From patchwork Fri Oct 23 20:06:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniele Buono X-Patchwork-Id: 11854501 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EBEC014B4 for ; Fri, 23 Oct 2020 20:07:41 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7BDC42074B for ; Fri, 23 Oct 2020 20:07:41 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="UwHvAt1C" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7BDC42074B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.vnet.ibm.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:53276 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kW3Lg-0005Ws-22 for patchwork-qemu-devel@patchwork.kernel.org; Fri, 23 Oct 2020 16:07:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38574) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kW3L4-0004dE-L7 for qemu-devel@nongnu.org; Fri, 23 Oct 2020 16:07:02 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:7082) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kW3L1-0003iS-OU for qemu-devel@nongnu.org; Fri, 23 Oct 2020 16:07:02 -0400 Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 09NK2K26089486; Fri, 23 Oct 2020 16:06:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=z5M+CfLfcIamQglRSlI21ks6h3CpiPOTkWkfiogbSq4=; b=UwHvAt1CzTYN6BHBuo7uTYjgozLC9vtqdFHK3BQEA6zOXpgX/wiknQpUCb3ZWmIVnDg0 6x42+FXrjU50hggSZp26gzHY/XOWSEu7M5BSkgNKqF1Qxfbs2Mq39x/btYeKxfQSYSQw Y7SKxe47jFbd+2HbOJQIZf5ormZM/vXL/PD3n/16nst4gkyva6dCqgJ+WWwjxiIaFgVX Q5Xxo55BWh3U7hmp+s8LstrUh3DcvBBvNqZDQt3IKSBq4yq9kiwSpcp66NRutL1rSF6D m5JUnsuz/p6lFzcx73yRt3/CI4zBfkO42zih3jhXePr+HMBdoioNioI6vmpebg91GfaT vw== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 34bm6wbsnh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Oct 2020 16:06:57 -0400 Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 09NK2llu090635; Fri, 23 Oct 2020 16:06:57 -0400 Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122]) by mx0a-001b2d01.pphosted.com with ESMTP id 34bm6wbsn9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Oct 2020 16:06:57 -0400 Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1]) by ppma04dal.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 09NJw6oj017944; Fri, 23 Oct 2020 20:06:56 GMT Received: from b03cxnp08025.gho.boulder.ibm.com (b03cxnp08025.gho.boulder.ibm.com [9.17.130.17]) by ppma04dal.us.ibm.com with ESMTP id 347r8a7xhn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Oct 2020 20:06:56 +0000 Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 09NK6okm60031266 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Oct 2020 20:06:50 GMT Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4CC606A04F; Fri, 23 Oct 2020 20:06:55 +0000 (GMT) Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 587F16A054; Fri, 23 Oct 2020 20:06:54 +0000 (GMT) Received: from Buonos-Thinkpad-X1.ibm.com (unknown [9.65.212.19]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 23 Oct 2020 20:06:54 +0000 (GMT) From: Daniele Buono To: qemu-devel@nongnu.org Subject: [PATCH v2 1/6] fuzz: Make fork_fuzz.ld compatible with LLVM's LLD Date: Fri, 23 Oct 2020 16:06:39 -0400 Message-Id: <20201023200645.1055-2-dbuono@linux.vnet.ibm.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201023200645.1055-1-dbuono@linux.vnet.ibm.com> References: <20201023200645.1055-1-dbuono@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.737 definitions=2020-10-23_14:2020-10-23, 2020-10-23 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 spamscore=0 malwarescore=0 mlxlogscore=969 mlxscore=0 clxscore=1015 bulkscore=0 phishscore=0 suspectscore=1 lowpriorityscore=0 impostorscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2010230119 Received-SPF: none client-ip=148.163.156.1; envelope-from=dbuono@linux.vnet.ibm.com; helo=mx0a-001b2d01.pphosted.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/23 16:06:56 X-ACL-Warn: Detected OS = Linux 3.1-3.10 [fuzzy] X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Alexander Bulekov , Bandan Das , Stefan Hajnoczi , Paolo Bonzini , Daniele Buono Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" LLVM's linker, LLD, supports the keyword "INSERT AFTER", starting with version 11. However, when multiple sections are defined in the same "INSERT AFTER", they are added in a reversed order, compared to BFD's LD. This patch makes fork_fuzz.ld generic enough to work with both linkers. Each section now has its own "INSERT AFTER" keyword, so proper ordering is defined between the sections added. Signed-off-by: Daniele Buono --- tests/qtest/fuzz/fork_fuzz.ld | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/qtest/fuzz/fork_fuzz.ld b/tests/qtest/fuzz/fork_fuzz.ld index bfb667ed06..cfb88b7fdb 100644 --- a/tests/qtest/fuzz/fork_fuzz.ld +++ b/tests/qtest/fuzz/fork_fuzz.ld @@ -16,6 +16,11 @@ SECTIONS /* Lowest stack counter */ *(__sancov_lowest_stack); } +} +INSERT AFTER .data; + +SECTIONS +{ .data.fuzz_ordered : { /* @@ -34,6 +39,11 @@ SECTIONS */ *(.bss._ZN6fuzzer3TPCE); } +} +INSERT AFTER .data.fuzz_start; + +SECTIONS +{ .data.fuzz_end : ALIGN(4K) { __FUZZ_COUNTERS_END = .; @@ -43,4 +53,4 @@ SECTIONS * Don't overwrite the SECTIONS in the default linker script. Instead insert the * above into the default script */ -INSERT AFTER .data; +INSERT AFTER .data.fuzz_ordered; From patchwork Fri Oct 23 20:06:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniele Buono X-Patchwork-Id: 11854507 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E260A17D4 for ; Fri, 23 Oct 2020 20:09:22 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8A7122074B for ; Fri, 23 Oct 2020 20:09:22 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="enJ8C7mo" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8A7122074B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.vnet.ibm.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:58978 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kW3NJ-0007vW-Ia for patchwork-qemu-devel@patchwork.kernel.org; Fri, 23 Oct 2020 16:09:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38590) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kW3L6-0004de-21 for qemu-devel@nongnu.org; Fri, 23 Oct 2020 16:07:04 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:13384 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kW3L4-0003id-CX for qemu-devel@nongnu.org; Fri, 23 Oct 2020 16:07:03 -0400 Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 09NJXbfL151695; Fri, 23 Oct 2020 16:07:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=okw3TffWEdn/PVkFEUH/mlJtiTHXtPak0FlBw9YMJDw=; b=enJ8C7movXuFPIEyRI4B+ovqWZgBdvWrKXa4gkkw7E1SwmW6d/QYpW9j5uQeOo/H+Ep6 EqlUVZF/j3yprMqckLfiF1+h6XSvArbyZZnoB3nSP2Y3WA052KzVLZsV7jI+uNV0zuM0 7KOICi2+SbAwTd5UEUR48n6LfozptJDMw3VIkYGImXf5pNT8zAX4nD+KE2VUXTawzyjH Q8qPail+wNkg1Jb0iyb0XLRINkcl7JLdbtHmp5TEADTchMp8bVfOH7eAXCLLgKQLBhjw 36VyOrj0hqyUrWOVLLZVLowOqNB/ifB84m29t21xfJS2wQymkfxKSTewURVHUPPYsNOJ 8w== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 34c4vh1sk9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Oct 2020 16:07:00 -0400 Received: from m0098414.ppops.net (m0098414.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 09NK0WTc028726; Fri, 23 Oct 2020 16:06:59 -0400 Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0b-001b2d01.pphosted.com with ESMTP id 34c4vh1sk0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Oct 2020 16:06:59 -0400 Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 09NK6x84027463; Fri, 23 Oct 2020 20:06:59 GMT Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma01dal.us.ibm.com with ESMTP id 34bhyqhase-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Oct 2020 20:06:58 +0000 Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 09NK6nHg5636760 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Oct 2020 20:06:49 GMT Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 281BD6A051; Fri, 23 Oct 2020 20:06:57 +0000 (GMT) Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6E42D6A057; Fri, 23 Oct 2020 20:06:56 +0000 (GMT) Received: from Buonos-Thinkpad-X1.ibm.com (unknown [9.65.212.19]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 23 Oct 2020 20:06:56 +0000 (GMT) From: Daniele Buono To: qemu-devel@nongnu.org Subject: [PATCH v2 2/6] configure: avoid new clang 11+ warnings Date: Fri, 23 Oct 2020 16:06:40 -0400 Message-Id: <20201023200645.1055-3-dbuono@linux.vnet.ibm.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201023200645.1055-1-dbuono@linux.vnet.ibm.com> References: <20201023200645.1055-1-dbuono@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.737 definitions=2020-10-23_14:2020-10-23, 2020-10-23 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 bulkscore=0 phishscore=0 mlxlogscore=999 lowpriorityscore=0 malwarescore=0 adultscore=0 suspectscore=1 mlxscore=0 spamscore=0 priorityscore=1501 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2010230119 Received-SPF: none client-ip=148.163.158.5; envelope-from=dbuono@linux.vnet.ibm.com; helo=mx0a-001b2d01.pphosted.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/23 16:07:01 X-ACL-Warn: Detected OS = Linux 3.x [generic] X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Thomas Huth , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Daniele Buono , Alexander Bulekov Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" Clang 11 finds a couple of spots in the code that trigger new warnings: ../qemu-base/hw/usb/dev-uas.c:157:31: error: field 'status' with variable sized type 'uas_iu' not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end] uas_iu status; ^ 1 error generated. The data structure is UASStatus, which must end with a QTAILQ_ENTRY, so I believe we cannot have uas_iu at the end. Since this is a gnu extension but CLANG supports it, just add -Wno-gnu-variable-sized-type-not-at-end to remove the warning. ../qemu-base/target/s390x/cpu_models.c:985:21: error: cast to smaller integer type 'S390Feat' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast] S390Feat feat = (S390Feat) opaque; ^~~~~~~~~~~~~~~~~ ../qemu-base/target/s390x/cpu_models.c:1002:21: error: cast to smaller integer type 'S390Feat' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast] S390Feat feat = (S390Feat) opaque; ^~~~~~~~~~~~~~~~~ ../qemu-base/target/s390x/cpu_models.c:1036:27: error: cast to smaller integer type 'S390FeatGroup' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast] S390FeatGroup group = (S390FeatGroup) opaque; ^~~~~~~~~~~~~~~~~~~~~~ ../qemu-base/target/s390x/cpu_models.c:1057:27: error: cast to smaller integer type 'S390FeatGroup' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast] S390FeatGroup group = (S390FeatGroup) opaque; ^~~~~~~~~~~~~~~~~~~~~~ 4 errors generated. These are void * that get casted to enums, which are (or can be) smaller than a 64bit pointer. A code reorg may be better on the long term, but for now will fix this adding -Wno-void-pointer-to-enum-cast Signed-off-by: Daniele Buono --- configure | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configure b/configure index e6754c1e87..9dc05cfb8a 100755 --- a/configure +++ b/configure @@ -2000,6 +2000,8 @@ add_to nowarn_flags -Wno-shift-negative-value add_to nowarn_flags -Wno-string-plus-int add_to nowarn_flags -Wno-typedef-redefinition add_to nowarn_flags -Wno-tautological-type-limit-compare +add_to nowarn_flags -Wno-gnu-variable-sized-type-not-at-end +add_to nowarn_flags -Wno-void-pointer-to-enum-cast add_to nowarn_flags -Wno-psabi gcc_flags="$warn_flags $nowarn_flags" From patchwork Fri Oct 23 20:06:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniele Buono X-Patchwork-Id: 11854505 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5DE731744 for ; Fri, 23 Oct 2020 20:09:00 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D5BA22074B for ; Fri, 23 Oct 2020 20:08:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="KNM/HMlP" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D5BA22074B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.vnet.ibm.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:57574 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kW3Mw-0007KA-OU for patchwork-qemu-devel@patchwork.kernel.org; Fri, 23 Oct 2020 16:08:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38630) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kW3L8-0004hG-7Y for qemu-devel@nongnu.org; Fri, 23 Oct 2020 16:07:06 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:12188) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kW3L6-0003is-2G for qemu-devel@nongnu.org; Fri, 23 Oct 2020 16:07:05 -0400 Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 09NK1hed099395; Fri, 23 Oct 2020 16:07:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=ZLhWKIOW7+EclO3pqiAO+l1ZilF2Tr2SDwD3dq/QbWI=; b=KNM/HMlPfDr5NzLTygwWk5vylwX3BN+vm9CoraTzcOOL66VeR5FRysA7n0MHgON2P15m h6w6tDqDCmT/1K8q1OPYZOqJkKDzgOcezSoVlfzHd3VdmWCfTtOLsaoZjIpiNqjV9IxK TLWJVNU7zUupFwqeN1CdnBovhWn60Xko65/twDaRuUKgoKVBdEBunZeM6zkOjpwvxCmu cRKnHNpai9oHgQMXQjLjDiNkZEo6Kl/r6tb2Z7/iTjcGRkNuA7ZKGMWptjqxChVf9XMS /v3YhMbR2SQ4ZkOwLsKPI4vxSem6g+wl5oPhtrx62tqYv/+giEEXSFWrFG7xUuYJJREe FQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 34c4t9hthk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Oct 2020 16:07:02 -0400 Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 09NK31QA106964; Fri, 23 Oct 2020 16:07:01 -0400 Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0a-001b2d01.pphosted.com with ESMTP id 34c4t9hth5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Oct 2020 16:07:01 -0400 Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 09NJv1PY014288; Fri, 23 Oct 2020 20:07:00 GMT Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20]) by ppma02wdc.us.ibm.com with ESMTP id 347r89txpe-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Oct 2020 20:07:00 +0000 Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 09NK6xOO62456192 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Oct 2020 20:06:59 GMT Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CA2786A047; Fri, 23 Oct 2020 20:06:59 +0000 (GMT) Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 12D746A04D; Fri, 23 Oct 2020 20:06:59 +0000 (GMT) Received: from Buonos-Thinkpad-X1.ibm.com (unknown [9.65.212.19]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 23 Oct 2020 20:06:58 +0000 (GMT) From: Daniele Buono To: qemu-devel@nongnu.org Subject: [PATCH v2 3/6] configure: add option to enable LTO Date: Fri, 23 Oct 2020 16:06:41 -0400 Message-Id: <20201023200645.1055-4-dbuono@linux.vnet.ibm.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201023200645.1055-1-dbuono@linux.vnet.ibm.com> References: <20201023200645.1055-1-dbuono@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.737 definitions=2020-10-23_14:2020-10-23, 2020-10-23 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 phishscore=0 spamscore=0 mlxlogscore=999 lowpriorityscore=0 bulkscore=0 impostorscore=0 suspectscore=1 clxscore=1015 malwarescore=0 mlxscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2010230119 Received-SPF: none client-ip=148.163.156.1; envelope-from=dbuono@linux.vnet.ibm.com; helo=mx0a-001b2d01.pphosted.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/23 16:06:56 X-ACL-Warn: Detected OS = Linux 3.x [generic] [fuzzy] X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Thomas Huth , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Daniele Buono , Alexander Bulekov Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" This patch allows to compile QEMU with link-time optimization (LTO). Compilation with LTO is handled directly by meson. This patch adds checks in configure to make sure the toolchain supports LTO. Currently, allow LTO only with clang, since I have found a couple of issues with gcc-based LTO. In case fuzzing is enabled, automatically switch to llvm's linker (lld). The standard bfd linker has a bug where function wrapping (used by the fuzz* targets) is used in conjunction with LTO. Tested with all major versions of clang from 6 to 12 Signed-off-by: Daniele Buono --- configure | 128 ++++++++++++++++++++++++++++++++++++++++++++++++++++ meson.build | 1 + 2 files changed, 129 insertions(+) diff --git a/configure b/configure index 9dc05cfb8a..e964040522 100755 --- a/configure +++ b/configure @@ -76,6 +76,7 @@ fi TMPB="qemu-conf" TMPC="${TMPDIR1}/${TMPB}.c" TMPO="${TMPDIR1}/${TMPB}.o" +TMPA="${TMPDIR1}/lib${TMPB}.a" TMPCXX="${TMPDIR1}/${TMPB}.cxx" TMPE="${TMPDIR1}/${TMPB}.exe" TMPTXT="${TMPDIR1}/${TMPB}.txt" @@ -180,6 +181,32 @@ compile_prog() { $LDFLAGS $CONFIGURE_LDFLAGS $QEMU_LDFLAGS $local_ldflags } +do_run_filter() { + # Run a generic program, capturing its output to the log, + # but also filtering the output with grep. + # Returns the return value of grep. + # First argument is the filter string. + # Second argument is binary to execute. + local filter="$1" + local filter_pattern="" + if test "$filter" = "yes"; then + shift + filter_pattern="$1" + fi + shift + local program="$1" + shift + echo $program $@ >> config.log + $program $@ >> config.log 2>&1 || return $? + if test "$filter" = "yes"; then + $program $@ 2>&1 | grep "${filter_pattern}" >> /dev/null || return $? + fi +} + +create_library() { + do_run_filter "no" "$ar" -rc${1} $TMPA $TMPO +} + # symbolically link $1 to $2. Portable version of "ln -sf". symlink() { rm -rf "$2" @@ -242,6 +269,7 @@ host_cc="cc" audio_win_int="" libs_qga="" debug_info="yes" +lto="false" stack_protector="" safe_stack="" use_containers="yes" @@ -1159,6 +1187,10 @@ for opt do ;; --disable-werror) werror="no" ;; + --enable-lto) lto="true" + ;; + --disable-lto) lto="false" + ;; --enable-stack-protector) stack_protector="yes" ;; --disable-stack-protector) stack_protector="no" @@ -1735,6 +1767,8 @@ disabled with --disable-FEATURE, default is enabled if available: module-upgrades try to load modules from alternate paths for upgrades debug-tcg TCG debugging (default is disabled) debug-info debugging information + lto Enable Link-Time Optimization. + Depends on clang/llvm >=6.0 sparse sparse checker safe-stack SafeStack Stack Smash Protection. Depends on clang/llvm >= 3.7 and requires coroutine backend ucontext. @@ -5222,6 +5256,62 @@ if test "$plugins" = "yes" && fi ######################################## +# lto (Link-Time Optimization) + +if test "$lto" = "true"; then + # Test compiler/ar/linker support for lto. + # compilation with lto is handled by meson. Just make sure that compiler + # support is fully functional, and add additional compatibility flags + # if necessary. + + if ! echo | $cc -dM -E - | grep __clang__ > /dev/null 2>&1 ; then + # LTO with GCC and other compilers is not tested, and possibly broken + error_exit "QEMU only supports LTO with CLANG" + fi + + # Check that lto is supported. + # Need to check for: + # - Valid compiler, that supports lto flags + # - Valid ar, able to support intermediate code + # - Valid linker, able to support intermediate code + + #### Check for a valid *ar* for link-time optimization. + # Test it by creating a static library and linking it + # Compile an object first + cat > $TMPC << EOF +int fun(int val); + +int fun(int val) { + return val; +} +EOF + if ! compile_object "-Werror -flto"; then + error_exit "LTO is not supported by your compiler" + fi + # Create a library out of it + if ! create_library "s" ; then + error_exit "LTO is not supported by ar. This usually happens when mixing GNU and LLVM toolchain." + fi + # Now create a binary using the library + cat > $TMPC << EOF +int fun(int val); + +int main(int argc, char *argv[]) { + return fun(0); +} +EOF + if ! compile_prog "-Werror" "$test_ldflag -flto ${TMPA}"; then + error_exit "LTO is not supported by ar or the linker. This usually happens when mixing GNU and LLVM toolchain." + fi + + #### All good, add the flags for CFI to our CFLAGS and LDFLAGS + # Flag needed both at compilation and at linking + QEMU_LDFLAGS="$QEMU_LDFLAGS $test_ldflag" + # Add -flto to CONFIGURE_*FLAGS since we need it in configure, + # but will be added by meson later + CONFIGURE_CFLAGS="$QEMU_CFLAGS -flto" + CONFIGURE_LDFLAGS="$QEMU_LDFLAGS -flto" +fi # See if __attribute__((alias)) is supported. # This false for Xcode 9, but has been remedied for Xcode 10. # Unfortunately, travis uses Xcode 9 by default. @@ -5532,6 +5622,43 @@ if test "$fuzzing" = "yes" && test -z "${LIB_FUZZING_ENGINE+xxx}"; then error_exit "Your compiler doesn't support -fsanitize=fuzzer" exit 1 fi + # Make sure that the linker supports a custom linker script + # If LTO is enabled, switch linker to lld, since at the moment + # it is the only linker that works with lto and fuzzing: + # - gold does not support a custom script + # - bfd does not support wrapping functions with LTO + cat > $TMPC << EOF +#include +#include +void* __real_malloc(size_t size); +void* __wrap_malloc(size_t size); + +void* __wrap_malloc(size_t size){ + printf("Inside wrap_malloc\n"); + return __real_malloc(size); +} + +int main(int argc, char *argv[]) { + int *myint = (void*) malloc(sizeof(int)); + *myint = 0; + return *myint; +} +EOF + extra_cflags="$CPU_CFLAGS -Werror" + extra_ldflags="-Wl,-T,${source_path}/tests/qtest/fuzz/fork_fuzz.ld" + extra_ldflags="${extra_ldflags} -Wl,--wrap,malloc" + if test "$lto" = "true"; then + extra_ldflags="${extra_ldflags} -fuse-ld=lld" + fi + if ! compile_prog "$extra_cflags" "$extra_ldflags"; then + error_exit "Your linker does not support our linker script" + fi + if ! do_run_filter "yes" "Inside wrap_malloc" ${TMPE} ""; then + error_exit "Your linker does not support our linker script" + fi + if test "$lto" = "true"; then + QEMU_LDFLAGS="${QEMU_LDFLAGS} -fuse-ld=lld" + fi fi # Thread sanitizer is, for now, much noisier than the other sanitizers; @@ -7018,6 +7145,7 @@ NINJA=$ninja $meson setup \ -Dcapstone=$capstone -Dslirp=$slirp -Dfdt=$fdt \ -Diconv=$iconv -Dcurses=$curses -Dlibudev=$libudev\ -Ddocs=$docs -Dsphinx_build=$sphinx_build \ + -Db_lto=$lto \ $cross_arg \ "$PWD" "$source_path" diff --git a/meson.build b/meson.build index 7627a0ae46..50e5c527df 100644 --- a/meson.build +++ b/meson.build @@ -1959,6 +1959,7 @@ summary_info += {'gprof enabled': config_host.has_key('CONFIG_GPROF')} summary_info += {'sparse enabled': sparse.found()} summary_info += {'strip binaries': get_option('strip')} summary_info += {'profiler': config_host.has_key('CONFIG_PROFILER')} +summary_info += {'link-time optimization (LTO)': get_option('b_lto')} summary_info += {'static build': config_host.has_key('CONFIG_STATIC')} if targetos == 'darwin' summary_info += {'Cocoa support': config_host.has_key('CONFIG_COCOA')} From patchwork Fri Oct 23 20:06:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Daniele Buono X-Patchwork-Id: 11854511 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A243E6A2 for ; Fri, 23 Oct 2020 20:11:30 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 372B12074B for ; Fri, 23 Oct 2020 20:11:30 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="PozgcYe5" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 372B12074B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.vnet.ibm.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:34930 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kW3PN-0001Qa-6i for patchwork-qemu-devel@patchwork.kernel.org; Fri, 23 Oct 2020 16:11:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38670) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kW3LB-0004mu-PV for qemu-devel@nongnu.org; Fri, 23 Oct 2020 16:07:09 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:63408 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kW3L9-0003jZ-H3 for qemu-devel@nongnu.org; Fri, 23 Oct 2020 16:07:09 -0400 Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 09NK2F0J129000; Fri, 23 Oct 2020 16:07:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=C5YTzriKKSoE/1Li/eahOuIiN7OD3uue9rzSUpEG8hc=; b=PozgcYe5gKQC+2hwXv/RYDibirUn4eaxWLoAi4Mut/K9TMiEknTEG0OfR+uI6HwCjLo4 KJm1UplVW7lExNDflNO32ecZHDJbYfpojsyImQxfKvylXeCkJxuRMyQRkOqlDTXmvFyh S8v5Bry4CWNF0le4eqezt/DpDMwnXPAXjhXRhd25f9lf3rdW+xZHZUTMlWgLqXSM1o+2 Z8cK6g4vtR3PWb9HJ1ByLW2ROs+OmCZh400C6rmxtsHA9zDV7a5DqMF/YD7kqXnfoJLB XAI/KyGyCyJKWhzYF/bNZM8AV3VyZn8JtsbbjZli/esSFskdBEWvhOQMgWekoNQ0SKFw 3Q== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 34c1ct8mr4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Oct 2020 16:07:05 -0400 Received: from m0098420.ppops.net (m0098420.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 09NK2GtT129119; Fri, 23 Oct 2020 16:07:04 -0400 Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0b-001b2d01.pphosted.com with ESMTP id 34c1ct8mqq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Oct 2020 16:07:04 -0400 Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 09NK71wB027543; Fri, 23 Oct 2020 20:07:03 GMT Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by ppma01dal.us.ibm.com with ESMTP id 34bhyqhat7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Oct 2020 20:07:03 +0000 Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 09NK72FO49217870 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Oct 2020 20:07:02 GMT Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9691F6A047; Fri, 23 Oct 2020 20:07:02 +0000 (GMT) Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9F2076A04D; Fri, 23 Oct 2020 20:07:01 +0000 (GMT) Received: from Buonos-Thinkpad-X1.ibm.com (unknown [9.65.212.19]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 23 Oct 2020 20:07:01 +0000 (GMT) From: Daniele Buono To: qemu-devel@nongnu.org Subject: [PATCH v2 4/6] cfi: Initial support for cfi-icall in QEMU Date: Fri, 23 Oct 2020 16:06:42 -0400 Message-Id: <20201023200645.1055-5-dbuono@linux.vnet.ibm.