https://bugs.llvm.org/show_bug.cgi?id=38207
Bug ID: 38207
Summary: Need indirect_return function attribute
Product: new-bugs
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: new bugs
Assignee: unassignedb...@nondot.org
Reporter: hjl.to...@gmail.com
CC: llvm-bugs@lists.llvm.org
On x86, swapcontext may return via indirect branch when shadow stack
is enabled. To support code instrumentation of control-flow transfers
with -fcf-protection, add indirect_return function attribute to inform
compiler that a function may return via indirect branch.
Note: Unlike setjmp, swapcontext only returns once. Mark it return
twice will unnecessarily disable compiler optimization as shown in
the testcase here.
This has been implemented in GCC 9:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=d4d9fba553cd199f422fbd10cf3de72a9b0eafa8
We need a way to generate ENDBR in compiler-rt:
INTERCEPTOR(int, swapcontext, struct ucontext_t *oucp,
struct ucontext_t *ucp) {
static bool reported_warning = false;
if (!reported_warning) {
Report("WARNING: ASan doesn't fully support makecontext/swapcontext "
"functions and may produce false positives in some cases!\n");
reported_warning = true;
}
// Clear shadow memory for new context (it may share stack
// with current context).
uptr stack, ssize;
ReadContextStack(ucp, &stack, &ssize);
ClearShadowMemoryForContextStack(stack, ssize);
int res = REAL(swapcontext)(oucp, ucp);
<<<< Need ENDBR here.
// swapcontext technically does not return, but program may swap context to
// "oucp" later, that would look as if swapcontext() returned 0.
// We need to clear shadow for ucp once again, as it may be in arbitrary
// state.
ClearShadowMemoryForContextStack(stack, ssize);
return res;
}
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
