search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'pm-4.19-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
[linux-2.6/btrfs-unstable.git] / scripts / gcc-plugins / randomize_layout_plugin.c
blob6d5bbd31db7f2420fff6beb5ca71fc5dcf1eb493
1 /*
2 * Copyright 2014-2016 by Open Source Security, Inc., Brad Spengler <spender@grsecurity.net>
3 * and PaX Team <pageexec@freemail.hu>
4 * Licensed under the GPL v2
5 *
6 * Note: the choice of the license means that the compilation process is
7 * NOT 'eligible' as defined by gcc's library exception to the GPL v3,
8 * but for the kernel it doesn't matter since it doesn't link against
9 * any of the gcc libraries
10 *
11 * Usage:
12 * $ # for 4.5/4.6/C based 4.7
13 * $ gcc -I`gcc -print-file-name=plugin`/include -I`gcc -print-file-name=plugin`/include/c-family -fPIC -shared -O2 -o randomize_layout_plugin.so randomize_layout_plugin.c
14 * $ # for C++ based 4.7/4.8+
15 * $ g++ -I`g++ -print-file-name=plugin`/include -I`g++ -print-file-name=plugin`/include/c-family -fPIC -shared -O2 -o randomize_layout_plugin.so randomize_layout_plugin.c
16 * $ gcc -fplugin=./randomize_layout_plugin.so test.c -O2
17 */
18
19 #include "gcc-common.h"
20 #include "randomize_layout_seed.h"
21
22 #if BUILDING_GCC_MAJOR < 4 || (BUILDING_GCC_MAJOR == 4 && BUILDING_GCC_MINOR < 7)
23 #error "The RANDSTRUCT plugin requires GCC 4.7 or newer."
24 #endif
25
26 #define ORIG_TYPE_NAME(node) \
27 (TYPE_NAME(TYPE_MAIN_VARIANT(node)) != NULL_TREE ? ((const unsigned char *)IDENTIFIER_POINTER(TYPE_NAME(TYPE_MAIN_VARIANT(node)))) : (const unsigned char *)"anonymous")
28
29 #define INFORM(loc, msg, ...) inform(loc, "randstruct: " msg, ##__VA_ARGS__)
30 #define MISMATCH(loc, how, ...) INFORM(loc, "casting between randomized structure pointer types (" how "): %qT and %qT\n", __VA_ARGS__)
31
32 __visible int plugin_is_GPL_compatible;
33
34 static int performance_mode;
35
36 static struct plugin_info randomize_layout_plugin_info = {
37 .version = "201402201816vanilla",
38 .help = "disable\t\t\tdo not activate plugin\n"
39 "performance-mode\tenable cacheline-aware layout randomization\n"
40 };
41
42 struct whitelist_entry {
43 const char *pathname;
44 const char *lhs;
45 const char *rhs;
46 };
47
48 static const struct whitelist_entry whitelist[] = {
49 /* NIU overloads mapping with page struct */
50 { "drivers/net/ethernet/sun/niu.c", "page", "address_space" },
51 /* unix_skb_parms via UNIXCB() buffer */
52 { "net/unix/af_unix.c", "unix_skb_parms", "char" },
53 /* big_key payload.data struct splashing */
54 { "security/keys/big_key.c", "path", "void *" },
55 /* walk struct security_hook_heads as an array of struct hlist_head */
56 { "security/security.c", "hlist_head", "security_hook_heads" },
57 { }
58 };
59
60 /* from old Linux dcache.h */
61 static inline unsigned long
62 partial_name_hash(unsigned long c, unsigned long prevhash)
63 {
64 return (prevhash + (c << 4) + (c >> 4)) * 11;
65 }
66 static inline unsigned int
67 name_hash(const unsigned char *name)
68 {
69 unsigned long hash = 0;
70 unsigned int len = strlen((const char *)name);
71 while (len--)
72 hash = partial_name_hash(*name++, hash);
73 return (unsigned int)hash;
74 }
75
76 static tree handle_randomize_layout_attr(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
77 {
78 tree type;
79
80 *no_add_attrs = true;
81 if (TREE_CODE(*node) == FUNCTION_DECL) {
82 error("%qE attribute does not apply to functions (%qF)", name, *node);
83 return NULL_TREE;
84 }
85
86 if (TREE_CODE(*node) == PARM_DECL) {
87 error("%qE attribute does not apply to function parameters (%qD)", name, *node);
88 return NULL_TREE;
89 }
90
91 if (TREE_CODE(*node) == VAR_DECL) {
