[llvm] 0232f2d - [X86] Add CET test, NFC

Xiang1 Zhang via llvm-commits llvm-commits at lists.llvm.org
Fri Oct 9 18:13:30 PDT 2020 

Author: Xiang1 Zhang
Date: 2020-10-10T09:13:04+08:00
New Revision: 0232f2d36d0af5adb60c35774795e11eca0e9be2

URL: https://github.com/llvm/llvm-project/commit/0232f2d36d0af5adb60c35774795e11eca0e9be2
DIFF: https://github.com/llvm/llvm-project/commit/0232f2d36d0af5adb60c35774795e11eca0e9be2.diff

LOG: [X86] Add CET test, NFC

Added: 
    llvm/test/CodeGen/X86/cet_endbr_imm_enhance.ll

Modified: 
    

Removed: 
    


################################################################################
diff  --git a/llvm/test/CodeGen/X86/cet_endbr_imm_enhance.ll b/llvm/test/CodeGen/X86/cet_endbr_imm_enhance.ll
new file mode 100644
index 000000000000..8d0f9c75c026
--- /dev/null
+++ b/llvm/test/CodeGen/X86/cet_endbr_imm_enhance.ll
@@ -0,0 +1,112 @@
+; NOTE: Assertions have been autogenerated by utils/update_llc_test_checks.py
+; RUN: llc < %s -O2 -mtriple=x86_64-unknown-unknown -x86-indirect-branch-tracking | FileCheck %s
+
+; TBD: This test is for CET enhancement, we should replace the endbr imm.
+;
+; ENDBR32 and ENDBR64 have specific opcodes:
+; ENDBR32: F3 0F 1E FB
+; ENDBR64: F3 0F 1E FA
+; And we want that attackers won’t find unintended ENDBR32/64
+; opcode matches in the binary
+; Here’s an example:
+; If the compiler had to generate asm for the following code:
+; a = 0xF30F1EFA
+; it could, for example, generate:
+; mov 0xF30F1EFA, dword ptr[a]
+; In such a case, the binary would include a gadget that starts
+; with a fake ENDBR64 opcode. Therefore, we split such generation
+; into multiple operations, let it not shows in the binary.
+
+; 0xF30F1EFA == -217112838  ~0xF30F1EFA == 217112837 (0xCF0E105)
+; 0x000123F32E0F1EFA == 321002333478650
+; ~0x000123F32E0F1EFA == -321002333478651 (0XFFFEDC0CD1F0E105)
+
+; test for MOV64ri
+define dso_local i64 @foo(i64* %azx) #0 {
+; CHECK-LABEL: foo:
+; CHECK:       # %bb.0: # %entry
+; CHECK-NEXT:    endbr64
+; CHECK-NEXT:    movq %rdi, -{{[0-9]+}}(%rsp)
+; CHECK-NEXT:    movabsq $321002333478650, %rax # imm = 0x123F32E0F1EFA
+; CHECK-NEXT:    andq %rax, (%rdi)
+; CHECK-NEXT:    movq -{{[0-9]+}}(%rsp), %rax
+; CHECK-NEXT:    movq (%rax), %rax
+; CHECK-NEXT:    retq
+entry:
+  %azx.addr = alloca i64*, align 8
+  store i64* %azx, i64** %azx.addr, align 8
+  %0 = load i64*, i64** %azx.addr, align 8
+  %1 = load i64, i64* %0, align 8
+  %and = and i64 %1, 321002333478650
+  %2 = load i64*, i64** %azx.addr, align 8
+  store i64 %and, i64* %2, align 8
+  %3 = load i64*, i64** %azx.addr, align 8
+  %4 = load i64, i64* %3, align 8
+  ret i64 %4
+}
+
+ at bzx = dso_local local_unnamed_addr global i32 -217112837, align 4
+
+; test for AND32ri
+define dso_local i32 @foo2() local_unnamed_addr #0 {
+; CHECK-LABEL: foo2:
+; CHECK:       # %bb.0: # %entry
+; CHECK-NEXT:    endbr64
+; CHECK-NEXT:    movl {{.*}}(%rip), %eax
+; CHECK-NEXT:    addl %eax, %eax
+; CHECK-NEXT:    andl $-217112838, %eax # imm = 0xF30F1EFA
+; CHECK-NEXT:    retq
+entry:
+  %0 = load i32, i32* @bzx, align 4
+  %mul = shl nsw i32 %0, 1
+  %and = and i32 %mul, -217112838
+  ret i32 %and
+}
+
+
+ at czx = dso_local global i32 -217112837, align 4
+
+; test for AND32mi
+define dso_local nonnull i32* @foo3() local_unnamed_addr #0 {
+; CHECK-LABEL: foo3:
+; CHECK:       # %bb.0: # %entry
+; CHECK-NEXT:    endbr64
+; CHECK-NEXT:    andl $-217112838, {{.*}}(%rip) # imm = 0xF30F1EFA
+; CHECK-NEXT:    movl $czx, %eax
+; CHECK-NEXT:    retq
+entry:
+  %0 = load i32, i32* @czx, align 4
+  %and = and i32 %0, -217112838
+  store i32 %and, i32* @czx, align 4
+  ret i32* @czx
+}
+
+; test for MOV32mi
+define dso_local i32 @foo4() #0 {
+; CHECK-LABEL: foo4:
+; CHECK:       # %bb.0: # %entry
+; CHECK-NEXT:    endbr64
+; CHECK-NEXT:    movl $-217112838, -{{[0-9]+}}(%rsp) # imm = 0xF30F1EFA
+; CHECK-NEXT:    movl $-217112838, %eax # imm = 0xF30F1EFA
+; CHECK-NEXT:    retq
+entry:
+  %dzx = alloca i32, align 4
+  store i32 -217112838, i32* %dzx, align 4
+  %0 = load i32, i32* %dzx, align 4
+  ret i32 %0
+}
+
+define dso_local i64 @foo5() #0 {
+; CHECK-LABEL: foo5:
+; CHECK:       # %bb.0: # %entry
+; CHECK-NEXT:    endbr64
+; CHECK-NEXT:    movl $4077854458, %eax # imm = 0xF30F1EFA
+; CHECK-NEXT:    movq %rax, -{{[0-9]+}}(%rsp)
+; CHECK-NEXT:    movl $4077854458, %eax # imm = 0xF30F1EFA
+; CHECK-NEXT:    retq
+entry:
+  %ezx = alloca i64, align 8
+  store i64 4077854458, i64* %ezx, align 8
+  %0 = load i64, i64* %ezx, align 8
+  ret i64 %0
+}

More information about the llvm-commits mailing list