Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[UBSan] Runtime Executable Only violation hit when checking the function pointer on an execute-only target. #64931

Closed
MaggieYingYi opened this issue Aug 23, 2023 · 10 comments
Closed

[UBSan] Runtime Executable Only violation hit when checking the function pointer on an execute-only target. #64931

MaggieYingYi opened this issue Aug 23, 2023 · 10 comments
Assignees
@MaggieYingYi
Labels
clang:driver 'clang' and 'clang++' user-facing binaries. Not 'clang-cl' clang:frontend Language frontend issues, e.g. anything involving "Sema" compiler-rt:ubsan Undefined behavior sanitizer release:backport release:fixed-in-main release:merged
Milestone
LLVM 17.0.X Release

Comments

@MaggieYingYi
Copy link
Contributor

MaggieYingYi commented Aug 23, 2023
edited by VoltrexKeyva
Loading

An execute-only target disallows data access to code sections.

The commit rG279a4d causes the generated code to read text section data which is not allowed on an execute-only target.

When enabling the function sanitizer (-fsanitize=function), UBSan function signatures and type hashes are emitted within the function's prologue data to check the function type. This results in the non-execute access and a runtime error.
@MaggieYingYi MaggieYingYi added clang:driver 'clang' and 'clang++' user-facing binaries. Not 'clang-cl' clang:frontend Language frontend issues, e.g. anything involving "Sema" compiler-rt:ubsan Undefined behavior sanitizer labels Aug 23, 2023
@llvmbot
Copy link
Member

llvmbot commented Aug 23, 2023

@llvm/issue-subscribers-clang-driver

@llvmbot
Copy link
Member

llvmbot commented Aug 23, 2023

@llvm/issue-subscribers-clang-frontend

@MaggieYingYi MaggieYingYi self-assigned this Aug 23, 2023
@MaggieYingYi
Copy link
Contributor Author

D158614 is created for code review.

@MaskRay MaskRay added this to the LLVM 17.0.X Release milestone Aug 31, 2023
@MaskRay
Copy link
Member

MaskRay commented Aug 31, 2023

/cherry-pick 9ef536a

@MaskRay MaskRay reopened this Aug 31, 2023
@llvmbot
Copy link
Member

llvmbot commented Aug 31, 2023

/branch llvm/llvm-project-release-prs/issue64931

llvmbot pushed a commit to llvm/llvm-project-release-prs that referenced this issue Aug 31, 2023
@MaggieYingYi @llvmbot
[UBSan] Disable the function and kcfi sanitizers on an execute-only t…
f1ffbea 
…arget.

An execute-only target disallows data access to code sections.
-fsanitize=function and -fsanitize=kcfi instrument indirect function
calls to load a type hash before the function label. This results in a
non-execute access to the code section and a runtime error.

To solve the issue, -fsanitize=function should not be included in any
check group (e.g. undefined) on an execute-only target. If a user passes
-fsanitize=undefined, there is no error and no warning. However, if the
user explicitly passes -fsanitize=function or -fsanitize=kcfi on an
execute-only target, an error will be emitted.

Fixes: llvm/llvm-project#64931.

Reviewed By: MaskRay, probinson, simon_tatham

Differential Revision: https://reviews.llvm.org/D158614

(cherry picked from commit 9ef536a12ea65a2b9e2511936327c7b621af38fb)
@llvmbot llvmbot mentioned this issue Aug 31, 2023
Closed
@llvmbot
Copy link
Member

llvmbot commented Aug 31, 2023

/pull-request llvm/llvm-project-release-prs#671

@MaskRay
Copy link
Member

MaskRay commented Aug 31, 2023

/cherry-pick 9ef536a d26dd68 39f6a31 c7dce02

@llvmbot
Copy link
Member

llvmbot commented Aug 31, 2023

/branch llvm/llvm-project-release-prs/issue64931

llvmbot pushed a commit to llvm/llvm-project-release-prs that referenced this issue Aug 31, 2023
@MaggieYingYi @llvmbot
[UBSan] Disable the function and kcfi sanitizers on an execute-only t…
fba14e4 
…arget.

