r225910 - Insert random noops to increase security against ROP attacks (clang)

[Hans Wennborg]

On Thu, Jan 15, 2015 at 10:26 AM, JF Bastien <jfb at google.com> wrote:
> I reverted it because it broke tests, waiting on Stephen to finish up the
> fixed patch you link to. I'm not in any rush to get it into 3.6, so I'd just
> wait until the next release instead of merging.

I see. Thanks for clarifying.

 - Hans

>
> On Thu, Jan 15, 2015 at 10:08 AM, Hans Wennborg <hans at chromium.org> wrote:
>>
>> On Tue, Jan 13, 2015 at 5:07 PM, JF Bastien <jfb at google.com> wrote:
>> > Author: jfb
>> > Date: Tue Jan 13 19:07:51 2015
>> > New Revision: 225910
>> >
>> > URL: http://llvm.org/viewvc/llvm-project?rev=225910&view=rev
>> > Log:
>> > Insert random noops to increase security against ROP attacks (clang)
>> >
>> > A pass that adds random noops to X86 binaries to introduce diversity
>> > with the goal of increasing security against most return-oriented
>> > programming attacks.
>> >
>> > Command line options:
>> >   -noop-insertion // Enable noop insertion.
>> >   -noop-insertion-percentage=X // X% of assembly instructions will have
>> > a noop prepended (default: 50%, requires -noop-insertion)
>> >   -max-noops-per-instruction=X // Randomly generate X noops per
>> > instruction. ie. roll the dice X times with probability set above (default:
>> > 1). This doesn't guarantee X noop instructions.
>> >
>> > In addition, the following 'quick switch' in clang enables basic
>> > diversity using default settings (currently: noop insertion and schedule
>> > randomization; it is intended to be extended in the future).
>> >   -fdiversify
>> >
>> > This is the clang part of the patch.
>> > llvm part: D3392
>> >
>> > http://reviews.llvm.org/D3393
>> > Patch by Stephen Crane (@rinon)
>>
>> Is this something that should be mentioned in the 3.6 release notes?
>>
>> Also are there patches in flight here that need to get merged? (I saw
>> http://reviews.llvm.org/D6983 for example)
>>
>> Thanks,
>> Hans
>
>