[PATCH] D85981: [clang][Modules] Use File Names Instead of inodes As Loaded Module Keys
Robert Widmann via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Sat Aug 15 13:03:51 PDT 2020
CodaFi added a comment.
In D85981#2218583 <https://reviews.llvm.org/D85981#2218583>, @vsapsai wrote:
>
It's good to imagine these attack vectors. But I think the module cache being a relatively fault-tolerant and compiler-controlled system mitigates a lot of the damage you could cause by a well-timed "attack" in these scenarios:
> - same name but file content has changed;
If there is a cache entry, the signature check that occurs after the lookup succeeds should catch most shenanigans. Assuming an attacker is able to craft a PCM with an equivalent signature to the victim PCM, and was able to time it such that the PCM were replaced after a subsequent read, you could definitely run into problems. But our "attackers" in most scenarios are usually other cc1 and swiftc invocations trying to build the same module, so we should see signature changes at least.
> - different names but refer to the same file.
Then we'll waste space in the cache, but this requires the ability to predict the layout of the module cache ahead of time. It shouldn't affect the consistency of the entries in the table to do extra work - assuming you don't combine this approach with the scenario described above.
I'd also note here that the InMemoryModuleCache is already using a StringMap keyed by file names for its PCM table. You can see this patch as a kind of harmonization between the two approaches.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D85981/new/
https://reviews.llvm.org/D85981
More information about the cfe-commits
mailing list