[clang] [llvm] [X86] Enhance kCFI type IDs with a 3-bit arity indicator. (PR #117121)
Matthew Maurer via cfe-commits
cfe-commits at lists.llvm.org
Wed Dec 4 09:01:02 PST 2024
maurer wrote:
I think Scott's point may be the relevant one - this may be similar strength or slightly weaker, but having an indicator stating which registers are live is potentially needed to allow FineIBT to poison them during speculative execution (I would be interested if you have a doc explaining your plan there, but just from a personal perspective, not from this PR).
Given how much padding is used in the X86 kernel around function headers, have you considered just stealing another byte to encode the data for your arity stuff, and considering it to be a separate mitigation from KCFI tags?
The rest of CFI is arch-independent, but in order to know which *registers* are in use, you need arch dependent information, because you care about the calling convention, packing rules, etc. This is part of why Ramon thought your design choices were odd above - this isn't really a CFI enhancement or modification, this is another piece of information you need for speculation defenses that occur at a different abstraction level.
https://github.com/llvm/llvm-project/pull/117121
More information about the cfe-commits
mailing list