diff options
| author | Vlad Tsyrklevich <vlad@tsyrklevich.net> | 2017-10-31 22:39:44 +0000 |
|---|---|---|
| committer | Vlad Tsyrklevich <vlad@tsyrklevich.net> | 2017-10-31 22:39:44 +0000 |
| commit | 746fd88cc65883572b7602dc7b1f9e74462fd451 (patch) | |
| tree | 0df935811a2170ba214956d0d703276504999c5f /docs/ControlFlowIntegrity.rst | |
| parent | a934273b7cd28c48745e4c5a122ca3a505ab2028 (diff) | |
| download | clang-746fd88cc65883572b7602dc7b1f9e74462fd451.tar.gz | |
[CFI] Add CFI-icall pointer type generalization
Summary:
This change allows generalizing pointers in type signatures used for
cfi-icall by enabling the -fsanitize-cfi-icall-generalize-pointers flag.
This works by 1) emitting an additional generalized type signature
metadata node for functions and 2) llvm.type.test()ing for the
generalized type for translation units with the flag specified.
This flag is incompatible with -fsanitize-cfi-cross-dso because it would
require emitting twice as many type hashes which would increase artifact
size.
Reviewers: pcc, eugenis
Reviewed By: pcc
Subscribers: kcc
Differential Revision: https://reviews.llvm.org/D39358
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@317044 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'docs/ControlFlowIntegrity.rst')
| -rw-r--r-- | docs/ControlFlowIntegrity.rst | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/docs/ControlFlowIntegrity.rst b/docs/ControlFlowIntegrity.rst index 04fb43a70f..12b4610f8a 100644 --- a/docs/ControlFlowIntegrity.rst +++ b/docs/ControlFlowIntegrity.rst @@ -215,6 +215,23 @@ shared library boundaries are handled as if the callee was not compiled with This scheme is currently only supported on the x86 and x86_64 architectures. +``-fsanitize-cfi-icall-generalize-pointers`` +-------------------------------------------- + +Mismatched pointer types are a common cause of cfi-icall check failures. +Translation units compiled with the ``-fsanitize-cfi-icall-generalize-pointers`` +flag relax pointer type checking for call sites in that translation unit, +applied across all functions compiled with ``-fsanitize=cfi-icall``. + +Specifically, pointers in return and argument types are treated as equivalent as +long as the qualifiers for the type they point to match. For example, ``char*`` +``char**`, and ``int*`` are considered equivalent types. However, ``char*`` and +``const char*`` are considered separate types. + +``-fsanitize-cfi-icall-generalize-pointers`` is not compatible with +``-fsanitize-cfi-cross-dso``. + + ``-fsanitize=cfi-icall`` and ``-fsanitize=function`` ---------------------------------------------------- |