Evaluate -fsanitize=cfi-icall on Linux |
|||||
Issue descriptionThe -fsanitize=cfi-icall flag implements control flow integrity (https://www.chromium.org/developers/testing/control-flow-integrity) for indirect calls via a function pointer, as opposed to virtual function calls, which are already being protected with -fsanitize=cfi-vcall. This bug tracks progress of evaluating and possibly deploying it on Linux.
,
Mar 15 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/afd3a7237c9334f87810404c555ebb1245023484 commit afd3a7237c9334f87810404c555ebb1245023484 Author: pcc <pcc@chromium.org> Date: Wed Mar 15 21:07:35 2017 base: Fix bad function pointer casts in xdg-mime. Found with -fsanitize=cfi-icall. BUG= 701919 R=thakis@chromium.org Review-Url: https://codereview.chromium.org/2755723004 Cr-Commit-Position: refs/heads/master@{#457207} [modify] https://crrev.com/afd3a7237c9334f87810404c555ebb1245023484/base/third_party/xdg_mime/README.chromium [add] https://crrev.com/afd3a7237c9334f87810404c555ebb1245023484/base/third_party/xdg_mime/function_casts.patch [modify] https://crrev.com/afd3a7237c9334f87810404c555ebb1245023484/base/third_party/xdg_mime/xdgmime.c
,
Mar 15 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a7bb0b59a2a4c5918ddfa951f91591ddee7d468e commit a7bb0b59a2a4c5918ddfa951f91591ddee7d468e Author: pcc <pcc@chromium.org> Date: Wed Mar 15 22:12:02 2017 build: Add a new build flag, use_cfi_icall. This flag enables CFI for indirect calls via a function pointer. BUG= 701919 R=thakis@chromium.org Review-Url: https://codereview.chromium.org/2749393002 Cr-Commit-Position: refs/heads/master@{#457229} [modify] https://crrev.com/a7bb0b59a2a4c5918ddfa951f91591ddee7d468e/build/config/sanitizers/BUILD.gn [modify] https://crrev.com/a7bb0b59a2a4c5918ddfa951f91591ddee7d468e/build/config/sanitizers/sanitizers.gni
,
Jul 11 2017
Found https://bugs.llvm.org/show_bug.cgi?id=33752 while trying to build with icall + ThinLTO.
,
Jul 12 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5ddcccf75207535ba00de46982baff6af8f926d6 commit 5ddcccf75207535ba00de46982baff6af8f926d6 Author: Peter Collingbourne <pcc@chromium.org> Date: Wed Jul 12 04:23:22 2017 Roll buildtools to 3d2d34 This roll includes only a single revision: https://chromium.googlesource.com/chromium/buildtools/+/3d2d34dde457f07ca410d1c06f4f3b9063c28643 TBR=michaelpg@chromium.org Bug: 701919 Change-Id: I2924e4db1cad21ce8aa4c99f5090dea69d53a720 Reviewed-on: https://chromium-review.googlesource.com/567777 Commit-Queue: Peter Collingbourne <pcc@chromium.org> Reviewed-by: Nico Weber <thakis@chromium.org> Reviewed-by: Thomas Anderson <thomasanderson@chromium.org> Cr-Commit-Position: refs/heads/master@{#485860} [modify] https://crrev.com/5ddcccf75207535ba00de46982baff6af8f926d6/DEPS [modify] https://crrev.com/5ddcccf75207535ba00de46982baff6af8f926d6/chrome/installer/linux/BUILD.gn [modify] https://crrev.com/5ddcccf75207535ba00de46982baff6af8f926d6/extensions/shell/installer/linux/BUILD.gn
,
Jul 12 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/58964133c03142920fa2c4c121c6046e001567db commit 58964133c03142920fa2c4c121c6046e001567db Author: Peter Collingbourne <pcc@chromium.org> Date: Wed Jul 12 22:14:09 2017 Revert "Roll buildtools to 3d2d34" This reverts commit 5ddcccf75207535ba00de46982baff6af8f926d6. Reason for revert: Breaks ubsan on clusterfuzz. Original change's description: > Roll buildtools to 3d2d34 > > This roll includes only a single revision: > https://chromium.googlesource.com/chromium/buildtools/+/3d2d34dde457f07ca410d1c06f4f3b9063c28643 > > TBR=michaelpg@chromium.org > > Bug: 701919 > Change-Id: I2924e4db1cad21ce8aa4c99f5090dea69d53a720 > Reviewed-on: https://chromium-review.googlesource.com/567777 > Commit-Queue: Peter Collingbourne <pcc@chromium.org> > Reviewed-by: Nico Weber <thakis@chromium.org> > Reviewed-by: Thomas Anderson <thomasanderson@chromium.org> > Cr-Commit-Position: refs/heads/master@{#485860} TBR=thakis@chromium.org,michaelpg@chromium.org,pcc@chromium.org,thomasanderson@chromium.org