[llvm-dev] Load Value Injection (LVI) Mitigation for X86

Constable, Scott D via llvm-dev llvm-dev at lists.llvm.org
Tue Mar 10 10:07:38 PDT 2020


Hello LLVM Community,

Today, a new vulnerability called Load Value Injection (LVI) has been disclosed.

A brief document describing the vulnerability can be found here: https://software.intel.com/security-software-guidance/software-guidance/load-value-injection

A more detailed document can be found here: https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection

A complete patch to LLVM has been pushed to Phabricator: https://reviews.llvm.org/D75938

The complete patch has been decomposed into 5 sub-patches:
https://reviews.llvm.org/D75932
https://reviews.llvm.org/D75934
https://reviews.llvm.org/D75935
https://reviews.llvm.org/D75936
https://reviews.llvm.org/D75937

A plugin that uses the SYMPHONY Mixed Integer-Linear Programming (MILP) solver to provide optimal mitigation can be found here: https://github.com/intel/lvi-llvm-optimization-plugin
(If this link does not work, then the following link might: https://github.com/intel/LLVM-Optimization-Plugin)

A document describing the optimization in more detail will also be published shortly.

Thanks and Regards,

Scott Constable
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20200310/8e61a422/attachment.html>


More information about the llvm-dev mailing list