From: Dmitry Vyukov <dvyukov@google.com>
To: Emese Revfy <re.emese@gmail.com>
Cc: "open list:KERNEL BUILD + fi..." <linux-kbuild@vger.kernel.org>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
kernel-hardening@lists.openwall.com,
Michal Marek <mmarek@suse.com>, Kees Cook <keescook@chromium.org>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Fengguang Wu <fengguang.wu@intel.com>,
LKML <linux-kernel@vger.kernel.org>,
david.brown@linaro.org, yamada.masahiro@socionext.com,
syzkaller <syzkaller@googlegroups.com>
Subject: Re: [PATCH v7 6/6] Add sancov plugin
Date: Fri, 22 Apr 2016 20:51:08 +0200 [thread overview]
Message-ID: <CACT4Y+b-Lwwt1a-6dcm7owJzKpKJ1j5BRyZi3+pkeMuv3T2Q7g@mail.gmail.com> (raw)
In-Reply-To: <20160422202700.ca56c536f9b05fda9254aad5@gmail.com>
On Fri, Apr 22, 2016 at 8:27 PM, Emese Revfy <re.emese@gmail.com> wrote:
> The sancov gcc plugin inserts a __sanitizer_cov_trace_pc() call
> at the start of basic blocks.
>
> This plugin is a helper plugin for the kcov feature. It supports
> all gcc versions with plugin support (from gcc-4.5 on).
> It is based on the gcc commit "Add fuzzing coverage support" by Dmitry Vyukov
> (https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=231296).
+syzkaller mailing list
> Signed-off-by: Emese Revfy <re.emese@gmail.com>
> ---
> Makefile | 10 +--
> arch/Kconfig | 9 +++
> arch/x86/purgatory/Makefile | 2 +
> lib/Kconfig.debug | 2 +
> scripts/Makefile.gcc-plugins | 18 +++++
> scripts/gcc-plugins/Makefile | 5 ++
> scripts/gcc-plugins/sancov_plugin.c | 144 ++++++++++++++++++++++++++++++++++++
> 7 files changed, 181 insertions(+), 9 deletions(-)
> create mode 100644 scripts/gcc-plugins/sancov_plugin.c
>
> diff --git a/Makefile b/Makefile
> index 22f0e1b..f09f2bf 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -365,7 +365,7 @@ LDFLAGS_MODULE =
> CFLAGS_KERNEL =
> AFLAGS_KERNEL =
> CFLAGS_GCOV = -fprofile-arcs -ftest-coverage
> -CFLAGS_KCOV = -fsanitize-coverage=trace-pc
> +CFLAGS_KCOV := $(call cc-option,-fsanitize-coverage=trace-pc,)
>
>
> # Use USERINCLUDE when you must reference the UAPI directories only.
> @@ -685,14 +685,6 @@ endif
> endif
> KBUILD_CFLAGS += $(stackp-flag)
>
> -ifdef CONFIG_KCOV
> - ifeq ($(call cc-option, $(CFLAGS_KCOV)),)
> - $(warning Cannot use CONFIG_KCOV: \
> - -fsanitize-coverage=trace-pc is not supported by compiler)
> - CFLAGS_KCOV =
> - endif
> -endif
> -
> ifeq ($(cc-name),clang)
> KBUILD_CPPFLAGS += $(call cc-option,-Qunused-arguments,)
> KBUILD_CPPFLAGS += $(call cc-option,-Wno-unknown-warning-option,)
> diff --git a/arch/Kconfig b/arch/Kconfig
> index e783429..5d856c8 100644
> --- a/arch/Kconfig
> +++ b/arch/Kconfig
> @@ -380,6 +380,15 @@ config GCC_PLUGIN_CYC_COMPLEXITY
> N = the number of nodes
> P = the number of connected components (exit nodes).
>
> +config GCC_PLUGIN_SANCOV
> + bool
> + depends on GCC_PLUGINS
> + help
> + This plugin inserts a __sanitizer_cov_trace_pc() call at the start of
> + basic blocks. It supports all gcc versions with plugin support (from
> + gcc-4.5 on). It is based on the commit "Add fuzzing coverage support"
> + by Dmitry Vyukov <dvyukov@google.com>.