Change-Id: I51fd086f9f486b24727549f385c1238b8d4c39fe No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 701919 , 741604 Reviewed-on: https://chromium-review.googlesource.com/568414 Reviewed-by: Peter Collingbourne <pcc@chromium.org> Commit-Queue: Peter Collingbourne <pcc@chromium.org> Cr-Commit-Position: refs/heads/master@{#486132} [modify] https://crrev.com/58964133c03142920fa2c4c121c6046e001567db/DEPS [modify] https://crrev.com/58964133c03142920fa2c4c121c6046e001567db/chrome/installer/linux/BUILD.gn [modify] https://crrev.com/58964133c03142920fa2c4c121c6046e001567db/extensions/shell/installer/linux/BUILD.gn
,
Jul 14 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0227f88bc8005690ad6552b6a283d843f657305f commit 0227f88bc8005690ad6552b6a283d843f657305f Author: Peter Collingbourne <pcc@chromium.org> Date: Fri Jul 14 23:19:41 2017 Only enable shared libc++ for ASan, MSan, TSan and UBSan-vptr builds. Re-land of https://codereview.chromium.org/2978723002 with a fix for UBSan. Bug: 701919 Change-Id: I75f798dab00c966d8a1ecdebc519a0251f914700 Reviewed-on: https://chromium-review.googlesource.com/572186 Reviewed-by: Nico Weber <thakis@chromium.org> Reviewed-by: Thomas Anderson <thomasanderson@chromium.org> Commit-Queue: Peter Collingbourne <pcc@chromium.org> Cr-Commit-Position: refs/heads/master@{#486931} [modify] https://crrev.com/0227f88bc8005690ad6552b6a283d843f657305f/build/config/c++/c++.gni
,
Jan 16 2018
,
Mar 29 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f00a3e14e8c1673c0352b19b358b36f3cc3de30b commit f00a3e14e8c1673c0352b19b358b36f3cc3de30b Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org> Date: Thu Mar 29 20:31:14 2018 Update chromium.clang/fyi CFI bots to enable icall BUG= 701919 Change-Id: If2880073f9e927534fb24295fc6a375d78b80f2c Reviewed-on: https://chromium-review.googlesource.com/985155 Reviewed-by: Dirk Pranke <dpranke@chromium.org> Reviewed-by: Peter Collingbourne <pcc@chromium.org> Commit-Queue: Peter Collingbourne <pcc@chromium.org> Cr-Commit-Position: refs/heads/master@{#546922} [modify] https://crrev.com/f00a3e14e8c1673c0352b19b358b36f3cc3de30b/tools/mb/mb_config.pyl
,
Apr 18 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ce0f9d9733e6547746c5a36c77a13e535a1496fc commit ce0f9d9733e6547746c5a36c77a13e535a1496fc Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org> Date: Wed Apr 18 19:13:57 2018 [CFI] Enable cfi-icall on CFI memory bot BUG= 701919 Change-Id: I1e145f996f091a8e653190d94392119902e757b3 Reviewed-on: https://chromium-review.googlesource.com/1010836 Reviewed-by: Dirk Pranke <dpranke@chromium.org> Commit-Queue: Peter Collingbourne <pcc@chromium.org> Cr-Commit-Position: refs/heads/master@{#551774} [modify] https://crrev.com/ce0f9d9733e6547746c5a36c77a13e535a1496fc/tools/mb/mb_config.pyl
,
Apr 18 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/08c55e7f52cd1c9b421cf7176f09dfe543047b05 commit 08c55e7f52cd1c9b421cf7176f09dfe543047b05 Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org> Date: Wed Apr 18 22:16:35 2018 Revert "[CFI] Enable cfi-icall on CFI memory bot" This reverts commit ce0f9d9733e6547746c5a36c77a13e535a1496fc. Reason for revert: Linux CFI bot fails due to http://crbug.com/834474 Original change's description: > [CFI] Enable cfi-icall on CFI memory bot > > BUG= 701919 > > Change-Id: I1e145f996f091a8e653190d94392119902e757b3 > Reviewed-on: https://chromium-review.googlesource.com/1010836 > Reviewed-by: Dirk Pranke <dpranke@chromium.org> > Commit-Queue: Peter Collingbourne <pcc@chromium.org> > Cr-Commit-Position: refs/heads/master@{#551774} TBR=dpranke@chromium.org,pcc@chromium.org,vtsyrklevich@chromium.org Change-Id: Ic609950ec75e82d753f454598365724432c1a1ad No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 701919 Reviewed-on: https://chromium-review.googlesource.com/1018042 Reviewed-by: Peter Collingbourne <pcc@chromium.org> Commit-Queue: Peter Collingbourne <pcc@chromium.org> Cr-Commit-Position: refs/heads/master@{#551847} [modify] https://crrev.com/08c55e7f52cd1c9b421cf7176f09dfe543047b05/tools/mb/mb_config.pyl
