[PATCH] D79910: [x86][seses] Add clang flag; Use lvi-cfi with seses

sconstab accepted this revision. sconstab added a comment. This revision is now accepted and ready to land. LGTM. Comment at: clang/lib/Driver/ToolChains/Arch/X86.cpp:200 +if (!Args.hasArg(options::OPT_mno_lvi_cfi)) { + Features.push_back("+lvi-cfi"); + LVIOpt = o

[PATCH] D79910: [x86][seses] Add clang flag; Use lvi-cfi with seses

sconstab added a comment. Any progress on this patch? D75939 has been merged, but the SESES feature will not be secure until it has CFI protections. Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D79910/new/ https:/

[PATCH] D79910: [x86][seses] Add clang flag; Use lvi-cfi with seses

sconstab added inline comments. Comment at: clang/lib/Driver/ToolChains/Arch/X86.cpp:200 +if (!Args.hasArg(options::OPT_mno_lvi_cfi)) { + Features.push_back("+lvi-cfi"); + LVIOpt = options::OPT_mlvi_cfi; Would it be better to add `FeatureLVIControlF

[PATCH] D75938: [DO NOT MERGE] X86 Mitigate for Load Value Injection (LVI)--All Code

sconstab abandoned this revision. sconstab added a comment. Changes have been merged. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D75938/new/ https://reviews.llvm.org/D75938 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://l

[PATCH] D75936: Add a Pass to X86 that builds a Condensed CFG for Load Value Injection (LVI) Gadgets [4/6]

sconstab added a comment. In D75936#2032027 , @nikic wrote: > This change causes a 0.8% compile-time regression for unoptimized builds >

[PATCH] D75936: Add a Pass to X86 that builds a Condensed CFG for Load Value Injection (LVI) Gadgets [4/6]

sconstab added inline comments. Comment at: llvm/lib/Target/X86/X86LoadValueInjectionLoadHardening.cpp:295 +std::function)> AnalyzeDefUseChain = +[&](NodeAddr Def) { + if (Transmitters.find(Def.Id) != Transmitters.end()) mattdr wrote: > fwiw,

[PATCH] D75936: Add a Pass to X86 that builds a Condensed CFG for Load Value Injection (LVI) Gadgets [4/6]

sconstab updated this revision to Diff 262816. sconstab marked 9 inline comments as done. sconstab added a comment. Addressed comments by @mattdr. Several comments in the code have been updated, but the code has not changed. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D75936/new/ http

[PATCH] D75936: Add a Pass to X86 that builds a Condensed CFG for Load Value Injection (LVI) Gadgets [4/6]

sconstab updated this revision to Diff 261968. sconstab marked 9 inline comments as done. sconstab added a comment. Herald added a subscriber: mgrang. Addressed the previously unaddressed comments, as pointed out by @craig.topper. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D75936/new/

[PATCH] D75936: Add a Pass to X86 that builds a Condensed CFG for Load Value Injection (LVI) Gadgets [4/6]

sconstab added inline comments. Comment at: llvm/lib/Target/X86/X86LoadValueInjectionLoadHardening.cpp:322 + DenseSet> GadgetEdgeSet; + auto AnalyzeUse = [&](NodeAddr Use, MachineInstr *MI) { +assert(!(Use.Addr->getFlags() & NodeAttrs::PhiRef)); craig.toppe

[PATCH] D75936: Add a Pass to X86 that builds a Condensed CFG for Load Value Injection (LVI) Gadgets [4/6]

sconstab updated this revision to Diff 260439. sconstab added a comment. Removed the `-x86-lvi-no-fixed` CLI flag. This change simplifies the code flow quite a bit. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D75936/new/ https://reviews.llvm.org/D75936 Files: clang/include/clang/Dr

[PATCH] D76458: Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI) [by modifying X86RetpolineThunks.cpp]

sconstab abandoned this revision. sconstab added a comment. Superseded by D76810 , D76811 , and D76812 . CHANGES SINCE LAST ACTION https://reviews.llvm.org/D76458/new/ https://reviews.llvm.org/

[PATCH] D75936: Add a Pass to X86 that builds a Condensed CFG for Load Value Injection (LVI) Gadgets [4/6]

sconstab added inline comments. Comment at: llvm/lib/Target/X86/X86LoadValueInjectionLoadHardening.cpp:233 + if (!STI->useLVILoadHardening() || !STI->is64Bit()) +return false; // FIXME: support 32-bit + craig.topper wrote: > sconstab wrote: > > mattdr wrote:

