[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 2/2] configure: add support for Control-Flow Integrity
From: |
Alexander Bulekov |
Subject: |
Re: [PATCH 2/2] configure: add support for Control-Flow Integrity |
Date: |
Thu, 2 Jul 2020 09:38:30 -0400 |
User-agent: |
NeoMutt/20180716 |
Can't wait to try this out!
On 200702 1459, Paolo Bonzini wrote:
> On 02/07/20 14:50, Daniele Buono wrote:
> > I also wonder if this is something that could be put in the fuzzing
> > environment. It would probably also help in finding coding error in
> > corner cases quicker.
>
> Yes, fuzzing and tests/docker/test-debug should enable CFI. Also,
> tests/docker/test-clang should enable LTO.
>
> Paolo
I believe CFI is most-useful as an active defensive measure. I can't
think of many cases where a fuzzer/test could raise a CFI alert that
wouldn't also be caught by something like canaries, ASan or UBsan,
though maybe I'm missing something. Maybe testing/fuzzing with CFI could
be useful to weed out any errors due to e.g. an incomplete
cfi-blacklist.txt
-Alex