Hello LLVM Community,
Today, a new vulnerability called Load Value Injection (LVI) has been disclosed.
A brief document describing the vulnerability can be found here: https://software.intel.com/security-software-guidance/software-guidance/load-value-injection
A more detailed document can be found here: https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection
A complete patch to LLVM has been pushed to Phabricator: https://reviews.llvm.org/D75938
The complete patch has been decomposed into 5 sub-patches:
A plugin that uses the SYMPHONY Mixed Integer-Linear Programming (MILP) solver to provide optimal mitigation can be found here: https://github.com/intel/lvi-llvm-optimization-plugin
(If this link does not work, then the following link might: https://github.com/intel/LLVM-Optimization-Plugin)
A document describing the optimization in more detail will also be published shortly.
Thanks and Regards,