From 3d3e1cf26002ce91a47351cd456dfe680a32b8fe Mon Sep 17 00:00:00 2001 From: Vishwath Mohan Date: Tue, 18 Jul 2017 11:27:03 -0700 Subject: [PATCH] CFI compatibility with static executables and nested archives This CL makes the following changes: (a) It disables diagnostics for CFI which requires the runtime ubsan library (which isn't included in static executables). (b) It applies the ar flags for CFI correctly for nested .a archives. (c) Applies the version script to export CFI shadow for non-static binaries (d) Doesn't apply cross-dso CFI for static executables Bug: 30227045 Test: Static executables build correctly and do not complain about missing symbols from the ubsan runtime library. Test: Nested .a files correctly use the gold plugin. Change-Id: Id8fe3c13f6b76565aafbf1266e95f50d1447a790 --- core/config_sanitizers.mk | 31 +++++++++++++++++++++++++------ core/definitions.mk | 2 +- 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk index f5b45db88..79604acdd 100644 --- a/core/config_sanitizers.mk +++ b/core/config_sanitizers.mk @@ -235,6 +235,11 @@ ifneq ($(filter cfi,$(my_sanitize)),) # entire module. LOCAL_ARM_MODE := thumb my_cflags += $(CFI_EXTRA_CFLAGS) + # Only append the default visibility flag if -fvisibility has not already been + # set to hidden. + ifeq ($(filter -fvisibility=hidden,$(LOCAL_CFLAGS)),) + my_cflags += -fvisibility=default + endif my_ldflags += $(CFI_EXTRA_LDFLAGS) my_arflags += --plugin $(LLVM_PREBUILTS_PATH)/../lib64/LLVMgold.so # Workaround for b/33678192. CFI jumptables need Thumb2 codegen. Revert when @@ -242,6 +247,15 @@ ifneq ($(filter cfi,$(my_sanitize)),) ifneq ($(filter arm,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),) my_ldflags += -march=armv7-a endif + + ifeq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true) + my_ldflags := $(filter-out -fsanitize-cfi-cross-dso,$(my_ldflags)) + my_cflags := $(filter-out -fsanitize-cfi-cross-dso,$(my_cflags)) + else + # Apply the version script to non-static executables + my_ldflags += -Wl,--version-script,build/soong/cc/config/cfi_exports.map + LOCAL_ADDITIONAL_DEPENDENCIES += build/soong/cc/config/cfi_exports.map + endif endif # If local or global modules need ASAN, add linker flags. @@ -293,11 +307,16 @@ ifneq ($(strip $(LOCAL_SANITIZE_RECOVER)),) endif ifneq ($(my_sanitize_diag),) - notrap_arg := $(subst $(space),$(comma),$(my_sanitize_diag)), - my_cflags += -fno-sanitize-trap=$(notrap_arg) - # Diagnostic requires a runtime library, unless ASan or TSan are also enabled. - ifeq ($(filter address thread,$(my_sanitize)),) - # Does not have to be the first DT_NEEDED unlike ASan. - my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY) + # TODO(vishwath): Add diagnostic support for static executables once + # we switch to clang-4393122 (which adds the static ubsan runtime + # that this depends on) + ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true) + notrap_arg := $(subst $(space),$(comma),$(my_sanitize_diag)), + my_cflags += -fno-sanitize-trap=$(notrap_arg) + # Diagnostic requires a runtime library, unless ASan or TSan are also enabled. + ifeq ($(filter address thread,$(my_sanitize)),) + # Does not have to be the first DT_NEEDED unlike ASan. + my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY) + endif endif endif diff --git a/core/definitions.mk b/core/definitions.mk index d0009ee9e..f0471146a 100644 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -1556,7 +1556,7 @@ $(hide) ldir=$(PRIVATE_INTERMEDIATES_DIR)/WHOLE/$(basename $(notdir $(1)))_objs; filelist="$$filelist $$ldir/$$ext$$f"; \ done ; \ $($(PRIVATE_2ND_ARCH_VAR_PREFIX)TARGET_AR) $($(PRIVATE_2ND_ARCH_VAR_PREFIX)TARGET_GLOBAL_ARFLAGS) \ - $(2) $$filelist + $(PRIVATE_ARFLAGS) $(2) $$filelist endef