Commit Graph

212 Commits

Author SHA1 Message Date
Pirama Arumuga Nainar 84ce8d8d89 Merge "[cc/sanitize] Deprecate blacklist sub-property of sanitize" 2020-08-11 21:24:16 +00:00
Inseob Kim eaebec1312 Merge changes from topic "cfi_vendor_snapshot"
* changes:
  Add cfi static libraries to vendor snapshot
  Refactor vendor snapshot modules
2020-08-07 01:48:10 +00:00
Mitch Phillips 8dc2af873b Merge "Added write only sanitizer for ASAN and HWASAN" 2020-08-06 21:17:12 +00:00
Inseob Kim c42f2f2e9d Add cfi static libraries to vendor snapshot
CFI modules can't link against non-CFI static libraries, and vice versa.
So without capturing both CFI and non-CFI static libraries, vendor
modules won't be able to use CFI, which will be a critical security
hole.

This captures both CFI and non-CFI variants of all static libraries for
vendor snapshot, except for those whose cfi are explicitly disabled.

For example, suppose that "libfoo" is defined as follows.

cc_library_static {
    name: "libfoo",
    vendor_available: true,
}

As it doesn't have cfi disabled, two libraries "libfoo.a" and
"libfoo.cfi.a" will be captured. When installed, vendor snapshot module
for "libfoo" will look like:

vendor_snapshot_static {
    name: "libfoo",
    src: "libfoo.a",
    cfi: {
        src: "libfoo.cfi.a",
    },
}

The build system will recognize the "cfi" property, and will create both
CFI and non-CFI variant, allowing any modules to link against "libfoo"
safely, no matter whether CFI is enabled or not.

Two clarification:

1) The reason why we don't create separate modules is that DepsMutator
runs before sanitize mutators. CFI and non-CFI variant of a library
should exist in a single module.

2) We can't capture CFI variant if the source module explicitly disables
cfi variant by specifying the following.

sanitize: {
    cfi: false,
}

In this case, only non-CFI variant will be created for the vendor
snapshot module.

Bug: 65377115
Test: m dist vendor-snapshot && install && build against snapshot
Change-Id: Idbf3e3205d581800d6093c8d6cf6152374129ba4
2020-08-06 19:47:57 +00:00
Treehugger Robot 8c69770ff0 Merge changes from topic "soong_sanitize_fix"
* changes:
  Separate lists of soong sanitize modules
  Move image mutator things to image.go
2020-08-06 00:48:16 +00:00
Inseob Kim 74d255698b Separate lists of soong sanitize modules
Dependencies of makefile modules are being redirected according to
SOONG_CFI_STATIC_LIBRARIES and SOONG_HWASAN_STATIC_LIBRARIES. But the
variables are shared among all variants (e.g. core, vendor, product,
arch), which can cause build error.

This splits the Makefile variables into several lists, one list per each
arch and each image variant, to correctly make the redirection.

Bug: 162476652
Test: build and inspect ninja
Change-Id: Icc753382f1c53de8468cc85243a6954e1986297a
2020-08-05 04:47:41 +00:00
Pirama Arumuga Nainar c02c98b8f5 [cc/sanitize] Deprecate blacklist sub-property of sanitize
All uses of this property have been migrated to 'blocklist' instead.

Update language to comply with Android’s inclusive language guidance

See https://source.android.com/setup/contribute/respectful-code for
reference

Bug: 161896447
Bug: 162245450

Test: TH
Change-Id: I4b83b41ad5a4b2caf1166b1acece9537f545aaad
2020-07-30 22:17:22 -07:00
Colin Cross 6e511a9a9f Add libraryDependencyTag to track dependencies on static and shared libraries
dependencyTag uses a set of predefined tags to identify different types
of dependencies.  There are already multiple bits of metadata stored
in the dependency tag (Library, Shared, ReexportFlags), and supporting
them all requires a combinatorial explosion of predefined tags and
causes issues when using equality comparisons if a new bit of metadata
is added.

