Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c2d7db1c authored by Ivan Lozano's avatar Ivan Lozano
Browse files

Overflow sanitization in frameworks/ and system/. 

Enables signed and unsigned integer overflow sanitization on-by-default
for modules in frameworks/ and system/ by using the integer_overflow
sanitization setting. This applies sanitization to dynamically linked
binaries and shared libraries, and comes with a default set of regex for
functions to exclude from sanitization.
(see build/soong/cc/config/integer_overflow_blacklist.txt)

Prepare to enable minimal runtime diagnostics for integer overflow
sanitization on userdebug and eng builds.

Adds an additional Make and product variable pair to apply integer
overflow sanitization by default to additional code paths.

Bug: 30969751
Bug: 63927620

Test: Included paths are being sanitized.

Test: CTS test suite run on Pixel, runtime errors resolved.
Test: Performance impact in benchmarks acceptable.
Test: Boot-up successful on current Google devices.
Test: Teamfooded in diagnostics mode on Pixel for a month.

Test: Phone calls, camera photos + videos, bluetooth pairing.
Test: Wifi, work profiles, streaming videos, app installation.
Test: Split-screen, airplane mode, battery saver.
Test: Toggling accessibility settings.

Change-Id: Icc7a558c86f8655267afb4ca01b316773325c91a
parent a7229a08

core/config_sanitizers.mk

+34 −1
Original line number Diff line number Diff line
@@ -34,6 +34,26 @@ ifneq ($(filter integer_overflow, $(my_global_sanitize)),) 
  endif

endif



# Enable integer overflow sanitizer in included paths.

# (includes override excludes)

ifeq ($(my_clang),true)

  ifndef LOCAL_IS_HOST_MODULE

    ifeq ($(filter integer_overflow, $(my_sanitize)),)

      combined_include_paths := $(DEFAULT_INTEGER_OVERFLOW_PATHS) \

                            $(INTEGER_OVERFLOW_INCLUDE_PATHS) \

                            $(PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS)

      ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_include_paths)),\

             $(filter $(dir)%,$(LOCAL_PATH)))),)

        my_global_sanitize := integer_overflow $(my_sanitize)

        # Ensure default paths do not run in diagnostics unless SANITIZE_TARGET_DIAG

        ifneq ($(filter integer_overflow, $(SANITIZE_TARGET_DIAG)),)

          my_global_sanitize_diag := integer_overflow $(my_sanitize_diag)

        endif

      endif

    endif

  endif

endif



# Disable global CFI in excluded paths

ifneq ($(filter cfi, $(my_global_sanitize)),)

  combined_exclude_paths := $(CFI_EXCLUDE_PATHS) \
@@ -211,6 +231,19 @@ ifneq ($(filter coverage,$(my_sanitize)),) 
  my_sanitize := $(filter-out coverage,$(my_sanitize))

endif



# Use minimal diagnostics when integer overflow is enabled on userdebug and eng

# and full diagnostics not enabled.

ifneq ($(findstring integer,$(my_sanitize)),)

  ifeq ($(findstring integer,$(my_sanitize_diag)),)

    ifeq ($(filter address,$(my_sanitize)),)

      # TODO(ivanlozano): uncomment after switch to clang-4536805

      ifneq ($(filter $(TARGET_BUILD_VARIANT),userdebug eng),)

        # my_cflags += -fsanitize-minimal-runtime

      endif

    endif

  endif

endif



ifneq ($(filter integer_overflow,$(my_sanitize)),)

  ifneq ($(filter SHARED_LIBRARIES EXECUTABLES,$(LOCAL_MODULE_CLASS)),)

    ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
@@ -226,7 +259,7 @@ ifneq ($(filter integer_overflow,$(my_sanitize)),) 
      my_cflags += -ftrap-function=abort

      my_cflags += $(INTEGER_OVERFLOW_EXTRA_CFLAGS)



      # Check for diagnostics mode (on by default).

      # Check for diagnostics mode.

      ifneq ($(filter integer_overflow,$(my_sanitize_diag)),)

        my_cflags += -fno-sanitize-trap=signed-integer-overflow,unsigned-integer-overflow

        my_shared_libraries := $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY) $(my_shared_libraries)

core/envsetup.mk

+5 −0
Original line number Diff line number Diff line
@@ -657,3 +657,8 @@ endif 
ifeq ($(CALLED_FROM_SETUP),true)

PRINT_BUILD_CONFIG ?= true

endif



# Set default integer overflow sanitization paths.

# Separate from INTEGER_OVERFLOW_INCLUDE_PATHS to ensure this is not overridden.

DEFAULT_INTEGER_OVERFLOW_PATHS := frameworks/ \

                                  system/

core/product.mk

+1 −0
Original line number Diff line number Diff line
@@ -146,6 +146,7 @@ _product_var_list := \ 
    PRODUCT_SYSTEM_HEADROOM \

    PRODUCT_MINIMIZE_JAVA_DEBUG_INFO \

    PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS \

    PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS \

    PRODUCT_ADB_KEYS \

    PRODUCT_CFI_INCLUDE_PATHS \

    PRODUCT_CFI_EXCLUDE_PATHS \

core/product_config.mk

+5 −0
Original line number Diff line number Diff line
@@ -463,6 +463,11 @@ PRODUCT_MINIMIZE_JAVA_DEBUG_INFO := \ 
PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS := \

    $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS))



# Paths that should have integer overflow sanitization applied by default

# (overrides excludes)

PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS := \

    $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS))



# ADB keys for debuggable builds

PRODUCT_ADB_KEYS :=

ifneq ($(filter eng userdebug,$(TARGET_BUILD_VARIANT)),)

core/soong_config.mk

+1 −0
Original line number Diff line number Diff line
@@ -94,6 +94,7 @@ $(call add_json_bool, Safestack, $(filter true,$(USE_SAF 
$(call add_json_bool, EnableCFI,                         $(call invert_bool,$(filter false,$(ENABLE_CFI))))

$(call add_json_list, CFIExcludePaths,                   $(CFI_EXCLUDE_PATHS) $(PRODUCT_CFI_EXCLUDE_PATHS))

$(call add_json_list, CFIIncludePaths,                   $(CFI_INCLUDE_PATHS) $(PRODUCT_CFI_INCLUDE_PATHS))

$(call add_json_list, IntegerOverflowIncludePaths,       $(DEFAULT_INTEGER_OVERFLOW_PATHS) $(INTEGER_OVERFLOW_INCLUDE_PATHS) $(PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS))

$(call add_json_list, IntegerOverflowExcludePaths,       $(INTEGER_OVERFLOW_EXCLUDE_PATHS) $(PRODUCT_INTEGER_OVERFLOW_EXCLUDE_PATHS))



$(call add_json_bool, ClangTidy,                         $(filter 1 true,$(WITH_TIDY)))