[all-commits] [llvm/llvm-project] c35ed4: [AArch64] Extend AArch64SLSHardeningPass to harden...

Kristof Beyls via All-commits all-commits at lists.llvm.org
Thu Jun 11 23:42:36 PDT 2020 

  Branch: refs/heads/master
  Home:   https://github.com/llvm/llvm-project
  Commit: c35ed40f4f1bd8afd709c5342b36f33c7c5b0fbd
      https://github.com/llvm/llvm-project/commit/c35ed40f4f1bd8afd709c5342b36f33c7c5b0fbd
  Author: Kristof Beyls <kristof.beyls at arm.com>
  Date:   2020-06-12 (Fri, 12 Jun 2020)

  Changed paths:
    M llvm/lib/Target/AArch64/AArch64.h
    M llvm/lib/Target/AArch64/AArch64.td
    M llvm/lib/Target/AArch64/AArch64FastISel.cpp
    M llvm/lib/Target/AArch64/AArch64FrameLowering.cpp
    M llvm/lib/Target/AArch64/AArch64InstrInfo.cpp
    M llvm/lib/Target/AArch64/AArch64InstrInfo.h
    M llvm/lib/Target/AArch64/AArch64InstrInfo.td
    M llvm/lib/Target/AArch64/AArch64SLSHardening.cpp
    M llvm/lib/Target/AArch64/AArch64Subtarget.h
    M llvm/lib/Target/AArch64/AArch64TargetMachine.cpp
    M llvm/lib/Target/AArch64/GISel/AArch64CallLowering.cpp
    M llvm/lib/Target/AArch64/GISel/AArch64InstructionSelector.cpp
    M llvm/test/CodeGen/AArch64/O0-pipeline.ll
    M llvm/test/CodeGen/AArch64/O3-pipeline.ll
    A llvm/test/CodeGen/AArch64/speculation-hardening-sls-blr.mir
    M llvm/test/CodeGen/AArch64/speculation-hardening-sls.ll

  Log Message:
  -----------
  [AArch64] Extend AArch64SLSHardeningPass to harden BLR instructions.

To make sure that no barrier gets placed on the architectural execution
path, each
  BLR x<N>
instruction gets transformed to a
  BL __llvm_slsblr_thunk_x<N>
instruction, with __llvm_slsblr_thunk_x<N> a thunk that contains
__llvm_slsblr_thunk_x<N>:
  BR x<N>
  <speculation barrier>

Therefore, the BLR instruction gets split into 2; one BL and one BR.
This transformation results in not inserting a speculation barrier on
the architectural execution path.

The mitigation is off by default and can be enabled by the
harden-sls-blr subtarget feature.

As a linker is allowed to clobber X16 and X17 on function calls, the
above code transformation would not be correct in case a linker does so
when N=16 or N=17. Therefore, when the mitigation is enabled, generation
of BLR x16 or BLR x17 is avoided.

As BLRA* indirect calls are not produced by LLVM currently, this does
not aim to implement support for those.

Differential Revision:  https://reviews.llvm.org/D81402

More information about the All-commits mailing list