Add a new libraryDependencyTag type that will contain the metadata
bits, and replace the quality comparisons with checks on the metadata
bits.

There are 5 TODOs where modifying the checks identified problems with
the existing checks.  These were left in place to produce identical
build output and will be fixed separately.

Bug: 162437057
Test: no change to build.ninja or {Android,make_vars,late}-${TARGET_PRODUCT}.mk
Change-Id: I72d4207dcf381c07c92e00e5a03968ebb5ed8d30
2020-07-29 13:22:30 -07:00
Jasraj Bedi bb4511df94 Added write only sanitizer for ASAN and HWASAN
Bug: 162024969
Test: Successfully builds targets for both host and device

"writeonly" flag in SANITIZE_(HOST|TARGET) enables it with "address"
and "hwaddress"

Change-Id: Ia89d43230deef15a67dee09ed015fea14f0717ff
2020-07-29 20:13:53 +00:00
Pirama Arumuga Nainar eda8499a3c Merge "[cc/sanitize] Add Blocklist property" 2020-07-28 17:21:59 +00:00
Pirama Arumuga Nainar 6c4ccca7b7 [cc/sanitize] Add Blocklist property
This will eventually replace the Blacklist property.

Update language to comply with Android’s inclusive language guidance

See https://source.android.com/setup/contribute/respectful-code for
reference

Bug: 161896447
Bug: 162245450
Test: build topic
Change-Id: I3c2609c791c27b8ba3bcb55f79304b78bce1f518
2020-07-27 13:37:05 -07:00
Pirama Arumuga Nainar eb8d403273 Rename CFI blocklist files.
Update language to comply with Android’s inclusive language guidance

See https://source.android.com/setup/contribute/respectful-code for
reference

Bug: 161896447
Test: build
Change-Id: I3de274e58135660e102c276a9822a2ef2cd7cba8
2020-07-27 18:37:48 +00:00
Christopher Ferris f70926eef0 Remove libc_scudo references.
Test: Builds and boots.
Change-Id: Iad97159e6193f7afffd8fbc9456427eee5d150e3
Merged-In: Iad97159e6193f7afffd8fbc9456427eee5d150e3
(cherry picked from commit 1f16b27511)
2020-06-22 15:27:56 -07:00
Jooyung Han 8ce8db9ed6 apex: install hwasan lib if depended on libc
There're two ways to enable hwasan:
- global setting: TARGET_SANITIZE=hwaddress
- individual setting: sanitize: { hwaddress: true }

This change covers both cases by looking up if com.android.runtime is
hwaddress santized or not.

Bug: 156678661
Test: m (soong test added)
Change-Id: I67c382c3e76a06f4b27f221eebd153c698647227
2020-05-15 19:12:38 +09:00
Dan Willemsen b5b2aba43b Don't tell make about modules in other namespaces
This was causing build breaks when different devices moved to Android.bp
at different times.

Bug: 150878976
Test: build *_hwasan targets
Change-Id: I68912bb6a5696809c318d1ec816a1bcfbe2df245
Merged-In: I68912bb6a5696809c318d1ec816a1bcfbe2df245
(cherry picked from commit 7b6af23db6)
2020-05-04 00:05:47 -07:00
Evgenii Stepanov 96fa3dd0af Revert "Reenable the new pass manager in hwasan builds."
This reverts commit 259eaab3b3.

Reason for revert: breaks hwasan + gcov

Bug: 135298400
Change-Id: Ie8574753f9237a55ad1618783bd5150ffb646015
2020-03-27 19:42:01 +00:00
Evgenii Stepanov 259eaab3b3 Reenable the new pass manager in hwasan builds.
Also remove a deprecated flag -fsanitize-hwaddress-abi=platform.

Switching to the new pass manager reduces size of the "lib64" directory
by almost 6%.

