search for: rop

...d.Chisnall at cl.cam.ac.uk> wrote: > >> I think it would be useful for the discussion to have a clear threat model that this intends to defend against and a rough analysis of the security benefits that this is believed to bring. > > > > I view this as being even more about a ROP defense. Dealing with spill > > slots is, IMO, a separate issue, more related to the auto-var-init > > work (though that would be stack erasure on function exit, rather than > > entry, which addresses a different set of issues). I think this thread > > from the GCC list has...

Now it outputs: nouveau E[ PGRAPH][0000:02:00.0] PGRAPH TLB flush idle timeout fail nouveau E[ PGRAPH][0000:02:00.0] PGRAPH_STATUS: BUSY DISPATCH VFETCH CCACHE_UNK4 STRMOUT_GSCHED_UNK5 UNK14XX UNK1CXX CLIPID ZCULL ENG2D UNK34XX TPRAST TPROP ROP (0x011fde03) nouveau E[ PGRAPH][0000:02:00.0] PGRAPH_VSTATUS: CCACHE (0x00145b4d) (0x0000002d) ENG2D ROP (0x0034db40) instead of: [drm] nouveau 0000:02:00.0: PGRAPH TLB flush idle timeout fail: 0x011fde03 0x00145b4d 0x0000002d 0x0034db40 Based on envytools docs. Signed-off-by: Marcin Slusar...

...ings LLVM Devs! > > I am a PhD student in the Secure Systems and Software Lab at UC > Irvine. We have been working on adding randomness into code generation > to create a diverse population of binaries. This diversity prevents > code-reuse attacks such as return-oriented-programming (ROP) by > denying the attacker information about the exact code layout. ROP has > been used is several high-profile recent attacks, and has also been > used as a jailbreaking avenue. We believe our transformations would > provide a significant security benefit for LLVM users who choose to &...

...8 AM David Chisnall <David.Chisnall at cl.cam.ac.uk> wrote: > I think it would be useful for the discussion to have a clear threat model that this intends to defend against and a rough analysis of the security benefits that this is believed to bring. I view this as being even more about a ROP defense. Dealing with spill slots is, IMO, a separate issue, more related to the auto-var-init work (though that would be stack erasure on function exit, rather than entry, which addresses a different set of issues). I think this thread from the GCC list has some good details on the ROP defense: h...

Greetings LLVM Devs! I am a PhD student in the Secure Systems and Software Lab at UC Irvine. We have been working on adding randomness into code generation to create a diverse population of binaries. This diversity prevents code-reuse attacks such as return-oriented-programming (ROP) by denying the attacker information about the exact code layout. ROP has been used is several high-profile recent attacks, and has also been used as a jailbreaking avenue. We believe our transformations would provide a significant security benefit for LLVM users who choose to use diversity. For mo...

...> > I am a PhD student in the Secure Systems and Software Lab at UC > Irvine. We have been working on adding randomness into code generation > to create a diverse population of binaries. This diversity prevents > code-reuse attacks such as return-oriented-programming (ROP) by > denying the attacker information about the exact code layout. ROP has > been used is several high-profile recent attacks, and has also been > used as a jailbreaking avenue. We believe our transformations would > provide a significant security benefit for LLVM users...

https://bugs.freedesktop.org/show_bug.cgi?id=82843 Priority: medium Bug ID: 82843 Assignee: nouveau at lists.freedesktop.org Summary: [NV96][Regression][Bisected] Failure to resume QA Contact: xorg-team at lists.x.org Severity: normal Classification: Unclassified OS: Linux (All) Reporter: trevor.davenport

Now it outputs: nouveau E[ PGRAPH][0000:02:00.0] PGRAPH TLB flush idle timeout fail nouveau E[ PGRAPH][0000:02:00.0] PGRAPH_STATUS: BUSY DISPATCH VFETCH CCACHE_UNK4 STRMOUT_GSCHED_UNK5 UNK14XX UNK1CXX CLIPID ZCULL ENG2D UNK34XX TPRAST TPROP ROP (0x011fde03) nouveau E[ PGRAPH][0000:02:00.0] PGRAPH_VSTATUS_0: CCACHE (0x00145b4d) nouveau E[ PGRAPH][0000:02:00.0] PGRAPH_VSTATUS_1: (0x0000002d) nouveau E[ PGRAPH][0000:02:00.0] PGRAPH_VSTATUS_2: ENG2D ROP (0x0034db40) instead of: [drm] nouveau 0000:02:00.0: PGRAPH TLB flush idle timeout...

On Aug 26, 2013, at 2:39 PM, Stephen Crane <sjcrane at uci.edu> wrote: > We have been working on adding randomness into code generation > to create a diverse population of binaries. This diversity prevents > code-reuse attacks such as return-oriented-programming (ROP) by > denying the attacker information about the exact code layout. Putting on my security hat (as opposed to my lurking-on-compiler-mailing-lists hat), note that artificial software heterogeneity doesn't actually prevent ROP, it makes it harder in a qualitatively similar way to ASLR. With...

Hi to all, im a new linux/wine user and im having some problems to wine a ragnarok client... [hillo@Umbrella RO]$ wine roP.exe err:module:LdrInitializeThunk "binkw32.dll" failed to initialize, aborting err:module:LdrInitializeThunk Main exe initialization for L"H:\\RO\\roP.exe" failed, status c0000142 [hillo@Umbrella RO]$ Im using a fake drive_c with all .dll in ~/system32 paste thanks for any kind...

