Thank you for the heads up! I put the patchset on Phabricator and sent
the RFC out to the cfe-dev mailing list.
On 3/9/19 1:59 AM, Roman Lebedev wrote:
You probably want to submit this patchset to phabricator.
It will get lost in mailing list.
On Sat, Mar 9, 2019 at 1:38 AM Connor Kuehl via cfe-commits
<cfe-commits@lists.llvm.org> wrote:
This patch set introduces structure field layout randomization into the Clang
compiler. The Randstruct feature is a compile-time hardening technique that
randomizes the field layout for designated structures of a code base.
Admittedly, this is mostly useful for closed-source releases of code (since
the randomization seed would be available for public and open source application
s). However, this patch set also enhances Clang’s feature parity with that
of GCC which already has the Randstruct feature.
This patch set is a from-scratch reimplementation of the Randstruct feature
that was originally ported to GCC. The patches for this implementation in GCC
can be found here:
https://www.openwall.com/lists/kernel-hardening/2017/04/06/14.
This feature identifies structures for randomization in two ways. The first
method targets structures that are manually marked with the new
“randomize_layout” attribute. The second is an optional feature that will
automatically select and randomize structures that are found to consist entirely
of function pointers. This automatic selection feature can be extended to
include other vulnerable structure types that are safe to randomize as they are
identified. You can also opt a specific structure out of this feature with the
“no_randomize_layout” attribute. Automatic structure selection is enabled with
the “-randstruct-auto” compiler flag. By default, Randstruct seeds on the empty
string, but a seed can be supplied with the “-randstruct-seed=” command line
argument.
This entire patch set is the sum total of an undergraduate computer science
capstone team’s effort.
Portland State University Clang Randstruct Capstone Team (Fall 2018-Winter
2019):
Co-authored-by: Cole Nixon <nixontc...@gmail.com>
Co-authored-by: Connor Kuehl <cipku...@gmail.com>
Co-authored-by: James Foster <jafoste...@gmail.com>
Co-authored-by: Jeff Takahashi <jeffrey.takaha...@gmail.com>
Co-authored-by: Jordan Cantrell <jordan.cantr...@mail.com>
Co-authored-by: Nikk Forbus <nicholas.for...@gmail.com>
Co-authored-by: Tim Pugh <nwtp...@gmail.com>
Connor Kuehl (12):
Add documentation for randstruct attributes
Add randomize_layout attribute and handler
Add no_randomize_layout attribute and handler
Add randomize_layout warning for unions
Add warning for mutually exclusive attributes
Add globals to store command line arguments in
Add randstruct-seed compiler argument
Add automatic structure selection compiler switch
Implement record field randomization algorithms
Fix: Set tail pointer to null in field list
Forward declare RecordFieldReorganizer
Wire up Randstruct; intercept and randomize
clang/include/clang/AST/Decl.h | 1 +
clang/include/clang/AST/DeclBase.h | 2 +
clang/include/clang/AST/RandstructSeed.h | 8 +
.../clang/AST/RecordFieldReorganizer.h | 59 ++++
clang/include/clang/Basic/Attr.td | 14 +
clang/include/clang/Basic/AttrDocs.td | 45 +++
.../include/clang/Basic/DiagnosticASTKinds.td | 5 +
clang/include/clang/Driver/CC1Options.td | 2 +
clang/include/clang/Driver/Options.td | 4 +
clang/lib/AST/CMakeLists.txt | 1 +
clang/lib/AST/DeclBase.cpp | 3 +
clang/lib/AST/RecordFieldReorganizer.cpp | 257 ++++++++++++++++++
clang/lib/AST/RecordLayoutBuilder.cpp | 20 ++
clang/lib/Driver/ToolChains/Clang.cpp | 10 +
clang/lib/Frontend/CompilerInvocation.cpp | 8 +
clang/lib/Sema/SemaDeclAttr.cpp | 6 +
...a-attribute-supported-attributes-list.test | 2 +
17 files changed, 447 insertions(+)
create mode 100644 clang/include/clang/AST/RandstructSeed.h
create mode 100644 clang/include/clang/AST/RecordFieldReorganizer.h
create mode 100644 clang/lib/AST/RecordFieldReorganizer.cpp
--
2.17.1
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
