This is an archive of the discontinued LLVM Phabricator instance.

Differential D43487

[mips] Spectre variant two mitigation for MIPSR2
ClosedPublic

Authored by sdardis on Feb 19 2018, 2:52 PM.

Details

Reviewers
atanasyan
Commits
rGf6aa44b9b4b5: Merging r325651:
rGc3a89385a4ca: Backporting 325651:: ----------------------------------------------------------…
rG0bc2d9b0c5ef: [mips] Spectre variant two mitigation for MIPSR2
rL329799: Merging r325651:
rL327755: Backporting 325651::
rC325651: [mips] Spectre variant two mitigation for MIPSR2
rL325651: [mips] Spectre variant two mitigation for MIPSR2
Summary

This patch provides mitigation for CVE-2017-5715, Spectre variant two,
which affects the P5600 and P6600. It provides the option
-mindirect-jump=hazard, which instructs the LLVM backend to replace
indirect branches with their hazard barrier variants.

This option is accepted when targeting MIPS revision two or later.

The migitation strategy suggested by MIPS for these processors is to use
two hazard barrier instructions. 'jalr.hb' and 'jr.hb' are hazard
barrier variants of the 'jalr' and 'jr' instructions respectively.

These instructions impede the execution of instruction stream until
architecturally defined hazards (changes to the instruction stream,
privileged registers which may affect execution) are cleared. These
instructions in MIPS' designs are not speculated past.

These instructions are used with the option -mindirect-jump=hazard
when branching indirectly and for indirect function calls.

These instructions are defined by the MIPS32R2 ISA, so this mitigation
method is not compatible with processors which implement an earlier
revision of the MIPS ISA.

Implementation note: I've opted to provide this as an
-mindirect-jump={hazard,...} style option in case alternative
mitigation methods are required for other implementations of the MIPS ISA
in future, e.g. retpoline style solutions.

Diff Detail

Event Timeline

sdardis created this revision.Feb 19 2018, 2:52 PM
Herald added a subscriber: arichardson. · View Herald TranscriptFeb 19 2018, 2:52 PM
sdardis edited the summary of this revision. (Show Details)Feb 19 2018, 2:55 PM
atanasyan accepted this revision.Feb 20 2018, 4:44 AM

LGTM

This revision is now accepted and ready to land.Feb 20 2018, 4:44 AM
sdardis edited the summary of this revision. (Show Details)Feb 20 2018, 4:53 AM
sdardis edited the summary of this revision. (Show Details)Feb 20 2018, 4:02 PM
Closed by commit rL325651: [mips] Spectre variant two mitigation for MIPSR2 (authored by sdardis). · Explain WhyFeb 20 2018, 4:07 PM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: llvm-commits. · View Herald TranscriptFeb 20 2018, 4:07 PM

Revision Contents

PathSize
include/
clang/
Basic/
4 lines
Driver/
3 lines
lib/
Basic/
Targets/
6 lines
Driver/
ToolChains/
Arch/
1 line
39 lines
test/
Driver/
6 lines
23 lines

Diff 134974

include/clang/Basic/DiagnosticDriverKinds.td

Show First 20 LinesShow All 327 Lines▼ Show 20 Lines
def warn_drv_unsupported_longcalls : Warning< def warn_drv_unsupported_longcalls : Warning<
"ignoring '-mlong-calls' option as it is not currently supported with " "ignoring '-mlong-calls' option as it is not currently supported with "
"%select{|the implicit usage of }0-mabicalls">, "%select{|the implicit usage of }0-mabicalls">,
InGroup<OptionIgnored>; InGroup<OptionIgnored>;
def warn_drv_unsupported_abicalls : Warning< def warn_drv_unsupported_abicalls : Warning<
"ignoring '-mabicalls' option as it cannot be used with " "ignoring '-mabicalls' option as it cannot be used with "
"non position-independent code and the N64 ABI">, "non position-independent code and the N64 ABI">,
InGroup<OptionIgnored>; InGroup<OptionIgnored>;
def err_drv_unsupported_indirect_jump_opt : Error<
"'-mindirect-jump=%0' is unsupported with the '%1' architecture">;
def err_drv_unknown_indirect_jump_opt : Error<
"unknown '-mindirect-jump=' option '%0'">;
def warn_drv_unable_to_find_directory_expected : Warning< def warn_drv_unable_to_find_directory_expected : Warning<
"unable to find %0 directory, expected to be in '%1'">, "unable to find %0 directory, expected to be in '%1'">,
InGroup<InvalidOrNonExistentDirectory>, DefaultIgnore; InGroup<InvalidOrNonExistentDirectory>, DefaultIgnore;
def warn_drv_ps4_force_pic : Warning< def warn_drv_ps4_force_pic : Warning<
"option '%0' was ignored by the PS4 toolchain, using '-fPIC'">, "option '%0' was ignored by the PS4 toolchain, using '-fPIC'">,
InGroup<OptionIgnored>; InGroup<OptionIgnored>;
Show All 29 Lines

include/clang/Driver/Options.td

Show First 20 LinesShow All 2,016 Lines▼ Show 20 Lines
def mcheck_zero_division : Flag<["-"], "mcheck-zero-division">, Group<m_Group>; def mcheck_zero_division : Flag<["-"], "mcheck-zero-division">, Group<m_Group>;
def mno_check_zero_division : Flag<["-"], "mno-check-zero-division">, def mno_check_zero_division : Flag<["-"], "mno-check-zero-division">,
Group<m_Group>; Group<m_Group>;
def mcompact_branches_EQ : Joined<["-"], "mcompact-branches=">, Group<m_Group>; def mcompact_branches_EQ : Joined<["-"], "mcompact-branches=">, Group<m_Group>;
def mbranch_likely : Flag<["-"], "mbranch-likely">, Group<m_Group>, def mbranch_likely : Flag<["-"], "mbranch-likely">, Group<m_Group>,
IgnoredGCCCompat; IgnoredGCCCompat;
def mno_branch_likely : Flag<["-"], "mno-branch-likely">, Group<m_Group>, def mno_branch_likely : Flag<["-"], "mno-branch-likely">, Group<m_Group>,
IgnoredGCCCompat; IgnoredGCCCompat;
def mindirect_jump_EQ : Joined<["-"], "mindirect-jump=">,
Group<m_Group>,
HelpText<"Change indirect jump instructions to inhibit speculation">;
def mdsp : Flag<["-"], "mdsp">, Group<m_Group>; def mdsp : Flag<["-"], "mdsp">, Group<m_Group>;
def mno_dsp : Flag<["-"], "mno-dsp">, Group<m_Group>; def mno_dsp : Flag<["-"], "mno-dsp">, Group<m_Group>;
def mdspr2 : Flag<["-"], "mdspr2">, Group<m_Group>; def mdspr2 : Flag<["-"], "mdspr2">, Group<m_Group>;
def mno_dspr2 : Flag<["-"], "mno-dspr2">, Group<m_Group>; def mno_dspr2 : Flag<["-"], "mno-dspr2">, Group<m_Group>;
def msingle_float : Flag<["-"], "msingle-float">, Group<m_Group>; def msingle_float : Flag<["-"], "msingle-float">, Group<m_Group>;
def mdouble_float : Flag<["-"], "mdouble-float">, Group<m_Group>; def mdouble_float : Flag<["-"], "mdouble-float">, Group<m_Group>;
def mmadd4 : Flag<["-"], "mmadd4">, Group<m_Group>, def mmadd4 : Flag<["-"], "mmadd4">, Group<m_Group>,
HelpText<"Enable the generation of 4-operand madd.s, madd.d and related instructions.">; HelpText<"Enable the generation of 4-operand madd.s, madd.d and related instructions.">;
▲ Show 20 LinesShow All 795 LinesShow Last 20 Lines

