| OLD | NEW |
|---|
| 1 //===-- MinSFI.cpp - Lists MinSFI sandboxing passes -----------------------===// | 1 //===-- MinSFI.cpp - Lists MinSFI sandboxing passes -----------------------===// |
| 2 // | 2 // |
| 3 // The LLVM Compiler Infrastructure | 3 // The LLVM Compiler Infrastructure |
| 4 // | 4 // |
| 5 // This file is distributed under the University of Illinois Open Source | 5 // This file is distributed under the University of Illinois Open Source |
| 6 // License. See LICENSE.TXT for details. | 6 // License. See LICENSE.TXT for details. |
| 7 // | 7 // |
| 8 //===----------------------------------------------------------------------===// | 8 //===----------------------------------------------------------------------===// |
| 9 // | 9 // |
| 10 // This file implements the meta-pass "-minsfi". It lists its constituent | 10 // This file implements the meta-pass "-minsfi". It lists its constituent |
| 11 // passes and explains the reasons for their ordering. | 11 // passes and explains the reasons for their ordering. |
| 12 // | 12 // |
| 13 //===----------------------------------------------------------------------===// | 13 //===----------------------------------------------------------------------===// |
| 14 | 14 |
| 15 #include "llvm/PassManager.h" | 15 #include "llvm/IR/LegacyPassManager.h" |
| 16 #include "llvm/Analysis/NaCl.h" | 16 #include "llvm/Analysis/NaCl.h" |
| 17 #include "llvm/Transforms/MinSFI.h" | 17 #include "llvm/Transforms/MinSFI.h" |
| 18 | 18 |
| 19 using namespace llvm; | 19 using namespace llvm; |
| 20 | 20 |
| 21 void llvm::MinSFIPasses(PassManagerBase &PM) { | 21 void llvm::MinSFIPasses(PassManagerBase &PM) { |
| 22 // Nondeterminism is generally undesirable in sandboxed code but more | 22 // Nondeterminism is generally undesirable in sandboxed code but more |
| 23 // importantly, use of undefined values can leak protected data. This pass | 23 // importantly, use of undefined values can leak protected data. This pass |
| 24 // replaces all undefs with predefined constants. It only modifies operands | 24 // replaces all undefs with predefined constants. It only modifies operands |
| 25 // of instructions and therefore is not dependent on any other MinSFI or | 25 // of instructions and therefore is not dependent on any other MinSFI or |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 59 // All passes running before this one do not have to be trusted in this | 59 // All passes running before this one do not have to be trusted in this |
| 60 // respect. Passes running later must not break the guarantee. | 60 // respect. Passes running later must not break the guarantee. |
| 61 PM.add(createSandboxMemoryAccessesPass()); | 61 PM.add(createSandboxMemoryAccessesPass()); |
| 62 | 62 |
| 63 // Lastly, we apply CFI sandboxing on indirect calls. The pass creates | 63 // Lastly, we apply CFI sandboxing on indirect calls. The pass creates |
| 64 // tables of address-taken functions and replaces function pointers with | 64 // tables of address-taken functions and replaces function pointers with |
| 65 // indices into the tables. This pass is invoked after SFI because it is | 65 // indices into the tables. This pass is invoked after SFI because it is |
| 66 // crucial that the tables cannot be modified by the sandboxed code. | 66 // crucial that the tables cannot be modified by the sandboxed code. |
| 67 PM.add(createSandboxIndirectCallsPass()); | 67 PM.add(createSandboxIndirectCallsPass()); |
| 68 } | 68 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1151093004:
Changes from 3.7 merge to files not in upstream (Closed)
Base URL: https://chromium.googlesource.com/native_client/pnacl-llvm.git@master