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201023200645.1055-1-dbuono@linux.vnet.ibm.com> References: <20201023200645.1055-1-dbuono@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.737 definitions=2020-10-23_14:2020-10-23, 2020-10-23 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 phishscore=0 impostorscore=0 mlxscore=0 suspectscore=3 clxscore=1011 priorityscore=1501 bulkscore=0 spamscore=0 mlxlogscore=999 adultscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2010230119 Received-SPF: none client-ip=148.163.158.5; envelope-from=dbuono@linux.vnet.ibm.com; helo=mx0a-001b2d01.pphosted.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/23 16:07:01 X-ACL-Warn: Detected OS = Linux 3.x [generic] X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas Huth , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Stefan Weil , Alexander Bulekov , Paolo Bonzini , =?utf-8?q?Alex_Benn=C3=A9e?= , Daniele Buono , Richard Henderson Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" LLVM/Clang, supports runtime checks for forward-edge Control-Flow Integrity (CFI). CFI on indirect function calls (cfi-icall) ensures that, in indirect function calls, the function called is of the right signature for the pointer type defined at compile time. For this check to work, the code must always respect the function signature when using function pointer, the function must be defined at compile time, and be compiled with link-time optimization. This rules out, for example, shared libraries that are dynamically loaded (given that functions are not known at compile time), and code that is dynamically generated at run-time. This patch: 1) Introduces the CONFIG_CFI flag to support cfi in QEMU 2) Introduces a decorator to allow the definition of "sensitive" functions, where a non-instrumented function may be called at runtime through a pointer. The decorator will take care of disabling cfi-icall checks on such functions, when cfi is enabled. 3) Marks functions currently in QEMU that exhibit such behavior, in particular: - The function in TCG that calls pre-compiled TBs - The function in TCI that interprets instructions - Functions in the plugin infrastructures that jump to callbacks - Functions in util that directly call a signal handler 4) Add a new section in MAINTAINERS with me as a maintainer for include/qemu/sanitizers.h, in case a maintainer is deemed necessary for this feature Signed-off-by: Daniele Buono Acked-by: Alex Bennée --- MAINTAINERS | 5 +++++ accel/tcg/cpu-exec.c | 9 +++++++++ include/qemu/sanitizers.h | 22 ++++++++++++++++++++++ plugins/core.c | 25 +++++++++++++++++++++++++ plugins/loader.c | 5 +++++ tcg/tci.c | 5 +++++ util/main-loop.c | 9 +++++++++ util/oslib-posix.c | 9 +++++++++ 8 files changed, 89 insertions(+) create mode 100644 include/qemu/sanitizers.h diff --git a/MAINTAINERS b/MAINTAINERS index 6a197bd358..93b2b52b88 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -3094,6 +3094,11 @@ S: Maintained F: hw/semihosting/ F: include/hw/semihosting/ +Control Flow Integrity +M: Daniele Buono +S: Maintained +F: include/qemu/sanitizers.h + Build and test automation ------------------------- Build and test automation diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c index 58aea605d8..efa01c51db 100644 --- a/accel/tcg/cpu-exec.c +++ b/accel/tcg/cpu-exec.c @@ -26,6 +26,7 @@ #include "exec/exec-all.h" #include "tcg/tcg.h" #include "qemu/atomic.h" +#include "qemu/sanitizers.h" #include "sysemu/qtest.h" #include "qemu/timer.h" #include "qemu/rcu.h" @@ -144,6 +145,14 @@ static void init_delay_params(SyncClocks *sc, const CPUState *cpu) #endif /* CONFIG USER ONLY */ /* Execute a TB, and fix up the CPU state afterwards if necessary */ +/* Disable CFI checks. + * TCG creates binary blobs at runtime, with the transformed code. + * A TB is a blob of binary code, created at runtime and called with an + * indirect function call. Since such function did not exist at compile time, + * the CFI runtime has no way to verify its signature and would fail. + * TCG is not considered a security-sensitive part of QEMU so this does not + * affect the impact of CFI in environment with high security requirements */ +__disable_cfi__ static inline tcg_target_ulong cpu_tb_exec(CPUState *cpu, TranslationBlock *itb) { CPUArchState *env = cpu->env_ptr; diff --git a/include/qemu/sanitizers.h b/include/qemu/sanitizers.h new file mode 100644 index 0000000000..31e404d58d --- /dev/null +++ b/include/qemu/sanitizers.h @@ -0,0 +1,22 @@ +/* + * Decorators to disable sanitizers on specific functions + * + * Copyright IBM Corp., 2020 + * + * Author: + * Daniele Buono + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + * + */ + +#ifdef CONFIG_CFI +/* If CFI is enabled, use an attribute to disable cfi-icall on the following + * function */ +#define __disable_cfi__ __attribute__((no_sanitize("cfi-icall"))) +#else +/* If CFI is not enabled, use an empty define to not change the behavior */ +#define __disable_cfi__ +#endif + diff --git a/plugins/core.c b/plugins/core.c index 51bfc94787..9b712ca4ac 100644 --- a/plugins/core.c +++ b/plugins/core.c @@ -31,6 +31,7 @@ #include "tcg/tcg-op.h" #include "trace/mem-internal.h" /* mem_info macros */ #include "plugin.h" +#include "qemu/sanitizers.h" struct qemu_plugin_cb { struct qemu_plugin_ctx *ctx; @@ -90,6 +91,10 @@ void plugin_unregister_cb__locked(struct qemu_plugin_ctx *ctx, } } +/* Disable CFI checks. + * The callback function has been loaded from an external library so we do not + * have type information */ +__disable_cfi__ static void plugin_vcpu_cb__simple(CPUState *cpu, enum qemu_plugin_event ev) { struct qemu_plugin_cb *cb, *next; @@ -111,6 +116,10 @@ static void plugin_vcpu_cb__simple(CPUState *cpu, enum qemu_plugin_event ev) } } +/* Disable CFI checks. + * The callback function has been loaded from an external library so we do not + * have type information */ +__disable_cfi__ static void plugin_cb__simple(enum qemu_plugin_event ev) { struct qemu_plugin_cb *cb, *next; @@ -128,6 +137,10 @@ static void plugin_cb__simple(enum qemu_plugin_event ev) } } +/* Disable CFI checks. + * The callback function has been loaded from an external library so we do not + * have type information */ +__disable_cfi__ static void plugin_cb__udata(enum qemu_plugin_event ev) { struct qemu_plugin_cb *cb, *next; @@ -325,6 +338,10 @@ void plugin_register_vcpu_mem_cb(GArray **arr, dyn_cb->f.generic = cb; } +/* Disable CFI checks. + * The callback function has been loaded from an external library so we do not + * have type information */ +__disable_cfi__ void qemu_plugin_tb_trans_cb(CPUState *cpu, struct qemu_plugin_tb *tb) { struct qemu_plugin_cb *cb, *next; @@ -339,6 +356,10 @@ void qemu_plugin_tb_trans_cb(CPUState *cpu, struct