Date: Tue, 29 Dec 2020 12:59:12 +0100 From: Charlotte Delenk <darkkirb@...kkirb.de> To: musl@...ts.openwall.com Subject: [PATCH 2/2] Add support for LLVM's Control Flow Integrity Control Flow Integrity is a sanitization option found in clang which attempts to prevent exploits and bugs that divert the control flow to an unintended path. For more information about it, refer to clang's documentation. While there are many different schemes currently implemented, the only one that is enabled for C code is the cfi-icall scheme, which attempts to prevent indirect calls to function with the wrong type. In most of musl's code this works without issues, however there are a few cases where it does not work, or at least won't work without breaking a considerable amount of applications. This patch works by disabling CFI sanitization for these files: ldso/dlstart.c ldso/dynlink.c src/env/__libc_start_main.c src/exit/exit.c These contain indirect function calls where the compiler is either unable to find out the type of the function or where the actual function type can be one of multiple equally valid ones. I have checked all of the places with indirect function calls using the output of Fangrui's clang tidy patch and only found the aforementioned functions. How to test: In addition to the -fsanitize=cfi flag, you also need to pass -flto=thin and -fvisibility=default (or hidden in a static build). The application has to be compiled and linked with the same flags as well. You might need to set the environment variables AR=llvm-ar and RANLIB= llvm-ranlib for musl or the software you are compiling. : https://clang.llvm.org/docs/ControlFlowIntegrity.html Special thanks to Fangrui Song <i@...kray.me> This patch depends on the previous patch labelled "Fix LTO shared library build on GCC and Clang" --- Makefile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Makefile b/Makefile index 15190fb9..9d937b21 100644 --- a/Makefile +++ b/Makefile @@ -134,6 +134,14 @@ $(LOBJS) $(LDSO_OBJS): CFLAGS_ALL += -fPIC # Work around LTO compiler bugs lib/libc.so: CFLAGS_ALL += -u_dlstart_c -u__dls2 -u__dls2b -u__dls3 -u__stack_chk_guard -u_start_c +# Disable CFI for problematic source files +ifneq (,$(findstring cfi,$(filter -fsanitize=%,$(CFLAGS)))) +obj/ldso/dlstart.lo: CFLAGS_ALL += -fno-sanitize=cfi +obj/ldso/dynlink.lo: CFLAGS_ALL += -fno-sanitize=cfi +obj/src/env/__libc_start_main.lo: CFLAGS_ALL += -fno-sanitize=cfi +obj/src/exit/exit.lo: CFLAGS_ALL += -fno-sanitize=cfi +endif + CC_CMD = $(CC) $(CFLAGS_ALL) -c -o $@ $< # Choose invocation of assembler to be used -- 2.29.2
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.