Re: r323155 - Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715, "Branch Target

[Chandler Carruth via cfe-commits]

Yeah, I'll write stuff up for them.

On Fri, Feb 2, 2018 at 3:06 AM Hans Wennborg  wrote:

> Thanks! I've merged them to 6.0 as below and they will be part of rc2,
> scheduled for next week.
>
> Chandler, do you want to write release notes for this?
>
> On Thu, Feb 1, 2018 at 8:09 PM, Chandler Carruth 
> wrote:
> > +Hans Wennborg +tstel...@redhat.com
> >
> > So the retpoline patch series we should get back ported start with this
> > revision and have two follow ups:
> > r323155
>
> Merged in r324067 (llvm), r324068 (cfe), r324069 (lld)
>
> > r323288
>
> Merged in r324070.
>
> > r323915
>
> Merged in r324071.
>
> >
> > +Reid Kleckner was going to look at doing the (likely more involved)
> > backport to the 5 branch
> >
> > On Mon, Jan 22, 2018 at 2:06 PM Chandler Carruth via cfe-commits
> >  wrote:
> >>
> >> Author: chandlerc
> >> Date: Mon Jan 22 14:05:25 2018
> >> New Revision: 323155
> >>
> >> URL: http://llvm.org/viewvc/llvm-project?rev=323155=rev
> >> Log:
> >> Introduce the "retpoline" x86 mitigation technique for variant #2 of the
> >> speculative execution vulnerabilities disclosed today, specifically
> >> identified by CVE-2017-5715, "Branch Target Injection", and is one of
> the
> >> two halves to Spectre..
>
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Re: r323155 - Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715, "Branch Target

[Hans Wennborg via cfe-commits]

Thanks! I've merged them to 6.0 as below and they will be part of rc2,
scheduled for next week.

Chandler, do you want to write release notes for this?

On Thu, Feb 1, 2018 at 8:09 PM, Chandler Carruth  wrote:
> +Hans Wennborg +tstel...@redhat.com
>
> So the retpoline patch series we should get back ported start with this
> revision and have two follow ups:
> r323155

Merged in r324067 (llvm), r324068 (cfe), r324069 (lld)

> r323288

Merged in r324070.

> r323915

Merged in r324071.

>
> +Reid Kleckner was going to look at doing the (likely more involved)
> backport to the 5 branch
>
> On Mon, Jan 22, 2018 at 2:06 PM Chandler Carruth via cfe-commits
>  wrote:
>>
>> Author: chandlerc
>> Date: Mon Jan 22 14:05:25 2018
>> New Revision: 323155
>>
>> URL: http://llvm.org/viewvc/llvm-project?rev=323155=rev
>> Log:
>> Introduce the "retpoline" x86 mitigation technique for variant #2 of the
>> speculative execution vulnerabilities disclosed today, specifically
>> identified by CVE-2017-5715, "Branch Target Injection", and is one of the
>> two halves to Spectre..
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Re: r323155 - Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715, "Branch Target

[Reid Kleckner via cfe-commits]

I backported these to the release_50 branch in the following revisions:

llvm r324007, r324009
cfe r324012
lld r324025, r324026

The regression test suites pass on my machine with the exception of two
pre-existing failures. I also built my small retpoline execution test that
does a variety of indirect calls and tail calls, and it executes
successfully and the only indirect jumps in it come from crt0.o. That's the
same as what we get with trunk.

We might want to do more extensive testing of the flag with the 5.0
release, but I'm not sure what's next exactly.

