Author: Craig Topper Date: 2020-04-03T16:56:08-07:00 New Revision: 1d42c0db9a2b27c149c5bac373caa5a6d38d1f74
URL: https://github.com/llvm/llvm-project/commit/1d42c0db9a2b27c149c5bac373caa5a6d38d1f74 DIFF: https://github.com/llvm/llvm-project/commit/1d42c0db9a2b27c149c5bac373caa5a6d38d1f74.diff LOG: Revert "[X86] Add a Pass that builds a Condensed CFG for Load Value Injection (LVI) Gadgets" This reverts commit c74dd640fd740c6928f66a39c7c15a014af3f66f. Reverting to address coding standard issues raised in post-commit review. Added: Modified: clang/include/clang/Driver/Options.td clang/lib/Driver/ToolChains/Arch/X86.cpp clang/test/Driver/x86-target-features.c llvm/lib/Target/X86/CMakeLists.txt llvm/lib/Target/X86/X86.h llvm/lib/Target/X86/X86.td llvm/lib/Target/X86/X86Subtarget.h llvm/lib/Target/X86/X86TargetMachine.cpp llvm/test/CodeGen/X86/O0-pipeline.ll llvm/test/CodeGen/X86/O3-pipeline.ll Removed: llvm/lib/Target/X86/ImmutableGraph.h llvm/lib/Target/X86/X86LoadValueInjectionLoadHardening.cpp llvm/test/CodeGen/X86/lvi-hardening-gadget-graph.ll ################################################################################ diff --git a/clang/include/clang/Driver/Options.td b/clang/include/clang/Driver/Options.td index 869d2755f47e..0d057ac579f5 100644 --- a/clang/include/clang/Driver/Options.td +++ b/clang/include/clang/Driver/Options.td @@ -2309,10 +2309,6 @@ def mspeculative_load_hardening : Flag<["-"], "mspeculative-load-hardening">, Group<m_Group>, Flags<[CoreOption,CC1Option]>; def mno_speculative_load_hardening : Flag<["-"], "mno-speculative-load-hardening">, Group<m_Group>, Flags<[CoreOption]>; -def mlvi_hardening : Flag<["-"], "mlvi-hardening">, Group<m_Group>, Flags<[CoreOption,DriverOption]>, - HelpText<"Enable all mitigations for Load Value Injection (LVI)">; -def mno_lvi_hardening : Flag<["-"], "mno-lvi-hardening">, Group<m_Group>, Flags<[CoreOption,DriverOption]>, - HelpText<"Disable mitigations for Load Value Injection (LVI)">; def mlvi_cfi : Flag<["-"], "mlvi-cfi">, Group<m_Group>, Flags<[CoreOption,DriverOption]>, HelpText<"Enable only control-flow mitigations for Load Value Injection (LVI)">; def mno_lvi_cfi : Flag<["-"], "mno-lvi-cfi">, Group<m_Group>, Flags<[CoreOption,DriverOption]>, diff --git a/clang/lib/Driver/ToolChains/Arch/X86.cpp b/clang/lib/Driver/ToolChains/Arch/X86.cpp index dbbc025de38c..aafba6915d0b 100644 --- a/clang/lib/Driver/ToolChains/Arch/X86.cpp +++ b/clang/lib/Driver/ToolChains/Arch/X86.cpp @@ -173,13 +173,7 @@ void x86::getX86TargetFeatures(const Driver &D, const llvm::Triple &Triple, } auto LVIOpt = clang::driver::options::ID::OPT_INVALID; - if (Args.hasFlag(options::OPT_mlvi_hardening, options::OPT_mno_lvi_hardening, - false)) { - Features.push_back("+lvi-load-hardening"); - Features.push_back("+lvi-cfi"); // load hardening implies CFI protection - LVIOpt = options::OPT_mlvi_hardening; - } else if (Args.hasFlag(options::OPT_mlvi_cfi, options::OPT_mno_lvi_cfi, - false)) { + if (Args.hasFlag(options::OPT_mlvi_cfi, options::OPT_mno_lvi_cfi, false)) { Features.push_back("+lvi-cfi"); LVIOpt = options::OPT_mlvi_cfi; } diff --git a/clang/test/Driver/x86-target-features.c b/clang/test/Driver/x86-target-features.c index 44a3d2e1164b..872a228c2a33 100644 --- a/clang/test/Driver/x86-target-features.c +++ b/clang/test/Driver/x86-target-features.c @@ -159,11 +159,6 @@ // LVICFI: "-target-feature" "+lvi-cfi" // NO-LVICFI-NOT: lvi-cfi -// RUN: %clang -target i386-linux-gnu -mlvi-hardening %s -### -o %t.o 2>&1 | FileCheck -check-prefix=LVIHARDENING %s -// RUN: %clang -target i386-linux-gnu -mno-lvi-hardening %s -### -o %t.o 2>&1 | FileCheck -check-prefix=NO-LVIHARDENING %s -// LVIHARDENING: "-target-feature" "+lvi-load-hardening" "-target-feature" "+lvi-cfi" -// NO-LVIHARDENING-NOT: lvi - // RUN: %clang -target i386-linux-gnu -mwaitpkg %s -### -o %t.o 2>&1 | FileCheck -check-prefix=WAITPKG %s // RUN: %clang -target i386-linux-gnu -mno-waitpkg %s -### -o %t.o 2>&1 | FileCheck -check-prefix=NO-WAITPKG %s // WAITPKG: "-target-feature" "+waitpkg" diff --git a/llvm/lib/Target/X86/CMakeLists.txt b/llvm/lib/Target/X86/CMakeLists.txt index e94a82aebca4..5df9978bf11d 100644 --- a/llvm/lib/Target/X86/CMakeLists.txt +++ b/llvm/lib/Target/X86/CMakeLists.txt @@ -52,7 +52,6 @@ set(sources X86InstrInfo.cpp X86EvexToVex.cpp X86LegalizerInfo.cpp - X86LoadValueInjectionLoadHardening.cpp X86LoadValueInjectionRetHardening.cpp X86MCInstLower.cpp X86MachineFunctionInfo.cpp diff --git a/llvm/lib/Target/X86/ImmutableGraph.h b/llvm/lib/Target/X86/ImmutableGraph.h deleted file mode 100644 index 80c9cf489ded..000000000000 --- a/llvm/lib/Target/X86/ImmutableGraph.h +++ /dev/null @@ -1,432 +0,0 @@ -//==========-- ImmutableGraph.h - A fast DAG implementation ---------=========// -// -// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. -// See https://llvm.org/LICENSE.txt for license information. -// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception -// -//===----------------------------------------------------------------------===// -/// -/// Description: ImmutableGraph is a fast DAG implementation that cannot be -/// modified, except by creating a new ImmutableGraph. ImmutableGraph is -/// implemented as two arrays: one containing nodes, and one containing edges. -/// The advantages to this implementation are two-fold: -/// 1. Iteration and traversal operations should experience terrific caching -/// performance. -/// 2. Set representations and operations on nodes and edges become -/// extraordinarily efficient. For instance, a set of edges is implemented as -/// a bit vector, wherein each bit corresponds to one edge in the edge -/// array. This implies a lower bound of 64x spacial improvement over, e.g., -/// an llvm::DenseSet or llvm::SmallSet. It also means that -/// insert/erase/contains operations complete in negligible constant time: -/// insert and erase require one load and one store, and contains requires -/// just one load. -/// -//===----------------------------------------------------------------------===// - -#ifndef IMMUTABLEGRAPH_H -#define IMMUTABLEGRAPH_H - -#include "llvm/ADT/BitVector.h" -#include "llvm/ADT/GraphTraits.h" -#include "llvm/ADT/STLExtras.h" -#include "llvm/Support/raw_ostream.h" -#include <algorithm> -#include <iterator> -#include <utility> -#include <vector> - -namespace llvm { - -template <typename _NodeValueT, typename _EdgeValueT, typename _SizeT = int> -class ImmutableGraph { - using Traits = GraphTraits<ImmutableGraph<_NodeValueT, _EdgeValueT> *>; - template <typename> friend class ImmutableGraphBuilder; - -public: - using NodeValueT = _NodeValueT; - using EdgeValueT = _EdgeValueT; - using size_type = _SizeT; - class Node; - class Edge { - friend class ImmutableGraph; - template <typename> friend class ImmutableGraphBuilder; - friend Traits; - - Node *__dest; - EdgeValueT __value; - - public: - EdgeValueT &value() { return __value; } - }; - class Node { - friend class ImmutableGraph; - template <typename> friend class ImmutableGraphBuilder; - friend Traits; - - Edge *__edges; - NodeValueT __value; - - public: - NodeValueT &value() { return __value; } - }; - -protected: - ImmutableGraph(Node *Nodes, size_type NodesSize, Edge *Edges, - size_type EdgesSize) - : __nodes{Nodes}, __nodes_size{NodesSize}, __edges{Edges}, - __edges_size{EdgesSize} {} - ImmutableGraph(const ImmutableGraph &) = delete; - ImmutableGraph(ImmutableGraph &&) = delete; - ImmutableGraph &operator=(const ImmutableGraph &) = delete; - ImmutableGraph &operator=(ImmutableGraph &&) = delete; - -public: - ~ImmutableGraph() { - delete[] __edges; - delete[] __nodes; - } - - Node *nodes_begin() const { return __nodes; } - Node *nodes_end() const { return __nodes + __nodes_size; } - Edge *edges_begin() const { return __edges; } - Edge *edges_end() const { return __edges + __edges_size; } - size_type nodes_size() const { return __nodes_size; } - size_type edges_size() const { return __edges_size; } - bool empty() const { return __nodes_size == 0; } - - class NodeSet { - friend class iterator; - - const ImmutableGraph &__g; - BitVector __v; - - public: - NodeSet(const ImmutableGraph &G, bool ContainsAll = false) - : __g{G}, __v{static_cast<unsigned>(__g.nodes_size()), ContainsAll} {} - bool insert(Node *N) { - size_type Idx = std::distance(__g.nodes_begin(), N); - bool AlreadyExists = __v.test(Idx); - __v.set(Idx); - return !AlreadyExists; - } - void erase(Node *N) { - size_type Idx = std::distance(__g.nodes_begin(), N); - __v.reset(Idx); - } - bool contains(Node *N) const { - size_type Idx = std::distance(__g.nodes_begin(), N); - return __v.test(Idx); - } - void clear() { __v.reset(); } - size_type empty() const { return __v.none(); } - /// Return the number of elements in the set - size_type count() const { return __v.count(); } - /// Return the size of the set's domain - size_type size() const { return __v.size(); } - /// Set union - NodeSet &operator|=(const NodeSet &RHS) { - assert(&this->__g == &RHS.__g); - __v |= RHS.__v; - return *this; - } - /// Set intersection - NodeSet &operator&=(const NodeSet &RHS) { - assert(&this->__g == &RHS.__g); - __v &= RHS.__v; - return *this; - } - /// Set disjoint union - NodeSet &operator^=(const NodeSet &RHS) { - assert(&this->__g == &RHS.__g); - __v ^= RHS.__v; - return *this; - } - - using index_iterator = typename BitVector::const_set_bits_iterator; - index_iterator index_begin() const { return __v.set_bits_begin(); } - index_iterator index_end() const { return __v.set_bits_end(); } - void set(size_type Idx) { __v.set(Idx); } - void reset(size_type Idx) { __v.reset(Idx); } - - class iterator { - const NodeSet &__set; - size_type __current; - - void advance() { - assert(__current != -1); - __current = __set.__v.find_next(__current); - } - - public: - iterator(const NodeSet &Set, size_type Begin) - : __set{Set}, __current{Begin} {} - iterator operator++(int) { - iterator Tmp = *this; - advance(); - return Tmp; - } - iterator &operator++() { - advance(); - return *this; - } - Node *operator*() const { - assert(__current != -1); - return __set.__g.nodes_begin() + __current; - } - bool operator==(const iterator &other) const { - assert(&this->__set == &other.__set); - return this->__current == other.__current; - } - bool operator!=(const iterator &other) const { return !(*this == other); } - }; - - iterator begin() const { return iterator{*this, __v.find_first()}; } - iterator end() const { return iterator{*this, -1}; } - }; - - class EdgeSet { - const ImmutableGraph &__g; - BitVector __v; - - public: - EdgeSet(const ImmutableGraph &G, bool ContainsAll = false) - : __g{G}, __v{static_cast<unsigned>(__g.edges_size()), ContainsAll} {} - bool insert(Edge *E) { - size_type Idx = std::distance(__g.edges_begin(), E); - bool AlreadyExists = __v.test(Idx); - __v.set(Idx); - return !AlreadyExists; - } - void erase(Edge *E) { - size_type Idx = std::distance(__g.edges_begin(), E); - __v.reset(Idx); - } - bool contains(Edge *E) const { - size_type Idx = std::distance(__g.edges_begin(), E); - return __v.test(Idx); - } - void clear() { __v.reset(); } - bool empty() const { return __v.none(); } - /// Return the number of elements in the set - size_type count() const { return __v.count(); } - /// Return the size of the set's domain - size_type size() const { return __v.size(); } - /// Set union - EdgeSet &operator|=(const EdgeSet &RHS) { - assert(&this->__g == &RHS.__g); - __v |= RHS.__v; - return *this; - } - /// Set intersection - EdgeSet &operator&=(const EdgeSet &RHS) { - assert(&this->__g == &RHS.__g); - __v &= RHS.__v; - return *this; - } - /// Set disjoint union - EdgeSet &operator^=(const EdgeSet &RHS) { - assert(&this->__g == &RHS.__g); - __v ^= RHS.__v; - return *this; - } - - using index_iterator = typename BitVector::const_set_bits_iterator; - index_iterator index_begin() const { return __v.set_bits_begin(); } - index_iterator index_end() const { return __v.set_bits_end(); } - void set(size_type Idx) { __v.set(Idx); } - void reset(size_type Idx) { __v.reset(Idx); } - - class iterator { - const EdgeSet &__set; - size_type __current; - - void advance() { - assert(__current != -1); - __current = __set.__v.find_next(__current); - } - - public: - iterator(const EdgeSet &Set, size_type Begin) - : __set{Set}, __current{Begin} {} - iterator operator++(int) { - iterator Tmp = *this; - advance(); - return Tmp; - } - iterator &operator++() { - advance(); - return *this; - } - Edge *operator*() const { - assert(__current != -1); - return __set.__g.edges_begin() + __current; - } - bool operator==(const iterator &other) const { - assert(&this->__set == &other.__set); - return this->__current == other.__current; - } - bool operator!=(const iterator &other) const { return !