[PATCH] D80964: [X86] Add an Unoptimized Load Value Injection (LVI) Load Hardening Pass
Scott Constable via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Fri Jun 5 16:48:38 PDT 2020
sconstab added a comment.
In D80964#2077614 <https://reviews.llvm.org/D80964#2077614>, @mattdr wrote:
> Isn't this pass basically SESES? https://github.com/llvm/llvm-project/blob/master/llvm/lib/Target/X86/X86SpeculativeExecutionSideEffectSuppression.cpp
>
> Perhaps there's an opportunity to unify the two.
My understanding of SESES is that it inserts an `LFENCE` before each transmitter, whereas this pass inserts an `LFENCE` after each load. They are slightly different threat models; SESES is more strict. For example, SESES would mitigate the following vulnerability, whereas the LVI hardening will not:
uint64_t maybe_secret = *ptr; // architectural load
__mm_lfence();
if (is_secret) { // suppose `is_secret == true` but branch mispredicts
// do something constant-time with `maybe_secret`
} else {
return byte_array[maybe_secret * 4096]; // speculatively leak the secret
}
I'm not opposed to merging the two approaches. But I am also not sure how to justify it.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D80964/new/
https://reviews.llvm.org/D80964
More information about the llvm-commits
mailing list