diff options
| author | Vitaly Buka <vitalybuka@google.com> | 2016-06-09 23:05:35 +0000 |
|---|---|---|
| committer | Vitaly Buka <vitalybuka@google.com> | 2016-06-09 23:05:35 +0000 |
| commit | 79b75d3d11119b9c84a06066c6092ac2799728ca (patch) | |
| tree | 48bc72f36fd5902a5f6ad2407fc34d4c60442988 /llvm/lib/Transforms | |
| parent | d665b410c6e0d0c8960d23bcb730332057f5e0e8 (diff) | |
| download | bcm5719-llvm-79b75d3d11119b9c84a06066c6092ac2799728ca.tar.gz bcm5719-llvm-79b75d3d11119b9c84a06066c6092ac2799728ca.zip | |
Unpoison stack memory in use-after-return + use-after-scope mode
Summary:
We still want to unpoison full stack even in use-after-return as it can be disabled at runtime.
PR27453
Reviewers: eugenis, kcc
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D21202
llvm-svn: 272334
Diffstat (limited to 'llvm/lib/Transforms')
| -rw-r--r-- | llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp | 33 |
1 files changed, 21 insertions, 12 deletions
diff --git a/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp b/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp index b9b4a283875..af83eea3273 100644 --- a/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp +++ b/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp @@ -1869,12 +1869,15 @@ void FunctionStackPoisoner::initializeCallbacks(Module &M) { M.getOrInsertFunction(kAsanStackFreeNameTemplate + Suffix, IRB.getVoidTy(), IntptrTy, IntptrTy, nullptr)); } - AsanPoisonStackMemoryFunc = checkSanitizerInterfaceFunction( - M.getOrInsertFunction(kAsanPoisonStackMemoryName, IRB.getVoidTy(), - IntptrTy, IntptrTy, nullptr)); - AsanUnpoisonStackMemoryFunc = checkSanitizerInterfaceFunction( - M.getOrInsertFunction(kAsanUnpoisonStackMemoryName, IRB.getVoidTy(), - IntptrTy, IntptrTy, nullptr)); + if (ASan.UseAfterScope) { + AsanPoisonStackMemoryFunc = checkSanitizerInterfaceFunction( + M.getOrInsertFunction(kAsanPoisonStackMemoryName, IRB.getVoidTy(), + IntptrTy, IntptrTy, nullptr)); + AsanUnpoisonStackMemoryFunc = checkSanitizerInterfaceFunction( + M.getOrInsertFunction(kAsanUnpoisonStackMemoryName, IRB.getVoidTy(), + IntptrTy, IntptrTy, nullptr)); + } + AsanAllocaPoisonFunc = checkSanitizerInterfaceFunction(M.getOrInsertFunction( kAsanAllocaPoison, IRB.getVoidTy(), IntptrTy, IntptrTy, nullptr)); AsanAllocasUnpoisonFunc = @@ -2133,6 +2136,16 @@ void FunctionStackPoisoner::poisonStack() { Value *ShadowBase = ASan.memToShadow(LocalStackBase, IRB); poisonRedZones(L.ShadowBytes, IRB, ShadowBase, true); + auto UnpoisonStack = [&](IRBuilder<> &IRB) { + if (HavePoisonedAllocas) { + // If we poisoned some allocas in llvm.lifetime analysis, + // unpoison whole stack frame now. + poisonAlloca(LocalStackBase, LocalStackSize, IRB, false); + } else { + poisonRedZones(L.ShadowBytes, IRB, ShadowBase, false); + } + }; + // (Un)poison the stack before all ret instructions. for (auto Ret : RetVec) { IRBuilder<> IRBRet(Ret); @@ -2177,13 +2190,9 @@ void FunctionStackPoisoner::poisonStack() { } IRBuilder<> IRBElse(ElseTerm); - poisonRedZones(L.ShadowBytes, IRBElse, ShadowBase, false); - } else if (HavePoisonedAllocas) { - // If we poisoned some allocas in llvm.lifetime analysis, - // unpoison whole stack frame now. - poisonAlloca(LocalStackBase, LocalStackSize, IRBRet, false); + UnpoisonStack(IRBElse); } else { - poisonRedZones(L.ShadowBytes, IRBRet, ShadowBase, false); + UnpoisonStack(IRBRet); } } |
