Daniele Buono <dbu...@linux.vnet.ibm.com> writes:
> LLVM/Clang, supports runtime checks for forward-edge Control-Flow > Integrity (CFI). > > CFI on indirect function calls (cfi-icall) ensures that, in indirect > function calls, the function called is of the right signature for the > pointer type defined at compile time. > > For this check to work, the code must always respect the function > signature when using function pointer, the function must be defined > at compile time, and be compiled with link-time optimization. > > This rules out, for example, shared libraries that are dynamically loaded > (given that functions are not known at compile time), and code that is > dynamically generated at run-time. > > This patch: > > 1) Introduces the CONFIG_CFI flag to support cfi in QEMU > > 2) Introduces a decorator to allow the definition of "sensitive" > functions, where a non-instrumented function may be called at runtime > through a pointer. The decorator will take care of disabling cfi-icall > checks on such functions, when cfi is enabled. > > 3) Marks functions currently in QEMU that exhibit such behavior, > in particular: > - The function in TCG that calls pre-compiled TBs > - The function in TCI that interprets instructions > - Functions in the plugin infrastructures that jump to callbacks > - Functions in util that directly call a signal handler > > 4) Add a new section in MAINTAINERS with me as a maintainer for > include/qemu/sanitizers.h, in case a maintainer is deemed > necessary for this feature > > Signed-off-by: Daniele Buono <dbu...@linux.vnet.ibm.com> > --- > MAINTAINERS | 5 +++++ > accel/tcg/cpu-exec.c | 9 +++++++++ > include/qemu/sanitizers.h | 22 ++++++++++++++++++++++ > plugins/core.c | 25 +++++++++++++++++++++++++ > plugins/loader.c | 5 +++++ With the changes Paolo suggested (QEMU_DISABLE_CFI and use compilers.h) then for the plugin bits: Acked-by: Alex Bennée <alex.ben...@linaro.org> -- Alex Bennée
