Implemented spslr_field_fixed attribute

2026-04-05 18:50:30 +02:00 · 2026-04-05 18:50:30 +02:00 · cd045eff06
commit cd045eff06
parent 41d504cccb
5 changed files with 39 additions and 2 deletions
--- a/pinpoint/pinpoint_config.h
+++ b/pinpoint/pinpoint_config.h
@ -1,6 +1,7 @@
 #pragma once

 #define SPSLR_ATTRIBUTE "spslr"
+#define SPSLR_FIELD_FIXED_ATTRIBUTE "spslr_field_fixed"
 #define SPSLR_PINPOINT_STAGE0_SEPARATOR "__spslr_offsetof"
 #define SPSLR_PINFILE_EXTENSION ".spslr"
 #define SPSLR_PINPOINT_STAGE2_PIN "__spslr_ipin_" /* suffixed with "<cuhash>_<uid>" */
--- a/pinpoint/safegcc/safe-attribs.h
+++ b/pinpoint/safegcc/safe-attribs.h
@ -0,0 +1,8 @@
+#include <safe-gcc-plugin.h>
+
+#ifndef SAFEGCC_ATTRIBS_H
+#define SAFEGCC_ATTRIBS_H
+
+#include <attribs.h>
+
+#endif
--- a/pinpoint/stage0/on_register_attributes.cpp
+++ b/pinpoint/stage0/on_register_attributes.cpp
@ -1,5 +1,6 @@
 #include <stage0.h>
 #include <pinpoint_config.h>
+#include <cstdio>

 static tree log_new_target(tree* node, tree name, tree args, int flags, bool* no_add_attrs) {
 	if (node)
@ -8,11 +9,24 @@ static tree log_new_target(tree* node, tree name, tree args, int flags, bool* no
 	return NULL_TREE;
 }

+static tree check_field_fixed_attribute(tree* node, tree name, tree args, int flags, bool* no_add_attrs) {
+	if (!node || !*node || TREE_CODE(*node) != FIELD_DECL) {
+		*no_add_attrs = true;
+		fprintf(stderr, "%qs attribute only applies to struct/union fields", SPSLR_FIELD_FIXED_ATTRIBUTE);
+	}
+	return NULL_TREE;
+}
+
 static struct attribute_spec spslr_attribute = {
 	SPSLR_ATTRIBUTE, 0, 0, false, false, false, false, log_new_target, NULL
 };

+static struct attribute_spec spslr_fixed_field_attribute = {
+	SPSLR_FIELD_FIXED_ATTRIBUTE, 0, 0, false, false, false, false, check_field_fixed_attribute, NULL
+};
+
 void on_register_attributes(void* plugin_data, void* user_data) {
 	register_attribute(&spslr_attribute);
+	register_attribute(&spslr_fixed_field_attribute);
 }

--- a/pinpoint/stage0/target.cpp
+++ b/pinpoint/stage0/target.cpp
@ -2,6 +2,9 @@
 #include <functional>

 #include <safe-langhooks.h>
+#include <safe-attribs.h>
+
+#include <pinpoint_config.h>

 static UID next_uid = 0;
 static std::unordered_map<UID, TargetType> targets;
@ -251,7 +254,10 @@ static bool foreach_record_field(tree t, std::function<bool(const TargetType::Fi
 		if (!field_info(field_decl, &field.offset, &field.size, &field.alignment, &is_bitfield))
 			return false;

-		field.flags = (is_bitfield ? TargetType::Field::FLAG_DANGEROUS : 0);
+		tree attrs = DECL_ATTRIBUTES(field_decl);
+		bool is_fixed = lookup_attribute(SPSLR_FIELD_FIXED_ATTRIBUTE, attrs) != NULL_TREE;
+
+		field.flags = ((is_fixed || is_bitfield) ? TargetType::Field::FLAG_DANGEROUS : 0);

 		if (!callback(field))
 			return false;
--- a/subject/task_struct.h
+++ b/subject/task_struct.h
@ -7,6 +7,7 @@

 # define randomized_struct_fields_start struct {
 # define randomized_struct_fields_end } __attribute__((spslr));
+# define __spslr_field_fixed __attribute__((spslr_field_fixed))

 // Minimal doubly linked list
 struct list_head {
@ -66,7 +67,14 @@ struct task_struct {

 	randomized_struct_fields_end

-	struct list_head tasks; // linkage for global task list
+	/*
+	 * TODO
+	 * This field is used to statically initialize list heads.
+	 * To make the offset available at compile-time, it must be fixed.
+	 * The actual solution to this problem is dppins
+	 *     -> Any static pointer into a randomized object must be patched too
+	 */
+	struct list_head tasks __spslr_field_fixed; // linkage for global task list

 	randomized_struct_fields_end