On Tue, Jun 20, 2017 at 10:34:00PM -0400, Todd Mortimer wrote:
> > 2. This patch also hits NOP sleds > 8 bytes on i386. We could also hit
> > the NOP sleds between 3 and 7 bytes if there are no objections.
>
> The attached diff implements the same trapsled mechanism for i386 and
> amd64 for all pa
> 2. This patch also hits NOP sleds > 8 bytes on i386. We could also hit
> the NOP sleds between 3 and 7 bytes if there are no objections.
The attached diff implements the same trapsled mechanism for i386 and
amd64 for all padding sequences between 3 and 15 bytes.
I have put this through a kernel
t harder for an
> attacker to hit any ROP gadgets or other instructions after a NOP sled.
>
> NOP sleds are used for text alignment in order to get jump targets onto
> 16 byte boundaries. They can appear both in the middle of a function
> and at the end. The trapsleds implemented
t harder for an
> attacker to hit any ROP gadgets or other instructions after a NOP sled.
>
> NOP sleds are used for text alignment in order to get jump targets onto
> 16 byte boundaries. They can appear both in the middle of a function
> and at the end. The trapsleds implemented
.
NOP sleds are used for text alignment in order to get jump targets onto
16 byte boundaries. They can appear both in the middle of a function
and at the end. The trapsleds implemented in this diff convert NOP sleds
longer than 2 bytes from a series of 0x6690 instructions to a 2 byte
short JMP over