王大天 via llvm-dev
2018-Jul-16 01:53 UTC
[llvm-dev] Collect all possible return address and write in a new section
Hi I try to implement a coarse-grained CFI in LLVM (CFI = Contorl Flow Integrity) I want to collect all address after call instructions address after a call equals to a valid return site in coarse-grained CFI I want to add a new section and write all the possible return address in the new section (and then, add the integrity check) I have some quetions: (1) Which part of LLVM code should I implement my CFI ? IR level or SelectionDAG/CodeGen? (2) LLVM MC can let me add a new section, right? (3) How can I get the real address of instruction in compile time? Or should I modify linker/loader? Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20180716/d1cdb775/attachment.html>
Dean Michael Berris via llvm-dev
2018-Jul-17 01:47 UTC
[llvm-dev] Collect all possible return address and write in a new section
Hi -- can you describe a bit more what you mean by coarse-grained CFI? We do some of what you're describing in the XRay implementation, where we have a section for the instrumentation map and at runtime we're able to tell which functions are instrumented. The way we've had to do this is with attributes at LLVM IR for functions, have a pass that will lower certain instructions (returns and tail exits) into pseudo-instructions, and further lowering to target/platform specific details (sections in ELF/MachO etc.). On Tue, Jul 17, 2018 at 5:53 AM 王大天 via llvm-dev <llvm-dev at lists.llvm.org> wrote:> > Hi > > I try to implement a coarse-grained CFI in LLVM > > (CFI = Contorl Flow Integrity) > > I want to collect all address after call instructions > > address after a call equals to a valid return site in coarse-grained CFI > > I want to add a new section > > and write all the possible return address in the new section > > (and then, add the integrity check) > > I have some quetions: > > (1) > Which part of LLVM code should I implement my CFI ? > IR level or SelectionDAG/CodeGen? > > (2) > LLVM MC can let me add a new section, right? > > (3) > How can I get the real address of instruction in compile time? > Or should I modify linker/loader? > > Thank you > > > > > > > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev-- Dean
Dean Michael Berris via llvm-dev
2018-Jul-18 01:38 UTC
[llvm-dev] Collect all possible return address and write in a new section
Adding back llvm-dev On Wed, Jul 18, 2018 at 10:55 AM bigsky <hahabigsky at gmail.com> wrote:> > Hi > > I trace the code of XRay > > I found that "X86AsmPrinter::runOnMachineFunction" would call "emitXRayTable". > > So, you use " void AsmPrinter::emitXRayTable() " to write something into a new section, right? >Yes.> In emitXRayTable(), > > for (const auto &Sled : Sleds) > Sled.emit(WordSizeBytes, OutStreamer.get(), CurrentFnSym); > > Sleds is array of XRayFunctionEntry . > > In the AsmPrinter::XRayFunctionEntry::emit , there is a Out->EmitSymbolValue(CurrentFnSym, Bytes); > > > I wonder that whether the "CurrentFnSym" emitted to the new section will be a real adrress? > > Will CurrentFnSym be fixed up by linker/loader or someone? >It must be fixed up by the linker.> Thank you >Happy to help! Cheers> > 2018-07-17 9:47 GMT+08:00 Dean Michael Berris <dean.berris at gmail.com>: >> >> Hi -- can you describe a bit more what you mean by coarse-grained CFI? >> >> We do some of what you're describing in the XRay implementation, where >> we have a section for the instrumentation map and at runtime we're >> able to tell which functions are instrumented. >> >> The way we've had to do this is with attributes at LLVM IR for >> functions, have a pass that will lower certain instructions (returns >> and tail exits) into pseudo-instructions, and further lowering to >> target/platform specific details (sections in ELF/MachO etc.). >> >> On Tue, Jul 17, 2018 at 5:53 AM 王大天 via llvm-dev >> <llvm-dev at lists.llvm.org> wrote: >> > >> > Hi >> > >> > I try to implement a coarse-grained CFI in LLVM >> > >> > (CFI = Contorl Flow Integrity) >> > >> > I want to collect all address after call instructions >> > >> > address after a call equals to a valid return site in coarse-grained CFI >> > >> > I want to add a new section >> > >> > and write all the possible return address in the new section >> > >> > (and then, add the integrity check) >> > >> > I have some quetions: >> > >> > (1) >> > Which part of LLVM code should I implement my CFI ? >> > IR level or SelectionDAG/CodeGen? >> > >> > (2) >> > LLVM MC can let me add a new section, right? >> > >> > (3) >> > How can I get the real address of instruction in compile time? >> > Or should I modify linker/loader? >> > >> > Thank you >> > >> > >> > >> > >> > >> > >> > _______________________________________________ >> > LLVM Developers mailing list >> > llvm-dev at lists.llvm.org >> > http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev >> >> >> >> -- >> Dean > >-- Dean