diff options
| author | Chandler Carruth <chandlerc@gmail.com> | 2018-09-04 10:59:10 +0000 |
|---|---|---|
| committer | Chandler Carruth <chandlerc@gmail.com> | 2018-09-04 10:59:10 +0000 |
| commit | 219888d1b2ade782a8aedb9dea7f1421c852b80c (patch) | |
| tree | 4fcd391834a9e5bcba026048ee70f92bbcb1b742 /llvm/tools/llvm-objcopy/Object.cpp | |
| parent | 51ae9346dbb710dfdaf482351b75d2bda903c0a6 (diff) | |
| download | bcm5719-llvm-219888d1b2ade782a8aedb9dea7f1421c852b80c.tar.gz bcm5719-llvm-219888d1b2ade782a8aedb9dea7f1421c852b80c.zip | |
[x86/SLH] Teach SLH to harden against the "ret2spec" attack by
implementing the proposed mitigation technique described in the original
design document.
The idea is to check after calls that the return address used to arrive
at that location is in fact the correct address. In the event of
a mis-predicted return which reaches a *valid* return but not the
*correct* return, this will detect the mismatch much like it would
a mispredicted conditional branch.
This is the last published attack vector that I am aware of in the
Spectre v1 space which is not mitigated by SLH+retpolines. However,
don't read *too* much into that: this is an area of ongoing research
where we expect more issues to be discovered in the future, and it also
makes no attempt to mitigate Spectre v4. Still, this is an important
completeness bar for SLH.
The change here is of course delightfully simple. It was predicated on
cutting support for post-instruction symbols into LLVM which was not at
all simple. Many thanks to Hal Finkel, Reid Kleckner, and Justin Bogner
who helped me figure out how to do a bunch of the complex changes
involved there.
Differential Revision: https://reviews.llvm.org/D50837
llvm-svn: 341358
Diffstat (limited to 'llvm/tools/llvm-objcopy/Object.cpp')
0 files changed, 0 insertions, 0 deletions
