Skip to content
Snippets Groups Projects
Commit 78e0d563 authored by mm8bx's avatar mm8bx
Browse files

Working version of exe nonces for calls

parent 1d6705ae
No related branches found
No related tags found
No related merge requests found
......@@ -102,6 +102,26 @@ assert(0);
}
unsigned int SCFI_Instrument::GetExeNonceOffset(Instruction_t* insn)
{
/* using executable nonce with 4 byte multi-byte nop
* (which is 3 byte opcode, 0x0F1F80). Note that multi-byte nops
* are not supported on older processors (~< 2006) */
return -3;
}
NonceValueType_t SCFI_Instrument::GetExeNonce(Instruction_t* insn)
{
// using 0xAABBCCDD (coloring not yet supported)
return 0xaabbccdd;
}
unsigned int SCFI_Instrument::GetExeNonceSize(Instruction_t* insn)
{
//using 4 byte executable nonce
return 4;
}
unsigned int SCFI_Instrument::GetNonceOffset(Instruction_t* insn)
{
if(color_map)
......@@ -133,9 +153,15 @@ unsigned int SCFI_Instrument::GetNonceSize(Instruction_t* insn)
bool SCFI_Instrument::mark_targets()
{
int targets=0, ind_targets=0;
for(InstructionSet_t::iterator it=firp->GetInstructions().begin();
it!=firp->GetInstructions().end();
int targets=0, ind_targets=0, exe_nonce_targets=0;
// Make sure no unresolved instructions are in the insn set
firp->AssembleRegistry();
firp->SetBaseIDS();
// Make sure the new insns added in this loop are not processed in this loop
// (ok since none of the them should receive nonces)
auto insn_set = firp->GetInstructions();
for(InstructionSet_t::iterator it=insn_set.begin();
it!=insn_set.end();
++it)
{
targets++;
......@@ -194,9 +220,30 @@ bool SCFI_Instrument::mark_targets()
cout<<"Found nonce="+type+" for "<<std::hex<<insn->GetBaseID()<<":"<<insn->getDisassembly()<<endl;
}
}
if(do_exe_nonce_for_call && DecodedInstruction_t(insn).isCall())
{
++exe_nonce_targets;
string type;
if(do_coloring)
{
assert(0); //coloring not yet supported for exe nonces
}
else
{
type="cfi_exe_nonce=";
type+=to_string(GetExeNonce(insn));
Relocation_t* reloc=create_reloc(insn);
reloc->SetOffset(-GetExeNonceOffset(insn));
reloc->SetType(type);
cout<<"Found nonce="+type+" for "<<std::hex<<insn->GetBaseID()<<":"<<insn->getDisassembly()<<endl;
}
}
}
cout<<"# ATTRIBUTE Selective_Control_Flow_Integrity::ind_targets_found="<<std::dec<<ind_targets<<endl;
cout<<"# ATTRIBUTE Selective_Control_Flow_Integrity::targets_found="<<std::dec<<targets<<endl;
cout<<"# ATTRIBUTE Selective_Control_Flow_Integrity::exe_nonce_targets_found="<<std::dec<<exe_nonce_targets<<endl;
return true;
}
......@@ -328,15 +375,20 @@ void SCFI_Instrument::AddCallCFIWithExeNonce(Instruction_t* insn)
{
// make a stub to call
// the stub is:
// push [target]
// jmp slow
string pushbits=change_to_push(insn);
Instruction_t* stub=addNewDatabits(firp,NULL,pushbits);
stub->SetComment(insn->GetComment()+" cfi stub");
// the stub is:
// push [target]
// ret
string pushbits=change_to_push(insn);
Instruction_t* stub=addNewDatabits(firp,NULL,pushbits);
stub->SetComment(insn->GetComment()+" cfi stub");
string jmpBits=getJumpDataBits();
string retBits=getRetDataBits();
Instruction_t* ret=insertDataBitsAfter(firp, stub, retBits);
assert(stub->GetFallthrough()==ret);
AddReturnCFI(ret);
/*string jmpBits=getJumpDataBits();
Instruction_t* jmp=insertDataBitsAfter(firp, stub, jmpBits);
assert(stub->GetFallthrough()==jmp);
......@@ -344,7 +396,7 @@ void SCFI_Instrument::AddCallCFIWithExeNonce(Instruction_t* insn)
// create a reloc so the stub goes to the slow path, eventually
createNewRelocation(firp,jmp,"slow_cfi_path",0);
jmp->SetFallthrough(NULL);
jmp->SetTarget(jmp); // looks like infinite loop, but will go to slow apth
jmp->SetTarget(jmp); // looks like infinite loop, but will go to slow apth*/
// convert the indirct call to a direct call to the stub.
string call_bits=insn->GetDataBits();
......@@ -448,7 +500,48 @@ void SCFI_Instrument::AddReturnCFIForExeNonce(Instruction_t* insn, ColoredSlotVa
return;
#else
assert(0);
//TODO: Fix possible TOCTOU race condition (see Abadi CFI paper)
// Ret address can be changed between nonce check and ret insn execution (in theory)
string decoration="";
int nonce_size=GetExeNonceSize(insn);
int nonce_offset=-GetExeNonceOffset(insn);
unsigned int nonce=GetExeNonce(insn);
Instruction_t* jne=NULL, *tmp=NULL;
// convert a return to:
// mov ecx, [esp]
// cmp <nonce size> PTR [ecx+<offset>], Nonce
// jne exit_node ; no need for slow path here
// ret ; ignore race condition for now
switch(nonce_size)
{
case 4:
decoration="dword ";
break;
case 1: //handle later
case 2: // handle later
default:
cerr<<"Cannot handle nonce of size "<<std::dec<<nonce_size<<endl;
assert(0);
}
// insert the pop/checking code.
insertAssemblyBefore(firp,insn,string("mov ")+reg+string(", [")+rspreg+string("]"));
tmp=insertAssemblyAfter(firp,insn,string("cmp ")+decoration+
" ["+reg+"+"+to_string(nonce_offset)+"], "+to_string(nonce));
jne=tmp=insertAssemblyAfter(firp,tmp,"jne 0");
// set the jne's target to itself, and create a reloc that zipr/strata will have to resolve.
jne->SetTarget(jne); // needed so spri/spasm/irdb don't freak out about missing target for new insn.
Relocation_t* reloc=create_reloc(jne);
reloc->SetType("exit_node");
reloc->SetOffset(0);
cout<<"Setting exit node"<<endl;
// leave the ret instruction (risk of successful race condition exploit << performance benefit)
return;
#endif
}
......@@ -657,8 +750,11 @@ bool SCFI_Instrument::instrument_jumps()
// build histogram of target sizes
// for each instruction
for(InstructionSet_t::iterator it=firp->GetInstructions().begin();
it!=firp->GetInstructions().end();
// But make sure the new insns added in this loop are not processed in this loop
// (ok since none of the them should need to be protected)
auto insn_set = firp->GetInstructions();
for(InstructionSet_t::iterator it=insn_set.begin();
it!=insn_set.end();
++it)
{
Instruction_t* insn=*it;
......
......@@ -132,6 +132,10 @@ class SCFI_Instrument
unsigned int GetNonceSize(libIRDB::Instruction_t* insn);
unsigned int GetNonceOffset(libIRDB::Instruction_t*);
unsigned int GetExeNonceOffset(libIRDB::Instruction_t* insn);
NonceValueType_t GetExeNonce(libIRDB::Instruction_t* insn);
unsigned int GetExeNonceSize(libIRDB::Instruction_t* insn);
private: // data
// predecessors of instructions.
......
