summaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2024-06-02 15:40:44 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2024-06-02 15:40:44 +0000
commitf7a83c2a5f643ae914fbb3e474894959d8a38e1e (patch)
tree669c23977fea403bd217a838396a68986e878372 /gnu
parentb2305354573bcf7b13bc8ab77573165dcf3a7faf (diff)
add -fret-clean option (amd64 and i386 only at first), defaulting to off.
This causes the caller to cleans the return address off the stack after a callq completes. The option is best used in low-level libraries (such as libc), because libc contains low-level system call stubs. The option reduces hints (found on the stale parts of the stack) about libc.so's mapping location, and together with random-relinking, relro got/pic, and xonly makes some exploit methods more difficult. ok mortimer, mlarkin, much discussion with kettenis, in snaps for 2 weeks.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/llvm/clang/include/clang/Driver/Options.td4
-rw-r--r--gnu/llvm/clang/lib/Driver/ToolChains/Clang.cpp10
-rw-r--r--gnu/llvm/llvm/lib/Target/X86/X86.h4
-rw-r--r--gnu/llvm/llvm/lib/Target/X86/X86TargetMachine.cpp2
-rw-r--r--gnu/usr.bin/clang/libLLVMX86CodeGen/Makefile3
5 files changed, 22 insertions, 1 deletions
diff --git a/gnu/llvm/clang/include/clang/Driver/Options.td b/gnu/llvm/clang/include/clang/Driver/Options.td
index 7a299510905..a5df86eba14 100644
--- a/gnu/llvm/clang/include/clang/Driver/Options.td
+++ b/gnu/llvm/clang/include/clang/Driver/Options.td
@@ -2857,6 +2857,10 @@ def fno_fixup_gadgets : Flag<["-"], "fno-fixup-gadgets">, Group<f_Group>, Flags<
HelpText<"Disable FixupGadgets pass (x86 only)">;
def ffixup_gadgets : Flag<["-"], "ffixup-gadgets">, Group<f_Group>, Flags<[CoreOption]>,
HelpText<"Replace ROP friendly instructions with safe alternatives (x86 only)">;
+def fno_ret_clean : Flag<["-"], "fno-ret-clean">, Group<f_Group>, Flags<[CoreOption]>,
+ HelpText<"Disable ret-clean pass">;
+def fret_clean : Flag<["-"], "fret-clean">, Group<f_Group>, Flags<[CoreOption]>,
+ HelpText<"Clean return address from stack after call">;
def ftrivial_auto_var_init_stop_after : Joined<["-"], "ftrivial-auto-var-init-stop-after=">, Group<f_Group>,
Flags<[CC1Option, CoreOption]>, HelpText<"Stop initializing trivial automatic stack variables after the specified number of instances">,
MarshallingInfoInt<LangOpts<"TrivialAutoVarInitStopAfter">>;
diff --git a/gnu/llvm/clang/lib/Driver/ToolChains/Clang.cpp b/gnu/llvm/clang/lib/Driver/ToolChains/Clang.cpp
index 1d073428fe5..6eaa9918302 100644
--- a/gnu/llvm/clang/lib/Driver/ToolChains/Clang.cpp
+++ b/gnu/llvm/clang/lib/Driver/ToolChains/Clang.cpp
@@ -6402,6 +6402,16 @@ void Clang::ConstructJob(Compilation &C, const JobAction &JA,
CmdArgs.push_back(Args.MakeArgString(Twine("-x86-fixup-gadgets=true")));
}
+ // -ret-clean
+ if (Arg *A = Args.getLastArg(options::OPT_fno_ret_clean,
+ options::OPT_fret_clean)) {
+ CmdArgs.push_back(Args.MakeArgString(Twine("-mllvm")));
+ if (A->getOption().matches(options::OPT_fno_ret_clean))
+ CmdArgs.push_back(Args.MakeArgString(Twine("-x86-ret-clean=false")));
+ else if (A->getOption().matches(options::OPT_fret_clean))
+ CmdArgs.push_back(Args.MakeArgString(Twine("-x86-ret-clean=true")));
+ }
+
RenderSCPOptions(TC, Args, CmdArgs);
RenderTrivialAutoVarInitOptions(D, TC, Args, CmdArgs);
diff --git a/gnu/llvm/llvm/lib/Target/X86/X86.h b/gnu/llvm/llvm/lib/Target/X86/X86.h
index 3d0eef8d8ac..bf4503dd65b 100644
--- a/gnu/llvm/llvm/lib/Target/X86/X86.h
+++ b/gnu/llvm/llvm/lib/Target/X86/X86.h
@@ -132,6 +132,10 @@ FunctionPass *createX86DomainReassignmentPass();
/// ROP friendly instructions with alternatives.
FunctionPass *createX86FixupGadgetsPass();
+/// Return a Machine Function pass that attempts to replace
+/// RET instructions with a cleaning sequence
+FunctionPass *createX86RetCleanPass();
+
/// This pass replaces EVEX encoded of AVX-512 instructiosn by VEX
/// encoding when possible in order to reduce code size.
FunctionPass *createX86EvexToVexInsts();
diff --git a/gnu/llvm/llvm/lib/Target/X86/X86TargetMachine.cpp b/gnu/llvm/llvm/lib/Target/X86/X86TargetMachine.cpp
index 306a53e94fd..5d4b1b9d010 100644
--- a/gnu/llvm/llvm/lib/Target/X86/X86TargetMachine.cpp
+++ b/gnu/llvm/llvm/lib/Target/X86/X86TargetMachine.cpp
@@ -596,6 +596,8 @@ void X86PassConfig::addPreEmitPass2() {
addPass(createX86IndirectThunksPass());
addPass(createX86ReturnThunksPass());
+ addPass(createX86RetCleanPass());
+
// Insert extra int3 instructions after trailing call instructions to avoid
// issues in the unwinder.
if (TT.isOSWindows() && TT.getArch() == Triple::x86_64)
diff --git a/gnu/usr.bin/clang/libLLVMX86CodeGen/Makefile b/gnu/usr.bin/clang/libLLVMX86CodeGen/Makefile
index 0dd32c5c2cd..143e37b4346 100644
--- a/gnu/usr.bin/clang/libLLVMX86CodeGen/Makefile
+++ b/gnu/usr.bin/clang/libLLVMX86CodeGen/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.18 2023/11/11 18:35:38 robert Exp $
+# $OpenBSD: Makefile,v 1.19 2024/06/02 15:40:42 deraadt Exp $
LIB= LLVMX86CodeGen
NOPROFILE=
@@ -25,6 +25,7 @@ SRCS+= X86AsmPrinter.cpp \
X86FastISel.cpp \
X86FixupBWInsts.cpp \
X86FixupGadgets.cpp \
+ X86RetClean.cpp \
X86FixupLEAs.cpp \
X86AvoidStoreForwardingBlocks.cpp \
X86DynAllocaExpander.cpp \