clang 20.0.0git
SanitizerMetadata.cpp
Go to the documentation of this file.
1//===--- SanitizerMetadata.cpp - Ignored entities for sanitizers ----------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// Class which emits metadata consumed by sanitizer instrumentation passes.
10//
11//===----------------------------------------------------------------------===//
12#include "SanitizerMetadata.h"
13#include "CodeGenModule.h"
14#include "clang/AST/Attr.h"
15#include "clang/AST/Type.h"
16
17using namespace clang;
18using namespace CodeGen;
19
20SanitizerMetadata::SanitizerMetadata(CodeGenModule &CGM) : CGM(CGM) {}
21
22static bool isAsanHwasanMemTagOrTysan(const SanitizerSet &SS) {
23 return SS.hasOneOf(SanitizerKind::Address | SanitizerKind::KernelAddress |
24 SanitizerKind::HWAddress | SanitizerKind::MemTag |
25 SanitizerKind::Type);
26}
27
28static SanitizerMask expandKernelSanitizerMasks(SanitizerMask Mask) {
29 if (Mask & (SanitizerKind::Address | SanitizerKind::KernelAddress))
30 Mask |= SanitizerKind::Address | SanitizerKind::KernelAddress;
31 // Note: KHWASan doesn't support globals.
32 return Mask;
33}
34
35static bool shouldTagGlobal(const llvm::GlobalVariable &G) {
36 // For now, don't instrument constant data, as it'll be in .rodata anyway. It
37 // may be worth instrumenting these in future to stop them from being used as
38 // gadgets.
39 if (G.getName().starts_with("llvm.") || G.isThreadLocal() || G.isConstant())
40 return false;
41
42 // Globals can be placed implicitly or explicitly in sections. There's two
43 // different types of globals that meet this criteria that cause problems:
44 // 1. Function pointers that are going into various init arrays (either
45 // explicitly through `__attribute__((section(<foo>)))` or implicitly
46 // through `__attribute__((constructor)))`, such as ".(pre)init(_array)",
47 // ".fini(_array)", ".ctors", and ".dtors". These function pointers end up
48 // overaligned and overpadded, making iterating over them problematic, and
49 // each function pointer is individually tagged (so the iteration over
50 // them causes SIGSEGV/MTE[AS]ERR).
51 // 2. Global variables put into an explicit section, where the section's name
52 // is a valid C-style identifier. The linker emits a `__start_<name>` and
53 // `__stop_<name>` symbol for the section, so that you can iterate over
54 // globals within this section. Unfortunately, again, these globals would
55 // be tagged and so iteration causes SIGSEGV/MTE[AS]ERR.
56 //
57 // To mitigate both these cases, and because specifying a section is rare
58 // outside of these two cases, disable MTE protection for globals in any
59 // section.
60 if (G.hasSection())
61 return false;
62
63 return true;
64}
65
66void SanitizerMetadata::reportGlobal(llvm::GlobalVariable *GV,
67 SourceLocation Loc, StringRef Name,
68 QualType Ty,
69 SanitizerMask NoSanitizeAttrMask,
70 bool IsDynInit) {
71 SanitizerSet FsanitizeArgument = CGM.getLangOpts().Sanitize;
72 if (!isAsanHwasanMemTagOrTysan(FsanitizeArgument))
73 return;
74
75 FsanitizeArgument.Mask = expandKernelSanitizerMasks(FsanitizeArgument.Mask);
76 NoSanitizeAttrMask = expandKernelSanitizerMasks(NoSanitizeAttrMask);
77 SanitizerSet NoSanitizeAttrSet = {NoSanitizeAttrMask &
78 FsanitizeArgument.Mask};
79
80 llvm::GlobalVariable::SanitizerMetadata Meta;
81 if (GV->hasSanitizerMetadata())
82 Meta = GV->getSanitizerMetadata();
83
84 Meta.NoAddress |= NoSanitizeAttrSet.hasOneOf(SanitizerKind::Address);
85 Meta.NoAddress |= CGM.isInNoSanitizeList(
86 FsanitizeArgument.Mask & SanitizerKind::Address, GV, Loc, Ty);
87
88 Meta.NoHWAddress |= NoSanitizeAttrSet.hasOneOf(SanitizerKind::HWAddress);
89 Meta.NoHWAddress |= CGM.isInNoSanitizeList(
90 FsanitizeArgument.Mask & SanitizerKind::HWAddress, GV, Loc, Ty);
91
92 if (shouldTagGlobal(*GV)) {
93 Meta.Memtag |= static_cast<bool>(FsanitizeArgument.Mask &
94 SanitizerKind::MemtagGlobals);
95 Meta.Memtag &= !NoSanitizeAttrSet.hasOneOf(SanitizerKind::MemTag);
96 Meta.Memtag &= !CGM.isInNoSanitizeList(
97 FsanitizeArgument.Mask & SanitizerKind::MemTag, GV, Loc, Ty);
98 } else {
99 Meta.Memtag = false;
100 }
101
102 Meta.IsDynInit = IsDynInit && !Meta.NoAddress &&
103 FsanitizeArgument.has(SanitizerKind::Address) &&
104 !CGM.isInNoSanitizeList(SanitizerKind::Address |
105 SanitizerKind::KernelAddress,
106 GV, Loc, Ty, "init");
107
108 GV->setSanitizerMetadata(Meta);
109
110 if (Ty.isNull() || !CGM.getLangOpts().Sanitize.has(SanitizerKind::Type) ||
111 NoSanitizeAttrMask & SanitizerKind::Type)
112 return;
113
114 llvm::MDNode *TBAAInfo = CGM.getTBAATypeInfo(Ty);
115 if (!TBAAInfo || TBAAInfo == CGM.getTBAATypeInfo(CGM.getContext().CharTy))
116 return;
117
118 llvm::Metadata *GlobalMetadata[] = {llvm::ConstantAsMetadata::get(GV),
119 TBAAInfo};
120
121 // Metadata for the global already registered.
122 if (llvm::MDNode::getIfExists(CGM.getLLVMContext(), GlobalMetadata))
123 return;
124
125 llvm::MDNode *ThisGlobal =
126 llvm::MDNode::get(CGM.getLLVMContext(), GlobalMetadata);
127 llvm::NamedMDNode *TysanGlobals =
128 CGM.getModule().getOrInsertNamedMetadata("llvm.tysan.globals");
129 TysanGlobals->addOperand(ThisGlobal);
130}
131
132void SanitizerMetadata::reportGlobal(llvm::GlobalVariable *GV, const VarDecl &D,
133 bool IsDynInit) {
134 if (!isAsanHwasanMemTagOrTysan(CGM.getLangOpts().Sanitize))
135 return;
136 std::string QualName;
137 llvm::raw_string_ostream OS(QualName);
138 D.printQualifiedName(OS);
139
140 auto getNoSanitizeMask = [](const VarDecl &D) {
141 if (D.hasAttr<DisableSanitizerInstrumentationAttr>())
142 return SanitizerKind::All;
143
144 SanitizerMask NoSanitizeMask;
145 for (auto *Attr : D.specific_attrs<NoSanitizeAttr>())
146 NoSanitizeMask |= Attr->getMask();
147
148 // External definitions and incomplete types get handled at the place they
149 // are defined.
150 if (D.hasExternalStorage() || D.getType()->isIncompleteType())
151 NoSanitizeMask |= SanitizerKind::Type;
152
153 return NoSanitizeMask;
154 };
155
156 reportGlobal(GV, D.getLocation(), QualName, D.getType(), getNoSanitizeMask(D),
157 IsDynInit);
158}
159
160void SanitizerMetadata::disableSanitizerForGlobal(llvm::GlobalVariable *GV) {
161 reportGlobal(GV, SourceLocation(), "", QualType(), SanitizerKind::All);
162}
D
const Decl * D
Definition: CheckExprLifetime.cpp:212
isAsanHwasanMemTagOrTysan
static bool isAsanHwasanMemTagOrTysan(const SanitizerSet &SS)
Definition: SanitizerMetadata.cpp:22
shouldTagGlobal
static bool shouldTagGlobal(const llvm::GlobalVariable &G)
Definition: SanitizerMetadata.cpp:35
expandKernelSanitizerMasks
static SanitizerMask expandKernelSanitizerMasks(SanitizerMask Mask)
Definition: SanitizerMetadata.cpp:28
Loc
SourceLocation Loc
Definition: SemaObjC.cpp:759
Type.h
C Language Family Type Representation.
clang::ASTContext::CharTy
CanQualType CharTy
Definition: ASTContext.h:1162
clang::Attr
Attr - This represents one attribute.
Definition: Attr.h:43
clang::CodeGen::CodeGenModule
This class organizes the cross-function state that is used while generating LLVM code.
Definition: CodeGenModule.h:325
clang::CodeGen::CodeGenModule::getModule
llvm::Module & getModule() const
Definition: CodeGenModule.h:814
clang::CodeGen::CodeGenModule::isInNoSanitizeList
bool isInNoSanitizeList(SanitizerMask Kind, llvm::Function *Fn, SourceLocation Loc) const
Definition: CodeGenModule.cpp:3474
clang::CodeGen::CodeGenModule::getLangOpts
const LangOptions & getLangOpts() const
Definition: CodeGenModule.h:805
clang::CodeGen::CodeGenModule::getContext
ASTContext & getContext() const
Definition: CodeGenModule.h:804
clang::CodeGen::CodeGenModule::getTBAATypeInfo
llvm::MDNode * getTBAATypeInfo(QualType QTy)
getTBAATypeInfo - Get metadata used to describe accesses to objects of the given type.
Definition: CodeGenModule.cpp:1495
clang::CodeGen::CodeGenModule::getLLVMContext
llvm::LLVMContext & getLLVMContext()
Definition: CodeGenModule.h:826
clang::CodeGen::SanitizerMetadata::disableSanitizerForGlobal
void disableSanitizerForGlobal(llvm::GlobalVariable *GV)
Definition: SanitizerMetadata.cpp:160
clang::CodeGen::SanitizerMetadata::reportGlobal
void reportGlobal(llvm::GlobalVariable *GV, const VarDecl &D, bool IsDynInit=false)
Definition: SanitizerMetadata.cpp:132
clang::Decl::specific_attrs
llvm::iterator_range< specific_attr_iterator< T > > specific_attrs() const
Definition: DeclBase.h:562
clang::Decl::getLocation
SourceLocation getLocation() const
Definition: DeclBase.h:442
clang::Decl::hasAttr
bool hasAttr() const
Definition: DeclBase.h:580
clang::LangOptions::Sanitize
SanitizerSet Sanitize
Set of enabled sanitizers.
Definition: LangOptions.h:505
clang::QualType
A (possibly-)qualified type.
Definition: Type.h:929
clang::QualType::isNull
bool isNull() const
Return true if this QualType doesn't point to a type yet.
Definition: Type.h:996
clang::SourceLocation
Encodes a location in the source.
Definition: SourceLocation.h:88
clang::VarDecl
Represents a variable declaration or definition.
Definition: Decl.h:882
clang
The JSON file list parser is used to communicate input to InstallAPI.
Definition: CalledOnceCheck.h:17
clang::SanitizerSet::has
bool has(SanitizerMask K) const
Check if a certain (single) sanitizer is enabled.
Definition: Sanitizers.h:169
clang::SanitizerSet::Mask
SanitizerMask Mask
Bitmask of enabled sanitizers.
Definition: Sanitizers.h:196
clang::SanitizerSet::hasOneOf
bool hasOneOf(SanitizerMask K) const
Check if one or more sanitizers are enabled.
Definition: Sanitizers.h:179
Generated on Sun Jun 22 2025 20:20:45 for clang by doxygen 1.9.6