[all-commits] [llvm/llvm-project] f5be39: [AArch64][PAC] Precommit tests for handling ptraut...

Anatoly Trosinenko via All-commits all-commits at lists.llvm.org
Wed Jul 16 11:27:50 PDT 2025 

  Branch: refs/heads/users/atrosinenko/pauth-gvn-blend-intrinsic
  Home:   https://github.com/llvm/llvm-project
  Commit: f5be3934b58928bafe16bb1890de9558371ef26a
      https://github.com/llvm/llvm-project/commit/f5be3934b58928bafe16bb1890de9558371ef26a
  Author: Anatoly Trosinenko <atrosinenko at accesssoftek.com>
  Date:   2025-07-16 (Wed, 16 Jul 2025)

  Changed paths:
    A llvm/test/CodeGen/AArch64/ptrauth-discriminator-components.ll

  Log Message:
  -----------
  [AArch64][PAC] Precommit tests for handling ptrauth.blend in GVN


  Commit: 33740bf242a372062a523314be2103653f7168a7
      https://github.com/llvm/llvm-project/commit/33740bf242a372062a523314be2103653f7168a7
  Author: Anatoly Trosinenko <atrosinenko at accesssoftek.com>
  Date:   2025-07-16 (Wed, 16 Jul 2025)

  Changed paths:
    M llvm/lib/Transforms/Scalar/GVN.cpp
    M llvm/test/CodeGen/AArch64/ptrauth-discriminator-components.ll

  Log Message:
  -----------
  [AArch64][PAC] Skip llvm.ptrauth.blend intrinsic in GVN PRE

The instruction selector on AArch64 implements a best-effort heuristic
to detect the discriminator being computed by llvm.ptrauth.blend
intrinsic. If such pattern is detected, then address and immediate
discriminator components are emitted as two separate operands of the
corresponding pseudo instruction, which is not expanded until
AsmPrinter. This helps enforcing the hard-coded immediate modifier even
when the address part of the discriminator can be modified by an
attacker, something along the lines

    mov     x8, x20
    movk    x8, #1234, #48
    pacda   x0, x8
    // ...
    bl      callee
    mov     x8, x20        // address in x20 can be modified
    movk    x8, #1234, #48 // immediate modifier is enforced
    pacda   x0, x8

instead of reloading a previously computed discriminator value from the
stack (can be modified by an attacker under Pointer Authentication
threat model) or keeping it in a callee-saved register (may be spilled
to the stack in callee):

    movk    x20, #1234, #48
    pacda   x0, x20
    // ...
    bl      callee
    pacda   x0, x20         // the entire discriminator can be modified


Compare: https://github.com/llvm/llvm-project/compare/5a2093922f49...33740bf242a3

To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications

More information about the All-commits mailing list