[all-commits] [llvm/llvm-project] 26d318: Add support for Windows Secure Hot-Patching (#138972)

sivadeilra via All-commits all-commits at lists.llvm.org
Tue Jun 24 09:23:00 PDT 2025 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 26d318e4a9437f95b6a2e7abace5f2b867c88a3e
      https://github.com/llvm/llvm-project/commit/26d318e4a9437f95b6a2e7abace5f2b867c88a3e
  Author: sivadeilra <ardavis at microsoft.com>
  Date:   2025-06-24 (Tue, 24 Jun 2025)

  Changed paths:
    M clang/include/clang/Basic/CodeGenOptions.h
    M clang/include/clang/Driver/Options.td
    M clang/lib/CodeGen/CGCall.cpp
    M clang/lib/CodeGen/CodeGenModule.cpp
    M clang/lib/CodeGen/CodeGenModule.h
    M clang/lib/Driver/ToolChains/Clang.cpp
    A clang/test/CodeGen/X86/ms-secure-hotpatch-bad-file.c
    A clang/test/CodeGen/X86/ms-secure-hotpatch-cpp.cpp
    A clang/test/CodeGen/X86/ms-secure-hotpatch-eh.cpp
    A clang/test/CodeGen/X86/ms-secure-hotpatch-globals.c
    A clang/test/CodeGen/X86/ms-secure-hotpatch-lto.c
    A clang/test/CodeGen/X86/ms-secure-hotpatch.c
    M llvm/include/llvm/CodeGen/Passes.h
    M llvm/include/llvm/DebugInfo/CodeView/CodeViewSymbols.def
    M llvm/include/llvm/DebugInfo/CodeView/SymbolRecord.h
    M llvm/include/llvm/IR/Attributes.td
    M llvm/include/llvm/InitializePasses.h
    M llvm/lib/CodeGen/AsmPrinter/CodeViewDebug.cpp
    M llvm/lib/CodeGen/AsmPrinter/CodeViewDebug.h
    M llvm/lib/CodeGen/CMakeLists.txt
    M llvm/lib/CodeGen/TargetPassConfig.cpp
    A llvm/lib/CodeGen/WindowsSecureHotPatching.cpp
    M llvm/lib/DebugInfo/CodeView/SymbolDumper.cpp
    M llvm/lib/DebugInfo/CodeView/SymbolRecordMapping.cpp
    M llvm/lib/ObjectYAML/CodeViewYAMLSymbols.cpp
    A llvm/test/CodeGen/X86/ms-secure-hotpatch-attr.ll
    A llvm/test/CodeGen/X86/ms-secure-hotpatch-bad-file.ll
    A llvm/test/CodeGen/X86/ms-secure-hotpatch-direct-global-access.ll
    A llvm/test/CodeGen/X86/ms-secure-hotpatch-functions-file.ll
    A llvm/test/CodeGen/X86/ms-secure-hotpatch-functions-list.ll
    M llvm/tools/llvm-pdbutil/MinimalSymbolDumper.cpp

  Log Message:
  -----------
  Add support for Windows Secure Hot-Patching (#138972)

This PR adds some of the support needed for Windows hot-patching.

Windows implements a form of hot-patching. This allows patches to be
applied to Windows apps, drivers, and the kernel, without rebooting or
restarting any of these components. Hot-patching is a complex technology
and requires coordination between the OS, compilers, linkers, and
additional tools.

This PR adds support to Clang and LLVM for part of the hot-patching
process. It enables LLVM to generate the required code changes and to
generate CodeView symbols which identify hot-patched functions. The PR
provides new command-line arguments to Clang which allow developers to
identify the list of functions that need to be hot-patched. This PR also
allows LLVM to directly receive the list of functions to be modified, so
that language front-ends which have not yet been modified (such as Rust)
can still make use of hot-patching.

This PR:

* Adds a `MarkedForWindowsHotPatching` LLVM function attribute. This
attribute indicates that a function should be _hot-patched_. This
generates a new CodeView symbol, `S_HOTPATCHFUNC`, which identifies any
function that has been hot-patched. This attribute also causes accesses
to global variables to be indirected through a `_ref_*` global variable.
This allows hot-patched functions to access the correct version of a
global variable; the hot-patched code needs to access the variable in
the _original_ image, not the patch image.
* Adds a `AllowDirectAccessInHotPatchFunction` LLVM attribute. This
attribute may be placed on global variable declarations. It indicates
that the variable may be safely accessed without the `_ref_*`
indirection.
* Adds two Clang command-line parameters: `-fms-hotpatch-functions-file`
and `-fms-hotpatch-functions-list`. The `-file` flag may point to a text
file, which contains a list of functions to be hot-patched (one function
name per line). The `-list` flag simply directly identifies functions to
be patched, using a comma-separated list. These two command-line
parameters may also be combined; the final set of functions to be
hot-patched is the union of the two sets.
* Adds similar LLVM command-line parameters:
`--ms-hotpatch-functions-file` and `--ms-hotpatch-functions-list`.
* Adds integration tests for both LLVM and Clang.
* Adds support for dumping the new `S_HOTPATCHFUNC` CodeView symbol.

Although the flags are redundant between Clang and LLVM, this allows
additional languages (such as Rust) to take advantage of hot-patching
support before they have been modified to generate the required
attributes.

Credit to @dpaoliello, who wrote the original form of this patch.



To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications

More information about the All-commits mailing list