> +
> config HAVE_CC_STACKPROTECTOR
> bool
> help
> diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile
> index 12734a9..ac58c16 100644
> --- a/arch/x86/purgatory/Makefile
> +++ b/arch/x86/purgatory/Makefile
> @@ -8,6 +8,8 @@ PURGATORY_OBJS = $(addprefix $(obj)/,$(purgatory-y))
> LDFLAGS_purgatory.ro := -e purgatory_start -r --no-undefined -nostdlib -z nodefaultlib
> targets += purgatory.ro
>
> +KCOV_INSTRUMENT := n
> +
> # Default KBUILD_CFLAGS can have -pg option set when FTRACE is enabled. That
> # in turn leaves some undefined symbols like __fentry__ in purgatory and not
> # sure how to relocate those. Like kexec-tools, use custom flags.
> diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
> index 4fff4b0..616f7ed 100644
> --- a/lib/Kconfig.debug
> +++ b/lib/Kconfig.debug
> @@ -708,6 +708,8 @@ config KCOV
> bool "Code coverage for fuzzing"
> depends on ARCH_HAS_KCOV
> select DEBUG_FS
> + select GCC_PLUGINS
> + select GCC_PLUGIN_SANCOV
> help
> KCOV exposes kernel code coverage information in a form suitable
> for coverage-guided fuzzing (randomized testing).
> diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins
> index 282d63a..33ab13e 100644
> --- a/scripts/Makefile.gcc-plugins
> +++ b/scripts/Makefile.gcc-plugins
> @@ -2,8 +2,23 @@ ifdef CONFIG_GCC_PLUGINS
> __PLUGINCC := $(call cc-ifversion, -ge, 0408, $(HOSTCXX), $(HOSTCC))
> PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)")
>
> + SANCOV_PLUGIN := -fplugin=$(objtree)/scripts/gcc-plugins/sancov_plugin.so
> +
> gcc-plugin-$(CONFIG_GCC_PLUGIN_CYC_COMPLEXITY) += cyc_complexity_plugin.so
>
> + ifdef CONFIG_GCC_PLUGIN_SANCOV
> + ifeq ($(CFLAGS_KCOV),)
> + # It is needed because of the gcc-plugin.sh and gcc version checks.
> + gcc-plugin-$(CONFIG_GCC_PLUGIN_SANCOV) += sancov_plugin.so
> +
> + ifneq ($(PLUGINCC),)
> + CFLAGS_KCOV := $(SANCOV_PLUGIN)
> + else
> + $(error Cannot use CONFIG_KCOV: -fsanitize-coverage=trace-pc is not supported by compiler)
> + endif
> + endif
> + endif
> +
> GCC_PLUGINS_CFLAGS := $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y))
>
> ifeq ($(PLUGINCC),)
> @@ -15,6 +30,9 @@ ifdef CONFIG_GCC_PLUGINS
> $(error error, your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least)
> endif
> endif
> + else
> + # SANCOV_PLUGIN can be only in CFLAGS_KCOV because avoid duplication.
> + GCC_PLUGINS_CFLAGS := $(filter-out $(SANCOV_PLUGIN), $(GCC_PLUGINS_CFLAGS))
> endif
>
> KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
> diff --git a/scripts/gcc-plugins/Makefile b/scripts/gcc-plugins/Makefile
> index 31c72bf..79164c1 100644
> --- a/scripts/gcc-plugins/Makefile
> +++ b/scripts/gcc-plugins/Makefile
> @@ -14,6 +14,11 @@ export GCCPLUGINS_DIR HOSTLIBS
>
> $(HOSTLIBS)-$(CONFIG_GCC_PLUGIN_CYC_COMPLEXITY) := cyc_complexity_plugin.so
>
> +ifeq ($(CFLAGS_KCOV), -fplugin=$(objtree)/scripts/gcc-plugins/sancov_plugin.so)
> + $(HOSTLIBS)-$(CONFIG_GCC_PLUGIN_SANCOV) += sancov_plugin.so
> +endif
> +
> always := $($(HOSTLIBS)-y)
>
> cyc_complexity_plugin-objs := cyc_complexity_plugin.o
> +sancov_plugin-objs := sancov_plugin.o
> diff --git a/scripts/gcc-plugins/sancov_plugin.c b/scripts/gcc-plugins/sancov_plugin.c
> new file mode 100644
> index 0000000..aedd611
> --- /dev/null
> +++ b/scripts/gcc-plugins/sancov_plugin.c
> @@ -0,0 +1,144 @@
> +/*
> + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
> + * Licensed under the GPL v2, or (at your option) v3
> + *
> + * Homepage:
> + * https://github.com/ephox-gcc-plugins/sancov
> + *
> + * This plugin inserts a __sanitizer_cov_trace_pc() call at the start of basic blocks.
> + * It supports all gcc versions with plugin support (from gcc-4.5 on).
> + * It is based on the commit "Add fuzzing coverage support" by Dmitry Vyukov <dvyukov@google.com>.
> + *
> + * You can read about it more here:
> + * https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=231296
> + * http://lwn.net/Articles/674854/
> + * https://github.com/google/syzkaller
> + * https://lwn.net/Articles/677764/
> + *
> + * Usage:
> + * make run
> + */
> +
> +#include "gcc-common.h"
> +
> +int plugin_is_GPL_compatible;
> +
> +tree sancov_fndecl;
> +
> +static struct plugin_info sancov_plugin_info = {
> + .version = "20160402",
> + .help = "sancov plugin\n",
> +};
> +
> +static unsigned int sancov_execute(void)
> +{
> + basic_block bb;
> +
> + /* Remove this line when this plugin and kcov will be in the kernel.
> + if (!strcmp(DECL_NAME_POINTER(current_function_decl), DECL_NAME_POINTER(sancov_fndecl)))
> + return 0;
> + */
> +
> + FOR_EACH_BB_FN(bb, cfun) {
> + const_gimple stmt;
> + gcall *gcall;
> + gimple_stmt_iterator gsi = gsi_after_labels(bb);
> +
> + if (gsi_end_p(gsi))
> + continue;
> +
> + stmt = gsi_stmt(gsi);
> + gcall = as_a_gcall(gimple_build_call(sancov_fndecl, 0));
> + gimple_set_location(gcall, gimple_location(stmt));
> + gsi_insert_before(&gsi, gcall, GSI_SAME_STMT);
> + }
> + return 0;
> +}
> +
> +#define PASS_NAME sancov
> +
> +#define NO_GATE
> +#define TODO_FLAGS_FINISH TODO_dump_func | TODO_verify_stmts | TODO_update_ssa_no_phi | TODO_verify_flow
> +
> +#include "gcc-generate-gimple-pass.h"
> +
> +static void sancov_start_unit(void __unused *gcc_data, void __unused *user_data)
> +{
> + tree leaf_attr, nothrow_attr;
> + tree BT_FN_VOID = build_function_type_list(void_type_node, NULL_TREE);
> +
> + sancov_fndecl = build_fn_decl("__sanitizer_cov_trace_pc", BT_FN_VOID);
> +
> + DECL_ASSEMBLER_NAME(sancov_fndecl);
> + TREE_PUBLIC(sancov_fndecl) = 1;
> + DECL_EXTERNAL(sancov_fndecl) = 1;
> + DECL_ARTIFICIAL(sancov_fndecl) = 1;
> + DECL_PRESERVE_P(sancov_fndecl) = 1;
> + DECL_UNINLINABLE(sancov_fndecl) = 1;
> + TREE_USED(sancov_fndecl) = 1;
> +
> + nothrow_attr = tree_cons(get_identifier("nothrow"), NULL, NULL);
> + decl_attributes(&sancov_fndecl, nothrow_attr, 0);
> + gcc_assert(TREE_NOTHROW(sancov_fndecl));
> +#if BUILDING_GCC_VERSION > 4005
> + leaf_attr = tree_cons(get_identifier("leaf"), NULL, NULL);
> + decl_attributes(&sancov_fndecl, leaf_attr, 0);
> +#endif
> +}
> +
> +int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
> +{
> + int i;
> + struct register_pass_info sancov_plugin_pass_info;
> + const char * const plugin_name = plugin_info->base_name;
> + const int argc = plugin_info->argc;
> + const struct plugin_argument * const argv = plugin_info->argv;
> + bool enable = true;
> +
> + static const struct ggc_root_tab gt_ggc_r_gt_sancov[] = {
> + {
> + .base = &sancov_fndecl,
> + .nelt = 1,
> + .stride = sizeof(sancov_fndecl),
> + .cb = >_ggc_mx_tree_node,
> + .pchw = >_pch_nx_tree_node
> + },
> + LAST_GGC_ROOT_TAB
> + };
> +
> + /* BBs can be split afterwards?? */
> + sancov_plugin_pass_info.pass = make_sancov_pass();
> +#if BUILDING_GCC_VERSION >= 4009
> + sancov_plugin_pass_info.reference_pass_name = "asan";