92 error("%qE attribute does not apply to variables (%qD)", name, *node);
93 return NULL_TREE;
94 }
95
96 if (TYPE_P(*node)) {
97 type = *node;
98 } else {
99 gcc_assert(TREE_CODE(*node) == TYPE_DECL);
100 type = TREE_TYPE(*node);
101 }
102
103 if (TREE_CODE(type) != RECORD_TYPE) {
104 error("%qE attribute used on %qT applies to struct types only", name, type);
105 return NULL_TREE;
106 }
107
108 if (lookup_attribute(IDENTIFIER_POINTER(name), TYPE_ATTRIBUTES(type))) {
109 error("%qE attribute is already applied to the type %qT", name, type);
110 return NULL_TREE;
111 }
112
113 *no_add_attrs = false;
114
115 return NULL_TREE;
116 }
117
118 /* set on complete types that we don't need to inspect further at all */
119 static tree handle_randomize_considered_attr(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
120 {
121 *no_add_attrs = false;
122 return NULL_TREE;
123 }
124
125 /*
126 * set on types that we've performed a shuffle on, to prevent re-shuffling
127 * this does not preclude us from inspecting its fields for potential shuffles
128 */
129 static tree handle_randomize_performed_attr(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
130 {
131 *no_add_attrs = false;
132 return NULL_TREE;
133 }
134
135 /*
136 * 64bit variant of Bob Jenkins' public domain PRNG
137 * 256 bits of internal state
138 */
139
140 typedef unsigned long long u64;
141
142 typedef struct ranctx { u64 a; u64 b; u64 c; u64 d; } ranctx;
143
144 #define rot(x,k) (((x)<<(k))|((x)>>(64-(k))))
145 static u64 ranval(ranctx *x) {
146 u64 e = x->a - rot(x->b, 7);
147 x->a = x->b ^ rot(x->c, 13);
148 x->b = x->c + rot(x->d, 37);
149 x->c = x->d + e;
150 x->d = e + x->a;
151 return x->d;
152 }
153
154 static void raninit(ranctx *x, u64 *seed) {
155 int i;
156
157 x->a = seed[0];
158 x->b = seed[1];
159 x->c = seed[2];
160 x->d = seed[3];
161
162 for (i=0; i < 30; ++i)
163 (void)ranval(x);
164 }
165
166 static u64 shuffle_seed[4];
167
168 struct partition_group {
169 tree tree_start;
170 unsigned long start;
171 unsigned long length;
172 };
173
174 static void partition_struct(tree *fields, unsigned long length, struct partition_group *size_groups, unsigned long *num_groups)
175 {
176 unsigned long i;
177 unsigned long accum_size = 0;
178 unsigned long accum_length = 0;
179 unsigned long group_idx = 0;
180
181 gcc_assert(length < INT_MAX);
182
183 memset(size_groups, 0, sizeof(struct partition_group) * length);
184
185 for (i = 0; i < length; i++) {
186 if (size_groups[group_idx].tree_start == NULL_TREE) {
187 size_groups[group_idx].tree_start = fields[i];
188 size_groups[group_idx].start = i;
189 accum_length = 0;
190 accum_size = 0;
191 }
192 accum_size += (unsigned long)int_size_in_bytes(TREE_TYPE(fields[i]));
193 accum_length++;
194 if (accum_size >= 64) {
195 size_groups[group_idx].length = accum_length;
196 accum_length = 0;
197 group_idx++;
198 }
199 }
200
201 if (size_groups[group_idx].tree_start != NULL_TREE &&
202 !size_groups[group_idx].length) {
203 size_groups[group_idx].length = accum_length;
204 group_idx++;
205 }
206
207 *num_groups = group_idx;
208 }
209
210 static void performance_shuffle(tree *newtree, unsigned long length, ranctx *prng_state)
211 {
212 unsigned long i, x;
213 struct partition_group size_group[length];
214 unsigned long num_groups = 0;
215 unsigned long randnum;
216
217 partition_struct(newtree, length, (struct partition_group *)&size_group, &num_groups);
218 for (i = num_groups - 1; i > 0; i--) {
219 struct partition_group tmp;
220 randnum = ranval(prng_state) % (i + 1);
221 tmp = size_group[i];
222 size_group[i] = size_group[randnum];
223 size_group[randnum] = tmp;
224 }
225
226 for (x = 0; x < num_groups; x++) {
