Skip to content

GitLab

Open
Created by Shawn Webb@shawn.webbOwner

Resolve cfi-icall violations

Many applications violate the cfi-icall scheme. A cursory list, found by grep, is listed below. This bug report should be the master issue, tracking sub-issues to fix each individual application. So this ticket should be broken out for each application (for example: one for md5, another for mount_nfs, another for bhyveload, etc.)

Some of these cannot be fixed until we gain Cross-DSO CFI support. For example, if a function pointer crosses a DSO boundary (dlopen/dlsym).

hbsd-current-01[shawn]:/usr/src $ grep -rnF CFI_OVERRIDE .
./sbin/md5/Makefile:7:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./sbin/mount_nfs/Makefile:14:CFI_OVERRIDE=      -fno-sanitize=cfi-icall
./usr.sbin/rpc.yppasswdd/Makefile:18:CFI_OVERRIDE=      -fno-sanitize=cfi-icall
./usr.sbin/bhyveload/Makefile:8:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./usr.sbin/mountd/Makefile:7:CFI_OVERRIDE=      -fno-sanitize=cfi-icall
./usr.sbin/pwd_mkdb/Makefile:11:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./usr.sbin/blacklistd/Makefile:23:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./usr.sbin/rpc.ypupdated/Makefile:11:CFI_OVERRIDE=      -fno-sanitize=cfi-icall
./usr.sbin/rpc.umntall/Makefile:10:CFI_OVERRIDE=        -fno-sanitize=cfi-icall
./usr.sbin/rpc.ypxfrd/Makefile:10:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./usr.sbin/ppp/Makefile:19:CFI_OVERRIDE=        -fno-sanitize=cfi-icall
./usr.sbin/unbound/checkconf/Makefile:16:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./usr.sbin/rpcbind/Makefile:10:CFI_OVERRIDE=    -fno-sanitize=cfi-icall
./usr.sbin/services_mkdb/Makefile:10:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./usr.sbin/sendmail/Makefile:31:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./usr.sbin/rpc.lockd/Makefile:12:CFI_OVERRIDE=  -fno-sanitize=cfi-icall
./usr.sbin/rpc.statd/Makefile:10:CFI_OVERRIDE=  -fno-sanitize=cfi-icall
./usr.bin/rpcgen/Makefile:7:CFI_OVERRIDE=       -fno-sanitize=cfi-icall
./usr.bin/showmount/Makefile:7:CFI_OVERRIDE=    -fno-sanitize=cfi-icall
./usr.bin/mail/Makefile:15:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./usr.bin/rpcinfo/Makefile:12:CFI_OVERRIDE=     -fno-sanitize=cfi-icall
./usr.bin/nc/Makefile:13:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./usr.bin/svn/svn/Makefile:70:CFI_OVERRIDE=     -fno-sanitize=cfi-icall
./usr.bin/vi/Makefile:19:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./usr.bin/tsort/Makefile:6:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./kerberos5/usr.sbin/kstash/Makefile:12:CFI_OVERRIDE=   -fno-sanitize=cfi-icall
./kerberos5/usr.sbin/iprop-log/Makefile:14:CFI_OVERRIDE=        -fno-sanitize=cfi-icall
./kerberos5/usr.sbin/ktutil/Makefile:19:CFI_OVERRIDE=   -fno-sanitize=cfi-icall
./kerberos5/libexec/hprop/Makefile:19:CFI_OVERRIDE=     -fno-sanitize=cfi-icall
./kerberos5/libexec/hpropd/Makefile:12:CFI_OVERRIDE=    -fno-sanitize=cfi-icall
./kerberos5/libexec/kcm/Makefile:20:CFI_OVERRIDE=       -fno-sanitize=cfi-icall
./kerberos5/libexec/ipropd-slave/Makefile:13:CFI_OVERRIDE=      -fno-sanitize=cfi-icall
./kerberos5/libexec/kadmind/Makefile:10:CFI_OVERRIDE=   -fno-sanitize=cfi-icall
./kerberos5/libexec/kdigest/Makefile:13:CFI_OVERRIDE=   -fno-sanitize=cfi-icall
./kerberos5/libexec/kdc/Makefile:11:CFI_OVERRIDE=       -fno-sanitize=cfi-icall
./kerberos5/libexec/kpasswdd/Makefile:11:CFI_OVERRIDE=  -fno-sanitize=cfi-icall
./kerberos5/libexec/digest-service/Makefile:15:CFI_OVERRIDE=    -fno-sanitize=cfi-icall
./kerberos5/libexec/ipropd-master/Makefile:13:CFI_OVERRIDE=     -fno-sanitize=cfi-icall
./kerberos5/libexec/kimpersonate/Makefile:11:CFI_OVERRIDE=      -fno-sanitize=cfi-icall
./kerberos5/libexec/kfd/Makefile:9:CFI_OVERRIDE=        -fno-sanitize=cfi-icall
./kerberos5/usr.bin/kdestroy/Makefile:8:CFI_OVERRIDE=   -fno-sanitize=cfi-icall
./kerberos5/usr.bin/kcc/Makefile:19:CFI_OVERRIDE=       -fno-sanitize=cfi-icall
./kerberos5/usr.bin/string2key/Makefile:13:CFI_OVERRIDE=        -fno-sanitize=cfi-icall
./kerberos5/usr.bin/kadmin/Makefile:27:CFI_OVERRIDE=    -fno-sanitize=cfi-icall
./kerberos5/usr.bin/kf/Makefile:9:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/usr.bin/kpasswd/Makefile:8:CFI_OVERRIDE=    -fno-sanitize=cfi-icall
./kerberos5/usr.bin/kinit/Makefile:7:CFI_OVERRIDE=      -fno-sanitize=cfi-icall
./kerberos5/usr.bin/kgetcred/Makefile:8:CFI_OVERRIDE=   -fno-sanitize=cfi-icall
./kerberos5/usr.bin/hxtool/Makefile:14:CFI_OVERRIDE=    -fno-sanitize=cfi-icall
./kerberos5/usr.bin/verify_krb5_conf/Makefile:9:CFI_OVERRIDE=   -fno-sanitize=cfi-icall
./kerberos5/usr.bin/ksu/Makefile:13:CFI_OVERRIDE=       -fno-sanitize=cfi-icall