[all-commits] [llvm/llvm-project] 225fd0: [AArch64][PAC] Precommit tests for handling ptraut...

Anatoly Trosinenko via All-commits all-commits at lists.llvm.org
Wed Jul 9 12:56:39 PDT 2025 

  Branch: refs/heads/users/atrosinenko/pauth-gvn-blend-intrinsic
  Home:   https://github.com/llvm/llvm-project
  Commit: 225fd09282747000026627ae2ca0a0952e014309
      https://github.com/llvm/llvm-project/commit/225fd09282747000026627ae2ca0a0952e014309
  Author: Anatoly Trosinenko <atrosinenko at accesssoftek.com>
  Date:   2025-07-09 (Wed, 09 Jul 2025)

  Changed paths:
    A llvm/test/CodeGen/AArch64/ptrauth-discriminator-components.ll

  Log Message:
  -----------
  [AArch64][PAC] Precommit tests for handling ptrauth.blend in GVN


  Commit: 2b0e4cb7556a75c057ce0917f03682e3592a26d2
      https://github.com/llvm/llvm-project/commit/2b0e4cb7556a75c057ce0917f03682e3592a26d2
  Author: Anatoly Trosinenko <atrosinenko at accesssoftek.com>
  Date:   2025-07-09 (Wed, 09 Jul 2025)

  Changed paths:
    M llvm/lib/Transforms/Scalar/GVN.cpp
    M llvm/test/CodeGen/AArch64/ptrauth-discriminator-components.ll

  Log Message:
  -----------
  [AArch64][PAC] Skip llvm.ptrauth.blend intrinsic in GVN PRE

The instruction selector on AArch64 implements a best-effort heuristic
to detect the discriminator being computed by llvm.ptrauth.blend
intrinsic. If such pattern is detected, then address and immediate
discriminator components are emitted as two separate operands of the
corresponding pseudo instruction, which is not expanded until
AsmPrinter. This helps enforcing the hard-coded immediate modifier even
when the address part of the discriminator can be modified by an
attacker, something along the lines

    mov     x8, x20
    movk    x8, #1234, #48
    pacda   x0, x8
    // ...
    bl      callee
    mov     x8, x20        // address in x20 can be modified
    movk    x8, #1234, #48 // immediate modifier is enforced
    pacda   x0, x8

instead of reloading a previously computed discriminator value from the
stack (can be modified by an attacker under Pointer Authentication
threat model) or keeping it in a callee-saved register (may be spilled
to the stack in callee):

    movk    x20, #1234, #48
    pacda   x0, x20
    // ...
    bl      callee
    pacda   x0, x20         // the entire discriminator can be modified


Compare: https://github.com/llvm/llvm-project/compare/225fd0928274%5E...2b0e4cb7556a

To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications

More information about the All-commits mailing list