Changes in mfunction-return.c en Copyright 2015 Java 2240d72f - [X86] initial -mfunction-return=thunk-extern support http://172.16.0.5:8080/history/llvm-project-15.0.7/clang/test/Driver/mfunction-return.c#2240d72f [X86] initial -mfunction-return=thunk-extern supportAdds support for:* `-mfunction-return=<value>` command line flag, and* `__attribute__((function_return("<value>")))` function attributeWhere the supported <value>s are:* keep (disable)* thunk-extern (enable)thunk-extern enables clang to change ret instructions into jmps to anexternal symbol named __x86_return_thunk, implemented as a newMachineFunctionPass named "x86-return-thunks", keyed off the new IRattribute fn_ret_thunk_extern.The symbol __x86_return_thunk is expected to be provided by the runtimethe compiled code is linked against and is not defined by the compiler.Enabling this option alone doesn't provide mitigations withoutcorresponding definitions of __x86_return_thunk!This new MachineFunctionPass is very similar to "x86-lvi-ret".The <value>s "thunk" and "thunk-inline" are currently unsupported. It'snot clear yet that they are necessary: whether the thunk pattern theywould emit is beneficial or used anywhere.Should the <value>s "thunk" and "thunk-inline" become necessary,x86-return-thunks could probably be merged into x86-retpoline-thunkswhich has pre-existing machinery for emitting thunks (which could beused to implement the <value> "thunk").Has been found to build+boot with corresponding Linuxkernel patches. This helps the Linux kernel mitigate RETBLEED.* CVE-2022-23816* CVE-2022-28693* CVE-2022-29901See also:* "RETBLEED: Arbitrary Speculative Code Execution with ReturnInstructions."* AMD SECURITY NOTICE AMD-SN-1037: AMD CPU Branch Type Confusion* TECHNICAL GUIDANCE FOR MITIGATING BRANCH TYPE CONFUSION REVISION 1.0 2022-07-12* Return Stack Buffer Underflow / Return Stack Buffer Underflow / CVE-2022-29901, CVE-2022-28693 / INTEL-SA-00702SystemZ may eventually want to support "thunk-extern" and "thunk"; bothoptions are used by the Linux kernel's CONFIG_EXPOLINE.This functionality has been available in GCC since the 8.1 release, andwas backported to the 7.3 release.Many thanks for folks that provided discrete review off list due to theembargoed nature of this hardware vulnerability. Many Bothans died tobring us this information.Link: https://www.youtube.com/watch?v=IF6HbCKQHK8Link: https://github.com/llvm/llvm-project/issues/54404Link: https://gcc.gnu.org/legacy-ml/gcc-patches/2018-01/msg01197.htmlLink: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/return-stack-buffer-underflow.htmlLink: https://arstechnica.com/information-technology/2022/07/intel-and-amd-cpus-vulnerable-to-a-new-speculative-execution-attack/?comments=1Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce114c866860aa9eae3f50974efc68241186ba60Link: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.htmlLink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.htmlReviewed By: aaron.ballman, craig.topperDifferential Revision: https://reviews.llvm.org/D129572 List of files: /llvm-project-15.0.7/clang/test/Driver/mfunction-return.c Tue, 12 Jul 2022 16:17:15 +0000 Nick Desaulniers <ndesaulniers@google.com>