227 for (i = size_group[x].start + size_group[x].length - 1; i > size_group[x].start; i--) {
228 tree tmp;
229 if (DECL_BIT_FIELD_TYPE(newtree[i]))
230 continue;
231 randnum = ranval(prng_state) % (i + 1);
232 // we could handle this case differently if desired
233 if (DECL_BIT_FIELD_TYPE(newtree[randnum]))
234 continue;
235 tmp = newtree[i];
236 newtree[i] = newtree[randnum];
237 newtree[randnum] = tmp;
238 }
239 }
240 }
241
242 static void full_shuffle(tree *newtree, unsigned long length, ranctx *prng_state)
243 {
244 unsigned long i, randnum;
245
246 for (i = length - 1; i > 0; i--) {
247 tree tmp;
248 randnum = ranval(prng_state) % (i + 1);
249 tmp = newtree[i];
250 newtree[i] = newtree[randnum];
251 newtree[randnum] = tmp;
252 }
253 }
254
255 /* modern in-place Fisher-Yates shuffle */
256 static void shuffle(const_tree type, tree *newtree, unsigned long length)
257 {
258 unsigned long i;
259 u64 seed[4];
260 ranctx prng_state;
261 const unsigned char *structname;
262
263 if (length == 0)
264 return;
265
266 gcc_assert(TREE_CODE(type) == RECORD_TYPE);
267
268 structname = ORIG_TYPE_NAME(type);
269
270 #ifdef __DEBUG_PLUGIN
271 fprintf(stderr, "Shuffling struct %s %p\n", (const char *)structname, type);
272 #ifdef __DEBUG_VERBOSE
273 debug_tree((tree)type);
274 #endif
275 #endif
276
277 for (i = 0; i < 4; i++) {
278 seed[i] = shuffle_seed[i];
279 seed[i] ^= name_hash(structname);
280 }
281
282 raninit(&prng_state, (u64 *)&seed);
283
284 if (performance_mode)
285 performance_shuffle(newtree, length, &prng_state);
286 else
287 full_shuffle(newtree, length, &prng_state);
288 }
289
290 static bool is_flexible_array(const_tree field)
291 {
292 const_tree fieldtype;
293 const_tree typesize;
294 const_tree elemtype;
295 const_tree elemsize;
296
297 fieldtype = TREE_TYPE(field);
298 typesize = TYPE_SIZE(fieldtype);
299
300 if (TREE_CODE(fieldtype) != ARRAY_TYPE)
301 return false;
302
303 elemtype = TREE_TYPE(fieldtype);
304 elemsize = TYPE_SIZE(elemtype);
305
306 /* size of type is represented in bits */
307
308 if (typesize == NULL_TREE && TYPE_DOMAIN(fieldtype) != NULL_TREE &&
309 TYPE_MAX_VALUE(TYPE_DOMAIN(fieldtype)) == NULL_TREE)
310 return true;
311
312 if (typesize != NULL_TREE &&
313 (TREE_CONSTANT(typesize) && (!tree_to_uhwi(typesize) ||
314 tree_to_uhwi(typesize) == tree_to_uhwi(elemsize))))
315 return true;
316
317 return false;
318 }
319
320 static int relayout_struct(tree type)
321 {
322 unsigned long num_fields = (unsigned long)list_length(TYPE_FIELDS(type));
323 unsigned long shuffle_length = num_fields;
324 tree field;
325 tree newtree[num_fields];
326 unsigned long i;
327 tree list;
328 tree variant;
329 tree main_variant;
330 expanded_location xloc;
331 bool has_flexarray = false;
332
333 if (TYPE_FIELDS(type) == NULL_TREE)
334 return 0;
335
336 if (num_fields < 2)
337 return 0;
338
339 gcc_assert(TREE_CODE(type) == RECORD_TYPE);
340
341 gcc_assert(num_fields < INT_MAX);
342
343 if (lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(type)) ||
344 lookup_attribute("no_randomize_layout", TYPE_ATTRIBUTES(TYPE_MAIN_VARIANT(type))))
345 return 0;
346
347 /* Workaround for 3rd-party VirtualBox source that we can't modify ourselves */
348 if (!strcmp((const char *)ORIG_TYPE_NAME(type), "INTNETTRUNKFACTORY") ||
349 !strcmp((const char *)ORIG_TYPE_NAME(type), "RAWPCIFACTORY"))
350 return 0;
351
352 /* throw out any structs in uapi */
353 xloc = expand_location(DECL_SOURCE_LOCATION(TYPE_FIELDS(type)));
354
355 if (strstr(xloc.file, "/uapi/"))
356 error(G_("attempted to randomize userland API struct %s"), ORIG_TYPE_NAME(type));
357
358 for (field = TYPE_FIELDS(type), i = 0; field; field = TREE_CHAIN(field), i++) {
359 gcc_assert(TREE_CODE(field) == FIELD_DECL);
