2013-09-27 23:58:43 +02:00
|
|
|
//===-- StackProtector.h - Stack Protector Insertion ----------------------===//
|
|
|
|
//
|
|
|
|
// The LLVM Compiler Infrastructure
|
|
|
|
//
|
|
|
|
// This file is distributed under the University of Illinois Open Source
|
|
|
|
// License. See LICENSE.TXT for details.
|
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
//
|
|
|
|
// This pass inserts stack protectors into functions which need them. A variable
|
|
|
|
// with a random value in it is stored onto the stack before the local variables
|
|
|
|
// are allocated. Upon exiting the block, the stored value is checked. If it's
|
|
|
|
// changed, then there was some sort of violation and the program aborts.
|
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
#ifndef LLVM_CODEGEN_STACKPROTECTOR_H
|
|
|
|
#define LLVM_CODEGEN_STACKPROTECTOR_H
|
|
|
|
|
|
|
|
#include "llvm/ADT/SmallPtrSet.h"
|
|
|
|
#include "llvm/ADT/Triple.h"
|
2014-01-13 10:26:24 +01:00
|
|
|
#include "llvm/IR/Dominators.h"
|
2014-03-04 12:26:31 +01:00
|
|
|
#include "llvm/IR/ValueMap.h"
|
2013-09-27 23:58:43 +02:00
|
|
|
#include "llvm/Pass.h"
|
|
|
|
#include "llvm/Target/TargetLowering.h"
|
|
|
|
|
|
|
|
namespace llvm {
|
|
|
|
class Function;
|
|
|
|
class Module;
|
|
|
|
class PHINode;
|
|
|
|
|
|
|
|
class StackProtector : public FunctionPass {
|
2013-10-29 22:16:16 +01:00
|
|
|
public:
|
2013-10-30 01:49:33 +01:00
|
|
|
/// SSPLayoutKind. Stack Smashing Protection (SSP) rules require that
|
2013-10-29 22:16:16 +01:00
|
|
|
/// vulnerable stack allocations are located close the stack protector.
|
|
|
|
enum SSPLayoutKind {
|
2013-10-30 01:49:39 +01:00
|
|
|
SSPLK_None, ///< Did not trigger a stack protector. No effect on data
|
|
|
|
///< layout.
|
|
|
|
SSPLK_LargeArray, ///< Array or nested array >= SSP-buffer-size. Closest
|
|
|
|
///< to the stack protector.
|
|
|
|
SSPLK_SmallArray, ///< Array or nested array < SSP-buffer-size. 2nd closest
|
|
|
|
///< to the stack protector.
|
|
|
|
SSPLK_AddrOf ///< The address of this allocation is exposed and
|
|
|
|
///< triggered protection. 3rd closest to the protector.
|
2013-10-29 22:16:16 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
/// A mapping of AllocaInsts to their required SSP layout.
|
2013-10-30 03:25:14 +01:00
|
|
|
typedef ValueMap<const AllocaInst *, SSPLayoutKind> SSPLayoutMap;
|
2013-10-29 22:16:16 +01:00
|
|
|
|
|
|
|
private:
|
2013-09-27 23:58:43 +02:00
|
|
|
const TargetMachine *TM;
|
|
|
|
|
|
|
|
/// TLI - Keep a pointer of a TargetLowering to consult for determining
|
|
|
|
/// target type sizes.
|
|
|
|
const TargetLoweringBase *TLI;
|
|
|
|
const Triple Trip;
|
|
|
|
|
|
|
|
Function *F;
|
|
|
|
Module *M;
|
|
|
|
|
|
|
|
DominatorTree *DT;
|
|
|
|
|
2013-10-29 22:16:16 +01:00
|
|
|
/// Layout - Mapping of allocations to the required SSPLayoutKind.
|
|
|
|
/// StackProtector analysis will update this map when determining if an
|
|
|
|
/// AllocaInst triggers a stack protector.
|
|
|
|
SSPLayoutMap Layout;
|
|
|
|
|
2013-09-27 23:58:43 +02:00
|
|
|
/// \brief The minimum size of buffers that will receive stack smashing
|
|
|
|
/// protection when -fstack-protection is used.
|
|
|
|
unsigned SSPBufferSize;
|
|
|
|
|
|
|
|
/// VisitedPHIs - The set of PHI nodes visited when determining
|
|
|
|
/// if a variable's reference has been taken. This set
|
|
|
|
/// is maintained to ensure we don't visit the same PHI node multiple
|
|
|
|
/// times.
|
2013-10-30 03:25:14 +01:00
|
|
|
SmallPtrSet<const PHINode *, 16> VisitedPHIs;
|
2013-09-27 23:58:43 +02:00
|
|
|
|
2016-04-08 23:26:31 +02:00
|
|
|
// A prologue is generated.
|
|
|
|
bool HasPrologue = false;
|
|
|
|
|
|
|
|
// IR checking code is generated.
|
|
|
|
bool HasIRCheck = false;
|
|
|
|
|
2013-09-27 23:58:43 +02:00
|
|
|
/// InsertStackProtectors - Insert code into the prologue and epilogue of
|
|
|
|
/// the function.
|
|
|
|
///
|
|
|
|
/// - The prologue code loads and stores the stack guard onto the stack.
|
|
|
|
/// - The epilogue checks the value stored in the prologue against the
|
|
|
|
/// original value. It calls __stack_chk_fail if they differ.
|
|
|
|
bool InsertStackProtectors();
|
|
|
|
|
|
|
|
/// CreateFailBB - Create a basic block to jump to when the stack protector
|
|
|
|
/// check fails.
|
|
|
|
BasicBlock *CreateFailBB();
|
|
|
|
|
|
|
|
/// ContainsProtectableArray - Check whether the type either is an array or
|
|
|
|
/// contains an array of sufficient size so that we need stack protectors
|
|
|
|
/// for it.
|
2013-10-29 22:16:16 +01:00
|
|
|
/// \param [out] IsLarge is set to true if a protectable array is found and
|
|
|
|
/// it is "large" ( >= ssp-buffer-size). In the case of a structure with
|
|
|
|
/// multiple arrays, this gets set if any of them is large.
|
|
|
|
bool ContainsProtectableArray(Type *Ty, bool &IsLarge, bool Strong = false,
|
2013-09-27 23:58:43 +02:00
|
|
|
bool InStruct = false) const;
|
|
|
|
|
|
|
|
/// \brief Check whether a stack allocation has its address taken.
|
|
|
|
bool HasAddressTaken(const Instruction *AI);
|
|
|
|
|
|
|
|
/// RequiresStackProtector - Check whether or not this function needs a
|
|
|
|
/// stack protector based upon the stack protector level.
|
|
|
|
bool RequiresStackProtector();
|
2013-10-30 03:25:14 +01:00
|
|
|
|
2013-09-27 23:58:43 +02:00
|
|
|
public:
|
2013-10-30 03:25:14 +01:00
|
|
|
static char ID; // Pass identification, replacement for typeid.
|
2014-04-14 02:51:57 +02:00
|
|
|
StackProtector()
|
|
|
|
: FunctionPass(ID), TM(nullptr), TLI(nullptr), SSPBufferSize(0) {
|
2013-09-27 23:58:43 +02:00
|
|
|
initializeStackProtectorPass(*PassRegistry::getPassRegistry());
|
|
|
|
}
|
|
|
|
StackProtector(const TargetMachine *TM)
|
2014-04-14 02:51:57 +02:00
|
|
|
: FunctionPass(ID), TM(TM), TLI(nullptr), Trip(TM->getTargetTriple()),
|
2013-10-30 03:25:14 +01:00
|
|
|
SSPBufferSize(8) {
|
2013-09-27 23:58:43 +02:00
|
|
|
initializeStackProtectorPass(*PassRegistry::getPassRegistry());
|
|
|
|
}
|
|
|
|
|
2014-03-07 10:26:03 +01:00
|
|
|
void getAnalysisUsage(AnalysisUsage &AU) const override {
|
2014-01-13 14:07:17 +01:00
|
|
|
AU.addPreserved<DominatorTreeWrapperPass>();
|
2013-09-27 23:58:43 +02:00
|
|
|
}
|
|
|
|
|
2013-10-29 22:16:16 +01:00
|
|
|
SSPLayoutKind getSSPLayout(const AllocaInst *AI) const;
|
2016-04-08 23:26:31 +02:00
|
|
|
|
|
|
|
// Return true if StackProtector is supposed to be handled by SelectionDAG.
|
|
|
|
bool shouldEmitSDCheck(const BasicBlock &BB) const;
|
|
|
|
|
2014-01-20 20:49:14 +01:00
|
|
|
void adjustForColoring(const AllocaInst *From, const AllocaInst *To);
|
2013-10-29 22:16:16 +01:00
|
|
|
|
2014-03-07 10:26:03 +01:00
|
|
|
bool runOnFunction(Function &Fn) override;
|
2013-09-27 23:58:43 +02:00
|
|
|
};
|
|
|
|
} // end namespace llvm
|
|
|
|
|
|
|
|
#endif // LLVM_CODEGEN_STACKPROTECTOR_H
|