[PATCH] Insert random noops to increase security against ROP attacks (llvm)

JF Bastien jfb at chromium.org
Tue Dec 30 00:03:52 PST 2014


A few nits, looks good to me otherwise. Please leave this open for a short while, as folks may not have seen this over the holidays.

I'm looking forward to the next patches on diversity :-)


================
Comment at: lib/CodeGen/NoopInsertion.cpp:76
@@ +75,3 @@
+  for (auto &BB : Fn) {
+    // Will either be first terminator if it exists, or BB.end()
+    MachineBasicBlock::iterator FirstTerm = BB.getFirstTerminator();
----------------
I'd drop this comment since it's a common LLVM-ism.

================
Comment at: lib/Target/X86/X86InstrInfo.cpp:5545
@@ +5544,3 @@
+         LEA_DI, // 8d 3f, 48 8d 3f -- AAS (bcd->hex), invalid
+         MAX_NOPS };
+
----------------
"privileged"

Interesting side-question (may just require a TODO or a bug filed): some folks are experimenting with using LLVM as a compiler for the Linux kernel, or for bare-metal boards. Are these instructions dangerous in these circumstances?

================
Comment at: lib/Target/X86/X86InstrInfo.cpp:5555
@@ +5554,3 @@
+
+  std::uniform_int_distribution<unsigned> Distribution(0,MAX_NOPS-1);
+
----------------
Missing clang-format.

================
Comment at: test/CodeGen/Mips/noop-insert.ll:11
@@ +10,3 @@
+; SEED1: mul
+; SEED1: nop
+
----------------
You should use `CHECK-NEXT` and `SEED1-NEXT` for all but the first, and also check for `ret` (otherwise the `CHECK` case is a subset of the `SEED1` case since it stops matching early).

Same comment for the others.

http://reviews.llvm.org/D3392

EMAIL PREFERENCES
  http://reviews.llvm.org/settings/panel/emailpreferences/






More information about the llvm-commits mailing list