From nobody Thu May 16 05:34:03 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1590785696; cv=none; d=zohomail.com; s=zohoarc; b=Q1hEO61m+0kkixF3pLNeCcxYn4/CkMGi6k/8aWkijExakXTPimEpSisQkdKHbrd831kqLN52uMVlpc1726wLitABv/WPhyRqYbZRxC1eiZAUTJCP9+mUa5eGz+vkFxymYYVpj2sp7PZrKga3p+DbRPX7JRDQTb5TDEglZC0gHcY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1590785696; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=8CU0fdAGGk+RkEhwiG+b51WzG6wCNGnl8an+u1i2QlM=; b=g2IXkzgkjA2ZybgldyXP7NiMNtTuz3OvPMxVfzeXBh4UoGG9CmOD13burTG1s5tSnjoFP8aKOFNLi/OZ5YZJDS3FrVIBIndNcSD7/+7dDDbnPjYQmqE/6GOKBJSHFZUAwVt4kNAnlmGbc27xiKrsmCNir4PbvSstP2ypmHc4ZQY= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1590785696253588.6164304311978; Fri, 29 May 2020 13:54:56 -0700 (PDT) Received: from localhost ([::1]:48148 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jem1m-0006Co-J4 for importer@patchew.org; Fri, 29 May 2020 16:54:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47650) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jelyn-00019x-3d for qemu-devel@nongnu.org; Fri, 29 May 2020 16:51:49 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:28728 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jelym-0001vo-4o for qemu-devel@nongnu.org; Fri, 29 May 2020 16:51:48 -0400 Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 04TKViAG000927 for ; Fri, 29 May 2020 16:51:47 -0400 Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 31as1e5uct-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 29 May 2020 16:51:46 -0400 Received: from m0098416.ppops.net (m0098416.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 04TKWufw004510 for ; Fri, 29 May 2020 16:51:46 -0400 Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0b-001b2d01.pphosted.com with ESMTP id 31as1e5uch-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 29 May 2020 16:51:46 -0400 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 04TKp2JP022322; Fri, 29 May 2020 20:51:46 GMT Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma02dal.us.ibm.com with ESMTP id 316ufbscv6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 29 May 2020 20:51:45 +0000 Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 04TKphpc28967358 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 29 May 2020 20:51:43 GMT Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B5AD36A04D; Fri, 29 May 2020 20:51:44 +0000 (GMT) Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D3E666A047; Fri, 29 May 2020 20:51:43 +0000 (GMT) Received: from Buonos-Thinkpad-X1.ibm.com (unknown [9.65.226.57]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 29 May 2020 20:51:43 +0000 (GMT) From: Daniele Buono To: qemu-devel@nongnu.org Subject: [PATCH v2 1/4] coroutine: support SafeStack in ucontext backend Date: Fri, 29 May 2020 16:51:19 -0400 Message-Id: <20200529205122.714-2-dbuono@linux.vnet.ibm.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200529205122.714-1-dbuono@linux.vnet.ibm.com> References: <20200529205122.714-1-dbuono@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-05-29_10:2020-05-28, 2020-05-29 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 spamscore=0 cotscore=-2147483648 phishscore=0 impostorscore=0 malwarescore=0 priorityscore=1501 lowpriorityscore=0 suspectscore=3 adultscore=0 mlxscore=0 clxscore=1015 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2005290148 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: none client-ip=148.163.158.5; envelope-from=dbuono@linux.vnet.ibm.com; helo=mx0a-001b2d01.pphosted.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/29 15:28:52 X-ACL-Warn: Detected OS = Linux 3.x [generic] X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, KHOP_DYNAMIC=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , Stefan Hajnoczi , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , dbuono@linux.vnet.ibm.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" LLVM's SafeStack instrumentation does not yet support programs that make use of the APIs in ucontext.h With the current implementation of coroutine-ucontext, the resulting binary is incorrect, with different coroutines sharing the same unsafe stack and producing undefined behavior at runtime. This fix allocates an additional unsafe stack area for each coroutine, and sets the new unsafe stack pointer before calling swapcontext() in qemu_coroutine_new. This is the only place where the pointer needs to be manually updated, since sigsetjmp/siglongjmp are already instrumented by LLVM to properly support SafeStack. The additional stack is then freed in qemu_coroutine_delete. Signed-off-by: Daniele Buono --- include/qemu/coroutine_int.h | 5 +++++ util/coroutine-ucontext.c | 26 ++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/include/qemu/coroutine_int.h b/include/qemu/coroutine_int.h index bd6b0468e1..1da148552f 100644 --- a/include/qemu/coroutine_int.h +++ b/include/qemu/coroutine_int.h @@ -28,6 +28,11 @@ #include "qemu/queue.h" #include "qemu/coroutine.h" =20 +#ifdef CONFIG_SAFESTACK +/* Pointer to the unsafe stack, defined by the compiler */ +extern __thread void *__safestack_unsafe_stack_ptr; +#endif + #define COROUTINE_STACK_SIZE (1 << 20) =20 typedef enum { diff --git a/util/coroutine-ucontext.c b/util/coroutine-ucontext.c index bd593e61bc..9108eb1294 100644 --- a/util/coroutine-ucontext.c +++ b/util/coroutine-ucontext.c @@ -41,6 +41,11 @@ typedef struct { Coroutine base; void *stack; size_t stack_size; +#ifdef CONFIG_SAFESTACK + /* Need an unsafe stack for each coroutine */ + void *unsafe_stack; + size_t unsafe_stack_size; +#endif sigjmp_buf env; =20 #ifdef CONFIG_VALGRIND_H @@ -140,6 +145,10 @@ Coroutine *qemu_coroutine_new(void) co =3D g_malloc0(sizeof(*co)); co->stack_size =3D COROUTINE_STACK_SIZE; co->stack =3D qemu_alloc_stack(&co->stack_size); +#ifdef CONFIG_SAFESTACK + co->unsafe_stack_size =3D COROUTINE_STACK_SIZE; + co->unsafe_stack =3D qemu_alloc_stack(&co->unsafe_stack_size); +#endif co->base.entry_arg =3D &old_env; /* stash away our jmp_buf */ =20 uc.uc_link =3D &old_uc; @@ -160,6 +169,20 @@ Coroutine *qemu_coroutine_new(void) /* swapcontext() in, siglongjmp() back out */ if (!sigsetjmp(old_env, 0)) { start_switch_fiber(&fake_stack_save, co->stack, co->stack_size); +#ifdef CONFIG_SAFESTACK + /* + * Before we swap the context, set the new unsafe stack + * The unsafe stack grows just like the normal stack, so start from + * the last usable location of the memory area. + * NOTE: we don't have to re-set the usp afterwards because we are + * coming back to this context through a siglongjmp. + * The compiler already wrapped the corresponding sigsetjmp call w= ith + * code that saves the usp on the (safe) stack before the call, and + * restores it right after (which is where we return with siglongj= mp). + */ + void *usp =3D co->unsafe_stack + co->unsafe_stack_size; + __safestack_unsafe_stack_ptr =3D usp; +#endif swapcontext(&old_uc, &uc); } =20 @@ -192,6 +215,9 @@ void qemu_coroutine_delete(Coroutine *co_) #endif =20 qemu_free_stack(co->stack, co->stack_size); +#ifdef CONFIG_SAFESTACK + qemu_free_stack(co->unsafe_stack, co->unsafe_stack_size); +#endif g_free(co); } =20 --=20 2.26.2 From nobody Thu May 16 05:34:03 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1590785588; cv=none; d=zohomail.com; s=zohoarc; b=iHMN8PM85l562YVsHRL9i9Q6aSbaV/E9WFDuQJbuLJfcgEX33RTZNJHhgx4ht109tue6Z9knjQThxSDBuRd5am3LYm8MtulozKqf3Y3dhxa95FS9JrCS5pG/KolIPVRuP5mK7smCudBagKOg5Ghtmm0vquq2VKyN23L30as7guc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1590785588; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=I8ta0CvMqtGtXLefszW08FYvbP7usTISkRdDPIBeoHM=; b=Hbu0UMTh1EDYAMKIx9VsbEhjBHGCKqqCyAJe0lmuGXJtS3krA4qjCOFJkbeqD5/OrMNf9LBrR3koFaEjT/zBJEHFyOvaP4D4GGbVqP8LvlsQvWRDVCUDXlVIxGc7ANLnEy+ZScXm78T6VUUS6PG5ZCJvD53ksmiOHEx1nKHiEis= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1590785588790672.9109390097024; Fri, 29 May 2020 13:53:08 -0700 (PDT) Received: from localhost ([::1]:40544 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jem03-0002mg-DJ for importer@patchew.org; Fri, 29 May 2020 16:53:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47656) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jelyo-0001BM-K8 for qemu-devel@nongnu.org; Fri, 29 May 2020 16:51:51 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:40118 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jelyn-00023c-R7 for qemu-devel@nongnu.org; Fri, 29 May 2020 16:51:50 -0400 Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 04TKYGRB186828 for ; Fri, 29 May 2020 16:51:49 -0400 Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 31b7x82r08-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 29 May 2020 16:51:48 -0400 Received: from m0098420.ppops.net (m0098420.