[PATCH] Add Forward-Edge Control-Flow Integrity support
Tom Roeder
tmroeder at google.com
Tue Jun 24 11:27:11 PDT 2014
Ping
On Mon, Jun 16, 2014 at 4:14 PM, Tom Roeder <tmroeder at google.com> wrote:
> This patch adds a new pass that can inject checks before indirect calls to make sure that these calls target known locations. It supports three types of checks and, at compile time, it can take the name of a custom function to call when an indirect call check fails.
>
> This foward CFI implementation depends on the recent jumptable attribute, as well as http://reviews.llvm.org/D4128, which adds a flag to cause all address-taken functions to get the attributes unnamed_addr and jumptable.
>
> This CFI implementation can also easily be augmented with ExternalFunctionAnalysis (http://reviews.llvm.org/D2873); this allows the rewriter to skip rewriting for functions that are known at compile time to take functions defined outside the current module. Another possibility for integration with EFA is to call a different failure function for sites that use known external function pointers than for the other indirect call check sites.
>
> See http://lists.cs.uiuc.edu/pipermail/llvmdev/2014-February/070210 for the initial discussion of this feature on llvmdev.
>
> This pass incidentally moves the function JumpInstrTables::transformType from private to public and makes it static (with a new argument that specifies the table type to use); this is so that the CFI code can transform function types at call sites to determine which jump-instruction table to use for the check at that site.
>
> http://reviews.llvm.org/D4167
>
> Files:
> include/llvm/CodeGen/CommandFlags.h
> include/llvm/CodeGen/ForwardControlFlowIntegrity.h
> include/llvm/CodeGen/JumpInstrTables.h
> include/llvm/CodeGen/Passes.h
> include/llvm/InitializePasses.h
> include/llvm/Target/TargetOptions.h
> lib/CodeGen/AsmPrinter/AsmPrinter.cpp
> lib/CodeGen/CMakeLists.txt
> lib/CodeGen/ForwardControlFlowIntegrity.cpp
> lib/CodeGen/JumpInstrTables.cpp
> lib/CodeGen/LLVMTargetMachine.cpp
> lib/CodeGen/TargetOptionsImpl.cpp
> test/CodeGen/Generic/stop-after.ll
> test/CodeGen/X86/cfi_enforcing.ll
> test/CodeGen/X86/cfi_non_default_function.ll
> test/CodeGen/X86/cfi_simple_indirect_call.ll
> test/CodeGen/X86/jump_table_alias.ll
> test/CodeGen/X86/jump_table_all.ll
> test/CodeGen/X86/jump_table_bitcast.ll
> test/CodeGen/X86/jump_tables.ll
More information about the llvm-commits
mailing list