360 newtree[i] = field;
361 }
362
363 /*
364 * enforce that we don't randomize the layout of the last
365 * element of a struct if it's a 0 or 1-length array
366 * or a proper flexible array
367 */
368 if (is_flexible_array(newtree[num_fields - 1])) {
369 has_flexarray = true;
370 shuffle_length--;
371 }
372
373 shuffle(type, (tree *)newtree, shuffle_length);
374
375 /*
376 * set up a bogus anonymous struct field designed to error out on unnamed struct initializers
377 * as gcc provides no other way to detect such code
378 */
379 list = make_node(FIELD_DECL);
380 TREE_CHAIN(list) = newtree[0];
381 TREE_TYPE(list) = void_type_node;
382 DECL_SIZE(list) = bitsize_zero_node;
383 DECL_NONADDRESSABLE_P(list) = 1;
384 DECL_FIELD_BIT_OFFSET(list) = bitsize_zero_node;
385 DECL_SIZE_UNIT(list) = size_zero_node;
386 DECL_FIELD_OFFSET(list) = size_zero_node;
387 DECL_CONTEXT(list) = type;
388 // to satisfy the constify plugin
389 TREE_READONLY(list) = 1;
390
391 for (i = 0; i < num_fields - 1; i++)
392 TREE_CHAIN(newtree[i]) = newtree[i+1];
393 TREE_CHAIN(newtree[num_fields - 1]) = NULL_TREE;
394
395 main_variant = TYPE_MAIN_VARIANT(type);
396 for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) {
397 TYPE_FIELDS(variant) = list;
398 TYPE_ATTRIBUTES(variant) = copy_list(TYPE_ATTRIBUTES(variant));
399 TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("randomize_performed"), NULL_TREE, TYPE_ATTRIBUTES(variant));
400 TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("designated_init"), NULL_TREE, TYPE_ATTRIBUTES(variant));
401 if (has_flexarray)
402 TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("has_flexarray"), NULL_TREE, TYPE_ATTRIBUTES(type));
403 }
404
405 /*
406 * force a re-layout of the main variant
407 * the TYPE_SIZE for all variants will be recomputed
408 * by finalize_type_size()
409 */
410 TYPE_SIZE(main_variant) = NULL_TREE;
411 layout_type(main_variant);
412 gcc_assert(TYPE_SIZE(main_variant) != NULL_TREE);
413
414 return 1;
415 }
416
417 /* from constify plugin */
418 static const_tree get_field_type(const_tree field)
419 {
420 return strip_array_types(TREE_TYPE(field));
421 }
422
423 /* from constify plugin */
424 static bool is_fptr(const_tree fieldtype)
425 {
426 if (TREE_CODE(fieldtype) != POINTER_TYPE)
427 return false;
428
429 return TREE_CODE(TREE_TYPE(fieldtype)) == FUNCTION_TYPE;
430 }
431
432 /* derived from constify plugin */
433 static int is_pure_ops_struct(const_tree node)
434 {
435 const_tree field;
436
437 gcc_assert(TREE_CODE(node) == RECORD_TYPE || TREE_CODE(node) == UNION_TYPE);
438
439 for (field = TYPE_FIELDS(node); field; field = TREE_CHAIN(field)) {
440 const_tree fieldtype = get_field_type(field);
441 enum tree_code code = TREE_CODE(fieldtype);
442
443 if (node == fieldtype)
444 continue;
445
446 if (!is_fptr(fieldtype))
447 return 0;
448
449 if (code != RECORD_TYPE && code != UNION_TYPE)
450 continue;
451
452 if (!is_pure_ops_struct(fieldtype))
453 return 0;
454 }
455
456 return 1;
457 }
458
459 static void randomize_type(tree type)
460 {
461 tree variant;
462
463 gcc_assert(TREE_CODE(type) == RECORD_TYPE);
464
465 if (lookup_attribute("randomize_considered", TYPE_ATTRIBUTES(type)))
466 return;
467
468 if (lookup_attribute("randomize_layout", TYPE_ATTRIBUTES(TYPE_MAIN_VARIANT(type))) || is_pure_ops_struct(type))
469 relayout_struct(type);
470
471 for (variant = TYPE_MAIN_VARIANT(type); variant; variant = TYPE_NEXT_VARIANT(variant)) {
472 TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type));
473 TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("randomize_considered"), NULL_TREE, TYPE_ATTRIBUTES(type));
474 }
475 #ifdef __DEBUG_PLUGIN