(*this == other); } - }; - - iterator begin() const { return iterator{*this, __v.find_first()}; } - iterator end() const { return iterator{*this, -1}; } - }; - -private: - Node *__nodes; - size_type __nodes_size; - Edge *__edges; - size_type __edges_size; -}; - -template <typename GraphT> class ImmutableGraphBuilder { - using NodeValueT = typename GraphT::NodeValueT; - using EdgeValueT = typename GraphT::EdgeValueT; - static_assert( - std::is_base_of<ImmutableGraph<NodeValueT, EdgeValueT>, GraphT>::value, - "Template argument to ImmutableGraphBuilder must derive from " - "ImmutableGraph<>"); - using size_type = typename GraphT::size_type; - using NodeSet = typename GraphT::NodeSet; - using Node = typename GraphT::Node; - using EdgeSet = typename GraphT::EdgeSet; - using Edge = typename GraphT::Edge; - using BuilderEdge = std::pair<EdgeValueT, size_type>; - using EdgeList = std::vector<BuilderEdge>; - using BuilderVertex = std::pair<NodeValueT, EdgeList>; - using VertexVec = std::vector<BuilderVertex>; - -public: - using NodeRef = size_type; - - NodeRef addVertex(const NodeValueT &V) { - auto I = __adj_list.emplace(__adj_list.end(), V, EdgeList{}); - return std::distance(__adj_list.begin(), I); - } - - void addEdge(const EdgeValueT &E, NodeRef From, NodeRef To) { - __adj_list[From].second.emplace_back(E, To); - } - - bool empty() const { return __adj_list.empty(); } - - template <typename... ArgT> GraphT *get(ArgT &&... Args) { - size_type VertexSize = __adj_list.size(), EdgeSize = 0; - for (const auto &V : __adj_list) { - EdgeSize += V.second.size(); - } - auto *VertexArray = new Node[VertexSize + 1 /* terminator node */]; - auto *EdgeArray = new Edge[EdgeSize]; - size_type VI = 0, EI = 0; - for (; VI < static_cast<size_type>(__adj_list.size()); ++VI) { - VertexArray[VI].__value = std::move(__adj_list[VI].first); - VertexArray[VI].__edges = &EdgeArray[EI]; - auto NumEdges = static_cast<size_type>(__adj_list[VI].second.size()); - if (NumEdges > 0) { - for (size_type VEI = 0; VEI < NumEdges; ++VEI, ++EI) { - auto &E = __adj_list[VI].second[VEI]; - EdgeArray[EI].__value = std::move(E.first); - EdgeArray[EI].__dest = VertexArray + E.second; - } - } - } - assert(VI == VertexSize && EI == EdgeSize && "Gadget graph malformed"); - VertexArray[VI].__edges = EdgeArray + EdgeSize; // terminator node - return new GraphT{VertexArray, VertexSize, EdgeArray, EdgeSize, - std::forward<ArgT>(Args)...}; - } - - template <typename... ArgT> - static GraphT *trim(const GraphT &G, const NodeSet &TrimNodes, - const EdgeSet &TrimEdges, ArgT &&... Args) { - size_type NewVertexSize = TrimNodes.size() - TrimNodes.count(); - size_type NewEdgeSize = TrimEdges.size() - TrimEdges.count(); - auto *NewVertexArray = new Node[NewVertexSize + 1 /* terminator node */]; - auto *NewEdgeArray = new Edge[NewEdgeSize]; - size_type TrimmedNodesSoFar = 0, - *TrimmedNodes = new size_type[TrimNodes.size()]; - for (size_type I = 0; I < TrimNodes.size(); ++I) { - TrimmedNodes[I] = TrimmedNodesSoFar; - if (TrimNodes.contains(G.nodes_begin() + I)) - ++TrimmedNodesSoFar; - } - size_type VertexI = 0, EdgeI = 0; - for (Node *NI = G.nodes_begin(), *NE = G.nodes_end(); NI != NE; ++NI) { - if (TrimNodes.contains(NI)) - continue; - size_type NewNumEdges = - static_cast<int>((NI + 1)->__edges - NI->__edges) > 0 - ? std::count_if( - NI->__edges, (NI + 1)->__edges, - [&TrimEdges](Edge &E) { return !TrimEdges.contains(&E); }) - : 0; - NewVertexArray[VertexI].__value = NI->__value; - NewVertexArray[VertexI].__edges = &NewEdgeArray[EdgeI]; - if (NewNumEdges > 0) { - for (Edge *EI = NI->__edges, *EE = (NI + 1)->__edges; EI != EE; ++EI) { - if (TrimEdges.contains(EI)) - continue; - NewEdgeArray[EdgeI].__value = EI->__value; - size_type DestIdx = std::distance(G.nodes_begin(), EI->__dest); - size_type NewIdx = DestIdx - TrimmedNodes[DestIdx]; - assert(NewIdx < NewVertexSize); - NewEdgeArray[EdgeI].__dest = NewVertexArray + NewIdx; - ++EdgeI; - } - } - ++VertexI; - } - delete[] TrimmedNodes; - assert(VertexI == NewVertexSize && EdgeI == NewEdgeSize && - "Gadget graph malformed"); - NewVertexArray[VertexI].__edges = NewEdgeArray + NewEdgeSize; - return new GraphT{NewVertexArray, NewVertexSize, NewEdgeArray, NewEdgeSize, - std::forward<ArgT>(Args)...}; - } - -private: - VertexVec __adj_list; -}; - -template <typename NodeValueT, typename EdgeValueT> -struct GraphTraits<ImmutableGraph<NodeValueT, EdgeValueT> *> { - using GraphT = ImmutableGraph<NodeValueT, EdgeValueT>; - using NodeRef = typename GraphT::Node *; - using EdgeRef = typename GraphT::Edge &; - - static NodeRef edge_dest(EdgeRef E) { return E.__dest; } - using ChildIteratorType = - mapped_iterator<typename GraphT::Edge *, decltype(&edge_dest)>; - - static NodeRef getEntryNode(GraphT *G) { return G->nodes_begin(); } - static ChildIteratorType child_begin(NodeRef N) { - return {N->__edges, &edge_dest}; - } - static ChildIteratorType child_end(NodeRef N) { - return {(N + 1)->__edges, &edge_dest}; - } - - static NodeRef getNode(typename GraphT::Node &N) { return NodeRef{&N}; } - using nodes_iterator = - mapped_iterator<typename GraphT::Node *, decltype(&getNode)>; - static nodes_iterator nodes_begin(GraphT *G) { - return {G->nodes_begin(), &getNode}; - } - static nodes_iterator nodes_end(GraphT *G) { - return {G->nodes_end(), &getNode}; - } - - using ChildEdgeIteratorType = typename GraphT::Edge *; - - static ChildEdgeIteratorType child_edge_begin(NodeRef N) { - return N->__edges; - } - static ChildEdgeIteratorType child_edge_end(NodeRef N) { - return (N + 1)->__edges; - } - static typename GraphT::size_type size(GraphT *G) { return G->nodes_size(); } -}; - -} // end namespace llvm - -#endif // IMMUTABLEGRAPH_H diff --git a/llvm/lib/Target/X86/X86.h b/llvm/lib/Target/X86/X86.h index 0c88a6b746ef..1b6e99ae7b9b 100644 --- a/llvm/lib/Target/X86/X86.h +++ b/llvm/lib/Target/X86/X86.h @@ -142,7 +142,6 @@ InstructionSelector *createX86InstructionSelector(const X86TargetMachine &TM, X86Subtarget &, X86RegisterBankInfo &); -FunctionPass *createX86LoadValueInjectionLoadHardeningPass(); FunctionPass *createX86LoadValueInjectionRetHardeningPass(); FunctionPass *createX86SpeculativeLoadHardeningPass(); @@ -160,7 +159,6 @@ void initializeX86DomainReassignmentPass(PassRegistry &); void initializeX86ExecutionDomainFixPass(PassRegistry &); void initializeX86ExpandPseudoPass(PassRegistry &); void initializeX86FlagsCopyLoweringPassPass(PassRegistry &); -void initializeX86LoadValueInjectionLoadHardeningPassPass(PassRegistry &); void initializeX86LoadValueInjectionRetHardeningPassPass(PassRegistry &); void initializeX86OptimizeLEAPassPass(PassRegistry &); void initializeX86PartialReductionPass(PassRegistry &); diff --git a/llvm/lib/Target/X86/X86.td b/llvm/lib/Target/X86/X86.td index 7bee814232b7..13ccf3c940b9 100644 --- a/llvm/lib/Target/X86/X86.td +++ b/llvm/lib/Target/X86/X86.td @@ -442,13 +442,6 @@ def FeatureLVIControlFlowIntegrity "LFENCE instruction to serialize control flow. Also decompose RET " "instructions into a POP+LFENCE+JMP sequence.">; -// Mitigate LVI attacks against data loads -def FeatureLVILoadHardening - : SubtargetFeature< - "lvi-load-hardening", "UseLVILoadHardening", "true", - "Insert LFENCE instructions to prevent data speculatively injected " - "into loads from being used maliciously.">; - // Direct Move instructions. def FeatureMOVDIRI : SubtargetFeature<"movdiri", "HasMOVDIRI", "true", "Support movdiri instruction">; diff --git a/llvm/lib/Target/X86/X86LoadValueInjectionLoadHardening.cpp b/llvm/lib/Target/X86/X86LoadValueInjectionLoadHardening.cpp deleted file mode 100644 index 7c027e5fca67..000000000000 --- a/llvm/lib/Target/X86/X86LoadValueInjectionLoadHardening.cpp +++ /dev/null @@ -1,586 +0,0 @@ -//==-- X86LoadValueInjectionLoadHardening.cpp - LVI load hardening for x86 --=// -// -// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. -// See https://llvm.org/LICENSE.txt for license information. -// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception -// -//===----------------------------------------------------------------------===// -/// -/// Description: This pass finds Load Value Injection (LVI) gadgets consisting -/// of a load from memory (i.e., SOURCE), and any operation that may transmit -/// the value loaded from memory over a covert channel, or use the value loaded -/// from memory to determine a branch/call target (i.e., SINK). -/// -//===----------------------------------------------------------------------===// - -#include "ImmutableGraph.h" -#include "X86.h" -#include "X86Subtarget.h" -#include "X86TargetMachine.h" -#include "llvm/ADT/DenseMap.h" -#include "llvm/ADT/DenseSet.h" -#include "llvm/ADT/SmallSet.h" -#include "llvm/ADT/Statistic.h" -#include "llvm/ADT/StringRef.h" -#include "llvm/CodeGen/MachineBasicBlock.h" -#include "llvm/CodeGen/MachineDominanceFrontier.h" -#include "llvm/CodeGen/MachineDominators.h" -#include "llvm/CodeGen/MachineFunction.h" -#include "llvm/CodeGen/MachineFunctionPass.h" -#include "llvm/CodeGen/MachineInstr.h" -#include "llvm/CodeGen/MachineInstrBuilder.h" -#include "llvm/CodeGen/MachineLoopInfo.h" -#include "llvm/CodeGen/MachineRegisterInfo.h" -#include "llvm/CodeGen/RDFGraph.h" -#include "llvm/CodeGen/RDFLiveness.h" -#include "llvm/InitializePasses.h" -#include "llvm/Support/CommandLine.h" -#include "llvm/Support/DOTGraphTraits.h" -#include "llvm/Support/Debug.h" -#include "llvm/Support/GraphWriter.h" -#include "llvm/Support/raw_ostream.h" - -using namespace llvm; - -#define PASS_KEY "x86-lvi-load" -#define DEBUG_TYPE PASS_KEY - -STATISTIC(NumFunctionsConsidered, "Number of functions analyzed"); -STATISTIC(NumFunctionsMitigated, "Number of functions for which mitigations " - "were deployed"); -STATISTIC(NumGadgets, "Number of LVI gadgets detected during analysis"); - -static cl::opt<bool> NoConditionalBranches( - PASS_KEY "-no-cbranch", - cl::desc("Don't treat conditional branches as disclosure gadgets. This " - "may improve performance, at the cost of security."), - cl::init(false), cl::Hidden); - -static cl::opt<bool> EmitDot( - PASS_KEY "-dot", - cl::desc( - "For each function, emit a dot graph depicting potential LVI gadgets"), - cl::init(false), cl::Hidden); - -static cl::opt<bool> EmitDotOnly( - PASS_KEY "-dot-only", - cl::desc("For each function, emit a dot graph depicting potential LVI " - "gadgets, and do not insert any fences"), - cl::init(false), cl::Hidden); - -static cl::opt<bool> EmitDotVerify( - PASS_KEY "-dot-verify", - cl::desc("For each function, emit a dot graph to stdout depicting " - "potential LVI gadgets, used for testing purposes only"), - cl::init(false), cl::Hidden); - -static cl::opt<bool> NoFixedLoads( - PASS_KEY "-no-fixed", - cl::desc("Don't mitigate RIP-relative or RSP-relative loads. This " - "may improve performance, at the cost of security."), - cl::init(false), cl::Hidden); - -#define ARG_NODE nullptr -#define GADGET_EDGE ((int)(-1)) -#define WEIGHT(EdgeValue) ((double)(2 * (EdgeValue) + 1)) - -namespace { - -class X86LoadValueInjectionLoadHardeningPass : public MachineFunctionPass { -public: - X86LoadValueInjectionLoadHardeningPass() : MachineFunctionPass(ID) {} - - StringRef getPassName() const override { - return "X86 Load Value Injection (LVI) Load Hardening"; - } - void getAnalysisUsage(AnalysisUsage &AU) const override; - bool runOnMachineFunction(MachineFunction &MF) override; - - static char ID; - -private: - struct MachineGadgetGraph : ImmutableGraph<MachineInstr *, int> { - using GraphT = ImmutableGraph<MachineInstr *, int>; - using Node = typename GraphT::Node; - using Edge = typename GraphT::Edge; - using size_type = typename GraphT::size_type; - MachineGadgetGraph(Node *Nodes, size_type NodesSize, Edge *Edges, - size_type EdgesSize, int NumFences = 0, - int NumGadgets = 0) - : GraphT{Nodes, NodesSize, Edges, EdgesSize}, NumFences{NumFences}, - NumGadgets{NumGadgets} {} - MachineFunction &getMF() { // FIXME: This function should be cleaner - for (Node *NI = nodes_begin(), *const NE = nodes_end(); NI != NE; ++NI) { - if (NI->value()) { - return *NI->value()->getMF(); - } - } - llvm_unreachable("Could not find a valid node"); - } - static inline bool isCFGEdge(Edge &E) { return E.value() != GADGET_EDGE; } - static inline bool isGadgetEdge(Edge &E) { - return E.value() == GADGET_EDGE; - } - int NumFences; - int NumGadgets; - }; - friend struct llvm::DOTGraphTraits<MachineGadgetGraph *>; - using GTraits = llvm::GraphTraits<MachineGadgetGraph *>; - using GraphBuilder = ImmutableGraphBuilder<MachineGadgetGraph>; - using EdgeSet = MachineGadgetGraph::EdgeSet; - using Gadget = std::pair<MachineInstr *, MachineInstr *>; - - const X86Subtarget *STI; - const TargetInstrInfo *TII; - const TargetRegisterInfo *TRI; - - int hardenLoads(MachineFunction &MF, bool Fixed) const; - std::unique_ptr<MachineGadgetGraph> - getGadgetGraph(MachineFunction &MF, const MachineLoopInfo &MLI, - const MachineDominatorTree &MDT, - const MachineDominanceFrontier &MDF, bool FixedLoads) const; - - bool instrUsesRegToAccessMemory(const MachineInstr &I, unsigned Reg) const; - bool instrUsesRegToBranch(const MachineInstr &I, unsigned Reg) const; - template <unsigned K> bool hasLoadFrom(const MachineInstr &MI) const; - bool instrAccessesStackSlot(const MachineInstr &MI) const; - bool instrAccessesConstantPool(const MachineInstr &MI) const; - bool instrAccessesGOT(const MachineInstr &MI) const; - inline bool instrIsFixedAccess(const MachineInstr &MI) const { - return instrAccessesConstantPool(MI) || instrAccessesStackSlot(MI) || - instrAccessesGOT(MI); - } - inline