CFI: Add diagnostic handler and tests for indirect call checker.

Differential Revision: http://reviews.llvm.org/D11858 llvm-svn: 247239
2025-02-19 01:09:39 +00:00 · 2015-09-10 02:18:02 +00:00 · 2015-09-10 02:18:02 +00:00 · 1db3a448b5
commit 1db3a448b5
parent 2c7f7e31c4
5 changed files with 91 additions and 1 deletions
--- a/compiler-rt/lib/ubsan/ubsan_handlers.cc
+++ b/compiler-rt/lib/ubsan/ubsan_handlers.cc
@ -473,4 +473,36 @@ void __ubsan::__ubsan_handle_nonnull_arg_abort(NonNullArgData *Data) {
  Die();
 }

+static void handleCFIBadIcall(CFIBadIcallData *Data, ValueHandle Function,
+                              ReportOptions Opts) {
+  SourceLocation Loc = Data->Loc.acquire();
+  if (ignoreReport(Loc, Opts))
+    return;
+
+  ScopedReport R(Opts, Loc);
+
+  Diag(Loc, DL_Error, "control flow integrity check for type %0 failed during "
+                      "indirect function call")
+      << Data->Type;
+
+  SymbolizedStackHolder FLoc(getSymbolizedLocation(Function));
+  const char *FName = FLoc.get()->info.function;
+  if (!FName)
+    FName = "(unknown)";
+  Diag(FLoc, DL_Note, "%0 defined here") << FName;
+}
+
+void __ubsan::__ubsan_handle_cfi_bad_icall(CFIBadIcallData *Data,
+                                           ValueHandle Function) {
+  GET_REPORT_OPTIONS(false);
+  handleCFIBadIcall(Data, Function, Opts);
+}
+
+void __ubsan::__ubsan_handle_cfi_bad_icall_abort(CFIBadIcallData *Data,
+                                                 ValueHandle Function) {
+  GET_REPORT_OPTIONS(true);
+  handleCFIBadIcall(Data, Function, Opts);
+  Die();
+}
+
 #endif  // CAN_SANITIZE_UB
--- a/compiler-rt/lib/ubsan/ubsan_handlers.h
+++ b/compiler-rt/lib/ubsan/ubsan_handlers.h
@ -148,6 +148,14 @@ struct NonNullArgData {
 /// \brief Handle passing null pointer to function with nonnull attribute.
 RECOVERABLE(nonnull_arg, NonNullArgData *Data)

+struct CFIBadIcallData {
+  SourceLocation Loc;
+  const TypeDescriptor &Type;
+};
+
+/// \brief Handle control flow integrity failure for indirect function calls.
+RECOVERABLE(cfi_bad_icall, CFIBadIcallData *Data, ValueHandle Function)
+
 }

 #endif // UBSAN_HANDLERS_H
--- a/compiler-rt/test/cfi/bad-signature.c
+++ b/compiler-rt/test/cfi/bad-signature.c
@ -0,0 +1,27 @@
+// RUN: %clangxx -o %t1 %s
+// RUN: %t1 2>&1 | FileCheck --check-prefix=NCFI %s
+
+// RUN: %clangxx_cfi -o %t2 %s
+// RUN: %expect_crash %t2 2>&1 | FileCheck --check-prefix=CFI %s
+
+// RUN: %clangxx_cfi_diag -g -o %t3 %s
+// RUN: %t3 2>&1 | FileCheck --check-prefix=CFI-DIAG %s
+
+#include <stdio.h>
+
+void f() {
+}
+
+int main() {
+  // CFI: 1
+  // NCFI: 1
+  fprintf(stderr, "1\n");
+
+  // CFI-DIAG: runtime error: control flow integrity check for type 'void (int)' failed during indirect function call
+  // CFI-DIAG: f() defined here
+  ((void (*)(int))f)(42); // UB here
+
+  // CFI-NOT: 2
+  // NCFI: 2
+  fprintf(stderr, "2\n");
+}
--- a/compiler-rt/test/cfi/external-call.c
+++ b/compiler-rt/test/cfi/external-call.c
@ -0,0 +1,23 @@
+// RUN: %clangxx_cfi -o %t1 %s
+// RUN: %t1 c 1 2>&1 | FileCheck --check-prefix=CFI %s
+// RUN: %t1 s 2 2>&1 | FileCheck --check-prefix=CFI %s
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <math.h>
+
+int main(int argc, char **argv) {
+  // CFI: 1
+  fprintf(stderr, "1\n");
+
+  double (*fn)(double);
+  if (argv[1][0] == 's')
+    fn = sin;
+  else
+    fn = cos;
+
+  fn(atof(argv[2]));
+
+  // CFI: 2
+  fprintf(stderr, "2\n");
+}
--- a/compiler-rt/test/cfi/lit.cfg
+++ b/compiler-rt/test/cfi/lit.cfg
@ -2,7 +2,7 @@ import lit.formats
 import os

 config.name = 'cfi'
-config.suffixes = ['.cpp', '.test']
+config.suffixes = ['.c', '.cpp', '.test']
 config.test_source_root = os.path.dirname(__file__)

 clangxx = ' '.join([config.clang] + config.cxx_mode_flags)