476 fprintf(stderr, "Marking randomize_considered on struct %s\n", ORIG_TYPE_NAME(type));
477 #ifdef __DEBUG_VERBOSE
478 debug_tree(type);
479 #endif
480 #endif
481 }
482
483 static void update_decl_size(tree decl)
484 {
485 tree lastval, lastidx, field, init, type, flexsize;
486 unsigned HOST_WIDE_INT len;
487
488 type = TREE_TYPE(decl);
489
490 if (!lookup_attribute("has_flexarray", TYPE_ATTRIBUTES(type)))
491 return;
492
493 init = DECL_INITIAL(decl);
494 if (init == NULL_TREE || init == error_mark_node)
495 return;
496
497 if (TREE_CODE(init) != CONSTRUCTOR)
498 return;
499
500 len = CONSTRUCTOR_NELTS(init);
501 if (!len)
502 return;
503
504 lastval = CONSTRUCTOR_ELT(init, CONSTRUCTOR_NELTS(init) - 1)->value;
505 lastidx = CONSTRUCTOR_ELT(init, CONSTRUCTOR_NELTS(init) - 1)->index;
506
507 for (field = TYPE_FIELDS(TREE_TYPE(decl)); TREE_CHAIN(field); field = TREE_CHAIN(field))
508 ;
509
510 if (lastidx != field)
511 return;
512
513 if (TREE_CODE(lastval) != STRING_CST) {
514 error("Only string constants are supported as initializers "
515 "for randomized structures with flexible arrays");
516 return;
517 }
518
519 flexsize = bitsize_int(TREE_STRING_LENGTH(lastval) *
520 tree_to_uhwi(TYPE_SIZE(TREE_TYPE(TREE_TYPE(lastval)))));
521
522 DECL_SIZE(decl) = size_binop(PLUS_EXPR, TYPE_SIZE(type), flexsize);
523
524 return;
525 }
526
527
528 static void randomize_layout_finish_decl(void *event_data, void *data)
529 {
530 tree decl = (tree)event_data;
531 tree type;
532
533 if (decl == NULL_TREE || decl == error_mark_node)
534 return;
535
536 type = TREE_TYPE(decl);
537
538 if (TREE_CODE(decl) != VAR_DECL)
539 return;
540
541 if (TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE)
542 return;
543
544 if (!lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(type)))
545 return;
546
547 DECL_SIZE(decl) = 0;
548 DECL_SIZE_UNIT(decl) = 0;
549 SET_DECL_ALIGN(decl, 0);
550 SET_DECL_MODE (decl, VOIDmode);
551 SET_DECL_RTL(decl, 0);
552 update_decl_size(decl);
553 layout_decl(decl, 0);
554 }
555
556 static void finish_type(void *event_data, void *data)
557 {
558 tree type = (tree)event_data;
559
560 if (type == NULL_TREE || type == error_mark_node)
561 return;
562
563 if (TREE_CODE(type) != RECORD_TYPE)
564 return;
565
566 if (TYPE_FIELDS(type) == NULL_TREE)
567 return;
568
569 if (lookup_attribute("randomize_considered", TYPE_ATTRIBUTES(type)))
570 return;
571
572 #ifdef __DEBUG_PLUGIN
573 fprintf(stderr, "Calling randomize_type on %s\n", ORIG_TYPE_NAME(type));
574 #endif
575 #ifdef __DEBUG_VERBOSE
576 debug_tree(type);
577 #endif
578 randomize_type(type);
579
580 return;
581 }
582
583 static struct attribute_spec randomize_layout_attr = { };
584 static struct attribute_spec no_randomize_layout_attr = { };
585 static struct attribute_spec randomize_considered_attr = { };
586 static struct attribute_spec randomize_performed_attr = { };
587
588 static void register_attributes(void *event_data, void *data)
589 {
590 randomize_layout_attr.name = "randomize_layout";
591 randomize_layout_attr.type_required = true;
592 randomize_layout_attr.handler = handle_randomize_layout_attr;
593 #if BUILDING_GCC_VERSION >= 4007
594 randomize_layout_attr.affects_type_identity = true;
595 #endif
596
597 no_randomize_layout_attr.name = "no_randomize_layout";
598 no_randomize_layout_attr.type_required = true;
599 no_randomize_layout_attr.handler = handle_randomize_layout_attr;
600 #if BUILDING_GCC_VERSION >= 4007
601 no_randomize_layout_attr.affects_type_identity = true;
602 #endif
603
604 randomize_considered_attr.name = "randomize_considered";
605 randomize_considered_attr.type_required = true;
606 randomize_considered_attr.handler = handle_randomize_considered_attr;
607
