New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 719699 link

Starred by 5 users
Status: Untriaged
Owner: ----
Cc:
kcc@chromium.org
mitchp@google.com
vtsyrklevich@chromium.org
pwnall@chromium.org
cmt...@chromium.org
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocking:
issue 701937



Sign in to add a comment

Eliminate the CFI blacklist

Project Member Reported by p...@chromium.org, May 8 2017 
I see every CFI blacklist entry as a bug. This meta-bug tracks removing them.

Comment 1 by p...@chromium.org, May 8 2017

Blocking: 701937

Comment 2 by p...@chromium.org, Nov 2 2017

Cc: mitchp@google.com

Comment 3 by p...@chromium.org, Nov 2 2017

Cc: cmt...@chromium.org vtsyrklevich@chromium.org

Comment 4 by mitchp@google.com, Nov 2 2017 

See the attached files for a list of how many indirect control flow instructions each blacklist entry affects. This was generated using llvm-cfi-verify.

In particular, there are a few that stand out as being particularly wide-reaching. I've listed the top six worst offenders below - see the files for more information.

9088: "src:*v8/*"
4380: "src:*third_party/sqlite/*"
3687: "src:*third_party/webrtc/*"
2047: "src:*ppapi/*"
1474: "src:*third_party/libxml/*"
1444: "src:*ui/gl/gl_bindings_autogen_*"
blacklist-stats.txt
2.7 KB View Download
blacklist.txt
5.6 KB View Download

Comment 5 by vtsyrklevich@chromium.org, Jan 12 2018 

The following entries are currently the widest reaching (llvm-cfi-verify has updated how it matches on blacklist entries so these results are more complete than what was previously reported):

4366 src:*third_party/sqlite/*
3597 fun:*FunctorTraits*
1623 src:*ppapi/*
1435 src:*ui/gl/gl_bindings_autogen_*
1365 src:*third_party/WebKit/Source/platform/wtf/*
626 src:*third_party/icu/source/common/*
472 fun:*GrGLFunction*
409 src:*content/renderer/pepper*

Addressing sqlite is held-up on a new release of sqlite, the rest are currently unaddressed. Once sqlite is fixed that leaves 'expected unprotected' control-flow instructions at 4.3%.

Comment 6 by pwnall@chromium.org, Feb 6 2018

Cc: pwnall@chromium.org
I'm the primary SQLite owner. I upgraded SQLite to 3.22.0 fairly recently [1]. This is the most recent release [2]. Let me know if you need any help regarding it.

[1] https://crrev.com/c/882193
[2] https://www.sqlite.org/
Project Member

Comment 7 by bugdroid1@chromium.org, Oct 20 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fc3586f1954641741df3d70b94196f775ba27a83

commit fc3586f1954641741df3d70b94196f775ba27a83
Author: David Benjamin <davidben@chromium.org>
Date: Sat Oct 20 04:24:48 2018

Remove BoringSSL exception in CFI blacklist.

This got fixed by recent work to be pickier around function
pointers.

Bug: 719699
Change-Id: I684c0ee1d9866ef5517fe983f6e86ab44fb16689
Reviewed-on: https://chromium-review.googlesource.com/c/1282202
Reviewed-by: Evgeniy Stepanov <eugenis@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Commit-Queue: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#601402}
[modify] https://crrev.com/fc3586f1954641741df3d70b94196f775ba27a83/tools/cfi/blacklist.txt

Sign in to add a comment