diff options
| author | Alexander Potapenko <glider@google.com> | 2025-09-10 15:36:25 +0200 |
|---|---|---|
| committer | Alexander Potapenko <glider@google.com> | 2025-09-11 08:49:06 +0000 |
| commit | 08b12344149080c5f71deae8d8f63662d1a7be2d (patch) | |
| tree | 63473c6b1d61c47e875bf0b50498456a4ec7ef6e | |
| parent | 4e737d7cdbccc4346473e64ae19614a66c1ddf6b (diff) | |
executor: introduce __no_stack_protector and use it for guest code
When compiling the executor in syz-env-old, -fstack-protector may
kick in and introduce global accesses that tools/check-syzos.sh reports.
To prevent this, introduce the __no_stack_protector macro attribute that
disable stack protection for the function in question, and use it for
guest code.
While at it, factor out some common definitions into common_kvm_syzos.h
| -rw-r--r-- | executor/common_kvm_amd64_syzos.h | 12 | ||||
| -rw-r--r-- | executor/common_kvm_arm64_syzos.h | 15 | ||||
| -rw-r--r-- | executor/common_kvm_syzos.h | 33 |
3 files changed, 37 insertions, 23 deletions
diff --git a/executor/common_kvm_amd64_syzos.h b/executor/common_kvm_amd64_syzos.h index 32e09e0ba..655e83ce3 100644 --- a/executor/common_kvm_amd64_syzos.h +++ b/executor/common_kvm_amd64_syzos.h @@ -3,21 +3,11 @@ // This file provides guest code running inside the AMD64 KVM. +#include "common_kvm_syzos.h" #include "kvm.h" #include <linux/kvm.h> #include <stdbool.h> -// Host will map the code in this section into the guest address space. -#define GUEST_CODE __attribute__((section("guest"))) - -// Prevent function inlining. This attribute is applied to every guest_handle_* function, -// making sure they remain small so that the compiler does not attempt to be too clever -// (e.g. generate switch tables). -#define noinline __attribute__((noinline)) - -// Start/end of the guest section. -extern char *__start_guest, *__stop_guest; - // Compilers will eagerly try to transform the switch statement in guest_main() // into a jump table, unless the cases are sparse enough. // We use prime numbers multiplied by 10 to prevent this behavior. diff --git a/executor/common_kvm_arm64_syzos.h b/executor/common_kvm_arm64_syzos.h index 41a7f184b..2dd00a146 100644 --- a/executor/common_kvm_arm64_syzos.h +++ b/executor/common_kvm_arm64_syzos.h @@ -3,21 +3,11 @@ // This file provides guest code running inside the ARM64 KVM. +#include "common_kvm_syzos.h" #include "kvm.h" #include <linux/kvm.h> #include <stdbool.h> -// Host will map the code in this section into the guest address space. -#define GUEST_CODE __attribute__((section("guest"))) - -// Prevent function inlining. This attribute is applied to every guest_handle_* function, -// making sure they remain small so that the compiler does not attempt to be too clever -// (e.g. generate switch tables). -#define noinline __attribute__((noinline)) - -// Start/end of the guest section. -extern char *__start_guest, *__stop_guest; - // Compilers will eagerly try to transform the switch statement in guest_main() // into a jump table, unless the cases are sparse enough. // We use prime numbers multiplied by 10 to prevent this behavior. @@ -1201,7 +1191,8 @@ GUEST_CODE static void its_send_movall_cmd(uint64 cmdq_base, uint32 vcpu_id, uin its_send_cmd(cmdq_base, &cmd); } -GUEST_CODE static void its_send_invall_cmd(uint64 cmdq_base, uint32 collection_id) +GUEST_CODE static void +its_send_invall_cmd(uint64 cmdq_base, uint32 collection_id) { struct its_cmd_block cmd; guest_memzero(&cmd, sizeof(cmd)); diff --git a/executor/common_kvm_syzos.h b/executor/common_kvm_syzos.h new file mode 100644 index 000000000..a635d517b --- /dev/null +++ b/executor/common_kvm_syzos.h @@ -0,0 +1,33 @@ +// Copyright 2025 syzkaller project authors. All rights reserved. +// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +// Common SYZOS definitions. + +// Prevent function inlining. This attribute is applied to every guest_handle_* function, +// making sure they remain small so that the compiler does not attempt to be too clever +// (e.g. generate switch tables). +#define noinline __attribute__((noinline)) + +// __no_stack_protector disables -fstack-protector which may introduce unwanted global accesses. +// TODO(glider): once syz-env-old migrates to GCC>11 we can just use +// __attribute__((no_stack_protector)). +#if defined(__clang__) +// Clang supports the no_stack_protector attribute. +#define __no_stack_protector __attribute__((no_stack_protector)) +#elif defined(__GNUC__) +// The no_stack_protector attribute was introduced in GCC 11.1. +#if __GNUC__ > 11 +#define __no_stack_protector __attribute__((no_stack_protector)) +#else +// Fallback to the optimize attribute for older GCC versions. +#define __no_stack_protector __attribute__((__optimize__("-fno-stack-protector"))) +#endif +#else +#define __no_stack_protector +#endif + +// Host will map the code in this section into the guest address space. +#define GUEST_CODE __attribute__((section("guest"))) __no_stack_protector + +// Start/end of the guest section. +extern char *__start_guest, *__stop_guest; |