[Diffusion] rL225908: Insert random noops to increase security against ROP attacks (llvm)

JF Bastien jfb at chromium.org
Tue Jan 13 21:27:46 PST 2015 

Yes, let's not rush the fixes, these two issues sound too complicated to
pile patches in an attempt to fix. Good thing the distribution issue got
caught now, I should have realized that mistake.

I reverted in the clang patch in r225947 and the LLVM one in r225948.

On Tue, Jan 13, 2015 at 9:24 PM, Stephen Crane <sjcrane at uci.edu> wrote:

> Sounds good.
>
> The test failures on Linux are due to implementation differences in
> std::uniform_random_distribution across C++ libs. The mt19937_64 RNG
> is guaranteed to be stable across platforms, but the distributions
> aren't. My mistake, in rushing to fix the slight bias of simply using
> the mod operator, I forgot to check this. I'll code up an unbiased,
> portable distribution to convert to [0,100) range tomorrow.
>
> - stephen
>
> On Tue, Jan 13, 2015 at 9:19 PM, JF Bastien <jfb at chromium.org> wrote:
> > Let me revert for now, and we can figure out a fix tomorrow.
> >
> > On Tue, Jan 13, 2015 at 8:13 PM, Stephen Crane <sjcrane at uci.edu> wrote:
> >>
> >> Adding llvm-commits. Sorry, didn't realize it wasn't on here.
> >>
> >> On Tue, Jan 13, 2015 at 7:43 PM, Stephen Crane <sjcrane at uci.edu> wrote:
> >> > Here's a patch that should fix the RNG distribution initialization
> >> > compilation failure on Windows. Relevant buildbot failure:
> >> > http://lab.llvm.org:8011/builders/lld-x86_64-win7/builds/16201
> >> >
> >> > I'm not even sure if this static initializer is allowed in LLVM's
> >> > codebase. If not, we can just initialize a Distribution for each
> >> > runOnMachineFunction or allocate a Distribution in the constructor.
> >> >
> >> > There are also test failures on Linux. I'll figure out why in a bit
> >> > when I've finished recompiling on a linux machine. Relevant BB
> >> > failures:
> >> > http://lab.llvm.org:8011/builders/llvm-s390x-linux1/builds/12598
> >> > http://lab.llvm.org:8011/builders/llvm-aarch64-linux/builds/6051
> >> > http://bb.pgr.jp/builders/cmake-llvm-x86_64-linux/builds/20016
> >> >
> http://lab.llvm.org:8011/builders/clang-x86_64-debian-fast/builds/22286
> >> >
> >> > - stephen
> >> >
> >> > On Tue, Jan 13, 2015 at 5:18 PM, JF Bastien <jfb at chromium.org> wrote:
> >> >> Insert random noops to increase security against ROP attacks (llvm)
> >> >>
> >> >> A pass that adds random noops to X86 binaries to introduce diversity
> >> >> with the goal of increasing security against most return-oriented
> >> >> programming attacks.
> >> >>
> >> >> Command line options:
> >> >>
> >> >>   -noop-insertion // Enable noop insertion.
> >> >>   -noop-insertion-percentage=X // X% of assembly instructions will
> have
> >> >> a noop prepended (default: 50%, requires -noop-insertion)
> >> >>   -max-noops-per-instruction=X // Randomly generate X noops per
> >> >> instruction. ie. roll the dice X times with probability set above
> (default:
> >> >> 1). This doesn't guarantee X noop instructions.
> >> >>
> >> >> In addition, the following 'quick switch' in clang enables basic
> >> >> diversity using default settings (currently: noop insertion and
> schedule
> >> >> randomization; it is intended to be extended in the future).
> >> >>
> >> >>   -fdiversify
> >> >>
> >> >> This is the llvm part of the patch.
> >> >> clang part: http://reviews.llvm.org/D3393
> >> >>
> >> >> http://reviews.llvm.org/D3392
> >> >> Patch by Stephen Crane (@rinon)
> >> >>
> >> >>
> >> >> AFFECTED FILES
> >> >>   /llvm/trunk/include/llvm/CodeGen/CommandFlags.h
> >> >>   /llvm/trunk/include/llvm/CodeGen/NoopInsertion.h
> >> >>   /llvm/trunk/include/llvm/CodeGen/Passes.h
> >> >>   /llvm/trunk/include/llvm/InitializePasses.h
> >> >>   /llvm/trunk/include/llvm/Support/RandomNumberGenerator.h
> >> >>   /llvm/trunk/include/llvm/Target/TargetInstrInfo.h
> >> >>   /llvm/trunk/include/llvm/Target/TargetOptions.h
> >> >>   /llvm/trunk/lib/CodeGen/CMakeLists.txt
> >> >>   /llvm/trunk/lib/CodeGen/CodeGen.cpp
> >> >>   /llvm/trunk/lib/CodeGen/NoopInsertion.cpp
> >> >>   /llvm/trunk/lib/CodeGen/Passes.cpp
> >> >>   /llvm/trunk/lib/Target/X86/X86InstrInfo.cpp
> >> >>   /llvm/trunk/lib/Target/X86/X86InstrInfo.h
> >> >>   /llvm/trunk/test/CodeGen/Mips/noop-insert.ll
> >> >>   /llvm/trunk/test/CodeGen/PowerPC/noop-insert.ll
> >> >>   /llvm/trunk/test/CodeGen/X86/noop-insert-percentage.ll
> >> >>   /llvm/trunk/test/CodeGen/X86/noop-insert.ll
> >> >>
> >> >> USERS
> >> >>   jfb (Author)
> >> >>   dsanders (Auditor)
> >> >>
> >> >> http://reviews.llvm.org/rL225908
> >> >>
> >> >> EMAIL PREFERENCES
> >> >>   http://reviews.llvm.org/settings/panel/emailpreferences/
> >> >>
> >> >>
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150113/a0239b93/attachment.html>

More information about the llvm-commits mailing list