diff options
| author | Scott Constable <scott.d.constable@intel.com> | 2020-04-02 21:59:47 -0700 |
|---|---|---|
| committer | Tom Stellard <tstellar@redhat.com> | 2020-06-24 09:31:04 -0700 |
| commit | 071acfdd4694bb2b94efe6122128c5e7f840ce46 (patch) | |
| tree | 5aa003074978978cc4669ee895f1a1391018c4ff /clang/docs | |
| parent | a09ebfdafb9dbfc8aa4ca493389ff9da956eabc1 (diff) | |
| download | bcm5719-llvm-071acfdd4694bb2b94efe6122128c5e7f840ce46.tar.gz bcm5719-llvm-071acfdd4694bb2b94efe6122128c5e7f840ce46.zip | |
[X86] Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI)
This pass replaces each indirect call/jump with a direct call to a thunk that looks like:
lfence
jmpq *%r11
This ensures that if the value in register %r11 was loaded from memory, then
the value in %r11 is (architecturally) correct prior to the jump.
Also adds a new target feature to X86: +lvi-cfi
("cfi" meaning control-flow integrity)
The feature can be added via clang CLI using -mlvi-cfi.
This is an alternate implementation to https://reviews.llvm.org/D75934 That merges the thunk insertion functionality with the existing X86 retpoline code.
Differential Revision: https://reviews.llvm.org/D76812
Diffstat (limited to 'clang/docs')
| -rw-r--r-- | clang/docs/ClangCommandLineReference.rst | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/clang/docs/ClangCommandLineReference.rst b/clang/docs/ClangCommandLineReference.rst index 10c14db1b89..0292e160176 100644 --- a/clang/docs/ClangCommandLineReference.rst +++ b/clang/docs/ClangCommandLineReference.rst @@ -2577,6 +2577,10 @@ Use Intel MCU ABI Generate branches with extended addressability, usually via indirect jumps. +.. option:: -mlvi-cfi, -mno-lvi-cfi + +Enable only control-flow mitigations for Load Value Injection (LVI) + .. option:: -mmacosx-version-min=<arg>, -mmacos-version-min=<arg> Set Mac OS X deployment target |
