Reland "[CFI] Use ProtectedMemory in CertVerifyProcNSS"
This is a reland of d0de1771e390b7fdb3f7ebffc7b09ce67103afe1 now that
crrev.com/00fb4b7ed96237cd71e7b81fd61b458f0c9c15b4 landed fixing the lock-up
issue we previously saw.
Original change's description:
> [CFI] Use ProtectedMemory in CertVerifyProcNSS
>
> Because CertVerifyProcNSS dynamically resolves a pointer to the function
> CERT_CacheOCSPResponseFromSideChannel(), Control Flow Integrity [1]
> indirect call (cfi-icall) checking can not verify that it is the
> intended target for that function pointer call site.
>
> Since we can not use cfi-icall to check the function pointer, instead we
> place the pointer in ProtectedMemory, a wrapper for keeping variables in
> read-only memory except for when they are initialized. After setting the
> pointer in protected memory we can use the UnsanitizedCfiCall wrapper to
> disable cfi-icall checking when calling it since we know it can not be
> tampered with.
>
> [1] https://www.chromium.org/developers/testing/control-flow-integrity
>
> Bug: 771365
> Cq-Include-Trybots: master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet
> Change-Id: I5d65b3591681f3daa917b6516eec1e5e47513d12
> Reviewed-on: https://chromium-review.googlesource.com/765098
> Reviewed-by: Peter Collingbourne <pcc@chromium.org>
> Reviewed-by: Eric Roman <eroman@chromium.org>
> Commit-Queue: Peter Collingbourne <pcc@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#517169}
Bug: 771365
Change-Id: I908d37ce805f6673f96f7eebdba22be45fe96912
Cq-Include-Trybots: master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet
Reviewed-on: https://chromium-review.googlesource.com/783590
Reviewed-by: Eric Roman <eroman@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#521827}
GitOrigin-RevId: d39a025e3ff85e76554ca0574d6200e58d226060
1 file changed