,
Apr 27 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/043c2f9140bc7aeb53dabc84f63c472835626b62 commit 043c2f9140bc7aeb53dabc84f63c472835626b62 Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org> Date: Fri Apr 27 01:40:51 2018 Reland "[CFI] Enable cfi-icall on CFI memory bot" This is a reland of ce0f9d9733e6547746c5a36c77a13e535a1496fc now that clang has been updated and includes https://reviews.llvm.org/D45798 Original change's description: > [CFI] Enable cfi-icall on CFI memory bot > > BUG= 701919 > > Change-Id: I1e145f996f091a8e653190d94392119902e757b3 > Reviewed-on: https://chromium-review.googlesource.com/1010836 > Reviewed-by: Dirk Pranke <dpranke@chromium.org> > Commit-Queue: Peter Collingbourne <pcc@chromium.org> > Cr-Commit-Position: refs/heads/master@{#551774} Bug: 701919 Change-Id: I540a8adf3498f12a23c9655490d727394c939871 Reviewed-on: https://chromium-review.googlesource.com/1026913 Reviewed-by: Peter Collingbourne <pcc@chromium.org> Reviewed-by: Dirk Pranke <dpranke@chromium.org> Commit-Queue: Peter Collingbourne <pcc@chromium.org> Cr-Commit-Position: refs/heads/master@{#554257} [modify] https://crrev.com/043c2f9140bc7aeb53dabc84f63c472835626b62/tools/mb/mb_config.pyl
,
Apr 30 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a6889a090458a2653794c6e63387d6db743dc7f9 commit a6889a090458a2653794c6e63387d6db743dc7f9 Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org> Date: Mon Apr 30 18:52:52 2018 [CFI] Enable cfi-icall for official Linux x64 builds The measured size impact is 1.5% and perf impact is ~1%. Bug: 701919 Change-Id: I541242711bc85cc124ff3a2680171577e75475bd Reviewed-on: https://chromium-review.googlesource.com/1033918 Commit-Queue: Peter Collingbourne <pcc@chromium.org> Reviewed-by: Peter Collingbourne <pcc@chromium.org> Reviewed-by: Dirk Pranke <dpranke@chromium.org> Cr-Commit-Position: refs/heads/master@{#554828} [modify] https://crrev.com/a6889a090458a2653794c6e63387d6db743dc7f9/build/config/sanitizers/sanitizers.gni
,
May 3 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4a5c48bfcfc6362a8c35cf86d0de977aa6b28c4e commit 4a5c48bfcfc6362a8c35cf86d0de977aa6b28c4e Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org> Date: Thu May 03 20:13:57 2018 Revert "[CFI] Enable cfi-icall for official Linux x64 builds" This reverts commit a6889a090458a2653794c6e63387d6db743dc7f9. Reason for revert: Seeing multiple failures that might be caused by this change: 839362, 838785, 838858, 839327 Original change's description: > [CFI] Enable cfi-icall for official Linux x64 builds > > The measured size impact is 1.5% and perf impact is ~1%. > > Bug: 701919 > Change-Id: I541242711bc85cc124ff3a2680171577e75475bd > Reviewed-on: https://chromium-review.googlesource.com/1033918 > Commit-Queue: Peter Collingbourne <pcc@chromium.org> > Reviewed-by: Peter Collingbourne <pcc@chromium.org> > Reviewed-by: Dirk Pranke <dpranke@chromium.org> > Cr-Commit-Position: refs/heads/master@{#554828} TBR=dpranke@chromium.org,pcc@chromium.org,vtsyrklevich@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: 701919 Change-Id: Ia73c2508483576a16fbc00749f081f013e6fd813 Reviewed-on: https://chromium-review.googlesource.com/1042765 Reviewed-by: Peter Collingbourne <pcc@chromium.org> Commit-Queue: Peter Collingbourne <pcc@chromium.org> Cr-Commit-Position: refs/heads/master@{#555853} [modify] https://crrev.com/4a5c48bfcfc6362a8c35cf86d0de977aa6b28c4e/build/config/sanitizers/sanitizers.gni
,
