[PATCH] D75934: Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI)

Scott Constable via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Tue Mar 10 10:19:30 PDT 2020


sconstab created this revision.
sconstab added reviewers: craig.topper, andrew.w.kaylor, chandlerc, zbrid.
Herald added subscribers: jfb, hiraditya, mgorny.
Herald added a project: LLVM.

This pass replaces each indirect call/jump with a direct call to a thunk that looks like:

  lfence
  jmpq *%r11

This ensures that if the value in register %r11 was loaded from memory, then
the value in %r11 is (architecturally) correct prior to the jump.

Also adds a new target feature to X86: +lvi-cfi
("cfi" meaning control-flow integrity)

The feature can be added via clang CLI using `-mlvi-cfi`.


https://reviews.llvm.org/D75934

Files:
  clang/include/clang/Driver/Options.td
  clang/lib/Driver/ToolChains/Arch/X86.cpp
  llvm/lib/Target/X86/CMakeLists.txt
  llvm/lib/Target/X86/X86.h
  llvm/lib/Target/X86/X86.td
  llvm/lib/Target/X86/X86FastISel.cpp
  llvm/lib/Target/X86/X86FrameLowering.cpp
  llvm/lib/Target/X86/X86ISelDAGToDAG.cpp
  llvm/lib/Target/X86/X86ISelLowering.cpp
  llvm/lib/Target/X86/X86InstrCompiler.td
  llvm/lib/Target/X86/X86InstrControl.td
  llvm/lib/Target/X86/X86InstrInfo.td
  llvm/lib/Target/X86/X86LoadValueInjectionIndirectThunks.cpp
  llvm/lib/Target/X86/X86MCInstLower.cpp
  llvm/lib/Target/X86/X86Subtarget.h
  llvm/lib/Target/X86/X86TargetMachine.cpp
  llvm/lib/Transforms/IPO/WholeProgramDevirt.cpp
  llvm/test/CodeGen/X86/O0-pipeline.ll
  llvm/test/CodeGen/X86/O3-pipeline.ll
  llvm/test/CodeGen/X86/lvi-hardening-indirectbr.ll

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D75934.249413.patch
Type: text/x-patch
Size: 36302 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20200310/f61fedce/attachment-0001.bin>


More information about the cfe-commits mailing list