diff options
| author | Evgeniy Stepanov <eugeni.stepanov@gmail.com> | 2015-12-15 23:00:20 +0000 |
|---|---|---|
| committer | Evgeniy Stepanov <eugeni.stepanov@gmail.com> | 2015-12-15 23:00:20 +0000 |
| commit | fd6f92d5cb962a2b72c105dd8440ba831019964c (patch) | |
| tree | 93571c9c74510077ebc664c91041741517ddcd21 /clang/docs/ControlFlowIntegrity.rst | |
| parent | 67849d56c3ce2459b8681da5e7935289018dcdbb (diff) | |
| download | bcm5719-llvm-fd6f92d5cb962a2b72c105dd8440ba831019964c.tar.gz bcm5719-llvm-fd6f92d5cb962a2b72c105dd8440ba831019964c.zip | |
Cross-DSO control flow integrity (Clang part).
Clang-side cross-DSO CFI.
* Adds a command line flag -f[no-]sanitize-cfi-cross-dso.
* Links a runtime library when enabled.
* Emits __cfi_slowpath calls is bitset test fails.
* Emits extra hash-based bitsets for external CFI checks.
* Sets a module flag to enable __cfi_check generation during LTO.
This mode does not yet support diagnostics.
llvm-svn: 255694
Diffstat (limited to 'clang/docs/ControlFlowIntegrity.rst')
| -rw-r--r-- | clang/docs/ControlFlowIntegrity.rst | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/clang/docs/ControlFlowIntegrity.rst b/clang/docs/ControlFlowIntegrity.rst index 3c76f0065ee..780ff882d0e 100644 --- a/clang/docs/ControlFlowIntegrity.rst +++ b/clang/docs/ControlFlowIntegrity.rst @@ -24,10 +24,14 @@ You can also enable a subset of available :ref:`schemes <cfi-schemes>`. As currently implemented, all schemes rely on link-time optimization (LTO); so it is required to specify ``-flto``, and the linker used must support LTO, for example via the `gold plugin`_. -To allow the checks to be implemented efficiently, the program must -be structured such that certain object files are compiled with CFI enabled, -and are statically linked into the program. This may preclude the use of -shared libraries in some cases. + +To allow the checks to be implemented efficiently, the program must be +structured such that certain object files are compiled with CFI +enabled, and are statically linked into the program. This may preclude +the use of shared libraries in some cases. Experimental support for +:ref:`cross-DSO control flow integrity <cfi-cross-dso>` exists that +does not have these requirements. This cross-DSO support has unstable +ABI at this time. .. _gold plugin: http://llvm.org/docs/GoldPlugin.html @@ -245,6 +249,16 @@ are typically defined outside of the linked program. # Ignore all types with a uuid attribute. type:attr:uuid +.. _cfi-cross-dso: + +Shared library support +====================== + +Use **-f[no-]sanitize-cfi-cross-dso** to enable the cross-DSO control +flow integrity mode, which allows all CFI schemes listed above to +apply across DSO boundaries. As in the regular CFI, each DSO must be +built with ``-flto``. + Design ====== |