......@@ -9,12 +9,18 @@ do_cfi()
fi
}
# Note: exe nonce cfi doesn't always run against non-exe nonce cfi modules
do_cfi_exe_nonces()
{
$PS $1 $2 --backend zipr --step move_globals=on --step selective_cfi=on --step-option selective_cfi:--multimodule --step-option move_globals:--cfi --step-option fix_calls:--no-fix-safefn --step-option selective_cfi:--exe-nonce-for-call --step-option zipr:"--add-sections false"
}
do_coloring_cfi()
{
if [[ -f $2 ]]; then
echo "Eliding rebuild of $2"
else
(set -x ; $PS $1 $2 --backend zipr --step move_globals=on --step selective_cfi=on --step-option selective_cfi:--multimodule --step-option move_globals:--cfi --step-option fix_calls:--fix-all --step-option selective_cfi:--color --step-option zipr:"--add-sections false" )
(set -x ; $PS $1 $2 --backend zipr --step move_globals=on --step selective_cfi=on --step-option selective_cfi:--multimodule --step-option move_globals:--cfi --step-option fix_calls:--fix-all --step-option selective_cfi:--color --step-option zipr:"--add-sections false" )
fi
}
......@@ -64,6 +70,10 @@ protect()
do_cfi ./libfoo.so.orig ./libfoo.so.cfi
do_cfi ./libdude.so.orig ./libdude.so.cfi
do_cfi_exe_nonces ./dude.exe ./dude.exe.nonce.cfi
do_cfi_exe_nonces ./libfoo.so.orig ./libfoo.so.exe.nonce.cfi
do_cfi_exe_nonces ./libdude.so.orig ./libdude.so.exe.nonce.cfi
do_coloring_cfi ./dude.exe ./dude.exe.cfi.color
do_coloring_cfi ./libfoo.so.orig ./libfoo.so.cfi.color
do_coloring_cfi ./libdude.so.orig ./libdude.so.cfi.color
......@@ -98,6 +108,11 @@ main()
test dude.exe libfoo.so.cfi libdude.so.cfi.color
test dude.exe libfoo.so.cfi.color libdude.so.cfi
test dude.exe libfoo.so.orig libdude.so.orig # unprotected - should pass!
test dude.exe libfoo.so.exe.nonce.cfi libdude.so.orig
test dude.exe libfoo.so.orig libdude.so.exe.nonce.cfi
test dude.exe libfoo.so.exe.nonce.cfi libdude.so.exe.nonce.cfi
test dude.exe.cfi libfoo.so.orig libdude.so.orig
test dude.exe.cfi libfoo.so.cfi libdude.so.orig
test dude.exe.cfi libfoo.so.cfi.color libdude.so.orig
......@@ -107,6 +122,11 @@ main()
test dude.exe.cfi libfoo.so.cfi libdude.so.cfi.color
test dude.exe.cfi libfoo.so.cfi.color libdude.so.cfi
test dude.exe.nonce.cfi libfoo.so.orig libdude.so.orig
test dude.exe.nonce.cfi libfoo.so.exe.nonce.cfi libdude.so.orig
test dude.exe.nonce.cfi libfoo.so.orig libdude.so.exe.nonce.cfi
test dude.exe.nonce.cfi libfoo.so.exe.nonce.cfi libdude.so.exe.nonce.cfi
test dude.exe.cfi.color libfoo.so.orig libdude.so.orig
test dude.exe.cfi.color libfoo.so.cfi libdude.so.orig
test dude.exe.cfi.color libfoo.so.cfi.color libdude.so.orig
......@@ -125,6 +145,12 @@ main()
test dude.exe.pie libfoo.so.cfi libdude.so.cfi.color
test dude.exe.pie libfoo.so.cfi.color libdude.so.cfi
test dude.exe.pie libfoo.so.orig libdude.so.orig # unprotected - should pass!
test dude.exe.pie libfoo.so.exe.nonce.cfi libdude.so.orig
test dude.exe.pie libfoo.so.orig libdude.so.exe.nonce.cfi
test dude.exe.pie libfoo.so.exe.nonce.cfi libdude.so.exe.nonce.cfi
report
if [[ $1 == "-k" ]] ; then
echo "Skipping cleanup"
......
