-
Notifications
You must be signed in to change notification settings - Fork 11.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please Merge Mitigations for Load Value Injection (LVI) into 10.0.1 #45549
Comments
assigned to @topperc |
Can you push all the cherry-picks to a public branch somewhere? This will make it easier for me to review. |
@TomStellard I have pushed the cherry-picks to the 10.x.LVI branch of my fork here: https://github.com/scottconstable/llvm-project/tree/10.x.LVI. I think that we should also pick the recently committed 7e06cf0 because it fixes a performance degradation that was observed in -O0 builds (discussed here: https://reviews.llvm.org/D80964). This will also cause a pipeline test conflict when cherry-picked. I have attached the fixed test. |
Scott can you add that patch to your branch? |
[commit 7e06cf00] X86 lvi-load-hardening test fix |
@TomStellard I pushed the requested commit to 10.x.LVI. I also noticed that a different register allocation was causing the lvi-hardening-loads.ll test to fail on 10.x, so I have also attached the fixed file for that issue. |
Can you push this as a patch to the branch too? |
@TomStellard I have pushed the cherry-pick and the fix as new commits on this branch: https://github.com/scottconstable/llvm-project/tree/10.x.LVI2. |
Why is this commit needed? |
Craig, here is the full list of changes, what do you think? |
RDF is a dependency for the vulnerability mitigations. We moved it from Hexagon to Codegen so that X86 users would not have to also build the Hexagon target. |
I think I'm ok with it if you are. Most of the code requires a command line option to run at all. |
I've merged these. Please make sure to test the release branch and/or the next release candidate. |
Hi Tom, I checked out the updated release branch and everything looks and tests OK. Thanks! |
Extended Description
The following patches provide critical mitigations for the Load Value Injection (LVI) vulnerability: https://software.intel.com/security-software-guidance/software-guidance/load-value-injection.
git cherry-pick 080dd10
git cherry-pick 71e8021
git cherry-pick b1d5810
git cherry-pick 5b519cf
git cherry-pick f95a67d
git cherry-pick c74dd64
git cherry-pick 62c42e2
git cherry-pick a505ad5
git cherry-pick 1d42c0d
git cherry-pick 0505181
git cherry-pick 539163a
git cherry-pick e97a3e5
git cherry-pick 8ce078c
Cherry-picking e97a3e5 onto the 10.x branch creates conflicts in the X86 CodeGen pipeline tests because the pipeline structure has diverged between 11.x and 10.x. The attached O0-pipeline.ll and O3-pipeline.ll files resolve the conflicts.
The text was updated successfully, but these errors were encountered: