mirror of
https://github.com/llvm/llvm-project.git
synced 2025-04-27 19:56:06 +00:00
35c9baa11e
Introduce a function attribute 'enforce_tcb' that prevents the function from calling other functions without the same attribute. This allows isolating code that's considered to be somehow privileged so that it could not use its privileges to exhibit arbitrary behavior. Introduce an on-by-default warning '-Wtcb-enforcement' that warns about violations of the above rule. Introduce a function attribute 'enforce_tcb_leaf' that suppresses the new warning within the function it is attached to. Such leaf functions may implement common functionality between the trusted and the untrusted code but they require extra careful audit with respect to their capabilities. Fixes after a revert in 419ef38a50293c58078f830517f5e305068dbee6: Fix a test. Add workaround for GCC bug (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67274). Attribute the patch appropriately! Differential Revision: https://reviews.llvm.org/D91898
71 lines
2.1 KiB
C++
71 lines
2.1 KiB
C++
// RUN: %clang_cc1 -fsyntax-only -verify %s
|
|
|
|
#define PLACE_IN_TCB(NAME) [[clang::enforce_tcb(NAME)]]
|
|
#define PLACE_IN_TCB_LEAF(NAME) [[clang::enforce_tcb_leaf(NAME)]]
|
|
|
|
PLACE_IN_TCB("foo") void in_tcb_foo();
|
|
void not_in_tcb();
|
|
|
|
// Test behavior on classes and methods.
|
|
class C {
|
|
void bar();
|
|
|
|
PLACE_IN_TCB("foo")
|
|
void foo() {
|
|
// TODO: Figure out if we want to support methods at all.
|
|
// Does it even make sense to isolate individual methods into a TCB?
|
|
// Maybe a per-class attribute would make more sense?
|
|
bar(); // expected-warning{{calling 'bar' is a violation of trusted computing base 'foo'}}
|
|
}
|
|
};
|
|
|
|
// Test behavior on templates.
|
|
template <typename Ty>
|
|
PLACE_IN_TCB("foo")
|
|
void foo_never_instantiated() {
|
|
not_in_tcb(); // expected-warning{{calling 'not_in_tcb' is a violation of trusted computing base 'foo'}}
|
|
in_tcb_foo(); // no-warning
|
|
}
|
|
|
|
template <typename Ty>
|
|
PLACE_IN_TCB("foo")
|
|
void foo_specialized();
|
|
|
|
template<>
|
|
void foo_specialized<int>() {
|
|
not_in_tcb(); // expected-warning{{calling 'not_in_tcb' is a violation of trusted computing base 'foo'}}
|
|
in_tcb_foo(); // no-warning
|
|
}
|
|
|
|
PLACE_IN_TCB("foo")
|
|
void call_template_good() {
|
|
foo_specialized<int>(); // no-warning
|
|
}
|
|
PLACE_IN_TCB("bar")
|
|
void call_template_bad() {
|
|
foo_specialized<int>(); // expected-warning{{calling 'foo_specialized<int>' is a violation of trusted computing base 'bar'}}
|
|
}
|
|
|
|
template<typename Ty>
|
|
void foo_specialization_in_tcb();
|
|
|
|
template<>
|
|
PLACE_IN_TCB("foo")
|
|
void foo_specialization_in_tcb<int>() {
|
|
not_in_tcb(); //expected-warning{{calling 'not_in_tcb' is a violation of trusted computing base 'foo'}}
|
|
in_tcb_foo(); // no-warning
|
|
}
|
|
|
|
template<>
|
|
void foo_specialization_in_tcb<double>() {
|
|
not_in_tcb(); // no-warning
|
|
in_tcb_foo(); // no-warning
|
|
}
|
|
|
|
PLACE_IN_TCB("foo")
|
|
void call_specialization_in_tcb() {
|
|
foo_specialization_in_tcb<int>(); // no-warning
|
|
foo_specialization_in_tcb<long>(); // expected-warning{{calling 'foo_specialization_in_tcb<long>' is a violation of trusted computing base 'foo'}}
|
|
foo_specialization_in_tcb<double>(); // expected-warning{{'foo_specialization_in_tcb<double>' is a violation of trusted computing base 'foo'}}
|
|
}
|