[llvm-bugs] [Bug 48635] New: cfi, cross-dso, wrong operation of -fno-sanitize-cfi-cross-dso

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Dec 30 06:51:29 PST 2020


https://bugs.llvm.org/show_bug.cgi?id=48635

            Bug ID: 48635
           Summary: cfi, cross-dso, wrong operation of
                    -fno-sanitize-cfi-cross-dso
           Product: new-bugs
           Version: 11.0
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: qwertytmp1 at gmail.com
                CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org

Created attachment 24328
  --> https://bugs.llvm.org/attachment.cgi?id=24328&action=edit
Reproducible example

Clang compiler doesn't ignore cross-dso calls for the following conditions:
- CFI is enabled;
- -fno-sanitize-cfi-cross-dso is used;
- optimization level is -O2;
- LLVM's ld.lld linker is used.

"Compiler-time" problem rises if one try to execute the function from the
shared object (.so) from the other executable binary (main).

Instead, compiler generates binary code with undefined instruction on the place
where cross-dso is used, for example:
```
  int exec_func_from_dso(void)
  {
      fptr_t fptr = get_fptr();
    201751:       e8 5a 00 00 00          callq  2017b0 <get_fptr at plt>
      fptr();
    201756:       0f 0b                   ud2
```

At the same time, there is no problem with the source code (please, see
attached cfi_cross_dso_problem_report.tar).

Clang's help says:
```
-fno-sanitize-cfi-cross-dso
    Disable control flow integrity (CFI) checks for cross-DSO calls.
```

As a user of the Clang I understand that if to use
"-fno-sanitize-cfi-cross-dso", cross-dso places will not be taken into account
during CFI operation (compilation and run-time execution).

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20201230/6930ac37/attachment-0001.html>


More information about the llvm-bugs mailing list