[PATCH] D41761: Introduce llvm.nospeculateload intrinsic

Kristof Beyls via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Fri Jan 5 03:07:20 PST 2018 

kristof.beyls created this revision.
kristof.beyls added a reviewer: olista01.
Herald added subscribers: javed.absar, aemerson.

Recently, Google Project Zero disclosed several classes of attack
against speculative execution. One of these, known as variant-1
(CVE-2017-5753), allows explicit bounds checks to be bypassed under
speculation, providing an arbitrary read gadget. Further details can be
found on the GPZ blog [1].

This patch introduces a new LLVM-IR intrinsic, called
llvm.nospeculateload, which enables the implementation of the new
clang-level builtin __builtin_load_no_speculate, see review
https://reviews.llvm.org/D41760.

This new intrinsic provides a mechanism for limiting speculation by a
CPU after a bounds-checked memory access.  We've tried to design this in
such a way that it can be used for any target where this might be
necessary.  The patch consists of both target-specific functionality
for Arm and AArch64 code generation, and target-independent
functionality that other targets can reuse.

[1] More information on the topic can be found here:
https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
Arm specific information can be found here:
https://www.arm.com/security-update


https://reviews.llvm.org/D41761

Files:
  docs/LangRef.rst
  include/llvm/CodeGen/ISDOpcodes.h
  include/llvm/CodeGen/SelectionDAGNodes.h
  include/llvm/IR/Intrinsics.td
  include/llvm/Target/TargetSelectionDAG.td
  lib/CodeGen/SelectionDAG/LegalizeIntegerTypes.cpp
  lib/CodeGen/SelectionDAG/LegalizeTypes.h
  lib/CodeGen/SelectionDAG/SelectionDAG.cpp
  lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp
  lib/CodeGen/SelectionDAG/SelectionDAGDumper.cpp
  lib/Target/AArch64/AArch64AsmPrinter.cpp
  lib/Target/AArch64/AArch64ISelLowering.cpp
  lib/Target/AArch64/AArch64InstrInfo.cpp
  lib/Target/AArch64/AArch64InstrInfo.td
  lib/Target/ARM/ARMAsmPrinter.cpp
  lib/Target/ARM/ARMAsmPrinter.h
  lib/Target/ARM/ARMISelLowering.cpp
  lib/Target/ARM/ARMInstrInfo.td
  lib/Target/ARM/ARMInstrThumb2.td
  test/CodeGen/AArch64/no-speculate.ll
  test/CodeGen/ARM/no-speculate.ll

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D41761.128727.patch
Type: text/x-patch
Size: 80112 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180105/8fd383ef/attachment.bin>

More information about the llvm-commits mailing list