Bug: 135298400
Test: objdump -d path/to/symbols/system/lib64/*.so | grep __hwasan_check_
Test: adb shell sanitizer-status

Change-Id: I327ee982e20c02b3b2126d93189048d9f4bfb301
2020-03-23 14:56:03 -07:00
Elliott Hughes cc868de8a7 Merge "Remove unused mips workarounds." 2020-03-16 21:06:13 +00:00
Ivan Lozano 438d379eb6 Merge "Disable CFI only on incompatible variants." 2020-03-13 15:57:08 +00:00
Ivan Lozano f3b190f8e7 Fix UBSanitized host binaries missing runtime.
Host binaries by default use the UBSan runtime whether or not
diagnostics are requested in the module definition. The rest of the code
assumes the runtime is only needed when diag properties are set.

This makes sure to add the runtime to the dependency graph of host
binaries that are UBSanitized.

Bug: 150336284
Test: ./art/tools/dist_linux_bionic.sh com.android.art.host
Test: runtime appropriately identified as a dependency of libziparchive
Change-Id: I2704aaba4abc7f4e6d96747917c77b5147fd1d56
2020-03-11 20:40:21 -04:00
Ivan Lozano 4774a81c0f Disable CFI only on incompatible variants.
Only disable CFI on incompatible variants rather than the base module.

Bug: 142157676
Test: Manual llvm-cfi-verify checks
Change-Id: I999e1dbcccc1ffb102b2fe01c47f1bda4df5e601
2020-03-10 16:27:38 -04:00
Elliott Hughes da3a071eaa Remove unused mips workarounds.
This was never really finished, and hasn't been supported for years.

Test: treehugger
Change-Id: I21d4c3112aa8cf0c56e59f0cc19ff8725ef714b9
2020-03-06 18:15:44 -08:00
Colin Cross d80cbca76d Convert cc to AndroidMkEntries
Use AndroidMkEntries so the next patch can use ExtraFooters, which
doesn't exist in AndroidMkData.

Test: manually diff out/soong/Android.aosp_x86_64.mk
Change-Id: Ia3006b6747813693cf7e2b536030b21f3109f538
2020-02-25 19:53:04 -08:00
Ivan Lozano 9ac32c7674 Allow Linux hosts to use ubsan runtime sanitizers.
Linux host prebuilts for UBSan runtime are available now, so we can
enable these. There's a bit more work to be done for Windows/Darwin
support, so that's left to another CL.

Bug: 148289941
Test: Build host binary with integer overflow sanitization enabled.
Test: ./art/test/testrunner/run_build_test_target.py art-linux-bionic-x64

Change-Id: Ie98979116fa3bb8accb23d1788adcc28330a9530
2020-02-20 20:27:35 +00:00
Inseob Kim eec88e1de8 Add vendor snapshot modules
This implements four modules (static/shared/header libraries, and
binaries) for vendor snapshot. These modules will override source
modules if BOARD_VNDK_VERSION != current.

Bug: 65377115
Test: 1) VNDK_SNAPSHOT_BUILD_ARTIFACTS=true m dist vndk vendor-snapshot
Test: 2) install snapshot under source tree
Test: 3) set BOARD_VNDK_VERSION and boot cuttlefish
Change-Id: I24ddb4c3aa6abeab60bbfd31bcbd8753e2592dc5
2020-02-07 02:59:24 +09:00
Inseob Kim 8471cdaced Implement vendor snapshot
Vendor snapshot can be captured with "m dist vendor-snapshot". With
vendor snapshot and vndk snapshot, older version of /vendor and newer
version of /system will be able to be built together by setting
BOARD_VNDK_VERSION to past vendor's version.

Only vendor modules under AOSP are to be captured. In detail, modules
under following directories are ignored:
- device/
- vendor/
- hardware/, except for interfaces/, libhardware/, libhardware_legacy/,
  and ril/

Test modules (cc_test, etc.) and sanitized modules are also ignored.