......@@ -5,12 +5,19 @@ do_cfi()
$PS $1 $2 --backend zipr --step move_globals=on --step selective_cfi=on --step-option selective_cfi:--multimodule --step-option move_globals:--cfi --step-option fix_calls:--fix-all --step-option zipr:"--add-sections false"
}
# Note: exe nonce cfi doesn't always run against non-exe nonce cfi modules
do_cfi_exe_nonces()
{
$PS $1 $2 --backend zipr --step move_globals=on --step selective_cfi=on --step-option selective_cfi:--multimodule --step-option move_globals:--cfi --step-option fix_calls:--no-fix-safefn --step-option selective_cfi:--exe-nonce-for-call --step-option zipr:"--add-sections false"
}
do_coloring_cfi()
{
$PS $1 $2 --backend zipr --step move_globals=on --step selective_cfi=on --step-option selective_cfi:--multimodule --step-option move_globals:--cfi --step-option fix_calls:--fix-all --step-option selective_cfi:--color --step-option zipr:"--add-sections false"
$PS $1 $2 --backend zipr --step move_globals=on --step selective_cfi=on --step-option selective_cfi:--multimodule --step-option move_globals:--cfi --step-option fix_calls:--fix-all --step-option selective_cfi:--color --step-option zipr:"--add-sections false"
}
get_correct()
{
cp libfib.so.orig libfib.so
......@@ -82,6 +89,10 @@ protect()
do_cfi ./libfib.so.orig ./libfib.so.cfi
do_cfi ./libfib2.so.orig ./libfib2.so.cfi
do_cfi_exe_nonces ./fib.exe ./fib.exe.nonce.cfi
do_cfi_exe_nonces ./libfib.so.orig ./libfib.so.exe.nonce.cfi
do_cfi_exe_nonces ./libfib2.so.orig ./libfib2.so.exe.nonce.cfi
do_coloring_cfi ./fib.exe ./fib.exe.cfi.color
do_coloring_cfi ./libfib.so.orig ./libfib.so.cfi.color
do_coloring_cfi ./libfib2.so.orig ./libfib2.so.cfi.color
......@@ -91,6 +102,11 @@ protect()
do_cfi ./libfib2.O3.so.orig ./libfib2.O3.so.cfi
do_cfi ./libfib2.Os.so.orig ./libfib2.Os.so.cfi
do_cfi_exe_nonces ./libfib2.O.so.orig ./libfib2.O.so.exe.nonce.cfi
do_cfi_exe_nonces ./libfib2.O2.so.orig ./libfib2.O2.so.exe.nonce.cfi
do_cfi_exe_nonces ./libfib2.O3.so.orig ./libfib2.O3.so.exe.nonce.cfi
do_cfi_exe_nonces ./libfib2.Os.so.orig ./libfib2.Os.so.exe.nonce.cfi
do_coloring_cfi ./libfib2.O.so.orig ./libfib2.O.so.cfi.color
do_coloring_cfi ./libfib2.O2.so.orig ./libfib2.O2.so.cfi.color
do_coloring_cfi ./libfib2.O3.so.orig ./libfib2.O3.so.cfi.color
......@@ -101,6 +117,11 @@ protect()
do_cfi ./libfib.O3.so.orig ./libfib.O3.so.cfi
do_cfi ./libfib.Os.so.orig ./libfib.Os.so.cfi
do_cfi_exe_nonces ./libfib.O.so.orig ./libfib.O.so.exe.nonce.cfi
