<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
I'm trying to make a security sandbox. For example, lets say my
program has a LoadInst in the LLVM IR and I know I want to confine
the address range this LoadInst is accessing. Maybe that LoadInst
gets emitted as a MOV machine code instruction by the backend.
During execution an attacker could potentially control the operands
of the MOV instruction through some exploit, but usually he cannot
modify the instructions/prefixes because the code is not writable.
So the prefix can potentially let me confine the attacker to an
address range even if he controls the instruction operands.<br>
<br>
I hope that makes some sense. If someone knows of a different
approach -- a very light weight sandbox implemented in LLVM I'd be
interested looking into it.<br>
<br>
Thanks,<br>
Scott<br>
<br>
<div class="moz-cite-prefix">On 09/11/2015 10:55 AM, mats petersson
wrote:<br>
</div>
<blockquote
cite="mid:CAL-htr4rNnfDQDw9jLj+XVj1wioTq1fxpChdma-LiHyTwOsCFQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>What is it you are ACTUALLY trying to do?<br>
<br>
</div>
In other words, why would you want a different address size...
Understanding that would probably help provide a better answer
(I have absolutely no idea how to solve the actual question,
but I suspect understanding what the overall goal is will help
a whole lot)<br>
<br>
--<br>
</div>
Mats<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 11 September 2015 at 15:38, Scott A.
Carr via llvm-dev <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:llvm-dev@lists.llvm.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:llvm-dev@lists.llvm.org">llvm-dev@lists.llvm.org</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
I’ve been using LLVM IR passes for my research for about a
year now, but for my next step I think I might have to dig
into a backend. I'm hoping someone could give me a pointer
on how to get started.<br>
<br>
The thing I would like to do is add and override
address-size override prefix [1] to a given x86-64
instruction. I’m hoping I can do something like:<br>
<br>
1) Mark some IR instructions with metadata in my pass<br>
2) Hack the backend to look for my metadata, and if found
add the prefix when the machine instruction is emitted<br>
<br>
Does this seem feasible? Does the LLVM x86 backend
currently have the capability of adding instruction prefixes
and could someone please point out where I should look in
the code for it?<br>
<br>
Thanks,<br>
Scott A. Carr<br>
PhD Student<br>
Purdue University CS<br>
<br>
[1] <a moz-do-not-send="true"
href="http://wiki.osdev.org/X86-64_Instruction_Encoding#Operand-size_and_address-size_override_prefix"
rel="noreferrer" target="_blank">http://wiki.osdev.org/X86-64_Instruction_Encoding#Operand-size_and_address-size_override_prefix</a><br>
_______________________________________________<br>
LLVM Developers mailing list<br>
<a moz-do-not-send="true"
href="mailto:llvm-dev@lists.llvm.org">llvm-dev@lists.llvm.org</a><br>
<a moz-do-not-send="true"
href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev"
rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>