On Mon, Aug 23, 2021 at 10:16 AM Tom Stellard <tstellar@xxxxxxxxxx> wrote:
On 8/23/21 10:13 AM, 'Sami Tolvanen' via Clang Built Linux wrote:
This series adds support for Clang's Control-Flow Integrity (CFI)
checking to x86_64. With CFI, the compiler injects a runtime
check before each indirect function call to ensure the target is
a valid function with the correct static type. This restricts
possible call targets and makes it more difficult for an attacker
to exploit bugs that allow the modification of stored function
pointers. For more details, see:
https://clang.llvm.org/docs/ControlFlowIntegrity.html
Version 2 depends on Clang >=14, where we fixed the issue with
referencing static functions from inline assembly. Based on the
feedback for v1, this version also changes the declaration of
functions that are not callable from C to use an opaque type,
which stops the compiler from replacing references to them. This
avoids the need to sprinkle function_nocfi() macros in the kernel
code.
How invasive are the changes in clang 14 necessary to make CFI work?
Would it be possible to backport them to LLVM 13?
I'm not sure what the LLVM backport policy is, but this specific fix
was quite simple:
https://reviews.llvm.org/rG7ce1c4da7726
Sami