Commit Graph

129 Commits

Author SHA1 Message Date
Mitch Phillips fe35441af5 [memtag] Disable memtag for AndroidMk host modules.
BUILD_HOST_EXECUTABLE modules are substantially deprecated, but some
partners are still using them for their bits with the workaround
provided in the product definition. This fixes a build error where
the host module doesn't have a linkable ELF note archive.

MTE is not intended for host modules, and it's fine for us to say
"host module using AndroidMk - no MTE for you" if this changes.

Bug: 189330992
Test: Manually tested using a BUILD_HOST_EXECUTABLE module.
Change-Id: Ifedff39f2f03c08bfb644221d2ab1b88e635c8a3
Merged-In: Ifedff39f2f03c08bfb644221d2ab1b88e635c8a3
2021-05-26 17:07:27 +00:00
Elvis Chien 064d91c49b Allow PRODUCT_CFI_INCLUDE_PATHS to work with 32-bit builds
CFI has been enabled for 32-bit builds but this option
still only works for 64-bit builds

Bug: 179233410

Change-Id: I3a9fed728489021f6c062ad45082b0a2705cec51
2021-04-16 15:31:55 +08:00
Evgenii Stepanov 13bc227ef0 Fix evaluation order of (Cfi|Memtag) exclude paths.
Before this change, exclude paths disabled sanitization of targets that
would otherwise be enabled by SanitizeDevice product variable (aka
SANITIZE_TARGET).

With this change, in addition to the above logic, exclude path disables
sanitization of targets that would otherwise be enabled by the
corresponding include path.

Effectively, this change disables sanitization of targets that are
covered by *both* include and exclude paths.

Test: MEMTAG_HEAP_SYNC_INCLUDE_PATHS=system/extras \
      MEMTAG_HEAP_EXCLUDE_PATHS=system/extras/su m su && \
      readelf -n path/to/su | grep .note.android.memtag
Bug: b/184976817
Change-Id: Ifa44b85556c6468fe5a37b5e6864c4ce9561ae2b
2021-04-13 10:11:58 -07:00
Mitch Phillips 002dd30e94 Merge "[MTE] [CFI] Fix CFI -> diag promotion with memtag_heap." 2021-04-13 15:31:14 +00:00
Mitch Phillips 77e037c887 [MTE] [CFI] Fix CFI -> diag promotion with memtag_heap.
Small typo in the AndroidMk sanitizer config, where adding heap MTE
ended up promoting CFI to diagnostic CFI accidentally, where this isn't
a valid transformation.

Bug: 184397138
Test: lunch aosp_sunfish-userdebug
Test: PRODUCT_MEMTAG_HEAP_ASYNC_INCLUDE_PATHS=\
Test: "hardware/qcom frameworks/opt/net/wifi" \
Test: CFI_INCLUDE_PATHS=hardware/qcom \
Test: m libwifi-hal
Change-Id: I74a03debf0042f2ee004503dd4a0e81131bd9fde
2021-04-12 15:35:47 -07:00
Peter Collingbourne 8b80f3e4d5 Only link the MTE notes against executables.
Soong has equivalent logic but it was missing on the .mk side.

Bug: 135772972
Change-Id: I5fc5a387313f6ae43c6510ee63d153aa81fb58b1
2021-04-12 12:04:29 -07:00
Cindy Zhou e48dccaa83 Merge "Enable cfi for 32bit arch" 2021-03-12 12:41:39 +00:00
Cindy Zhou 5d793fb740 Enable cfi for 32bit arch
Enabling cfi for 32-bit arch; b/35157333 seems to have been resolved in b/67507331.

Bug: 158010610

Test: manual interaction with Wimbley device: youtube video, chrome
navigations, gmail
MPTS testing on Sargo

Change-Id: I79eeb7e880ea09d857f8339901b67f77243a575c
2021-03-10 17:10:21 -08:00
Evgenii Stepanov 3330b2fe0b Support memtag_heap sanitizer type in make.
Bug: b/135772972
Test: build with SANITIZE_TARGET=memtag_heap
Change-Id: I0f66649e7a689c9f050dc49974e218b56698254c
2021-01-20 22:27:49 +00:00
Yabin Cui 462c12dfae Disable unsigned-shift-base by default.
New clang compiler enables unsigned-shift-base as part of
integer sanitizers. But it makes some daemons crash at
libc++.

Bug: 177566116
Test: build.
Change-Id: I6d64fa5002b6035be4d960441eb5176c97152af9
2021-01-14 14:14:08 -08:00
Pirama Arumuga Nainar 1ac5384aaf [config_sanitizers] Fail if LOCAL_SANITIZE_BLACKLIST is used.
All uses of this property have been migrated to
LOCAL_SANITIZE_BLOCKLIST.

Update language to comply with Android’s inclusive language guidance

See https://source.android.com/setup/contribute/respectful-code for
reference

Bug: 161896447
Bug: 162245450

Test: Add the old property to an Android.mk and ensure error is thrown.
Change-Id: I797ff651f03b954b410f76f4d201a962ded717df
2020-08-11 11:00:53 -07:00
Pirama Arumuga Nainar 565583382d [config_sanitizers] Support LOCAL_SANITIZE_BLOCKLIST
It'll replace LOCAL_SANITIZE_BLACKLIST.

Update language to comply with Android’s inclusive language guidance

See https://source.android.com/setup/contribute/respectful-code for
reference

Bug: 161896447
Bug: 162245450

Test: n/a  (no users in AOSP for this property).
Change-Id: Ie31c35af722d05011a528e1170b0c026b50fbf88
2020-07-30 15:31:22 -07:00
Dan Willemsen 58634e1482 Remove AUX support
This was deprecated in R, which has now branched, and there aren't any
users on master.

Test: build-aosp_crosshatch.ninja is the same (except for the removal of the empty auxiliary target)
Test: treehugger
Change-Id: I306156ab7f91cd4a2258554b4215766c99cd12d1
2020-04-18 21:00:18 -07:00
Elliott Hughes f71c05a8e5 Remove unused mips workarounds.
This was never really finished, and hasn't been supported for years.

Test: treehugger
Change-Id: I7668088d1449f33025aaf36fae0817894c84a877
2020-03-06 16:46:59 -08:00
Ryan Prichard acf8b0ff00 Stop linking libdl.a into static bins
libdl.a has a no-op dlopen, which breaks static libraries that need a real
dlopen. Instead of automatically linking libdl.a into static executables,
make it optional.

Until recently, the libunwind_llvm.a unwinder, used on arm32, needed the
no-op dladdr, but it's now built using -D_LIBUNWIND_USE_DLADDR=0.

The HWASan run-time uses dlsym and dladdr, so add a libdl dependency for
HWASan-built static binaries. We could also remove the dependency from
libclang_rt.hwasan_static-*.a, but this is also easy to do.

Bug: http://b/141485154
Test: bionic unit tests, device boots, verify that static and dynamic
   executables can throw/catch an exception
Test: verify that a static executable using dlopen doesn't link (unless it
   adds an explicit dependency on libdl)

Change-Id: Id26741f79dca50256a2dc23453af3026a6c88dca
2019-10-24 18:15:05 -07:00
Dan Albert a0530aa94d Cleanup ASan build implementation.
We already link the shared prebuilt from the toolchain. This is
redundant and the wrong version.

Test: make checkbuild
Bug: http://b/74067984
Change-Id: Ie315b7fd8195414717d3fbe6dad1f12577ef3e35
2019-07-19 12:53:00 -07:00
Mitch Phillips ee2dcac47a Remove experimental pass manager for fuzzer builds.
Sanitizer coverage is currently broken with the experimental pass
manager. See b/133876586 for more information. The patch is currently
being worked on upstream (https://reviews.llvm.org/D62888), but is not
ready yet. Hence, we disable it here (similar to the LTO bug).

Bug: 133876586
Test: Build anything with SANITIZE_TARGET='fuzzer', verify that it has
'sancov' symbols.

Change-Id: I74d02e52ccbe2a3d96b6b8e30230197b554e60a0
2019-06-17 10:37:55 -07:00
Mitch Phillips ee8f4a0ada Fix fuzzer builds.
- Updates the fuzzer builds to use SANITIZE_TARGET='fuzzer' instead of
'coverage'.
- Removed an old dependency that made fuzzer builds without ASan
an error.
- Fixed up the build flags to allow fuzzers to be built. Previously, the
coverage flags were manually provided. As the toolchain has moved on,
these flags are no longer compatible with libFuzzer, and so I've updated
them to use the correct, compatible flags.

Bug: 121042685
Test: With all patches in the bug merged, build a fuzzer using
'SANITIZE_TARGET=fuzzer mmma <your_fuzzer>'.

Change-Id: I86e6a26d27c22b3622cf6ea8760f502f607df6f0
2019-05-20 16:58:26 -07:00
Anton Hansson 8dab0a6f50 Access PRODUCT_ variables directly
This CL simplifies the PRODUCTS.$(INTERNAL_PRODUCT).X accesses of
product variables, and removes unnecessary stripping of them.

Replace: '\$\(PRODUCTS\.\$\(INTERNAL_PRODUCT\)\.([^\)]*)\)' with '$(\1)'
Replace: '\$\(strip\s*\$\(PRODUCT_([^\)]*)\)\)' with '$(PRODUCT_\1)'

A few minor manual tweaks.

Bug: 116769560
Test: presubmit
Change-Id: I70c54f1582e3cc780028535960147d99ebc2e0e1
2019-03-28 15:54:25 +00:00
Ivan Lozano 55220942ed Don't enable CFI diagnostics in include paths.
Don't enable CFI diagnostics by default when applying it in include
paths. Part of a broader effort to remove diagnostics mode from CFI
across the board.

This should reduce performance overhead and also allows the minimal
runtime to work when other ubsan sanitizers are enabled. CFI stack
dumps should include a CFI related function, so it should be apparent
when a crash is CFI-related.

Bug: 117417735
Test: make -j
Change-Id: I3d6326e06d7aa7d9c00382f336301ecb822ae7ec
2019-02-06 11:09:05 -08:00
Kostya Kortchinsky 027324099f Add option to disable Scudo globally [Make]
This adds an option to turn off Scudo globally, and use it for Go.

Bug: 123228023
Test: verify that Scudo is disabled for a Go build, eg:
lunch marlin_svelte-eng && m -j, check that Scudo is not linked in
out/target/product/marlin/system/bin/mediaextractor
Test: verify that Scudo is enabled otherwise, eg:
lunch marlin-eng && m -j, check that Scudo is linked in
out/target/product/marlin/system/bin/mediaextractor

Change-Id: Idc82d581fade544a474e6f2ff0b54dd191ba0818
Merged-In: Idc82d581fade544a474e6f2ff0b54dd191ba0818
2019-02-04 12:35:04 -08:00
Logan Chien c6d2cf86d1 Fix linker_asan[64] apex bootstrap build error
This commit fixes `linker_asan[64]` apex bootstrap build errors.
Without this change, `make -j SANITIZE_TARGET=address` results in:

  FAILED: ninja: 'out/target/product/walleye/system/bin/linker_asan64',
  needed by 'out/target/product/walleye/system/bin/app_process64',
  missing and no known rule to make it

Test: lunch aosp_walleye-userdebug && make SANITIZE_TARGET=address
Change-Id: I980a36499cd327db307321fc8e4548925e7d56bf
2019-01-31 17:07:50 +08:00
Mikhail Naganov aa73cefbc4 Use ASAN linker for native tests
Native tests (BUILD_NATIVE_TEST) use their own MODULE_CLASS.
Check for it when selecting the linker for ASAN.

Test: build a native test, readelf -l <test> | grep linker
Change-Id: I34ca8c443c792bdf8b4b1fa812806c56f13a72d0
2018-12-20 16:15:54 -08:00
Ivan Lozano 5fb2de7086 Add make var to avoid recovering with diagnostics.
Add a LOCAL_SANITIZE_NO_RECOVER variable that allows specifying which
sanitizers running in diagnostics mode shouldn't recover. This can help
debugging as we test enabling sanitizers in new libraries since it'll
cause tombstones to be generated along with the diagnostics information.

Bug: 80195448
Bug: 110791537
Test: Compiled test module with this flag, checked compiler command.
Test: Test module crashed, tombstone contained diagnostics information.
Change-Id: I441b9c873e54bf6404325f4d0ac59835350c2889
2018-12-12 10:22:30 -08:00
Treehugger Robot 696dd3bd93 Merge "[make] Disable CFI when building with HWASan." 2018-12-05 22:00:21 +00:00
Evgenii Stepanov 88a95a35fa [make] Disable CFI when building with HWASan.
Same as soong. This needs do match, otherwise, for example, CFI may be
disable in a static library in soong, and left enabled in a shared
library in make; that would not work as CFI only supports DSO granularity.

Bug: 120508119, 112709969
Change-Id: I00d6b1c9c373bcb6804c135407c6eeae88b375b6
Test: hwasan build of master branch boots
2018-12-05 01:15:01 +00:00
Chih-Hung Hsieh 1871062b28 Disable implicit-integer-sign-change by default.
* New clang compiler makes some integer santizers enabling
  implicit-integer-sign-change, but Android code does not
  boot with this new sanitizer yet.

Bug: 119329758
Test: build and boot with new clang compiler
Change-Id: Ic80cde49d3ef51277fbe2a0aa8c1b8f2f8bfd80c
2018-12-04 19:52:14 +00:00
Evgenii Stepanov ed90746cbd Link hwasan static library to native tests.
They are executables, but they are not EXECUTABLES.

Bug: 112438058
Test: make SANITIZE_TARGET=hwaddress tests
Change-Id: I0f5d8d6259d7df4196bde50ec553b73099f2c8ac
2018-11-01 15:43:14 -07:00
Kostya Kortchinsky 47c10eb2fc Scudo minimal runtime support for make
Scudo is now compatible with the -fsanitize-minimal-runtime, and offers a new
dynamic library that doesn't bundle UBSan.

This patch adds support for this new library in make, preferring it over the
full one, unless a diagnostic dependency is found.

Test: aosp compiled with m -j
Test: local test enabling Scudo for mediaextractor
Change-Id: I99ac0d410b1619de09783f5009476c1ea2995f98
2018-10-11 15:06:11 -07:00
Treehugger Robot 9dcc1d04fb Merge "(make) Add -fsanitize= argument to assembly flags." 2018-09-07 17:23:41 +00:00
Dan Willemsen f063839de9 Remove GCC support from Make
Test: out/build-aosp_arm64.ninja is the same before/after
Test: build_test on downstream branches
Change-Id: If7f8c12f2f288b1e589689361f9457acae634882
2018-09-06 15:40:00 -07:00
Evgenii Stepanov 9b82b3fa34 (make) Add -fsanitize= argument to assembly flags.
It allows use of sanitizer preprocessor macros (like __has_feature())
in assembly files.

Bug: 112438058
Test: SANITIZE_TARGET=hwaddress
Change-Id: If9da7493d69fa2e03649754c38117e36eb8d222c
2018-09-04 14:38:38 -07:00
Evgenii Stepanov aec1ffc09b Add extra cflags to hwasan targets.
Bug: 112438058
Test: SANITIZE_TARGET=hwaddress
Change-Id: I572cb20369b2e98ab5153f665af60366cb7f7657
2018-08-28 13:52:08 -07:00
Evgenii Stepanov 8841a7f681 Add "hwaddress" sanitizer.
Build/make support for "hwaddress".

* HWASan supports static binaries, unlike ASan.
* It will be used to build libc. Since static libraries get a .hwasan
  suffix in soong, the logic that moves libc-and-friends to the end
  of the link command line has to be updated.

Bug: 112438058
Test: manual, part of a bigger patch set

Change-Id: I3b52336841012622771a88ba161916bc33071dfe
2018-08-20 14:59:36 -07:00
Pirama Arumuga Nainar 71b8769e5c Merge "Use $(my_prefix)OS instead of HOST_CROSS_OS"
am: 1caedd6bdc

Change-Id: Ic7d6fc7d44167e22c196de8275dc27c88e2f714a
2018-06-27 11:41:12 -07:00
Pirama Arumuga Nainar 407b6aca28 Use $(my_prefix)OS instead of HOST_CROSS_OS
The latter is not module-specific and prevents santizer configuration
for all host modules.

Test: mma HOST_SANITIZE=address hardware/google/apf
Change-Id: I62a448973c1d6526e4b475f3288996e44c88fbc9
2018-06-27 09:42:33 -07:00
Pirama Arumuga Nainar a743e206ef Merge "Do not enable sanitizers on Windows"
am: 0d53f4b12b

Change-Id: I96fde141a4d27c231947f65f3917da30a311b420
2018-06-26 17:05:24 -07:00
Pirama Arumuga Nainar c6a3ddf834 Do not enable sanitizers on Windows
Bug: http://b/69933068

Test: m native-host-cross SANITIZE_HOST=address
Change-Id: I0b99797d218dc34d302906d704d991e59698c351
2018-06-26 14:18:14 -07:00
Vishwath Mohan 969a880b2f Merge "Add Scudo support for Make"
am: ab0c76c869

Change-Id: I722875707223675672a59c644f330cb94f2f6576
2018-06-19 13:12:40 -07:00
Kostya Kortchinsky 2cfa99722b Add Scudo support for Make
Scudo is a hardened usermode allocator that is part of LLVM's compiler-rt
project (home of the Sanitizers). clang allows for -fsanitize=scudo as a
possible command line option to link the shared Scudo library to a binary.

This patch add Scudo as a potential sanitize option. Scudo is not compatible
with ASan and TSan and will be disabled if either is enabled.

Test: aosp compiled with m -j
Test: local experiment with LOCAL_SANITIZE := scudo to ensure that a test
target (mediaserver) could be linked with scudo.

Change-Id: I462843b9d5512fba2c4a3ac1a0c356ca90bce4e5
2018-06-19 09:46:35 -07:00
Vishwath Mohan 088506c303 Merge "Enable CFI by default but restrict CFI_INCLUDE_PATHS" into pi-dev
am: d002e49501

Change-Id: I32d21f2dbbbaf4bb7f8a6be033d036ab626cba10
2018-05-25 00:24:49 -07:00
Vishwath Mohan 6106a4ead5 Enable CFI by default but restrict CFI_INCLUDE_PATHS
This CL enables CFI on security sensitive components for product
configs that inherit core_64_bit.mk (and core_64_bit_only.mk). Note
that this only requests the build system to do so. Internal build
logic will dictate if this is actually enabled on the build or
not (CFI is currently disabled for ARM32 and MIPS for example).

In addition, this also restricts CFI_INCLUDE_PATHS and
PRODUCT_CFI_INCLUDE_PATHS to Arm64 architectures only. This helps
narrow which targets enable CFI out of the box.

Bug: 66301104
Test: CFI is enabled on aosp_* targets
Change-Id: I52af499dc34cd4b42fbfb1175f6a37aaf17b65dd
2018-05-24 22:14:03 -07:00
Ivan Lozano 9588875e80 Don't export UBSan minimal runtime symbols.
When linking in the UBSan minimal runtime, don't export the symbols.
This was resulting in an edge case where symbols were sometimes
undefined at runtime on address sanitized builds if static library
dependencies were integer overflow sanitized.

Bug: 78766744
Test: readelf on libraries show either inclusion of the shared library
or no undefined symbols related to the minimal runtime.
Change-Id: I4382cc72baefd7fa96cd83e8349e82f7b083f5aa
Merged-In: I4382cc72baefd7fa96cd83e8349e82f7b083f5aa
(cherry picked from commit e508169caf)
2018-05-16 10:41:48 -07:00
Ivan Lozano e508169caf Don't export UBSan minimal runtime symbols.
When linking in the UBSan minimal runtime, don't export the symbols.
This was resulting in an edge case where symbols were sometimes
undefined at runtime on address sanitized builds if static library
dependencies were integer overflow sanitized.

Bug: 78766744
Test: readelf on libraries show either inclusion of the shared library
or no undefined symbols related to the minimal runtime.
Change-Id: I4382cc72baefd7fa96cd83e8349e82f7b083f5aa
2018-05-11 15:31:25 -07:00
Treehugger Robot a61f0042d1 Merge "Enable integer_overflow flag for static targets." 2018-04-02 22:36:42 +00:00
Vishwath Mohan 21204e4921 Revert "Change PRODUCT_CFI_INCLUDE_PATHS to opt-out (Make)"
This reverts commit f03a265786.

Change-Id: I3ca0e2f9e3938b49919a8530b393ba3dba4f118c
2018-03-30 02:55:05 +00:00
Vishwath Mohan f03a265786 Change PRODUCT_CFI_INCLUDE_PATHS to opt-out (Make)
This CL changes PRODUCT_CFI_INCLUDE_PATHS to be included in all
product configs by default. To maintain the status quo, the sanitizer
logic has been modified to only respect this product config for Arm64
devices (where this was previously enabled).

Bug: 63926619
Test: m -j60 # the device still has CFI enabled thanks to the default
opt-in

Change-Id: I22788d92be881d3290568488f5458c85e02ee8c7
2018-03-29 13:07:10 -07:00
Alexey Polyudov ac1109733d Do not use UBSAN library on HOST or AUX targets
AUX modules are not necessarily using the same toolchain
as the TARGET modules. they don't have to depend on
this library.

Bug: 77221668
Change-Id: Ib50cf0eb26c257ae3eb69a43aa1a12c41d5d39b0
Merged-In: Ib50cf0eb26c257ae3eb69a43aa1a12c41d5d39b0
Signed-off-by: Alexey Polyudov <apolyudov@google.com>
(cherry picked from commit e98e5625ad)
2018-03-28 18:38:16 +00:00
Alexey Polyudov e98e5625ad Do not use UBSAN library on HOST or AUX targets
AUX modules are not necessarily using the same toolchain
as the TARGET modules. they don't have to depend on
this library.

Change-Id: Ib50cf0eb26c257ae3eb69a43aa1a12c41d5d39b0
Signed-off-by: Alexey Polyudov <apolyudov@google.com>
2018-03-27 17:21:23 -07:00
Ivan Lozano 702e8bdaba Enable integer_overflow flag for static targets.
This allows the integer_overflow LOCAL_SANITIZE setting to be used with
static targets, to mirror Soong.

Bug: 73283972
Test: make SANITIZE_TARGET{,_DIAG}=integer_overflow
Test: Enabled sanitizer in a static target and tested for SIGABRT.
Change-Id: I0103dc3485b63b86a3dd36a7277b5001813b37fd
2018-03-22 14:36:27 -07:00