[all-commits] [llvm/llvm-project] 1ec519: [AArch64][PAC] Precommit tests for handling ptraut...

Anatoly Trosinenko via All-commits all-commits at lists.llvm.org
Mon Jul 21 06:39:37 PDT 2025 

  Branch: refs/heads/users/atrosinenko/pauth-gvn-blend-intrinsic
  Home:   https://github.com/llvm/llvm-project
  Commit: 1ec5197989e4b8833b05357058beb3f7b463eed4
      https://github.com/llvm/llvm-project/commit/1ec5197989e4b8833b05357058beb3f7b463eed4
  Author: Anatoly Trosinenko <atrosinenko at accesssoftek.com>
  Date:   2025-07-21 (Mon, 21 Jul 2025)

  Changed paths:
    A llvm/test/CodeGen/AArch64/ptrauth-discriminator-components.ll

  Log Message:
  -----------
  [AArch64][PAC] Precommit tests for handling ptrauth.blend in GVN


  Commit: 3fdf8bbfc930e6be66e273e7a227353c58fd7d55
      https://github.com/llvm/llvm-project/commit/3fdf8bbfc930e6be66e273e7a227353c58fd7d55
  Author: Anatoly Trosinenko <atrosinenko at accesssoftek.com>
  Date:   2025-07-21 (Mon, 21 Jul 2025)

  Changed paths:
    M llvm/lib/Transforms/Scalar/GVN.cpp
    M llvm/test/CodeGen/AArch64/ptrauth-discriminator-components.ll

  Log Message:
  -----------
  [AArch64][PAC] Skip llvm.ptrauth.blend intrinsic in GVN PRE

The instruction selector on AArch64 implements a best-effort heuristic
to detect the discriminator being computed by llvm.ptrauth.blend
intrinsic. If such pattern is detected, then address and immediate
discriminator components are emitted as two separate operands of the
corresponding pseudo instruction, which is not expanded until
AsmPrinter. This helps enforcing the hard-coded immediate modifier even
when the address part of the discriminator can be modified by an
attacker, something along the lines

    mov     x8, x20
    movk    x8, #1234, #48
    pacda   x0, x8
    // ...
    bl      callee
    mov     x8, x20        // address in x20 can be modified
    movk    x8, #1234, #48 // immediate modifier is enforced
    pacda   x0, x8

instead of reloading a previously computed discriminator value from the
stack (can be modified by an attacker under Pointer Authentication
threat model) or keeping it in a callee-saved register (may be spilled
to the stack in callee):

    movk    x20, #1234, #48
    pacda   x0, x20
    // ...
    bl      callee
    pacda   x0, x20         // the entire discriminator can be modified


Compare: https://github.com/llvm/llvm-project/compare/33740bf242a3...3fdf8bbfc930

To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications

More information about the All-commits mailing list