608 randomize_performed_attr.name = "randomize_performed";
609 randomize_performed_attr.type_required = true;
610 randomize_performed_attr.handler = handle_randomize_performed_attr;
611
612 register_attribute(&randomize_layout_attr);
613 register_attribute(&no_randomize_layout_attr);
614 register_attribute(&randomize_considered_attr);
615 register_attribute(&randomize_performed_attr);
616 }
617
618 static void check_bad_casts_in_constructor(tree var, tree init)
619 {
620 unsigned HOST_WIDE_INT idx;
621 tree field, val;
622 tree field_type, val_type;
623
624 FOR_EACH_CONSTRUCTOR_ELT(CONSTRUCTOR_ELTS(init), idx, field, val) {
625 if (TREE_CODE(val) == CONSTRUCTOR) {
626 check_bad_casts_in_constructor(var, val);
627 continue;
628 }
629
630 /* pipacs' plugin creates franken-arrays that differ from those produced by
631 normal code which all have valid 'field' trees. work around this */
632 if (field == NULL_TREE)
633 continue;
634 field_type = TREE_TYPE(field);
635 val_type = TREE_TYPE(val);
636
637 if (TREE_CODE(field_type) != POINTER_TYPE || TREE_CODE(val_type) != POINTER_TYPE)
638 continue;
639
640 if (field_type == val_type)
641 continue;
642
643 field_type = TYPE_MAIN_VARIANT(strip_array_types(TYPE_MAIN_VARIANT(TREE_TYPE(field_type))));
644 val_type = TYPE_MAIN_VARIANT(strip_array_types(TYPE_MAIN_VARIANT(TREE_TYPE(val_type))));
645
646 if (field_type == void_type_node)
647 continue;
648 if (field_type == val_type)
649 continue;
650 if (TREE_CODE(val_type) != RECORD_TYPE)
651 continue;
652
653 if (!lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(val_type)))
654 continue;
655 MISMATCH(DECL_SOURCE_LOCATION(var), "constructor\n", TYPE_MAIN_VARIANT(field_type), TYPE_MAIN_VARIANT(val_type));
656 }
657 }
658
659 /* derived from the constify plugin */
660 static void check_global_variables(void *event_data, void *data)
661 {
662 struct varpool_node *node;
663 tree init;
664
665 FOR_EACH_VARIABLE(node) {
666 tree var = NODE_DECL(node);
667 init = DECL_INITIAL(var);
668 if (init == NULL_TREE)
669 continue;
670
671 if (TREE_CODE(init) != CONSTRUCTOR)
672 continue;
673
674 check_bad_casts_in_constructor(var, init);
675 }
676 }
677
678 static bool dominated_by_is_err(const_tree rhs, basic_block bb)
679 {
680 basic_block dom;
681 gimple dom_stmt;
682 gimple call_stmt;
683 const_tree dom_lhs;
684 const_tree poss_is_err_cond;
685 const_tree poss_is_err_func;
686 const_tree is_err_arg;
687
688 dom = get_immediate_dominator(CDI_DOMINATORS, bb);
689 if (!dom)
690 return false;
691
692 dom_stmt = last_stmt(dom);
693 if (!dom_stmt)
694 return false;
695
696 if (gimple_code(dom_stmt) != GIMPLE_COND)
697 return false;
698
699 if (gimple_cond_code(dom_stmt) != NE_EXPR)
700 return false;
701
702 if (!integer_zerop(gimple_cond_rhs(dom_stmt)))
703 return false;
704
705 poss_is_err_cond = gimple_cond_lhs(dom_stmt);
706
707 if (TREE_CODE(poss_is_err_cond) != SSA_NAME)
708 return false;
709
710 call_stmt = SSA_NAME_DEF_STMT(poss_is_err_cond);
711
712 if (gimple_code(call_stmt) != GIMPLE_CALL)
713 return false;
714
715 dom_lhs = gimple_get_lhs(call_stmt);
716 poss_is_err_func = gimple_call_fndecl(call_stmt);
717 if (!poss_is_err_func)
718 return false;
719 if (dom_lhs != poss_is_err_cond)
720 return false;
721 if (strcmp(DECL_NAME_POINTER(poss_is_err_func), "IS_ERR"))
722 return false;
723
724 is_err_arg = gimple_call_arg(call_stmt, 0);
725 if (!is_err_arg)
726 return false;
727
728 if (is_err_arg != rhs)
729 return false;
730
731 return true;
732 }
733
734 static void handle_local_var_initializers(void)
735 {
736 tree var;
737 unsigned int i;
738
739 FOR_EACH_LOCAL_DECL(cfun, i, var) {
740 tree init = DECL_INITIAL(var);
741 if (!init)
742 continue;