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 04TKbdDO189014 for ; Fri, 29 May 2020 16:51:48 -0400 Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com [169.63.121.186]) by mx0b-001b2d01.pphosted.com with ESMTP id 31b7x82r01-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 29 May 2020 16:51:48 -0400 Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1]) by ppma03wdc.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 04TKoH8D003989; Fri, 29 May 2020 20:51:48 GMT Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by ppma03wdc.us.ibm.com with ESMTP id 316uf9wn80-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 29 May 2020 20:51:48 +0000 Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 04TKploY50921772 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 29 May 2020 20:51:47 GMT Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 252446A04D; Fri, 29 May 2020 20:51:47 +0000 (GMT) Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3B8D76A04F; Fri, 29 May 2020 20:51:46 +0000 (GMT) Received: from Buonos-Thinkpad-X1.ibm.com (unknown [9.65.226.57]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 29 May 2020 20:51:46 +0000 (GMT) From: Daniele Buono To: qemu-devel@nongnu.org Subject: [PATCH v2 2/4] coroutine: add check for SafeStack in sigaltstack Date: Fri, 29 May 2020 16:51:20 -0400 Message-Id: <20200529205122.714-3-dbuono@linux.vnet.ibm.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200529205122.714-1-dbuono@linux.vnet.ibm.com> References: <20200529205122.714-1-dbuono@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-05-29_10:2020-05-28, 2020-05-29 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=1 clxscore=1015 impostorscore=0 adultscore=0 bulkscore=0 spamscore=0 mlxscore=0 phishscore=0 lowpriorityscore=0 cotscore=-2147483648 mlxlogscore=999 malwarescore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2005290150 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: none client-ip=148.163.158.5; envelope-from=dbuono@linux.vnet.ibm.com; helo=mx0a-001b2d01.pphosted.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/29 15:28:52 X-ACL-Warn: Detected OS = Linux 3.x [generic] X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, KHOP_DYNAMIC=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , Stefan Hajnoczi , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , dbuono@linux.vnet.ibm.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" Current implementation of LLVM's SafeStack is not compatible with code that uses an alternate stack created with sigaltstack(). Since coroutine-sigaltstack relies on sigaltstack(), it is not compatible with SafeStack. The resulting binary is incorrect, with different coroutines sharing the same unsafe stack and producing undefined behavior at runtime. In the future LLVM may provide a SafeStack implementation compatible with sigaltstack(). In the meantime, if SafeStack is desired, the coroutine implementation from coroutine-ucontext should be used. As a safety check, add a control in coroutine-sigaltstack to throw a preprocessor #error if SafeStack is enabled and we are trying to use coroutine-sigaltstack to implement coroutines. Signed-off-by: Daniele Buono --- util/coroutine-sigaltstack.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/util/coroutine-sigaltstack.c b/util/coroutine-sigaltstack.c index f6fc49a0e5..aade82afb8 100644 --- a/util/coroutine-sigaltstack.c +++ b/util/coroutine-sigaltstack.c @@ -30,6 +30,10 @@ #include "qemu-common.h" #include "qemu/coroutine_int.h" =20 +#ifdef CONFIG_SAFESTACK +#error "SafeStack is not compatible with code run in alternate signal stac= ks" +#endif + typedef struct { Coroutine base; void *stack; --=20 2.26.2 From nobody Thu May 16 05:34:03 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1590785703; cv=none; d=zohomail.com; s=zohoarc; b=bWpUfZB63+1Ts9Wjd2z7qk1VctVZ8Ggk8D9XA6q9KhUZQn/mnSt0WIDXppkRoioSqbarkwS2xjMV/AY2b9loG4qd5m+UcVyKqJA3SFREZ++GgZzBCZj1JuibLxzUxqFT1w3Pf4vEhno0KApvS3fIS3cRegj4wC8gjSd4lxwg9pw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1590785703; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=qqf1uYRPBDDhgehnPX1fHgSBe0By2KvCAcKKrhOhRZM=; b=NkuAdmvsUE1l6Xwp6zAEFiQ3I9UqlfkpDYZOIHOJMhMhkTXsdZYZR/SSjoU5O9IJtaqYwz4sXeT4uVTXz+DXJi796KQZRLQQ7Slbcf8oMEXeXcW8TTi9CcNWYPsdkjNLXYIf+yydcZwV6BOEywZv9lF0Dxf9uySX6JTXGtnZp24= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1590785703080906.1059183626093; Fri, 