[all-commits] [llvm/llvm-project] 6419bb: [AArch64][PAC] Precommit tests for handling ptraut...

Anatoly Trosinenko via All-commits all-commits at lists.llvm.org
Thu Jul 10 11:49:52 PDT 2025 

  Branch: refs/heads/users/atrosinenko/pauth-gvn-blend-intrinsic
  Home:   https://github.com/llvm/llvm-project
  Commit: 6419bb442bee2270568d8a1dba551e85f247e2ca
      https://github.com/llvm/llvm-project/commit/6419bb442bee2270568d8a1dba551e85f247e2ca
  Author: Anatoly Trosinenko <atrosinenko at accesssoftek.com>
  Date:   2025-07-10 (Thu, 10 Jul 2025)

  Changed paths:
    A llvm/test/CodeGen/AArch64/ptrauth-discriminator-components.ll

  Log Message:
  -----------
  [AArch64][PAC] Precommit tests for handling ptrauth.blend in GVN


  Commit: ef3fdc6021bd689503f9e5ef1317ef79f8c67c33
      https://github.com/llvm/llvm-project/commit/ef3fdc6021bd689503f9e5ef1317ef79f8c67c33
  Author: Anatoly Trosinenko <atrosinenko at accesssoftek.com>
  Date:   2025-07-10 (Thu, 10 Jul 2025)

  Changed paths:
    M llvm/lib/Transforms/Scalar/GVN.cpp
    M llvm/test/CodeGen/AArch64/ptrauth-discriminator-components.ll

  Log Message:
  -----------
  [AArch64][PAC] Skip llvm.ptrauth.blend intrinsic in GVN PRE

The instruction selector on AArch64 implements a best-effort heuristic
to detect the discriminator being computed by llvm.ptrauth.blend
intrinsic. If such pattern is detected, then address and immediate
discriminator components are emitted as two separate operands of the
corresponding pseudo instruction, which is not expanded until
AsmPrinter. This helps enforcing the hard-coded immediate modifier even
when the address part of the discriminator can be modified by an
attacker, something along the lines

    mov     x8, x20
    movk    x8, #1234, #48
    pacda   x0, x8
    // ...
    bl      callee
    mov     x8, x20        // address in x20 can be modified
    movk    x8, #1234, #48 // immediate modifier is enforced
    pacda   x0, x8

instead of reloading a previously computed discriminator value from the
stack (can be modified by an attacker under Pointer Authentication
threat model) or keeping it in a callee-saved register (may be spilled
to the stack in callee):

    movk    x20, #1234, #48
    pacda   x0, x20
    // ...
    bl      callee
    pacda   x0, x20         // the entire discriminator can be modified


Compare: https://github.com/llvm/llvm-project/compare/b365cfe87b0f...ef3fdc6021bd

To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications

More information about the All-commits mailing list