> +#else
> + sancov_plugin_pass_info.reference_pass_name = "nrv";
> +#endif
> + sancov_plugin_pass_info.ref_pass_instance_number = 0;
> + sancov_plugin_pass_info.pos_op = PASS_POS_INSERT_BEFORE;
> +
> + if (!plugin_default_version_check(version, &gcc_version)) {
> + error(G_("incompatible gcc/plugin versions"));
> + return 1;
> + }
> +
> + for (i = 0; i < argc; ++i) {
> + if (!strcmp(argv[i].key, "no-sancov")) {
> + enable = false;
> + continue;
> + }
> + error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
> + }
> +
> + register_callback(plugin_name, PLUGIN_INFO, NULL, &sancov_plugin_info);
> +
> + if (!enable)
> + return 0;
> +
> +#if BUILDING_GCC_VERSION < 6000
> + register_callback(plugin_name, PLUGIN_START_UNIT, &sancov_start_unit, NULL);
> + register_callback(plugin_name, PLUGIN_REGISTER_GGC_ROOTS, NULL, (void *)>_ggc_r_gt_sancov);
> + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &sancov_plugin_pass_info);
> +#endif
> +
> + return 0;
> +}
> --
> 2.4.1
>
WARNING: multiple messages have this Message-ID (diff)
From: Dmitry Vyukov <dvyukov@google.com>
To: Emese Revfy <re.emese@gmail.com>
Cc: "open list:KERNEL BUILD + fi..." <linux-kbuild@vger.kernel.org>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
kernel-hardening@lists.openwall.com,
Michal Marek <mmarek@suse.com>, Kees Cook <keescook@chromium.org>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Fengguang Wu <fengguang.wu@intel.com>,
LKML <linux-kernel@vger.kernel.org>,
david.brown@linaro.org, yamada.masahiro@socionext.com,
syzkaller <syzkaller@googlegroups.com>
Subject: [kernel-hardening] Re: [PATCH v7 6/6] Add sancov plugin
Date: Fri, 22 Apr 2016 20:51:08 +0200 [thread overview]
Message-ID: <CACT4Y+b-Lwwt1a-6dcm7owJzKpKJ1j5BRyZi3+pkeMuv3T2Q7g@mail.gmail.com> (raw)
In-Reply-To: <20160422202700.ca56c536f9b05fda9254aad5@gmail.com>
On Fri, Apr 22, 2016 at 8:27 PM, Emese Revfy <re.emese@gmail.com> wrote:
> The sancov gcc plugin inserts a __sanitizer_cov_trace_pc() call
> at the start of basic blocks.
>
> This plugin is a helper plugin for the kcov feature. It supports
> all gcc versions with plugin support (from gcc-4.5 on).
> It is based on the gcc commit "Add fuzzing coverage support" by Dmitry Vyukov
> (https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=231296).
+syzkaller mailing list
> Signed-off-by: Emese Revfy <re.emese@gmail.com>
> ---
> Makefile | 10 +--
> arch/Kconfig | 9 +++
> arch/x86/purgatory/Makefile | 2 +
> lib/Kconfig.debug | 2 +
> scripts/Makefile.gcc-plugins | 18 +++++
> scripts/gcc-plugins/Makefile | 5 ++
> scripts/gcc-plugins/sancov_plugin.c | 144 ++++++++++++++++++++++++++++++++++++
> 7 files changed, 181 insertions(+), 9 deletions(-)
> create mode 100644 scripts/gcc-plugins/sancov_plugin.c
>
> diff --git a/Makefile b/Makefile
> index 22f0e1b..f09f2bf 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -365,7 +365,7 @@ LDFLAGS_MODULE =
> CFLAGS_KERNEL =
> AFLAGS_KERNEL =
> CFLAGS_GCOV = -fprofile-arcs -ftest-coverage
> -CFLAGS_KCOV = -fsanitize-coverage=trace-pc
> +CFLAGS_KCOV := $(call cc-option,-fsanitize-coverage=trace-pc,)
>
>
> # Use USERINCLUDE when you must reference the UAPI directories only.
