Auto merge of #99679 - repnop:kernel-address-sanitizer, r=cuviper

Add `kernel-address` sanitizer support for freestanding targets

This PR adds support for KASan (kernel address sanitizer) instrumentation in freestanding targets. I included the minimal set of `x86_64-unknown-none`, `riscv64{imac, gc}-unknown-none-elf`, and `aarch64-unknown-none` but there's likely other targets it can be added to. (`linux_kernel_base.rs`?) KASan uses the address sanitizer attributes but has the `CompileKernel` parameter set to `true` in the pass creation.
This commit is contained in:
bors 2023-02-18 03:05:11 +00:00
commit fabfd1fd93
18 changed files with 142 additions and 12 deletions

View file

@ -62,7 +62,7 @@ pub fn sanitize_attrs<'ll>(
) -> SmallVec<[&'ll Attribute; 4]> {
let mut attrs = SmallVec::new();
let enabled = cx.tcx.sess.opts.unstable_opts.sanitizer - no_sanitize;
if enabled.contains(SanitizerSet::ADDRESS) {
if enabled.contains(SanitizerSet::ADDRESS) || enabled.contains(SanitizerSet::KERNELADDRESS) {
attrs.push(llvm::AttributeKind::SanitizeAddress.create_attr(cx.llcx));
}
if enabled.contains(SanitizerSet::MEMORY) {

View file

@ -442,6 +442,10 @@ pub(crate) unsafe fn llvm_optimize(
sanitize_thread: config.sanitizer.contains(SanitizerSet::THREAD),
sanitize_hwaddress: config.sanitizer.contains(SanitizerSet::HWADDRESS),
sanitize_hwaddress_recover: config.sanitizer_recover.contains(SanitizerSet::HWADDRESS),
sanitize_kernel_address: config.sanitizer.contains(SanitizerSet::KERNELADDRESS),
sanitize_kernel_address_recover: config
.sanitizer_recover
.contains(SanitizerSet::KERNELADDRESS),
})
} else {
None

View file

@ -482,6 +482,8 @@ pub struct SanitizerOptions {
pub sanitize_thread: bool,
pub sanitize_hwaddress: bool,
pub sanitize_hwaddress_recover: bool,
pub sanitize_kernel_address: bool,
pub sanitize_kernel_address_recover: bool,
}
/// LLVMRelocMode

View file

@ -295,7 +295,8 @@ fn codegen_fn_attrs(tcx: TyCtxt<'_>, did: DefId) -> CodegenFnAttrs {
if let Some(list) = attr.meta_item_list() {
for item in list.iter() {
if item.has_name(sym::address) {
codegen_fn_attrs.no_sanitize |= SanitizerSet::ADDRESS;
codegen_fn_attrs.no_sanitize |=
SanitizerSet::ADDRESS | SanitizerSet::KERNELADDRESS;
} else if item.has_name(sym::cfi) {
codegen_fn_attrs.no_sanitize |= SanitizerSet::CFI;
} else if item.has_name(sym::kcfi) {

View file

@ -594,6 +594,8 @@ struct LLVMRustSanitizerOptions {
bool SanitizeThread;
bool SanitizeHWAddress;
bool SanitizeHWAddressRecover;
bool SanitizeKernelAddress;
bool SanitizeKernelAddressRecover;
};
extern "C" LLVMRustResult
@ -765,15 +767,17 @@ LLVMRustOptimize(
);
}
if (SanitizerOptions->SanitizeAddress) {
if (SanitizerOptions->SanitizeAddress || SanitizerOptions->SanitizeKernelAddress) {
OptimizerLastEPCallbacks.push_back(
[SanitizerOptions](ModulePassManager &MPM, OptimizationLevel Level) {
auto CompileKernel = SanitizerOptions->SanitizeKernelAddress;
#if LLVM_VERSION_LT(15, 0)
MPM.addPass(RequireAnalysisPass<ASanGlobalsMetadataAnalysis, Module>());
#endif
AddressSanitizerOptions opts = AddressSanitizerOptions{
/*CompileKernel=*/false,
SanitizerOptions->SanitizeAddressRecover,
CompileKernel,
SanitizerOptions->SanitizeAddressRecover
|| SanitizerOptions->SanitizeKernelAddressRecover,
/*UseAfterScope=*/true,
AsanDetectStackUseAfterReturnMode::Runtime,
};

