[Liftoff] Implement retpoline for indirect calls

As SSCA mitigation, use retpoline for each indirect call. We currently only support retpolines on ia32 and x64. R=titzer@chromium.org Bug: v8:6600, chromium:798964 Change-Id: I32472c15e149977b00bf923f4d87e259b7b54800 Reviewed-on: https://chromium-review.googlesource.com/1052113Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#53108}

[Liftoff] Implement retpoline for indirect calls
As SSCA mitigation, use retpoline for each indirect call. We currently only support retpolines on ia32 and x64. R=titzer@chromium.org Bug: v8:6600, chromium:798964 Change-Id: I32472c15e149977b00bf923f4d87e259b7b54800 Reviewed-on: https://chromium-review.googlesource.com/1052113Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#53108}
7d356ac4 · Clemens Hammacher · Commit Bot · c8ae9729 · 7d356ac4 · 7d356ac4
Commit 7d356ac4 authored May 09, 2018 by Clemens Hammacher Committed by Commit Bot May 09, 2018
Show whitespace changes
Inline Side-by-side

Showing with 10 additions and 4 deletions

liftoff-assembler-ia32.h src/wasm/baseline/ia32/liftoff-assembler-ia32.h +5 -3

liftoff-assembler-x64.h src/wasm/baseline/x64/liftoff-assembler-x64.h +5 -1

No files found.
--- a/src/wasm/baseline/ia32/liftoff-assembler-ia32.h
+++ b/src/wasm/baseline/ia32/liftoff-assembler-ia32.h
@@ -1565,9 +1565,11 @@ void LiftoffAssembler::CallRuntime(Zone* zone, Runtime::FunctionId fid) {
 void LiftoffAssembler::CallIndirect(wasm::FunctionSig* sig,
                                    compiler::CallDescriptor* call_descriptor,
                                    Register target) {
-  if (target == no_reg) {
+  // Since we have more cache registers than parameter registers, the
-    add(esp, Immediate(kPointerSize));
+  // {LiftoffCompiler} should always be able to place {target} in a register.
-    call(Operand(esp, -4));
+  DCHECK(target.is_valid());
+  if (FLAG_untrusted_code_mitigations) {
+    RetpolineCall(target);
  } else {
    call(target);
  }

--- a/src/wasm/baseline/x64/liftoff-assembler-x64.h
+++ b/src/wasm/baseline/x64/liftoff-assembler-x64.h
@@ -1422,7 +1422,11 @@ void LiftoffAssembler::CallIndirect(wasm::FunctionSig* sig,
    popq(kScratchRegister);
    target = kScratchRegister;
  }
+  if (FLAG_untrusted_code_mitigations) {
+    RetpolineCall(target);
+  } else {
    call(target);
+  }
 }
 void LiftoffAssembler::AllocateStackSlot(Register addr, uint32_t size) {