[PATCH] Insert random noops to increase security against ROP attacks (llvm)
Stephen Crane
sjcrane at uci.edu
Mon Jan 5 15:20:38 PST 2015
================
Comment at: lib/Target/X86/X86InstrInfo.cpp:5545
@@ +5544,3 @@
+ LEA_DI, // 8d 3f, 48 8d 3f -- AAS (bcd->hex), invalid
+ MAX_NOPS };
+
----------------
jfb wrote:
> "privileged"
>
> Interesting side-question (may just require a TODO or a bug filed): some folks are experimenting with using LLVM as a compiler for the Linux kernel, or for bare-metal boards. Are these instructions dangerous in these circumstances?
The privileged instructions are to read raw input from hardware, which I doubt would be substantially useful in an attack on OS code. Would be far easier to construct a code-reuse attack to call higher-level functions in the kernel to talk to hardware. As long as NOOPs are randomly chosen and placed, reliably exploiting NOOPs should be difficult.
http://reviews.llvm.org/D3392
EMAIL PREFERENCES
http://reviews.llvm.org/settings/panel/emailpreferences/
More information about the llvm-commits
mailing list