Please Merge Mitigations for Load Value Injection (LVI) into 10.0.1 #45549
Comments
|
assigned to @topperc |
Can you push all the cherry-picks to a public branch somewhere? This will make it easier for me to review. |
|
@TomStellard I have pushed the cherry-picks to the 10.x.LVI branch of my fork here: https://github.com/scottconstable/llvm-project/tree/10.x.LVI. I think that we should also pick the recently committed 7e06cf0 because it fixes a performance degradation that was observed in -O0 builds (discussed here: https://reviews.llvm.org/D80964). This will also cause a pipeline test conflict when cherry-picked. I have attached the fixed test. |
|
Scott can you add that patch to your branch? |
|
[commit 7e06cf00] X86 lvi-load-hardening test fix |
|
@TomStellard I pushed the requested commit to 10.x.LVI. I also noticed that a different register allocation was causing the lvi-hardening-loads.ll test to fail on 10.x, so I have also attached the fixed file for that issue. |
|
Can you push this as a patch to the branch too? |
|
@TomStellard I have pushed the cherry-pick and the fix as new commits on this branch: https://github.com/scottconstable/llvm-project/tree/10.x.LVI2. |
Why is this commit needed? |
|
Craig, here is the full list of changes, what do you think? |
RDF is a dependency for the vulnerability mitigations. We moved it from Hexagon to Codegen so that X86 users would not have to also build the Hexagon target. |
I think I'm ok with it if you are. Most of the code requires a command line option to run at all. |
|
I've merged these. Please make sure to test the release branch and/or the next release candidate. |
|
Hi Tom, I checked out the updated release branch and everything looks and tests OK. Thanks! |
Extended Description
The following patches provide critical mitigations for the Load Value Injection (LVI) vulnerability: https://software.intel.com/security-software-guidance/software-guidance/load-value-injection.
git cherry-pick 080dd10
git cherry-pick 71e8021
git cherry-pick b1d5810
git cherry-pick 5b519cf
git cherry-pick f95a67d
git cherry-pick c74dd64
git cherry-pick 62c42e2
git cherry-pick a505ad5
git cherry-pick 1d42c0d
git cherry-pick 0505181
git cherry-pick 539163a
git cherry-pick e97a3e5
git cherry-pick 8ce078c
Cherry-picking e97a3e5 onto the 10.x branch creates conflicts in the X86 CodeGen pipeline tests because the pipeline structure has diverged between 11.x and 10.x. The attached O0-pipeline.ll and O3-pipeline.ll files resolve the conflicts.
The text was updated successfully, but these errors were encountered: