[PATCH v4 0/5] Add support for Control-Flow Integrity

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v4 0/5] Add support for Control-Flow Integrity

From:	Daniele Buono
Subject:	[PATCH v4 0/5] Add support for Control-Flow Integrity
Date:	Fri, 4 Dec 2020 18:06:10 -0500

This patch adds supports for Control-Flow Integrity checks
on indirect function calls.

Requires the use of clang, and link-time optimizations

Since it's been a month, and some of the patches are being
merged independently, I thought of rebasing, retesting
and sending an updated version. Also, added a documentation
in docs/devel to explain CFI and how to handle CFI-sensitive
code.

Changes in v4:
- Removed patches to avoid clang warnings, since they are
being merged independently and are not really necessary
for CFI
- Added documentation in docs/devel to explain how to
compile with CFI, and how to disable CFI for incompatible
functions

Changes in v3:

- clang 11+ warnings are now handled directly at the source,
instead of disabling specific warnings for the whole code.
Some more work may be needed here to polish the patch, I
would kindly ask for a review from the corresponding
maintainers
- Remove configure-time checks for toolchain compatibility
with LTO.
- the decorator to disable cfi checks on functions has
been renamed and moved to include/qemu/compiler.h
- configure-time checks for cfi support and dependencies
has been moved from configure to meson

Link to v3: https://www.mail-archive.com/qemu-devel@nongnu.org/msg757930.html
Link to v2: https://www.mail-archive.com/qemu-devel@nongnu.org/msg753675.html
Link to v1: https://www.mail-archive.com/qemu-devel@nongnu.org/msg718786.html

Daniele Buono (5):
  configure,meson: add option to enable LTO
  cfi: Initial support for cfi-icall in QEMU
  check-block: enable iotests with cfi-icall
  configure,meson: support Control-Flow Integrity
  docs: Add CFI Documentation

 accel/tcg/cpu-exec.c                  |  11 +++
 configure                             |  26 +++++
 docs/devel/control-flow-integrity.rst | 137 ++++++++++++++++++++++++++
 include/qemu/compiler.h               |  12 +++
 meson.build                           |  46 +++++++++
 meson_options.txt                     |   4 +
 plugins/core.c                        |  37 +++++++
 plugins/loader.c                      |   7 ++
 tcg/tci.c                             |   7 ++
 tests/check-block.sh                  |  18 ++--
 util/main-loop.c                      |  11 +++
 util/oslib-posix.c                    |  11 +++
 12 files changed, 320 insertions(+), 7 deletions(-)
 create mode 100644 docs/devel/control-flow-integrity.rst

-- 
2.17.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v4 0/5] Add support for Control-Flow Integrity, Daniele Buono <=
- [PATCH v4 1/5] configure,meson: add option to enable LTO, Daniele Buono, 2020/12/04
- [PATCH v4 2/5] cfi: Initial support for cfi-icall in QEMU, Daniele Buono, 2020/12/04
- [PATCH v4 3/5] check-block: enable iotests with cfi-icall, Daniele Buono, 2020/12/04
- [PATCH v4 4/5] configure,meson: support Control-Flow Integrity, Daniele Buono, 2020/12/04
  - Re: [PATCH v4 4/5] configure,meson: support Control-Flow Integrity, Alexander Bulekov, 2020/12/12
    - Re: [PATCH v4 4/5] configure,meson: support Control-Flow Integrity, Paolo Bonzini, 2020/12/14
  - Re: [PATCH v4 4/5] configure,meson: support Control-Flow Integrity, Paolo Bonzini, 2020/12/14
- [PATCH v4 5/5] docs: Add CFI Documentation, Daniele Buono, 2020/12/04
  - Re: [PATCH v4 5/5] docs: Add CFI Documentation, Alexander Bulekov, 2020/12/12
  - Re: [PATCH v4 5/5] docs: Add CFI Documentation, Paolo Bonzini, 2020/12/14

Prev by Date: [PATCH] target/mips: Simplify gen_msa_BxZ() 'if' condition
Next by Date: [PATCH v4 1/5] configure,meson: add option to enable LTO
Previous by thread: [PATCH] target/mips: Simplify gen_msa_BxZ() 'if' condition
Next by thread: [PATCH v4 1/5] configure,meson: add option to enable LTO
Index(es):
- Date
- Thread