[llvm-dev] Is shadow call stack in llvm 7 ok?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[llvm-dev] Is shadow call stack in llvm 7 ok?

Alberto Barbaro via llvm-dev
Hi 

I try the shadow call stack in llvm.

clang -fsanitize=shadow-call-stack  ./test.c

test.c
#include<stdio.h>

void A(){
        printf("A\n");
}

int main(){
        A();
        return 0;
}

And then produe weird code

0000000000400570 <main>:
  400570:       4c 8b 14 24             mov    r10,QWORD PTR [rsp]
  400574:       4d 31 db                xor    r11,r11
  400577:       65 49 83 03 08          add    QWORD PTR gs:[r11],0x8
  40057c:       65 4d 8b 1b             mov    r11,QWORD PTR gs:[r11]
  400580:       65 4d 89 13             mov    QWORD PTR gs:[r11],r10

at 0x400577 the program crashes

because  r11 is 0 after  0x400574 .

I wonder that shadow call stack in llvm 7 is ok now? 

Thank you.





_______________________________________________
LLVM Developers mailing list
[hidden email]
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
Reply | Threaded
Open this post in threaded view
|

Re: [llvm-dev] Is shadow call stack in llvm 7 ok?

Alberto Barbaro via llvm-dev
Hi,

On Thu, 22 Nov 2018 at 09:00, PenYiWang via llvm-dev
<[hidden email]> wrote:
> at 0x400577 the program crashes
>
> because  r11 is 0 after  0x400574 .

Looking at ShadowCallStack.cpp, the 0 is very intentional. So to use
this feature you'll need a runtime willing to give each thread a valid
shadow stack and set the base and of the gs register to point at it.

The documentation mentions that you'll probably have to write your own
runtime: https://clang.llvm.org/docs/ShadowCallStack.html. You didn't
mention which OS you were using, but these notes seem to cover what
would be needed to actually set GS on various platforms:
https://gist.github.com/MerryMage/f22e75d5128c07d77630ca01c4272937.

You'd have to come up with your own methods to make sure that happens
on each thread before any instrumented code runs.

Cheers.

Tim.
_______________________________________________
LLVM Developers mailing list
[hidden email]
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev