[PATCH] D91898: [attributes] Add a facility for defining and enforcing a Trusted Computing Base.
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Fri Nov 20 15:45:40 PST 2020
NoQ created this revision.
NoQ added reviewers: aaron.ballman, dexonsmith, erik.pilkington, vsavchenko.
Herald added subscribers: martong, Charusso, JDevlieghere, kristof.beyls.
NoQ requested review of this revision.
Patch by Sean Dooher! I'll be addressing the review comments.
The point is to markup a section of code (a set of functions) that should be isolated for security, basically like a TCB. Such section of code, being privileged in some specific manner, would not be allowed to exercise arbitrary behavior, so calling a function that's outside the set from a function that's inside the set is not allowed; they can only call each other. This is ultimately supposed to achieve security of the system with respect to that privilege through audit of the TCB.
The patch adds an attribute `enforce_tcb` to define a TCB and a warning `-Wtcb-enforcement` for violating the enforcement. Additionally it adds an attribute `enforce_tcb_leaf` that allows opting out of enforcement for individual harmless functions: such "leaf" functions are allowed to be called from the respective TCB but aren't forced into the TCB themselves.
https://reviews.llvm.org/D91898
Files:
clang/include/clang/Basic/Attr.td
clang/include/clang/Basic/AttrDocs.td
clang/include/clang/Basic/DiagnosticGroups.td
clang/include/clang/Basic/DiagnosticSemaKinds.td
clang/include/clang/Sema/Sema.h
clang/lib/Sema/SemaChecking.cpp
clang/lib/Sema/SemaDeclAttr.cpp
clang/test/Sema/attr-enforce-tcb.c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D91898.306791.patch
Type: text/x-patch
Size: 8753 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20201120/e6630ef7/attachment.bin>
More information about the cfe-commits
mailing list