Bug: 65377115
Test: m dist vendor-snapshot
Change-Id: If7a2f6de7f36deee936930c0ccf7c47c4a0cebf6
2020-02-07 02:58:29 +09:00
Yifan Hong 1b3348d50a Add ramdisk image.
It is similar to recovery image.
Test: m nothing -j

Change-Id: I11389777c6bfb0c0d73bbb4c70091c1e70f44077
2020-01-22 16:54:18 -08:00
Mitch Phillips 734b4cb62f Add $ORIGIN to fuzzer-coverage sanitized .so's.
Build fuzzer-sanitized libraries with an $ORIGIN DT_RUNPATH. Android's linker
uses DT_RUNPATH, not DT_RPATH. When we deploy cc_fuzz targets and their
libraries to /data/fuzz/<arch>/lib, any transient shared library gets the
DT_RUNPATH from the shared library above it, and not the executable, meaning
that the lookup falls back to the system. Adding the $ORIGIN to the DT_RUNPATH
here means that transient shared libraries can be found colocated with their
parents.

This may have some interesting consequences if:

 1. Your fuzz target depends on a shared library which has `sanitize.fuzzer:
 false` (as the DT_RUNPATH won't have `$ORIGIN`, and so you may get missing
 libraries).
 2. A `SANITIZE_TARGET=fuzzer` platform has a shared object in two
 different directories (like system vs. ndk) and is depending on the linker
 implementation details to resolve this in some manner.

I don't believe either of these instances should reasonably happen in
practise.

Fixes: 145973404
Fixes: 145988908
Test: m example_fuzzer
Change-Id: I94cbf628fc1ce15c43283d72bdabd9817de1fef8
2019-12-10 17:35:55 +00:00
Treehugger Robot e643cd2b61 Merge "Add -instcombine-lower-dbg-declare to hwasan flags." 2019-12-03 02:19:08 +00:00
Evgenii Stepanov 64bee4decf Add -instcombine-lower-dbg-declare to hwasan flags.
This is a workaround to improve hwasan reports involving stack
variables.

Bug: 112437883
Test: SANITIZE_TARGET=hwaddress, build and boot

Change-Id: I21ea2fdd2d1f04e2bb9b9847785c00a951030c74
2019-11-22 18:40:07 -08:00
Colin Cross 7228ecd5e3 Move cc.imageMutator into the android package
Prepare for making the image mutator available to all modules and
moving it between the os and arch mutators by moving it into the
android package and using an interface implemented by the module
types to control it.

Bug: 142286466
Test: No unexpected changes to out/soong/build.ninja
Change-Id: I0dcc9c7b5ec80edffade340c367f6ae4da34151b
2019-11-20 15:21:32 -08:00
Colin Cross 4af21ed26f Split local and global cflags
Native compiler flags are currently applied in approximately:
global cflags
local cflags
local include dirs
global include dirs
global conlyflags
local conlyflags
global cppflags
local cppflags

This means that a flag that is enabled in the global cppflags
cannot be disabled in the local cflags, and an Android.bp author
must know to disable it in the local cppflags.  A better order
would be:
global cflags
global conlyflags
global cppflags
local cflags
local conlyflags
local cppflags
local include dirs
global include dirs

We are mixing both the global and local cflags into a single
variable, and similar for conlyflags and cppflags, which
prevents reordering them.  This CL prepares to reorder them
by splitting the global and local cflags into separate variables.

Bug: 143713277
Test: m native
Change-Id: Ic55a8c3516c331dc5f2af9d00e59ceca9d3e6c15
2019-11-07 15:27:58 -08:00
Jooyung Han 0302a84ddc Soong generates vndk-related .libraries.txt files
This is a follow-up CL of I9a24f6975bd4b226a94f61a13d43857dcdce6b88

Generated files are passed to make via MakeVars:
- SOONG_LLNDK_LIBRARIES_FILE
- SOONG_VNDKCORE_LIBRARIES_FILE
- SOONG_VNDKSP_LIBRARIES_FILE
- SOONG_VNDKPRIVATE_LIBRARIES_FILE
- SOONG_VNDKCOREVARIANT_LIBRARIES_FILE
- SOONG_VNDK_LIBRARIES_FILE

Previously filenames were "guessed" from module names. Now VndkMutator
stores filenames as well and generate those files with them.

