[PATCH] Add a flag to clang to support forward-edge control-flow integrity

[Tom Roeder]

[dropping llvm-commits, since this is a patch to clang]

Ping

On Thu, Nov 13, 2014 at 10:00 AM, Tom Roeder <tmroeder at google.com> wrote:

> Pinging this clang patch now that FCFI is in LLVM. As a reminder, this
> patch sets jumptable on all functions and turns on FCFI on LLVM through
> -plugin-opt on gold or in  llvm::TargetOptions.
>
> On Mon, Jul 7, 2014 at 4:50 PM, Tom Roeder <tmroeder at google.com> wrote:
>
>> On Sat, Jul 5, 2014 at 7:39 PM, Nick Lewycky <nicholas at mxc.ca> wrote:
>> > +cc Kostya.
>> >
>> > Kostya, I'm wondering whether I could interest you or anyone on your
>> team in
>> > looking at http://reviews.llvm.org/D4167 . It's an IR transforming
>> runtime
>> > instrumentation with a lot in common with the asan/tsan/msan passes,
>> except
>> > that it has a different goal (security guarantees instead of bug
>> finding)
>> > and that it runs as part of llc due to its integration with the jump
>> tables.
>> > I think the sanitizers are the closest thing to this in llvm and it
>> would be
>> > nice to get a review from the sanitizer developers.
>> >
>> >
>> > Tom Roeder wrote:
>> >>
>> >> This patch adds a clang flag -ffcfi that enables forward-edge
>> >> control-flow integrity. It depends on the (not yet reviewed) FCFI
>> >> patch at http://reviews.llvm.org/D4167.
>> >>
>> >> Specifically, it sets FCFI in llvm::TargetOptions when called LLVM
>> >> directly, and it passes the LLVM flag -fcfi through LTO to LLVM when
>> >> using gold.
>> >
>> >
>> > There is not yet a -fcfi flag on the gold plugin. Is that out for review
>> > already? I looked but I may have missed it.
>>
>> That's part of D4167 as of DIff 10978 on June 30th. It's in
>> include/llvm/CodeGen/CommandFlags.h
>>
>> Thanks,
>>
>> Tom
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20141125/85152b3d/attachment.html>