kristof.beyls created this revision.
kristof.beyls added a reviewer: ostannard.
Herald added subscribers: cfe-commits, danielkiss.
Herald added a project: clang.
The accepted options to -mharden-sls= are:
- all: enable all mitigations against Straight Line Speculation that are
implemented.
- none: disable all mitigations against Straight Line Speculation.
- retbr: enable the mitigation against Straight Line Speculation for RET and BR
instructions.
- blr: enable the mitigation against Straight Line Speculation for BLR
instructions.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D81404
Files:
clang/include/clang/Basic/DiagnosticDriverKinds.td
clang/include/clang/Driver/Options.td
clang/lib/Driver/ToolChains/Arch/AArch64.cpp
clang/test/Driver/aarch64-sls-hardening-options.c
Index: clang/test/Driver/aarch64-sls-hardening-options.c
===================================================================
--- /dev/null
+++ clang/test/Driver/aarch64-sls-hardening-options.c
@@ -0,0 +1,45 @@
+// Check the -mharden-sls= option, which has a required argument to select
+// scope.
+// RUN: %clang -target aarch64--none-eabi -c %s -### 2>&1 | \
+// RUN: FileCheck %s --check-prefix=RETBR-OFF --check-prefix=BLR-OFF
+
+// RUN: %clang -target aarch64--none-eabi -c %s -### -mharden-sls=none 2>&1 | \
+// RUN: FileCheck %s --check-prefix=RETBR-OFF --check-prefix=BLR-OFF
+
+// RUN: %clang -target aarch64--none-eabi -c %s -### -mharden-sls=retbr 2>&1 | \
+// RUN: FileCheck %s --check-prefix=RETBR-ON --check-prefix=BLR-OFF
+
+// RUN: %clang -target aarch64--none-eabi -c %s -### -mharden-sls=blr 2>&1 | \
+// RUN: FileCheck %s --check-prefix=RETBR-OFF --check-prefix=BLR-ON
+
+// RUN: %clang -target aarch64--none-eabi -c %s -### -mharden-sls=blr -mharden-sls=none 2>&1 | \
+// RUN: FileCheck %s --check-prefix=RETBR-OFF --check-prefix=BLR-OFF
+
+// RUN: %clang -target aarch64--none-eabi -c %s -### -mharden-sls=blr -mharden-sls=retbr 2>&1 | \
+// RUN: FileCheck %s --check-prefix=RETBR-ON --check-prefix=BLR-OFF
+
+// RUN: %clang -target aarch64--none-eabi -c %s -### -mharden-sls=retbr,blr 2>&1 | \
+// RUN: FileCheck %s --check-prefix=RETBR-ON --check-prefix=BLR-ON
+
+// RUN: %clang -target aarch64--none-eabi -c %s -### -mharden-sls=all 2>&1 | \
+// RUN: FileCheck %s --check-prefix=RETBR-ON --check-prefix=BLR-ON
+
+// RUN: %clang -target aarch64--none-eabi -c %s -### -mharden-sls=retbr,blr,retbr 2>&1 | \
+// RUN: FileCheck %s --check-prefix=RETBR-ON --check-prefix=BLR-ON
+
+// RUN: %clang -target aarch64--none-eabi -c %s -### -mharden-sls=retbr,blr,r 2>&1 | \
+// RUN: FileCheck %s --check-prefix=BAD-SLS-SPEC
+
+// RUN: %clang -target aarch64--none-eabi -c %s -### -mharden-sls=none,blr 2>&1 | \
+// RUN: FileCheck %s --check-prefix=BAD-SLS-SPEC
+
+// RUN: %clang -target aarch64--none-eabi -c %s -### -mharden-sls=all,-blr 2>&1 | \
+// RUN: FileCheck %s --check-prefix=BAD-SLS-SPEC
+
+// RETBR-OFF-NOT: "harden-sls-retbr"
+// RETBR-ON: "+harden-sls-retbr"
+
+// BLR-OFF-NOT: "harden-sls-blr"
+// BLR-ON: "+harden-sls-blr"
+
+// BAD-SLS-SPEC: invalid sls hardening option '{{[^']+}}' in '-mharden-sls=
Index: clang/lib/Driver/ToolChains/Arch/AArch64.cpp
===================================================================
--- clang/lib/Driver/ToolChains/Arch/AArch64.cpp
+++ clang/lib/Driver/ToolChains/Arch/AArch64.cpp
@@ -218,6 +218,39 @@
D.Diag(diag::err_drv_invalid_mtp) << A->getAsString(Args);
}
+ // Enable/disable straight line speculation hardening.
+ if (Arg *A = Args.getLastArg(options::OPT_mharden_sls_EQ)) {
+ StringRef Scope = A->getValue();
+ bool EnableRetBr = false;
+ bool EnableBlr = false;
+ if (Scope != "none" && Scope != "all") {
+ SmallVector<StringRef, 4> Opts;
+ Scope.split(Opts, ",");
+ for (int I = 0, E = Opts.size(); I != E; ++I) {
+ StringRef Opt = Opts[I].trim();
+ if (Opt == "retbr") {
+ EnableRetBr = true;
+ continue;
+ }
+ if (Opt == "blr") {
+ EnableBlr = true;
+ continue;
+ }
+ D.Diag(diag::err_invalid_sls_hardening)
+ << Scope << A->getAsString(Args);
+ break;
+ }
+ } else if (Scope == "all") {
+ EnableRetBr = true;
+ EnableBlr = true;
+ }
+
+ if (EnableRetBr)
+ Features.push_back("+harden-sls-retbr");
+ if (EnableBlr)
+ Features.push_back("+harden-sls-blr");
+ }
+
// En/disable crc
if (Arg *A = Args.getLastArg(options::OPT_mcrc, options::OPT_mnocrc)) {
if (A->getOption().matches(options::OPT_mcrc))
Index: clang/include/clang/Driver/Options.td
===================================================================
--- clang/include/clang/Driver/Options.td
+++ clang/include/clang/Driver/Options.td
@@ -2302,6 +2302,9 @@
def mbranch_protection_EQ : Joined<["-"], "mbranch-protection=">,
HelpText<"Enforce targets of indirect branches and function returns">;
+def mharden_sls_EQ : Joined<["-"], "mharden-sls=">,
+ HelpText<"Select straight-line speculation hardening scope">;
+
def msimd128 : Flag<["-"], "msimd128">, Group<m_wasm_Features_Group>;
def munimplemented_simd128 : Flag<["-"], "munimplemented-simd128">, Group<m_wasm_Features_Group>;
def mno_unimplemented_simd128 : Flag<["-"], "mno-unimplemented-simd128">, Group<m_wasm_Features_Group>;
Index: clang/include/clang/Basic/DiagnosticDriverKinds.td
===================================================================
--- clang/include/clang/Basic/DiagnosticDriverKinds.td
+++ clang/include/clang/Basic/DiagnosticDriverKinds.td
@@ -334,6 +334,8 @@
InGroup<InvalidCommandLineArgument>, DefaultWarnNoWerror;
def err_invalid_branch_protection: Error <
"invalid branch protection option '%0' in '%1'">;
+def err_invalid_sls_hardening : Error<
+ "invalid sls hardening option '%0' in '%1'">;
def note_drv_command_failed_diag_msg : Note<
"diagnostic msg: %0">;
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