> @@ -685,14 +685,6 @@ endif
> endif
> KBUILD_CFLAGS += $(stackp-flag)
>
> -ifdef CONFIG_KCOV
> - ifeq ($(call cc-option, $(CFLAGS_KCOV)),)
> - $(warning Cannot use CONFIG_KCOV: \
> - -fsanitize-coverage=trace-pc is not supported by compiler)
> - CFLAGS_KCOV =
> - endif
> -endif
> -
> ifeq ($(cc-name),clang)
> KBUILD_CPPFLAGS += $(call cc-option,-Qunused-arguments,)
> KBUILD_CPPFLAGS += $(call cc-option,-Wno-unknown-warning-option,)
> diff --git a/arch/Kconfig b/arch/Kconfig
> index e783429..5d856c8 100644
> --- a/arch/Kconfig
> +++ b/arch/Kconfig
> @@ -380,6 +380,15 @@ config GCC_PLUGIN_CYC_COMPLEXITY
> N = the number of nodes
> P = the number of connected components (exit nodes).
>
> +config GCC_PLUGIN_SANCOV
> + bool
> + depends on GCC_PLUGINS
> + help
> + This plugin inserts a __sanitizer_cov_trace_pc() call at the start of
> + basic blocks. It supports all gcc versions with plugin support (from
> + gcc-4.5 on). It is based on the commit "Add fuzzing coverage support"
> + by Dmitry Vyukov <dvyukov@google.com>.
> +
> config HAVE_CC_STACKPROTECTOR
> bool
> help
> diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile
> index 12734a9..ac58c16 100644
> --- a/arch/x86/purgatory/Makefile
> +++ b/arch/x86/purgatory/Makefile
> @@ -8,6 +8,8 @@ PURGATORY_OBJS = $(addprefix $(obj)/,$(purgatory-y))
> LDFLAGS_purgatory.ro := -e purgatory_start -r --no-undefined -nostdlib -z nodefaultlib
> targets += purgatory.ro
>
> +KCOV_INSTRUMENT := n
> +
> # Default KBUILD_CFLAGS can have -pg option set when FTRACE is enabled. That
> # in turn leaves some undefined symbols like __fentry__ in purgatory and not
> # sure how to relocate those. Like kexec-tools, use custom flags.
> diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
> index 4fff4b0..616f7ed 100644
> --- a/lib/Kconfig.debug
> +++ b/lib/Kconfig.debug
> @@ -708,6 +708,8 @@ config KCOV
> bool "Code coverage for fuzzing"
> depends on ARCH_HAS_KCOV
> select DEBUG_FS
> + select GCC_PLUGINS
> + select GCC_PLUGIN_SANCOV
> help
> KCOV exposes kernel code coverage information in a form suitable
> for coverage-guided fuzzing (randomized testing).
> diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins
> index 282d63a..33ab13e 100644
> --- a/scripts/Makefile.gcc-plugins
> +++ b/scripts/Makefile.gcc-plugins
> @@ -2,8 +2,23 @@ ifdef CONFIG_GCC_PLUGINS
> __PLUGINCC := $(call cc-ifversion, -ge, 0408, $(HOSTCXX), $(HOSTCC))
> PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)")
>
> + SANCOV_PLUGIN := -fplugin=$(objtree)/scripts/gcc-plugins/sancov_plugin.so
> +
> gcc-plugin-$(CONFIG_GCC_PLUGIN_CYC_COMPLEXITY) += cyc_complexity_plugin.so
>
> + ifdef CONFIG_GCC_PLUGIN_SANCOV
> + ifeq ($(CFLAGS_KCOV),)
> + # It is needed because of the gcc-plugin.sh and gcc version checks.
> + gcc-plugin-$(CONFIG_GCC_PLUGIN_SANCOV) += sancov_plugin.so
> +
> + ifneq ($(PLUGINCC),)
> + CFLAGS_KCOV := $(SANCOV_PLUGIN)
> + else
> + $(error Cannot use CONFIG_KCOV: -fsanitize-coverage=trace-pc is not supported by compiler)
> + endif
> + endif
> + endif
> +
> GCC_PLUGINS_CFLAGS := $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y))
>
> ifeq ($(PLUGINCC),)
> @@ -15,6 +30,9 @@ ifdef CONFIG_GCC_PLUGINS
> $(error error, your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least)
> endif
> endif
> + else
> + # SANCOV_PLUGIN can be only in CFLAGS_KCOV because avoid duplication.
> + GCC_PLUGINS_CFLAGS := $(filter-out $(SANCOV_PLUGIN), $(GCC_PLUGINS_CFLAGS))
> endif
>
> KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
> diff --git a/scripts/gcc-plugins/Makefile b/scripts/gcc-plugins/Makefile
> index 31c72bf..79164c1 100644
> --- a/scripts/gcc-plugins/Makefile
> +++ b/scripts/gcc-plugins/Makefile
> @@ -14,6 +14,11 @@ export GCCPLUGINS_DIR HOSTLIBS
>
> $(HOSTLIBS)-$(CONFIG_GCC_PLUGIN_CYC_COMPLEXITY) := cyc_complexity_plugin.so
>
> +ifeq ($(CFLAGS_KCOV), -fplugin=$(objtree)/scripts/gcc-plugins/sancov_plugin.so)
> + $(HOSTLIBS)-$(CONFIG_GCC_PLUGIN_SANCOV) += sancov_plugin.so
> +endif
> +
> always := $($(HOSTLIBS)-y)
>
> cyc_complexity_plugin-objs := cyc_complexity_plugin.o
> +sancov_plugin-objs := sancov_plugin.o
> diff --git a/scripts/gcc-plugins/sancov_plugin.c b/scripts/gcc-plugins/sancov_plugin.c
> new file mode 100644
> index 0000000..aedd611
> --- /dev/null
> +++ b/scripts/gcc-plugins/sancov_plugin.c
> @@ -0,0 +1,144 @@
> +/*
> + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
> + * Licensed under the GPL v2, or (at your option) v3
> + *
> + * Homepage:
> + * https://github.com/ephox-gcc-plugins/sancov
> + *
> + * This plugin inserts a __sanitizer_cov_trace_pc() call at the start of basic blocks.
> + * It supports all gcc versions with plugin support (from gcc-4.5 on).
> + * It is based on the commit "Add fuzzing coverage support" by Dmitry Vyukov <dvyukov@google.com>.
> + *
> + * You can read about it more here:
> + * https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=231296
> + * http://lwn.net/Articles/674854/
> + * https://github.com/google/syzkaller
> + * https://lwn.net/Articles/677764/
> + *
> + * Usage:
> + * make run
> + */
> +
> +#include "gcc-common.h"
> +
> +int plugin_is_GPL_compatible;
> +
> +tree sancov_fndecl;
> +
> +static struct plugin_info sancov_plugin_info = {
> + .version = "20160402",
> + .help = "sancov plugin\n",
> +};
> +
> +static unsigned int sancov_execute(void)
> +{
> + basic_block bb;
> +
> + /* Remove this line when this plugin and kcov will be in the kernel.
