// Copyright 2020 The Crashpad Authors. All rights reserved. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. #ifndef CRASHPAD_UTIL_MISC_NO_CFI_ICALL_H_ #define CRASHPAD_UTIL_MISC_NO_CFI_ICALL_H_ #include #include #include "base/compiler_specific.h" #include "base/macros.h" #include "build/build_config.h" #if defined(OS_WIN) #include #endif // OS_WIN namespace crashpad { namespace { template struct FunctorTraits; template struct FunctorTraits { template DISABLE_CFI_ICALL static R Invoke(Function&& function, RunArgs&&... args) { return std::forward(function)(std::forward(args)...); } }; template struct FunctorTraits { template DISABLE_CFI_ICALL static R Invoke(Function&& function, RunArgs&&... args) { return std::forward(function)(std::forward(args)...); } }; #if defined(OS_WIN) && defined(ARCH_CPU_X86) template struct FunctorTraits { template DISABLE_CFI_ICALL static R Invoke(R(__stdcall* function)(Args...), RunArgs&&... args) { return function(std::forward(args)...); } }; #endif // OS_WIN && ARCH_CPU_X86 } // namespace //! \brief Disables cfi-icall for calls made through a function pointer. //! //! Clang provides several Control-Flow-Integrity (CFI) sanitizers, among them, //! cfi-icall, which attempts to verify that the dynamic type of a function //! matches the static type of the function pointer used to call it. //! //! https://clang.llvm.org/docs/ControlFlowIntegrity.html#indirect-function-call-checking //! //! However, cfi-icall does not have enough information to check indirect calls //! to functions in other modules, such as through the pointers returned by //! `dlsym()`. In these cases, CFI aborts the program upon executing the //! indirect call. //! //! This class encapsulates cross-DSO function pointers to disable cfi-icall //! precisely when calling these pointers. template class NoCfiIcall { public: //! \brief Constructs this object. //! //! \param function A pointer to the function to be called. explicit NoCfiIcall(Functor function) : function_(function) {} //! \see NoCfiIcall template ::type, void*>::value>> explicit NoCfiIcall(PointerType function) : function_(reinterpret_cast(function)) {} #if defined(OS_WIN) //! \see NoCfiIcall template ::type, FARPROC>::value>> explicit NoCfiIcall(FARPROC function) : function_(reinterpret_cast(function)) {} #endif // OS_WIN ~NoCfiIcall() = default; //! \brief Calls the function without sanitization by cfi-icall. template decltype(auto) operator()(RunArgs&&... args) const { return FunctorTraits::Invoke(function_, std::forward(args)...); } //! \brief Returns `true` if not `nullptr`. operator bool() const { return function_ != nullptr; } private: Functor function_; DISALLOW_COPY_AND_ASSIGN(NoCfiIcall); }; } // namespace crashpad #endif // CRASHPAD_UTIL_MISC_NO_CFI_ICALL_H_