[PATCH] -fstack-protector-strong part 3: data layout

Magee, Josh Joshua.Magee at am.sony.com
Tue Feb 12 16:44:43 PST 2013 

Hi Bill,

I had wondered if adding a field to AllocaInst might be a problem (especially since the field is for a fairly specialized purpose that is not relevant to the majority of users of the class.)  I'll re-work the patch to avoid modifying AllocaInst.  (My current idea is to maintain a ValueMap of <AllocaInst*, SSPLayoutKinds> in the StackProtector pass itself and then use getAnalysis to access this from the PEI and  LocalStackAllocation passes.  It seems like I might need to split the StackProtector pass into separate analysis and transform passes, but I'm not certain yet.)

Hopefully I can have an update ready within the next couple of days.
Thanks!
Josh


> -----Original Message-----
> From: Bill Wendling [mailto:wendling at apple.com]
> Sent: Tuesday, February 12, 2013 12:31 AM
> To: Magee, Josh
> Cc: llvm-commits at cs.uiuc.edu
> Subject: Re: [PATCH] -fstack-protector-strong part 3: data layout
> 
> Hi Josh,
> 
> I'll review this in a few days (sorry, I'm swamped). One comment though, is
> there *any* way for you to not add a field to AllocaInst? I'm going to push
> back hard on that because it's a basic class and shouldn't be modified unless
> absolutely necessary, especially if you're adding fields to it. :)
> 
> -bw
> 
> On Feb 11, 2013, at 7:01 PM, "Magee, Josh" <Joshua.Magee at am.sony.com>
> wrote:
> 
> > Hi,
> >
> > This is part 3 in the stack-protector-strong series.
> > This patch adds support for data layout rules.
> >
> > The rules for ssp are:
> > 1) Large arrays and structures containing large arrays should be closest to
> >    the stack protector.  "Large" is defined as >= ssp-buffer-size.
> > 2) The remaining stack objects are arranged normally.
> >
> > These rules for sspstrong and sspreq are the same:
> > 1) Large arrays and structures containing large arrays should be closest to
> >    the stack protector.  "Large" is defined as >= ssp-buffer-size.
> > 2) Small arrays and structures containing small arrays should be 2nd closet
> to
> >    the protector.  "Small" is defined as < ssp-buffer-size.
> > 3) Variables that have had their address taken should be 3rd closest to the
> >    protector.
> > 4) The remaining stack objects are arranged normally.
> >
> > LLVM already allocates SSP-triggering objects near the stack protector, but:
> > a) The heuristic used is very basic and doesn't necessarily match what the
> >    StackProtector pass does.
> > b) It doesn't handle the finer grained rules for strong/req listed above.
> >
> > Rather than determining if a stack object may need to be placed near
> > the protector in FunctionLoweringInfo.cpp, I thought it is better to
> > make this decision in the StackProtector pass (where we already do the
> > needed analysis
> > anyway.)
> >
> > The changes I made are:
> > 1) Add an enum type to represent the SSP Layout.
> >   * SSPLayoutKind
> > 2) Add a field to AllocaInst to keep track of the SSPLayoutKind.
> > 3) Update the StackProtector pass analysis to set the SSPLayoutKind for an
> >    AllocaInst.  This requires two unfortunate changes:
> >   * Since all variables vulnerable to stack smashing need to be re-arranged
> >     (and not just the first one encountered), the analyze can't exit early
> >     after finding the first one.
> >   * The analysis needs to be run for SSPReq.  Before it wasn't necessary for
> >     SSPReq because all SSPReq functions get a protector regardless of their
> >     variables. Now the analysis is needed to mark the vulnerable variables.
> > 4) Teach the PrologEpilogInserter and LocalStackAllocation passes the new
> SSP
> >    stack re-arrangement rules.
> >
> > Thanks!
> > -Josh
> > <part3-sspstrong-datalayout.diff>
>

More information about the llvm-commits mailing list