OSchip
/
llvm-project
mirror of https://github.com/THU-DSP-LAB/llvm-project.git
13
0
Fork 2
Code Issues Packages Projects Releases Wiki Activity
llvm-project/clang/lib/Frontend
History
Nick Desaulniers 2240d72f15 [X86] initial -mfunction-return=thunk-extern support 
Adds support for:
* `-mfunction-return=<value>` command line flag, and
* `__attribute__((function_return("<value>")))` function attribute

Where the supported <value>s are:
* keep (disable)
* thunk-extern (enable)

thunk-extern enables clang to change ret instructions into jmps to an
external symbol named __x86_return_thunk, implemented as a new
MachineFunctionPass named "x86-return-thunks", keyed off the new IR
attribute fn_ret_thunk_extern.

The symbol __x86_return_thunk is expected to be provided by the runtime
the compiled code is linked against and is not defined by the compiler.
Enabling this option alone doesn't provide mitigations without
corresponding definitions of __x86_return_thunk!

This new MachineFunctionPass is very similar to "x86-lvi-ret".

The <value>s "thunk" and "thunk-inline" are currently unsupported. It's
not clear yet that they are necessary: whether the thunk pattern they
would emit is beneficial or used anywhere.

Should the <value>s "thunk" and "thunk-inline" become necessary,
x86-return-thunks could probably be merged into x86-retpoline-thunks
which has pre-existing machinery for emitting thunks (which could be
used to implement the <value> "thunk").

Has been found to build+boot with corresponding Linux
kernel patches. This helps the Linux kernel mitigate RETBLEED.
* CVE-2022-23816
* CVE-2022-28693
* CVE-2022-29901

See also:
* "RETBLEED: Arbitrary Speculative Code Execution with Return
Instructions."
* AMD SECURITY NOTICE AMD-SN-1037: AMD CPU Branch Type Confusion
* TECHNICAL GUIDANCE FOR MITIGATING BRANCH TYPE CONFUSION REVISION 1.0
  2022-07-12
* Return Stack Buffer Underflow / Return Stack Buffer Underflow /
  CVE-2022-29901, CVE-2022-28693 / INTEL-SA-00702

SystemZ may eventually want to support "thunk-extern" and "thunk"; both
options are used by the Linux kernel's CONFIG_EXPOLINE.

This functionality has been available in GCC since the 8.1 release, and
was backported to the 7.3 release.

Many thanks for folks that provided discrete review off list due to the
embargoed nature of this hardware vulnerability. Many Bothans died to
bring us this information.

Link: https://www.youtube.com/watch?v=IF6HbCKQHK8
Link: https://github.com/llvm/llvm-project/issues/54404
Link: https://gcc.gnu.org/legacy-ml/gcc-patches/2018-01/msg01197.html
Link: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/return-stack-buffer-underflow.html
Link: https://arstechnica.com/information-technology/2022/07/intel-and-amd-cpus-vulnerable-to-a-new-speculative-execution-attack/?comments=1
Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce114c866860aa9eae3f50974efc68241186ba60
Link: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
Link: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html

