[PATCH] D88194: [X86] CET endbr enhance
Xiang Zhang via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed Sep 23 18:55:44 PDT 2020
xiangzhangllvm created this revision.
xiangzhangllvm added reviewers: craig.topper, hjl.tools, LuoYuanke, pengfei, annita.zhang, MaskRay.
Herald added subscribers: llvm-commits, hiraditya.
Herald added a project: LLVM.
xiangzhangllvm requested review of this revision.
This patch is for CET enhancement.
ENDBR32 and ENDBR64 have specific opcodes:
ENDBR32: F3 <https://reviews.llvm.org/F3> 0F 1E FB
ENDBR64: F3 <https://reviews.llvm.org/F3> 0F 1E FA
And **we want that attackers won’t find unintended ENDBR32/64 opcode matches in the binary**.
Here’s an example:
If the compiler had to generate asm for the following code:
a = 0xF30F1EFA
it could, for example, generate:
mov 0xF30F1EFA, dword ptr[a]
In such a case, the binary would include a gadget that starts with a fake ENDBR64 opcode.
Therefore, we split such generation into multiple operations, let it not shows in the binary.
**The goal of this patch is not to 100% remove the unintended ENDBR-IMM. **
Theoretically, it can occurrence in address info, and even between 2 instructions.
In fact, All the probability of its occurrence is very small.
**The idea of this patch tend to “Greatly reduce the probability of ENDBR-IMM occurrence” by handling the most comment instructions with imm32/64.**
https://reviews.llvm.org/D88194
Files:
llvm/lib/Target/X86/X86ISelDAGToDAG.cpp
llvm/test/CodeGen/X86/cet_endbr_imm_enhance.ll
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D88194.293912.patch
Type: text/x-patch
Size: 12798 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20200924/b63df68f/attachment.bin>
More information about the llvm-commits
mailing list