ports/devel/clang-tools-extra/patches/patch-lib_Target_X86_X86FrameLowering_h

- Add RETGUARD to clang for amd64. This security mechanism uses per-function
  random cookies to protect access to function return instructions, with the
  effect that the integrity of the return address is protected, and function
  return instructions are harder to use in ROP gadgets.

  On function entry the return address is combined with a per-function random
  cookie and stored in the stack frame. The integrity of this value is verified
  before function return, and if this check fails, the program aborts. In this way
  RETGUARD is an improved stack protector, since the cookies are per-function. The
  verification routine is constructed such that the binary space immediately
  before each ret instruction is padded with int03 instructions, which makes these
  return instructions difficult to use in ROP gadgets. In the kernel, this has the
  effect of removing approximately 50% of total ROP gadgets, and 15% of unique
  ROP gadgets compared to the 6.3 release kernel. Function epilogues are
  essentially gadget free, leaving only the polymorphic gadgets that result from
  jumping into the instruction stream partway through other instructions. Work to
  remove these gadgets will continue through other mechanisms.
- Refactor retguard to make adding additional arches easier.
- implement -msave-args in clang/llvm, like the sun did for gcc

Index: lib/Target/X86/X86FrameLowering.h
--- lib/Target/X86/X86FrameLowering.h.orig
+++ lib/Target/X86/X86FrameLowering.h
@@ -13,6 +13,7 @@
 #ifndef LLVM_LIB_TARGET_X86_X86FRAMELOWERING_H
 #define LLVM_LIB_TARGET_X86_X86FRAMELOWERING_H
 
+#include "X86ReturnProtectorLowering.h"
 #include "llvm/CodeGen/TargetFrameLowering.h"
 #include "llvm/Support/TypeSize.h"
 
@@ -23,6 +24,7 @@ class MCCFIInstruction;
 class X86InstrInfo;
 class X86Subtarget;
 class X86RegisterInfo;
+class X86ReturnProtectorLowering;
 
 class X86FrameLowering : public TargetFrameLowering {
 public:
@@ -33,7 +35,10 @@ class X86FrameLowering : public TargetFrameLowering { 
   const X86Subtarget &STI;
   const X86InstrInfo &TII;
   const X86RegisterInfo *TRI;
+  const X86ReturnProtectorLowering RPL;
 
+  bool SaveArgs;
+
   unsigned SlotSize;
 
   /// Is64Bit implies that x86_64 instructions are available.
@@ -71,6 +76,8 @@ class X86FrameLowering : public TargetFrameLowering { 
   /// the function.
   void emitPrologue(MachineFunction &MF, MachineBasicBlock &MBB) const override;
   void emitEpilogue(MachineFunction &MF, MachineBasicBlock &MBB) const override;
+
+  const ReturnProtectorLowering *getReturnProtector() const override;
 
   void adjustForSegmentedStacks(MachineFunction &MF,
                                 MachineBasicBlock &PrologueMBB) const override;
SecBSD's official ports repository 2023-08-16 22:26:55 +00:00			`- Add RETGUARD to clang for amd64. This security mechanism uses per-function`
			`random cookies to protect access to function return instructions, with the`
			`effect that the integrity of the return address is protected, and function`
			`return instructions are harder to use in ROP gadgets.`

			`On function entry the return address is combined with a per-function random`
			`cookie and stored in the stack frame. The integrity of this value is verified`
			`before function return, and if this check fails, the program aborts. In this way`
			`RETGUARD is an improved stack protector, since the cookies are per-function. The`
			`verification routine is constructed such that the binary space immediately`
			`before each ret instruction is padded with int03 instructions, which makes these`
			`return instructions difficult to use in ROP gadgets. In the kernel, this has the`
			`effect of removing approximately 50% of total ROP gadgets, and 15% of unique`
			`ROP gadgets compared to the 6.3 release kernel. Function epilogues are`
			`essentially gadget free, leaving only the polymorphic gadgets that result from`
			`jumping into the instruction stream partway through other instructions. Work to`
			`remove these gadgets will continue through other mechanisms.`
			`- Refactor retguard to make adding additional arches easier.`
			`- implement -msave-args in clang/llvm, like the sun did for gcc`

			`Index: lib/Target/X86/X86FrameLowering.h`
			`--- lib/Target/X86/X86FrameLowering.h.orig`
			`+++ lib/Target/X86/X86FrameLowering.h`
			`@@ -13,6 +13,7 @@`
			`#ifndef LLVM_LIB_TARGET_X86_X86FRAMELOWERING_H`
			`#define LLVM_LIB_TARGET_X86_X86FRAMELOWERING_H`

			`+#include "X86ReturnProtectorLowering.h"`
			`#include "llvm/CodeGen/TargetFrameLowering.h"`
			`#include "llvm/Support/TypeSize.h"`

			`@@ -23,6 +24,7 @@ class MCCFIInstruction;`
			`class X86InstrInfo;`
			`class X86Subtarget;`
			`class X86RegisterInfo;`
			`+class X86ReturnProtectorLowering;`

			`class X86FrameLowering : public TargetFrameLowering {`
			`public:`
			`@@ -33,7 +35,10 @@ class X86FrameLowering : public TargetFrameLowering {`
			`const X86Subtarget &STI;`
			`const X86InstrInfo &TII;`
			`const X86RegisterInfo *TRI;`
			`+ const X86ReturnProtectorLowering RPL;`

			`+ bool SaveArgs;`
			`+`
			`unsigned SlotSize;`

			`/// Is64Bit implies that x86_64 instructions are available.`
			`@@ -71,6 +76,8 @@ class X86FrameLowering : public TargetFrameLowering {`
			`/// the function.`
			`void emitPrologue(MachineFunction &MF, MachineBasicBlock &MBB) const override;`
			`void emitEpilogue(MachineFunction &MF, MachineBasicBlock &MBB) const override;`
			`+`
			`+ const ReturnProtectorLowering *getReturnProtector() const override;`

			`void adjustForSegmentedStacks(MachineFunction &MF,`
			`MachineBasicBlock &PrologueMBB) const override;`