Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

using extern "x86-interrupt" + #[naked] + kernel address sanitizer crashes compiler #129224

Closed
Freax13 opened this issue Aug 18, 2024 · 6 comments · Fixed by #129891
Closed

using extern "x86-interrupt" + #[naked] + kernel address sanitizer crashes compiler #129224

Freax13 opened this issue Aug 18, 2024 · 6 comments · Fixed by #129891
Assignees
@nikic
Labels
A-ABI Area: Concerning the application binary interface (ABI) A-LLVM Area: Code generation parts specific to LLVM. Both correctness bugs and optimization-related issues. A-naked Area: `#[naked]`, prologue and epilogue-free, functions, https://git.io/vAzzS A-sanitizers Area: Sanitizers for correctness and code quality C-bug Category: This is a bug. F-naked_functions `#![feature(naked_functions)]` I-crash Issue: The compiler crashes (SIGSEGV, SIGABRT, etc). Use I-ICE instead when the compiler panics. O-bare-metal Target: Rust without an operating system O-x86_64 Target: x86-64 processors (like x86_64-*) PG-exploit-mitigations Project group: Exploit mitigations T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.

Comments

@Freax13
Copy link
Contributor

Freax13 commented Aug 18, 2024

I tried this code:

#![no_std]
#![feature(abi_x86_interrupt)]
#![feature(naked_functions)]

#[naked]
pub extern "x86-interrupt" fn page_fault_handler(_: u64, _: u64) {
    unsafe {
        core::arch::asm!("ud2", options(noreturn));
    }
}

And compiled it with --target x86_64-unknown-none -Zsanitizer=kernel-address.

I expected to see this happen: The compiler should generate a function page_fault_handler which only contains the ud2 instruction.

Instead, this happened: The compiler crashes with SIGILL.

Meta

rustc --version --verbose:

rustc 1.82.0-nightly (506052d49 2024-08-16)
binary: rustc
commit-hash: 506052d49d3903ea554e4ce760cc53610cff4ef5
commit-date: 2024-08-16
host: x86_64-unknown-linux-gnu
release: 1.82.0-nightly
LLVM version: 19.1.0

As requested in #127853 (comment).
@Freax13 Freax13 added the C-bug Category: This is a bug. label Aug 18, 2024
@rustbot rustbot added the needs-triage This issue may need triage. Remove it if it has been sufficiently triaged. label Aug 18, 2024
@workingjubilee workingjubilee added A-naked Area: `#[naked]`, prologue and epilogue-free, functions, https://git.io/vAzzS A-sanitizers Area: Sanitizers for correctness and code quality F-naked_functions `#![feature(naked_functions)]` PG-exploit-mitigations Project group: Exploit mitigations I-crash Issue: The compiler crashes (SIGSEGV, SIGABRT, etc). Use I-ICE instead when the compiler panics. O-x86_64 Target: x86-64 processors (like x86_64-*) A-ABI Area: Concerning the application binary interface (ABI) O-bare-metal Target: Rust without an operating system T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Aug 18, 2024
@saethlin
Copy link
Member

This is an LLVM assertion

UNREACHABLE executed at /checkout/src/llvm-project/llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp:1959!

@saethlin saethlin added A-LLVM Area: Code generation parts specific to LLVM. Both correctness bugs and optimization-related issues. and removed needs-triage This issue may need triage. Remove it if it has been sufficiently triaged. labels Aug 18, 2024
@tgross35
Copy link
Contributor

It was noted in #127853 (comment) that this comes from sanitizer annotations being added to naked functions. Seems like we might not want to do that? Cc @rust-lang/project-exploit-mitigations

@workingjubilee
Copy link
Member

Almost certainly, but llvm_unreachable is not supposed to be used in places where user input can cause it to be reached.

@workingjubilee
Copy link
Member

Reported at llvm/llvm-project#104718

@workingjubilee workingjubilee added the llvm-fixed-upstream Issue expected to be fixed by the next major LLVM upgrade, or backported fixes label Aug 20, 2024
@nikic nikic removed the llvm-fixed-upstream Issue expected to be fixed by the next major LLVM upgrade, or backported fixes label Sep 2, 2024
@nikic
Copy link
Contributor

nikic commented Sep 2, 2024

To clarify, the fix that landed is just to make this an IR verification failure rather than a backend crash. The underlying issue with the kasan + naked combination still needs to be fixed.

@nikic nikic self-assigned this Sep 2, 2024
nikic added a commit to nikic/rust that referenced this issue Sep 2, 2024
@nikic
Do not request sanitizers for naked functions
cf08447 
Naked functions can only contain inline asm, so any instrumentation
inserted by sanitizers is illegal. Don't request it.

Fixes rust-lang#129224.
@nikic nikic mentioned this issue Sep 2, 2024
Merged
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this issue Sep 2, 2024
@matthiaskrgr
Rollup merge of rust-lang#129891 - nikic:naked-no-san, r=jackh726
19a6bf3 
Do not request sanitizers for naked functions

Naked functions can only contain inline asm, so any instrumentation inserted by sanitizers is illegal. Don't request it.

Fixes rust-lang#129224.
nikic added a commit to nikic/rust that referenced this issue Sep 4, 2024
@nikic
Do not request sanitizers for naked functions
1c8f5db 
Naked functions can only contain inline asm, so any instrumentation
inserted by sanitizers is illegal. Don't request it.

Fixes rust-lang#129224.
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this issue Sep 5, 2024
@matthiaskrgr
Rollup merge of rust-lang#129891 - nikic:naked-no-san, r=jackh726
c6fb9d3 
Do not request sanitizers for naked functions

Naked functions can only contain inline asm, so any instrumentation inserted by sanitizers is illegal. Don't request it.

Fixes rust-lang#129224.
bors added a commit to rust-lang-ci/rust that referenced this issue Sep 6, 2024
@bors
Auto merge of rust-lang#129891 - nikic:naked-no-san, r=<try>
a916be2 
Do not request sanitizers for naked functions

Naked functions can only contain inline asm, so any instrumentation inserted by sanitizers is illegal. Don't request it.

Fixes rust-lang#129224.

try-job: test-various
compiler-errors added a commit to compiler-errors/rust that referenced this issue Sep 7, 2024
@compiler-errors
Rollup merge of rust-lang#129891 - nikic:naked-no-san, r=jackh726
6dd07e4 
Do not request sanitizers for naked functions

Naked functions can only contain inline asm, so any instrumentation inserted by sanitizers is illegal. Don't request it.

Fixes rust-lang#129224.
@bors bors closed this as completed in 54ebb9d Sep 7, 2024
rust-timer added a commit to rust-lang-ci/rust that referenced this issue Sep 7, 2024
@rust-timer
Unrolled build for rust-lang#129891
f7e7a1a 
Rollup merge of rust-lang#129891 - nikic:naked-no-san, r=jackh726

Do not request sanitizers for naked functions

Naked functions can only contain inline asm, so any instrumentation inserted by sanitizers is illegal. Don't request it.

Fixes rust-lang#129224.
@antoniofrighetto
Copy link

@nikic Should we file an issue upstream to handle this in sanitizers as well, or is there one already opened?

@antoniofrighetto antoniofrighetto mentioned this issue Sep 13, 2024
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@nikic nikic

Labels
A-ABI Area: Concerning the application binary interface (ABI) A-LLVM Area: Code generation parts specific to LLVM. Both correctness bugs and optimization-related issues. A-naked Area: `#[naked]`, prologue and epilogue-free, functions, https://git.io/vAzzS A-sanitizers Area: Sanitizers for correctness and code quality C-bug Category: This is a bug. F-naked_functions `#![feature(naked_functions)]` I-crash Issue: The compiler crashes (SIGSEGV, SIGABRT, etc). Use I-ICE instead when the compiler panics. O-bare-metal Target: Rust without an operating system O-x86_64 Target: x86-64 processors (like x86_64-*) PG-exploit-mitigations Project group: Exploit mitigations T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Do not request sanitizers for naked functions nikic/rust
7 participants
@nikic @antoniofrighetto @saethlin @tgross35 @Freax13 @workingjubilee @rustbot