SafeStack Merged Into LLVM To Protect Against Stack Buffer Overflow Attacks

Written by Michael Larabel in LLVM on 28 June 2015 at 09:25 AM EDT. 3 Comments
LLVM
SafeStack was merged into LLVM this month as a new form of protection against stack-based memory corruption errors. The SafeStack pass for LLVM adds in protection against stack-based buffer overflows without causing any significant performance penalty.

The commit explains, "The overhead of our implementation of the safe stack is very close to zero (0.01% on the Phoronix benchmarks). This is lower than the overhead of stack cookies, which are supported by LLVM and are commonly used today,
yet the security guarantees of the safe stack are strictly stronger than stack cookies. In some cases, the safe stack improves performance due to better cache locality." It's great to see them validate against the Phoronix Test Suite; we also continue to benchmark LLVM/Clang daily over on LinuxBenchmarking.com.

The SafeStack commit explains the work. There's also the new documentation, "SafeStack is an instrumentation pass that protects programs against attacks based on stack buffer overflows, without introducing any measurable performance overhead. It works by separating the program stack into two distinct regions: the safe stack and the unsafe stack. The safe stack stores return addresses, register spills, and local variables that are always accessed in a safe way, while the unsafe stack stores everything else. This separation ensures that buffer overflows on the unsafe stack cannot be used to overwrite anything on the safe stack."

SafeStack will be part of LLVM 3.7 when released in late August.
3 Comments
Related News
LLVM's BOLT Being Adapted To Analyze Security Hardening Of Binaries
LLVM/Clang 18.1 Released With Intel AVX10.1 Work, Adds Clearwater Forest & Panther Lake
Meta Continues Working On BOLT'ing The Linux Kernel For Greater Performance
LLVM/Clang Can Work Fine As A GCC Replacement For Linux Distributions
LLVM 18.1-rc1 Released For Enabling New Intel CPU Features, More C23 & C++23
Autocheck To Check If Your C++ Code Is Safe For Automobiles & Safety Critical Systems
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives
Ubuntu Maker Canonical Announces New Collaboration With Qualcomm
Fedora 41 Looks To "-O3" Optimizations For Its Python Build
APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
KDE's KWin Merges Wayland Explicit Sync Support
Gentoo Linux Now An SPI Project