[PATCH] D47311: [X86][CET] Shadow stack fix for setjmp/longjmp
Mikhail Dvoretckii via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Fri May 25 01:11:27 PDT 2018
mike.dvoretsky added a comment.
The bug was in the emitLongJmpShadowStackFix and emitEHSjLjLongJmp. The longjmp builtin call is not a terminator, so it's followed by an "unreachable" IR instruction. The previous patch put the register restoration and the indirect branch at the end of the final basic block of the resulting code. It produced correct code on Linux, but on Mac where "unreachable" produces ud2 instructions this lead to a crash because the ud2 was left in place and ended up being before the longjmp code, regardless of whether the shadow stack fix was present. This patch moves the longjmp pseudo-instruction and the ud2 (if present) to the final basic block of the produced code and emits the longjmp logic before them, so the ud2 is correctly placed at the end of longjmp and is properly unreachable.
The code to pay attention to is the BuildMI calls in emitEHSjLjLongJmp and the code under this comment in emitLongJmpShadowStackFix (line 27894):
// Transfer the remainder of BB and its successor edges to sinkMBB.
The test has been updated to check for this bug as well, with the Mac triple and autogeneration ensuring that the ud2's position is seen in the test.
Repository:
rL LLVM
https://reviews.llvm.org/D47311
More information about the llvm-commits
mailing list