[PATCH] D81405: [AArch64] Avoid incompatibility between SLSBLR mitigation and BTI codegen.

Kristof Beyls via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Wed Jun 10 07:37:41 PDT 2020 

kristof.beyls updated this revision to Diff 269840.
kristof.beyls edited the summary of this revision.
kristof.beyls added a comment.

Based on the review feedback that using X16 or X17 could be problematic since a linker can clobber those registers on a call, this patch goes for a different approach to achieve compatibility with BTI-enabled callees.
It simply moves the register to be called always to be in X16, and then does BR X16.
It seems it's simplest to do that unconditionally, as it may not always be easy to find out if the call target has been BTI-enabled.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D81405/new/

https://reviews.llvm.org/D81405

Files:
  llvm/lib/Target/AArch64/AArch64SLSHardening.cpp
  llvm/test/CodeGen/AArch64/speculation-hardening-sls.ll


Index: llvm/test/CodeGen/AArch64/speculation-hardening-sls.ll
===================================================================
--- llvm/test/CodeGen/AArch64/speculation-hardening-sls.ll
+++ llvm/test/CodeGen/AArch64/speculation-hardening-sls.ll
@@ -168,14 +168,16 @@
 }
 
 ; HARDEN-label: __llvm_slsblr_thunk_x0:
-; HARDEN:    br x0
+; HARDEN:    mov x16, x0
+; HARDEN:    br x16
 ; ISBDSB-NEXT: dsb sy
 ; ISBDSB-NEXT: isb
 ; SB-NEXT:     dsb sy
 ; SB-NEXT:     isb
 ; HARDEN-NEXT: .Lfunc_end
 ; HARDEN-label: __llvm_slsblr_thunk_x19:
-; HARDEN:    br x19
+; HARDEN:    mov x16, x19
+; HARDEN:    br x16
 ; ISBDSB-NEXT: dsb sy
 ; ISBDSB-NEXT: isb
 ; SB-NEXT:     dsb sy
Index: llvm/lib/Target/AArch64/AArch64SLSHardening.cpp
===================================================================
--- llvm/lib/Target/AArch64/AArch64SLSHardening.cpp
+++ llvm/lib/Target/AArch64/AArch64SLSHardening.cpp
@@ -217,7 +217,12 @@
   //      BR xN
   //      barrierInsts
   Entry->addLiveIn(ThunkReg);
-  BuildMI(Entry, DebugLoc(), TII->get(AArch64::BR)).addReg(ThunkReg);
+  // MOV X16, ThunkReg == ORR X16, XZR, ThunkReg, LSL #0
+  BuildMI(Entry, DebugLoc(), TII->get(AArch64::ORRXrs), AArch64::X16)
+      .addReg(AArch64::XZR)
+      .addReg(ThunkReg)
+      .addImm(0);
+  BuildMI(Entry, DebugLoc(), TII->get(AArch64::BR)).addReg(AArch64::X16);
   // Make sure the thunks do not make use of the SB extension in case there is
   // a function somewhere that will call to it that for some reason disabled
   // the SB extension locally on that function, even though it's enabled for


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D81405.269840.patch
Type: text/x-patch
Size: 1577 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20200610/aab9b994/attachment-0001.bin>

More information about the llvm-commits mailing list