cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openbsd-ports/devel/llvm/patches/patch-include_llvm_CodeGen_Passes_h
ajacoutot fcf5bd770b Merge in diffs from base: 
- Add ret protector options as no-ops.
- Add a clang pass that identifies potential ROP gadgets and replaces ROP
  friendly instructions with safe alternatives. This initial commit fixes
  this framework.
- Add RETGUARD to clang for amd64. This security mechanism uses per-function
  random cookies to protect access to function return instructions, with the
  effect that the integrity of the return address is protected, and function
  return instructions are harder to use in ROP gadgets.
- Put the new retguard symbols in their own section,
  '.openbsd.randomdata.retguard', to make them easier to work with in the
  kernel hibernate code.
- Pass -nopie to the linker when -pg is specified to make the
  profiler(gprof) work properly.
- Work around a bug where discarding the .ARM.exidx section in the armv7 kernel
  linker script makes ld.lld(1) crash.  This has been fixed in a different
  (proper?) way upstream but backporting their fix is a bit too invasive.
- Merge '.openbsd.randomdata.*' sections into a single '.openbsd.randomdata'
  section when linking, as we do when using ld from binutils.

from Brad (maintainer)
2018-07-06 06:55:10 +00:00

34 lines
1.7 KiB
Plaintext
Raw Blame History

$OpenBSD: patch-include_llvm_CodeGen_Passes_h,v 1.1 2018/07/06 06:55:10 ajacoutot Exp $
Add RETGUARD to clang for amd64. This security mechanism uses per-function
random cookies to protect access to function return instructions, with the
effect that the integrity of the return address is protected, and function
return instructions are harder to use in ROP gadgets.
On function entry the return address is combined with a per-function random
cookie and stored in the stack frame. The integrity of this value is verified
before function return, and if this check fails, the program aborts. In this way
RETGUARD is an improved stack protector, since the cookies are per-function. The
verification routine is constructed such that the binary space immediately
before each ret instruction is padded with int03 instructions, which makes these
return instructions difficult to use in ROP gadgets. In the kernel, this has the
effect of removing approximately 50% of total ROP gadgets, and 15% of unique
ROP gadgets compared to the 6.3 release kernel. Function epilogues are
essentially gadget free, leaving only the polymorphic gadgets that result from
jumping into the instruction stream partway through other instructions. Work to
remove these gadgets will continue through other mechanisms.
Index: include/llvm/CodeGen/Passes.h
--- include/llvm/CodeGen/Passes.h.orig
+++ include/llvm/CodeGen/Passes.h
@@ -307,6 +307,9 @@ namespace llvm {
///
FunctionPass *createStackProtectorPass();
+ // createReturnProtectorPass - This pass add return protectors to functions.
+ FunctionPass *createReturnProtectorPass();
+
/// createMachineVerifierPass - This pass verifies cenerated machine code
/// instructions for correctness.
///
Reference in New Issue View Git Blame Copy Permalink