Skip to content

Commit c74dd64

Browse files
scottconstabletopperc
scottconstable
authored and
topperc
committed
[X86] Add a Pass that builds a Condensed CFG for Load Value Injection (LVI) Gadgets
Adds a new data structure, ImmutableGraph, and uses RDF to find LVI gadgets and add them to a MachineGadgetGraph. More specifically, a new X86 machine pass finds Load Value Injection (LVI) gadgets consisting of a load from memory (i.e., SOURCE), and any operation that may transmit the value loaded from memory over a covert channel, or use the value loaded from memory to determine a branch/call target (i.e., SINK). Also adds a new target feature to X86: +lvi-load-hardening The feature can be added via the clang CLI using -mlvi-hardening. Differential Revision: https://reviews.llvm.org/D75936
1 parent 8023752 commit c74dd64

File tree

13 files changed

+1187
-2
lines changed

13 files changed

+1187
-2
lines changed

clang/include/clang/Driver/Options.td

+4
Original file line numberDiff line numberDiff line change
@@ -2309,6 +2309,10 @@ def mspeculative_load_hardening : Flag<["-"], "mspeculative-load-hardening">,
23092309
Group<m_Group>, Flags<[CoreOption,CC1Option]>;
23102310
def mno_speculative_load_hardening : Flag<["-"], "mno-speculative-load-hardening">,
23112311
Group<m_Group>, Flags<[CoreOption]>;
2312+
def mlvi_hardening : Flag<["-"], "mlvi-hardening">, Group<m_Group>, Flags<[CoreOption,DriverOption]>,
2313+
HelpText<"Enable all mitigations for Load Value Injection (LVI)">;
2314+
def mno_lvi_hardening : Flag<["-"], "mno-lvi-hardening">, Group<m_Group>, Flags<[CoreOption,DriverOption]>,
2315+
HelpText<"Disable mitigations for Load Value Injection (LVI)">;
23122316
def mlvi_cfi : Flag<["-"], "mlvi-cfi">, Group<m_Group>, Flags<[CoreOption,DriverOption]>,
23132317
HelpText<"Enable only control-flow mitigations for Load Value Injection (LVI)">;
23142318
def mno_lvi_cfi : Flag<["-"], "mno-lvi-cfi">, Group<m_Group>, Flags<[CoreOption,DriverOption]>,

clang/lib/Driver/ToolChains/Arch/X86.cpp

+7-1
Original file line numberDiff line numberDiff line change
@@ -173,7 +173,13 @@ void x86::getX86TargetFeatures(const Driver &D, const llvm::Triple &Triple,
173173
}
174174

175175
auto LVIOpt = clang::driver::options::ID::OPT_INVALID;
176-
if (Args.hasFlag(options::OPT_mlvi_cfi, options::OPT_mno_lvi_cfi, false)) {
176+
if (Args.hasFlag(options::OPT_mlvi_hardening, options::OPT_mno_lvi_hardening,
177+
false)) {
178+
Features.push_back("+lvi-load-hardening");
179+
Features.push_back("+lvi-cfi"); // load hardening implies CFI protection
180+
LVIOpt = options::OPT_mlvi_hardening;
181+
} else if (Args.hasFlag(options::OPT_mlvi_cfi, options::OPT_mno_lvi_cfi,
182+
false)) {
177183
Features.push_back("+lvi-cfi");
178184
LVIOpt = options::OPT_mlvi_cfi;
179185
}

clang/test/Driver/x86-target-features.c

+5
Original file line numberDiff line numberDiff line change
@@ -159,6 +159,11 @@
159159
// LVICFI: "-target-feature" "+lvi-cfi"
160160
// NO-LVICFI-NOT: lvi-cfi
161161

162+
// RUN: %clang -target i386-linux-gnu -mlvi-hardening %s -### -o %t.o 2>&1 | FileCheck -check-prefix=LVIHARDENING %s
163+
// RUN: %clang -target i386-linux-gnu -mno-lvi-hardening %s -### -o %t.o 2>&1 | FileCheck -check-prefix=NO-LVIHARDENING %s
164+
// LVIHARDENING: "-target-feature" "+lvi-load-hardening" "-target-feature" "+lvi-cfi"
165+
// NO-LVIHARDENING-NOT: lvi
166+
162167
// RUN: %clang -target i386-linux-gnu -mwaitpkg %s -### -o %t.o 2>&1 | FileCheck -check-prefix=WAITPKG %s
163168
// RUN: %clang -target i386-linux-gnu -mno-waitpkg %s -### -o %t.o 2>&1 | FileCheck -check-prefix=NO-WAITPKG %s
164169
// WAITPKG: "-target-feature" "+waitpkg"

llvm/lib/Target/X86/CMakeLists.txt

+1
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,7 @@ set(sources
5252
X86InstrInfo.cpp
5353
X86EvexToVex.cpp
5454
X86LegalizerInfo.cpp
55+
X86LoadValueInjectionLoadHardening.cpp
5556
X86LoadValueInjectionRetHardening.cpp
5657
X86MCInstLower.cpp
5758
X86MachineFunctionInfo.cpp

0 commit comments

Comments
 (0)