similar to: [RFC] Speculative Execution Side Effect Suppression for Mitigating Load Value Injection

Hi everyone! I want to clarify the purpose and design of SESES. Thus far, I've characterized it as an LVI mitigation which is somewhat incorrect. SESES was built as a "big hammer." It is intended to protect against many side channel vulnerabilities (Spectre v1, Spectre v4, LVI, etc, etc) even though it was built in response to LVI. For folks protecting against LVI, this is an

I'm also a bit unclear on that point. I think one input here has to be: what are some example, existing codebases we want to mitigate, and what should the user experience be to mitigate them? I don't think we can make good engineering tradeoffs without having concrete use cases to evaluate. Another point: it seems some mitigation options have already been added to the GNU toolchain

Another thing to consider about your feature idea is that the output may be noisy depending on what you were hoping for. SLH tries to mitigate anything that could potentially be a problem and thus it instruments almost every branch, load, and function entry, for example. There isn't a lot of signal about what is really a gadget among the code instrumented by SLH. It really tries to be

Hi I think llvm-dev list (CC'ed) have more visibility in this. On Wed, 22 Apr 2020 at 22:18, milsegv via cfe-dev <cfe-dev at lists.llvm.org> wrote: > Hello everyone, > > It may not be the best place to ask this but I found nothing on the > internet about it. > I'm working on Spectre V1 detection and stumbled upon the mitigation > provided by clang, the

Hi everyone, I followed up with some folks at Google about how we wanted to be involved in this group and we decided that Matthew Riley (mattdr at google.com) would be the right person to be involved here. Sorry about the confusion. I'd like to withdraw my request. Thanks again to everyone involved! I'm glad to see this becoming a part of how LLVM works. :) Zola Bridges On Wed, Jun

Hi, A new speculative cache side-channel vulnerability has been published at https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation, named "straight-line speculation”, CVE-2020-13844. In this email, I'd like to explain the toolchain mitigation we've prepared to mitigate against this vulnerability for AArch64.

Hi folks, Firstly; apologies in advance for what is a head wrecker of keeping on top of the speculative mitigations and also if this is a duplicate email; my first copy didn't seem to make it into the archive. Also a disclaimer that I may have misunderstood elements of the below but please bear with me. I write this hoping to find out a bit more about the state of the relevant kernel

Thanks Zola, I’d rather have point-contact people, instead of having mailing lists. I have a few goals with this: Listing particular people makes it clear who’s on the hook from your organization These people can still communicate internally, but are responsible to ensure that the internal folks know what the LLVM process and disclosure restrictions are Listing a limited number of specific people

Hi all! I'm running an up-to-date Centos-7 on an AMD Vishera 6300, 6 core CPU. I note that when I run the redhat script to test for spectre & meltdown I get this result for variant 2: Variant #2 (Spectre): Vulnerable CVE-2017-5715 - speculative execution branch target injection - Kernel with mitigation patches: OK - HW support / updated microcode: NO - IBRS: Not disabled on

FYI to all: I've updated the design document to include the newly disclosed variants 1.1 and 1.2 (collectively called Bounds Check Bypass Store or BCBS). There is no change to the proposed implementation which can already robustly mitigate these variants. I've also updated my patch as we have very significant interest in getting at least an early "beta" version of this into the

Great idea! Sign me up, please! On Fri, 12 Jun 2020 at 16:59, JF Bastien via llvm-dev <llvm-dev at lists.llvm.org> wrote: > > Great! On the Apple side, we’ll propose Oliver Hunt (clang team) and Scotty Bolin (product security team), CC’ed to this email. > > > On Jun 12, 2020, at 6:50 AM, Kristof Beyls <Kristof.Beyls at arm.com> wrote: > > Thank you for progressing

Hello all, I've been working for the last month or so on a comprehensive mitigation approach to variant #1 of Spectre. There are a bunch of reasons why this is desirable: - Critical software that is unlikely to be easily hand-mitigated (or where the performance tradeoff isn't worth it) will have a compelling option. - It gives us a baseline on performance for hand-mitigation. - Combined

Hi Chandler, Thank you very much for sharing this! The RFC is pretty lengthy but the far majority of it makes sense to me. I’m sure I’m forgetting to react to some aspects below, but I thought I’d summarize some initial thoughts and questions I had after reading the RFC end-to-end. * I believe the same high-level principles you outline can also be used to implement the same protection on the

Hi all, I understand how the speculative information flow attack works. I'm trying get my head around the spectre v1 mitigation of LLVM. In the design document here : https://llvm.org/docs/SpeculativeLoadHardening.html#speculative-load-hardening. <https://llvm.org/docs/SpeculativeLoadHardening.html#speculative-load-hardening> Example: void leak(int data);void example(int* pointer1,

Hi, Thanks for your email, I understand that the execution stalls until the predicated state is computed, then we mask pointers with all_zeros_mask if there is a mis-prediction. But I understand that as soon as the condition value is available, the processor can check about it's assumptions and revert back. That is, If the branch prediction is correct during speculation, we mask with

While building test-suite with the new PM, I ran into problems with AssertingVH being triggered which is obvious in retrospect: https://llvm.org/bugs/show_bug.cgi?id=28400 Both cases I ran into revolve around LVI which holds AssertingVH. Essentially, what happens is this: 1. LVI holds an AssertingVH pointing at a BasicBlock 2. Some other pass ends up deleting that BB (e.g. SimplifyCFG) 3. BOOM

I was actually using `git llvm` in my daily workflow. Could you explain why we want people to move away from that script? In addition to the convenience, it prevented me from accidentally creating a new branch (which I did before with push once). Cheers,   Johannes On 5/11/20 11:43 AM, Zola Bridges via llvm-dev wrote: > Deleted this morning. Thanks! > Zola Bridges > > > On

Hi, Yeah, now I understand the problem here. Thanks. But I too have another doubt in "Bounds check bypass store" In this example in the Speculative load hardening : unsigned char local_buffer[4];unsigned char *untrusted_data_from_caller = ...;unsigned long untrusted_size_from_caller = ...;if (untrusted_size_from_caller < sizeof(local_buffer)) { // Speculative execution enters here

Giving at least one explicit: Sounds good to me. On Mon, May 4, 2020 at 12:01 PM Zola Bridges via llvm-dev < llvm-dev at lists.llvm.org> wrote: > Here is a link to the patch: https://reviews.llvm.org/D79348 > > Zola Bridges > > > On Mon, May 4, 2020 at 11:50 AM Zola Bridges <zbrid at google.com> wrote: > >> Hi everyone, >> >> I would like to

Just push :) On Tue, May 12, 2020, 8:46 AM Hiroshi Yamauchi <yamauchi at google.com> wrote: > I was also using "git llvm push" to commit, sort of out of habit. What's a > recommended, alternative way to push? > > On Mon, May 11, 2020 at 11:57 AM Johannes Doerfert via llvm-dev < > llvm-dev at lists.llvm.org> wrote: > >> I was actually using `git