//===- bolt/Passes/RetpolineInsertion.cpp ---------------------------------===// // // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // See https://llvm.org/LICENSE.txt for license information. // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // //===----------------------------------------------------------------------===// // // This file implements RetpolineInsertion class, which replaces indirect // branches (calls and jumps) with calls to retpolines to protect against branch // target injection attacks. // A unique retpoline is created for each register holding the address of the // callee, if the callee address is in memory %r11 is used if available to // hold the address of the callee before calling the retpoline, otherwise an // address pattern specific retpoline is called where the callee address is // loaded inside the retpoline. // The user can determine when to assume %r11 available using r11-availability // option, by default %r11 is assumed not available. // Adding lfence instruction to the body of the speculate code is enabled by // default and can be controlled by the user using retpoline-lfence option. // //===----------------------------------------------------------------------===// #include "bolt/Passes/RetpolineInsertion.h" #include "llvm/MC/MCInstPrinter.h" #include "llvm/Support/raw_ostream.h" #define DEBUG_TYPE … usingnamespacellvm; usingnamespacebolt; namespace opts { extern cl::OptionCategory BoltCategory; llvm::cl::opt<bool> InsertRetpolines("insert-retpolines", cl::desc("run retpoline insertion pass"), cl::cat(BoltCategory)); llvm::cl::opt<bool> RetpolineLfence("retpoline-lfence", cl::desc("determine if lfence instruction should exist in the retpoline"), cl::init(true), cl::ZeroOrMore, cl::Hidden, cl::cat(BoltCategory)); cl::opt<RetpolineInsertion::AvailabilityOptions> R11Availability( "r11-availability", cl::desc("determine the availability of r11 before indirect branches"), cl::init(RetpolineInsertion::AvailabilityOptions::NEVER), cl::values(clEnumValN(RetpolineInsertion::AvailabilityOptions::NEVER, "never", "r11 not available"), clEnumValN(RetpolineInsertion::AvailabilityOptions::ALWAYS, "always", "r11 available before calls and jumps"), clEnumValN(RetpolineInsertion::AvailabilityOptions::ABI, "abi", "r11 available before calls but not before jumps")), cl::ZeroOrMore, cl::cat(BoltCategory)); } // namespace opts namespace llvm { namespace bolt { // Retpoline function structure: // BB0: call BB2 // BB1: pause // lfence // jmp BB1 // BB2: mov %reg, (%rsp) // ret // or // BB2: push %r11 // mov Address, %r11 // mov %r11, 8(%rsp) // pop %r11 // ret BinaryFunction *createNewRetpoline(BinaryContext &BC, const std::string &RetpolineTag, const IndirectBranchInfo &BrInfo, bool R11Available) { … } std::string createRetpolineFunctionTag(BinaryContext &BC, const IndirectBranchInfo &BrInfo, bool R11Available) { … } BinaryFunction *RetpolineInsertion::getOrCreateRetpoline( BinaryContext &BC, const IndirectBranchInfo &BrInfo, bool R11Available) { … } void createBranchReplacement(BinaryContext &BC, const IndirectBranchInfo &BrInfo, bool R11Available, InstructionListType &Replacement, const MCSymbol *RetpolineSymbol) { … } IndirectBranchInfo::IndirectBranchInfo(MCInst &Inst, MCPlusBuilder &MIB) { … } Error RetpolineInsertion::runOnFunctions(BinaryContext &BC) { … } } // namespace bolt } // namespace llvm
Codebase Browser
llvm