Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CFI breaks on trait Address Taken functions #115953

Closed
maurer opened this issue Sep 19, 2023 · 1 comment
Closed

CFI breaks on trait Address Taken functions #115953

maurer opened this issue Sep 19, 2023 · 1 comment
Assignees
@rcvalle
Labels
A-sanitizers Area: Sanitizers for correctness and code quality C-bug Category: This is a bug. PG-exploit-mitigations Project group: Exploit mitigations requires-nightly This issue requires a nightly compiler in some way. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.

Comments

@maurer
Copy link
Contributor

maurer commented Sep 19, 2023
edited by rustbot
Loading 

mmaurer@anyblade:~/github/rust-lang$ rustc -Z sanitizer=cfi -C lto -C codegen-units=1 badsample.rs
mmaurer@anyblade:~/github/rust-lang$ ./badsample 
Illegal instruction
mmaurer@anyblade:~/github/rust-lang$ rustc -C lto -C codegen-units=1 badsample.rs
mmaurer@anyblade:~/github/rust-lang$ ./badsample
mmaurer@anyblade:~/github/rust-lang$ cat badsample.rs 

trait Foo {
    fn foo(&self);
}

struct S;

impl Foo for S {
    fn foo(&self) {}
}

struct S2 {
    f: fn(&S)
}

impl S2 {
    fn foo(&self, s: &S) {
        (self.f)(s)
    }
}

fn main() {
    S2 { f: <S as Foo>::foo }.foo(&S)
}

This appears to happen because <S as Foo>::foo has CFI-type fn(&dyn Foo) rather than fn(&S).

cc @rcvalle
@maurer maurer added the C-bug Category: This is a bug. label Sep 19, 2023
@rustbot rustbot added the needs-triage This issue may need triage. Remove it if it has been sufficiently triaged. label Sep 19, 2023
@maurer maurer mentioned this issue Sep 19, 2023
Open
@rcvalle rcvalle added PG-exploit-mitigations Project group: Exploit mitigations requires-nightly This issue requires a nightly compiler in some way. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. and removed needs-triage This issue may need triage. Remove it if it has been sufficiently triaged. labels Sep 19, 2023
@rcvalle
Copy link
Member

rcvalle commented Sep 19, 2023

@rustbot claim

@Noratrieb Noratrieb added the A-sanitizers Area: Sanitizers for correctness and code quality label Sep 19, 2023
@rcvalle rcvalle mentioned this issue Mar 22, 2024
Closed
maurer added a commit to maurer/rust that referenced this issue Mar 25, 2024
@maurer
CFI: Support function pointers for trait methods
f388dab 
Adds support for both CFI and KCFI for attaching concrete and abstract
types to functions. KCFI does this through generation of `ReifyShim` on
any function pointer that could go in a vtable, and checking the
`ReifyReason` when emitting the instance. CFI does this by attaching
both the concrete and abstract type to every instance.

Fixes rust-lang#115953
maurer added a commit to maurer/rust that referenced this issue Mar 25, 2024
@maurer
CFI: Support function pointers for trait methods
f64da91 
Adds support for both CFI and KCFI for attaching concrete and abstract
types to functions. KCFI does this through generation of `ReifyShim` on
any function pointer that could go in a vtable, and checking the
`ReifyReason` when emitting the instance. CFI does this by attaching
both the concrete and abstract type to every instance.

Fixes rust-lang#115953
maurer added a commit to maurer/rust that referenced this issue Mar 26, 2024
@maurer
CFI: Support function pointers for trait methods
181d861 
Adds support for both CFI and KCFI for attaching concrete and abstract
types to functions. KCFI does this through generation of `ReifyShim` on
any function pointer that could go in a vtable, and checking the
`ReifyReason` when emitting the instance. CFI does this by attaching
both the concrete and abstract type to every instance.

TypeID codegen tests are switched to be anchored on the left rather than
the right in order to allow emission of additional type attachments.

