[clang] [llvm] Fix KCFI types for generated functions with integer normalization (PR #104826)

Mon, 19 Aug 2024 11:08:12 -0700 

https://github.com/samitolvanen created 
https://github.com/llvm/llvm-project/pull/104826

With -fsanitize-cfi-icall-experimental-normalize-integers, Clang appends 
".normalized" to KCFI types in CodeGenModule::CreateKCFITypeId, which changes 
type hashes also for functions that don't have integer types in their 
signatures. However, llvm::setKCFIType does not take integer normalization into 
account, which means LLVM generated functions with KCFI types, e.g. sanitizer 
constructors, will fail KCFI checks when integer normalization is enabled in 
Clang.

Add a kcfi-normalized module flag to indicate integer normalization is used, 
and append ".normalized" to KCFI types also in llvm::setKCFIType to fix the 
type mismatch.

cc @rcvalle 

>From 0f7dfc3f908651a70602f4f64a0ae06616544eeb Mon Sep 17 00:00:00 2001
From: Sami Tolvanen <samitolva...@google.com>
Date: Fri, 16 Aug 2024 20:45:05 +0000
Subject: [PATCH] Fix KCFI types for generated functions with integer
 normalization

With -fsanitize-cfi-icall-experimental-normalize-integers, Clang
appends ".normalized" to KCFI types in CodeGenModule::CreateKCFITypeId,
which changes type hashes also for functions that don't have integer
types in their signatures. However, llvm::setKCFIType does not take
integer normalization into account, which means LLVM generated
functions with KCFI types, e.g. sanitizer constructors, will fail KCFI
checks when integer normalization is enabled in Clang.

Add a kcfi-normalized module flag to indicate integer normalization is
used, and append ".normalized" to KCFI types also in llvm::setKCFIType
to fix the type mismatch.
---
 clang/lib/CodeGen/CodeGenModule.cpp       |  2 ++
 clang/test/CodeGen/kcfi-normalize.c       |  1 +
 llvm/lib/Transforms/Utils/ModuleUtils.cpp | 12 +++++++-----
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/clang/lib/CodeGen/CodeGenModule.cpp 
b/clang/lib/CodeGen/CodeGenModule.cpp
index 0b61ef0f89989c..7eca77dc9a86fe 100644
--- a/clang/lib/CodeGen/CodeGenModule.cpp
+++ b/clang/lib/CodeGen/CodeGenModule.cpp
@@ -1136,6 +1136,8 @@ void CodeGenModule::Release() {
 
   if (LangOpts.Sanitize.has(SanitizerKind::KCFI)) {
     getModule().addModuleFlag(llvm::Module::Override, "kcfi", 1);
+    if (CodeGenOpts.SanitizeCfiICallNormalizeIntegers)
+      getModule().addModuleFlag(llvm::Module::Override, "kcfi-normalized", 1);
     // KCFI assumes patchable-function-prefix is the same for all indirectly
     // called functions. Store the expected offset for code generation.
     if (CodeGenOpts.PatchableFunctionEntryOffset)
diff --git a/clang/test/CodeGen/kcfi-normalize.c 
b/clang/test/CodeGen/kcfi-normalize.c
index 7660c908a7bdd5..62b907dbfb9286 100644
--- a/clang/test/CodeGen/kcfi-normalize.c
+++ b/clang/test/CodeGen/kcfi-normalize.c
@@ -28,6 +28,7 @@ void baz(void (*fn)(int, int, int), int arg1, int arg2, int 
arg3) {
     fn(arg1, arg2, arg3);
 }
 
+// CHECK: ![[#]] = !{i32 4, !"kcfi-normalized", i32 1}
 // CHECK: ![[TYPE1]] = !{i32 -1143117868}
 // CHECK: ![[TYPE2]] = !{i32 -460921415}
 // CHECK: ![[TYPE3]] = !{i32 -333839615}
diff --git a/llvm/lib/Transforms/Utils/ModuleUtils.cpp 
b/llvm/lib/Transforms/Utils/ModuleUtils.cpp
index 309cf8e70b979c..de8f00f415c357 100644
--- a/llvm/lib/Transforms/Utils/ModuleUtils.cpp
+++ b/llvm/lib/Transforms/Utils/ModuleUtils.cpp
@@ -205,11 +205,13 @@ void llvm::setKCFIType(Module &M, Function &F, StringRef 
MangledType) {
   // Matches CodeGenModule::CreateKCFITypeId in Clang.
   LLVMContext &Ctx = M.getContext();
   MDBuilder MDB(Ctx);
-  F.setMetadata(
-      LLVMContext::MD_kcfi_type,
-      MDNode::get(Ctx, MDB.createConstant(ConstantInt::get(
-                           Type::getInt32Ty(Ctx),
-                           static_cast<uint32_t>(xxHash64(MangledType))))));
+  std::string Type = MangledType.str();
+  if (M.getModuleFlag("kcfi-normalized"))
+    Type += ".normalized";
+  F.setMetadata(LLVMContext::MD_kcfi_type,
+                MDNode::get(Ctx, MDB.createConstant(ConstantInt::get(
+                                     Type::getInt32Ty(Ctx),
+                                     static_cast<uint32_t>(xxHash64(Type))))));
   // If the module was compiled with -fpatchable-function-entry, ensure
   // we use the same patchable-function-prefix.
   if (auto *MD = mdconst::extract_or_null<ConstantInt>(

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to