[PATCH] D109157: [ARM] Mitigate the cve-2021-35465 security vulnurability.
Oliver Stannard (Linaro) via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Sep 6 04:22:35 PDT 2021
ostannard added inline comments.
================
Comment at: clang/lib/Driver/ToolChains/Clang.cpp:1665
+
+ CmdArgs.push_back("-mllvm");
+ if (A->getOption().matches(options::OPT_mfix_cmse_cve_2021_35465))
----------------
Are these optional also being passed through to the linker when doing LTO?
================
Comment at: clang/test/Driver/arm-cmse-cve-2021-35465.c:3
+//
+// RUN: %clang --target=arm-arm-none-eabi -march=armv8-m.main %s -### \
+// RUN: -mcmse -mno-fix-cmse-cve-2021-35465 2>&1 |\
----------------
The last few paragraphs of https://developer.arm.com/support/arm-security-updates/vlldm-instruction-security-vulnerability claim that this is enabled by default for -march=armv8-m.main in AC6 and GCC, is there a reason we're not matching that?
================
Comment at: llvm/lib/Target/ARM/ARMExpandPseudoInsts.cpp:1564
.addReg(Reg)
+ .addReg(ARM::CPSR, RegState::ImplicitDefine)
.add(predOps(ARMCC::AL));
----------------
Why are these needed?
================
Comment at: llvm/lib/Target/ARM/ARMExpandPseudoInsts.cpp:1626
+ // Thumb2ITBlockPass will not recognise the instruction as conditional.
+ BuildMI(MBB, MBBI, DL, TII->get(ARM::t2IT))
+ .addImm(ARMCC::NE)
----------------
This pass runs before the final scheduler pass, so is there a risk that the IT and VMOV instructions could be moved apart? I think it would be safer to either put the IT instruction inside the inline asm block, or make this a new pseudo-instruction expanded in the asm printer.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D109157/new/
https://reviews.llvm.org/D109157
More information about the cfe-commits
mailing list