[PATCH] D51083: [x86/SLH] Teach SLH to harden indirect branches and switches without retpolines.
Reid Kleckner via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Aug 23 15:44:12 PDT 2018
rnk added inline comments.
================
Comment at: llvm/lib/Target/X86/X86SpeculativeLoadHardening.cpp:945-947
+/// special code executing next to the victim. This attack can also be mitigated
+/// through retpolines, but those will remove all indirect branches from the
+/// code naturally disabling this. This mitigation can replace retpoline-style
----------------
This sentence doesn't seem as precise as it could be. retpolines don't remove indirect branches, they replace them with indirect branches that always misspeculate. Maybe the right way to state this is that retpolines block all indirect branch speculation, whereas this mitigation allows for more correct indirect branch speculation.
================
Comment at: llvm/lib/Target/X86/X86SpeculativeLoadHardening.cpp:965
+ // We need to know what blocks end up reached via indirect branches. We
+ // expect this to be a subset of those whose address is token and so track it
+ // directly via the CFG.
----------------
s/token/taken/
================
Comment at: llvm/test/CodeGen/X86/speculative-load-hardening-indirect.ll:2
; NOTE: Assertions have been autogenerated by utils/update_llc_test_checks.py
; RUN: llc < %s -mtriple=x86_64-unknown-linux-gnu -x86-speculative-load-hardening -data-sections | FileCheck %s --check-prefix=X64
; RUN: llc < %s -mtriple=x86_64-unknown-linux-gnu -x86-speculative-load-hardening -data-sections -mattr=+retpoline | FileCheck %s --check-prefix=X64-RETPOLINE
----------------
You might want to add a test for PIC label materialization. I don't see any new LEAs here.
Repository:
rL LLVM
https://reviews.llvm.org/D51083
More information about the llvm-commits
mailing list