8b7555406c
This change introduces a ProtectedMemory container class intended to
store dynamically resolved function pointers for cross-DSO calls that
must be exempted from Control Flow Integrity indirect call checking.
These function pointers can not be checked by cfi-icall, instead we
place them in read-only memory and set them writable only when they
need to be initialized. ProtectedMemory is only suitable for
storing data in global/static variables, a follow-up change will
introduce a container class that allows dynamically allocating
multiple instances of a given type.
ProtectedMemory currently only works on Linux and macOS, its use is
a no-op on other platforms.
This change also introduces two helper macros to easily call function
pointers stored in ProtectedMemory containers without cfi-icall checks
applied in order to avoid sprinkling no_sanitize("cfi-icall") attributes
throughout the source code and encouraging its misuse.
Bug: 771365
Change-Id: Ic9433095d9550ae8478ad9931ec5e3c37edb23ec
Reviewed-on: https://chromium-review.googlesource.com/706859
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Brett Wilson <brettw@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Chris Palmer <palmer@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#515747}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: 36d1a861ddf153756345ca1904a87c15504188fd
|
||
|---|---|---|
| .. | ||
| BUILD.gn | ||
| BuildInfo.plist | ||
| OWNERS | ||
| base_rules.gni | ||
| compile_ib_files.py | ||
| mac_sdk.gni | ||
| mac_sdk_overrides.gni | ||
| package_framework.py | ||
| plist_util.py | ||
| prepare_framework_version.py | ||
| rules.gni | ||
| sdk_info.py | ||
| symbols.gni | ||
| write_pkg_info.py | ||
| xcrun.py | ||