Overflow sanitization in frameworks/ and system/.
Enables signed and unsigned integer overflow sanitization on-by-default
for modules in frameworks/ and system/ by using the integer_overflow
sanitization setting. This applies sanitization to dynamically linked
binaries and shared libraries, and comes with a default set of regex for
functions to exclude from sanitization.
(see build/soong/cc/config/integer_overflow_blacklist.txt)
Prepare to enable minimal runtime diagnostics for integer overflow
sanitization on userdebug and eng builds.
Adds an additional Make and product variable pair to apply integer
overflow sanitization by default to additional code paths.
Bug: 30969751
Bug: 63927620
Test: Included paths are being sanitized.
Test: CTS test suite run on Pixel, runtime errors resolved.
Test: Performance impact in benchmarks acceptable.
Test: Boot-up successful on current Google devices.
Test: Teamfooded in diagnostics mode on Pixel for a month.
Test: Phone calls, camera photos + videos, bluetooth pairing.
Test: Wifi, work profiles, streaming videos, app installation.
Test: Split-screen, airplane mode, battery saver.
Test: Toggling accessibility settings.
Change-Id: Icc7a558c86f8655267afb4ca01b316773325c91a
diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
index 9415143..2064d8d 100644
--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
@@ -34,6 +34,26 @@
endif
endif
+# Enable integer overflow sanitizer in included paths.
+# (includes override excludes)
+ifeq ($(my_clang),true)
+ ifndef LOCAL_IS_HOST_MODULE
+ ifeq ($(filter integer_overflow, $(my_sanitize)),)
+ combined_include_paths := $(DEFAULT_INTEGER_OVERFLOW_PATHS) \
+ $(INTEGER_OVERFLOW_INCLUDE_PATHS) \
+ $(PRODUCT_INTEGER_OVERFLOW_INCLUDE_PATHS)
+ ifneq ($(strip $(foreach dir,$(subst $(comma),$(space),$(combined_include_paths)),\
+ $(filter $(dir)%,$(LOCAL_PATH)))),)
+ my_global_sanitize := integer_overflow $(my_sanitize)
+ # Ensure default paths do not run in diagnostics unless SANITIZE_TARGET_DIAG
+ ifneq ($(filter integer_overflow, $(SANITIZE_TARGET_DIAG)),)
+ my_global_sanitize_diag := integer_overflow $(my_sanitize_diag)
+ endif
+ endif
+ endif
+ endif
+endif
+
# Disable global CFI in excluded paths
ifneq ($(filter cfi, $(my_global_sanitize)),)
combined_exclude_paths := $(CFI_EXCLUDE_PATHS) \
@@ -211,6 +231,19 @@
my_sanitize := $(filter-out coverage,$(my_sanitize))
endif
+# Use minimal diagnostics when integer overflow is enabled on userdebug and eng
+# and full diagnostics not enabled.
+ifneq ($(findstring integer,$(my_sanitize)),)
+ ifeq ($(findstring integer,$(my_sanitize_diag)),)
+ ifeq ($(filter address,$(my_sanitize)),)
+ # TODO(ivanlozano): uncomment after switch to clang-4536805
+ ifneq ($(filter $(TARGET_BUILD_VARIANT),userdebug eng),)
+ # my_cflags += -fsanitize-minimal-runtime
+ endif
+ endif
+ endif
+endif
+
ifneq ($(filter integer_overflow,$(my_sanitize)),)
ifneq ($(filter SHARED_LIBRARIES EXECUTABLES,$(LOCAL_MODULE_CLASS)),)
ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
@@ -226,7 +259,7 @@
my_cflags += -ftrap-function=abort
my_cflags += $(INTEGER_OVERFLOW_EXTRA_CFLAGS)
- # Check for diagnostics mode (on by default).
+ # Check for diagnostics mode.
ifneq ($(filter integer_overflow,$(my_sanitize_diag)),)
my_cflags += -fno-sanitize-trap=signed-integer-overflow,unsigned-integer-overflow
my_shared_libraries := $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY) $(my_shared_libraries)