> + if (!strcmp(DECL_NAME_POINTER(current_function_decl), DECL_NAME_POINTER(sancov_fndecl)))
> + return 0;
> + */
> +
> + FOR_EACH_BB_FN(bb, cfun) {
> + const_gimple stmt;
> + gcall *gcall;
> + gimple_stmt_iterator gsi = gsi_after_labels(bb);
> +
> + if (gsi_end_p(gsi))
> + continue;
> +
> + stmt = gsi_stmt(gsi);
> + gcall = as_a_gcall(gimple_build_call(sancov_fndecl, 0));
> + gimple_set_location(gcall, gimple_location(stmt));
> + gsi_insert_before(&gsi, gcall, GSI_SAME_STMT);
> + }
> + return 0;
> +}
> +
> +#define PASS_NAME sancov
> +
> +#define NO_GATE
> +#define TODO_FLAGS_FINISH TODO_dump_func | TODO_verify_stmts | TODO_update_ssa_no_phi | TODO_verify_flow
> +
> +#include "gcc-generate-gimple-pass.h"
> +
> +static void sancov_start_unit(void __unused *gcc_data, void __unused *user_data)
> +{
> + tree leaf_attr, nothrow_attr;
> + tree BT_FN_VOID = build_function_type_list(void_type_node, NULL_TREE);
> +
> + sancov_fndecl = build_fn_decl("__sanitizer_cov_trace_pc", BT_FN_VOID);
> +
> + DECL_ASSEMBLER_NAME(sancov_fndecl);
> + TREE_PUBLIC(sancov_fndecl) = 1;
> + DECL_EXTERNAL(sancov_fndecl) = 1;
> + DECL_ARTIFICIAL(sancov_fndecl) = 1;
> + DECL_PRESERVE_P(sancov_fndecl) = 1;
> + DECL_UNINLINABLE(sancov_fndecl) = 1;
> + TREE_USED(sancov_fndecl) = 1;
> +
> + nothrow_attr = tree_cons(get_identifier("nothrow"), NULL, NULL);
> + decl_attributes(&sancov_fndecl, nothrow_attr, 0);
> + gcc_assert(TREE_NOTHROW(sancov_fndecl));
> +#if BUILDING_GCC_VERSION > 4005
> + leaf_attr = tree_cons(get_identifier("leaf"), NULL, NULL);
> + decl_attributes(&sancov_fndecl, leaf_attr, 0);
> +#endif
> +}
> +
> +int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
> +{
> + int i;
> + struct register_pass_info sancov_plugin_pass_info;
> + const char * const plugin_name = plugin_info->base_name;
> + const int argc = plugin_info->argc;
> + const struct plugin_argument * const argv = plugin_info->argv;
> + bool enable = true;
> +
> + static const struct ggc_root_tab gt_ggc_r_gt_sancov[] = {
> + {
> + .base = &sancov_fndecl,
> + .nelt = 1,
> + .stride = sizeof(sancov_fndecl),
> + .cb = >_ggc_mx_tree_node,
> + .pchw = >_pch_nx_tree_node
> + },
> + LAST_GGC_ROOT_TAB
> + };
> +
> + /* BBs can be split afterwards?? */
> + sancov_plugin_pass_info.pass = make_sancov_pass();
> +#if BUILDING_GCC_VERSION >= 4009
> + sancov_plugin_pass_info.reference_pass_name = "asan";
> +#else
> + sancov_plugin_pass_info.reference_pass_name = "nrv";
> +#endif
> + sancov_plugin_pass_info.ref_pass_instance_number = 0;
> + sancov_plugin_pass_info.pos_op = PASS_POS_INSERT_BEFORE;
> +
> + if (!plugin_default_version_check(version, &gcc_version)) {
> + error(G_("incompatible gcc/plugin versions"));
> + return 1;
> + }
> +
> + for (i = 0; i < argc; ++i) {
> + if (!strcmp(argv[i].key, "no-sancov")) {
> + enable = false;
> + continue;
> + }
> + error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
> + }
> +
> + register_callback(plugin_name, PLUGIN_INFO, NULL, &sancov_plugin_info);
> +
> + if (!enable)
> + return 0;
> +
> +#if BUILDING_GCC_VERSION < 6000
> + register_callback(plugin_name, PLUGIN_START_UNIT, &sancov_start_unit, NULL);
> + register_callback(plugin_name, PLUGIN_REGISTER_GGC_ROOTS, NULL, (void *)>_ggc_r_gt_sancov);
> + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &sancov_plugin_pass_info);
> +#endif
> +
> + return 0;
> +}
> --
> 2.4.1
>
next prev parent reply other threads:[~2016-04-22 18:51 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-22 18:19 [PATCH v7 0/6] Introduce GCC plugin infrastructure Emese Revfy
2016-04-22 18:19 ` [kernel-hardening] " Emese Revfy
2016-04-22 18:21 ` [PATCH v7 1/6] Shared library support Emese Revfy
2016-04-22 18:21 ` [kernel-hardening] " Emese Revfy
2016-05-02 5:03 ` Masahiro Yamada
2016-05-02 5:03 ` [kernel-hardening] " Masahiro Yamada
2016-05-02 17:56 ` Emese Revfy
2016-05-02 17:56 ` [kernel-hardening] " Emese Revfy
2016-05-03 2:00 ` Masahiro Yamada
2016-05-03 2:00 ` [kernel-hardening] " Masahiro Yamada
2016-05-03 21:29 ` Emese Revfy
2016-05-03 21:29 ` [kernel-hardening] " Emese Revfy
2016-05-04 4:09 ` Masahiro Yamada
2016-05-04 4:09 ` [kernel-hardening] " Masahiro Yamada
2016-05-05 18:40 ` Emese Revfy
2016-05-05 18:40 ` [kernel-hardening] " Emese Revfy
2016-05-03 2:06 ` Masahiro Yamada
2016-05-03 2:06 ` [kernel-hardening] " Masahiro Yamada
2016-05-03 21:25 ` Emese Revfy
2016-05-03 21:25 ` [kernel-hardening] " Emese Revfy
2016-05-05 18:43 ` Emese Revfy
2016-05-05 18:43 ` [kernel-hardening] " Emese Revfy
2016-04-22 18:22 ` [PATCH v7 2/6] GCC plugin infrastructure Emese Revfy
2016-04-22 18:22 ` [kernel-hardening] " Emese Revfy
2016-05-02 5:07 ` Masahiro Yamada
2016-05-02 5:07 ` [kernel-hardening] " Masahiro Yamada
2016-05-02 17:59 ` Emese Revfy
2016-05-11 11:24 ` Michal Marek
2016-05-11 11:24 ` [kernel-hardening] " Michal Marek
2016-05-12 15:04 ` Emese Revfy
2016-05-12 15:04 ` [kernel-hardening] " Emese Revfy
2016-04-22 18:23 ` [PATCH v7 3/6] The GCC plugin infrastructure supports the arm and arm64 architectures too Emese Revfy
2016-04-22 18:23 ` [kernel-hardening] " Emese Revfy
2016-05-02 5:08 ` Masahiro Yamada
2016-05-02 5:08 ` [kernel-hardening] " Masahiro Yamada
2016-04-22 18:24 ` [PATCH v7 4/6] Add Cyclomatic complexity GCC plugin Emese Revfy
2016-04-22 18:24 ` [kernel-hardening] " Emese Revfy
2016-05-02 5:09 ` Masahiro Yamada
2016-05-02 5:09 ` [kernel-hardening] " Masahiro Yamada
2016-04-22 18:26 ` [PATCH v7 5/6] Documentation for the GCC plugin infrastructure Emese Revfy
2016-04-22 18:26 ` [kernel-hardening] " Emese Revfy
2016-05-02 5:10 ` Masahiro Yamada
2016-05-02 5:10 ` [kernel-hardening] " Masahiro Yamada
2016-05-02 18:07 ` Emese Revfy
2016-05-02 18:07 ` [kernel-hardening] " Emese Revfy
2016-04-22 18:27 ` [PATCH v7 6/6] Add sancov plugin Emese Revfy
2016-04-22 18:27 ` [kernel-hardening] " Emese Revfy
2016-04-22 18:51 ` Dmitry Vyukov [this message]
2016-04-22 18:51 ` [kernel-hardening] " Dmitry Vyukov
2016-04-26 20:40 ` [PATCH v7 0/6] Introduce GCC plugin infrastructure Kees Cook
2016-04-26 20:40 ` [kernel-hardening] " Kees Cook
2016-04-26 20:40 ` Kees Cook
2016-04-27 1:40 ` Masahiro Yamada
2016-04-27 1:40 ` [kernel-hardening] " Masahiro Yamada
2016-04-27 1:40 ` Masahiro Yamada
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CACT4Y+b-Lwwt1a-6dcm7owJzKpKJ1j5BRyZi3+pkeMuv3T2Q7g@mail.gmail.com \
--to=dvyukov@google.com \
--cc=david.brown@linaro.org \
--cc=fengguang.wu@intel.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=mmarek@suse.com \
--cc=pageexec@freemail.hu \
--cc=re.emese@gmail.com \
--cc=spender@grsecurity.net \
--cc=syzkaller@googlegroups.com \
--cc=yamada.masahiro@socionext.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.