diff options
| author | H.J. Lu <hjl.tools@gmail.com> | 2020-03-11 09:46:19 -0700 |
|---|---|---|
| committer | H.J. Lu <hjl.tools@gmail.com> | 2020-03-11 09:46:19 -0700 |
| commit | ae531041c7c5956672342f89c486a011c84f027f (patch) | |
| tree | 725d546c60204a155b8192591ab3011eb633e1ca /gas/doc | |
| parent | 5a13315d1c6993ab84075ff94797eb8c6da1f20b (diff) | |
| download | gdb-ae531041c7c5956672342f89c486a011c84f027f.zip gdb-ae531041c7c5956672342f89c486a011c84f027f.tar.gz gdb-ae531041c7c5956672342f89c486a011c84f027f.tar.bz2 | |
i386: Generate lfence with load/indirect branch/ret [CVE-2020-0551]
Add 3 command-line options to generate lfence for load, indirect near
branch and ret to help mitigate:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0551
1. -mlfence-after-load=[no|yes]:
-mlfence-after-load=yes generates lfence after load instructions.
2. -mlfence-before-indirect-branch=[none|all|memory|register]:
a. -mlfence-before-indirect-branch=all generates lfence before indirect
near branches via register and a warning before indirect near branches
via memory.
b. -mlfence-before-indirect-branch=memory issue a warning before
indirect near branches via memory.
c. -mlfence-before-indirect-branch=register generates lfence before
indirect near branches via register.
Note that lfence won't be generated before indirect near branches via
register with -mlfence-after-load=yes since lfence will be generated
after loading branch target register.
3. -mlfence-before-ret=[none|or|not]
a. -mlfence-before-ret=or generates or with lfence before ret.
b. -mlfence-before-ret=not generates not with lfence before ret.
A warning will be issued and lfence won't be generated before indirect
near branch and ret if the previous item is a prefix or a constant
directive, which may be used to hardcode an instruction, since there
is no clear instruction boundary.
* config/tc-i386.c (lfence_after_load): New.
(lfence_before_indirect_branch_kind): New.
(lfence_before_indirect_branch): New.
(lfence_before_ret_kind): New.
(lfence_before_ret): New.
(last_insn): New.
(load_insn_p): New.
(insert_lfence_after): New.
(insert_lfence_before): New.
(md_assemble): Call insert_lfence_before and insert_lfence_after.
Set last_insn.
(OPTION_MLFENCE_AFTER_LOAD): New.
(OPTION_MLFENCE_BEFORE_INDIRECT_BRANCH): New.
(OPTION_MLFENCE_BEFORE_RET): New.
(md_longopts): Add -mlfence-after-load=,
-mlfence-before-indirect-branch= and -mlfence-before-ret=.
(md_parse_option): Handle -mlfence-after-load=,
-mlfence-before-indirect-branch= and -mlfence-before-ret=.
(md_show_usage): Display -mlfence-after-load=,
-mlfence-before-indirect-branch= and -mlfence-before-ret=.
(i386_cons_align): New.
* config/tc-i386.h (i386_cons_align): New.
(md_cons_align): New.
* doc/c-i386.texi: Document -mlfence-after-load=,
-mlfence-before-indirect-branch= and -mlfence-before-ret=.
Diffstat (limited to 'gas/doc')
| -rw-r--r-- | gas/doc/c-i386.texi | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/gas/doc/c-i386.texi b/gas/doc/c-i386.texi index c536759..1dd99f9 100644 --- a/gas/doc/c-i386.texi +++ b/gas/doc/c-i386.texi @@ -464,6 +464,49 @@ on an instruction. It is equivalent to @option{-malign-branch-prefix-size=5}. The default doesn't align branches. +@cindex @samp{-mlfence-after-load=} option, i386 +@cindex @samp{-mlfence-after-load=} option, x86-64 +@item -mlfence-after-load=@var{no} +@itemx -mlfence-after-load=@var{yes} +These options control whether the assembler should generate lfence +after load instructions. @option{-mlfence-after-load=@var{yes}} will +generate lfence. @option{-mlfence-after-load=@var{no}} will not generate +lfence, which is the default. + +@cindex @samp{-mlfence-before-indirect-branch=} option, i386 +@cindex @samp{-mlfence-before-indirect-branch=} option, x86-64 +@item -mlfence-before-indirect-branch=@var{none} +@item -mlfence-before-indirect-branch=@var{all} +@item -mlfence-before-indirect-branch=@var{register} +@itemx -mlfence-before-indirect-branch=@var{memory} +These options control whether the assembler should generate lfence +after indirect near branch instructions. +@option{-mlfence-before-indirect-branch=@var{all}} will generate lfence +after indirect near branch via register and issue a warning before +indirect near branch via memory. +@option{-mlfence-before-indirect-branch=@var{register}} will generate +lfence after indirect near branch via register. +@option{-mlfence-before-indirect-branch=@var{memory}} will issue a +warning before indirect near branch via memory. +@option{-mlfence-before-indirect-branch=@var{none}} will not generate +lfence nor issue warning, which is the default. Note that lfence won't +be generated before indirect near branch via register with +@option{-mlfence-after-load=@var{yes}} since lfence will be generated +after loading branch target register. + +@cindex @samp{-mlfence-before-ret=} option, i386 +@cindex @samp{-mlfence-before-ret=} option, x86-64 +@item -mlfence-before-ret=@var{none} +@item -mlfence-before-ret=@var{or} +@itemx -mlfence-before-ret=@var{not} +These options control whether the assembler should generate lfence +before ret. @option{-mlfence-before-ret=@var{or}} will generate +generate or instruction with lfence. +@option{-mlfence-before-ret=@var{not}} will generate not instruction +with lfence. +@option{-mlfence-before-ret=@var{none}} will not generate lfence, +which is the default. + @cindex @samp{-mx86-used-note=} option, i386 @cindex @samp{-mx86-used-note=} option, x86-64 @item -mx86-used-note=@var{no} |