abort() seems friendlier, but in practice it puts a couple of irrelevant
libc.so frames on the top of the stack trace and clobbers all the
registers that might have helped remotely debug a sanitizer failure.
Let's switch to trapping directly in the sanitized code instead.
Bug: http://b/298741930
Test: treehugger
Change-Id: I6c971920c8506f97133749aaddd73b8cea6a12bc
Test: go test soong tests
Test: verify no NeuralNetworksTest_random_graph sdk variants in
build.ninja when aosp_x86 is lunched
Bug: 302093869
Change-Id: I6429aa75518cca6974abcf7330236a6a07135ea1
This reverts commit 49dcf79550.
The previous init crash was caused by the kernel defaulting to Sv57 and
the CFI shadow implementation in bionic assuming a 48-bit virtual
address space. With 5-level paging disabled in cuttlefish, we can again
enable CFI.
Bug: 293884796
Link: https://github.com/google/android-riscv64/issues/45
Test: cuttlefish boots
Change-Id: Ibcc02cf7ca6e396fd58674c648abf9f84daa260e
This adds support for correctly handling Rust sanitized snapshots,
ensuring they only have one variation.
The presence of multiple variations were causing build failures
when a rust_fuzz module for host was defined and a snapshot
build was requested.
This also sets -Z link-native-libraries=no on host modules
(in addition to device modules) to avoid emitting extra linkage
flags due to link attributes.
Bug: 282897366
Test: SOONG_SDK_SNAPSHOT_USE_SRCJAR=true m
Change-Id: Idf980c29145f11c530ad635a4eb5b01a1730ac24
Sanitized glibc binaries get their runtime added by clang, not by
Soong, but unsanitized glibc binaries with sanitized dependencies
need their runtime added manually by Soong. Fix adding a static
runtime dependency to static glibc binaries.
Fixes: 297250415
Test: TestUbsan
Change-Id: I4913326604f9efebd8ecd4aad2f109fad8b6a80c
Adds the ability to centrally disable HWASan for multiple modules when
building with SANITIZE_TARGET=hwaddress. Soong version of the patchset.
HWASan takes precedence over CFI and several other sanitizers that it's
incompatible with[1], which can be problematic for modules that require
those sanitizers (e.g. those that depend on vendor prebuilts where only
sanitized variants are provided). This patch adds an easy way to disable
HWASan for such modules while still keeping it globally enabled.
Test: build with HWASAN_EXCLUDE_PATHS set and verify with readelf that
relevant modules have no references to __hwasan symbols
[1] bb31ca1168/core/config_sanitizers.mk (236)
Change-Id: I5824f71f2a400c64cde29e2c7afdd167d851d337
This reverts commit e72ee14006.
Bug: 293532332
Reason for revert: Test failure fixed in https://r.android.com/2681595
Change-Id: Id40079133e50492a6e2f3e2794012695562c39f6
these two upstream commits fixed the issues in global-isel and fast-isel:
* global-isel: https://reviews.llvm.org/D82615
* fast-isel: https://reviews.llvm.org/D138615
Currently used clang r498229 (defined build/soong/cc/config/global.go)
is based on upstream commit 14f0776550b5a49e1c42f49a00213f7f3fa047bf
which includes these two changes.
Bug: 293297826
Test: build oriole_hwasan and boot
Change-Id: I65fabdf0b5edd248b4bf4e138a999f8142370cd5
MTE globals needs four pieces:
1. (done) clang/llvm to produce objfiles with MTE globals metadata
2. (in flight, https://reviews.llvm.org/D152921) lld to process the metadata in the objfiles, and produce information in each DSO describing the global variables that need to be tagged (alongside some other stuff).
3. (this patch) android to handle the new sanitizer
4. (not yet sent) bionic's libc/linker to interpret the information in each DSO, and tag the global variables.
Because #2 will take some time to come through the toolchain rolls, and #3 and #4 can be landed asynchronously, we can land this ahead of time. Should make my life easier by preventing constant rebases.
Bug: N/A
Test: Build {libc, libm, libc++, libm, and libnetd} in internal master
with these patches and an experimental compiler with the lld support.
Also, `SANITIZE_TARGET=memtag_globals m` here with in-tree compiler
without lld support.
Change-Id: Ie7882d474d4d776232de3a3d571a82274df14bf0
We pass mcpu=cortex-a55 for our build, which increases BB to the point
where the LLVM default of 32 is not enough. This caused worse coverage
for use-after-scope detection, and increased stack usage.
Test: build oriole_hwasan
Bug: 229654778
Change-Id: I6ddb47d7224a9c6ddbf2641c043e3430d330c5a9
We don't built clang sanitizer runtimes for host arm64 yet,
disable sanitizer that need them when building for linux_musl arm64.
Test: builds
Change-Id: Id4fcb7f9743ac30121157b2294eb60216eaff7b3
Environment variables HWASAN_INCLUDE_PATHS and
PRODUCT_HWASAN_INCLUDE_PATHS can be used to enable HWASan for multiple
modules, by just adding the module directory to the env variable.
Bug: b/271948407
Test: Set specific module directory to above env variable and check the
assembly codes of output elf files after building, finding hwasan
related symbols inside.
Change-Id: Ic49b515830c4469ca5fa94f547b26c0fb602fc54
We're trying to switch from x18 to gp for shadow call stack, ideally
without breaking anything, so let's disable shadow call stack while we
rearrange things behind the scenes...
Bug: http://b/277909695
Test: treehugger
Change-Id: Ic1a6bceaf0ab20dc66e1903747ebb668232a253a
libc_hwasan is a new library in the runtime apex that lives in
bionic/hwasan/libc.so and is symlinked to /system/lib64/hwasan/libc.so.
This is chosen by the linker if an app or binary requires HWASan
support.
Bug: 276930343
Change-Id: If331744ad84241ad99a41805ea3110d37cf9b0af
Mostly exporting variables to Bazel, but also allowlisting a BUILD
file.
Bug: 251217226
Test: Unit tests
Change-Id: Id87015a3cd5d970700c4058ec989bb0c14c36bcb
Use static asan runtimes for musl binaries to match glibc binaries.
The static asan runtime also requires libclang_rt.asan_cxx.a. Unlike
most other runtimes the asan runtimes need to expose the symbols
from the runtime to allow intercepting calls to malloc, new etc.
Test: m USE_HOST_MUSL=true aidl_unittests && out/host/linux-x86/testcases/aidl_unittests/x86_64/aidl_unittests
Test: sanitize_test.go
Change-Id: I93da03b1c447fbb01f37262e7a465f165c2d5a18
The dependencies on static runtimes are getting compilicated, as they
vary on whether or not they should hide or export symbols from the
runtime. Instead of setting flags to try to add the right static
runtime later, add them as dependencies immediately with a call to
addStaticDeps.
Test: sanitize_test.go
Change-Id: I5fb3ee29b31ce99d8feac262fcf71d19396dc68d
We pass mcpu=cortex-a55 for our build, which increases BB to the point
where the LLVM default of 32 is not enough.
I ran a fullmte build and did not see any slowdown.
Bug: 229654778
Change-Id: Ifbd1e5427101b2f2f39c067ba3ea4d5cb4a3ba0d
To match the scudo allocator's always return zero allocation behavior,
set the max malloc fill size larger than the largest size class.
Currently, the largest is 65552, so set the max to 128KB to avoid
needing to change this in the future.
Test: Run test that verifies allocations returned are zero and it passes.
Change-Id: Ie9f0b0d54f846008b1c6d5dc6e55c7031262d29e
vendor_snapshot_object modules do not provide sanitizers.
Avoid sanitizer mutation for these modules.
Bug: 234772527
Test: build against the vsdk with SANITIZE_TARGET=hwaddress
Change-Id: Ib4fe4def673aa77a4321f47c09393adcb2fa2964
When generating vsdk snapshot with SANITIZE_TARGET=hwaddress option,
include hwasan static libraries to the vendor snapshot.
Bug: 234772527
Test: build against the vsdk with SANITIZE_TARGET=hwaddress
Change-Id: I6fdecefaa8557b5c968745487a3ed7c959e682f9
