<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jan 24, 2014 at 4:16 AM, Nick Lewycky <span dir="ltr"><<a href="mailto:nicholas@mxc.ca" target="_blank">nicholas@mxc.ca</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">Sean Silva wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Was there ever consensus that we want to maintain this in LLVM? I just<br>
looked back at the original thread on llvmdev, and it looked like basically:<br>
<br>
- A number of security folks having an inconclusive, wandering,<br>
back-and-forth discussion about various security things that should have<br>
been done on a security mailing list.<br>
- Lots of "this seems maybe interesting, but ..." with the "but ..." not<br>
clearly addressed in any way. Often times the "but ..." was an<br>
alternative approach that would be more maintainable, effective, and/or<br>
fit in better with existing deployment processes.<br>
- No concrete use cases. Who is going to be deploying this? If nobody is<br>
deploying, then how do we know it will be maintained? It seems like the<br>
initial patch submitter has already jumped ship on this patch; doesn't<br>
exactly inspire confidence.<br>
<br>
It seems like basically nobody who participated in the original<br>
discussion on llvmdev is participating in this patch review either.<br>
Especially the people who had doubts don't seem to be participating;<br>
those doubts need to be addressed.<br>
</blockquote>
<br></div>
It wasn't clear from the email thread, but Geremy Condra represents a customer of this patch who is also doing review, but from a security standpoint not from an llvm code review standpoint. As for concrete users, I'll simply say that his interest is not academic, and let him say more if he wants to.<br>
</blockquote><div><br></div><div>Cool, this is exactly the sort of "feedback loop" of usage that I was really interested in seeing. I think it would be really great for Geremy to contribute to the evaluation of this code.</div>
<div><br></div><div>-- Sean Silva</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
My own concerns about the level of security it provides are simply because I'm not trained in the area. For an analogy, I feel like I'm asking "why does RSA work? why doesn't somebody just figure out an algorithm for factoring large numbers efficiently? what makes you think that would be so hard?". It's a great line of questioning, but it requires a whole lot more explaining than belong on llvm-dev or a patch review thread.<br>
<br>
While we're here, I want to point out something fun:<br>
<br>
<a href="https://media.blackhat.com/us-13/US-13-Quynh-OptiROP-Hunting-for-ROP-Gadgets-in-Style-Slides.pdf" target="_blank">https://media.blackhat.com/us-<u></u>13/US-13-Quynh-OptiROP-<u></u>Hunting-for-ROP-Gadgets-in-<u></u>Style-Slides.pdf</a><br>
That's a paper from a blackhat presentation on a system for creating ROP gadgets, which in turn is based on LLVM. Being the attackers, I don't think we ever got any patches from them. This patch under review adds protection from those ROP gadgets. We're now in the middle, "funding" code and infrastructure for both sides of the ROP exploit arms race. Whee!<br>
<br>
Nick<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
Also, at the very least, adding the RNG should be split out into a<br>
separate patch.<br>
<br>
-- Sean Silva<br>
<br>
<br>
On Thu, Jan 23, 2014 at 6:08 PM, Julian Lettner<br></div><div><div class="h5">
<<a href="mailto:julian.lettner@gmail.com" target="_blank">julian.lettner@gmail.com</a> <mailto:<a href="mailto:julian.lettner@gmail.com" target="_blank">julian.lettner@gmail.<u></u>com</a>>> wrote:<br>
<br>
Move patch forward to ToT.<br>
<br>
Hi rinon, ahomescu,<br>
<br>
<a href="http://llvm-reviews.chandlerc.com/D1802" target="_blank">http://llvm-reviews.chandlerc.<u></u>com/D1802</a><br>
<br>
CHANGE SINCE LAST DIFF<br>
<a href="http://llvm-reviews.chandlerc.com/D1802?vs=6581&id=6621#toc" target="_blank">http://llvm-reviews.chandlerc.<u></u>com/D1802?vs=6581&id=6621#toc</a><br>
<<a href="http://llvm-reviews.chandlerc.com/D1802?vs=6581&id=6621#toc" target="_blank">http://llvm-reviews.<u></u>chandlerc.com/D1802?vs=6581&<u></u>id=6621#toc</a>><br>
<br>
Files:<br>
include/llvm/CodeGen/<u></u>CommandFlags.h<br>
include/llvm/MC/<u></u>MCRegisterInfo.h<br>
include/llvm/Support/<u></u>RandomNumberGenerator.h<br>
include/llvm/Target/<u></u>TargetOptions.h<br>
lib/CodeGen/LLVMBuild.txt<br>
lib/CodeGen/SelectionDAG/<u></u>ScheduleDAGRRList.cpp<br>
lib/LTO/LTOCodeGenerator.cpp<br>
lib/LTO/LTOModule.cpp<br>
lib/Support/CMakeLists.txt<br>
lib/Support/<u></u>RandomNumberGenerator.cpp<br>
lib/Target/X86/CMakeLists.txt<br>
lib/Target/X86/NOPInsertion.<u></u>cpp<br>
lib/Target/X86/X86.h<br>
lib/Target/X86/<u></u>X86TargetMachine.cpp<br>
test/CodeGen/X86/nop-insert-<u></u>percentage.ll<br>
test/CodeGen/X86/nop-insert.ll<br>
test/CodeGen/X86/sched-rnd-<u></u>test.ll<br>
tools/llc/llc.cpp<br>
tools/llvm-lto/llvm-lto.cpp<br>
tools/lto/lto.cpp<br>
tools/opt/opt.cpp<br>
<br>
______________________________<u></u>_________________<br>
llvm-commits mailing list<br></div></div>
<a href="mailto:llvm-commits@cs.uiuc.edu" target="_blank">llvm-commits@cs.uiuc.edu</a> <mailto:<a href="mailto:llvm-commits@cs.uiuc.edu" target="_blank">llvm-commits@cs.uiuc.<u></u>edu</a>><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits" target="_blank">http://lists.cs.uiuc.edu/<u></u>mailman/listinfo/llvm-commits</a><div class="im"><br>
<br>
<br>
<br>
<br>
______________________________<u></u>_________________<br>
llvm-commits mailing list<br>
<a href="mailto:llvm-commits@cs.uiuc.edu" target="_blank">llvm-commits@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits" target="_blank">http://lists.cs.uiuc.edu/<u></u>mailman/listinfo/llvm-commits</a><br>
</div></blockquote>
<br>
</blockquote></div><br></div></div>