PenYiWang via llvm-dev
2018-Nov-22 08:59 UTC
[llvm-dev] Is shadow call stack in llvm 7 ok?
Hi I try the shadow call stack in llvm. clang -fsanitize=shadow-call-stack ./test.c test.c #include<stdio.h> void A(){ printf("A\n"); } int main(){ A(); return 0; } And then produe weird code 0000000000400570 <main>: 400570: 4c 8b 14 24 mov r10,QWORD PTR [rsp] 400574: 4d 31 db xor r11,r11 400577: 65 49 83 03 08 add QWORD PTR gs:[r11],0x8 40057c: 65 4d 8b 1b mov r11,QWORD PTR gs:[r11] 400580: 65 4d 89 13 mov QWORD PTR gs:[r11],r10 at 0x400577 the program crashes because r11 is 0 after 0x400574 . I wonder that shadow call stack in llvm 7 is ok now? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20181122/1156bea6/attachment.html>
Tim Northover via llvm-dev
2018-Nov-22 14:22 UTC
[llvm-dev] Is shadow call stack in llvm 7 ok?
Hi, On Thu, 22 Nov 2018 at 09:00, PenYiWang via llvm-dev <llvm-dev at lists.llvm.org> wrote:> at 0x400577 the program crashes > > because r11 is 0 after 0x400574 .Looking at ShadowCallStack.cpp, the 0 is very intentional. So to use this feature you'll need a runtime willing to give each thread a valid shadow stack and set the base and of the gs register to point at it. The documentation mentions that you'll probably have to write your own runtime: https://clang.llvm.org/docs/ShadowCallStack.html. You didn't mention which OS you were using, but these notes seem to cover what would be needed to actually set GS on various platforms: https://gist.github.com/MerryMage/f22e75d5128c07d77630ca01c4272937. You'd have to come up with your own methods to make sure that happens on each thread before any instrumented code runs. Cheers. Tim.