Lines Matching +full:build +full:- +full:tci
2 Control-Flow Integrity (CFI)
5 This document describes the current control-flow integrity (CFI) mechanism in
10 ------
14 The type used in QEMU is a forward-edge control-flow integrity that ensures
19 This type of CFI is entirely compiler-based and relies on the compiler knowing
26 In case of a CFI violation (i.e. call to a non-compatible function) QEMU will
30 -----------------
32 NOTE: CFI requires the use of link-time optimization. Therefore, when CFI is
35 To build with CFI, the minimum requirement is Clang 6+. If you
42 AR=llvm-ar-9 CC=clang-9 CXX=clang++-9 /path/to/configure --enable-cfi
47 of a CFI violation is offered (``--enable-debug-cfi``).
50 -------------------------
56 --------------------------
58 As mentioned above, CFI is entirely compiler-based and therefore relies on
59 compile-time knowledge of the code. This means that, while generally supported
61 create false-positives. The two main patterns that can cause issues are:
63 * Just-in-time compiled code: since such code is created at runtime, the jump
71 1. TCG, since the idea of TCG is to pre-compile groups of instructions at
72 runtime to speed-up interpretation, quite similarly to a JIT compiler
74 2. TCI, where the interpreter has to interpret the generic *call* operation
85 -------------------------------------
99 * TCG is not considered a security-sensitive part of QEMU so this does not
106 cfi function that calls a non-compatible one), since the check is performed
110 ---------------
122 in remote-but-possible parts of the code.
125 1. Fuzzing relies on the linker performing function wrapping at link-time.
134 AR=llvm-ar-11 CC=clang-11 CXX=clang++-11 /path/to/configure --enable-cfi \
135 -enable-fuzzing --extra-ldflags="-fuse-ld=lld"