Bug: 142963962
Bug: 141450808
Test: m && device boots && TH
Change-Id: I0c248b707188f904df60ead50059fefe90bfd17f
2019-11-01 04:35:21 +09:00
Ivan Lozano 52767be335 Add support for Rust C libraries.
Adds the ability for rust modules to be compiled as C libraries, and
allows cc modules to depend on these rust-generated modules. This also
means that soong-rust should not have any dependencies on soong-cc aside
from what's required for testing.

There's a couple small fixes included as well:

 - A bug in libNameFromFilePath that caused issues when library's had
 "lib" in their name.
 - VariantName is removed from rust library MutatedProperties since this
 was unused.

Bug: 140726209
Test: Soong tests pass.
Test: Example cc_binary can include a rust shared library as a dep.
Test: m crosvm.experimental
Change-Id: Ia7deed1345d2423001089014cc65ce7934123da4
2019-10-28 22:09:01 -07:00
Ivan Lozano 183a3218e2 Add a common interface for cc linkable libraries.
Adds an interface, CcLinkableInterface, for cc linkable dependencies
which come from other toolchains such as Rust.

Bug: 140726209
Test: Soong tests pass, rust modules still compile.
Change-Id: I7378a46fad94fd0b735746aaf4e265fd2c2c04d8
2019-10-28 13:45:12 -07:00
Ryan Prichard b49fe1bde7 Stop linking libdl.a into static bins
libdl.a has a no-op dlopen, which breaks static libraries that need a real
dlopen. Instead of automatically linking libdl.a into static executables,
make it optional.

Until recently, the libunwind_llvm.a unwinder, used on arm32, needed the
no-op dladdr, but it's now built using -D_LIBUNWIND_USE_DLADDR=0.

The HWASan run-time uses dlsym and dladdr, so add a libdl dependency for
HWASan-built static binaries. We could also remove the dependency from
libclang_rt.hwasan_static-*.a, but this is also easy to do.

Bug: http://b/141485154
Test: bionic unit tests, device boots, verify that static and dynamic
   executables can throw/catch an exception
Test: verify that a static executable using dlopen doesn't link (unless it
   adds an explicit dependency on libdl)

Change-Id: Ic52c3f336b671b4ed335e99c94a64dfe8614b618
2019-10-24 22:25:54 -07:00
Colin Cross ad4a597c79 Merge "Add method to determine variations from a Target" 2019-10-17 18:52:20 +00:00
Colin Cross 0f7d2ef3ac Add method to determine variations from a Target
The arch variants are hardcoded in every module type.  Refactor
them out into a Target.Variations() method in preparation for
splitting the arch mutator into two, which will require using
different variations.

Test: m checkbuild
Change-Id: I28ef7cd5168095ac888fe77f04e27f9ad81978c0
2019-10-16 14:52:30 -07:00
Mitch Phillips b8e593d600 Workaround unexported sancov symbols. Fix multiple sanitizer RT deps.
Fuzz targets currently have dependencies on multiple libclang_rt runtime
libraries when building with ASan/HWAsan on device. This is an error.

This happens as Soong adds the dependency on the ASan/HWASan shared
runtime library. These libraries should provide the required UBSan
components. The clang driver was previously being passed
-fsanitize=fuzzer-no-link at link time, and as it doesn't know about the
already-established dependency on ASan/HWASan, it mistakenly thinks that
there is not runtime providing the UBSan components.

This patch fixes that problem by not adding -fsanitize=fuzzer-no-link to
the link-time flags.

This revealed a underlying issue in the upstream runtime compilation.
Android uses emulated TLS, which changes the symbol names from
<my_symbol_name> to __emutls_v._<my_symbol_name>. In particular, this
fails to account for the '__sancov_lowest_stack' symbol, as it no longer
matches the linker script rule for '__sancov*', and the symbol is no
longer exported in the shared library variant of ASan/HWASan.

This patch works around the discovered issue, which is being tracked in
the linked bug. It disables stack depth instrumentation, and we no
longer depend on this symbol. This means we get a missing sanitizer
coverage feature when fuzzing, but shouldn't be too detrimental.

Bug: 142430592
Test: SANITIZE_TARGET=hwaddress m example_fuzzer && \
readelf -d example_fuzzer # ensure only ONE libclang_rt dep (in this
case, hwasan)

Change-Id: Iea6df55d592a801732511c9b690134367429d62a
2019-10-10 10:53:48 -07:00
Peter Collingbourne 1c648b8936 Allow sanitize attribute on cc_objects and propagate sanitize attributes into them.
Without this change, we can end up failing to sanitize parts of libraries
that are compiled as cc_objects, such as bcm_object.o in boringssl. This
is normally harmless (except that the sanitizer would fail to detect bugs
in unsanitized code), however boringssl in particular needs to be compiled
with HWASAN enabled in all translation units in order to avoid link errors
with newer toolchains that support HWASAN global instrumentation.

Change-Id: Ib8bd325f76b7852cab435bff79d6945768298a5c
2019-09-26 12:35:06 -07:00
Mitch Phillips 586b8a2042 Merge "Disable FORTIFY for fuzzer builds."
am: 1e7f14b1d5

Change-Id: Ifa6d2c356181af8005e8df12801141b17e5b99ae
2019-08-29 10:10:17 -07:00
Mitch Phillips b9b3e79096 Disable FORTIFY for fuzzer builds.
Disables FORTIFY for fuzz target builds. We generally build with a
sanitizer and want the sanitizer to handle the bugs and provide us with
a nice stack trace.

Bug: 140187921
Test: m example_fuzzer && $ANDROID_HOST_OUT/fuzz/example_fuzzer (note
that you get a proper ASan report instead of a fortify crash)

Change-Id: I15a117b26c401a03785fb44c0f796588f366bc55
2019-08-28 12:41:07 -07:00
Yi Kong e4a824d378 Merge "Switch to clang-r365631"
am: bdefa541d9

Change-Id: I4f8b4e9ce9e0a355b247b11effc5bb1e5ba07f63
2019-08-22 11:56:05 -07:00
Yi Kong bdefa541d9 Merge "Switch to clang-r365631" 2019-08-22 18:35:54 +00:00
Yi Kong 5006a72ec9 Merge "Revert "Re-enable ASAN globals instrumentation for devices.""
am: 20cf012ad1

Change-Id: Ibffe87ad95d7336c9ffdd78eb67fd81ab4b3e1b1
2019-08-21 21:09:52 -07:00
Yi Kong 20cf012ad1 Merge "Revert "Re-enable ASAN globals instrumentation for devices."" 2019-08-22 03:43:51 +00:00
Yi Kong da069087bf Revert "Re-enable ASAN globals instrumentation for devices."
This reverts commit cba311bcfc.

The build is actually still broken with ASAN globals instrumentation.
We accidentally suppressed ASAN by turning on the new pass manager and
the build breakage was not discovered.

Bug: 137312732
Bug: 139747256
Change-Id: I8110e1413468c4d760a59a8de816a72c9852a7c8
2019-08-22 00:46:36 +00:00
Yi Kong 55d2d90ea4 Merge "Disable new pass manager for ASAN build"
am: 5724333e22

Change-Id: I670af9bab9dca4284420cda4bca5ed5884e7d6a6
2019-08-21 14:47:29 -07:00
Yi Kong 20233a43db Disable new pass manager for ASAN build
ASAN build has some weird issues with the new pass manager, keep using
the legacy pass manager for now.

Test: presubmit
Bug: 139747256
Change-Id: I345afbf6bc4043f274a4e7545a895b59c65641b0
2019-08-21 20:38:51 +00:00
Yi Kong d255c7bc2f Switch to clang-r365631
Test: build, boot, bionic-unit-test
Test: For Googlers, go/clang-r365631-testing
Bug: 131328001
Change-Id: Ib357d9044a72e41f6bde1e5ec2db34e90706124d
2019-08-15 04:47:34 +00:00