bool isFence(const MachineInstr *MI) const { - return MI && (MI->getOpcode() == X86::LFENCE || - (STI->useLVIControlFlowIntegrity() && MI->isCall())); - } -}; - -} // end anonymous namespace - -namespace llvm { - -template <> -struct GraphTraits<X86LoadValueInjectionLoadHardeningPass::MachineGadgetGraph *> - : GraphTraits<ImmutableGraph<MachineInstr *, int> *> {}; - -template <> -struct DOTGraphTraits< - X86LoadValueInjectionLoadHardeningPass::MachineGadgetGraph *> - : DefaultDOTGraphTraits { - using GraphType = X86LoadValueInjectionLoadHardeningPass::MachineGadgetGraph; - using Traits = X86LoadValueInjectionLoadHardeningPass::GTraits; - using NodeRef = typename Traits::NodeRef; - using EdgeRef = typename Traits::EdgeRef; - using ChildIteratorType = typename Traits::ChildIteratorType; - using ChildEdgeIteratorType = typename Traits::ChildEdgeIteratorType; - - DOTGraphTraits(bool isSimple = false) : DefaultDOTGraphTraits(isSimple) {} - - static std::string getGraphName(GraphType *G) { - std::string GraphName{"Speculative gadgets for \""}; - GraphName += G->getMF().getName(); - GraphName += "\" function"; - return GraphName; - } - - std::string getNodeLabel(NodeRef Node, GraphType *) { - std::string str; - raw_string_ostream str_stream{str}; - if (Node->value() == ARG_NODE) - return "ARGS"; - str_stream << *Node->value(); - return str_stream.str(); - } - - static std::string getNodeAttributes(NodeRef Node, GraphType *) { - MachineInstr *MI = Node->value(); - if (MI == ARG_NODE) - return "color = blue"; - else if (MI->getOpcode() == X86::LFENCE) - return "color = green"; - else - return ""; - } - - static std::string getEdgeAttributes(NodeRef, ChildIteratorType E, - GraphType *) { - int EdgeVal = (*E.getCurrent()).value(); - return EdgeVal >= 0 ? "label = " + std::to_string(EdgeVal) - : "color = red, style = \"dashed\""; - } -}; - -} // end namespace llvm - -char X86LoadValueInjectionLoadHardeningPass::ID = 0; - -void X86LoadValueInjectionLoadHardeningPass::getAnalysisUsage( - AnalysisUsage &AU) const { - MachineFunctionPass::getAnalysisUsage(AU); - AU.addRequired<MachineLoopInfo>(); - AU.addRequired<MachineDominatorTree>(); - AU.addRequired<MachineDominanceFrontier>(); - AU.setPreservesCFG(); -} - -bool X86LoadValueInjectionLoadHardeningPass::runOnMachineFunction( - MachineFunction &MF) { - LLVM_DEBUG(dbgs() << "***** " << getPassName() << " : " << MF.getName() - << " *****\n"); - STI = &MF.getSubtarget<X86Subtarget>(); - if (!STI->useLVILoadHardening() || !STI->is64Bit()) - return false; // FIXME: support 32-bit - - // Don't skip functions with the "optnone" attr but participate in opt-bisect. - const Function &F = MF.getFunction(); - if (!F.hasOptNone() && skipFunction(F)) - return false; - - ++NumFunctionsConsidered; - TII = STI->getInstrInfo(); - TRI = STI->getRegisterInfo(); - LLVM_DEBUG(dbgs() << "Hardening data-dependent loads...\n"); - hardenLoads(MF, false); - LLVM_DEBUG(dbgs() << "Hardening data-dependent loads... Done\n"); - if (!NoFixedLoads) { - LLVM_DEBUG(dbgs() << "Hardening fixed loads...\n"); - hardenLoads(MF, true); - LLVM_DEBUG(dbgs() << "Hardening fixed loads... Done\n"); - } - return false; -} - -// Apply the mitigation to `MF`, return the number of fences inserted. -// If `FixedLoads` is `true`, then the mitigation will be applied to fixed -// loads; otherwise, mitigation will be applied to non-fixed loads. -int X86LoadValueInjectionLoadHardeningPass::hardenLoads(MachineFunction &MF, - bool FixedLoads) const { - LLVM_DEBUG(dbgs() << "Building gadget graph...\n"); - const auto &MLI = getAnalysis<MachineLoopInfo>(); - const auto &MDT = getAnalysis<MachineDominatorTree>(); - const auto &MDF = getAnalysis<MachineDominanceFrontier>(); - std::unique_ptr<MachineGadgetGraph> Graph = - getGadgetGraph(MF, MLI, MDT, MDF, FixedLoads); - LLVM_DEBUG(dbgs() << "Building gadget graph... Done\n"); - if (Graph == nullptr) - return 0; // didn't find any gadgets - - if (EmitDotVerify) { - WriteGraph(outs(), Graph.get()); - return 0; - } - - if (EmitDot || EmitDotOnly) { - LLVM_DEBUG(dbgs() << "Emitting gadget graph...\n"); - std::error_code FileError; - std::string FileName = "lvi."; - if (FixedLoads) - FileName += "fixed."; - FileName += Graph->getMF().getName(); - FileName += ".dot"; - raw_fd_ostream FileOut(FileName, FileError); - if (FileError) - errs() << FileError.message(); - WriteGraph(FileOut, Graph.get()); - FileOut.close(); - LLVM_DEBUG(dbgs() << "Emitting gadget graph... Done\n"); - if (EmitDotOnly) - return 0; - } - - return 0; -} - -std::unique_ptr<X86LoadValueInjectionLoadHardeningPass::MachineGadgetGraph> -X86LoadValueInjectionLoadHardeningPass::getGadgetGraph( - MachineFunction &MF, const MachineLoopInfo &MLI, - const MachineDominatorTree &MDT, const MachineDominanceFrontier &MDF, - bool FixedLoads) const { - using namespace rdf; - - // Build the Register Dataflow Graph using the RDF framework - TargetOperandInfo TOI{*TII}; - DataFlowGraph DFG{MF, *TII, *TRI, MDT, MDF, TOI}; - DFG.build(); - Liveness L{MF.getRegInfo(), DFG}; - L.computePhiInfo(); - - GraphBuilder Builder; - using GraphIter = typename GraphBuilder::NodeRef; - DenseMap<MachineInstr *, GraphIter> NodeMap; - int FenceCount = 0; - auto MaybeAddNode = [&NodeMap, &Builder](MachineInstr *MI) { - auto Ref = NodeMap.find(MI); - if (Ref == NodeMap.end()) { - auto I = Builder.addVertex(MI); - NodeMap[MI] = I; - return std::pair<GraphIter, bool>{I, true}; - } else { - return std::pair<GraphIter, bool>{Ref->getSecond(), false}; - } - }; - - // Analyze all machine instructions to find gadgets and LFENCEs, adding - // each interesting value to `Nodes` - DenseSet<std::pair<GraphIter, GraphIter>> GadgetEdgeSet; - auto AnalyzeDef = [&](NodeAddr<DefNode *> Def) { - MachineInstr *MI = Def.Addr->getFlags() & NodeAttrs::PhiRef - ? ARG_NODE - : Def.Addr->getOp().getParent(); - auto AnalyzeUse = [&](NodeAddr<UseNode *> Use) { - assert(!