Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 29 Dec 2020 12:59:12 +0100
From: Charlotte Delenk <>
Subject: [PATCH 2/2] Add support for LLVM's Control Flow Integrity

Control Flow Integrity is a sanitization option found in clang which
attempts to prevent exploits and bugs that divert the control flow to an
unintended path. For more information about it, refer to clang's

While there are many different schemes currently implemented, the only
one that is enabled for C code is the cfi-icall scheme, which attempts
to prevent indirect calls to function with the wrong type. In most of
musl's code this works without issues, however there are a few cases
where it does not work, or at least won't work without breaking a
considerable amount of applications.

This patch works by disabling CFI sanitization for these files:


These contain indirect function calls where the compiler is either
unable to find out the type of the function or where the actual function
type can be one of multiple equally valid ones.

I have checked all of the places with indirect function calls using the
output of Fangrui's clang tidy patch and only found the aforementioned

How to test: In addition to the -fsanitize=cfi flag, you also need to
-flto=thin and -fvisibility=default (or hidden in a static build). The
application has to be compiled and linked with the same flags as well.
You might need to set the environment variables AR=llvm-ar and RANLIB=
llvm-ranlib for musl or the software you are compiling.

Special thanks to Fangrui Song <>

This patch depends on the previous patch labelled "Fix LTO shared 
library build on GCC and Clang"

  Makefile | 8 ++++++++
  1 file changed, 8 insertions(+)

diff --git a/Makefile b/Makefile
index 15190fb9..9d937b21 100644
--- a/Makefile
+++ b/Makefile
@@ -134,6 +134,14 @@ $(LOBJS) $(LDSO_OBJS): CFLAGS_ALL += -fPIC
  # Work around LTO compiler bugs
  lib/ CFLAGS_ALL += -u_dlstart_c -u__dls2 -u__dls2b -u__dls3 
-u__stack_chk_guard -u_start_c

+# Disable CFI for problematic source files
+ifneq (,$(findstring cfi,$(filter -fsanitize=%,$(CFLAGS))))
+obj/ldso/dlstart.lo: CFLAGS_ALL += -fno-sanitize=cfi
+obj/ldso/dynlink.lo: CFLAGS_ALL += -fno-sanitize=cfi
+obj/src/env/__libc_start_main.lo: CFLAGS_ALL += -fno-sanitize=cfi
+obj/src/exit/exit.lo: CFLAGS_ALL += -fno-sanitize=cfi
  CC_CMD = $(CC) $(CFLAGS_ALL) -c -o $@ $<

  # Choose invocation of assembler to be used

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.