[PATCH] D44801: Add the -fsanitize=shadow-call-stack flag

Thu, 22 Mar 2018 21:50:43 -0700 

kcc added a comment.

[didn't look at the code yet, just at the docs]

Please add a docs section describing how to handle leaf functions. 
If they are not handled yet, no need to change the implementation in these 
pathches -- ok to do it later.



================
Comment at: docs/ShadowCallStack.rst:14
+buffer overflows. It works by saving a function's return address to a
+separately allocated 'shadow call stack' in the function prolog and checking 
the
+return address on the stack against the shadow call stack in the function
----------------
prologue/epilogue? 
(it's your native tongue, not mine, though)


================
Comment at: docs/ShadowCallStack.rst:20
+and trade-off consuming more memory for shorter function prologs and epilogs
+with fewer memory accesses.
+
----------------
Provide short comparison with RFG (more instructions, less memory, same racy 
attack)


================
Comment at: docs/ShadowCallStack.rst:38
+return address and bypass ShadowCallStack. Similarly, there is a time-of-check-
+to-time-of-use race in the function prolog where an attacker could overwrite 
the
+return address after it has been checked and before it has been returned to.
----------------
link to wikipedia maybe? 


================
Comment at: docs/ShadowCallStack.rst:41
+Modifying the call-return semantics to fix this on x86_64 would incur an
+unacceptable performance overhead.
+
----------------
... due to return branch predictor (or some such)


================
Comment at: docs/ShadowCallStack.rst:47
+not easily leak its address.
+
+Usage
----------------
Say something about attacks that first try to discover the secret location of 
the shadow call stack. 
side channels, thread spaying, whatever you have. 


================
Comment at: docs/ShadowCallStack.rst:74
+declaration to specify that the shadow call stack instrumentation should not be
+applied to that function, even if enabled globally.
----------------
Please add a section that shows the assembly for the following example: 

   int foo() {
      return bar() + 1;
   }


Repository:
  rC Clang

https://reviews.llvm.org/D44801



_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to