This patch creates a clang flag to enable SESES. This flag also ensures that
lvi-cfi is on when using seses via clang.
SESES should use lvi-cfi to mitigate returns and indirect branches.
Paths
| Differential D79910
[x86][seses] Add clang flag; Use lvi-cfi with seses ClosedPublic Authored by zbrid on May 13 2020, 2:36 PM.
Details Summary This patch creates a clang flag to enable SESES. This flag also ensures that SESES should use lvi-cfi to mitigate returns and indirect branches.
Diff Detail
Event TimelineHerald added projects: Restricted Project, Restricted Project. · View Herald TranscriptMay 13 2020, 2:36 PM zbrid retitled this revision from [WIP][seses] Add clang flag; Use lvi-cfi with seses to [x86][seses] Add clang flag; Use lvi-cfi with seses.May 13 2020, 2:50 PM
Comment Actions Took a quick look and seems sane -- will look after Craig's comment is addressed and build is passing
Comment Actions Any progress on this patch? D75939 has been merged, but the SESES feature will not be secure until it has CFI protections. Comment Actions Thanks for the ping, Scott. I'll update this so I can get it submitted soon.
zbrid marked an inline comment as done. Comment ActionsUpdate Clang Command Ref with automated tool
Comment Actions LGTM.
This revision is now accepted and ready to land.Jun 29 2020, 1:14 PM
Closed by commit rG9d9e499840af: [x86][seses] Add clang flag; Use lvi-cfi with seses (authored by zbrid). · Explain WhyJul 7 2020, 1:21 PM This revision was automatically updated to reflect the committed changes.
Revision Contents
Diff 263860 clang/docs/ClangCommandLineReference.rst
clang/include/clang/Driver/Options.td
clang/lib/Driver/ToolChains/Arch/X86.cpp
clang/test/Driver/x86-target-features.c
llvm/lib/Target/X86/X86.td
llvm/lib/Target/X86/X86SpeculativeExecutionSideEffectSuppression.cpp
llvm/lib/Target/X86/X86Subtarget.h
|
This file is in alphabetical order and is normally generated by a running clang-tblgen. See comment at the top of the file.