On Thu, Feb 1, 2018 at 11:09 AM, Chandler Carruth 
wrote:

> +Hans Wennborg  +tstel...@redhat.com
> 
>
> So the retpoline patch series we should get back ported start with this
> revision and have two follow ups:
> r323155
> r323288
> r323915
>
> +Reid Kleckner  was going to look at doing the (likely
> more involved) backport to the 5 branch
>
> On Mon, Jan 22, 2018 at 2:06 PM Chandler Carruth via cfe-commits <
> cfe-commits@lists.llvm.org> wrote:
>
>> Author: chandlerc
>> Date: Mon Jan 22 14:05:25 2018
>> New Revision: 323155
>>
>> URL: http://llvm.org/viewvc/llvm-project?rev=323155=rev
>> Log:
>> Introduce the "retpoline" x86 mitigation technique for variant #2 of the
>> speculative execution vulnerabilities disclosed today, specifically
>> identified by CVE-2017-5715, "Branch Target Injection", and is one of the
>> two halves to Spectre..
>>
>> Summary:
>> First, we need to explain the core of the vulnerability. Note that this
>> is a very incomplete description, please see the Project Zero blog post
>> for details:
>> https://googleprojectzero.blogspot.com/2018/01/reading-
>> privileged-memory-with-side.html
>>
>> The basis for branch target injection is to direct speculative execution
>> of the processor to some "gadget" of executable code by poisoning the
>> prediction of indirect branches with the address of that gadget. The
>> gadget in turn contains an operation that provides a side channel for
>> reading data. Most commonly, this will look like a load of secret data
>> followed by a branch on the loaded value and then a load of some
>> predictable cache line. The attacker then uses timing of the processors
>> cache to determine which direction the branch took *in the speculative
>> execution*, and in turn what one bit of the loaded value was. Due to the
>> nature of these timing side channels and the branch predictor on Intel
>> processors, this allows an attacker to leak data only accessible to
>> a privileged domain (like the kernel) back into an unprivileged domain.
>>
>> The goal is simple: avoid generating code which contains an indirect
>> branch that could have its prediction poisoned by an attacker. In many
>> cases, the compiler can simply use directed conditional branches and
>> a small search tree. LLVM already has support for lowering switches in
>> this way and the first step of this patch is to disable jump-table
>> lowering of switches and introduce a pass to rewrite explicit indirectbr
>> sequences into a switch over integers.
>>
>> However, there is no fully general alternative to indirect calls. We
>> introduce a new construct we call a "retpoline" to implement indirect
>> calls in a non-speculatable way. It can be thought of loosely as
>> a trampoline for indirect calls which uses the RET instruction on x86.
>> Further, we arrange for a specific call->ret sequence which ensures the
>> processor predicts the return to go to a controlled, known location. The
>> retpoline then "smashes" the return address pushed onto the stack by the
>> call with the desired target of the original indirect call. The result
>> is a predicted return to the next instruction after a call (which can be
>> used to trap speculative execution within an infinite loop) and an
>> actual indirect branch to an arbitrary address.
>>
>> On 64-bit x86 ABIs, this is especially easily done in the compiler by
>> using a guaranteed scratch register to pass the target into this device.
>> For 32-bit ABIs there isn't a guaranteed scratch register and so several
>> different retpoline variants are introduced to use a scratch register if
>> one is available in the calling convention and to otherwise use direct
>> stack push/pop sequences to pass the target address.
>>
>> This "retpoline" mitigation is fully described in the following blog
>> post: https://support.google.com/faqs/answer/7625886
>>
>> We also support a target feature that disables emission of the retpoline
>> thunk by the compiler to allow for custom thunks if users want them.
>> These are particularly useful in environments like kernels that
>> routinely do hot-patching on boot and want to hot-patch their thunk to
>> different code sequences. They can write this custom thunk and use
>> `-mretpoline-external-thunk` *in addition* to `-mretpoline`. In this
>> case, on x86-64 thu thunk names must be:
>> ```
>>   

Re: r323155 - Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715, "Branch Target

[Chandler Carruth via cfe-commits]

+Hans Wennborg  +tstel...@redhat.com


So the retpoline patch series we should get back ported start with this
revision and have two follow ups:
r323155
r323288
r323915

+Reid Kleckner  was going to look at doing the (likely more
involved) backport to the 5 branch

On Mon, Jan 22, 2018 at 2:06 PM Chandler Carruth via cfe-commits <
cfe-commits@lists.llvm.org> wrote:

> Author: chandlerc
> Date: Mon Jan 22 14:05:25 2018
> New Revision: 323155
>
> URL: http://llvm.org/viewvc/llvm-project?rev=323155=rev
> Log:
> Introduce the "retpoline" x86 mitigation technique for variant #2 of the
> speculative execution vulnerabilities disclosed today, specifically
> identified by CVE-2017-5715, "Branch Target Injection", and is one of the
> two halves to Spectre..
>
> Summary:
> First, we need to explain the core of the vulnerability. Note that this
> is a very incomplete description, please see the Project Zero blog post
> for details:
>
> https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
>
> The basis for branch target injection is to direct speculative execution
> of the processor to some "gadget" of executable code by poisoning the
> prediction of indirect branches with the address of that gadget. The
> gadget in turn contains an operation that provides a side channel for
> reading data. Most commonly, this will look like a load of secret data
> followed by a branch on the loaded value and then a load of some
> predictable cache line. The attacker then uses timing of the processors
> cache to determine which direction the branch took *in the speculative
> execution*, and in turn what one bit of the loaded value was. Due to the
> nature of these timing side channels and the branch predictor on Intel
> processors, this allows an attacker to leak data only accessible to
> a privileged domain (like the kernel) back into an unprivileged domain.
>
> The goal is simple: avoid generating code which contains an indirect
> branch that could have its prediction poisoned by an attacker. In many
> cases, the compiler can simply use directed conditional branches and
> a small search tree. LLVM already has support for lowering switches in
> this way and the first step of this patch is to disable jump-table
> lowering of switches and introduce a pass to rewrite explicit indirectbr
> sequences into a switch over integers.
>
> However, there is no fully general alternative to indirect calls. We
> introduce a new construct we call a "retpoline" to implement indirect
> calls in a non-speculatable way. It can be thought of loosely as
> a trampoline for indirect calls which uses the RET instruction on x86.
> Further, we arrange for a specific call->ret sequence which ensures the
> processor predicts the return to go to a controlled, known location. The
> retpoline then "smashes" the return address pushed onto the stack by the
> call with the desired target of the original indirect call. The result
> is a predicted return to the next instruction after a call (which can be
> used to trap speculative execution within an infinite loop) and an
> actual indirect branch to an arbitrary address.
>
> On 64-bit x86 ABIs, this is especially easily done in the compiler by
> using a guaranteed scratch register to pass the target into this device.
> For 32-bit ABIs there isn't a guaranteed scratch register and so several
> different retpoline variants are introduced to use a scratch register if
> one is available in the calling convention and to otherwise use direct
> stack push/pop sequences to pass the target address.
>
> This "retpoline" mitigation is fully described in the following blog
> post: https://support.google.com/faqs/answer/7625886
>
> We also support a target feature that disables emission of the retpoline
> thunk by the compiler to allow for custom thunks if users want them.
> These are particularly useful in environments like kernels that
> routinely do hot-patching on boot and want to hot-patch their thunk to
> different code sequences. They can write this custom thunk and use
> `-mretpoline-external-thunk` *in addition* to `-mretpoline`. In this
> case, on x86-64 thu thunk names must be:
> ```
>   __llvm_external_retpoline_r11
> ```
> or on 32-bit:
> ```
>   __llvm_external_retpoline_eax
>   __llvm_external_retpoline_ecx
>   __llvm_external_retpoline_edx
>   __llvm_external_retpoline_push
> ```
> And the target of the retpoline is passed in the named register, or in
> the case of the `push` suffix on the top of the stack via a `pushl`
> instruction.
>
> There is one other important source of indirect branches in x86 ELF
> binaries: the PLT. These patches also include support for LLD to
> generate PLT entries that perform a retpoline-style indirection.
>
> The only other indirect branches remaining that we are aware of are from
> precompiled runtimes (such as crt0.o and similar). The ones we have
> found are not really attackable, and so 

r323155 - Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715, "Branch Target Injec

[Chandler Carruth via cfe-commits]

Author: chandlerc
Date: Mon Jan 22 14:05:25 2018
New Revision: 323155

URL: http://llvm.org/viewvc/llvm-project?rev=323155=rev
Log:
Introduce the "retpoline" x86 mitigation technique for variant #2 of the 
speculative execution vulnerabilities disclosed today, specifically identified 
by CVE-2017-5715, "Branch Target Injection", and is one of the two halves to 
Spectre..