[PATCH] D75936: Add a Pass to X86 that builds a Condensed CFG for Load Value Injection (LVI) Gadgets [4/6]

sconstab added inline comments. Comment at: llvm/lib/Target/X86/ImmutableGraph.h:73 +// The end of this Node's edges is the beginning of the next node's edges. +const Edge *edges_end() const { return (this + 1)->Edges; } +ArrayRef edges() const { matt

[PATCH] D75936: Add a Pass to X86 that builds a Condensed CFG for Load Value Injection (LVI) Gadgets [4/6]

sconstab added a comment. Summary points for @craig.topper who has commandeered this diff: - fix the typo that Matt pointed out - `SizeT` should not be a template parameter, and `size_type` should be fixed to `int`. - Maybe have a member reference in `MachineGadgetGraph` to the associated `Mach

[PATCH] D75936: Add a Pass to X86 that builds a Condensed CFG for Load Value Injection (LVI) Gadgets [4/6]

sconstab added inline comments. Comment at: llvm/lib/Target/X86/ImmutableGraph.h:307 +public: + using NodeRef = size_type; + Just noticed that `ImmutableGraphBuilder` and `ImmutableGraph` have non-identical types called `NodeRef`. Suggest renaming this one to

[PATCH] D75936: Add a Pass to X86 that builds a Condensed CFG for Load Value Injection (LVI) Gadgets [4/6]

sconstab added a comment. Overall, the restyling by @craig.topper looks much better than what I had committed before. I agree that `std::unique_ptr` is the right "container" in this circumstance. And the addition of `ArrayRef<>` accessors is also a nice touch. A few extra inline comments. ==

[PATCH] D75936: Add a Pass to X86 that builds a Condensed CFG for Load Value Injection (LVI) Gadgets [4/6]

sconstab added inline comments. Comment at: llvm/lib/Target/X86/ImmutableGraph.h:285 + std::unique_ptr Edges; + size_type EdgesSize; +}; @craig.topper It now occurs to me that these fields should probably be reordered to: ``` std::unique_ptr Nodes; std::un

[PATCH] D75936: Add a Pass to X86 that builds a Condensed CFG for Load Value Injection (LVI) Gadgets [4/6]

sconstab added inline comments. Comment at: llvm/lib/Target/X86/ImmutableGraph.h:318 +} +auto *VertexArray = new Node[VertexSize + 1 /* terminator node */]; +auto *EdgeArray = new Edge[EdgeSize]; mattdr wrote: > sconstab wrote: > > mattdr wrote: > > >

[PATCH] D75936: Add a Pass to X86 that builds a Condensed CFG for Load Value Injection (LVI) Gadgets [4/6]

sconstab added inline comments. Comment at: llvm/lib/Target/X86/ImmutableGraph.h:318 +} +auto *VertexArray = new Node[VertexSize + 1 /* terminator node */]; +auto *EdgeArray = new Edge[EdgeSize]; mattdr wrote: > As a general rule `new` is a code-smell

[PATCH] D77431: [X86] Add tests to clang Driver to ensure that SLH/Retpoline features are not enabled with LVI-hardening

sconstab created this revision. sconstab added a reviewer: craig.topper. https://reviews.llvm.org/D77431 Files: clang/test/Driver/x86-target-features.c Index: clang/test/Driver/x86-target-features.c === --- clang/test/Driver/x86-

[PATCH] D77427: [X86] Add tests to clang Driver to ensure that SLH/Retpoline features are not enabled with LVI-CFI

sconstab created this revision. sconstab added a reviewer: craig.topper. https://reviews.llvm.org/D77427 Files: clang/test/Driver/x86-target-features.c Index: clang/test/Driver/x86-target-features.c === --- clang/test/Driver/x86-

[PATCH] D76812: [X86] Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI) [3/3]

sconstab updated this revision to Diff 254276. sconstab added a comment. @craig.topper I think that removing spurious MBBs is not really necessary because the emitted machine code doesn't contain the spurious MBBs, from what I have observed. I added the check anyways, if only because others may

[PATCH] D76812: [X86] Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI) [3/3]

sconstab updated this revision to Diff 253888. sconstab added a comment. Added a comment to the header of X86IndirectThunks.cpp to indicate support for LVI thunks. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D76812/new/ https://reviews.llvm.org/D76812 Files: clang/include/clang/Dri

