[ModuleUtils][KCFI] Set patchable-function-prefix for synthesized functions

When -fpatchable-function-entry is used to emit prefix nops before functions, KCFI assumes all indirectly called functions have the same number of prefix nops, because the nops are emitted between the KCFI type hash and the function entry. However, as patchable-function-prefix is a function attribute set by Clang, functions later synthesized by LLVM don't inherit this attribute and end up not having prefix nops. One of these functions is asan.module_ctor, which the Linux kernel ends up calling indirectly when KASAN is enabled. In order to avoid tripping KCFI, save the expected prefix offset to a module flag, and use it when we're setting KCFI type for the relevant synthesized functions. Link: https://github.com/ClangBuiltLinux/linux/issues/1742 Reviewed By: MaskRay Differential Revision: https://reviews.llvm.org/D141172
2023-01-11 23:06:20 +00:00
parent df87e62cbd
commit fd5e262706
4 changed files with 31 additions and 1 deletions
--- a/clang/lib/CodeGen/CodeGenModule.cpp
+++ b/clang/lib/CodeGen/CodeGenModule.cpp
@@ -758,8 +758,14 @@ void CodeGenModule::Release() {
                              CodeGenOpts.SanitizeCfiCanonicalJumpTables);
  }

-  if (LangOpts.Sanitize.has(SanitizerKind::KCFI))
+  if (LangOpts.Sanitize.has(SanitizerKind::KCFI)) {
    getModule().addModuleFlag(llvm::Module::Override, "kcfi", 1);
+    // KCFI assumes patchable-function-prefix is the same for all indirectly
+    // called functions. Store the expected offset for code generation.
+    if (CodeGenOpts.PatchableFunctionEntryOffset)
+      getModule().addModuleFlag(llvm::Module::Override, "kcfi-offset",
+                                CodeGenOpts.PatchableFunctionEntryOffset);
+  }

  if (CodeGenOpts.CFProtectionReturn &&
      Target.checkCFProtectionReturnSupported(getDiags())) {