743 if (TREE_CODE(init) != CONSTRUCTOR)
744 continue;
745 check_bad_casts_in_constructor(var, init);
746 }
747 }
748
749 static bool type_name_eq(gimple stmt, const_tree type_tree, const char *wanted_name)
750 {
751 const char *type_name;
752
753 if (type_tree == NULL_TREE)
754 return false;
755
756 switch (TREE_CODE(type_tree)) {
757 case RECORD_TYPE:
758 type_name = TYPE_NAME_POINTER(type_tree);
759 break;
760 case INTEGER_TYPE:
761 if (TYPE_PRECISION(type_tree) == CHAR_TYPE_SIZE)
762 type_name = "char";
763 else {
764 INFORM(gimple_location(stmt), "found non-char INTEGER_TYPE cast comparison: %qT\n", type_tree);
765 debug_tree(type_tree);
766 return false;
767 }
768 break;
769 case POINTER_TYPE:
770 if (TREE_CODE(TREE_TYPE(type_tree)) == VOID_TYPE) {
771 type_name = "void *";
772 break;
773 } else {
774 INFORM(gimple_location(stmt), "found non-void POINTER_TYPE cast comparison %qT\n", type_tree);
775 debug_tree(type_tree);
776 return false;
777 }
778 default:
779 INFORM(gimple_location(stmt), "unhandled cast comparison: %qT\n", type_tree);
780 debug_tree(type_tree);
781 return false;
782 }
783
784 return strcmp(type_name, wanted_name) == 0;
785 }
786
787 static bool whitelisted_cast(gimple stmt, const_tree lhs_tree, const_tree rhs_tree)
788 {
789 const struct whitelist_entry *entry;
790 expanded_location xloc = expand_location(gimple_location(stmt));
791
792 for (entry = whitelist; entry->pathname; entry++) {
793 if (!strstr(xloc.file, entry->pathname))
794 continue;
795
796 if (type_name_eq(stmt, lhs_tree, entry->lhs) && type_name_eq(stmt, rhs_tree, entry->rhs))
797 return true;
798 }
799
800 return false;
801 }
802
803 /*
804 * iterate over all statements to find "bad" casts:
805 * those where the address of the start of a structure is cast
806 * to a pointer of a structure of a different type, or a
807 * structure pointer type is cast to a different structure pointer type
808 */
809 static unsigned int find_bad_casts_execute(void)
810 {
811 basic_block bb;
812
813 handle_local_var_initializers();
814
815 FOR_EACH_BB_FN(bb, cfun) {
816 gimple_stmt_iterator gsi;
817
818 for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
819 gimple stmt;
820 const_tree lhs;
821 const_tree lhs_type;
822 const_tree rhs1;
823 const_tree rhs_type;
824 const_tree ptr_lhs_type;
825 const_tree ptr_rhs_type;
826 const_tree op0;
827 const_tree op0_type;
828 enum tree_code rhs_code;
829
830 stmt = gsi_stmt(gsi);
831
832 #ifdef __DEBUG_PLUGIN
833 #ifdef __DEBUG_VERBOSE
834 debug_gimple_stmt(stmt);
835 debug_tree(gimple_get_lhs(stmt));
836 #endif
837 #endif
838
839 if (gimple_code(stmt) != GIMPLE_ASSIGN)
840 continue;
841
842 #ifdef __DEBUG_PLUGIN
843 #ifdef __DEBUG_VERBOSE
844 debug_tree(gimple_assign_rhs1(stmt));
845 #endif
846 #endif
847
848
849 rhs_code = gimple_assign_rhs_code(stmt);
850
851 if (rhs_code != ADDR_EXPR && rhs_code != SSA_NAME)
852 continue;
853
854 lhs = gimple_get_lhs(stmt);
855 lhs_type = TREE_TYPE(lhs);
856 rhs1 = gimple_assign_rhs1(stmt);
857 rhs_type = TREE_TYPE(rhs1);
858
859 if (TREE_CODE(rhs_type) != POINTER_TYPE ||
860 TREE_CODE(lhs_type) != POINTER_TYPE)
861 continue;
862
863 ptr_lhs_type = TYPE_MAIN_VARIANT(strip_array_types(TYPE_MAIN_VARIANT(TREE_TYPE(lhs_type))));
864 ptr_rhs_type = TYPE_MAIN_VARIANT(strip_array_types(TYPE_MAIN_VARIANT(TREE_TYPE(rhs_type))));
865
866 if (ptr_rhs_type == void_type_node)
867 continue;
868
869 if (ptr_lhs_type == void_type_node)
870 continue;
871
872 if (dominated_by_is_err(rhs1, bb))
873 continue;
874
875 if (TREE_CODE(ptr_rhs_type) != RECORD_TYPE) {
876 #ifndef __DEBUG_PLUGIN
877 if (lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(ptr_lhs_type)))
878 #endif
879 {
880 if (!whitelisted_cast(stmt, ptr_lhs_type, ptr_rhs_type))
881 MISMATCH(gimple_location(stmt), "rhs", ptr_lhs_type, ptr_rhs_type);
882 }
883 continue;
884 }
885
886 if (rhs_code == SSA_NAME && ptr_lhs_type == ptr_rhs_type)
887 continue;
888
889 if (rhs_code == ADDR_EXPR) {
890 op0 = TREE_OPERAND(rhs1, 0);
891
892 if (op0 == NULL_TREE)
893 continue;
894
895 if (TREE_CODE(op0) != VAR_DECL)
896 continue;
897
898 op0_type = TYPE_MAIN_VARIANT(strip_array_types(TYPE_MAIN_VARIANT(TREE_TYPE(op0))));
899 if (op0_type == ptr_lhs_type)
900 continue;
901
902 #ifndef __DEBUG_PLUGIN
903 if (lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(op0_type)))
904 #endif
905 {
906 if (!whitelisted_cast(stmt, ptr_lhs_type, op0_type))
907 MISMATCH(gimple_location(stmt), "op0", ptr_lhs_type, op0_type);
908 }
909 } else {
910 const_tree ssa_name_var = SSA_NAME_VAR(rhs1);
911 /* skip bogus type casts introduced by container_of */
912 if (ssa_name_var != NULL_TREE && DECL_NAME(ssa_name_var) &&
913 !strcmp((const char *)DECL_NAME_POINTER(ssa_name_var), "__mptr"))
914 continue;
915 #ifndef __DEBUG_PLUGIN
916 if (lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(ptr_rhs_type)))
917 #endif
918 {
919 if (!whitelisted_cast(stmt, ptr_lhs_type, ptr_rhs_type))
920 MISMATCH(gimple_location(stmt), "ssa", ptr_lhs_type, ptr_rhs_type);
921 }
922 }
923
924 }
925 }
926 return 0;
927 }
928
929 #define PASS_NAME find_bad_casts
930 #define NO_GATE
931 #define TODO_FLAGS_FINISH TODO_dump_func
932 #include "gcc-generate-gimple-pass.h"
933
934 __visible int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
935 {
936 int i;
937 const char * const plugin_name = plugin_info->base_name;
938 const int argc = plugin_info->argc;
939 const struct plugin_argument * const argv = plugin_info->argv;
940 bool enable = true;
941 int obtained_seed = 0;
942 struct register_pass_info find_bad_casts_pass_info;
943
944 find_bad_casts_pass_info.pass = make_find_bad_casts_pass();
945 find_bad_casts_pass_info.reference_pass_name = "ssa";
946 find_bad_casts_pass_info.ref_pass_instance_number = 1;
947 find_bad_casts_pass_info.pos_op = PASS_POS_INSERT_AFTER;
948
949 if (!plugin_default_version_check(version, &gcc_version)) {
950 error(G_("incompatible gcc/plugin versions"));
951 return 1;
952 }
953
954 if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) {
955 inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name);
956 enable = false;
957 }
958
959 for (i = 0; i < argc; ++i) {
960 if (!strcmp(argv[i].key, "disable")) {
961 enable = false;
962 continue;
963 }
964 if (!strcmp(argv[i].key, "performance-mode")) {
965 performance_mode = 1;
966 continue;
967 }
968 error(G_("unknown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
969 }
970
971 if (strlen(randstruct_seed) != 64) {
972 error(G_("invalid seed value supplied for %s plugin"), plugin_name);
973 return 1;
974 }
975 obtained_seed = sscanf(randstruct_seed, "%016llx%016llx%016llx%016llx",
976 &shuffle_seed[0], &shuffle_seed[1], &shuffle_seed[2], &shuffle_seed[3]);
977 if (obtained_seed != 4) {
978 error(G_("Invalid seed supplied for %s plugin"), plugin_name);
979 return 1;
980 }
981
982 register_callback(plugin_name, PLUGIN_INFO, NULL, &randomize_layout_plugin_info);
983 if (enable) {
984 register_callback(plugin_name, PLUGIN_ALL_IPA_PASSES_START, check_global_variables, NULL);
985 register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &find_bad_casts_pass_info);
986 register_callback(plugin_name, PLUGIN_FINISH_TYPE, finish_type, NULL);
987 register_callback(plugin_name, PLUGIN_FINISH_DECL, randomize_layout_finish_decl, NULL);
988 }
989 register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL);
990
991 return 0;
992 }
(deprecated) Btrfs devel tree