__((constructor(x)))' to add constructor functions, they just declare a global function pointer and use '__attribute__((section('.ctors')))' instead. Problem is, with memtag-globals, we pad the global function pointer to be 16 bytes large. This of course means we have an 8-byte real function pointer, then 8 bytes of zero padding, and this trips up the loader when it processes this section. Fixes #69939 Added: Modified: clang/test/CodeGen/memtag-globals-asm.cpp llvm/lib/Target/AArch64/AArch64GlobalsTagging.cpp Removed: ################################################################################ diff --git a/clang/test/CodeGen/memtag-globals-asm.cpp b/clang/test/CodeGen/memtag-globals-asm.cpp index 3f18671562def71..4b76b394e0c1dc3 100644 --- a/clang/test/CodeGen/memtag-globals-asm.cpp +++ b/clang/test/CodeGen/memtag-globals-asm.cpp @@ -259,3 +259,23 @@ int f(int x) { // CHECK-Q-DAG: ldr {{.*}}, [[[REG_O2]]] function_int; } + +typedef void (*func_t)(void); +#define CONSTRUCTOR(section_name) \ + __attribute__((used)) __attribute__((section(section_name))) + +__attribute__((constructor(0))) void func_constructor() {} +CONSTRUCTOR(".init") func_t func_init = func_constructor; +CONSTRUCTOR(".fini") func_t func_fini = func_constructor; +CONSTRUCTOR(".ctors") func_t func_ctors = func_constructor; +CONSTRUCTOR(".dtors") func_t func_dtors = func_constructor; +CONSTRUCTOR(".init_array") func_t func_init_array = func_constructor; +CONSTRUCTOR(".fini_array") func_t func_fini_array = func_constructor; + +// CHECK-NOT: .memtag func_constructor +// CHECK-NOT: .memtag func_init +// CHECK-NOT: .memtag func_fini +// CHECK-NOT: .memtag func_ctors +// CHECK-NOT: .memtag func_dtors +// CHECK-NOT: .memtag func_init_array +// CHECK-NOT: .memtag func_fini_array diff --git a/llvm/lib/Target/AArch64/AArch64GlobalsTagging.cpp b/llvm/lib/Target/AArch64/AArch64GlobalsTagging.cpp index 2ed668712897ce7..88e44eb0bfbb99f 100644 --- a/llvm/lib/Target/AArch64/AArch64GlobalsTagging.cpp +++ b/llvm/lib/Target/AArch64/AArch64GlobalsTagging.cpp @@ -43,6 +43,18 @@ static bool shouldTagGlobal(GlobalVariable &G) { return false; } + // Don't instrument function pointers that are going into various init arrays + // via `__attribute__((section(<foo>)))`: + // https://github.com/llvm/llvm-project/issues/69939 + if (G.hasSection() && + (G.getSection() == ".init" || G.getSection() == ".fini" || + G.getSection() == ".init_array" || G.getSection() == ".fini_array" || + G.getSection() == ".ctors" || G.getSection() == ".dtors")) { + Meta.Memtag = false; + G.setSanitizerMetadata(Meta); + return false; + } + return true; } _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