Reviewed By: aaron.ballman, craig.topper

Differential Revision: https://reviews.llvm.org/D129572
 		2022-07-12 09:17:54 -07:00
..
Rewrite [Clang] Rename StringLiteral::isAscii() => isOrdinary() [NFC] 2022-06-29 18:28:51 +02:00
ASTConsumers.cpp [clang] Fix JSON AST output when a filter is used 2021-10-10 07:46:17 +05:30
ASTMerge.cpp
ASTUnit.cpp [clang] Don't use Optional::getValue (NFC) 2022-06-20 22:59:26 -07:00
CMakeLists.txt [clang][extract-api] Add global record support 2022-03-16 15:13:55 -07:00
ChainedDiagnosticConsumer.cpp
ChainedIncludesSource.cpp [ASTReader] Allow controlling separately whether validation should be disabled for a PCH vs a module file 2021-01-21 20:45:54 -08:00
CompilerInstance.cpp [clang] Cleanup ASTContext before output files in crash recovery for modules 2022-07-07 10:23:57 -07:00
CompilerInvocation.cpp [X86] initial -mfunction-return=thunk-extern support 2022-07-12 09:17:54 -07:00
CreateInvocationFromCommandLine.cpp [clang][driver] Introduce new -fdriver-only flag 2022-06-13 13:30:56 +02:00
DependencyFile.cpp [Lex] Introduce `PPCallbacks::LexedFileChanged()` preprocessor callback 2022-07-01 14:22:31 -07:00
DependencyGraph.cpp [clang][lex] NFCI: Use FileEntryRef in PPCallbacks::InclusionDirective() 2022-04-14 10:46:12 +02:00
DiagnosticRenderer.cpp [clang][Frontend] Fix a crash in DiagnosticRenderer. 2021-02-17 09:02:49 +01:00
FrontendAction.cpp [clang] Cleanup ASTContext before output files in crash recovery for modules 2022-07-07 10:23:57 -07:00
FrontendActions.cpp [Tooling/DependencyScanning & Preprocessor] Refactor dependency scanning to produce pre-lexed preprocessor directive tokens, instead of minimized sources 2022-05-26 12:50:06 -07:00
FrontendOptions.cpp [C++20][Modules][Driver][HU 1/N] Initial handling for -xc++-{system,user}-header. 2022-04-22 09:24:29 +01:00
HeaderIncludeGen.cpp [clang] Inclusive language: change instances of blacklist/whitelist to allowlist/ignorelist 2021-11-12 15:46:16 +00:00
InitPreprocessor.cpp [clang] Don't use Optional::hasValue (NFC) 2022-06-25 22:26:24 -07:00
InterfaceStubFunctionsConsumer.cpp [ifs] Prepare llvm-ifs for elfabi/ifs merging. 2021-07-19 11:23:00 -07:00
LayoutOverrideSource.cpp [Driver, Frontend] Use StringRef::contains (NFC) 2021-10-19 08:54:02 -07:00
LogDiagnosticPrinter.cpp Remove a few effectively-unused FileEntry APIs. NFC 2022-04-07 16:45:47 +02:00
ModuleDependencyCollector.cpp [clang][lex] NFCI: Use FileEntryRef in PPCallbacks::InclusionDirective() 2022-04-14 10:46:12 +02:00
MultiplexConsumer.cpp [Clang] Override method ModuleImportRead in MultiplexASTDeserializationListener 2022-04-11 08:38:37 -04:00
PrecompiledPreamble.cpp [Frontend] when attaching a preamble, don't generate the long predefines buffer. 2022-05-09 15:55:32 +02:00
PrintPreprocessedOutput.cpp [clang][lex] NFCI: Use FileEntryRef in PPCallbacks::InclusionDirective() 2022-04-14 10:46:12 +02:00
SerializedDiagnosticPrinter.cpp [clang] Remove redundant member initialization (NFC) 2022-01-02 10:20:23 -08:00
SerializedDiagnosticReader.cpp
TestModuleFileExtension.cpp [NFC][clang] Return underlying strings directly instead of OS.str() 2021-12-09 16:05:46 -08:00
TestModuleFileExtension.h [modules] Use `HashBuilder` and `MD5` for the module hash. 2021-09-03 11:13:36 -07:00
TextDiagnostic.cpp Remove a few effectively-unused FileEntry APIs. NFC 2022-04-07 16:45:47 +02:00
TextDiagnosticBuffer.cpp
TextDiagnosticPrinter.cpp [clang-cl] Remove the /fallback option 2021-02-04 10:33:16 +01:00
VerifyDiagnosticConsumer.cpp [clang][lex] NFC: Simplify calls to `LookupFile` 2022-01-18 16:02:18 +01:00