similar to: CFI, Safe-Stack, and -fno-sanitize-trap

Hi, I would like to use SafeStack sanitize option on ARM platform. Since Linux libc does not implement such functionality (in opposite to FreeBSD or Android), I need to use SafeStack compiler RT library. Unfortunately I've noticed that libclang_rt.safestack is not compiled/built for ARM platform. Looking into cmake file: "set(ALL_SAFESTACK_SUPPORTED_ARCH ${X86} ${X86_64} ${ARM64}

Hi everyone, (Sorry if I'm asking at the wrong mail listing, but compiler-rt page tells I'd better write on llvm-dev rather than cfe-dev/cfe-users.) I've just built LLVM/Clang+Compiler-rt (Compiler-rt is put inside llvm/projects folder) and tried the -fsanitize option. But strangely the link failed since it cannot find *libclang_rt.san-x86_64.a*. The error message is as

On 2/7/2017 20:02, Kostya Serebryany wrote: > ... > > My understanding is that BNDCU is the cheapest possible instruction, > just like XOR or ADD, > so the overhead should be relatively small. > Still my guesstimate would be >= 5% since stores are very numerous. > And such overhead will be on top of whatever overhead SafeStack has. > Do you have any measurements to

Dear LLVM developers, Our team has developed an LLVM-based protection mechanism that (i) prevents control-flow hijack attacks enabled by memory corruption errors and (ii) has very low performance overhead. We would like to contribute the implementation to LLVM. We presented this work at the OSDI 2014 conference, at several software companies, and several US universities. We received positive

Hi, The test-suite expects to be built standalone but it looks like you have it in the same tree as LLVM. You'll need to remove it. From: llvm-dev [mailto:llvm-dev-bounces at lists.llvm.org] On Behalf Of Peter Teoh via llvm-dev Sent: 28 February 2016 14:31 To: llvm-dev at lists.llvm.org Subject: [llvm-dev] [cfe-dev] [3.8 Release] We have branched With reference to the following thread:

With reference to the following thread: http://lists.llvm.org/pipermail/llvm-dev/2016-January/094100.html I am having the same issue. First I did a git pull of all the relevant directories and then doing a cmake: cmake -DLLVM_ENABLE_DOXYGEN=ON -DLLVM_ENABLE_WERROR=OFF -DLLVM_TARGETS_TO_BUILD="X86" ../llvm and followed by make: [ 22%] Built target LLVMVectorize [ 25%] Built target

Hi Kostya, >On Wed, Nov 12, 2014 at 2:50 AM, Volodymyr Kuznetsov <vova.kuznetsov at epfl.ch >> wrote: > >> Dear LLVM developers, >> >> We've applied the feedback we received on Phabricator on the SafeStack >> patches, >> > >Did you investigate the possibility of moving the transformation from >codegen to the LLVM level, i.e. the same level

I think we've just forgotten to update that part of the instructions. Having the test-suite at projects/test-suite was harmless to the old autoconf and LLVM 3.7.x's cmake builds because it didn't actually cause the test-suite to be built. The CMakeLists.txt that have been added to the test-suite now cause it to be built by LLVM's build system which introduces the build failure. We

+nlewycky On Mon, Nov 17, 2014 at 9:36 AM, Volodymyr Kuznetsov <vova.kuznetsov at epfl.ch > wrote: > Hi Kostya, > > On Sat, Nov 15, 2014 at 1:53 PM, Volodymyr Kuznetsov < > vova.kuznetsov at epfl.ch> wrote: > > Do you think moving the pass to lib/Transform/Instrumentation but > > scheduling it during code generation would make sense ? If so, we'll >

Hi, I previously posted about using 32-bit X86 segmentation to harden SafeStack: http://lists.llvm.org/pipermail/llvm-dev/2016-May/100346.html That involves lowering the limits of the DS and ES segments that are used for ordinary data accesses while leaving the limit for SS, the stack segment, set to its maximum value. The safe stacks were clustered above the limits of DS and ES. Thus, by

Hi all, Shouldn't SafeStack pass be executed only if the target has TLS support? E.g. currently for NVPTX there is no way to implement `__safestack_unsafe_stack_ptr`. Any comments? Thanks, Samuel -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150623/53f40bea/attachment.html>

Hello, I'm assessing the work required to enable Safe Stack for a bare metal target. Looking at compiler-rt/lib/safestack/, the current implementation depends on thread support for mutex & storing unsafe stack pointer. It also need several system calls: gettid, tgkill, mmap, munmap, mprotect. Our target doesn't has all underlying support it needs. My question is: what's the

On Tue, Dec 27, 2016 at 4:13 PM, Teresa Johnson <tejohnson at google.com> wrote: > > On Tue, Dec 27, 2016 at 5:23 AM, Carsten Mattner <carstenmattner at gmail.com> wrote: >> >> After figuring out the fault in the configuration step and rebuilding, >> and then rebuilding again by forcing it with `ninja -k 16`, I managed to >> build everything but 12 ninja

On Wed, Sep 6, 2017 at 5:01 PM, David Blaikie <dblaikie at gmail.com> wrote: > On Wed, Sep 6, 2017 at 2:01 PM Reid Kleckner <rnk at google.com> wrote: > >> On Wed, Sep 6, 2017 at 10:01 AM, David Blaikie <dblaikie at gmail.com> >> wrote: >> >>> I guess you described this already, but talking it through for >>> myself/maybe others will

On Tue, Dec 27, 2016 at 8:30 AM, Carsten Mattner <carstenmattner at gmail.com> wrote: > On Tue, Dec 27, 2016 at 4:13 PM, Teresa Johnson <tejohnson at google.com> > wrote: > > > > On Tue, Dec 27, 2016 at 5:23 AM, Carsten Mattner < > carstenmattner at gmail.com> wrote: > >> > >> After figuring out the fault in the configuration step and

On 4 Nov 2014, at 00:36, Kostya Serebryany <kcc at google.com> wrote: > You at least increase the memory footprint by doubling the stack sizes. Not quite. The space overhead is constant for each stack frame - you just need to keep track of the top of two stacks, rather than one. The important overhead is that you reduce locality of reference. You will need a minimum of two cache

Hi, I'm trying to build clang/LLVM and am hitting a test failure in compiler-rt/test/safestack/lto.c. I believe the issue is that we've configured clang to use ld.bfd as the linker. ld.bfd has plugin support as described here: https://llvm.org/docs/GoldPlugin.html compiler-rt/test/lit.common.cfg isn't set up to know about ld.bfd: elif config.host_os == 'Linux' and

On 19.02.2018 16:57, Hans Wennborg via lldb-dev wrote: > I would also like to get the release notes ready this week. If you've > been meaning to write something but didn't get around to it yet, now > is the time. > Notes regarding the X86(_64) backend: Preliminary support for Sanitizers and sibling features on NetBSD (ASan, UBsan, TSan, MSan, SafeStack, libFuzzer). Feel free

Hi, SafeStack currently relies on address randomization to protect the safe stack. If the location of a safe stack is somehow revealed and a corrupted pointer references it, then a safe stack can be corrupted. The creators of SafeStack envisioned the possibility of using X86 segmentation to further harden SafeStack against such corruption (see the comment near the top of

Hello, I'm in the process of creating a pass for the new PM for SafeStack which is only available as a part of the legacy PM. The only thing bugging me is in regards to the TargetPassConfig analysis. Whereas most other passes/analyses I have seen separate the logic between the actual pass and anything it does to the IRUnits it runs over are in 2 separate classes, TargetPassConfig has them