[X86] Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI) This pass replaces each indirect call/jump with a direct call to a thunk that looks like: lfence jmpq *%r11 This ensures that if the value in register %r11 was loaded from memory, then the value in %r11 is (architecturally) correct prior to the jump. Also adds a new target feature to X86: +lvi-cfi ("cfi" meaning control-flow integrity) The feature can be added via clang CLI using -mlvi-cfi. This is an alternate implementation to https://reviews.llvm.org/D75934 That merges the thunk insertion functionality with the existing X86 retpoline code. Differential Revision: https://reviews.llvm.org/D76812

commit: 5b519cf1fc6737054cf90b53667e7ddd3a51225f [log] [tgz]
author: Scott Constable <scott.d.constable@intel.com> Thu Apr 02 21:59:47 2020 -0700
committer: Craig Topper <craig.topper@gmail.com> Fri Apr 03 00:34:39 2020 -0700
tree: 46f4c746af6508b7a89391bcb3f6a5a103fe43db
parent: 0a3845b70f4fc36b4656aba9a568a00fdaf5bab4 [diff] [blame]
diff --git a/clang/docs/ClangCommandLineReference.rst b/clang/docs/ClangCommandLineReference.rst
index 51d4f32..511f314 100644
--- a/clang/docs/ClangCommandLineReference.rst
+++ b/clang/docs/ClangCommandLineReference.rst

@@ -2625,6 +2625,10 @@
 
 Generate branches with extended addressability, usually via indirect jumps.
 
+.. option:: -mlvi-cfi, -mno-lvi-cfi
+
+Enable only control-flow mitigations for Load Value Injection (LVI)
+
 .. option:: -mmacosx-version-min=<arg>, -mmacos-version-min=<arg>
 
 Set Mac OS X deployment target
commit	5b519cf1fc6737054cf90b53667e7ddd3a51225f	[log] [tgz]
author	Scott Constable <scott.d.constable@intel.com>	Thu Apr 02 21:59:47 2020 -0700
committer	Craig Topper <craig.topper@gmail.com>	Fri Apr 03 00:34:39 2020 -0700
tree	46f4c746af6508b7a89391bcb3f6a5a103fe43db
parent	0a3845b70f4fc36b4656aba9a568a00fdaf5bab4 [diff] [blame]