Commit 2639dafa authored by Vlad Tsyrklevich's avatar Vlad Tsyrklevich Committed by Commit Bot

[CFI] Disable indirect call checking into JITd code

CFI-icall checking makes use of compile-time information to verify
whether a given indirect call is valid; however, this is impossible to
verify for calls into JITed code. Mark functions calling into JITed code
with an attribute disabling CFI-icall checking.

Bug=v8:7164

Change-Id: I20161510b810744ff5e234d77cf603913482a539
Reviewed-on: https://chromium-review.googlesource.com/861305Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50516}
parent e6138f54
...@@ -169,18 +169,23 @@ V8_INLINE Dest bit_cast(Source const& source) { ...@@ -169,18 +169,23 @@ V8_INLINE Dest bit_cast(Source const& source) {
#define DISABLE_ASAN #define DISABLE_ASAN
#endif #endif
// DISABLE_CFI_PERF -- Disable Control Flow Integrity checks for Perf reasons. // Helper macro to define no_sanitize attributes only with clang.
#if !defined(DISABLE_CFI_PERF)
#if defined(__clang__) && defined(__has_attribute) #if defined(__clang__) && defined(__has_attribute)
#if __has_attribute(no_sanitize) #if __has_attribute(no_sanitize)
#define DISABLE_CFI_PERF __attribute__((no_sanitize("cfi"))) #define CLANG_NO_SANITIZE(what) __attribute__((no_sanitize(what)))
#endif
#endif #endif
#endif #endif
#if !defined(DISABLE_CFI_PERF) #if !defined(CLANG_NO_SANITIZE)
#define DISABLE_CFI_PERF #define CLANG_NO_SANITIZE(what)
#endif #endif
// DISABLE_CFI_PERF -- Disable Control Flow Integrity checks for Perf reasons.
#define DISABLE_CFI_PERF CLANG_NO_SANITIZE("cfi")
// DISABLE_CFI_ICALL -- Disable Control Flow Integrity indirect call checks,
// useful because calls into JITed code can not be CFI verified.
#define DISABLE_CFI_ICALL CLANG_NO_SANITIZE("cfi-icall")
#if V8_CC_GNU #if V8_CC_GNU
#define V8_IMMEDIATE_CRASH() __builtin_trap() #define V8_IMMEDIATE_CRASH() __builtin_trap()
#else #else
......
...@@ -105,7 +105,7 @@ class GeneratedCode { ...@@ -105,7 +105,7 @@ class GeneratedCode {
reinterpret_cast<byte*>(fn_ptr_), args...); reinterpret_cast<byte*>(fn_ptr_), args...);
} }
#else #else
Return Call(Args... args) { DISABLE_CFI_ICALL Return Call(Args... args) {
// When running without a simulator we call the entry directly. // When running without a simulator we call the entry directly.
return fn_ptr_(args...); return fn_ptr_(args...);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment