[PATCH] D59254: [RFC] Implementation of Clang randstruct
Connor Kuehl via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Mar 12 07:43:25 PDT 2019
connorkuehl created this revision.
Herald added subscribers: cfe-commits, jdoerfert, mgorny.
Herald added a project: clang.
This patch set introduces structure field layout randomization into the Clang
compiler. The Randstruct feature is a compile-time hardening technique that
randomizes the field layout for designated structures of a code base.
Admittedly, this is mostly useful for closed-source releases of code (since
the randomization seed would be available for public and open source application
s). However, this patch set also enhances Clang’s feature parity with that
of GCC which already has the Randstruct feature.
This patch set is a from-scratch reimplementation of the Randstruct feature
that was originally ported to GCC. The patches for this implementation in GCC
can be found here:
https://www.openwall.com/lists/kernel-hardening/2017/04/06/14.
This feature identifies structures for randomization in two ways. The first
method targets structures that are manually marked with the new
“randomize_layout” attribute. The second is an optional feature that will
automatically select and randomize structures that are found to consist entirely
of function pointers. This automatic selection feature can be extended to
include other vulnerable structure types that are safe to randomize as they are
identified. You can also opt a specific structure out of this feature with the
“no_randomize_layout” attribute. Automatic structure selection is enabled with
the “-randstruct-auto” compiler flag. By default, Randstruct seeds on the empty
string, but a seed can be supplied with the “-randstruct-seed=” command line
argument.
This entire patch set is the sum total of an undergraduate computer science
capstone team’s effort.
Portland State University Clang Randstruct Capstone Team (Fall 2018-Winter 2019):
Co-authored-by: Cole Nixon <nixontcole at gmail.com>
Co-authored-by: Connor Kuehl <cipkuehl at gmail.com>
Co-authored-by: James Foster <jafosterja at gmail.com>
Co-authored-by: Jeff Takahashi <jeffrey.takahashi at gmail.com>
Co-authored-by: Jordan Cantrell <jordan.cantrell at mail.com>
Co-authored-by: Nikk Forbus <nicholas.forbus at gmail.com>
Co-authored-by: Tim Pugh <nwtpugh at gmail.com>
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D59254
Files:
clang/include/clang/AST/Decl.h
clang/include/clang/AST/DeclBase.h
clang/include/clang/AST/RandstructSeed.h
clang/include/clang/AST/RecordFieldReorganizer.h
clang/include/clang/Basic/Attr.td
clang/include/clang/Basic/AttrDocs.td
clang/include/clang/Basic/DiagnosticASTKinds.td
clang/include/clang/Driver/CC1Options.td
clang/include/clang/Driver/Options.td
clang/lib/AST/CMakeLists.txt
clang/lib/AST/DeclBase.cpp
clang/lib/AST/RecordFieldReorganizer.cpp
clang/lib/AST/RecordLayoutBuilder.cpp
clang/lib/Driver/ToolChains/Clang.cpp
clang/lib/Frontend/CompilerInvocation.cpp
clang/lib/Sema/SemaDeclAttr.cpp
clang/test/Misc/pragma-attribute-supported-attributes-list.test
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D59254.190254.patch
Type: text/x-patch
Size: 24244 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20190312/a7978385/attachment-0001.bin>
More information about the cfe-commits
mailing list