/bugtracker

LLVM hardening features #336

Closed
thestinger opened this Issue Jul 12, 2016 · 1 comment

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
1 participant
@thestinger
@thestinger
Contributor

thestinger commented Jul 12, 2016
edited
Edited 1 time
  • @thestinger thestinger edited Aug 4, 2016

Note: this is only the roadmap for meeting the needs of CopperheadOS. Landing features in upstream LLVM would require more work, since it rules out taking reasonable shortcuts (like preventing returnaddress optimization), requires defining configuration and user interfaces and will no doubt require lots of bikeshedding (see the failed attempts at landing stack probes in LLVM).

  • [implemented] XOR canaries for x86_64
  • [implemented] XOR canaries for AArch64
  • minimal support for stack probes on x86_64 (inlined probes, assume 1 guard page)
  • minimal support for stack probes on AArch64 (inlined probes, assume 1 guard page)
  • Coarse-grained CFI for returns via RAP-style instruction encoding for x86_64
  • Coarse-grained CFI for returns via RAP-style instruction encoding for AArch64
  • Compiler option and linker integration for toggling CFI as fatal dynamically based on executable/library compatibility
  • Coarse-grained CFI for indirect calls via RAP-style instruction encoding for x86_64
  • Coarse-grained CFI for indirect calls via RAP-style instruction encoding for AArch64
  • Type-based CFI for indirect calls by adding RAP-style type hashes to the instruction encoding for x86_64
  • Type-based CFI for indirect calls by adding RAP-style type hashes to the instruction encoding for AArch64
  • Type-based CFI for returns by adding RAP-style type hashes to the instruction encoding for x86_64
  • Type-based CFI for returns by adding RAP-style type hashes to the instruction encoding for AArch64
  • add an extra SSP option for guaranteeing that all return addresses are protected, for faster leaf calls than -fstack-protector-all, could either use it alone or with -fstack-protector/-fstack-protector-strong to leave in protection against linear overflows for things other than return addresses

@thestinger thestinger added the Type: enhancement label Jul 12, 2016

@thestinger thestinger changed the title from LLVM hardening feature metabug to LLVM hardening features Jul 12, 2016

@thestinger thestinger referenced this issue Jul 12, 2016

Closed

RAP type hash mitigation for userspace #323

@thestinger thestinger added the Component: compiler label Jul 12, 2016

@thestinger thestinger referenced this issue Jul 27, 2016

Closed

switch to custom LLVM toolchain #333

@thestinger

This comment has been minimized.

Show comment Hide comment
@thestinger

thestinger Nov 30, 2016

Contributor

Going to be opening more specific issues instead of this. This is just here to document some thoughts.
Contributor

thestinger commented Nov 30, 2016

Going to be opening more specific issues instead of this. This is just here to document some thoughts.

@thestinger thestinger closed this Nov 30, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment