- User Since
- Oct 3 2012, 3:00 AM (367 w, 16 h)
Do you want me to submit this change for you?
Mon, Oct 14
Oh btw please upload diffs with full context in the future:
Sorry, but I'm not convinced that the overhead of this change is justified by the security benefit it provides.
I've measured code size overhead (using Chromium on Android as a benchmark) at 0.4%, which is not huge, but still significant.
On the other hand, I'm not at all sure that this would be anything but an inconvenience for an attacker. There are multiple copies of the cookie on the stack anyway (one per every live frame!). Also, taking advantage of the cookies left below SP will become even harder with the new -ftrivial-auto-var-init feature.
Fri, Oct 11
Thu, Oct 10
The patches have been merged to the android common kernel just a few days ago, 4.14 and 4.19:
Tue, Oct 8
Everything looks great, thanks!
Mon, Oct 7
LGTM modulo the postDominates comment.
Fri, Oct 4
@pcc We actually went back and forth on this with HWASan, and ended up wrapping personality functions with a small tag cleanup routine:
Thu, Oct 3
Wed, Oct 2
Tue, Oct 1
LGTM with one more test
I think this can be easily generalized even more to handle the case when both Ptr1 and Ptr2 are GEPs of some common base - replace getOffsetFromBase with getOffsetAndBase, check that the bases are the same, return the difference between offsets.
Mon, Sep 30
Do you mind handling llvm.strip.invariant.group in the same change?
Fri, Sep 27
Thu, Sep 26
Wed, Sep 25
Fri, Sep 20
Thu, Sep 19
I've noticed that the spec does not say that STGP with the same source and address register is unpredictable, and instead defines it to update the writeback register after the source register is read. This lets us merge STGP forward, but not backward. Implemented with tests.
Added merging of STGP with the same source and address register.
Added more tests.
Fixed a comment.
addressed review comments
Wed, Sep 18
Sep 9 2019
Sep 5 2019
I'll update LangRef.
Basically, the only rule is that you should not speculatively introduce a conditional branch on value that might be undef and is not guaranteed to execute in the input IR.
Sep 3 2019
Aug 30 2019
Aug 28 2019
Addressed review comment. Renamed the -mllvm flag to match naming style of the other stack tagging flags.
Aug 27 2019
Aug 26 2019
Aug 23 2019
Aug 22 2019
What's the binary size overhead? I assume most of it comes from adding personality functions to noexcept but !nounwind functions?
Aug 19 2019
addressed review comments
We are still interested in gold compatibility, I think.
Aug 16 2019
I've committed a better fix in r369138.
Aug 15 2019
This build is on r369069 and still has the problem: