Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PR for llvm/llvm-project#67677 #714

Closed
wants to merge 1 commit into from
Closed

PR for llvm/llvm-project#67677 #714

wants to merge 1 commit into from

Conversation

llvmbot
Copy link
Member

@llvmbot llvmbot commented Sep 29, 2023

@llvmbot llvmbot mentioned this pull request Sep 29, 2023
Closed
@MaskRay @llvmbot
[asan] Ensure __asan_register_elf_globals is called in COMDAT asan.mo…
2f19183 
…dule_ctor (#67745)

On ELF platforms, when there is no global variable and the unique module ID is
non-empty, COMDAT asan.module_ctor is created with no
`__asan_register_elf_globals` calls. If this COMDAT is the prevailing copy
selected by the linker, the linkage unit will have no
`__asan_register_elf_globals` call: the redzone will not be poisoned and ODR
violation checker will not work (#67677).

This behavior is benign for -fno-sanitize-address-globals-dead-stripping because
asan.module_ctor functions that call `__asan_register_globals`
(`InstrumentGlobalsWithMetadataArray`) do not use COMDAT.

To fix #67677:

* Use COMDAT for -fsanitize-address-globals-dead-stripping on ELF platforms.
* Call `__asan_register_elf_globals` even if there is no global variable.
* If the unique module ID is empty, don't call SetComdatForGlobalMetadata:
  placing `@.str` in a COMDAT would incorrectly discard internal COMDAT `@.str`
  in other compile units.

Alternatively, when there is no global variable, asan.module_ctor is not COMDAT
and does not call `__asan_register_elf_globals`. However, the asan.module_ctor
function cannot be eliminated by the linker.

Tested the following script. Only ELF -fsanitize-address-globals-dead-stripping has changed behaviors.
```
echo > a.cc  # no global variable, empty uniqueModuleId
echo 'void f() {}' > b.cc  # with global variable, with uniqueModuleId
echo 'int g;' > c.cc  # with global variable
for t in x86_64-linux-gnu arm64-apple-macosx x86_64-windows-msvc; do
  for gc in -f{,no-}sanitize-address-globals-dead-stripping; do
    for f in a.cc b.cc c.cc; do
      echo /tmp/Rel/bin/clang -S --target=$t -fsanitize=address $gc $f -o -
      /tmp/Rel/bin/clang -S --target=$t -fsanitize=address $gc $f -o - | sed -n '/asan.module_ctor/,/ret/p'
    done
  done
done
```

(cherry picked from commit 16eed8c906875e748c3cb610f3dc4b875f3882aa)
@tru
Copy link
Contributor

tru commented Oct 2, 2023

Not sure who can review the backport here @MaskRay? @vitalybuka maybe?

@vitalybuka
Copy link
Contributor

The patch was reverted in 6420d3301cd4f0793adcf11f59e8398db73737d8
So we have no fix to merge.

@MaskRay
Copy link
Member

MaskRay commented Oct 2, 2023

llvm/llvm-project#67677 (comment) mentions a reland of the patch.

@vitalybuka
Copy link
Contributor

llvm/llvm-project#67677 (comment) mentions a reland of the patch.

Which was also reverted 6420d3301cd4f0793adcf11f59e8398db73737d8

@tru
Copy link
Contributor

tru commented Oct 10, 2023

What's the state here? Should it not be backported?

@MaskRay
Copy link
Member

MaskRay commented Oct 11, 2023

What's the state here? Should it not be backported?

ea1ae115bd835d553d4be85e77cde96092e59348 should be cherry-picked. It's identical to the previous commit.

The revert 6420d3301cd4f0793adcf11f59e8398db73737d8 is incorrect for purely internal issues (which I've addressed internally).

@tru
Copy link
Contributor

tru commented Oct 16, 2023

Just to be 100% clear: I should cherry-pick ea1ae115bd835d553d4be85e77cde96092e59348 and not do anything else and close this PR?

@justincady
Copy link
Contributor

Just to be 100% clear: I should cherry-pick ea1ae115bd835d553d4be85e77cde96092e59348 and not do anything else and close this PR?

Yes.

Timeline:

There are no dependent patches, ea1ae115bd835d553d4be85e77cde96092e59348 should be cherry-picked.

(@MaskRay is the authority here; I'm just trying to add clarity in time for this to land with 17.0.3.)

@MaskRay
Copy link
Member

MaskRay commented Oct 17, 2023

Just to be 100% clear: I should cherry-pick ea1ae115bd835d553d4be85e77cde96092e59348 and not do anything else and close this PR?

Yes.

Timeline:

There are no dependent patches, ea1ae115bd835d553d4be85e77cde96092e59348 should be cherry-picked.

(@MaskRay is the authority here; I'm just trying to add clarity in time for this to land with 17.0.3.)

Agree with the analysis!

Yes, it will be very nice to merge ea1ae115bd835d553d4be85e77cde96092e59348 into release/17.x, otherwise many global-buffer-overflow bugs will not be detected.

(I have described the garbage collection complexity at https://maskray.me/blog/2023-10-15-address-sanitizer-global-variable-instrumentation#garbage-collection)

@tru
Copy link
Contributor

tru commented Oct 17, 2023

cherry-picked and closed.

@tru tru closed this Oct 17, 2023
@tru tru deleted the llvm-issue67677 branch October 17, 2023 06:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[ASAN] LLVM 17 does not detect ODR violations previously found using ASAN
5 participants
@llvmbot @tru @vitalybuka @MaskRay @justincady