do_cfi_exe_nonces ./libfib.O2.so.orig ./libfib.O2.so.exe.nonce.cfi
do_cfi_exe_nonces ./libfib.O3.so.orig ./libfib.O3.so.exe.nonce.cfi
do_cfi_exe_nonces ./libfib.Os.so.orig ./libfib.Os.so.exe.nonce.cfi
do_coloring_cfi ./libfib.O.so.orig ./libfib.O.so.cfi.color
do_coloring_cfi ./libfib.O2.so.orig ./libfib.O2.so.cfi.color
do_coloring_cfi ./libfib.O3.so.orig ./libfib.O3.so.cfi.color
......@@ -174,6 +195,48 @@ main()
test fib.exe.cfi 5 libfib.so.cfi libfib2.so.cfi
test fib.exe.cfi 6 libfib.so.cfi libfib2.so.cfi
test fib.exe 2 libfib.so.exe.nonce.cfi libfib2.so.orig
test fib.exe 3 libfib.so.exe.nonce.cfi libfib2.so.orig
test fib.exe 4 libfib.so.exe.nonce.cfi libfib2.so.orig
test fib.exe 5 libfib.so.exe.nonce.cfi libfib2.so.orig
test fib.exe 6 libfib.so.exe.nonce.cfi libfib2.so.orig
test fib.exe 2 libfib.so.orig libfib2.so.exe.nonce.cfi
test fib.exe 3 libfib.so.orig libfib2.so.exe.nonce.cfi
test fib.exe 4 libfib.so.orig libfib2.so.exe.nonce.cfi
test fib.exe 5 libfib.so.orig libfib2.so.exe.nonce.cfi
test fib.exe 6 libfib.so.orig libfib2.so.exe.nonce.cfi
test fib.exe 2 libfib.so.exe.nonce.cfi libfib2.so.exe.nonce.cfi
test fib.exe 3 libfib.so.exe.nonce.cfi libfib2.so.exe.nonce.cfi
test fib.exe 4 libfib.so.exe.nonce.cfi libfib2.so.exe.nonce.cfi
test fib.exe 5 libfib.so.exe.nonce.cfi libfib2.so.exe.nonce.cfi
test fib.exe 6 libfib.so.exe.nonce.cfi libfib2.so.exe.nonce.cfi
test fib.exe.nonce.cfi 2 libfib.so.orig libfib2.so.orig
test fib.exe.nonce.cfi 3 libfib.so.orig libfib2.so.orig
test fib.exe.nonce.cfi 4 libfib.so.orig libfib2.so.orig
test fib.exe.nonce.cfi 5 libfib.so.orig libfib2.so.orig
test fib.exe.nonce.cfi 6 libfib.so.orig libfib2.so.orig
test fib.exe.nonce.cfi 2 libfib.so.exe.nonce.cfi libfib2.so.orig
test fib.exe.nonce.cfi 3 libfib.so.exe.nonce.cfi libfib2.so.orig
test fib.exe.nonce.cfi 4 libfib.so.exe.nonce.cfi libfib2.so.orig
test fib.exe.nonce.cfi 5 libfib.so.exe.nonce.cfi libfib2.so.orig
test fib.exe.nonce.cfi 6 libfib.so.exe.nonce.cfi libfib2.so.orig
test fib.exe.nonce.cfi 2 libfib.so.orig libfib2.so.exe.nonce.cfi
test fib.exe.nonce.cfi 3 libfib.so.orig libfib2.so.exe.nonce.cfi
test fib.exe.nonce.cfi 4 libfib.so.orig libfib2.so.exe.nonce.cfi
test fib.exe.nonce.cfi 5 libfib.so.orig libfib2.so.exe.nonce.cfi
test fib.exe.nonce.cfi 6 libfib.so.orig libfib2.so.exe.nonce.cfi
test fib.exe.nonce.cfi 2 libfib.so.exe.nonce.cfi libfib2.so.exe.nonce.cfi
test fib.exe.nonce.cfi 3 libfib.so.exe.nonce.cfi libfib2.so.exe.nonce.cfi
test fib.exe.nonce.cfi 4 libfib.so.exe.nonce.cfi libfib2.so.exe.nonce.cfi
