[RFC 00/12] Introduce struct layout randomization feature

Roman Lebedev via cfe-commits cfe-commits at lists.llvm.org
Sat Mar 9 01:59:24 PST 2019 

You probably want to submit this patchset to phabricator.
It will get lost in mailing list.

On Sat, Mar 9, 2019 at 1:38 AM Connor Kuehl via cfe-commits
<cfe-commits at lists.llvm.org> wrote:
>
> This patch set introduces structure field layout randomization into the Clang
> compiler. The Randstruct feature is a compile-time hardening technique that
> randomizes the field layout for designated structures of a code base.
> Admittedly, this is mostly useful for closed-source releases of code (since
> the randomization seed would be available for public and open source application
> s). However, this patch set also enhances Clang’s feature parity with that
> of GCC which already has the Randstruct feature.
>
> This patch set is a from-scratch reimplementation of the Randstruct feature
> that was originally ported to GCC. The patches for this implementation in GCC
> can be found here:
>
>     https://www.openwall.com/lists/kernel-hardening/2017/04/06/14.
>
> This feature identifies structures for randomization in two ways. The first
> method targets structures that are manually marked with the new
> “randomize_layout” attribute. The second is an optional feature that will
> automatically select and randomize structures that are found to consist entirely
> of function pointers. This automatic selection feature can be extended to
> include other vulnerable structure types that are safe to randomize as they are
> identified. You can also opt a specific structure out of this feature with the
> “no_randomize_layout” attribute. Automatic structure selection is enabled with
> the “-randstruct-auto” compiler flag. By default, Randstruct seeds on the empty
> string, but a seed can be supplied with the “-randstruct-seed=” command line
> argument.
>
> This entire patch set is the sum total of an undergraduate computer science
> capstone team’s effort.
>
> Portland State University Clang Randstruct Capstone Team (Fall 2018-Winter 2019):
>
> Co-authored-by: Cole Nixon <nixontcole at gmail.com>
> Co-authored-by: Connor Kuehl <cipkuehl at gmail.com>
> Co-authored-by: James Foster <jafosterja at gmail.com>
> Co-authored-by: Jeff Takahashi <jeffrey.takahashi at gmail.com>
> Co-authored-by: Jordan Cantrell <jordan.cantrell at mail.com>
> Co-authored-by: Nikk Forbus <nicholas.forbus at gmail.com>
> Co-authored-by: Tim Pugh <nwtpugh at gmail.com>
>
> Connor Kuehl (12):
>   Add documentation for randstruct attributes
>   Add randomize_layout attribute and handler
>   Add no_randomize_layout attribute and handler
>   Add randomize_layout warning for unions
>   Add warning for mutually exclusive attributes
>   Add globals to store command line arguments in
>   Add randstruct-seed compiler argument
>   Add automatic structure selection compiler switch
>   Implement record field randomization algorithms
>   Fix: Set tail pointer to null in field list
>   Forward declare RecordFieldReorganizer
>   Wire up Randstruct; intercept and randomize
>
>  clang/include/clang/AST/Decl.h                |   1 +
>  clang/include/clang/AST/DeclBase.h            |   2 +
>  clang/include/clang/AST/RandstructSeed.h      |   8 +
>  .../clang/AST/RecordFieldReorganizer.h        |  59 ++++
>  clang/include/clang/Basic/Attr.td             |  14 +
>  clang/include/clang/Basic/AttrDocs.td         |  45 +++
>  .../include/clang/Basic/DiagnosticASTKinds.td |   5 +
>  clang/include/clang/Driver/CC1Options.td      |   2 +
>  clang/include/clang/Driver/Options.td         |   4 +
>  clang/lib/AST/CMakeLists.txt                  |   1 +
>  clang/lib/AST/DeclBase.cpp                    |   3 +
>  clang/lib/AST/RecordFieldReorganizer.cpp      | 257 ++++++++++++++++++
>  clang/lib/AST/RecordLayoutBuilder.cpp         |  20 ++
>  clang/lib/Driver/ToolChains/Clang.cpp         |  10 +
>  clang/lib/Frontend/CompilerInvocation.cpp     |   8 +
>  clang/lib/Sema/SemaDeclAttr.cpp               |   6 +
>  ...a-attribute-supported-attributes-list.test |   2 +
>  17 files changed, 447 insertions(+)
>  create mode 100644 clang/include/clang/AST/RandstructSeed.h
>  create mode 100644 clang/include/clang/AST/RecordFieldReorganizer.h
>  create mode 100644 clang/lib/AST/RecordFieldReorganizer.cpp
>
> --
> 2.17.1
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

More information about the cfe-commits mailing list