qemu_plugin_tb *tb) } } +/* Disable CFI checks. + * The callback function has been loaded from an external library so we do not + * have type information */ +__disable_cfi__ void qemu_plugin_vcpu_syscall(CPUState *cpu, int64_t num, uint64_t a1, uint64_t a2, uint64_t a3, uint64_t a4, uint64_t a5, @@ -358,6 +379,10 @@ qemu_plugin_vcpu_syscall(CPUState *cpu, int64_t num, uint64_t a1, uint64_t a2, } } +/* Disable CFI checks. + * The callback function has been loaded from an external library so we do not + * have type information */ +__disable_cfi__ void qemu_plugin_vcpu_syscall_ret(CPUState *cpu, int64_t num, int64_t ret) { struct qemu_plugin_cb *cb, *next; diff --git a/plugins/loader.c b/plugins/loader.c index 8ac5dbc20f..d193c5772e 100644 --- a/plugins/loader.c +++ b/plugins/loader.c @@ -32,6 +32,7 @@ #ifndef CONFIG_USER_ONLY #include "hw/boards.h" #endif +#include "qemu/sanitizers.h" #include "plugin.h" @@ -150,6 +151,10 @@ static uint64_t xorshift64star(uint64_t x) return x * UINT64_C(2685821657736338717); } +/* Disable CFI checks. + * The install and version functions have been loaded from an external library + * so we do not have type information */ +__disable_cfi__ static int plugin_load(struct qemu_plugin_desc *desc, const qemu_info_t *info) { qemu_plugin_install_func_t install; diff --git a/tcg/tci.c b/tcg/tci.c index 82039fd163..b82cae3d24 100644 --- a/tcg/tci.c +++ b/tcg/tci.c @@ -31,6 +31,7 @@ #include "tcg/tcg.h" /* MAX_OPC_PARAM_IARGS */ #include "exec/cpu_ldst.h" #include "tcg/tcg-op.h" +#include "qemu/sanitizers.h" /* Marker for missing code. */ #define TODO() \ @@ -475,6 +476,10 @@ static bool tci_compare64(uint64_t u0, uint64_t u1, TCGCond condition) #endif /* Interpret pseudo code in tb. */ +/* Disable CFI checks. + * One possible operation in the pseudo code is a call to binary code. + * Therefore, disable CFI checks in the interpreter function */ +__disable_cfi__ uintptr_t tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr) { tcg_target_ulong regs[TCG_TARGET_NB_REGS]; diff --git a/util/main-loop.c b/util/main-loop.c index 6470f8eae3..610ef26cb0 100644 --- a/util/main-loop.c +++ b/util/main-loop.c @@ -33,6 +33,7 @@ #include "block/aio.h" #include "qemu/error-report.h" #include "qemu/queue.h" +#include "qemu/sanitizers.h" #ifndef _WIN32 #include @@ -44,6 +45,14 @@ * use signalfd to listen for them. We rely on whatever the current signal * handler is to dispatch the signals when we receive them. */ +/* Disable CFI checks. + * We are going to call a signal hander directly. Such handler may or may not + * have been defined in our binary, so there's no guarantee that the pointer + * used to set the handler is a cfi-valid pointer. Since the handlers are + * stored in kernel memory, changing the handler to an attacker-defined + * function requires being able to call a sigaction() syscall, + * which is not as easy as overwriting a pointer in memory. */ +__disable_cfi__ static void sigfd_handler(void *opaque) { int fd = (intptr_t)opaque; diff --git a/util/oslib-posix.c b/util/oslib-posix.c index f15234b5c0..099c50acc1 100644 --- a/util/oslib-posix.c +++ b/util/oslib-posix.c @@ -39,6 +39,7 @@ #include "qemu/thread.h" #include #include "qemu/cutils.h" +#include "qemu/sanitizers.h" #ifdef CONFIG_LINUX #include @@ -773,6 +774,14 @@ void qemu_free_stack(void *stack, size_t sz) munmap(stack, sz); } +/* Disable CFI checks. + * We are going to call a signal hander directly. Such handler may or may not + * have been defined in our binary, so there's no guarantee that the pointer + * used to set the handler is a cfi-valid pointer. Since the handlers are + * stored in kernel memory, changing the handler to an attacker-defined + * function requires being able to call a sigaction() syscall, + * which is not as easy as overwriting a pointer in memory. */ +__disable_cfi__ void sigaction_invoke(struct sigaction *action, struct qemu_signalfd_siginfo *info) { From patchwork Fri Oct 23 20:06:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniele Buono X-Patchwork-Id: 11854513 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 12A026A2 for ; Fri, 23 Oct 2020 20:13:10 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9D41D20882 for ; Fri, 23 Oct 2020 20:13:09 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="m/02+aEo" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9D41D20882 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.vnet.ibm.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:37486 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kW3Qy-0002YR-Fn for patchwork-qemu-devel@patchwork.kernel.org; Fri, 23 Oct 2020 16:13:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38676) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kW3LC-0004o4-Kd for qemu-devel@nongnu.org; Fri, 23 Oct 2020 16:07:10 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:28402) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kW3LA-0003jf-O7 for qemu-devel@nongnu.org; Fri, 23 Oct 2020 16:07:10 -0400 Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 09NK2K1V089487; Fri, 23 Oct 2020 16:07:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=lH1vjam/uAwj77DuuJwX4duoeCbG9KbpZcBIQApIcck=; b=m/02+aEovCXl2AejaUP54JsKoFieGN6CyPiX7RgD4JkLjhT1QyxjPRPihrZ3ca6hFFK8 XDno7annpEQAbkN+6YHCmRfNLuDxOBD9M1Zj5RQJawBpJN9mYDFlNi/ENKQWDfmT5eao TVOa+2sXIVzA0VvPANv2Psnp/S+NJ21c70PA5K6szQkdorkLAU9WBifCO3L28s+fFxle q0VfGt6mByXZIBk66EA9jWCzpDs9NAgz8MWfgggP12K6KlWs6t0VvzJ60PxCXUWMOy+h zPuo80Y2rf6f8xP7aHukxUob5Sgfrak3WBytW6AMTj1k4hoiTg9r+NunoMSSYNDw0sVa 2w== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 34bm6wbssq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Oct 2020 16:07:07 -0400 Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 09NK2Rfh089914; Fri, 23 Oct 2020 16:07:06 -0400 Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0a-001b2d01.pphosted.com with ESMTP id 34bm6wbsse-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Oct 2020 16:07:06 -0400 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 09NJwATk003078; Fri, 23 Oct 2020 20:07:06 GMT Received: from b03cxnp08027.gho.boulder.ibm.com (b03cxnp08027.gho.boulder.ibm.com [9.17.130.19]) by ppma03dal.us.ibm.com with ESMTP id 347r8a7wjr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Oct 2020 20:07:05 +0000 Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 09NK6xJd24838414 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Oct 2020 20:06:59 GMT Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id ABD8F6A04D; Fri, 23 Oct 2020 20:07:04 +0000 (GMT) Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 01A256A047; Fri, 23 Oct 2020 20:07:04 +0000 (GMT) Received: from Buonos-Thinkpad-X1.ibm.com (unknown [9.65.212.19]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 23 Oct 2020 20:07:03 +0000 (GMT) From: Daniele Buono To: qemu-devel@nongnu.org Subject: [PATCH v2 5/6] check-block: enable iotests with cfi-icall Date: Fri, 23 Oct 2020 16:06:43 -0400 Message-Id: <20201023200645.1055-6-dbuono@linux.vnet.ibm.