[Diffusion] rL225908: Insert random noops to increase security against ROP attacks (llvm)

Stephen Crane sjcrane at uci.edu
Tue Jan 13 20:13:23 PST 2015 

Adding llvm-commits. Sorry, didn't realize it wasn't on here.

On Tue, Jan 13, 2015 at 7:43 PM, Stephen Crane <sjcrane at uci.edu> wrote:
> Here's a patch that should fix the RNG distribution initialization
> compilation failure on Windows. Relevant buildbot failure:
> http://lab.llvm.org:8011/builders/lld-x86_64-win7/builds/16201
>
> I'm not even sure if this static initializer is allowed in LLVM's
> codebase. If not, we can just initialize a Distribution for each
> runOnMachineFunction or allocate a Distribution in the constructor.
>
> There are also test failures on Linux. I'll figure out why in a bit
> when I've finished recompiling on a linux machine. Relevant BB
> failures:
> http://lab.llvm.org:8011/builders/llvm-s390x-linux1/builds/12598
> http://lab.llvm.org:8011/builders/llvm-aarch64-linux/builds/6051
> http://bb.pgr.jp/builders/cmake-llvm-x86_64-linux/builds/20016
> http://lab.llvm.org:8011/builders/clang-x86_64-debian-fast/builds/22286
>
> - stephen
>
> On Tue, Jan 13, 2015 at 5:18 PM, JF Bastien <jfb at chromium.org> wrote:
>> Insert random noops to increase security against ROP attacks (llvm)
>>
>> A pass that adds random noops to X86 binaries to introduce diversity with the goal of increasing security against most return-oriented programming attacks.
>>
>> Command line options:
>>
>>   -noop-insertion // Enable noop insertion.
>>   -noop-insertion-percentage=X // X% of assembly instructions will have a noop prepended (default: 50%, requires -noop-insertion)
>>   -max-noops-per-instruction=X // Randomly generate X noops per instruction. ie. roll the dice X times with probability set above (default: 1). This doesn't guarantee X noop instructions.
>>
>> In addition, the following 'quick switch' in clang enables basic diversity using default settings (currently: noop insertion and schedule randomization; it is intended to be extended in the future).
>>
>>   -fdiversify
>>
>> This is the llvm part of the patch.
>> clang part: http://reviews.llvm.org/D3393
>>
>> http://reviews.llvm.org/D3392
>> Patch by Stephen Crane (@rinon)
>>
>>
>> AFFECTED FILES
>>   /llvm/trunk/include/llvm/CodeGen/CommandFlags.h
>>   /llvm/trunk/include/llvm/CodeGen/NoopInsertion.h
>>   /llvm/trunk/include/llvm/CodeGen/Passes.h
>>   /llvm/trunk/include/llvm/InitializePasses.h
>>   /llvm/trunk/include/llvm/Support/RandomNumberGenerator.h
>>   /llvm/trunk/include/llvm/Target/TargetInstrInfo.h
>>   /llvm/trunk/include/llvm/Target/TargetOptions.h
>>   /llvm/trunk/lib/CodeGen/CMakeLists.txt
>>   /llvm/trunk/lib/CodeGen/CodeGen.cpp
>>   /llvm/trunk/lib/CodeGen/NoopInsertion.cpp
>>   /llvm/trunk/lib/CodeGen/Passes.cpp
>>   /llvm/trunk/lib/Target/X86/X86InstrInfo.cpp
>>   /llvm/trunk/lib/Target/X86/X86InstrInfo.h
>>   /llvm/trunk/test/CodeGen/Mips/noop-insert.ll
>>   /llvm/trunk/test/CodeGen/PowerPC/noop-insert.ll
>>   /llvm/trunk/test/CodeGen/X86/noop-insert-percentage.ll
>>   /llvm/trunk/test/CodeGen/X86/noop-insert.ll
>>
>> USERS
>>   jfb (Author)
>>   dsanders (Auditor)
>>
>> http://reviews.llvm.org/rL225908
>>
>> EMAIL PREFERENCES
>>   http://reviews.llvm.org/settings/panel/emailpreferences/
>>
>>

More information about the llvm-commits mailing list