[PATCH] D81400: [AArch64] Introduce AArch64SLSHardeningPass, implementing hardening of RET and BR instructions.
Kristof Beyls via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Mon Jun 8 08:11:40 PDT 2020
kristof.beyls created this revision.
kristof.beyls added a reviewer: ostannard.
Herald added subscribers: llvm-commits, danielkiss, hiraditya, mgorny.
Herald added a project: LLVM.
Some processors may speculatively execute the instructions immediately
following RET (returns) and BR (indirect jumps), even though
control flow should change unconditionally at these instructions.
To avoid a potential miss-speculatively executed gadget after these
instructions leaking secrets through side channels, this pass places a
speculation barrier immediately after every RET and BR instruction.
Since these barriers are never on the correct, architectural execution
path, performance overhead of this is expected to be low.
On targets that implement that Armv8.0-SB Speculation Barrier extension,
a single SB instruction is emitted that acts as a speculation barrier.
On other targets, a DSB SYS followed by a ISB is emitted to act as a
speculation barrier.
In the implementation, these speculation barriers are implemented as
pseudo instructions to avoid later passes to analyze them and
potentially remove them.
Even though currently LLVM does not produce BRAA/BRAB/BRAAZ/BRABZ
instructions, these are also mitigated by the pass and tested through a
MIR test.
The mitigation is off by default and can be enabled by the
harden-sls-retbr subtarget feature.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D81400
Files:
llvm/lib/Target/AArch64/AArch64.h
llvm/lib/Target/AArch64/AArch64.td
llvm/lib/Target/AArch64/AArch64AsmPrinter.cpp
llvm/lib/Target/AArch64/AArch64InstrInfo.cpp
llvm/lib/Target/AArch64/AArch64InstrInfo.h
llvm/lib/Target/AArch64/AArch64InstrInfo.td
llvm/lib/Target/AArch64/AArch64SLSHardening.cpp
llvm/lib/Target/AArch64/AArch64Subtarget.h
llvm/lib/Target/AArch64/AArch64TargetMachine.cpp
llvm/lib/Target/AArch64/CMakeLists.txt
llvm/test/CodeGen/AArch64/O0-pipeline.ll
llvm/test/CodeGen/AArch64/O3-pipeline.ll
llvm/test/CodeGen/AArch64/speculation-hardening-sls.ll
llvm/test/CodeGen/AArch64/speculation-hardening-sls.mir
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D81400.269235.patch
Type: text/x-patch
Size: 20671 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20200608/d83e54e6/attachment.bin>
More information about the llvm-commits
mailing list