[PATCH] D41723: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715, "Branch Target Injection", and is one of the two halves to Spectre..

Sanjoy Das via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Thu Jan 4 14:38:06 PST 2018

sanjoy added inline comments.

Comment at: llvm/lib/CodeGen/IndirectBrExpandPass.cpp:134
+  // Now rewrite each indirectbr to cast its loaded pointer to an integer and
+  // switch on it using the integer map from above.
+  for (auto *IBr : IndirectBrs) {
chandlerc wrote:
> sanjoy wrote:
> > Do we care about inline assembly here?  The langref says "Finally, some targets may provide defined semantics when using the value as the operand to an inline assembly, but that is target specific."
> I mean, yes, but also no. ;]
> It would be nice to maybe preserve inline asm uses of blockaddr and not any others. And then force people to not rinse their blackaddr usage through inline asm and mix that with `-mretpoline`. That would allow the common usage I'm aware of to remain (showing label addresses in crash dumps in things like kernels) and really allow almost any usage wholly contained within inline asm to continue working perfectly.
> But it seemed reasonable for a follow-up. That said, maybe its not too complex to add now...
What do you think about `report_fatal_error`ing here if you encounter an inline assembly user?  That seems somewhat more friendly than silently "miscompiling" (in quotes) inline assembly.


More information about the llvm-commits mailing list