Enable LVI hardening for x86_64-fortanix-unknown-sgx #72655
Conversation
|
r? @kennytm (rust_highfive has picked a reviewer for you, use r? to override) |
|
rust-highfive
added
the
S-waiting-on-review
| AR_x86_64_fortanix_unknown_sgx=ar \ | ||
| CC_x86_64_fortanix_unknown_sgx=x86_64-fortanix-unknown-sgx-clang-11 \ | ||
| CFLAGS_x86_64_fortanix_unknown_sgx="-mlvi-hardening -mllvm -x86-experimental-lvi-inline-asm-hardening" \ | ||
| CXX_x86_64_fortanix_unknown_sgx=x86_64-fortanix-unknown-sgx-clang++-11 \ | ||
| CXXFLAGS_x86_64_fortanix_unknown_sgx="-mlvi-hardening -mllvm -x86-experimental-lvi-inline-asm-hardening" \ |
There was a problem hiding this comment.
This whole block is moved from below so the variables are available for the target-specific build scripts as well. These are the only changed (added) lines
| @@ -37,7 +37,9 @@ use crate::{Build, GitRepo}; | |||
| // try to infer the archiver path from the C compiler path. | |||
| // In the future this logic should be replaced by calling into the `cc` crate. | |||
| fn cc2ar(cc: &Path, target: &str) -> Option<PathBuf> { | |||
There was a problem hiding this comment.
I don't think the default that this falls back to (without checking for existence) is good. But I don't want to change it because it might break things.
| # We pass the commit id of the port of LLVM's libunwind to the build script. | ||
| # Any update to the commit id here, should cause the container image to be re-built from this point on. | ||
| RUN /tmp/build-x86_64-fortanix-unknown-sgx-toolchain.sh "5125c169b30837208a842f85f7ae44a83533bd0e" | ||
| RUN /tmp/build-x86_64-fortanix-unknown-sgx-toolchain.sh "800f95131fe6acd20b96b6f4723ca3c820f3d379" |
There was a problem hiding this comment.
jethrogb
force-pushed
the
sgx-lvi-hardening
branch
from
baaca6b
to
94207d5
Compare
|
It's not clear to me that the tools CI failure is related to this PR? |
|
@matthiaskrgr confirms on Discord:
|
jethrogb
force-pushed
the
sgx-lvi-hardening
branch
from
94207d5
to
d3c41f4
Compare
|
This is fixing a known public security vulnerability, can this please be reviewed? |
|
I'm going to rubber stamp the SGX changes since they are target-specific and you are the maintainer, and all other changes look reasonable. |
|
📌 Commit d3c41f4d4595feabf0a1d89b37c993e91fd014d3 has been approved by |
bors
added
S-waiting-on-bors
|
⌛ Testing commit d3c41f4d4595feabf0a1d89b37c993e91fd014d3 with merge 47ae8ce37c58482460bca3b853e99d69ccf36d22... |
|
💔 Test failed - checks-azure |
bors
added
S-waiting-on-review
No idea what's wrong here but seems unrelated to this PR? |
|
@bors retry |
bors
added
S-waiting-on-bors
|
☔ The latest upstream changes (presumably #73072) made this pull request unmergeable. Please resolve the merge conflicts. |
bors
added
S-waiting-on-author
jethrogb
force-pushed
the
sgx-lvi-hardening
branch
from
d3c41f4
to
ea48f2e
Compare
|
Rebased. This security fix has been in the build queue for 5 days. Could you please assign priority? |
|
@bors r=petrochenkov |
|
📌 Commit ea48f2e has been approved by |
bors
added
S-waiting-on-bors
|
@bors p=1 |
|
⌛ Testing commit ea48f2e with merge 99bb1948c80f16efdc2ccc0e6da70a2181ddac40... |
|
@bors retry yield |
|
☀️ Test successful - checks-azure |
This implements mitigations for the Load Value Injection vulnerability (CVE-2020-0551) for the
x86_64-fortanix-unknown-sgxtarget by enabling new LLVM passes. More information about LVI and mitigations may be found at https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection.This PR unconditionally enables the mitigations for
x86_64-fortanix-unknown-sgxsince there is no available hardware that doesn't require the mitigations. This may be reconsidered in the future.