[all-commits] [llvm/llvm-project] 794a84: [AArch64][PAC] Precommit tests for handling ptraut...

Anatoly Trosinenko via All-commits all-commits at lists.llvm.org
Thu Jul 10 07:01:33 PDT 2025 

  Branch: refs/heads/users/atrosinenko/pauth-gvn-blend-intrinsic
  Home:   https://github.com/llvm/llvm-project
  Commit: 794a84e68a91374646d18d0bd3a789b1f717022e
      https://github.com/llvm/llvm-project/commit/794a84e68a91374646d18d0bd3a789b1f717022e
  Author: Anatoly Trosinenko <atrosinenko at accesssoftek.com>
  Date:   2025-07-10 (Thu, 10 Jul 2025)

  Changed paths:
    A llvm/test/CodeGen/AArch64/ptrauth-discriminator-components.ll

  Log Message:
  -----------
  [AArch64][PAC] Precommit tests for handling ptrauth.blend in GVN


  Commit: b365cfe87b0f034caadc54cdd1b63a470624e98f
      https://github.com/llvm/llvm-project/commit/b365cfe87b0f034caadc54cdd1b63a470624e98f
  Author: Anatoly Trosinenko <atrosinenko at accesssoftek.com>
  Date:   2025-07-10 (Thu, 10 Jul 2025)

  Changed paths:
    M llvm/lib/Transforms/Scalar/GVN.cpp
    M llvm/test/CodeGen/AArch64/ptrauth-discriminator-components.ll

  Log Message:
  -----------
  [AArch64][PAC] Skip llvm.ptrauth.blend intrinsic in GVN PRE

The instruction selector on AArch64 implements a best-effort heuristic
to detect the discriminator being computed by llvm.ptrauth.blend
intrinsic. If such pattern is detected, then address and immediate
discriminator components are emitted as two separate operands of the
corresponding pseudo instruction, which is not expanded until
AsmPrinter. This helps enforcing the hard-coded immediate modifier even
when the address part of the discriminator can be modified by an
attacker, something along the lines

    mov     x8, x20
    movk    x8, #1234, #48
    pacda   x0, x8
    // ...
    bl      callee
    mov     x8, x20        // address in x20 can be modified
    movk    x8, #1234, #48 // immediate modifier is enforced
    pacda   x0, x8

instead of reloading a previously computed discriminator value from the
stack (can be modified by an attacker under Pointer Authentication
threat model) or keeping it in a callee-saved register (may be spilled
to the stack in callee):

    movk    x20, #1234, #48
    pacda   x0, x20
    // ...
    bl      callee
    pacda   x0, x20         // the entire discriminator can be modified


Compare: https://github.com/llvm/llvm-project/compare/ade3e6d694e5...b365cfe87b0f

To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications

More information about the All-commits mailing list