mbox series

[v3,0/9] Add support for Control-Flow Integrity

Message ID 20201105221905.1350-1-dbuono@linux.vnet.ibm.com
Headers show
Series Add support for Control-Flow Integrity | expand

Message

Daniele Buono Nov. 5, 2020, 10:18 p.m. UTC 
This patch adds supports for Control-Flow Integrity checks
on indirect function calls.

Requires the use of clang, and link-time optimizations

Changes in v3:

- clang 11+ warnings are now handled directly at the source,
instead of disabling specific warnings for the whole code.
Some more work may be needed here to polish the patch, I
would kindly ask for a review from the corresponding
maintainers
- Remove configure-time checks for toolchain compatibility
with LTO.
- the decorator to disable cfi checks on functions has
been renamed and moved to include/qemu/compiler.h
- configure-time checks for cfi support and dependencies
has been moved from configure to meson

Link to v2: https://www.mail-archive.com/qemu-devel@nongnu.org/msg753675.html
Link to v1: https://www.mail-archive.com/qemu-devel@nongnu.org/msg718786.html

Daniele Buono (9):
  fuzz: Make fork_fuzz.ld compatible with LLVM's LLD
  s390x: fix clang 11 warnings in cpu_models.c
  hw/usb: reorder fields in UASStatus
  s390x: Avoid variable size warning in ipl.h
  scsi: fix overflow in scsi_disk_new_request_dump
  configure,meson: add option to enable LTO
  cfi: Initial support for cfi-icall in QEMU
  check-block: enable iotests with cfi-icall
  configure/meson: support Control-Flow Integrity

 accel/tcg/cpu-exec.c          | 11 +++++++++
 configure                     | 26 ++++++++++++++++++++
 hw/s390x/ipl.h                |  4 +--
 hw/scsi/scsi-disk.c           |  4 +++
 hw/usb/dev-uas.c              |  2 +-
 include/qemu/compiler.h       | 12 +++++++++
 meson.build                   | 46 +++++++++++++++++++++++++++++++++++
 meson_options.txt             |  4 +++
 plugins/core.c                | 37 ++++++++++++++++++++++++++++
 plugins/loader.c              |  7 ++++++
 target/s390x/cpu_models.c     |  8 +++---
 tcg/tci.c                     |  7 ++++++
 tests/check-block.sh          | 18 ++++++++------
 tests/qtest/fuzz/fork_fuzz.ld | 12 ++++++++-
 util/main-loop.c              | 11 +++++++++
 util/oslib-posix.c            | 11 +++++++++
 16 files changed, 205 insertions(+), 15 deletions(-)

Comments

Daniele Buono Nov. 19, 2020, 9:58 p.m. UTC | #1 
Hi Alex,

Yeah I assumed it was an older version because the errors triggered by
clang11 stop the compilation.

I checked again and for oss-fuzz, you disable failing on warnings.
So again, these patches are not directly connected to CFI and therefore 
could land independently.

On 11/6/2020 9:58 AM, Alexander Bulekov wrote:
> I think oss-fuzz is using a bleeding edge version of Clang, so that

> might not be a problem.

> Here is the oss-fuzz build-log from earlier today:

> https://oss-fuzz-build-logs.storage.googleapis.com/log-1747e14f-6b87-43e0-96aa-07ea159e7eb2.txt

> 

> ...

> Step #4: C compiler for the host machine: clang (clang 12.0.0 "clang version 12.0.0 (https://github.com/llvm/llvm-project.git  c9f69ee7f94cfefc373c3c6cae08e51b11e6d3c2)")

> Step #4: C linker for the host machine: clang ld.bfd 2.26.1

> Step #4: Host machine cpu family: x86_64

> ...


Yeah I assumed it was an older version because the errors triggered by
clang11 stop the compilation.

I checked again and for oss-fuzz, you disable failing on warnings.
So again, these patches are not directly connected to CFI and therefore 
could land independently.