An execute-only target disallows data access to code sections.
-fsanitize=function and -fsanitize=kcfi instrument indirect function
calls to load a type hash before the function label. This results in a
non-execute access to the code section and a runtime error.

To solve the issue, -fsanitize=function should not be included in any
check group (e.g. undefined) on an execute-only target. If a user passes
-fsanitize=undefined, there is no error and no warning. However, if the
user explicitly passes -fsanitize=function or -fsanitize=kcfi on an
execute-only target, an error will be emitted.

Fixes: llvm/llvm-project#64931.

Reviewed By: MaskRay, probinson, simon_tatham

Differential Revision: https://reviews.llvm.org/D158614

(cherry picked from commit 9ef536a12ea65a2b9e2511936327c7b621af38fb)
@github-project-automation github-project-automation bot moved this to Needs Triage in LLVM Release Status Aug 31, 2023
@tru tru moved this from Needs Triage to Needs Review in LLVM Release Status Aug 31, 2023
MaskRay pushed a commit to MaskRay/llvm-project that referenced this issue Aug 31, 2023
@MaggieYingYi @MaskRay
[UBSan] Disable the function and kcfi sanitizers on an execute-only t…
68e741c 
…arget.

An execute-only target disallows data access to code sections.
-fsanitize=function and -fsanitize=kcfi instrument indirect function
calls to load a type hash before the function label. This results in a
non-execute access to the code section and a runtime error.

To solve the issue, -fsanitize=function should not be included in any
check group (e.g. undefined) on an execute-only target. If a user passes
-fsanitize=undefined, there is no error and no warning. However, if the
user explicitly passes -fsanitize=function or -fsanitize=kcfi on an
execute-only target, an error will be emitted.

Fixes: llvm#64931.

Reviewed By: MaskRay, probinson, simon_tatham

Differential Revision: https://reviews.llvm.org/D158614
@MaskRay
Copy link
Member

MaskRay commented Aug 31, 2023

release/17.x does not contain -### exit code change in clang/lib/Driver (https://reviews.llvm.org/D156363).

Here is a modified fix:

/branch MaskRay/llvm-project/17.x-mexecute-only

@tru
Copy link
Collaborator

tru commented Sep 1, 2023

I merged your branch manually @MaskRay

@tru tru moved this from Needs Review to Done in LLVM Release Status Sep 1, 2023
AlexisPerry pushed a commit to AlexisPerry/kitsune-1 that referenced this issue Jul 23, 2024
@MaggieYingYi @tarunprabhu
[UBSan] Disable the function and kcfi sanitizers on an execute-only t…
cacd8b8 
…arget.

An execute-only target disallows data access to code sections.
-fsanitize=function and -fsanitize=kcfi instrument indirect function
calls to load a type hash before the function label. This results in a
non-execute access to the code section and a runtime error.

To solve the issue, -fsanitize=function should not be included in any
check group (e.g. undefined) on an execute-only target. If a user passes
-fsanitize=undefined, there is no error and no warning. However, if the
user explicitly passes -fsanitize=function or -fsanitize=kcfi on an
execute-only target, an error will be emitted.

Fixes: llvm#64931.

Reviewed By: MaskRay, probinson, simon_tatham

Differential Revision: https://reviews.llvm.org/D158614
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MaggieYingYi MaggieYingYi

Labels
clang:driver 'clang' and 'clang++' user-facing binaries. Not 'clang-cl' clang:frontend Language frontend issues, e.g. anything involving "Sema" compiler-rt:ubsan Undefined behavior sanitizer release:backport release:fixed-in-main release:merged
Projects
LLVM Release Status
Status: Done
Milestone
LLVM 17.0.X Release
Development

Successfully merging a pull request may close this issue.

PR for llvm/llvm-project#64931 llvm/llvm-project-release-prs
5 participants
@tru @MaskRay @EugeneZelenko @MaggieYingYi @llvmbot