r225910 - Insert random noops to increase security against ROP attacks (clang)

JF Bastien jfb at google.com
Thu Jan 15 10:26:16 PST 2015


I reverted it because it broke tests, waiting on Stephen to finish up the
fixed patch you link to. I'm not in any rush to get it into 3.6, so I'd
just wait until the next release instead of merging.

On Thu, Jan 15, 2015 at 10:08 AM, Hans Wennborg <hans at chromium.org> wrote:

> On Tue, Jan 13, 2015 at 5:07 PM, JF Bastien <jfb at google.com> wrote:
> > Author: jfb
> > Date: Tue Jan 13 19:07:51 2015
> > New Revision: 225910
> >
> > URL: http://llvm.org/viewvc/llvm-project?rev=225910&view=rev
> > Log:
> > Insert random noops to increase security against ROP attacks (clang)
> >
> > A pass that adds random noops to X86 binaries to introduce diversity
> with the goal of increasing security against most return-oriented
> programming attacks.
> >
> > Command line options:
> >   -noop-insertion // Enable noop insertion.
> >   -noop-insertion-percentage=X // X% of assembly instructions will have
> a noop prepended (default: 50%, requires -noop-insertion)
> >   -max-noops-per-instruction=X // Randomly generate X noops per
> instruction. ie. roll the dice X times with probability set above (default:
> 1). This doesn't guarantee X noop instructions.
> >
> > In addition, the following 'quick switch' in clang enables basic
> diversity using default settings (currently: noop insertion and schedule
> randomization; it is intended to be extended in the future).
> >   -fdiversify
> >
> > This is the clang part of the patch.
> > llvm part: D3392
> >
> > http://reviews.llvm.org/D3393
> > Patch by Stephen Crane (@rinon)
>
> Is this something that should be mentioned in the 3.6 release notes?
>
> Also are there patches in flight here that need to get merged? (I saw
> http://reviews.llvm.org/D6983 for example)
>
> Thanks,
> Hans
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20150115/b77d163d/attachment.html>


More information about the cfe-commits mailing list