Fixes rust-lang#115953
maurer added a commit to maurer/rust that referenced this issue Mar 26, 2024
@maurer
CFI: Support function pointers for trait methods
3d8e750 
Adds support for both CFI and KCFI for attaching concrete and abstract
types to functions. KCFI does this through generation of `ReifyShim` on
any function pointer that could go in a vtable, and checking the
`ReifyReason` when emitting the instance. CFI does this by attaching
both the concrete and abstract type to every instance.

TypeID codegen tests are switched to be anchored on the left rather than
the right in order to allow emission of additional type attachments.

Fixes rust-lang#115953
maurer added a commit to maurer/rust that referenced this issue Mar 28, 2024
@maurer
CFI: Support function pointers for trait methods
3f1d27e 
Adds support for both CFI and KCFI for attaching concrete and abstract
types to functions. KCFI does this through generation of `ReifyShim` on
any function pointer that could go in a vtable, and checking the
`ReifyReason` when emitting the instance. CFI does this by attaching
both the concrete and abstract type to every instance.

TypeID codegen tests are switched to be anchored on the left rather than
the right in order to allow emission of additional type attachments.

Fixes rust-lang#115953
maurer added a commit to maurer/rust that referenced this issue Mar 29, 2024
@maurer
CFI: Support function pointers for trait methods
655f34a 
Adds support for both CFI and KCFI for attaching concrete and abstract
types to functions. KCFI does this through generation of `ReifyShim` on
any function pointer that could go in a vtable, and checking the
`ReifyReason` when emitting the instance. CFI does this by attaching
both the concrete and abstract type to every instance.

TypeID codegen tests are switched to be anchored on the left rather than
the right in order to allow emission of additional type attachments.

Fixes rust-lang#115953
maurer added a commit to maurer/rust that referenced this issue Mar 29, 2024
@maurer
CFI: Support function pointers for trait methods
1c54900 
Adds support for both CFI and KCFI for attaching concrete and abstract
types to functions. KCFI does this through generation of `ReifyShim` on
any function pointer that could go in a vtable, and checking the
`ReifyReason` when emitting the instance. CFI does this by attaching
both the concrete and abstract type to every instance.

TypeID codegen tests are switched to be anchored on the left rather than
the right in order to allow emission of additional type attachments.

Fixes rust-lang#115953
maurer added a commit to maurer/rust that referenced this issue Mar 30, 2024
@maurer
CFI: Support function pointers for trait methods
4775daf 
Adds support for both CFI and KCFI for attaching concrete and abstract
types to functions. KCFI does this through generation of `ReifyShim` on
any function pointer that could go in a vtable, and checking the
`ReifyReason` when emitting the instance. CFI does this by attaching
both the concrete and abstract type to every instance.

TypeID codegen tests are switched to be anchored on the left rather than
the right in order to allow emission of additional type attachments.

Fixes rust-lang#115953
maurer added a commit to maurer/rust that referenced this issue Apr 1, 2024
@maurer
CFI: Support function pointers for trait methods
296884f 
Adds support for both CFI and KCFI for attaching concrete and abstract
types to functions. KCFI does this through generation of `ReifyShim` on
any function pointer that could go in a vtable, and checking the
`ReifyReason` when emitting the instance. CFI does this by attaching
both the concrete and abstract type to every instance.

TypeID codegen tests are switched to be anchored on the left rather than
the right in order to allow emission of additional type attachments.

Fixes rust-lang#115953
@bors bors closed this as completed in 473a70d Apr 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rcvalle rcvalle

Labels
A-sanitizers Area: Sanitizers for correctness and code quality C-bug Category: This is a bug. PG-exploit-mitigations Project group: Exploit mitigations requires-nightly This issue requires a nightly compiler in some way. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

CFI: Fix fn items, closures, and Fn trait objects, and more rcvalle/rust
4 participants
@maurer @rcvalle @rustbot @Noratrieb