[PATCH] D75939: [x86][seses] Introduce SESES pass for LVI
Scott Constable via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Mon Apr 27 11:51:59 PDT 2020
sconstab added a comment.
I don't think that this feature will be secure unless it is also used with `-mlvi-cfi`. Specifically, it is not sufficient to mitigate a RET simply by placing an LFENCE before it. There must also be a read from RSP's pointee just prior to that LFENCE. Also, indirect calls/jumps from memory must be decomposed into discrete load and call/jump from register operations with an interposed LFENCE. The `-mlvi-cfi` enables an X86 target feature that performs both of these mitigations correctly.
Also, I think that all of your lit tests for various option combinations can be combined into a single file, with different FileCheck prefixes corresponding to different mitigation configurations.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D75939/new/
https://reviews.llvm.org/D75939
More information about the llvm-commits
mailing list