May 3 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/039f8102db2687c62e8423c2059bde57285b1619 commit 039f8102db2687c62e8423c2059bde57285b1619 Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org> Date: Thu May 03 21:13:21 2018 Revert "[CFI] Enable cfi-icall for official Linux x64 builds" This reverts commit a6889a090458a2653794c6e63387d6db743dc7f9. Reason for revert: Seeing multiple failures that might be caused by this change: 839362, 838785, 838858, 839327 Original change's description: > [CFI] Enable cfi-icall for official Linux x64 builds > > The measured size impact is 1.5% and perf impact is ~1%. > > Bug: 701919 > Change-Id: I541242711bc85cc124ff3a2680171577e75475bd > Reviewed-on: https://chromium-review.googlesource.com/1033918 > Commit-Queue: Peter Collingbourne <pcc@chromium.org> > Reviewed-by: Peter Collingbourne <pcc@chromium.org> > Reviewed-by: Dirk Pranke <dpranke@chromium.org> > Cr-Commit-Position: refs/heads/master@{#554828} TBR=dpranke@chromium.org,pcc@chromium.org,vtsyrklevich@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: 701919 Change-Id: Ia73c2508483576a16fbc00749f081f013e6fd813 Reviewed-on: https://chromium-review.googlesource.com/1042765 Reviewed-by: Peter Collingbourne <pcc@chromium.org> Commit-Queue: Peter Collingbourne <pcc@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#555853}(cherry picked from commit 4a5c48bfcfc6362a8c35cf86d0de977aa6b28c4e) Reviewed-on: https://chromium-review.googlesource.com/1043125 Reviewed-by: Abdul Syed <abdulsyed@google.com> Cr-Commit-Position: refs/branch-heads/3418@{#3} Cr-Branched-From: 5319d9b60c08fee2ca45593c7a67688408ce5d73-refs/heads/master@{#555651} [modify] https://crrev.com/039f8102db2687c62e8423c2059bde57285b1619/build/config/sanitizers/sanitizers.gni
,
May 8 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b9eff62f446687d23ffc3a1a4e8cc9ebd9f3b871 commit b9eff62f446687d23ffc3a1a4e8cc9ebd9f3b871 Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org> Date: Tue May 08 18:06:54 2018 Reland "[CFI] Enable cfi-icall for official Linux x64 builds" This is a reland of a6889a090458a2653794c6e63387d6db743dc7f9 now that crrev.com/c/1044502 crrev.com/c/1043259 and crrev.com/c/1043283 fix the previously discovered issues. Original change's description: > [CFI] Enable cfi-icall for official Linux x64 builds > > The measured size impact is 1.5% and perf impact is ~1%. > > Bug: 701919 > Change-Id: I541242711bc85cc124ff3a2680171577e75475bd > Reviewed-on: https://chromium-review.googlesource.com/1033918 > Commit-Queue: Peter Collingbourne <pcc@chromium.org> > Reviewed-by: Peter Collingbourne <pcc@chromium.org> > Reviewed-by: Dirk Pranke <dpranke@chromium.org> > Cr-Commit-Position: refs/heads/master@{#554828} Bug: 701919 Change-Id: I1a518d356cc6f3599545e594204ce360b4e0360a Reviewed-on: https://chromium-review.googlesource.com/1045565 Reviewed-by: Peter Collingbourne <pcc@chromium.org> Reviewed-by: Max Moroz <mmoroz@chromium.org> Commit-Queue: Peter Collingbourne <pcc@chromium.org> Cr-Commit-Position: refs/heads/master@{#556874} [modify] https://crrev.com/b9eff62f446687d23ffc3a1a4e8cc9ebd9f3b871/build/config/sanitizers/sanitizers.gni
,
May 21 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1f6764dc86fcb32c8c7a72a383612dcc48439273 commit 1f6764dc86fcb32c8c7a72a383612dcc48439273 Author: Vlad Tsyrklevich <vtsyrklevich@chromium.org> Date: Mon May 21 21:53:34 2018 CFI-icall: Speculatively disable icall for several files I audited calls to dynamically resolved functions once again and found several more candidate calls that would fail if reached and are included in the chromium build. Bug: 701919 Change-Id: I37d4e90654e005c85aa264593067ea08d610204d Reviewed-on: https://chromium-review.googlesource.com/1067781 Reviewed-by: Peter Collingbourne <pcc@chromium.org> Commit-Queue: Peter Collingbourne <pcc@chromium.org> Cr-Commit-Position: refs/heads/master@{#560356} [modify] https://crrev.com/1f6764dc86fcb32c8c7a72a383612dcc48439273/tools/cfi/blacklist.txt
,
Jul 22
vtsyrklevich@, pcc@: This change triggers a crash in my unofficial Chromium 68 build for Arch Linux when viewing a particular JPEG image. Could you please take a look at issue 866290 and help me figure out if it's something that can be fixed (based on the diagnostic message and crash location).
,
Jul 31
Shipped in M68 (with a somewhat wide blacklist.) |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by p...@chromium.org
, Mar 15 2017