search for: safestack

...> ... > > My understanding is that BNDCU is the cheapest possible instruction, > just like XOR or ADD, > so the overhead should be relatively small. > Still my guesstimate would be >= 5% since stores are very numerous. > And such overhead will be on top of whatever overhead SafeStack has. > Do you have any measurements to share? > Here are estimated SPECint_base2006 component runtimes for some relevant test configurations: Runtime in seconds: +--------------+---------+---------+---------+-------+ |Benchmark|Unpatched|Unpatched|Patched|MPX| ||Base|SafeStack|SafeStack|...

Hi Kostya, >On Wed, Nov 12, 2014 at 2:50 AM, Volodymyr Kuznetsov <vova.kuznetsov at epfl.ch >> wrote: > >> Dear LLVM developers, >> >> We've applied the feedback we received on Phabricator on the SafeStack >> patches, >> > >Did you investigate the possibility of moving the transformation from >codegen to the LLVM level, i.e. the same level where asan/msan/tsan/dfsan >work? >I understand that it's a lot of work, but it will pay off with greater >portability and mainta...

On 4 Nov 2014, at 00:36, Kostya Serebryany <kcc at google.com> wrote: > You at least increase the memory footprint by doubling the stack sizes. Not quite. The space overhead is constant for each stack frame - you just need to keep track of the top of two stacks, rather than one. The important overhead is that you reduce locality of reference. You will need a minimum of two cache

...ied to parts of a program selectively. We attach our implementation of the safe stack as three patches against current SVN HEAD of LLVM (r221153), clang (r221154) and compiler-rt (r220991). The same changes are also available on https://github.com/cpi-llvm <http://github.com/cpi-llvm> in the safestack-r221153 branches of corresponding repositories. The patches make the following changes: -- Add the safestack function attribute, similar to the ssp, sspstrong and sspreq attributes. -- Add the SafeStack instrumentation pass that applies the safe stack to all functions that have the safestack attri...

Hi, I would like to use SafeStack sanitize option on ARM platform. Since Linux libc does not implement such functionality (in opposite to FreeBSD or Android), I need to use SafeStack compiler RT library. Unfortunately I've noticed that libclang_rt.safestack is not compiled/built for ARM platform. Looking into cmake file: "...

Hi, SafeStack currently relies on address randomization to protect the safe stack. If the location of a safe stack is somehow revealed and a corrupted pointer references it, then a safe stack can be corrupted. The creators of SafeStack envisioned the possibility of using X86 segmentation to further harden Safe...

...t; > On Sat, Nov 15, 2014 at 1:53 PM, Volodymyr Kuznetsov < > vova.kuznetsov at epfl.ch> wrote: > > Do you think moving the pass to lib/Transform/Instrumentation but > > scheduling it during code generation would make sense ? If so, we'll > > do that and change the safestack tests to use opt instead of llc. > > I tried to move the SafeStack to lib/Transform/Instrumentation, but I > realized that the SafeStack pass depends on TargetMachine: it gets the > stack alignment from TargetFrameLowering and the location of the unsafe > stack pointer from TargetLow...

Hi all, Shouldn't SafeStack pass be executed only if the target has TLS support? E.g. currently for NVPTX there is no way to implement `__safestack_unsafe_stack_ptr`. Any comments? Thanks, Samuel -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attac...

Hi, I previously posted about using 32-bit X86 segmentation to harden SafeStack: http://lists.llvm.org/pipermail/llvm-dev/2016-May/100346.html That involves lowering the limits of the DS and ES segments that are used for ordinary data accesses while leaving the limit for SS, the stack segment, set to its maximum value. The safe stacks were clustered above the limits of DS an...

...safe-stack. I am getting linker errors when combining -fsanitize=safe-stack, -fsanitize=cfi, and -fno-sanitize-trap=all. Combining safe-stack and CFI without -fno-sanitize-trap=all works as expected. It looks like clang is attempting to link in two compiler-rt libraries, one for ubsan and one for safestack, and this causes multiply defined symbols. Is this the expected behavior? Can only one sanitizer at a time have trapping disabled? The command line to trigger is below. --- $ clang++-3.9 -flto -fvisibility=default -fsanitize=safe-stack -fsanitize=cfi -fuse-ld=gold -fno-sanitize-trap=all hello.c...

On 12/28/18 10:09 PM, Leonard Chan via llvm-dev wrote: > Hello, > > I'm in the process of creating a pass for the new PM for SafeStack > which is only available as a part of the legacy PM. The only thing > bugging me is in regards to the TargetPassConfig analysis. Whereas > most other passes/analyses I have seen separate the logic between the > actual pass and anything it does to the IRUnits it runs over are in 2 >...

Approved. On Wed, Mar 23, 2016 at 5:11 AM, Mohit Bhakkad <mohit.bhakkad at gmail.com> wrote: > Hi Peter, > > Request you to approve the merger of this patch to 3.8.1 branch: > > http://reviews.llvm.org/rL262690 > > Thanks, > Mohit > -- -- Peter -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hello, I'm in the process of creating a pass for the new PM for SafeStack which is only available as a part of the legacy PM. The only thing bugging me is in regards to the TargetPassConfig analysis. Whereas most other passes/analyses I have seen separate the logic between the actual pass and anything it does to the IRUnits it runs over are in 2 separate classes, TargetP...

Hello, I'm assessing the work required to enable Safe Stack for a bare metal target. Looking at compiler-rt/lib/safestack/, the current implementation depends on thread support for mutex & storing unsafe stack pointer. It also need several system calls: gettid, tgkill, mmap, munmap, mprotect. Our target doesn't has all underlying support it needs. My question is: what's the minimum requirement to port Saf...

...ost. >> >> --- >> >> I think part of the reason I wanted to move in the DW_OP_LLVM_memory >> direction is that I originally wanted to add a memory offset operand to it. >> Our actual use cases for complex DWARF expressions typically come from >> things like safestack, ASan, and blocks. What these all have in common is >> that they gather up a number of variables and move them off into a struct >> in heap memory. This is very similar to what happens when we spill a >> virtual register: instead of describing a register, we modify the >> ex...

Hi, I'm trying to build clang/LLVM and am hitting a test failure in compiler-rt/test/safestack/lto.c. I believe the issue is that we've configured clang to use ld.bfd as the linker. ld.bfd has plugin support as described here: https://llvm.org/docs/GoldPlugin.html compiler-rt/test/lit.common.cfg isn't set up to know about ld.bfd: elif config.host_os == 'Linux' and is_lin...

Dear everyone, The release schedule has snuck up on me again, and it's time to wrap up the release. We won't make it to the final tag on the 21st as per the schedule, but I would like to get all outstanding blockers fixed and rc3 tagged by Friday. Hopefully this would be the last rc and we could go to final soon after. If you're involved in a release-blocking bug (see

...also like to get the release notes ready this week. If you've > been meaning to write something but didn't get around to it yet, now > is the time. > Notes regarding the X86(_64) backend: Preliminary support for Sanitizers and sibling features on NetBSD (ASan, UBsan, TSan, MSan, SafeStack, libFuzzer). Feel free to improve the wording. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 850 bytes Desc: OpenPGP digital signature URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20180221/8...

...gt; >>>> I think part of the reason I wanted to move in the DW_OP_LLVM_memory >>>> direction is that I originally wanted to add a memory offset operand to it. >>>> Our actual use cases for complex DWARF expressions typically come from >>>> things like safestack, ASan, and blocks. What these all have in common is >>>> that they gather up a number of variables and move them off into a struct >>>> in heap memory. This is very similar to what happens when we spill a >>>> virtual register: instead of describing a register, w...

...e function pass dump: %gs = SUB32ri %gs, 8, implicit-def %eflags Objdump -d assembly from executable 400510: 81 ed 04 00 00 00 sub $0x8,%ebp TLDR: I am trying to create custom assembly via BuildMI() and manipulate segment registers via a MachineFunctionPass. I have looked at LLVMs safestack implementation, but they are taking a fairly complicated hybrid approach between an IR Function pass with Backend support. I would like to stay as a single machinefunction pass. Believe me I would do this at the IR level if I didnt need to specifically use the segment registers. Thanks for the he...