[PATCH] D40223: [X86] Control-Flow Enforcement Technology - Shadow Stack support (LLVM side)

Oren Ben Simhon via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Sun Nov 19 05:15:48 PST 2017 

oren_ben_simhon created this revision.
Herald added a subscriber: JDevlieghere.

Control Flow Enforcement Technology (CET) provides HW capabilities to defend against Return Oriented Programming (ROP) attack and similarly Call/Jmp Oriented Programming (COP/JOP) attack.

Control flow subversion attacks are handled using two CET’s mechanisms:

1. Shadow Stack (SHSTK) – return address protection to defend against ROP.
2. Indirect Branch Tracking (IBT) – free branch protection to defend against JOP/COP.

Shadow stack solution introduces a new stack for return addresses only. The HW has a Shadow Stack Pointer (SSP) that points to the next return address. If we return to a different address, an exception is triggered.
The shadow stack is managed using a series of intrinsics that are introduced in this patch as well as the new register (SSP). The intrinsics are mapped to new instruction set that implements CET mechanism.
The patch also includes initial infrastructure support for IBT.

For more information, please see the following:
https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf


Repository:
  rL LLVM

https://reviews.llvm.org/D40223

Files:
  include/llvm/IR/IntrinsicsX86.td
  lib/Support/Host.cpp
  lib/Target/X86/X86.td
  lib/Target/X86/X86InstrCompiler.td
  lib/Target/X86/X86InstrControl.td
  lib/Target/X86/X86InstrInfo.td
  lib/Target/X86/X86InstrSystem.td
  lib/Target/X86/X86RegisterInfo.cpp
  lib/Target/X86/X86RegisterInfo.td
  lib/Target/X86/X86Subtarget.cpp
  lib/Target/X86/X86Subtarget.h
  test/CodeGen/MIR/X86/frame-info-save-restore-points.mir
  test/CodeGen/X86/GlobalISel/irtranslator-callingconv.ll
  test/CodeGen/X86/ipra-reg-usage.ll
  test/CodeGen/X86/movtopush.mir
  test/CodeGen/X86/tail-call-conditional.mir
  test/CodeGen/X86/x32-cet-intrinsics.ll
  test/CodeGen/X86/x64-cet-intrinsics.ll
  test/DebugInfo/MIR/X86/live-debug-vars-unused-arg-debugonly.mir
  test/DebugInfo/MIR/X86/live-debug-vars-unused-arg.mir
  test/DebugInfo/X86/live-debug-vars-dse.mir
  test/MC/X86/cet-encoding.s

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D40223.123496.patch
Type: text/x-patch
Size: 63446 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20171119/bd3ac417/attachment-0001.bin>

More information about the llvm-commits mailing list