gn /
gn /
0f8f345e6faaf467922942528f60fdfcae89c839 [CFI] Add protected memory container class
This change introduces a ProtectedMemory container class intended to
store dynamically resolved function pointers for cross-DSO calls that
must be exempted from Control Flow Integrity indirect call checking.
These function pointers can not be checked by cfi-icall, instead we
place them in read-only memory and set them writable only when they
need to be initialized. ProtectedMemory is only suitable for
storing data in global/static variables, a follow-up change will
introduce a container class that allows dynamically allocating
multiple instances of a given type.
ProtectedMemory currently only works on Linux and macOS, its use is
a no-op on other platforms.
This change also introduces two helper macros to easily call function
pointers stored in ProtectedMemory containers without cfi-icall checks
applied in order to avoid sprinkling no_sanitize("cfi-icall") attributes
throughout the source code and encouraging its misuse.
Bug: 771365
Change-Id: Ic9433095d9550ae8478ad9931ec5e3c37edb23ec
Reviewed-on: https://chromium-review.googlesource.com/706859
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Brett Wilson <brettw@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Chris Palmer <palmer@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#515747}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: 36d1a861ddf153756345ca1904a87c15504188fd1 file changed
tree: 25dcaff17071fafaa5204c56fa2cc001f98d5b3a
- tools/
