[all-commits] [llvm/llvm-project] b7db0c: [BOLT] Gadget scanner: prevent false positives due...
Anatoly Trosinenko via All-commits
all-commits at lists.llvm.org
Wed May 7 07:38:51 PDT 2025
Branch: refs/heads/users/atrosinenko/bolt-gs-safe-jump-tables
Home: https://github.com/llvm/llvm-project
Commit: b7db0ca9eab961e4427c8c1c5f55935c9e0f2d53
https://github.com/llvm/llvm-project/commit/b7db0ca9eab961e4427c8c1c5f55935c9e0f2d53
Author: Anatoly Trosinenko <atrosinenko at accesssoftek.com>
Date: 2025-05-07 (Wed, 07 May 2025)
Changed paths:
M bolt/include/bolt/Core/MCInstUtils.h
M bolt/include/bolt/Core/MCPlusBuilder.h
M bolt/lib/Core/MCInstUtils.cpp
M bolt/lib/Passes/PAuthGadgetScanner.cpp
M bolt/lib/Target/AArch64/AArch64MCPlusBuilder.cpp
A bolt/test/binary-analysis/AArch64/gs-pauth-jump-table.s
Log Message:
-----------
[BOLT] Gadget scanner: prevent false positives due to jump tables
As part of PAuth hardening, AArch64 LLVM backend can use a special
BR_JumpTable pseudo (enabled by -faarch64-jump-table-hardening
Clang option) which is expanded in the AsmPrinter into a contiguous
sequence without unsafe instructions in the middle.
This commit adds another target-specific callback to MCPlusBuilder
to make it possible to inhibit false positives for known-safe jump
table dispatch sequences. Without special handling, the branch
instruction is likely to be reported as a non-protected call (as its
destination is not produced by an auth instruction, PC-relative address
materialization, etc.) and possibly as a tail call being performed with
unsafe link register (as the detection whether the branch instruction
is a tail call is an heuristic).
For now, only the specific instruction sequence used by the AArch64
LLVM backend is matched.
To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications
More information about the All-commits
mailing list