[PATCH] D43487: [mips] Spectre variant two mitigation for MIPSR2

Simon Dardis via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Mon Feb 19 14:52:11 PST 2018 

sdardis created this revision.
sdardis added a reviewer: atanasyan.
Herald added a subscriber: arichardson.

This patch provides migitation for CVE-2017-5715, Spectre variant two,
which affects the https://reviews.llvm.org/P5600 and https://reviews.llvm.org/P6600. It provides the option
-mindirect-jump=hazard, which instructs the LLVM backend to replace
indirect branches with their hazard barrier variants.

This option is accepted when targetting a MIPS revision two or later.

The migitation strategy suggested by MIPS for these processors is to use
two hazard barrier instructions. 'jalr.hb' and 'jr.hb' are hazard
barrier variants of the 'jalr' and 'jr' instructions respectively.

These instructions impede the execution of instruction stream until
architecturally defined hazards (changes to the instruction stream,
privileged registers which may affect execution) are cleared. These
instructions in MIPS' designs are not speculated past.

These instructions are used with the attribute +use-indirect-jump-hazard
when branching indirectly and for indirect function calls.

These instructions are defined by the MIPS32R2 ISA, so this mitigation
method is not compatible with processors which implement an earlier
revision of the MIPS ISA.

Implementation note: I've opted to provide this as an
-mindirect-jump={hazard,...} style option in case alternative
mitigation methods are required for other implementations of the MIPS ISA
in future, e.g. retpoline style solutions.


Repository:
  rC Clang

https://reviews.llvm.org/D43487

Files:
  include/clang/Basic/DiagnosticDriverKinds.td
  include/clang/Driver/Options.td
  lib/Basic/Targets/Mips.h
  lib/Driver/ToolChains/Arch/Mips.cpp
  lib/Driver/ToolChains/Arch/Mips.h
  test/Driver/mips-features.c
  test/Driver/mips-indirect-branch.c

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D43487.134974.patch
Type: text/x-patch
Size: 7127 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20180219/aba1c97c/attachment-0001.bin>

More information about the cfe-commits mailing list