Summary:
First, we need to explain the core of the vulnerability. Note that this
is a very incomplete description, please see the Project Zero blog post
for details:
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

The basis for branch target injection is to direct speculative execution
of the processor to some "gadget" of executable code by poisoning the
prediction of indirect branches with the address of that gadget. The
gadget in turn contains an operation that provides a side channel for
reading data. Most commonly, this will look like a load of secret data
followed by a branch on the loaded value and then a load of some
predictable cache line. The attacker then uses timing of the processors
cache to determine which direction the branch took *in the speculative
execution*, and in turn what one bit of the loaded value was. Due to the
nature of these timing side channels and the branch predictor on Intel
processors, this allows an attacker to leak data only accessible to
a privileged domain (like the kernel) back into an unprivileged domain.

The goal is simple: avoid generating code which contains an indirect
branch that could have its prediction poisoned by an attacker. In many
cases, the compiler can simply use directed conditional branches and
a small search tree. LLVM already has support for lowering switches in
this way and the first step of this patch is to disable jump-table
lowering of switches and introduce a pass to rewrite explicit indirectbr
sequences into a switch over integers.

However, there is no fully general alternative to indirect calls. We
introduce a new construct we call a "retpoline" to implement indirect
calls in a non-speculatable way. It can be thought of loosely as
a trampoline for indirect calls which uses the RET instruction on x86.
Further, we arrange for a specific call->ret sequence which ensures the
processor predicts the return to go to a controlled, known location. The
retpoline then "smashes" the return address pushed onto the stack by the
call with the desired target of the original indirect call. The result
is a predicted return to the next instruction after a call (which can be
used to trap speculative execution within an infinite loop) and an
actual indirect branch to an arbitrary address.

On 64-bit x86 ABIs, this is especially easily done in the compiler by
using a guaranteed scratch register to pass the target into this device.
For 32-bit ABIs there isn't a guaranteed scratch register and so several
different retpoline variants are introduced to use a scratch register if
one is available in the calling convention and to otherwise use direct
stack push/pop sequences to pass the target address.

This "retpoline" mitigation is fully described in the following blog
post: https://support.google.com/faqs/answer/7625886

We also support a target feature that disables emission of the retpoline
thunk by the compiler to allow for custom thunks if users want them.
These are particularly useful in environments like kernels that
routinely do hot-patching on boot and want to hot-patch their thunk to
different code sequences. They can write this custom thunk and use
`-mretpoline-external-thunk` *in addition* to `-mretpoline`. In this
case, on x86-64 thu thunk names must be:
```
  __llvm_external_retpoline_r11
```
or on 32-bit:
```
  __llvm_external_retpoline_eax
  __llvm_external_retpoline_ecx
  __llvm_external_retpoline_edx
  __llvm_external_retpoline_push
```
And the target of the retpoline is passed in the named register, or in
the case of the `push` suffix on the top of the stack via a `pushl`
instruction.

There is one other important source of indirect branches in x86 ELF
binaries: the PLT. These patches also include support for LLD to
generate PLT entries that perform a retpoline-style indirection.

The only other indirect branches remaining that we are aware of are from
precompiled runtimes (such as crt0.o and similar). The ones we have
found are not really attackable, and so we have not focused on them
here, but eventually these runtimes should also be replicated for
retpoline-ed configurations for completeness.

For kernels or other freestanding or fully static executables, the
compiler switch `-mretpoline` is sufficient to fully mitigate this
particular attack. For dynamic executables, you must compile *all*
libraries with `-mretpoline` and additionally link the dynamic
executable and all shared libraries with LLD and pass `-z retpolineplt`
(or use similar functionality from some other linker). We strongly
recommend also using `-z now` as non-lazy binding