[all-commits] [llvm/llvm-project] 94676c: [llvm][AArch64] Fix an interaction of SLS and BTI ...
David Spickett via All-commits
all-commits at lists.llvm.org
Tue Feb 14 03:25:43 PST 2023
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: 94676cf8a13c511a9acfc24ed53c98964a87bde3
https://github.com/llvm/llvm-project/commit/94676cf8a13c511a9acfc24ed53c98964a87bde3
Author: David Spickett <david.spickett at linaro.org>
Date: 2023-02-14 (Tue, 14 Feb 2023)
Changed paths:
M llvm/lib/Target/AArch64/AArch64InstrInfo.td
M llvm/lib/Target/AArch64/AArch64SLSHardening.cpp
M llvm/test/CodeGen/AArch64/setjmp-bti.ll
A llvm/test/CodeGen/AArch64/speculation-hardening-sls-blr-bti.mir
Log Message:
-----------
[llvm][AArch64] Fix an interaction of SLS and BTI after a returns twice call
This fixes the combination of two things:
* Placing a BTI after calls to a returns twice function like setjmp.
This allows the setjmp to return with a br instead of a ret.
* Straight line speculation mitigations that replace BLR with a BL
to a thunk that does the mitigation, and then goes to the original
target.
Originally I marked AArch64call_bti as requiring that SLS mitigation
be disabled. This caused a crash when you tried to codegen with both.
Since CALL_BTI tried to match with AArch64call_bti but could not.
This change does 2 things:
* Follow the pattern set by AArch64call and add 2 patterns for
AArch64call_bti. One with no IP (interprocedural) registers,
and one with. For SLS mitigation on and off respectively.
* Modify the sls hardening pass to iterate through bundled
instructions, as the AArch64 KCFI pass does.
Since there is a 1:1 replacement of the BLR with a BL,
the bundle remains intact. This is checked with an MIR test.
The ir -> asm testing is updated to add runs with the sls
mitigation enabled.
Reviewed By: kristof.beyls, pzheng
Differential Revision: https://reviews.llvm.org/D143915
More information about the All-commits
mailing list