[PATCH] Add Forward-Edge Control-Flow Integrity support

JF Bastien jfb at chromium.org
Mon Jul 14 19:04:26 PDT 2014 

================
Comment at: include/llvm/CodeGen/CommandFlags.h:245
@@ +244,3 @@
+CFIFuncName("cfi-func-name", cl::desc("The name of the CFI function to call"),
+            cl::init(""));
+
----------------
Tom Roeder wrote:
> JF Bastien wrote:
> > Could you clarify that the above two options are linked? Or just have cfi-func-name, implying a call to abort otherwise? It kind of seems like the default cfi-func could just call abort?
> > 
> > Also, what's the function's expected signature?
> > 
> > What happens if the cfi-func itself gets CFI instrumented, and it fails the check? *That* should probably call abort directly, not recurse :)
> Is there an abort function that's guaranteed to be present for any IR? Right now, my "abort" is to execute a trap instruction.
Good point, there may not be a C library... Could you default to `abort`, and fall back to `@llvm.trap` if it doesn't exits?

================
Comment at: lib/CodeGen/ForwardControlFlowIntegrity.cpp:198
@@ +197,3 @@
+    // really get this information from the Target in some way.
+    int64_t MaskValue = ((TableSize << 3) - 1) & -8;
+    Constant *JumpTableMaskValue = ConstantInt::get(Int64Ty, MaskValue);
----------------
Tom Roeder wrote:
> JF Bastien wrote:
> > Could you fix this?
> I'd like to fix this, but I don't know where I can get this information in a principled manner. This requires the size of a jumptable entry, and that depends on the size of the jump instruction in bytes. In principle, this is available from MCInstrDesc::getSize(), but that returns 0 when I've tried it for JMP_4 on X86.
> 
> I can certainly encode it myself in the Targets, but that seems like dangerous duplication of functionality with the descriptions in the instruction tables.
Oh I see.

It's not just a single instruction on each target though? If so then the content of jumptable entries does seem pretty target specific, so it kind of sounds like something that would belong in the target. Size is kind of icky though, it would be nice to factor out the target's instruction pattern from their actual encoding.

http://reviews.llvm.org/D4167

More information about the llvm-commits mailing list