Add support for control-flow protection #4239
Conversation
This implementation is fully inspired by `-fcf-protection` in Clang, with options `none|branch|return|full`. - related: ldc-developers#2511 - LLVM side: https://reviews.llvm.org/D40478
|
Cool that you implemented this. Did you try it? I'm wondering how it works / what it does. Do you need runtime support? (i.e. link with an LLVM lib?) |
|
Reference to current Clang implementation: https://github.com/llvm/llvm-project/blob/5f5e0199c1a650c41e1ea6e0c18d3c0b29f45023/clang/lib/CodeGen/CodeGenModule.cpp#L753-L764 Can you look into the difference between |
Wow, good catch! I tested under my old Linux/WSL with Intel SDE and this did not work as expected. $ uname -mrv
4.19.128-microsoft-standard #1 SMP Tue Jun 23 12:58:10 UTC 2020 x86_64
$ readelf -a ./evil | grep feature:
$ echo $?
1
$ ../sde/sde -tgl -cet -cet-stderr -cet-call-stack -- ./evil
Using old Linux kernel interface
Syscall EMU: ARCH_X86_FEATURE_1_STATUS: 0x000000012 0x7ff2bb39c000 0x000001000
Syscall EMU: ARCH_X86_FEATURE_1_DISABLE: 0x000000003
Syscall EMU: ARCH_X86_FEATURE_1_LOCK
Start
I am evil moratorium.
CET is winner...I'd like to keep this as drafted PR.
Sure. I hadn't noticed this changes. https://reviews.llvm.org/D130065 llvm::Module::Min looks better. |
|
|
|
If this is only enabled for LLVM 15, then do note that we do not currently have any CI set up to test this. see #4221 |
Can you add this as a runnable test case? (we also have such very basic integration tests for e.g. address sanitizer) Note that there is still value for this feature even if it does not (yet) work fully by itself. If runtime support is needed, that can be added separately from the LLVM IR modifications that you do in this PR. |
|
duplicated with #4437 |
This implementation is fully inspired by
-fcf-protectionin Clang, with optionsnone|branch|return|full.-fcf-protection#2511