<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/67625>67625</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Are LLVM Compilation Parameters "-fzero-call-used-regs=all" Sufficient?
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          ZoEplA
      </td>
    </tr>
</table>

<pre>
    Hello,

I am using the -fzero-call-used-regs=all parameter in clang 15 to compile the [netsnmp ](https://github.com/net-snmp/net-snmp) project in order to observe its level of protection against ROP attacks. After completing the compilation, we noticed that almost every "pop" instruction following each function has been replaced with "pxor". This effectively reduces the number of alignment gadgets in the form of "pop xxx; ret;". However, we observe that as long as the program size is larger, there are still some unaligned gadgets in X86_64 programs that can be easily exploited by attackers. What other good ways are there to deal with this bypass of the mitigation mechanism?
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJx8U82Oo0YQfpr2pWQLN4axDxw8M7E20kZZJVES5RIVUEAnRTfqKvyzTx81zGizl7nQCKq-n6r-UMT1nqgyxbMpXjc46xBi9Vf4YeLzpg7to_pEzMHYF5O9muy8Pn8EHGEW53vQgWDbfaUYtg0yb2ehdhupF5O_IjNMGHEkpQjOQ8Poe9gXoAGaME6OaQEwxbMnFT9OYIpXY4-D6iQmPxt7MfbSOx3meteE0diLJ92myu9eTzDF8A81mlhCbCkmilALxSuBUwGmKzGELhUqNeqCB-zReVH45ecvgKrY_Cs7OHdJbFLHpO8OV7GYuox9gRuBD-oaakEHVEAegyjQleIDjLVTmIy1kMDjvHJ1gTncEh5hM0A3-_X7gAI1kYdIE2NCvDkdFpB7iMbaHfw2OAHquqT6SvyASO3ckCzK_DzWFJMxZNf7kbxCj21PKmkWqaQLcUwFqzC43-8mf4ZIavLnheBTuCXpb87ep7Y6E-Dg-3QmqCmGPuII4r4SOAHG2K-NOlAkwEgg6phBwkgw-0UUtf-X9Oex_Ls8vEPJytOgh5qAUBw_gO4TB6fUQv142wxF2cEfqTQkKuhDaOGGD1k4V3YN0BLyOkFNU6sfE4ok80n96NT1yxJhpGZA72Q0-WXTVnl7yk-4oWpfnopjme-fDpuhOpRUtNmxy7GzXfHUlkWL3VNxsO0Rm6I8blxlM5tnJ3vM9lm5P-xsU-8Le8xpX3YnzE7mkNGIjnfM13EXYr9xIjNV5VNpiw1jTSxL9qz1dIPlp7E2RTFWqWdbz72YQ8ZOVL6hqFOm6hwJPn_-_Sd4-XY94ct74CQt_INophv669x1rnHkNc1hjlx9kLzE_nZs3-Jm7GXRLMZeFk__BQAA__-hb3l4">