> On Nov 21, 2019, at 14:23, Robinson, Paul via llvm-dev <llvm-dev at lists.llvm.org> wrote: > > Some years ago there was a random-nop-insertion pass (for ROP gadget removal) proposed, which didn't stick; we recently had a summer intern work on it but did not get to proper quality; I'd like to revive that. Hi Paul, I'm curious about what the use case for this was. In the normal course of binary distribution of programs, the addition of nops...

...se-cases which could benefit, especially in small deployments. Additionally, the benefits may outweigh the increase in deployment costs for larger deployments. > 2. Does this actually fill a gap in our protections? How do we ever > get into the situation where the user is able to deploy a ROP attack > against us, without tripping asan or ubsan or something caught by our > warnings or the static analyzer or any of the other protections > offered by clang and llvm? It may suffice that there exists a niche > which can't afford the performance penalty from asan or other...

...benefit, especially in small deployments. > Additionally, the benefits may outweigh the increase in deployment costs > for larger deployments. > > > 2. Does this actually fill a gap in our protections? How do we ever get >> into the situation where the user is able to deploy a ROP attack against >> us, without tripping asan or ubsan or something caught by our warnings or >> the static analyzer or any of the other protections offered by clang and >> llvm? It may suffice that there exists a niche which can't afford the >> performance penalty from as...

...nvkm-y += nvkm/engine/gr/ctxnv50.o diff --git a/drm/nouveau/nvkm/engine/gr/gf100.h b/drm/nouveau/nvkm/engine/gr/gf100.h index 1d2101af2a87..22e7c6f44e88 100644 --- a/drm/nouveau/nvkm/engine/gr/gf100.h +++ b/drm/nouveau/nvkm/engine/gr/gf100.h @@ -125,6 +125,7 @@ struct gf100_gr_func { void (*init_rop_active_fbps)(struct gf100_gr *); void (*init_ppc_exceptions)(struct gf100_gr *); void (*init_swdx_pes_mask)(struct gf100_gr *); + void (*init_num_active_ltcs)(struct gf100_gr *); void (*set_hww_esr_report_mask)(struct gf100_gr *); const struct gf100_gr_pack *mmio; struct { @@ -301,4 +302,...

.... + * - bits 15-17: 2d operation [aka patch config] + * - bits 20-22: dither mode + * - bit 24: patch valid [enables rendering using this object] + * - bit 25: surface_dst/surface_color/surf2d/surf3d valid + * - bit 26: surface_src/surface_zeta valid + * - bit 27: pattern valid + * - bit 28: rop valid + * - bit 29: beta1 valid + * - bit 30: beta4 valid + * word 1: + * - bits 0-1: mono format + * - bits 8-13: color format + * - bits 16-31: DMA_NOTIFY instance + * word 2: + * - bits 0-15: DMA_A instance + * - bits 16-31: DMA_B instance + * + * NV05 will set/unset the relevant valid bi...

...thank you very much for answering. I am trying to do the following: get the encoding for each instruction and if that encoding contains a C3 byte, insert a NOP instruction (or multiple NOP instructions, or any other instructions) before that instruction. The idea behind this is to protect against ROP (Return Oriented Programming) attacks. By inserting a NOP the attacker can no longer abuse alignment to get a useful gadget. I thought a machine function pass would be sufficient to accomplish this. However, now I realize that this was probably a rather naive thought. Can you think of any other ap...

https://bugs.freedesktop.org/show_bug.cgi?id=54437 Bug #: 54437 Summary: linux-nouveau2.6 (3.6.0-rc4) : GTX580 : Xorg freezes when using accel Classification: Unclassified Product: xorg Version: git Platform: x86-64 (AMD64) OS/Version: Linux (All) Status: NEW Severity: critical

...to work reliably. Kphone will register and connect, but if I dial a different softphone on the same machine and get routed to voice mail, I hear the voice mail announcement but I am unable to leave a voice mail messsage. The reason is explicit on the debug output (I nearly used the phrase "ROP"!), which says that the voicemail SIP connection is dropped because there's been no input. If I reach the other softphone, I cannot transmit from one to the other. Is the inability to transmit part of the continuing problems between Asterisk and ALSA? (2) If I dial from the console in...

...also updated the kernel to latest because it has the improved parsing: Nov 25 23:42:57 madman kernel: [ 169.014553] nouveau E[ PGRAPH][0000:01:00.0] PGRAPH_STATUS : 0x019ffe03 BUSY DISPATCH VFETCH CCACHE_UNK4 STRMOUT_GSCHED_UNK5 UNK14XX UNK24XX_CSCHED UNK1CXX CLIPID ZCULL ENG2D UNK34XX TPRAST TPROP MP ROP Nov 25 23:42:57 madman kernel: [ 169.014564] nouveau E[ PGRAPH][0000:01:00.0] PGRAPH_VSTATUS0: 0x00145009 VFETCH CCACHE Nov 25 23:42:57 madman kernel: [ 169.014569] nouveau E[ PGRAPH][0000:01:00.0] PGRAPH_VSTATUS1: 0x0000102d MP Nov 25 23:42:57 madman kernel: [ 169.014573] nouveau E[ PGRA...

...t; }, + { 0x00002000, "RATTR_APLANE" }, + { 0x00004000, "TRAST" }, { 0x00008000, "CLIPID" }, { 0x00010000, "ZCULL" }, { 0x00020000, "ENG2D" }, - { 0x00040000, "UNK34XX" }, - { 0x00080000, "TPRAST" }, - { 0x00100000, "TPROP" }, - { 0x00200000, "TEX" }, - { 0x00400000, "TPVP" }, - { 0x00800000, "MP" }, + { 0x00040000, "RMASK" }, + { 0x00080000, "TPC_RAST" }, + { 0x00100000, "TPC_PROP" }, + { 0x00200000, "TPC_TEX" }, + { 0x00400000, "TPC_GEO...