CFI compatibility with static executables and nested archives

This CL makes the following changes: (a) It disables diagnostics for CFI which requires the runtime ubsan library (which isn't included in static executables). (b) It applies the ar flags for CFI correctly for nested .a archives. (c) Applies the version script to export CFI shadow for non-static binaries (d) Doesn't apply cross-dso CFI for static executables Bug: 30227045 Test: Static executables build correctly and do not complain about missing symbols from the ubsan runtime library. Test: Nested .a files correctly use the gold plugin. Change-Id: Id8fe3c13f6b76565aafbf1266e95f50d1447a790
2017-07-18 11:27:03 -07:00 · 2017-07-18 11:27:03 -07:00 · 3d3e1cf260
parent 5dd3057526
commit 3d3e1cf260
2 changed files with 26 additions and 7 deletions
--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
@ -235,6 +235,11 @@ ifneq ($(filter cfi,$(my_sanitize)),)
  # entire module.
  LOCAL_ARM_MODE := thumb
  my_cflags += $(CFI_EXTRA_CFLAGS)
+  # Only append the default visibility flag if -fvisibility has not already been
+  # set to hidden.
+  ifeq ($(filter -fvisibility=hidden,$(LOCAL_CFLAGS)),)
+    my_cflags += -fvisibility=default
+  endif
  my_ldflags += $(CFI_EXTRA_LDFLAGS)
  my_arflags += --plugin $(LLVM_PREBUILTS_PATH)/../lib64/LLVMgold.so
  # Workaround for b/33678192. CFI jumptables need Thumb2 codegen.  Revert when
@ -242,6 +247,15 @@ ifneq ($(filter cfi,$(my_sanitize)),)
  ifneq ($(filter arm,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
    my_ldflags += -march=armv7-a
  endif
+
+  ifeq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
+        my_ldflags := $(filter-out -fsanitize-cfi-cross-dso,$(my_ldflags))
+        my_cflags := $(filter-out -fsanitize-cfi-cross-dso,$(my_cflags))
+  else
+        # Apply the version script to non-static executables
+        my_ldflags += -Wl,--version-script,build/soong/cc/config/cfi_exports.map
+        LOCAL_ADDITIONAL_DEPENDENCIES += build/soong/cc/config/cfi_exports.map
+  endif
 endif

 # If local or global modules need ASAN, add linker flags.
@ -293,11 +307,16 @@ ifneq ($(strip $(LOCAL_SANITIZE_RECOVER)),)
 endif

 ifneq ($(my_sanitize_diag),)
-  notrap_arg := $(subst $(space),$(comma),$(my_sanitize_diag)),
-  my_cflags += -fno-sanitize-trap=$(notrap_arg)
-  # Diagnostic requires a runtime library, unless ASan or TSan are also enabled.
-  ifeq ($(filter address thread,$(my_sanitize)),)
-    # Does not have to be the first DT_NEEDED unlike ASan.
-    my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY)
+  # TODO(vishwath): Add diagnostic support for static executables once
+  # we switch to clang-4393122 (which adds the static ubsan runtime
+  # that this depends on)
+  ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
+    notrap_arg := $(subst $(space),$(comma),$(my_sanitize_diag)),
+    my_cflags += -fno-sanitize-trap=$(notrap_arg)
+    # Diagnostic requires a runtime library, unless ASan or TSan are also enabled.
+    ifeq ($(filter address thread,$(my_sanitize)),)
+      # Does not have to be the first DT_NEEDED unlike ASan.
+      my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY)
+    endif
  endif
 endif
--- a/core/definitions.mk
+++ b/core/definitions.mk
@ -1556,7 +1556,7 @@ $(hide) ldir=$(PRIVATE_INTERMEDIATES_DIR)/WHOLE/$(basename $(notdir $(1)))_objs;
        filelist="$$filelist $$ldir/$$ext$$f"; \
    done ; \
    $($(PRIVATE_2ND_ARCH_VAR_PREFIX)TARGET_AR) $($(PRIVATE_2ND_ARCH_VAR_PREFIX)TARGET_GLOBAL_ARFLAGS) \
-        $(2) $$filelist
+        $(PRIVATE_ARFLAGS) $(2) $$filelist

 endef