test fib.exe.nonce.cfi 5 libfib.so.exe.nonce.cfi libfib2.so.exe.nonce.cfi
test fib.exe.nonce.cfi 6 libfib.so.exe.nonce.cfi libfib2.so.exe.nonce.cfi
test fib.exe.cfi.color 2 libfib.so.orig libfib2.so.orig
test fib.exe.cfi.color 3 libfib.so.orig libfib2.so.orig
test fib.exe.cfi.color 4 libfib.so.orig libfib2.so.orig
......@@ -197,7 +260,7 @@ main()
test fib.exe.cfi.color 4 libfib.so.cfi libfib2.so.cfi
test fib.exe.cfi.color 5 libfib.so.cfi libfib2.so.cfi
test fib.exe.cfi.color 6 libfib.so.cfi libfib2.so.cfi
test fib.exe 2 libfib.so.cfi.color libfib2.so.orig
test fib.exe 3 libfib.so.cfi.color libfib2.so.orig
test fib.exe 4 libfib.so.cfi.color libfib2.so.orig
......@@ -258,6 +321,11 @@ main()
test fib.exe.cfi.color 4 libfib.so.orig libfib2.O3.so.cfi
test fib.exe.cfi.color 4 libfib.so.orig libfib2.Os.so.cfi
test fib.exe 4 libfib.so.orig libfib2.O.so.exe.nonce.cfi
test fib.exe 4 libfib.so.orig libfib2.O2.so.exe.nonce.cfi
test fib.exe 4 libfib.so.orig libfib2.O3.so.exe.nonce.cfi
test fib.exe 4 libfib.so.orig libfib2.Os.so.exe.nonce.cfi
test fib.exe.cfi.color 4 libfib.so.cfi.color libfib2.O.so.cfi.color
test fib.exe.cfi.color 4 libfib.so.cfi.color libfib2.O2.so.cfi.color
test fib.exe.cfi.color 4 libfib.so.cfi.color libfib2.O3.so.cfi.color
......@@ -268,6 +336,11 @@ main()
test fib.exe.cfi.color 4 libfib.Os.so.orig libfib2.O3.so.cfi
test fib.exe.cfi.color 4 libfib.O.so.orig libfib2.Os.so.cfi
test fib.exe 4 libfib.O3.so.orig libfib2.O.so.exe.nonce.cfi
test fib.exe 4 libfib.O2.so.orig libfib2.O2.so.exe.nonce.cfi
test fib.exe 4 libfib.Os.so.orig libfib2.O3.so.exe.nonce.cfi
test fib.exe 4 libfib.O.so.orig libfib2.Os.so.exe.nonce.cfi
test fib.exe.cfi.color 4 libfib.O2.so.cfi.color libfib2.O.so.cfi.color
test fib.exe.cfi.color 4 libfib.O3.so.cfi.color libfib2.O2.so.cfi.color
test fib.exe.cfi.color 4 libfib.O.so.cfi.color libfib2.O3.so.cfi.color
......@@ -278,6 +351,11 @@ main()
test fib.exe.cfi.color 5 libfib.so.orig libfib2.O3.so.cfi
test fib.exe.cfi.color 5 libfib.so.orig libfib2.Os.so.cfi
test fib.exe 5 libfib.so.orig libfib2.O.so.exe.nonce.cfi
test fib.exe 5 libfib.so.orig libfib2.O2.so.exe.nonce.cfi
test fib.exe 5 libfib.so.orig libfib2.O3.so.exe.nonce.cfi
test fib.exe 5 libfib.so.orig libfib2.Os.so.exe.nonce.cfi
test fib.exe.cfi.color 5 libfib.so.cfi.color libfib2.O.so.cfi.color
test fib.exe.cfi.color 5 libfib.so.cfi.color libfib2.O2.so.cfi.color
test fib.exe.cfi.color 5 libfib.so.cfi.color libfib2.O3.so.cfi.color
......
