[all-commits] [llvm/llvm-project] 3f0587: [randstruct] Add randomize structure layout support

Connor Kuehl via All-commits all-commits at lists.llvm.org
Fri Apr 8 12:48:53 PDT 2022 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 3f0587d0c668202bb89d29a25432aa290e551a31
      https://github.com/llvm/llvm-project/commit/3f0587d0c668202bb89d29a25432aa290e551a31
  Author: Connor Kuehl <cipkuehl at gmail.com>
  Date:   2022-04-08 (Fri, 08 Apr 2022)

  Changed paths:
    M clang/docs/ReleaseNotes.rst
    M clang/include/clang/AST/Decl.h
    M clang/include/clang/AST/DeclBase.h
    A clang/include/clang/AST/Randstruct.h
    M clang/include/clang/Basic/Attr.td
    M clang/include/clang/Basic/AttrDocs.td
    M clang/include/clang/Basic/DiagnosticDriverKinds.td
    M clang/include/clang/Basic/DiagnosticSemaKinds.td
    M clang/include/clang/Basic/LangOptions.h
    M clang/include/clang/Driver/Options.td
    M clang/lib/AST/CMakeLists.txt
    M clang/lib/AST/Decl.cpp
    A clang/lib/AST/Randstruct.cpp
    M clang/lib/Driver/ToolChains/Clang.cpp
    M clang/lib/Frontend/CompilerInvocation.cpp
    M clang/lib/Sema/SemaCast.cpp
    M clang/lib/Sema/SemaDecl.cpp
    M clang/lib/Sema/SemaDeclAttr.cpp
    M clang/test/Misc/pragma-attribute-supported-attributes-list.test
    M clang/unittests/AST/CMakeLists.txt
    A clang/unittests/AST/RandstructTest.cpp

  Log Message:
  -----------
  [randstruct] Add randomize structure layout support

The Randstruct feature is a compile-time hardening technique that
randomizes the field layout for designated structures of a code base.
Admittedly, this is mostly useful for closed-source releases of code,
since the randomization seed would need to be available for public and
open source applications.

Why implement it? This patch set enhances Clang’s feature parity with
that of GCC which already has the Randstruct feature. It's used by the
Linux kernel in certain structures to help thwart attacks that depend on
structure layouts in memory.

This patch set is a from-scratch reimplementation of the Randstruct
feature that was originally ported to GCC. The patches for the GCC
implementation can be found here:

  https://www.openwall.com/lists/kernel-hardening/2017/04/06/14

Link: https://lists.llvm.org/pipermail/cfe-dev/2019-March/061607.html
Co-authored-by: Cole Nixon <nixontcole at gmail.com>
Co-authored-by: Connor Kuehl <cipkuehl at gmail.com>
Co-authored-by: James Foster <jafosterja at gmail.com>
Co-authored-by: Jeff Takahashi <jeffrey.takahashi at gmail.com>
Co-authored-by: Jordan Cantrell <jordan.cantrell at mail.com>
Co-authored-by: Nikk Forbus <nicholas.forbus at gmail.com>
Co-authored-by: Tim Pugh <nwtpugh at gmail.com>
Co-authored-by: Bill Wendling <isanbard at gmail.com>
Signed-off-by: Bill Wendling <isanbard at gmail.com>

Reviewed By: aaron.ballman

Differential Revision: https://reviews.llvm.org/D121556

More information about the All-commits mailing list