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201023200645.1055-1-dbuono@linux.vnet.ibm.com> References: <20201023200645.1055-1-dbuono@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.737 definitions=2020-10-23_14:2020-10-23, 2020-10-23 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 spamscore=0 malwarescore=0 mlxlogscore=626 mlxscore=0 clxscore=1015 bulkscore=0 phishscore=0 suspectscore=1 lowpriorityscore=0 impostorscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2010230119 Received-SPF: none client-ip=148.163.156.1; envelope-from=dbuono@linux.vnet.ibm.com; helo=mx0a-001b2d01.pphosted.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/23 16:06:56 X-ACL-Warn: Detected OS = Linux 3.1-3.10 [fuzzy] X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Thomas Huth , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Daniele Buono , Alexander Bulekov Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" cfi-icall is a form of Control-Flow Integrity for indirect function calls implemented by llvm. It is enabled with a -fsanitize flag. iotests are currently disabled when -fsanitize options is used, with the exception of SafeStack. This patch implements a generic filtering mechanism to allow iotests with a set of known-to-be-safe -fsanitize option. Then marks SafeStack and the new options used for cfi-icall safe for iotests Signed-off-by: Daniele Buono --- tests/check-block.sh | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/tests/check-block.sh b/tests/check-block.sh index f6b1bda7b9..fb4c1baae9 100755 --- a/tests/check-block.sh +++ b/tests/check-block.sh @@ -21,14 +21,18 @@ if grep -q "CONFIG_GPROF=y" config-host.mak 2>/dev/null ; then exit 0 fi -# Disable tests with any sanitizer except for SafeStack -CFLAGS=$( grep "CFLAGS.*-fsanitize" config-host.mak 2>/dev/null ) -SANITIZE_FLAGS="" -#Remove all occurrencies of -fsanitize=safe-stack -for i in ${CFLAGS}; do - if [ "${i}" != "-fsanitize=safe-stack" ]; then - SANITIZE_FLAGS="${SANITIZE_FLAGS} ${i}" +# Disable tests with any sanitizer except for specific ones +SANITIZE_FLAGS=$( grep "CFLAGS.*-fsanitize" config-host.mak 2>/dev/null ) +ALLOWED_SANITIZE_FLAGS="safe-stack cfi-icall" +#Remove all occurrencies of allowed Sanitize flags +for j in ${ALLOWED_SANITIZE_FLAGS}; do + TMP_FLAGS=${SANITIZE_FLAGS} + SANITIZE_FLAGS="" + for i in ${TMP_FLAGS}; do + if ! echo ${i} | grep -q "${j}" 2>/dev/null; then + SANITIZE_FLAGS="${SANITIZE_FLAGS} ${i}" fi + done done if echo ${SANITIZE_FLAGS} | grep -q "\-fsanitize" 2>/dev/null; then # Have a sanitize flag that is not allowed, stop From patchwork Fri Oct 23 20:06:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniele Buono X-Patchwork-Id: 11854509 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C0D006A2 for ; Fri, 23 Oct 2020 20:10:52 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 690D22074B for ; Fri, 23 Oct 2020 20:10:52 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="ETEVHW7Q" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 690D22074B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.vnet.ibm.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:33608 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kW3Ol-0000qb-92 for patchwork-qemu-devel@patchwork.kernel.org; Fri, 23 Oct 2020 16:10:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38692) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kW3LE-0004t5-Ug for qemu-devel@nongnu.org; Fri, 23 Oct 2020 16:07:12 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:5270) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kW3LC-0003jt-Ma for qemu-devel@nongnu.org; Fri, 23 Oct 2020 16:07:12 -0400 Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 09NK29ox182264; Fri, 23 Oct 2020 16:07:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=P3TPXiTUGaxAmCIhw8Qg77Q02Z3Vw0oLUCLlve8GL20=; b=ETEVHW7Qz21JHrGVqjutzkK183XK2XVC5QOYN7MMUXDvrphqOH3WlHFQK1MfX8g6BV6U y69a+pFyRycHvsKjVJM2gVHMsG0NzIyuaoGGnjJk+VIHJF849w4619rWUi83R9YYjj3A GGtJHhuEPkr5k0jbW9zmsYuIM+Dt7UvMz8pFrcUaaMXKoMpcbswPl9A+RqU2HfAFVgl4 b4Kc88daeOzodFzcc0jCGbCz1GYUtBo+JkxiKTxB6VbsO0MP65Ybdw57PBBW3Vqfa6lQ UxbBwKg5tlEoyLRxSoG0DCWeiOkCexcf2n/5UZHaP51jIkFW75S8XOXArkNhaq8Hh+CF RQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 34c2j9dg1g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Oct 2020 16:07:09 -0400 Received: from m0098394.ppops.net (m0098394.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 09NK2IAh182894; Fri, 23 Oct 2020 16:07:08 -0400 Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27]) by mx0a-001b2d01.pphosted.com with ESMTP id 34c2j9dg0x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Oct 2020 16:07:08 -0400 Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1]) by ppma05wdc.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 09NJvKX1001629; Fri, 23 Oct 2020 20:07:07 GMT Received: from b03cxnp07029.gho.boulder.ibm.com (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16]) by ppma05wdc.us.ibm.com with ESMTP id 347r89jw3h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Oct 2020 20:07:07 +0000 Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 09NK767k32440650 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Oct 2020 20:07:06 GMT Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 97EBE6A054; Fri, 23 Oct 2020 20:07:06 +0000 (GMT) Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DE3A76A04D; Fri, 23 Oct 2020 20:07:05 +0000 (GMT) Received: from Buonos-Thinkpad-X1.ibm.com (unknown [9.65.212.19]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 23 Oct 2020 20:07:05 +0000 (GMT) From: Daniele Buono To: qemu-devel@nongnu.org Subject: [PATCH v2 6/6] configure: add support for Control-Flow Integrity Date: Fri, 23 Oct 2020 16:06:44 -0400 Message-Id: <20201023200645.1055-7-dbuono@linux.vnet.ibm.