[PATCH] D76812: [X86] Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI) [3/3]

sconstab created this revision. sconstab added reviewers: craig.topper, andrew.w.kaylor, zbrid, chandlerc. Herald added subscribers: jfb, hiraditya. sconstab added a parent revision: D76811: [X86] Refactor X86IndirectThunks.cpp to Accomodate Mitigations other than Retpoline [2/3]. sconstab retitle

[PATCH] D76458: Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI) [by modifying X86RetpolineThunks.cpp]

sconstab created this revision. sconstab added reviewers: zbrid, craig.topper, andrew.w.kaylor, chandlerc. Herald added subscribers: jfb, hiraditya. This patch is an alternate implementation of D75934 that mitigates LVI indirect calls/jumps by making changes to

[PATCH] D75936: Add a Pass to X86 that builds a Condensed CFG for Load Value Injection (LVI) Gadgets [4/6]

sconstab updated this revision to Diff 251242. sconstab added a comment. Addressed Zola's comments. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D75936/new/ https://reviews.llvm.org/D75936 Files: clang/include/clang/Driver/Options.td clang/lib/Driver/ToolChains/Arch/X86.cpp llvm/

[PATCH] D75936: Add a Pass to X86 that builds a Condensed CFG for Load Value Injection (LVI) Gadgets [4/6]

sconstab marked 5 inline comments as done. sconstab added inline comments. Comment at: llvm/lib/Target/X86/X86LoadValueInjectionLoadHardening.cpp:271 +// Apply the mitigation to `MF`, return the number of fences inserted. +// If `FixedLoads` is `true`, then the mitigation will be

[PATCH] D75934: Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI) [2/6]

sconstab marked 12 inline comments as done. sconstab added inline comments. Comment at: llvm/lib/Target/X86/X86LoadValueInjectionIndirectThunks.cpp:79 + +bool X86LoadValueInjectionIndirectThunksPass::doInitialization(Module &M) { + InsertedThunks = false; zbrid

[PATCH] D75934: Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI) [2/6]

sconstab updated this revision to Diff 251193. sconstab added a comment. Addressed some of Zola's comments, and removed some unnecessary assertions. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D75934/new/ https://reviews.llvm.org/D75934 Files: clang/include/clang/Driver/Options.td

[PATCH] D75936: Add a Pass to X86 that builds a Condensed CFG for Load Value Injection (LVI) Gadgets [4/5]

sconstab updated this revision to Diff 249765. sconstab added a comment. Added help text for the CLI options CHANGES SINCE LAST ACTION https://reviews.llvm.org/D75936/new/ https://reviews.llvm.org/D75936 Files: clang/include/clang/Driver/Options.td clang/lib/Driver/ToolChains/Arch/X86.cp

[PATCH] D75934: Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI) [2/5]

sconstab updated this revision to Diff 249763. sconstab added a comment. Added help text for driver CLI options. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D75934/new/ https://reviews.llvm.org/D75934 Files: clang/include/clang/Driver/Options.td clang/lib/Driver/ToolChains/Arch/X8

[PATCH] D75936: Add a Pass to X86 that builds a Condensed CFG for Load Value Injection (LVI) Gadgets

sconstab created this revision. sconstab added reviewers: craig.topper, andrew.w.kaylor, chandlerc, zbrid. Herald added subscribers: jfb, hiraditya, mgorny. Herald added a project: LLVM. Adds a new data structure, ImmutableGraph, and uses RDF to find LVI gadgets and add them to a MachineGadgetGra

[PATCH] D75934: Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI)

sconstab created this revision. sconstab added reviewers: craig.topper, andrew.w.kaylor, chandlerc, zbrid. Herald added subscribers: jfb, hiraditya, mgorny. Herald added a project: LLVM. This pass replaces each indirect call/jump with a direct call to a thunk that looks like: lfence jmpq *%r

[PATCH] D47802: Allow std::vector to move construct its allocator

fidget324 abandoned this revision. fidget324 added a comment. That's fine. Your patch was much more thorough, anyways. Repository: rCXX libc++ https://reviews.llvm.org/D47802 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.ll

[PATCH] D47802: Allow std::vector to move construct its allocator

fidget324 created this revision. fidget324 added reviewers: hiraditya, EricWF. Herald added a subscriber: cfe-commits. Fix an issue that was preventing std::vector from invoking the move constructor on its allocator when appropriate. Added a constructor to __vector_base which accepts an rvalue re