lib/Basic/Targets/Mips.h

Show First 20 LinesShow All 48 Lines▼ Show 20 Linesclass LLVM_LIBRARY_VISIBILITY MipsTargetInfo : public TargetInfo {
bool IsAbs2008; bool IsAbs2008;
bool IsSingleFloat; bool IsSingleFloat;
bool IsNoABICalls; bool IsNoABICalls;
bool CanUseBSDABICalls; bool CanUseBSDABICalls;
enum MipsFloatABI { HardFloat, SoftFloat } FloatABI; enum MipsFloatABI { HardFloat, SoftFloat } FloatABI;
enum DspRevEnum { NoDSP, DSP1, DSP2 } DspRev; enum DspRevEnum { NoDSP, DSP1, DSP2 } DspRev;
bool HasMSA; bool HasMSA;
bool DisableMadd4; bool DisableMadd4;
bool UseIndirectJumpHazard;
protected: protected:
bool HasFP64; bool HasFP64;
std::string ABI; std::string ABI;
public: public:
MipsTargetInfo(const llvm::Triple &Triple, const TargetOptions &) MipsTargetInfo(const llvm::Triple &Triple, const TargetOptions &)
: TargetInfo(Triple), IsMips16(false), IsMicromips(false), : TargetInfo(Triple), IsMips16(false), IsMicromips(false),
IsNan2008(false), IsAbs2008(false), IsSingleFloat(false), IsNan2008(false), IsAbs2008(false), IsSingleFloat(false),
IsNoABICalls(false), CanUseBSDABICalls(false), FloatABI(HardFloat), IsNoABICalls(false), CanUseBSDABICalls(false), FloatABI(HardFloat),
DspRev(NoDSP), HasMSA(false), DisableMadd4(false), HasFP64(false) { DspRev(NoDSP), HasMSA(false), DisableMadd4(false),
UseIndirectJumpHazard(false), HasFP64(false) {
TheCXXABI.set(TargetCXXABI::GenericMIPS); TheCXXABI.set(TargetCXXABI::GenericMIPS);
setABI((getTriple().getArch() == llvm::Triple::mips || setABI((getTriple().getArch() == llvm::Triple::mips ||
getTriple().getArch() == llvm::Triple::mipsel) getTriple().getArch() == llvm::Triple::mipsel)
? "o32" ? "o32"
: "n64"); : "n64");
CPU = ABI == "o32" ? "mips32r2" : "mips64r2"; CPU = ABI == "o32" ? "mips32r2" : "mips64r2";
▲ Show 20 LinesShow All 258 Lines▼ Show 20 Lines for (const auto &Feature : Features) {
else if (Feature == "-nan2008") else if (Feature == "-nan2008")
IsNan2008 = false; IsNan2008 = false;
else if (Feature == "+abs2008") else if (Feature == "+abs2008")
IsAbs2008 = true; IsAbs2008 = true;
else if (Feature == "-abs2008") else if (Feature == "-abs2008")
IsAbs2008 = false; IsAbs2008 = false;
else if (Feature == "+noabicalls") else if (Feature == "+noabicalls")
IsNoABICalls = true; IsNoABICalls = true;
else if (Feature == "+use-indirect-jump-hazard")
UseIndirectJumpHazard = true;
} }
setDataLayout(); setDataLayout();
return true; return true;
} }
int getEHDataRegisterNumber(unsigned RegNo) const override { int getEHDataRegisterNumber(unsigned RegNo) const override {
▲ Show 20 LinesShow All 49 LinesShow Last 20 Lines

lib/Driver/ToolChains/Arch/Mips.h

Show First 20 LinesShow All 47 Lines▼ Show 20 Lines
bool isUCLibc(const llvm::opt::ArgList &Args); bool isUCLibc(const llvm::opt::ArgList &Args);
bool isNaN2008(const llvm::opt::ArgList &Args, const llvm::Triple &Triple); bool isNaN2008(const llvm::opt::ArgList &Args, const llvm::Triple &Triple);
bool isFP64ADefault(const llvm::Triple &Triple, StringRef CPUName); bool isFP64ADefault(const llvm::Triple &Triple, StringRef CPUName);
bool isFPXXDefault(const llvm::Triple &Triple, StringRef CPUName, bool isFPXXDefault(const llvm::Triple &Triple, StringRef CPUName,
StringRef ABIName, mips::FloatABI FloatABI); StringRef ABIName, mips::FloatABI FloatABI);
bool shouldUseFPXX(const llvm::opt::ArgList &Args, const llvm::Triple &Triple, bool shouldUseFPXX(const llvm::opt::ArgList &Args, const llvm::Triple &Triple,
StringRef CPUName, StringRef ABIName, StringRef CPUName, StringRef ABIName,
mips::FloatABI FloatABI); mips::FloatABI FloatABI);
bool supportsIndirectJumpHazardBarrier(StringRef &CPU);
} // end namespace mips } // end namespace mips
} // end namespace target } // end namespace target
} // end namespace driver } // end namespace driver
} // end namespace clang } // end namespace clang
#endif // LLVM_CLANG_LIB_DRIVER_TOOLCHAINS_ARCH_MIPS_H #endif // LLVM_CLANG_LIB_DRIVER_TOOLCHAINS_ARCH_MIPS_H