View file

@ -1022,7 +1022,13 @@ fn default_configuration(sess: &Session) -> CrateConfig {
let panic_strategy = sess.panic_strategy();
ret.insert((sym::panic, Some(panic_strategy.desc_symbol())));
for s in sess.opts.unstable_opts.sanitizer {
for mut s in sess.opts.unstable_opts.sanitizer {
// KASAN should use the same attribute name as ASAN, as it's still ASAN
// under the hood
if s == SanitizerSet::KERNELADDRESS {
s = SanitizerSet::ADDRESS;
}
let symbol = Symbol::intern(&s.to_string());
ret.insert((sym::sanitize, Some(symbol)));
}

View file

@ -370,7 +370,7 @@ mod desc {
pub const parse_opt_panic_strategy: &str = parse_panic_strategy;
pub const parse_oom_strategy: &str = "either `panic` or `abort`";
pub const parse_relro_level: &str = "one of: `full`, `partial`, or `off`";
pub const parse_sanitizers: &str = "comma separated list of sanitizers: `address`, `cfi`, `hwaddress`, `kcfi`, `leak`, `memory`, `memtag`, `shadow-call-stack`, or `thread`";
pub const parse_sanitizers: &str = "comma separated list of sanitizers: `address`, `cfi`, `hwaddress`, `kcfi`, `kernel-address`, `leak`, `memory`, `memtag`, `shadow-call-stack`, or `thread`";
pub const parse_sanitizer_memory_track_origins: &str = "0, 1, or 2";
pub const parse_cfguard: &str =
"either a boolean (`yes`, `no`, `on`, `off`, etc), `checks`, or `nochecks`";
@ -684,6 +684,7 @@ mod parse {
"address" => SanitizerSet::ADDRESS,
"cfi" => SanitizerSet::CFI,
"kcfi" => SanitizerSet::KCFI,
"kernel-address" => SanitizerSet::KERNELADDRESS,
"leak" => SanitizerSet::LEAK,
"memory" => SanitizerSet::MEMORY,
"memtag" => SanitizerSet::MEMTAG,

View file

@ -954,10 +954,10 @@ impl Session {
/// Checks if LLVM lifetime markers should be emitted.
pub fn emit_lifetime_markers(&self) -> bool {
self.opts.optimize != config::OptLevel::No
// AddressSanitizer uses lifetimes to detect use after scope bugs.
// AddressSanitizer and KernelAddressSanitizer uses lifetimes to detect use after scope bugs.
// MemorySanitizer uses lifetimes to detect use of uninitialized stack variables.
// HWAddressSanitizer will use lifetimes to detect use after scope bugs in the future.
|| self.opts.unstable_opts.sanitizer.intersects(SanitizerSet::ADDRESS | SanitizerSet::MEMORY | SanitizerSet::HWADDRESS)
|| self.opts.unstable_opts.sanitizer.intersects(SanitizerSet::ADDRESS | SanitizerSet::KERNELADDRESS | SanitizerSet::MEMORY | SanitizerSet::HWADDRESS)
}
pub fn is_proc_macro_attr(&self, attr: &Attribute) -> bool {

View file

@ -15,7 +15,7 @@ pub fn target() -> Target {
linker_flavor: LinkerFlavor::Gnu(Cc::No, Lld::Yes),
linker: Some("rust-lld".into()),
features: "+v8a,+strict-align,+neon,+fp-armv8".into(),
supported_sanitizers: SanitizerSet::KCFI,
supported_sanitizers: SanitizerSet::KCFI | SanitizerSet::KERNELADDRESS,
relocation_model: RelocModel::Static,
disable_redzone: true,
max_atomic_width: Some(128),

View file

@ -812,6 +812,7 @@ bitflags::bitflags! {
const MEMTAG = 1 << 6;
const SHADOWCALLSTACK = 1 << 7;
const KCFI = 1 << 8;
const KERNELADDRESS = 1 << 9;
}
}
@ -824,6 +825,7 @@ impl SanitizerSet {
SanitizerSet::ADDRESS => "address",
SanitizerSet::CFI => "cfi",
SanitizerSet::KCFI => "kcfi",
SanitizerSet::KERNELADDRESS => "kernel-address",
SanitizerSet::LEAK => "leak",
SanitizerSet::MEMORY => "memory",
SanitizerSet::MEMTAG => "memtag",
@ -866,6 +868,7 @@ impl IntoIterator for SanitizerSet {
SanitizerSet::SHADOWCALLSTACK,
SanitizerSet::THREAD,
SanitizerSet::HWADDRESS,
SanitizerSet::KERNELADDRESS,
]
.iter()
.copied()
@ -2341,6 +2344,7 @@ impl Target {
Some("address") => SanitizerSet::ADDRESS,
Some("cfi") => SanitizerSet::CFI,
Some("kcfi") => SanitizerSet::KCFI,
Some("kernel-address") => SanitizerSet::KERNELADDRESS,
Some("leak") => SanitizerSet::LEAK,
Some("memory") => SanitizerSet::MEMORY,
Some("memtag") => SanitizerSet::MEMTAG,

View file

@ -1,6 +1,8 @@
use crate::spec::{Cc, CodeModel, LinkerFlavor, Lld, PanicStrategy};
use crate::spec::{RelocModel, Target, TargetOptions};
use super::SanitizerSet;
pub fn target() -> Target {
Target {
data_layout: "e-m:e-p:64:64-i64:64-i128:128-n32:64-S128".into(),
@ -20,6 +22,7 @@ pub fn target() -> Target {
code_model: Some(CodeModel::Medium),
emit_debug_gdb_scripts: false,
eh_frame_header: false,
supported_sanitizers: SanitizerSet::KERNELADDRESS,
..Default::default()
},
}

View file

@ -1,5 +1,5 @@
use crate::spec::{Cc, CodeModel, LinkerFlavor, Lld, PanicStrategy};
use crate::spec::{RelocModel, Target, TargetOptions};
use crate::spec::{RelocModel, SanitizerSet, Target, TargetOptions};
pub fn target() -> Target {
Target {
@ -19,6 +19,7 @@ pub fn target() -> Target {
code_model: Some(CodeModel::Medium),
emit_debug_gdb_scripts: false,
eh_frame_header: false,
supported_sanitizers: SanitizerSet::KERNELADDRESS,
..Default::default()
},
}

View file

@ -20,7 +20,7 @@ pub fn target() -> Target {
features:
"-mmx,-sse,-sse2,-sse3,-ssse3,-sse4.1,-sse4.2,-3dnow,-3dnowa,-avx,-avx2,+soft-float"
.into(),
supported_sanitizers: SanitizerSet::KCFI,
supported_sanitizers: SanitizerSet::KCFI | SanitizerSet::KERNELADDRESS,
disable_redzone: true,
panic_strategy: PanicStrategy::Abort,
code_model: Some(CodeModel::Kernel),

View file

@ -531,6 +531,24 @@ LLVM KCFI is supported on the following targets:
See the [Clang KernelControlFlowIntegrity documentation][clang-kcfi] for more
details.
# KernelAddressSanitizer
KernelAddressSanitizer (KASAN) is a freestanding version of AddressSanitizer
which is suitable for detecting memory errors in programs which do not have a
runtime environment, such as operating system kernels. KernelAddressSanitizer
requires manual implementation of the underlying functions used for tracking
KernelAddressSanitizer state.
KernelAddressSanitizer is supported on the following targets:
* `aarch64-unknown-none`
* `riscv64gc-unknown-none-elf`
* `riscv64imac-unknown-none-elf`
* `x86_64-unknown-none`
See the [Linux Kernel's KernelAddressSanitizer documentation][linux-kasan] for
more details.
# LeakSanitizer
LeakSanitizer is run-time memory leak detector.
@ -714,6 +732,7 @@ Sanitizers produce symbolized stacktraces when llvm-symbolizer binary is in `PAT
* [AddressSanitizer in Clang][clang-asan]
* [ControlFlowIntegrity in Clang][clang-cfi]
* [HWAddressSanitizer in Clang][clang-hwasan]
* [Linux Kernel's KernelAddressSanitizer documentation][linux-kasan]
* [LeakSanitizer in Clang][clang-lsan]
* [MemorySanitizer in Clang][clang-msan]
* [MemTagSanitizer in LLVM][llvm-memtag]
@ -727,4 +746,5 @@ Sanitizers produce symbolized stacktraces when llvm-symbolizer binary is in `PAT
[clang-msan]: https://clang.llvm.org/docs/MemorySanitizer.html
[clang-scs]: https://clang.llvm.org/docs/ShadowCallStack.html
[clang-tsan]: https://clang.llvm.org/docs/ThreadSanitizer.html
[linux-kasan]: https://www.kernel.org/doc/html/latest/dev-tools/kasan.html
[llvm-memtag]: https://llvm.org/docs/MemTagSanitizer.html

View file

@ -935,6 +935,7 @@ pub fn make_test_description<R: Read>(
let has_asan = util::ASAN_SUPPORTED_TARGETS.contains(&&*config.target);
let has_cfi = util::CFI_SUPPORTED_TARGETS.contains(&&*config.target);
let has_kcfi = util::KCFI_SUPPORTED_TARGETS.contains(&&*config.target);
let has_kasan = util::KASAN_SUPPORTED_TARGETS.contains(&&*config.target);
let has_lsan = util::LSAN_SUPPORTED_TARGETS.contains(&&*config.target);
let has_msan = util::MSAN_SUPPORTED_TARGETS.contains(&&*config.target);
let has_tsan = util::TSAN_SUPPORTED_TARGETS.contains(&&*config.target);
@ -1010,6 +1011,7 @@ pub fn make_test_description<R: Read>(
reason!(!has_asan && config.parse_name_directive(ln, "needs-sanitizer-address"));
reason!(!has_cfi && config.parse_name_directive(ln, "needs-sanitizer-cfi"));
reason!(!has_kcfi && config.parse_name_directive(ln, "needs-sanitizer-kcfi"));
reason!(!has_kasan && config.parse_name_directive(ln, "needs-sanitizer-kasan"));
reason!(!has_lsan && config.parse_name_directive(ln, "needs-sanitizer-leak"));
reason!(!has_msan && config.parse_name_directive(ln, "needs-sanitizer-memory"));
reason!(!has_tsan && config.parse_name_directive(ln, "needs-sanitizer-thread"));

View file

@ -45,6 +45,13 @@ pub const CFI_SUPPORTED_TARGETS: &[&str] = &[
pub const KCFI_SUPPORTED_TARGETS: &[&str] = &["aarch64-linux-none", "x86_64-linux-none"];
pub const KASAN_SUPPORTED_TARGETS: &[&str] = &[
"aarch64-unknown-none",
"riscv64gc-unknown-none-elf",
"riscv64imac-unknown-none-elf",
"x86_64-unknown-none",
];
pub const LSAN_SUPPORTED_TARGETS: &[&str] = &[
// FIXME: currently broken, see #88132
// "aarch64-apple-darwin",

View file

@ -0,0 +1,47 @@
// Verifies that `-Zsanitizer=kernel-address` emits sanitizer instrumentation.
// compile-flags: -Zsanitizer=kernel-address
// revisions: aarch64 riscv64imac riscv64gc x86_64
//[aarch64] compile-flags: --target aarch64-unknown-none
//[aarch64] needs-llvm-components: aarch64
//[riscv64imac] compile-flags: --target riscv64imac-unknown-none-elf
//[riscv64imac] needs-llvm-components: riscv
//[riscv64imac] min-llvm-version: 16
//[riscv64gc] compile-flags: --target riscv64gc-unknown-none-elf
//[riscv64gc] needs-llvm-components: riscv
//[riscv64gc] min-llvm-version: 16
//[x86_64] compile-flags: --target x86_64-unknown-none
//[x86_64] needs-llvm-components: x86
#![crate_type = "rlib"]
#![feature(no_core, no_sanitize, lang_items)]
#![no_core]
#[lang = "sized"]
trait Sized {}
#[lang = "copy"]
trait Copy {}
impl Copy for u8 {}
// CHECK-LABEL: ; sanitizer_kasan_emits_instrumentation::unsanitized
// CHECK-NEXT: ; Function Attrs:
// CHECK-NOT: sanitize_address
// CHECK: start:
// CHECK-NOT: call void @__asan_report_load
// CHECK: }
#[no_sanitize(address)]
pub fn unsanitized(b: &mut u8) -> u8 {
*b
}
// CHECK-LABEL: ; sanitizer_kasan_emits_instrumentation::sanitized
// CHECK-NEXT: ; Function Attrs:
// CHECK: sanitize_address
// CHECK: start:
// CHECK: call void @__asan_report_load
// CHECK: }
pub fn sanitized(b: &mut u8) -> u8 {
*b
}

View file

@ -0,0 +1,28 @@
// Verifies that when compiling with -Zsanitizer=kernel-address,
// the `#[cfg(sanitize = "address")]` attribute is configured.
// check-pass
// compile-flags: -Zsanitizer=kernel-address --cfg kernel_address
// revisions: aarch64 riscv64imac riscv64gc x86_64
//[aarch64] compile-flags: --target aarch64-unknown-none
//[aarch64] needs-llvm-components: aarch64
//[riscv64imac] compile-flags: --target riscv64imac-unknown-none-elf
//[riscv64imac] needs-llvm-components: riscv
//[riscv64imac] min-llvm-version: 16
//[riscv64gc] compile-flags: --target riscv64gc-unknown-none-elf
//[riscv64gc] needs-llvm-components: riscv
//[riscv64gc] min-llvm-version: 16
//[x86_64] compile-flags: --target x86_64-unknown-none
//[x86_64] needs-llvm-components: x86
#![crate_type = "rlib"]
#![feature(cfg_sanitize, no_core, lang_items)]
#![no_core]
#[lang = "sized"]
trait Sized {}
const _: fn() -> () = main;
#[cfg(all(sanitize = "address", kernel_address))]
fn main() {}