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201023200645.1055-1-dbuono@linux.vnet.ibm.com> References: <20201023200645.1055-1-dbuono@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.737 definitions=2020-10-23_14:2020-10-23, 2020-10-23 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 malwarescore=0 mlxscore=0 suspectscore=1 priorityscore=1501 mlxlogscore=999 spamscore=0 impostorscore=0 bulkscore=0 clxscore=1015 adultscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2010230119 Received-SPF: none client-ip=148.163.156.1; envelope-from=dbuono@linux.vnet.ibm.com; helo=mx0a-001b2d01.pphosted.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/23 16:06:56 X-ACL-Warn: Detected OS = Linux 3.x [generic] [fuzzy] X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Thomas Huth , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Daniele Buono , Alexander Bulekov Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" This patch adds a flag to enable/disable control flow integrity checks on indirect function calls. This feature only allows indirect function calls at runtime to functions with compatible signatures. This feature is only provided by LLVM/Clang, and depends on link-time optimization which is currently supported only with LLVM/Clang >= 6.0 We also add an option to enable a debugging version of cfi, with verbose output in case of a CFI violation. CFI on indirect function calls does not support calls to functions in shared libraries (since they were not known at compile time), and such calls are forbidden. QEMU relies on dlopen/dlsym when using modules, so we make modules incompatible with CFI. Signed-off-by: Daniele Buono --- configure | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++++ meson.build | 2 ++ 2 files changed, 86 insertions(+) diff --git a/configure b/configure index e964040522..f996c4462e 100755 --- a/configure +++ b/configure @@ -272,6 +272,8 @@ debug_info="yes" lto="false" stack_protector="" safe_stack="" +cfi="no" +cfi_debug="no" use_containers="yes" gdb_bin=$(command -v "gdb-multiarch" || command -v "gdb") @@ -1199,6 +1201,16 @@ for opt do ;; --disable-safe-stack) safe_stack="no" ;; + --enable-cfi) + cfi="yes" ; + lto="true" ; + ;; + --disable-cfi) cfi="no" + ;; + --enable-cfi-debug) cfi_debug="yes" + ;; + --disable-cfi-debug) cfi_debug="no" + ;; --disable-curses) curses="disabled" ;; --enable-curses) curses="enabled" @@ -1772,6 +1784,13 @@ disabled with --disable-FEATURE, default is enabled if available: sparse sparse checker safe-stack SafeStack Stack Smash Protection. Depends on clang/llvm >= 3.7 and requires coroutine backend ucontext. + cfi Enable Control-Flow Integrity for indirect function calls. + In case of a cfi violation, QEMU is terminated with SIGILL + Depends on lto and is incompatible with modules + Automatically enables Link-Time Optimization (lto) + cfi-debug In case of a cfi violation, a message containing the line that + triggered the error is written to stderr. After the error, + QEMU is still terminated with SIGILL gnutls GNUTLS cryptography support nettle nettle cryptography support @@ -5312,6 +5331,64 @@ EOF CONFIGURE_CFLAGS="$QEMU_CFLAGS -flto" CONFIGURE_LDFLAGS="$QEMU_LDFLAGS -flto" fi + +######################################## +# cfi (Control Flow Integrity) + +if test "$cfi" = "yes"; then + # Compiler/Linker Flags that needs to be added for cfi: + # -fsanitize=cfi-icall to enable control-flow integrity checks on + # indirect function calls. + # -fsanitize-cfi-icall-generalize-pointers to allow indirect function calls + # with pointers of a different type (i.e. pass a void* to a + # function that expects a char*). Used in some spots in QEMU, + # with compile-time type checks done by macros + # -fno-sanitize-trap=cfi-icall, when debug is enabled, to display the + # position in the code that triggered a CFI violation + + # Make sure that LTO is enabled + if test "$lto" != "true"; then + error_exit "Control Flow Integrity requires Link-Time Optimization (LTO)" + fi + + test_cflag="-fsanitize=cfi-icall -fsanitize-cfi-icall-generalize-pointers" + test_ldflag="-fsanitize=cfi-icall" + + if test "$cfi_debug" = "yes"; then + # Disable the default trap mechanism so that a error message is displayed + # when a CFI violation happens. The code is still terminated after the + # message + test_cflag="${test_cflag} -fno-sanitize-trap=cfi-icall" + test_ldflag="${test_ldflag} -fno-sanitize-trap=cfi-icall" + fi + + # Check that cfi is supported. + cat > $TMPC << EOF +int main(int argc, char *argv[]) { + return 0; +} +EOF + # Manually add -flto because even if is enabled, flags for it will be + # set up later by meson + if ! compile_prog "-Werror $test_cflag" "$test_ldflag"; then + error_exit "Control Flow Integrity is not supported by your compiler" + fi + + # Check for incompatible options + if test "$modules" = "yes"; then + error_exit "Control Flow Integrity is not compatible with modules" + fi + + #### All good, add the flags for CFI to our CFLAGS and LDFLAGS + # Flag needed both at compilation and at linking + QEMU_CFLAGS="$QEMU_CFLAGS $test_cflag" + QEMU_LDFLAGS="$QEMU_LDFLAGS $test_ldflag" +else + if test "$cfi_debug" = "yes"; then + error_exit "Cannot enable Control Flow Integrity debugging since CFI is not enabled" + fi +fi + # See if __attribute__((alias)) is supported. # This false for Xcode 9, but has been remedied for Xcode 10. # Unfortunately, travis uses Xcode 9 by default. @@ -6972,6 +7049,13 @@ if test "$safe_stack" = "yes"; then echo "CONFIG_SAFESTACK=y" >> $config_host_mak fi +if test "$cfi" = "yes"; then + echo "CONFIG_CFI=y" >> $config_host_mak + if test "$cfi_debug" = "yes"; then + echo "CONFIG_CFI_DEBUG=y" >> $config_host_mak + fi +fi + # If we're using a separate build tree, set it up now. # DIRS are directories which we simply mkdir in the build tree; # LINKS are things to symlink back into the source tree diff --git a/meson.build b/meson.build index 50e5c527df..be74a232a0 100644 --- a/meson.build +++ b/meson.build @@ -2071,6 +2071,8 @@ if targetos == 'windows' summary_info += {'QGA MSI support': config_host.has_key('CONFIG_QGA_MSI')} endif summary_info += {'seccomp support': config_host.has_key('CONFIG_SECCOMP')} +summary_info += {'cfi support': config_host.has_key('CONFIG_CFI')} +summary_info += {'cfi debug support': config_host.has_key('CONFIG_CFI_DEBUG')} summary_info += {'coroutine backend': config_host['CONFIG_COROUTINE_BACKEND']} summary_info += {'coroutine pool': config_host['CONFIG_COROUTINE_POOL'] == '1'} summary_info += {'debug stack usage': config_host.has_key('CONFIG_DEBUG_STACK_USAGE')}