(Use.Addr->getFlags() & NodeAttrs::PhiRef)); - MachineOperand &UseMO = Use.Addr->getOp(); - MachineInstr &UseMI = *UseMO.getParent(); - assert(UseMO.isReg()); - // We naively assume that an instruction propagates any loaded Uses - // to all Defs, unless the instruction is a call - if (UseMI.isCall()) - return false; - if (instrUsesRegToAccessMemory(UseMI, UseMO.getReg()) || - (!NoConditionalBranches && - instrUsesRegToBranch(UseMI, UseMO.getReg()))) { // found a gadget! - // add the root of this chain - auto GadgetBegin = MaybeAddNode(MI); - // and the instruction that (transitively) discloses the root - auto GadgetEnd = MaybeAddNode(&UseMI); - if (GadgetEdgeSet.insert({GadgetBegin.first, GadgetEnd.first}).second) - Builder.addEdge(GADGET_EDGE, GadgetBegin.first, GadgetEnd.first); - if (UseMI.mayLoad()) // FIXME: This should be more precise - return false; // stop traversing further uses of `Reg` - } - return true; - }; - SmallSet<NodeId, 8> NodesVisited; - std::function<void(NodeAddr<DefNode *>)> AnalyzeDefUseChain = - [&](NodeAddr<DefNode *> Def) { - if (Def.Addr->getAttrs() & NodeAttrs::Dead) - return; - RegisterRef DefReg = DFG.getPRI().normalize(Def.Addr->getRegRef(DFG)); - NodeList Uses; - for (auto UseID : L.getAllReachedUses(DefReg, Def)) { - auto Use = DFG.addr<UseNode *>(UseID); - if (Use.Addr->getFlags() & NodeAttrs::PhiRef) { // phi node - NodeAddr<PhiNode *> Phi = Use.Addr->getOwner(DFG); - for (auto I : L.getRealUses(Phi.Id)) { - if (DFG.getPRI().alias(RegisterRef(I.first), DefReg)) { - for (auto UA : I.second) { - auto PhiUse = DFG.addr<UseNode *>(UA.first); - Uses.push_back(PhiUse); - } - } - } - } else { // not a phi node - Uses.push_back(Use); - } - } - for (auto N : Uses) { - NodeAddr<UseNode *> Use{N}; - if (NodesVisited.insert(Use.Id).second && AnalyzeUse(Use)) { - NodeAddr<InstrNode *> Owner{Use.Addr->getOwner(DFG)}; - NodeList Defs = Owner.Addr->members_if(DataFlowGraph::IsDef, DFG); - std::for_each(Defs.begin(), Defs.end(), AnalyzeDefUseChain); - } - } - }; - AnalyzeDefUseChain(Def); - }; - - LLVM_DEBUG(dbgs() << "Analyzing def-use chains to find gadgets\n"); - // Analyze function arguments - if (!FixedLoads) { // only need to analyze function args once - NodeAddr<BlockNode *> EntryBlock = DFG.getFunc().Addr->getEntryBlock(DFG); - for (NodeAddr<PhiNode *> ArgPhi : - EntryBlock.Addr->members_if(DataFlowGraph::IsPhi, DFG)) { - NodeList Defs = ArgPhi.Addr->members_if(DataFlowGraph::IsDef, DFG); - std::for_each(Defs.begin(), Defs.end(), AnalyzeDef); - } - } - // Analyze every instruction in MF - for (NodeAddr<BlockNode *> BA : DFG.getFunc().Addr->members(DFG)) { - for (NodeAddr<StmtNode *> SA : - BA.Addr->members_if(DataFlowGraph::IsCode<NodeAttrs::Stmt>, DFG)) { - MachineInstr *MI = SA.Addr->getCode(); - if (isFence(MI)) { - MaybeAddNode(MI); - ++FenceCount; - } else if (MI->mayLoad() && ((FixedLoads && instrIsFixedAccess(*MI)) || - (!FixedLoads && !instrIsFixedAccess(*MI)))) { - NodeList Defs = SA.Addr->members_if(DataFlowGraph::IsDef, DFG); - std::for_each(Defs.begin(), Defs.end(), AnalyzeDef); - } - } - } - int GadgetCount = static_cast<int>(GadgetEdgeSet.size()); - LLVM_DEBUG(dbgs() << "Found " << FenceCount << " fences\n"); - LLVM_DEBUG(dbgs() << "Found " << GadgetCount << " gadgets\n"); - if (GadgetCount == 0) - return nullptr; - NumGadgets += GadgetCount; - - // Traverse CFG to build the rest of the graph - SmallSet<MachineBasicBlock *, 8> BlocksVisited; - std::function<void(MachineBasicBlock *, GraphIter, unsigned)> TraverseCFG = - [&](MachineBasicBlock *MBB, GraphIter GI, unsigned ParentDepth) { - unsigned LoopDepth = MLI.getLoopDepth(MBB); - if (!MBB->empty()) { - // Always add the first instruction in each block - auto NI = MBB->begin(); - auto BeginBB = MaybeAddNode(&*NI); - Builder.addEdge(ParentDepth, GI, BeginBB.first); - if (!BlocksVisited.insert(MBB).second) - return; - - // Add any instructions within the block that are gadget components - GI = BeginBB.first; - while (++NI != MBB->end()) { - auto Ref = NodeMap.find(&*NI); - if (Ref != NodeMap.end()) { - Builder.addEdge(LoopDepth, GI, Ref->getSecond()); - GI = Ref->getSecond(); - } - } - - // Always add the terminator instruction, if one exists - auto T = MBB->getFirstTerminator(); - if (T != MBB->end()) { - auto EndBB = MaybeAddNode(&*T); - if (EndBB.second) - Builder.addEdge(LoopDepth, GI, EndBB.first); - GI = EndBB.first; - } - } - for (MachineBasicBlock *Succ : MBB->successors()) - TraverseCFG(Succ, GI, LoopDepth); - }; - // ARG_NODE is a pseudo-instruction that represents MF args in the GadgetGraph - GraphIter ArgNode = MaybeAddNode(ARG_NODE).first; - TraverseCFG(&MF.front(), ArgNode, 0); - std::unique_ptr<MachineGadgetGraph> G{Builder.get(FenceCount, GadgetCount)}; - LLVM_DEBUG(dbgs() << "Found " << GTraits::size(G.get()) << " nodes\n"); - return G; -} - -bool X86LoadValueInjectionLoadHardeningPass::instrUsesRegToAccessMemory( - const MachineInstr &MI, unsigned Reg) const { - if (!MI.mayLoadOrStore() || MI.getOpcode() == X86::MFENCE || - MI.getOpcode() == X86::SFENCE || MI.getOpcode() == X86::LFENCE) - return false; - - // FIXME: This does not handle pseudo loading instruction like TCRETURN* - const MCInstrDesc &Desc = MI.getDesc(); - int MemRefBeginIdx = X86II::getMemoryOperandNo(Desc.TSFlags); - if (MemRefBeginIdx < 0) { - LLVM_DEBUG(dbgs() << "Warning: unable to obtain memory operand for loading " - "instruction:\n"; - MI.print(dbgs()); dbgs() << '\n';); - return false; - } - MemRefBeginIdx += X86II::getOperandBias(Desc); - - const MachineOperand &BaseMO = - MI.getOperand(MemRefBeginIdx + X86::AddrBaseReg); - const MachineOperand &IndexMO = - MI.getOperand(MemRefBeginIdx + X86::AddrIndexReg); - return (BaseMO.isReg() && BaseMO.getReg() != X86::NoRegister && - TRI->regsOverlap(BaseMO.getReg(), Reg)) || - (IndexMO.isReg() && IndexMO.getReg() != X86::NoRegister && - TRI->regsOverlap(IndexMO.getReg(), Reg)); -} - -bool X86LoadValueInjectionLoadHardeningPass::instrUsesRegToBranch( - const MachineInstr &MI, unsigned Reg) const { - if (!MI.isConditionalBranch()) - return false; - for (const MachineOperand &Use : MI.uses()) - if (Use.isReg() && Use.getReg() == Reg) - return true; - return false; -} - -template <unsigned K> -bool X86LoadValueInjectionLoadHardeningPass::hasLoadFrom( - const MachineInstr &MI) const { - for (auto &MMO : MI.memoperands()) { - const PseudoSourceValue *PSV = MMO->getPseudoValue(); - if (PSV && PSV->kind() == K && MMO->isLoad()) - return true; - } - return false; -} - -bool X86LoadValueInjectionLoadHardeningPass::instrAccessesStackSlot( - const MachineInstr &MI) const { - // Check the PSV first - if (hasLoadFrom<PseudoSourceValue::PSVKind::FixedStack>(MI)) - return true; - // Some loads are not marked with a PSV, so we always need to double check - const MCInstrDesc &Desc = MI.getDesc(); - int MemRefBeginIdx = X86II::getMemoryOperandNo(Desc.TSFlags); - if (MemRefBeginIdx < 0) - return false; - MemRefBeginIdx += X86II::getOperandBias(Desc); - return MI.getOperand(MemRefBeginIdx + X86::AddrBaseReg).isFI() && - MI.getOperand(MemRefBeginIdx + X86::AddrScaleAmt).isImm() && - MI.getOperand(MemRefBeginIdx + X86::AddrIndexReg).isReg() && - MI.getOperand(MemRefBeginIdx + X86::AddrDisp).isImm() && - MI.getOperand(MemRefBeginIdx + X86::AddrScaleAmt).getImm() == 1 && - MI.getOperand(MemRefBeginIdx + X86::AddrIndexReg).getReg() == - X86::NoRegister && - MI.getOperand(MemRefBeginIdx + X86::AddrDisp).getImm() == 0; -} - -bool X86LoadValueInjectionLoadHardeningPass::instrAccessesConstantPool( - const MachineInstr &MI) const { - if (hasLoadFrom<PseudoSourceValue::PSVKind::ConstantPool>(MI)) - return true; - const MCInstrDesc &Desc = MI.getDesc(); - int MemRefBeginIdx = X86II::getMemoryOperandNo(Desc.TSFlags); - if (MemRefBeginIdx < 0) - return false; - MemRefBeginIdx += X86II::getOperandBias(Desc); - return MI.getOperand(MemRefBeginIdx + X86::AddrBaseReg).isReg() && - MI.getOperand(MemRefBeginIdx + X86::AddrScaleAmt).isImm() && - MI.getOperand(MemRefBeginIdx + X86::AddrIndexReg).isReg() && - MI.getOperand(MemRefBeginIdx + X86::AddrDisp).isCPI() && - (MI.getOperand(MemRefBeginIdx + X86::AddrBaseReg).getReg() == - X86::RIP || - MI.getOperand(MemRefBeginIdx + X86::AddrBaseReg).getReg() == - X86::NoRegister) && - MI.getOperand(MemRefBeginIdx + X86::AddrScaleAmt).getImm() == 1 && - MI.getOperand(MemRefBeginIdx + X86::AddrIndexReg).getReg() == - X86::NoRegister; -} - -bool X86LoadValueInjectionLoadHardeningPass::instrAccessesGOT( - const MachineInstr &MI) const { - if (hasLoadFrom<PseudoSourceValue::PSVKind::GOT>(MI)) - return true; - const MCInstrDesc &Desc = MI.getDesc(); - int MemRefBeginIdx = X86II::getMemoryOperandNo(Desc.TSFlags); - if (MemRefBeginIdx < 0) - return false; - MemRefBeginIdx += X86II::getOperandBias(Desc); - return MI.getOperand(MemRefBeginIdx + X86::AddrBaseReg).isReg() && - MI.getOperand(MemRefBeginIdx + X86::AddrScaleAmt).isImm() && - MI.getOperand(MemRefBeginIdx + X86::AddrIndexReg).isReg() && - MI.getOperand(MemRefBeginIdx + X86::AddrDisp).getTargetFlags() == - X86II::MO_GOTPCREL && - MI.getOperand(MemRefBeginIdx + X86::AddrBaseReg).getReg() == - X86::RIP && - MI.getOperand(MemRefBeginIdx + X86::AddrScaleAmt).getImm() == 1 && - MI.getOperand(MemRefBeginIdx + X86::AddrIndexReg).getReg() == - X86::NoRegister; -} - -INITIALIZE_PASS_BEGIN(X86LoadValueInjectionLoadHardeningPass, PASS_KEY, - "X86 LVI load hardening", false, false) -INITIALIZE_PASS_DEPENDENCY(MachineLoopInfo) -INITIALIZE_PASS_DEPENDENCY(MachineDominatorTree) -INITIALIZE_PASS_DEPENDENCY(MachineDominanceFrontier) -INITIALIZE_PASS_END(X86LoadValueInjectionLoadHardeningPass, PASS_KEY, - "X86 LVI load hardening", false, false) - -FunctionPass *llvm::createX86LoadValueInjectionLoadHardeningPass() { - return new X86LoadValueInjectionLoadHardeningPass(); -} diff --git a/llvm/lib/Target/X86/X86Subtarget.h b/llvm/lib/Target/X86/X86Subtarget.h index b4ad50d88062..a23588a07e57 100644 --- a/llvm/lib/Target/X86/X86Subtarget.h +++ b/llvm/lib/Target/X86/X86Subtarget.h @@ -434,10 +434,6 @@ class X86Subtarget final : public X86GenSubtargetInfo { /// POP+LFENCE+JMP sequence. bool UseLVIControlFlowIntegrity = false; - /// Insert LFENCE instructions to prevent data speculatively injected into - /// loads from being used maliciously. - bool UseLVILoadHardening = false; - /// Use software floating point for code generation. bool UseSoftFloat = false; @@ -739,7 +735,6 @@ class X86Subtarget final : public X86GenSubtargetInfo { bool preferMaskRegisters() const { return PreferMaskRegisters; } bool useGLMDivSqrtCosts() const { return UseGLMDivSqrtCosts; } bool useLVIControlFlowIntegrity() const { return UseLVIControlFlowIntegrity; } - bool useLVILoadHardening() const { return UseLVILoadHardening; } unsigned getPreferVectorWidth() const { return PreferVectorWidth; } unsigned getRequiredVectorWidth() const { return RequiredVectorWidth; } diff --git a/llvm/lib/Target/X86/X86TargetMachine.cpp b/llvm/lib/Target/X86/X86TargetMachine.cpp index 8446ee9f4e03..b2551b64eb0d 100644 --- a/llvm/lib/Target/X86/X86TargetMachine.cpp +++ b/llvm/lib/Target/X86/X86TargetMachine.cpp @@ -83,7 +83,6 @@ extern "C" LLVM_EXTERNAL_VISIBILITY void LLVMInitializeX86Target() { initializeX86SpeculativeLoadHardeningPassPass(PR); initializeX86FlagsCopyLoweringPassPass(PR); initializeX86CondBrFoldingPassPass(PR); - initializeX86LoadValueInjectionLoadHardeningPassPass(PR); initializeX86LoadValueInjectionRetHardeningPassPass(PR); initializeX86OptimizeLEAPassPass(PR); initializeX86PartialReductionPass(PR); @@ -495,7 +494,6 @@ void X86PassConfig::addMachineSSAOptimization() { void X86PassConfig::addPostRegAlloc() { addPass(createX86FloatingPointStackifierPass()); - addPass(createX86LoadValueInjectionLoadHardeningPass()); } void X86PassConfig::addPreSched2() { addPass(createX86ExpandPseudoPass()); } diff --git a/llvm/test/CodeGen/X86/O0-pipeline.ll b/llvm/test/CodeGen/X86/O0-pipeline.ll index 6b6fed0c7f20..9af81b77a70b 100644 --- a/llvm/test/CodeGen/X86/O0-pipeline.ll +++ b/llvm/test/CodeGen/X86/O0-pipeline.ll @@ -55,10 +55,6 @@ ; CHECK-NEXT: Fast Register Allocator ; CHECK-NEXT: Bundle Machine CFG Edges ; CHECK-NEXT: X86 FP Stackifier -; CHECK-NEXT: MachineDominator Tree Construction -; CHECK-NEXT: Machine Natural Loop Construction -; CHECK-NEXT: Machine Dominance Frontier Construction -; CHECK-NEXT: X86 Load Value Injection (LVI) Load Hardening ; CHECK-NEXT: Lazy Machine Block Frequency Analysis ; CHECK-NEXT: Machine Optimization Remark Emitter ; CHECK-NEXT: Prologue/Epilogue Insertion & Frame Finalization diff --git a/llvm/test/CodeGen/X86/O3-pipeline.ll b/llvm/test/CodeGen/X86/O3-pipeline.ll index 92b2b818743b..97ce5082d4f7 100644 --- a/llvm/test/CodeGen/X86/O3-pipeline.ll +++ b/llvm/test/CodeGen/X86/O3-pipeline.ll @@ -139,11 +139,9 @@ ; CHECK-NEXT: Machine Loop Invariant Code Motion ; CHECK-NEXT: Bundle Machine CFG Edges ; CHECK-NEXT: X86 FP Stackifier -; CHECK-NEXT: MachineDominator Tree Construction -; CHECK-NEXT: Machine Dominance Frontier Construction -; CHECK-NEXT: X86 Load Value Injection (LVI) Load Hardening ; CHECK-NEXT: PostRA Machine Sink ; CHECK-NEXT: Machine Block Frequency Analysis +; CHECK-NEXT: MachineDominator Tree Construction ; CHECK-NEXT: MachinePostDominator Tree Construction ; CHECK-NEXT: Lazy Machine Block Frequency Analysis ; CHECK-NEXT: Machine Optimization Remark Emitter diff --git a/llvm/test/CodeGen/X86/lvi-hardening-gadget-graph.ll b/llvm/test/CodeGen/X86/lvi-hardening-gadget-graph.ll deleted file mode 100644 index ba2ce26142b5..000000000000 --- a/llvm/test/CodeGen/X86/lvi-hardening-gadget-graph.ll +++ /dev/null @@ -1,129 +0,0 @@ -; RUN: llc -verify-machineinstrs -mtriple=x86_64-unknown -x86-lvi-load-dot-verify -o %t < %s | FileCheck %s - -; Function Attrs: noinline nounwind optnone uwtable -define dso_local i32 @test(i32* %untrusted_user_ptr, i32* %secret, i32 %secret_size) #0 { -entry: - %untrusted_user_ptr.addr = alloca i32*, align 8 - %secret.addr = alloca i32*, align 8 - %secret_size.addr = alloca i32, align 4 - %ret_val = alloca i32, align 4 - %i = alloca i32, align 4 - store i32* %untrusted_user_ptr, i32** %untrusted_user_ptr.addr, align 8 - store i32* %secret, i32** %secret.addr, align 8 - store i32 %secret_size, i32* %secret_size.addr, align 4 - store i32 0, i32* %ret_val, align 4 - call void @llvm.x86.sse2.lfence() - store i32 0, i32* %i, align 4 - br label %for.cond - -for.cond: ; preds = %for.inc, %entry - %0 = load i32, i32* %i, align 4 - %1 = load i32, i32* %secret_size.addr, align 4 - %cmp = icmp slt i32 %0, %1 - br i1 %cmp, label %for.body, label %for.end - -for.body: ; preds = %for.cond - %2 = load i32, i32* %i, align 4 - %rem = srem i32 %2, 2 - %cmp1 = icmp eq i32 %rem, 0 - br i1 %cmp1, label %if.then, label %if.else - -if.then: ; preds = %for.body - %3 = load i32*, i32** %secret.addr, align 8 - %4 = load i32, i32* %ret_val, align 4 - %idxprom = sext i32 %4 to i64 - %arrayidx = getelementptr inbounds i32, i32* %3, i64 %idxprom - %5 = load i32, i32* %arrayidx, align 4 - %6 = load i32*, i32** %untrusted_user_ptr.addr, align 8 - store i32 %5, i32* %6, align 4 - br label %if.end - -if.else: ; preds = %for.body - %7 = load i32*, i32** %secret.addr, align 8 - %8 = load i32, i32* %ret_val, align 4 - %idxprom2 = sext i32 %8 to i64 - %arrayidx3 = getelementptr inbounds i32, i32* %7, i64 %idxprom2 - store i32 42, i32* %arrayidx3, align 4 - br label %if.end - -if.end: ; preds = %if.else, %if.then - %9 = load i32*, i32** %untrusted_user_ptr.addr, align 8 - %10 = load i32, i32* %9, align 4 - store i32 %10, i32* %ret_val, align 4 - br label %for.inc - -for.inc: ; preds = %if.end - %11 = load i32, i32* %i, align 4 - %inc = add nsw i32 %11, 1 - store i32 %inc, i32* %i, align 4 - br label %for.cond - -for.end: ; preds = %for.cond - %12 = load i32, i32* %ret_val, align 4 - ret i32 %12 -} - -; CHECK: digraph "Speculative gadgets for \"test\" function" { -; CHECK-NEXT: label="Speculative gadgets for \"test\" function"; -; CHECK: Node0x{{[0-9a-f]+}} [shape=record,color = green,label="{LFENCE\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 0]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{renamable $eax = MOV32rm %stack.4.i, 1, $noreg, 0, $noreg :: (dereferenceable load 4 from %ir.i)\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[color = red, style = "dashed"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{JCC_1 %bb.6, 13, implicit killed $eflags\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{CMP32rm killed renamable $eax, %stack.2.secret_size.addr, 1, $noreg, 0, $noreg, implicit-def $eflags :: (dereferenceable load 4 from %ir.secret_size.addr)\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[color = red, style = "dashed"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{renamable $eax = MOV32rm %stack.4.i, 1, $noreg, 0, $noreg :: (dereferenceable load 4 from %ir.i)\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[color = red, style = "dashed"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{JCC_1 %bb.4, 5, implicit killed $eflags\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{renamable $rax = MOV64rm %stack.1.secret.addr, 1, $noreg, 0, $noreg :: (dereferenceable load 8 from %ir.secret.addr)\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[color = red, style = "dashed"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{renamable $eax = MOV32rm killed renamable $rax, 4, killed renamable $rcx, 0, $noreg :: (load 4 from %ir.arrayidx)\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{renamable $rcx = MOVSX64rm32 %stack.3.ret_val, 1, $noreg, 0, $noreg :: (dereferenceable load 4 from %ir.ret_val)\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[color = red, style = "dashed"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{renamable $rcx = MOV64rm %stack.0.untrusted_user_ptr.addr, 1, $noreg, 0, $noreg :: (dereferenceable load 8 from %ir.untrusted_user_ptr.addr)\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[color = red, style = "dashed"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{MOV32mr killed renamable $rcx, 1, $noreg, 0, $noreg, killed renamable $eax :: (store 4 into %ir.6)\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{renamable $rax = MOV64rm %stack.1.secret.addr, 1, $noreg, 0, $noreg :: (dereferenceable load 8 from %ir.secret.addr)\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[color = red, style = "dashed"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{MOV32mi killed renamable $rax, 4, killed renamable $rcx, 0, $noreg, 42 :: (store 4 into %ir.arrayidx3)\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{renamable $rcx = MOVSX64rm32 %stack.3.ret_val, 1, $noreg, 0, $noreg :: (dereferenceable load 4 from %ir.ret_val)\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[color = red, style = "dashed"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{renamable $rax = MOV64rm %stack.0.untrusted_user_ptr.addr, 1, $noreg, 0, $noreg :: (dereferenceable load 8 from %ir.untrusted_user_ptr.addr)\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[color = red, style = "dashed"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{renamable $eax = MOV32rm killed renamable $rax, 1, $noreg, 0, $noreg :: (load 4 from %ir.9)\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,color = blue,label="{ARGS}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 0]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{MOV64mr %stack.0.untrusted_user_ptr.addr, 1, $noreg, 0, $noreg, killed renamable $rdi :: (store 8 into %ir.untrusted_user_ptr.addr)\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 0]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{JMP_1 %bb.5\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{JMP_1 %bb.1\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 1]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{renamable $eax = MOV32rm %stack.3.ret_val, 1, $noreg, 0, $noreg :: (dereferenceable load 4 from %ir.ret_val)\n}"]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} -> Node0x{{[0-9a-f]+}}[label = 0]; -; CHECK-NEXT: Node0x{{[0-9a-f]+}} [shape=record,label="{RET 0, $eax\n}"]; -; CHECK-NEXT: } - -; Function Attrs: nounwind -declare void @llvm.x86.sse2.lfence() #1 - -attributes #0 = { "target-features"="+lvi-cfi" - "target-features"="+lvi-load-hardening" } -attributes #1 = { nounwind } _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