......@@ -2,12 +2,18 @@
do_cfi()
{
$PS $1 $2 --backend zipr --step move_globals=on --step selective_cfi=on --step-option selective_cfi:--multimodule --step-option move_globals:--cfi --step-option fix_calls:--fix-all --step-option zipr:"--add-sections false"
$PS $1 $2 --backend zipr --step move_globals=on --step selective_cfi=on --step-option selective_cfi:--multimodule --step-option move_globals:--cfi --step-option fix_calls:--fix-all --step-option zipr:"--add-sections false"
}
# Note: exe nonce cfi doesn't always run against non-exe nonce cfi modules
do_cfi_exe_nonces()
{
$PS $1 $2 --backend zipr --step move_globals=on --step selective_cfi=on --step-option selective_cfi:--multimodule --step-option move_globals:--cfi --step-option fix_calls:--no-fix-safefn --step-option selective_cfi:--exe-nonce-for-call --step-option zipr:"--add-sections false"
}
do_coloring_cfi()
{
$PS $1 $2 --backend zipr --step move_globals=on --step selective_cfi=on --step-option selective_cfi:--multimodule --step-option move_globals:--cfi --step-option fix_calls:--fix-all --step-option selective_cfi:--color --step-option zipr:"--add-sections false"
$PS $1 $2 --backend zipr --step move_globals=on --step selective_cfi=on --step-option selective_cfi:--multimodule --step-option move_globals:--cfi --step-option fix_calls:--fix-all --step-option selective_cfi:--color --step-option zipr:"--add-sections false"
}
......@@ -46,6 +52,9 @@ protect()
{
do_coloring_cfi ./foo.exe ./foo.exe.cfi
do_cfi ./libfoo.so.orig ./libfoo.so.cfi
do_cfi_exe_nonces ./libfoo.so.orig ./libfoo.so.exe.nonce.cfi
do_cfi_exe_nonces ./foo.exe ./foo.exe.nonce.cfi
do_cfi ./foo.exe ./foo.exe.no-color.cfi
}
clean()
......@@ -71,6 +80,9 @@ main()
test foo.exe.cfi libfoo.so.orig # main exe
test foo.exe libfoo.so.cfi # shared lib only
test foo.exe.cfi libfoo.so.cfi # both protected
test foo.exe.nonce.cfi libfoo.so.exe.nonce.cfi
test foo.exe libfoo.so.exe.nonce.cfi
report
# clean
}
......
......@@ -5,12 +5,20 @@ do_cfi()
(set -x ; $PS $1 $2 --backend zipr --step move_globals=on --step selective_cfi=on --step-option selective_cfi:--multimodule --step-option move_globals:--cfi --step-option fix_calls:--fix-all --step-option zipr:"--add-sections false")
}
# Note: exe nonce cfi doesn't always run against non-exe nonce cfi modules
do_cfi_exe_nonces()
{
$PS $1 $2 --backend zipr --step move_globals=on --step selective_cfi=on --step-option selective_cfi:--multimodule --step-option move_globals:--cfi --step-option fix_calls:--no-fix-safefn --step-option selective_cfi:--exe-nonce-for-call --step-option zipr:"--add-sections false"
}
do_coloring_cfi()
{
(set -x ; $PS $1 $2 --backend zipr --step move_globals=on --step selective_cfi=on --step-option selective_cfi:--multimodule --step-option move_globals:--cfi --step-option fix_calls:--fix-all --step-option selective_cfi:--color --step-option zipr:"--add-sections false" )
}
get_correct()
{
cp libm.so.6.orig libm.so.6
......@@ -56,6 +64,8 @@ protect()
{
do_coloring_cfi ./pow.exe ./pow.exe.cfi
do_cfi ./libm.so.6.orig ./libm.so.6.cfi
do_cfi_exe_nonces ./pow.exe ./pow.exe.nonce.cfi
do_cfi_exe_nonces ./libm.so.6.orig ./libm.so.6.exe.nonce.cfi
}
clean()
......@@ -86,6 +96,17 @@ main()
test pow.exe.cfi libm.so.6.orig 5 8 # main exe
test pow.exe libm.so.6.cfi 5 8 # shared lib only
test pow.exe.cfi libm.so.6.cfi 5 8 # both protected
get_correct 3 5
test pow.exe libm.so.6.orig 3 5 # unprotected - should pass! 3 5
test pow.exe.nonce.cfi libm.so.6.orig 3 5 # main exe
test pow.exe libm.so.6.exe.nonce.cfi 3 5 # shared lib only
test pow.exe.nonce.cfi libm.so.6.exe.nonce.cfi 3 5 # both protected
get_correct 5 8
test pow.exe libm.so.6.orig 5 8 # unprotected - should pass! 3 5
test pow.exe.nonce.cfi libm.so.6.orig 5 8 # main exe
test pow.exe libm.so.6.exe.nonce.cfi 5 8 # shared lib only
test pow.exe.nonce.cfi libm.so.6.exe.nonce.cfi 5 8 # both protected
report
if [[ ! $1 == -k ]]; then
clean
......
#!/bin/bash
#benchmarks="gcc"
#benchmarks="473.astar"
# 447.dealII // broken build
benchmarks=" 400.perlbench 401.bzip2 403.gcc 410.bwaves 416.gamess 429.mcf 433.milc 434.zeusmp 435.gromacs 436.cactusADM 437.leslie3d 444.namd 445.gobmk 450.soplex 453.povray 454.calculix 456.hmmer 458.sjeng 459.GemsFDTD 462.libquantum 464.h264ref 465.tonto 470.lbm 471.omnetpp 473.astar 481.wrf 482.sphinx3 483.xalancbmk "
......@@ -137,6 +137,7 @@ main()
local zipr_flags="--backend zipr"
local mm_basic_cfi_flags="--step move_globals=on --step selective_cfi=on --step-option selective_cfi:--multimodule --step-option move_globals:--cfi --step-option fix_calls:--fix-all "
local mm_basic_cfi_exe_nonces_flags="--step move_globals=on --step selective_cfi=on --step-option selective_cfi:--multimodule --step-option move_globals:--cfi --step-option fix_calls:--no-fix-safefn --step-option selective_cfi:--exe-nonce-for-call "
local mm_color_cfi_flags="$mm_basic_cfi_flags --step-option selective_cfi:--color"
local trace_flags="-o zipr:--traceplacement:on -o zipr:true"
......@@ -144,10 +145,11 @@ main()
# no $PS -- aka, baseline.
run_test original $SPEC/config/ubuntu14.04lts-64bit.cfg
# zipr, basic cfi, color cfi
PSOPTS="$zipr_flags" run_test zipr $SPEC/config/ubuntu14.04lts-64bit-withps.cfg
PSOPTS="$zipr_flags $mm_basic_cfi_flags " run_test mm-basic-cfi $SPEC/config/ubuntu14.04lts-64bit-withps.cfg
PSOPTS="$zipr_flags $mm_color_cfi_flags" run_test mm-color-cfi $SPEC/config/ubuntu14.04lts-64bit-withps.cfg
# zipr, basic cfi, basic cfi with exe nonces for calls, color cfi
PSOPTS="$zipr_flags" run_test zipr $SPEC/config/ubuntu14.04lts-64bit-withps.cfg
PSOPTS="$zipr_flags $mm_basic_cfi_flags " run_test mm-basic-cfi $SPEC/config/ubuntu14.04lts-64bit-withps.cfg
PSOPTS="$zipr_flags $mm_basic_cfi_exe_nonces_flags " run_test mm-basic-cfi-exe-nonces $SPEC/config/ubuntu14.04lts-64bit-withps.cfg
PSOPTS="$zipr_flags $mm_color_cfi_flags" run_test mm-color-cfi $SPEC/config/ubuntu14.04lts-64bit-withps.cfg
# zipr, basic cfi, color cfi
# with trace placement
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment