From e3ba468fc3c123880cfd03dfbc9d1ed61d5904c6 Mon Sep 17 00:00:00 2001 From: Scott Constable Date: Fri, 3 Apr 2020 12:12:51 -0700 Subject: [X86] Add a Pass that builds a Condensed CFG for Load Value Injection (LVI) Gadgets Adds a new data structure, ImmutableGraph, and uses RDF to find LVI gadgets and add them to a MachineGadgetGraph. More specifically, a new X86 machine pass finds Load Value Injection (LVI) gadgets consisting of a load from memory (i.e., SOURCE), and any operation that may transmit the value loaded from memory over a covert channel, or use the value loaded from memory to determine a branch/call target (i.e., SINK). Also adds a new target feature to X86: +lvi-load-hardening The feature can be added via the clang CLI using -mlvi-hardening. Differential Revision: https://reviews.llvm.org/D75936 --- clang/lib/Driver/ToolChains/Arch/X86.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'clang/lib/Driver/ToolChains/Arch/X86.cpp') diff --git a/clang/lib/Driver/ToolChains/Arch/X86.cpp b/clang/lib/Driver/ToolChains/Arch/X86.cpp index 477e04485bf..d170b7ac3a7 100644 --- a/clang/lib/Driver/ToolChains/Arch/X86.cpp +++ b/clang/lib/Driver/ToolChains/Arch/X86.cpp @@ -173,7 +173,13 @@ void x86::getX86TargetFeatures(const Driver &D, const llvm::Triple &Triple, } auto LVIOpt = clang::driver::options::ID::OPT_INVALID; - if (Args.hasFlag(options::OPT_mlvi_cfi, options::OPT_mno_lvi_cfi, false)) { + if (Args.hasFlag(options::OPT_mlvi_hardening, options::OPT_mno_lvi_hardening, + false)) { + Features.push_back("+lvi-load-hardening"); + Features.push_back("+lvi-cfi"); // load hardening implies CFI protection + LVIOpt = options::OPT_mlvi_hardening; + } else if (Args.hasFlag(options::OPT_mlvi_cfi, options::OPT_mno_lvi_cfi, + false)) { Features.push_back("+lvi-cfi"); LVIOpt = options::OPT_mlvi_cfi; } -- cgit v1.2.3