summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gcc/ChangeLog13
-rw-r--r--gcc/asan.c10
-rw-r--r--gcc/asan.h2
-rw-r--r--gcc/cfgexpand.c2
-rw-r--r--gcc/opts.c3
-rw-r--r--gcc/params.def5
-rw-r--r--gcc/params.h2
-rw-r--r--gcc/testsuite/ChangeLog5
-rw-r--r--gcc/testsuite/c-c++-common/asan/kasan-alloca-1.c11
-rw-r--r--gcc/testsuite/c-c++-common/asan/kasan-alloca-2.c11
10 files changed, 61 insertions, 3 deletions
diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index f5614b01dcd..e0fe1a63858 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,5 +1,18 @@
2017-07-06 Maxim Ostapenko <m.ostapenko@samsung.com>
+ * asan.h (asan_sanitize_allocas_p): Declare.
+ * asan.c (asan_sanitize_allocas_p): New function.
+ (handle_builtin_stack_restore): Bail out if !asan_sanitize_allocas_p.
+ (handle_builtin_alloca): Likewise.
+ * cfgexpand.c (expand_used_vars): Do not add allocas unpoisoning stuff
+ if !asan_sanitize_allocas_p.
+ * params.def (asan-instrument-allocas): Add new option.
+ * params.h (ASAN_PROTECT_ALLOCAS): Define.
+ * opts.c (common_handle_option): Disable allocas sanitization for
+ KASan by default.
+
+2017-07-06 Maxim Ostapenko <m.ostapenko@samsung.com>
+
* asan.c: Include gimple-fold.h.
(get_last_alloca_addr): New function.
(handle_builtin_stackrestore): Likewise.
diff --git a/gcc/asan.c b/gcc/asan.c
index 252e59fcd4d..95004d734a5 100644
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -310,6 +310,12 @@ asan_sanitize_stack_p (void)
return (sanitize_flags_p (SANITIZE_ADDRESS) && ASAN_STACK);
}
+bool
+asan_sanitize_allocas_p (void)
+{
+ return (asan_sanitize_stack_p () && ASAN_PROTECT_ALLOCAS);
+}
+
/* Checks whether section SEC should be sanitized. */
static bool
@@ -569,7 +575,7 @@ get_last_alloca_addr ()
static void
handle_builtin_stack_restore (gcall *call, gimple_stmt_iterator *iter)
{
- if (!iter)
+ if (!iter || !asan_sanitize_allocas_p ())
return;
tree last_alloca = get_last_alloca_addr ();
@@ -607,7 +613,7 @@ handle_builtin_stack_restore (gcall *call, gimple_stmt_iterator *iter)
static void
handle_builtin_alloca (gcall *call, gimple_stmt_iterator *iter)
{
- if (!iter)
+ if (!iter || !asan_sanitize_allocas_p ())
return;
gassign *g;
diff --git a/gcc/asan.h b/gcc/asan.h
index 4e8120ef761..c82d4d901e5 100644
--- a/gcc/asan.h
+++ b/gcc/asan.h
@@ -108,6 +108,8 @@ extern void set_sanitized_sections (const char *);
extern bool asan_sanitize_stack_p (void);
+extern bool asan_sanitize_allocas_p (void);
+
/* Return TRUE if builtin with given FCODE will be intercepted by
libasan. */
diff --git a/gcc/cfgexpand.c b/gcc/cfgexpand.c
index dd7277f4a73..c427a89bab0 100644
--- a/gcc/cfgexpand.c
+++ b/gcc/cfgexpand.c
@@ -2241,7 +2241,7 @@ expand_used_vars (void)
expand_stack_vars (NULL, &data);
}
- if ((flag_sanitize & SANITIZE_ADDRESS) && cfun->calls_alloca)
+ if (asan_sanitize_allocas_p () && cfun->calls_alloca)
var_end_seq = asan_emit_allocas_unpoison (virtual_stack_dynamic_rtx,
virtual_stack_vars_rtx,
var_end_seq);
diff --git a/gcc/opts.c b/gcc/opts.c
index 7460c2be1b6..7555ed55434 100644
--- a/gcc/opts.c
+++ b/gcc/opts.c
@@ -1909,6 +1909,9 @@ common_handle_option (struct gcc_options *opts,
opts_set->x_param_values);
maybe_set_param_value (PARAM_ASAN_STACK, 0, opts->x_param_values,
opts_set->x_param_values);
+ maybe_set_param_value (PARAM_ASAN_PROTECT_ALLOCAS, 0,
+ opts->x_param_values,
+ opts_set->x_param_values);
maybe_set_param_value (PARAM_ASAN_USE_AFTER_RETURN, 0,
opts->x_param_values,
opts_set->x_param_values);
diff --git a/gcc/params.def b/gcc/params.def
index 6b07518a34b..805302bb93e 100644
--- a/gcc/params.def
+++ b/gcc/params.def
@@ -1142,6 +1142,11 @@ DEFPARAM (PARAM_ASAN_STACK,
"Enable asan stack protection.",
1, 0, 1)
+DEFPARAM (PARAM_ASAN_PROTECT_ALLOCAS,
+ "asan-instrument-allocas",
+ "Enable asan allocas/VLAs protection.",
+ 1, 0, 1)
+
DEFPARAM (PARAM_ASAN_GLOBALS,
"asan-globals",
"Enable asan globals protection.",
diff --git a/gcc/params.h b/gcc/params.h
index 8b916607f16..2188e1877e9 100644
--- a/gcc/params.h
+++ b/gcc/params.h
@@ -232,6 +232,8 @@ extern void init_param_values (int *params);
PARAM_VALUE (PARAM_ALLOW_PACKED_STORE_DATA_RACES)
#define ASAN_STACK \
PARAM_VALUE (PARAM_ASAN_STACK)
+#define ASAN_PROTECT_ALLOCAS \
+ PARAM_VALUE (PARAM_ASAN_PROTECT_ALLOCAS)
#define ASAN_GLOBALS \
PARAM_VALUE (PARAM_ASAN_GLOBALS)
#define ASAN_INSTRUMENT_READS \
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index 886689f6c9c..ac18d1ab293 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,5 +1,10 @@
2017-07-06 Maxim Ostapenko <m.ostapenko@samsung.com>
+ * c-c++-common/asan/kasan-alloca-1.c: New test.
+ * c-c++-common/asan/kasan-alloca-2.c: Likewise.
+
+2017-07-06 Maxim Ostapenko <m.ostapenko@samsung.com>
+
* c-c++-common/asan/alloca_big_alignment.c: New test.
* c-c++-common/asan/alloca_detect_custom_size.c: Likewise.
* c-c++-common/asan/alloca_instruments_all_paddings.c: Likewise.
diff --git a/gcc/testsuite/c-c++-common/asan/kasan-alloca-1.c b/gcc/testsuite/c-c++-common/asan/kasan-alloca-1.c
new file mode 100644
index 00000000000..518d19050ed
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/asan/kasan-alloca-1.c
@@ -0,0 +1,11 @@
+/* { dg-do compile } */
+/* { dg-options "-fno-sanitize=address -fsanitize=kernel-address -fdump-tree-sanopt" } */
+/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */
+
+void foo(int index, int len) {
+ char str[len];
+ str[index] = '1'; // BOOM
+}
+
+/* { dg-final { scan-tree-dump-not "__builtin___asan_alloca_poison" "sanopt" } } */
+/* { dg-final { scan-tree-dump-not "__builtin___asan_allocas_unpoison" "sanopt" } } */
diff --git a/gcc/testsuite/c-c++-common/asan/kasan-alloca-2.c b/gcc/testsuite/c-c++-common/asan/kasan-alloca-2.c
new file mode 100644
index 00000000000..e3999d93f6f
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/asan/kasan-alloca-2.c
@@ -0,0 +1,11 @@
+/* { dg-do compile } */
+/* { dg-options "-fno-sanitize=address -fsanitize=kernel-address --param asan-instrument-allocas=1 --param asan-stack=1 -fdump-tree-sanopt" } */
+/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */
+
+void foo(int index, int len) {
+ char str[len];
+ str[index] = '1'; // BOOM
+}
+
+/* { dg-final { scan-tree-dump-times "__builtin___asan_alloca_poison" 1 "sanopt" } } */
+/* { dg-final { scan-tree-dump-times "__builtin___asan_allocas_unpoison" 1 "sanopt" } } */