Skip to content

cfi, cross-dso, wrong operation of -fno-sanitize-cfi-cross-dso #47979

New issue
New issue
Open
Open
cfi, cross-dso, wrong operation of -fno-sanitize-cfi-cross-dso#47979
Labels
bugzillaIssues migrated from bugzillacompiler-rt:cfiControl Flow Integrity
@P1119r1m

Description

@P1119r1m
P1119r1m
opened on Dec 30, 2020
Bugzilla Link 48635
Version 11.0
OS Linux
Attachments Reproducible example
CC @P1119r1m

Extended Description

Clang compiler doesn't ignore cross-dso calls for the following conditions:

  • CFI is enabled;
  • -fno-sanitize-cfi-cross-dso is used;
  • optimization level is -O2;
  • LLVM's ld.lld linker is used.

"Compiler-time" problem rises if one try to execute the function from the shared object (.so) from the other executable binary (main).

Instead, compiler generates binary code with undefined instruction on the place where cross-dso is used, for example:

  int exec_func_from_dso(void)
  {
      fptr_t fptr = get_fptr();
    201751:       e8 5a 00 00 00          callq  2017b0 <get_fptr@plt>
      fptr();
    201756:       0f 0b                   ud2

At the same time, there is no problem with the source code (please, see attached cfi_cross_dso_problem_report.tar).

Clang's help says:

-fno-sanitize-cfi-cross-dso
    Disable control flow integrity (CFI) checks for cross-DSO calls.

As a user of the Clang I understand that if to use -fno-sanitize-cfi-cross-dso, cross-dso places will not be taken into account during CFI operation (compilation and run-time execution).

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugzillaIssues migrated from bugzillacompiler-rt:cfiControl Flow Integrity

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions