[randstruct] Automatically randomize a structure of function pointers

Strutures of function pointers are a good surface area for attacks. We
should therefore randomize them unless explicitly told no

[randstruct] Automatically randomize a structure of function pointers

Strutures of function pointers are a good surface area for attacks. We
should therefore randomize them unless explicitly told not to.

Reviewed By: aaron.ballman, MaskRay

Differential Revision: https://reviews.llvm.org/D123544

show more ...

[randstruct] Randomize all elements of a record

A record may have more than just FieldDecls in it. If so, then we're
likely to drop them if we only randomize the FieldDecls.

We need to be careful a

[randstruct] Randomize all elements of a record

A record may have more than just FieldDecls in it. If so, then we're
likely to drop them if we only randomize the FieldDecls.

We need to be careful about anonymous structs/unions. Their fields are
made available in the RecordDecl as IndirectFieldDecls, which are listed
after the anonymous struct/union. The ordering doesn't appear to be
super important, however we place them unrandomized at the end of the
RecordDecl just in case. There's also the possiblity of
StaticAssertDecls. We also want those at the end.

All other non-FieldDecls we place at the top, just in case we get
something like:

struct foo {
enum e { BORK };
enum e a;
};

Link: https://github.com/KSPP/linux/issues/185

Reviewed By: aaron.ballman

Differential Revision: https://reviews.llvm.org/D123958

show more ...

Revert "[randstruct] Check final randomized layout ordering"

This reverts commit a7815d33bf8f955f2a1888abbccf974bd4858f79.
Test fails on Windows, see comments on https://reviews.llvm.org/D124199

[randstruct] Check final randomized layout ordering

This uses "llvm::shuffle" to stop differences in shuffle ordering on
different platforms.

Reviewed By: MaskRay

Differential Revision: https://re

[randstruct] Check final randomized layout ordering

This uses "llvm::shuffle" to stop differences in shuffle ordering on
different platforms.

Reviewed By: MaskRay

Differential Revision: https://reviews.llvm.org/D124199

show more ...

[randstruct] Add test for "-frandomize-layout-seed-file" flag

This test makes sure that the "-frandomize-layout-seed" and
"-frandomize-layout-seed-file" flags generate the same layout for the
record

[randstruct] Add test for "-frandomize-layout-seed-file" flag

This test makes sure that the "-frandomize-layout-seed" and
"-frandomize-layout-seed-file" flags generate the same layout for the
record.

Reviewed By: aaron.ballman, MaskRay

Differential Revision: https://reviews.llvm.org/D123636

show more ...

Revert "[randstruct] Add test for "-frandomize-layout-seed-file" flag"

There's a test failure.

This reverts commit 31ea4798ad0990838ccd27f80ca112f177ce91d9.

[randstruct] Add test for "-frandomize-layout-seed-file" flag

This test makes sure that the "-frandomize-layout-seed" and
"-frandomize-layout-seed-file" flags generate the same layout for the
record

[randstruct] Add test for "-frandomize-layout-seed-file" flag

This test makes sure that the "-frandomize-layout-seed" and
"-frandomize-layout-seed-file" flags generate the same layout for the
record.

Reviewed By: aaron.ballman, MaskRay

Differential Revision: https://reviews.llvm.org/D123636

show more ...

[randstruct] NFC change to use static

[randstruct] Add randomize structure layout support

The Randstruct feature is a compile-time hardening technique that
randomizes the field layout for designated structures of a code base.
Admittedly

[randstruct] Add randomize structure layout support

The Randstruct feature is a compile-time hardening technique that
randomizes the field layout for designated structures of a code base.
Admittedly, this is mostly useful for closed-source releases of code,
since the randomization seed would need to be available for public and
open source applications.

Why implement it? This patch set enhances Clang’s feature parity with
that of GCC which already has the Randstruct feature. It's used by the
Linux kernel in certain structures to help thwart attacks that depend on
structure layouts in memory.

This patch set is a from-scratch reimplementation of the Randstruct
feature that was originally ported to GCC. The patches for the GCC
implementation can be found here:

https://www.openwall.com/lists/kernel-hardening/2017/04/06/14

Link: https://lists.llvm.org/pipermail/cfe-dev/2019-March/061607.html
Co-authored-by: Cole Nixon <nixontcole@gmail.com>
Co-authored-by: Connor Kuehl <cipkuehl@gmail.com>
Co-authored-by: James Foster <jafosterja@gmail.com>
Co-authored-by: Jeff Takahashi <jeffrey.takahashi@gmail.com>
Co-authored-by: Jordan Cantrell <jordan.cantrell@mail.com>
Co-authored-by: Nikk Forbus <nicholas.forbus@gmail.com>
Co-authored-by: Tim Pugh <nwtpugh@gmail.com>
Co-authored-by: Bill Wendling <isanbard@gmail.com>
Signed-off-by: Bill Wendling <isanbard@gmail.com>

Reviewed By: aaron.ballman

Differential Revision: https://reviews.llvm.org/D121556

show more ...

[randstruct] Use llvm::shuffle to avoid STL impl difference after D121556

This reverts commit 2a2149c754f96376ddf8fed248102dd8e6092a22.
This reverts commit 8d7595be1dd41d7f7470ec90867936ca5e4e0d82.

[randstruct] Use llvm::shuffle to avoid STL impl difference after D121556

This reverts commit 2a2149c754f96376ddf8fed248102dd8e6092a22.
This reverts commit 8d7595be1dd41d7f7470ec90867936ca5e4e0d82.
This reverts commit e2e6899452998932b37f0fa9e66d104a02abe3e5.

If this doesn't work, I'll revert the whole thing.

show more ...

[randstruct] disable test for Windows for now.

[randstruct] add expected output for WIN64

This is an attempt to fix a test failure on one of the buildbot Windows
machines. It also turns all of the "ASSERT_" macros into "EXPECT_" to
catch all oth

[randstruct] add expected output for WIN64

This is an attempt to fix a test failure on one of the buildbot Windows
machines. It also turns all of the "ASSERT_" macros into "EXPECT_" to
catch all other failures.

Link: https://lab.llvm.org/buildbot/#/builders/216/builds/2647

show more ...

[randstruct] Add randomize structure layout support

The Randstruct feature is a compile-time hardening technique that
randomizes the field layout for designated structures of a code base.
Admittedly

[randstruct] Add randomize structure layout support

The Randstruct feature is a compile-time hardening technique that
randomizes the field layout for designated structures of a code base.
Admittedly, this is mostly useful for closed-source releases of code,
since the randomization seed would need to be available for public and
open source applications.

Why implement it? This patch set enhances Clang’s feature parity with
that of GCC which already has the Randstruct feature. It's used by the
Linux kernel in certain structures to help thwart attacks that depend on
structure layouts in memory.

This patch set is a from-scratch reimplementation of the Randstruct
feature that was originally ported to GCC. The patches for the GCC
implementation can be found here:

https://www.openwall.com/lists/kernel-hardening/2017/04/06/14

Link: https://lists.llvm.org/pipermail/cfe-dev/2019-March/061607.html
Co-authored-by: Cole Nixon <nixontcole@gmail.com>
Co-authored-by: Connor Kuehl <cipkuehl@gmail.com>
Co-authored-by: James Foster <jafosterja@gmail.com>
Co-authored-by: Jeff Takahashi <jeffrey.takahashi@gmail.com>
Co-authored-by: Jordan Cantrell <jordan.cantrell@mail.com>
Co-authored-by: Nikk Forbus <nicholas.forbus@gmail.com>
Co-authored-by: Tim Pugh <nwtpugh@gmail.com>
Co-authored-by: Bill Wendling <isanbard@gmail.com>
Signed-off-by: Bill Wendling <isanbard@gmail.com>

Reviewed By: aaron.ballman

Differential Revision: https://reviews.llvm.org/D121556

show more ...