[Diffusion] rL225908: Insert random noops to increase security against ROP attacks (llvm)
JF Bastien
jfb at chromium.org
Tue Jan 13 21:19:15 PST 2015
Let me revert for now, and we can figure out a fix tomorrow.
On Tue, Jan 13, 2015 at 8:13 PM, Stephen Crane <sjcrane at uci.edu> wrote:
> Adding llvm-commits. Sorry, didn't realize it wasn't on here.
>
> On Tue, Jan 13, 2015 at 7:43 PM, Stephen Crane <sjcrane at uci.edu> wrote:
> > Here's a patch that should fix the RNG distribution initialization
> > compilation failure on Windows. Relevant buildbot failure:
> > http://lab.llvm.org:8011/builders/lld-x86_64-win7/builds/16201
> >
> > I'm not even sure if this static initializer is allowed in LLVM's
> > codebase. If not, we can just initialize a Distribution for each
> > runOnMachineFunction or allocate a Distribution in the constructor.
> >
> > There are also test failures on Linux. I'll figure out why in a bit
> > when I've finished recompiling on a linux machine. Relevant BB
> > failures:
> > http://lab.llvm.org:8011/builders/llvm-s390x-linux1/builds/12598
> > http://lab.llvm.org:8011/builders/llvm-aarch64-linux/builds/6051
> > http://bb.pgr.jp/builders/cmake-llvm-x86_64-linux/builds/20016
> > http://lab.llvm.org:8011/builders/clang-x86_64-debian-fast/builds/22286
> >
> > - stephen
> >
> > On Tue, Jan 13, 2015 at 5:18 PM, JF Bastien <jfb at chromium.org> wrote:
> >> Insert random noops to increase security against ROP attacks (llvm)
> >>
> >> A pass that adds random noops to X86 binaries to introduce diversity
> with the goal of increasing security against most return-oriented
> programming attacks.
> >>
> >> Command line options:
> >>
> >> -noop-insertion // Enable noop insertion.
> >> -noop-insertion-percentage=X // X% of assembly instructions will have
> a noop prepended (default: 50%, requires -noop-insertion)
> >> -max-noops-per-instruction=X // Randomly generate X noops per
> instruction. ie. roll the dice X times with probability set above (default:
> 1). This doesn't guarantee X noop instructions.
> >>
> >> In addition, the following 'quick switch' in clang enables basic
> diversity using default settings (currently: noop insertion and schedule
> randomization; it is intended to be extended in the future).
> >>
> >> -fdiversify
> >>
> >> This is the llvm part of the patch.
> >> clang part: http://reviews.llvm.org/D3393
> >>
> >> http://reviews.llvm.org/D3392
> >> Patch by Stephen Crane (@rinon)
> >>
> >>
> >> AFFECTED FILES
> >> /llvm/trunk/include/llvm/CodeGen/CommandFlags.h
> >> /llvm/trunk/include/llvm/CodeGen/NoopInsertion.h
> >> /llvm/trunk/include/llvm/CodeGen/Passes.h
> >> /llvm/trunk/include/llvm/InitializePasses.h
> >> /llvm/trunk/include/llvm/Support/RandomNumberGenerator.h
> >> /llvm/trunk/include/llvm/Target/TargetInstrInfo.h
> >> /llvm/trunk/include/llvm/Target/TargetOptions.h
> >> /llvm/trunk/lib/CodeGen/CMakeLists.txt
> >> /llvm/trunk/lib/CodeGen/CodeGen.cpp
> >> /llvm/trunk/lib/CodeGen/NoopInsertion.cpp
> >> /llvm/trunk/lib/CodeGen/Passes.cpp
> >> /llvm/trunk/lib/Target/X86/X86InstrInfo.cpp
> >> /llvm/trunk/lib/Target/X86/X86InstrInfo.h
> >> /llvm/trunk/test/CodeGen/Mips/noop-insert.ll
> >> /llvm/trunk/test/CodeGen/PowerPC/noop-insert.ll
> >> /llvm/trunk/test/CodeGen/X86/noop-insert-percentage.ll
> >> /llvm/trunk/test/CodeGen/X86/noop-insert.ll
> >>
> >> USERS
> >> jfb (Author)
> >> dsanders (Auditor)
> >>
> >> http://reviews.llvm.org/rL225908
> >>
> >> EMAIL PREFERENCES
> >> http://reviews.llvm.org/settings/panel/emailpreferences/
> >>
> >>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150113/301dff25/attachment.html>
More information about the llvm-commits
mailing list