lib/Driver/ToolChains/Arch/Mips.cpp

Show First 20 LinesShow All 337 Lines▼ Show 20 Lines if (Arg *A = Args.getLastArg(options::OPT_mfp32, options::OPT_mfpxx,
Features.push_back("+nooddspreg"); Features.push_back("+nooddspreg");
} }
AddTargetFeature(Args, Features, options::OPT_mno_odd_spreg, AddTargetFeature(Args, Features, options::OPT_mno_odd_spreg,
options::OPT_modd_spreg, "nooddspreg"); options::OPT_modd_spreg, "nooddspreg");
AddTargetFeature(Args, Features, options::OPT_mno_madd4, options::OPT_mmadd4, AddTargetFeature(Args, Features, options::OPT_mno_madd4, options::OPT_mmadd4,
"nomadd4"); "nomadd4");
AddTargetFeature(Args, Features, options::OPT_mmt, options::OPT_mno_mt, "mt"); AddTargetFeature(Args, Features, options::OPT_mmt, options::OPT_mno_mt, "mt");
if (Arg *A = Args.getLastArg(options::OPT_mindirect_jump_EQ)) {
StringRef Val = StringRef(A->getValue());
if (Val == "hazard") {
Arg *B =
Args.getLastArg(options::OPT_mmicromips, options::OPT_mno_micromips);
Arg *C = Args.getLastArg(options::OPT_mips16, options::OPT_mno_mips16);
if (B && B->getOption().matches(options::OPT_mmicromips))
D.Diag(diag::err_drv_unsupported_indirect_jump_opt)
<< "hazard" << "micromips";
else if (C && C->getOption().matches(options::OPT_mips16))
D.Diag(diag::err_drv_unsupported_indirect_jump_opt)
<< "hazard" << "mips16";
else if (mips::supportsIndirectJumpHazardBarrier(CPUName))
Features.push_back("+use-indirect-jump-hazard");
else
D.Diag(diag::err_drv_unsupported_indirect_jump_opt)
<< "hazard" << CPUName;
} else
D.Diag(diag::err_drv_unknown_indirect_jump_opt) << Val;
}
} }
mips::IEEE754Standard mips::getIEEE754Standard(StringRef &CPU) { mips::IEEE754Standard mips::getIEEE754Standard(StringRef &CPU) {
// Strictly speaking, mips32r2 and mips64r2 do not conform to the // Strictly speaking, mips32r2 and mips64r2 do not conform to the
// IEEE754-2008 standard. Support for this standard was first introduced // IEEE754-2008 standard. Support for this standard was first introduced
// in Release 3. However, other compilers have traditionally allowed it // in Release 3. However, other compilers have traditionally allowed it
// for Release 2 so we should do the same. // for Release 2 so we should do the same.
return (IEEE754Standard)llvm::StringSwitch<int>(CPU) return (IEEE754Standard)llvm::StringSwitch<int>(CPU)
▲ Show 20 LinesShow All 88 Lines▼ Show 20 Linesbool mips::shouldUseFPXX(const ArgList &Args, const llvm::Triple &Triple,
// FPXX shouldn't be used if -msingle-float is present. // FPXX shouldn't be used if -msingle-float is present.
if (Arg *A = Args.getLastArg(options::OPT_msingle_float, if (Arg *A = Args.getLastArg(options::OPT_msingle_float,
options::OPT_mdouble_float)) options::OPT_mdouble_float))
if (A->getOption().matches(options::OPT_msingle_float)) if (A->getOption().matches(options::OPT_msingle_float))
UseFPXX = false; UseFPXX = false;
return UseFPXX; return UseFPXX;
} }
bool mips::supportsIndirectJumpHazardBarrier(StringRef &CPU) {
// Supporting the hazard barrier method of dealing with indirect
// jumps requires MIPSR2 support.
return llvm::StringSwitch<bool>(CPU)
.Case("mips32r2", true)
.Case("mips32r3", true)
.Case("mips32r5", true)
.Case("mips32r6", true)
.Case("mips64r2", true)
.Case("mips64r3", true)
.Case("mips64r5", true)
.Case("mips64r6", true)
.Case("octeon", true)
.Case("p5600", true)
.Default(false);
}

test/Driver/mips-features.c

Show First 20 LinesShow All 396 Lines▼ Show 20 Lines
// RUN: %clang -target -mips-mti-linux-gnu -### -c %s -mbranch-likely 2>&1 \ // RUN: %clang -target -mips-mti-linux-gnu -### -c %s -mbranch-likely 2>&1 \
// RUN: | FileCheck --check-prefix=BRANCH-LIKELY %s // RUN: | FileCheck --check-prefix=BRANCH-LIKELY %s
// BRANCH-LIKELY: argument unused during compilation: '-mbranch-likely' // BRANCH-LIKELY: argument unused during compilation: '-mbranch-likely'
// //
// -mno-branch-likely // -mno-branch-likely
// RUN: %clang -target -mips-mti-linux-gnu -### -c %s -mno-branch-likely 2>&1 \ // RUN: %clang -target -mips-mti-linux-gnu -### -c %s -mno-branch-likely 2>&1 \
// RUN: | FileCheck --check-prefix=NO-BRANCH-LIKELY %s // RUN: | FileCheck --check-prefix=NO-BRANCH-LIKELY %s
// NO-BRANCH-LIKELY: argument unused during compilation: '-mno-branch-likely' // NO-BRANCH-LIKELY: argument unused during compilation: '-mno-branch-likely'
// -mindirect-jump=hazard
// RUN: %clang -target mips-unknown-linux-gnu -### -c %s \
// RUN: -mindirect-jump=hazard 2>&1 \
// RUN: | FileCheck --check-prefix=INDIRECT-BH %s
// INDIRECT-BH: "-target-feature" "+use-indirect-jump-hazard"

test/Driver/mips-indirect-branch.c

  • This file was added.
// REQUIRES: mips-registered-target
// -mindirect-jump=hazard -mips32
// RUN: %clang -target mips-unknown-linux-gnu -mips32 -### -c %s \
// RUN: -mindirect-jump=hazard 2>&1 | FileCheck %s --check-prefix=MIPS32
// MIPS32: error: '-mindirect-jump=hazard' is unsupported with the 'mips32' architecture
// -mindirect-jump=hazard -mmicromips
// RUN: %clang -target mips-unknown-linux-gnu -mmicromips -### -c %s \
// RUN: -mindirect-jump=hazard 2>&1 | FileCheck %s --check-prefix=MICROMIPS
// MICROMIPS: error: '-mindirect-jump=hazard' is unsupported with the 'micromips' architecture
// -mindirect-jump=hazard -mips16
// RUN: %clang -target mips-unknown-linux-gnu -mips16 -### -c %s \
// RUN: -mindirect-jump=hazard 2>&1 | FileCheck %s --check-prefix=MIPS16
// MIPS16: error: '-mindirect-jump=hazard' is unsupported with the 'mips16' architecture
// RUN: %clang -target mips-unknown-linux-gnu -### -c %s \
// RUN: -mindirect-jump=retopline 2>&1 | FileCheck %s --check-prefix=RETOPLINE
// RETOPLINE: error: unknown '-mindirect-jump=' option 'retopline'
// RUN: %clang -target mips-unknown-linux-gnu -### -mips32 -c %s \
// RUN: -mindirect-jump=retopline 2>&1 | FileCheck %s --check-prefix=MIXED
// MIXED: error: unknown '-mindirect-jump=' option 'retopline'