Stuart Henderson [stu.li...@spacehopper.org] wrote: > On 2023-06-05, Kastus Shchuka <open...@tprfct.net> wrote: > > Next I tried -fno-fixup-gadgets, and that made a radical difference: > > Not entirely a surprise, we have seen this a few times now. > Usually it is fine, but has quite bad effects on some programs, > however it is quite a nice mitigation (big reduction in the > number of available ROP gadgets in compiled code). >
There are potentially more fixups that can be improved. A while back, the fixup was adding more work than necessary. Todd Mortimer fixed an obvious case where the DstReg form of the MOV instruction was being used, instead of the SrcReg instruction, so a swap was required to move the data between registers. There may be others, from Todd Mortimer: "If you are interested, try objdump -d /usr/lib/libc.so and categorize the instructions that have the xchg dance around them. Sort by most common instruction, and then check the Intel SDM to see if the most common instructions that get this treatment have SrcReg / DestReg forms that we can swap around instead of doing the xchg dance. :-)" Chris