29 May 2020 13:55:03 -0700 (PDT) Received: from localhost ([::1]:48522 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jem1t-0006Q2-OR for importer@patchew.org; Fri, 29 May 2020 16:55:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47668) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jelyu-0001GN-2V for qemu-devel@nongnu.org; Fri, 29 May 2020 16:51:56 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:46882) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jelys-0002Ea-TE for qemu-devel@nongnu.org; Fri, 29 May 2020 16:51:55 -0400 Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 04TKb0CL056053 for ; Fri, 29 May 2020 16:51:53 -0400 Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 31as1ewk28-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 29 May 2020 16:51:53 -0400 Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 04TKdhlw061891 for ; Fri, 29 May 2020 16:51:52 -0400 Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com [169.63.121.186]) by mx0a-001b2d01.pphosted.com with ESMTP id 31as1ewk21-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 29 May 2020 16:51:52 -0400 Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1]) by ppma03wdc.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 04TKoIaL003992; Fri, 29 May 2020 20:51:51 GMT Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma03wdc.us.ibm.com with ESMTP id 316uf9wn83-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 29 May 2020 20:51:51 +0000 Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 04TKpn7I19988796 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 29 May 2020 20:51:49 GMT Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9AC0B6A057; Fri, 29 May 2020 20:51:50 +0000 (GMT) Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B37DE6A051; Fri, 29 May 2020 20:51:49 +0000 (GMT) Received: from Buonos-Thinkpad-X1.ibm.com (unknown [9.65.226.57]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 29 May 2020 20:51:49 +0000 (GMT) From: Daniele Buono To: qemu-devel@nongnu.org Subject: [PATCH v2 3/4] configure: add flags to support SafeStack Date: Fri, 29 May 2020 16:51:21 -0400 Message-Id: <20200529205122.714-4-dbuono@linux.vnet.ibm.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200529205122.714-1-dbuono@linux.vnet.ibm.com> References: <20200529205122.714-1-dbuono@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-05-29_10:2020-05-28, 2020-05-29 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=3 lowpriorityscore=0 cotscore=-2147483648 malwarescore=0 clxscore=1015 mlxscore=3 impostorscore=0 adultscore=0 spamscore=3 suspectscore=1 phishscore=0 mlxlogscore=150 bulkscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2005290150 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: none client-ip=148.163.156.1; envelope-from=dbuono@linux.vnet.ibm.com; helo=mx0a-001b2d01.pphosted.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/29 16:51:53 X-ACL-Warn: Detected OS = Linux 3.x [generic] [fuzzy] X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, KHOP_DYNAMIC=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , Stefan Hajnoczi , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , dbuono@linux.vnet.ibm.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" This patch adds a flag to enable/disable the SafeStack instrumentation provided by LLVM. On enable, make sure that the compiler supports the flags, and that we are using the proper coroutine implementation (coroutine-ucontext). On disable, explicitly disable the option if it was enabled by default. While SafeStack is supported only on Linux, NetBSD, FreeBSD and macOS, we are not checking for the O.S. since this is already done by LLVM. Signed-off-by: Daniele Buono --- configure | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/configure b/configure index b969dee675..260772b2d5 100755 --- a/configure +++ b/configure @@ -302,6 +302,7 @@ audio_win_int=3D"" libs_qga=3D"" debug_info=3D"yes" stack_protector=3D"" +safe_stack=3D"" use_containers=3D"yes" gdb_bin=3D$(command -v "gdb-multiarch" || command -v "gdb") =20 @@ -1275,6 +1276,10 @@ for opt do ;; --disable-stack-protector) stack_protector=3D"no" ;; + --enable-safe-stack) safe_stack=3D"yes" + ;; + --disable-safe-stack) safe_stack=3D"no" + ;; --disable-curses) curses=3D"no" ;; --enable-curses) curses=3D"yes" @@ -1804,6 +1809,8 @@ disabled with --disable-FEATURE, default is enabled i= f available: debug-tcg TCG debugging (default is disabled) debug-info debugging information sparse sparse checker + safe-stack SafeStack Stack Smash Protection. Depends on + clang/llvm >=3D 3.7 and requires coroutine backend ucont= ext. =20 gnutls GNUTLS cryptography support nettle nettle cryptography support @@ -5517,6 +5524,67 @@ if test "$debug_stack_usage" =3D "yes"; then fi fi =20 +################################################## +# SafeStack + + +if test "$safe_stack" =3D "yes"; then +cat > $TMPC << EOF +int main(int argc, char *argv[]) +{ +#if ! __has_feature(safe_stack) +#error SafeStack Disabled +#endif + return 0; +} +EOF + flag=3D"-fsanitize=3Dsafe-stack" + # Check that safe-stack is supported and enabled. + if compile_prog "-Werror $flag" "$flag"; then + # Flag needed both at compilation and at linking + QEMU_CFLAGS=3D"$QEMU_CFLAGS $flag" + QEMU_LDFLAGS=3D"$QEMU_LDFLAGS $flag" + else + error_exit "SafeStack not supported by your compiler" + fi + if test "$coroutine" !=3D "ucontext"; then + error_exit "SafeStack is only supported by the coroutine backend ucont= ext" + fi +else +cat > $TMPC << EOF +int main(int argc, char *argv[]) +{ +#if defined(__has_feature) +#if __has_feature(safe_stack) +#error SafeStack Enabled +#endif +#endif + return 0; +} +EOF +if test "$safe_stack" =3D "no"; then + # Make sure that safe-stack is disabled + if ! compile_prog "-Werror" ""; then + # SafeStack was already enabled, try to explicitly remove the feature + flag=3D"-fno-sanitize=3Dsafe-stack" + if ! compile_prog "-Werror $flag" "$flag"; then + error_exit "Configure cannot disable SafeStack" + fi + QEMU_CFLAGS=3D"$QEMU_CFLAGS $flag" + QEMU_LDFLAGS=3D"$QEMU_LDFLAGS $flag" + fi +else # "$safe_stack" =3D "" + # Set safe_stack to yes or no based on pre-existing flags + if compile_prog "-Werror" ""; then + safe_stack=3D"no" + else + safe_stack=3D"yes" + if test "$coroutine" !=3D "ucontext"; then + error_exit "SafeStack is only supported by the coroutine backend uco= ntext" + fi + fi +fi +fi =20 ########################################## # check if we have open_by_handle_at @@ -6611,6 +6679,7 @@ echo "sparse enabled $sparse" echo "strip binaries $strip_opt" echo "profiler $profiler" echo "static build $static" +echo "safe stack $safe_stack" if test "$darwin" =3D "yes" ; then echo "Cocoa support $cocoa" fi @@ -8195,6 +8264,10 @@ if test "$ccache_cpp2" =3D "yes"; then echo "export CCACHE_CPP2=3Dy" >> $config_host_mak fi =20 +if test "$safe_stack" =3D "yes"; then + echo "CONFIG_SAFESTACK=3Dy" >> $config_host_mak +fi + # If we're using a separate build tree, set it up now. # DIRS are directories which we simply mkdir in the build tree; # LINKS are things to symlink back into the source tree --=20 2.26.2 From nobody Thu May 16 05:34:03 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1590786014; cv=none; d=zohomail.com; s=zohoarc; b=Xtr/Ouwcyze2FkH0CRhPhnSVrofwAVj5IQjv7oTow0XBHPegTC0QA9Sk0O4VpdVvTKC3LE2eJoEcs7Zp1sPK0eCrNZiMqWQXlyMWaourFS6O5aDilZQCfR6uHN+rNFFtbS6sZ37A77tf3siaTvVdiUIP4gc7vABNqT6y2EzXbA8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1590786014; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=UGdQmu4ptOLFJ7yx2MnobcdFBM+V00IlxzxZTTGAFT8=; b=QuCPHBNTwJMwRGAoi2LiQcWhYOfb0JV6EgFQeM4QqNfFC6/jcY0Rzb7DSyC+DJg+O8crcF5RV3sIYcVFKMMszWiWFNNj/2VdayLX45csP+9iQHbfKIfUpsQym3puIzrllvTM5kcrN/6eB2n0keeYPF7vWwrKKW2z7cLgL7Q+zvQ= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1590786014579828.6378497638282; Fri, 29 May 2020 14:00:14 -0700 (PDT) Received: from localhost ([::1]:35226 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jem6v-0005x0-2a for importer@patchew.org; Fri, 29 May 2020 17:00:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47676) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jelyw-0001LU-E3 for qemu-devel@nongnu.org; Fri, 29 May 2020 16:51:58 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:25286 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jelyv-0002Mu-Ge for qemu-devel@nongnu.org; Fri, 29 May 2020 16:51:58 -0400 Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 04TKY0IB175690 for ; Fri, 29 May 2020 16:51:56 -0400 Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 31as1hvprn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 29 May 2020 16:51:56 -0400 Received: from m0098414.ppops.net (m0098414.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 04TKk7qV019053 for ; Fri, 29 May 2020 16:51:56 -0400 Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0b-001b2d01.pphosted.com with ESMTP id 31as1hvprh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 29 May 2020 16:51:56 -0400 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 04TKp2TJ022361; Fri, 29 May 2020 20:51:55 GMT Received: from b03cxnp07029.gho.boulder.ibm.com (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16]) by ppma02dal.us.ibm.com with ESMTP id 316ufbscwd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 29 May 2020 20:51:55 +0000 Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 04TKpsgV55509422 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 29 May 2020 20:51:54 GMT Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EA0026A054; Fri, 29 May 2020 20:51:53 +0000 (GMT) Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0DA446A047; Fri, 29 May 2020 20:51:53 +0000 (GMT) Received: from Buonos-Thinkpad-X1.ibm.com (unknown [9.65.226.57]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 29 May 2020 20:51:52 +0000 (GMT) From: Daniele Buono To: qemu-devel@nongnu.org Subject: [PATCH v2 4/4] check-block: enable iotests with SafeStack Date: Fri, 29 May 2020 16:51:22 -0400 Message-Id: <20200529205122.714-5-dbuono@linux.vnet.ibm.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200529205122.714-1-dbuono@linux.vnet.ibm.com> References: <20200529205122.714-1-dbuono@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-05-29_10:2020-05-28, 2020-05-29 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 suspectscore=1 spamscore=0 adultscore=0 clxscore=1015 priorityscore=1501 impostorscore=0 malwarescore=0 cotscore=-2147483648 mlxlogscore=937 mlxscore=0 phishscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2005290148 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: none client-ip=148.163.158.5; envelope-from=dbuono@linux.vnet.ibm.com; helo=mx0a-001b2d01.pphosted.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/29 15:28:52 X-ACL-Warn: Detected OS = Linux 3.x [generic] X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, KHOP_DYNAMIC=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , Stefan Hajnoczi , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , dbuono@linux.vnet.ibm.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" SafeStack is a stack protection technique implemented in llvm. It is enabled with a -fsanitize flag. iotests are currently disabled when any -fsanitize option is used, because such options tend to produce additional warnings and false positives. While common -fsanitize options are used to verify the code and not added in production, SafeStack's main use is in production environments to protect against stack smashing. Since SafeStack does not print any warning or false positive, enable iotests when SafeStack is the only -fsanitize option used. This is likely going to be a production binary and we want to make sure it works correctly. Signed-off-by: Daniele Buono --- tests/check-block.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/check-block.sh b/tests/check-block.sh index ad320c21ba..8e29c868e5 100755 --- a/tests/check-block.sh +++ b/tests/check-block.sh @@ -21,7 +21,17 @@ if grep -q "CONFIG_GPROF=3Dy" config-host.mak 2>/dev/nul= l ; then exit 0 fi =20 -if grep -q "CFLAGS.*-fsanitize" config-host.mak 2>/dev/null ; then +# Disable tests with any sanitizer except for SafeStack +CFLAGS=3D$( grep "CFLAGS.*-fsanitize" config-host.mak 2>/dev/null ) +SANITIZE_FLAGS=3D"" +#Remove all occurrencies of -fsanitize=3Dsafe-stack +for i in ${CFLAGS}; do + if [ "${i}" !=3D "-fsanitize=3Dsafe-stack" ]; then + SANITIZE_FLAGS=3D"${SANITIZE_FLAGS} ${i}" + fi +done +if echo ${SANITIZE_FLAGS} | grep -q "\-fsanitize" 2>/dev/null; then + # Have a sanitize flag that is not allowed, stop echo "Sanitizers are enabled =3D=3D> Not running the qemu-iotests." exit 0 fi --=20 2.26.2