dbopen(3): Develop mechanism for cfi-icall-safe function pointer calls
The dbopen(3)
API (and ABI) present issues with the cfi-icall scheme. Function pointers are stuffed into a structure whereby the function pointers usually point to functions in libc. This presents a problem since we don't support Cross-DSO CFI, causing the CFI checks to fail on an uninstrumented function pointer address.
typedef struct {
DBTYPE type;
int (*close)(DB *db);
int (*del)(const DB *db, const DBT *key, u_int flags);
int (*fd)(const DB *db);
int (*get)(const DB *db, const DBT *key, DBT *data, u_int flags);
int (*put)(const DB *db, DBT *key, const DBT *data,
u_int flags);
int (*sync)(const DB *db, u_int flags);
int (*seq)(const DB *db, DBT *key, DBT *data, u_int flags);
} DB;
The dbopen(3)
function sets these function pointers to functions within libc. Applications are expected to call these function pointers directly.
We can solve this in one of two ways:
- Provide wrapper functions in libc that calls the function pointers.
- Provide wrapper functions in
sa(8)
that calls the function pointers. These wrapper functions would need to have cfi-icall disabled.
Option 1 is likely the best route to go. Ideally, applications wouldn't want to access this ABI at all since changes to it (which are unlikely) could cause ripples downstream.