r340019 - [AArch64] - return address signing
Luke Cheeseman via cfe-commits
cfe-commits at lists.llvm.org
Fri Aug 17 05:55:05 PDT 2018
Author: lukecheeseman
Date: Fri Aug 17 05:55:05 2018
New Revision: 340019
URL: http://llvm.org/viewvc/llvm-project?rev=340019&view=rev
Log:
[AArch64] - return address signing
- Add a command line options -msign-return-address to enable return address
signing
- Armv8.3a added instructions to sign the return address to help mitigate
against ROP attacks
- This patch adds command line options to generate function attributes that
signal to the back whether return address signing instructions should be
added
Differential revision: https://reviews.llvm.org/D49793
Added:
cfe/trunk/test/CodeGen/aarch64-sign-return-address.c
Modified:
cfe/trunk/include/clang/Driver/Options.td
cfe/trunk/include/clang/Frontend/CodeGenOptions.def
cfe/trunk/include/clang/Frontend/CodeGenOptions.h
cfe/trunk/lib/CodeGen/TargetInfo.cpp
cfe/trunk/lib/Driver/ToolChains/Clang.cpp
cfe/trunk/lib/Frontend/CompilerInvocation.cpp
Modified: cfe/trunk/include/clang/Driver/Options.td
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Driver/Options.td?rev=340019&r1=340018&r2=340019&view=diff
==============================================================================
--- cfe/trunk/include/clang/Driver/Options.td (original)
+++ cfe/trunk/include/clang/Driver/Options.td Fri Aug 17 05:55:05 2018
@@ -2030,6 +2030,10 @@ def ffixed_x18 : Flag<["-"], "ffixed-x18
def ffixed_x20 : Flag<["-"], "ffixed-x20">, Group<m_aarch64_Features_Group>,
HelpText<"Reserve the x20 register (AArch64 only)">;
+def msign_return_address : Joined<["-"], "msign-return-address=">,
+ Flags<[CC1Option]>, Group<m_Group>,
+ HelpText<"Select return address signing scope">, Values<"none,all,non-leaf">;
+
def msimd128 : Flag<["-"], "msimd128">, Group<m_wasm_Features_Group>;
def mno_simd128 : Flag<["-"], "mno-simd128">, Group<m_wasm_Features_Group>;
def mnontrapping_fptoint : Flag<["-"], "mnontrapping-fptoint">, Group<m_wasm_Features_Group>;
Modified: cfe/trunk/include/clang/Frontend/CodeGenOptions.def
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Frontend/CodeGenOptions.def?rev=340019&r1=340018&r2=340019&view=diff
==============================================================================
--- cfe/trunk/include/clang/Frontend/CodeGenOptions.def (original)
+++ cfe/trunk/include/clang/Frontend/CodeGenOptions.def Fri Aug 17 05:55:05 2018
@@ -339,6 +339,7 @@ CODEGENOPT(ForceEmitVTables, 1, 0)
/// Whether to emit an address-significance table into the object file.
CODEGENOPT(Addrsig, 1, 0)
+ENUM_CODEGENOPT(SignReturnAddress, SignReturnAddressScope, 2, None)
#undef CODEGENOPT
#undef ENUM_CODEGENOPT
Modified: cfe/trunk/include/clang/Frontend/CodeGenOptions.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Frontend/CodeGenOptions.h?rev=340019&r1=340018&r2=340019&view=diff
==============================================================================
--- cfe/trunk/include/clang/Frontend/CodeGenOptions.h (original)
+++ cfe/trunk/include/clang/Frontend/CodeGenOptions.h Fri Aug 17 05:55:05 2018
@@ -108,6 +108,12 @@ public:
Embed_Marker // Embed a marker as a placeholder for bitcode.
};
+ enum SignReturnAddressScope {
+ None, // No signing for any function
+ NonLeaf, // Sign the return address of functions that spill LR
+ All // Sign the return address of all functions
+ };
+
/// The code model to use (-mcmodel).
std::string CodeModel;
Modified: cfe/trunk/lib/CodeGen/TargetInfo.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/TargetInfo.cpp?rev=340019&r1=340018&r2=340019&view=diff
==============================================================================
--- cfe/trunk/lib/CodeGen/TargetInfo.cpp (original)
+++ cfe/trunk/lib/CodeGen/TargetInfo.cpp Fri Aug 17 05:55:05 2018
@@ -4969,6 +4969,23 @@ public:
}
bool doesReturnSlotInterfereWithArgs() const override { return false; }
+
+ void setTargetAttributes(const Decl *D, llvm::GlobalValue *GV,
+ CodeGen::CodeGenModule &CGM) const override {
+ const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(D);
+ if (!FD)
+ return;
+ llvm::Function *Fn = cast<llvm::Function>(GV);
+
+ auto Kind = CGM.getCodeGenOpts().getSignReturnAddress();
+ if (Kind == CodeGenOptions::SignReturnAddressScope::None)
+ return;
+
+ Fn->addFnAttr("sign-return-address",
+ Kind == CodeGenOptions::SignReturnAddressScope::All
+ ? "all"
+ : "non-leaf");
+ }
};
class WindowsAArch64TargetCodeGenInfo : public AArch64TargetCodeGenInfo {
Modified: cfe/trunk/lib/Driver/ToolChains/Clang.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Driver/ToolChains/Clang.cpp?rev=340019&r1=340018&r2=340019&view=diff
==============================================================================
--- cfe/trunk/lib/Driver/ToolChains/Clang.cpp (original)
+++ cfe/trunk/lib/Driver/ToolChains/Clang.cpp Fri Aug 17 05:55:05 2018
@@ -1455,6 +1455,11 @@ void Clang::AddAArch64TargetArgs(const A
else
CmdArgs.push_back("-aarch64-enable-global-merge=true");
}
+
+ if (Arg *A = Args.getLastArg(options::OPT_msign_return_address)) {
+ CmdArgs.push_back(
+ Args.MakeArgString(Twine("-msign-return-address=") + A->getValue()));
+ }
}
void Clang::AddMIPSTargetArgs(const ArgList &Args,
Modified: cfe/trunk/lib/Frontend/CompilerInvocation.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Frontend/CompilerInvocation.cpp?rev=340019&r1=340018&r2=340019&view=diff
==============================================================================
--- cfe/trunk/lib/Frontend/CompilerInvocation.cpp (original)
+++ cfe/trunk/lib/Frontend/CompilerInvocation.cpp Fri Aug 17 05:55:05 2018
@@ -1125,6 +1125,20 @@ static bool ParseCodeGenArgs(CodeGenOpti
Opts.Addrsig = Args.hasArg(OPT_faddrsig);
+ if (Arg *A = Args.getLastArg(OPT_msign_return_address)) {
+ StringRef SignScope = A->getValue();
+ if (SignScope.equals_lower("none"))
+ Opts.setSignReturnAddress(CodeGenOptions::SignReturnAddressScope::None);
+ else if (SignScope.equals_lower("all"))
+ Opts.setSignReturnAddress(CodeGenOptions::SignReturnAddressScope::All);
+ else if (SignScope.equals_lower("non-leaf"))
+ Opts.setSignReturnAddress(
+ CodeGenOptions::SignReturnAddressScope::NonLeaf);
+ else
+ Diags.Report(diag::err_drv_invalid_value)
+ << A->getAsString(Args) << A->getValue();
+ }
+
return Success;
}
Added: cfe/trunk/test/CodeGen/aarch64-sign-return-address.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGen/aarch64-sign-return-address.c?rev=340019&view=auto
==============================================================================
--- cfe/trunk/test/CodeGen/aarch64-sign-return-address.c (added)
+++ cfe/trunk/test/CodeGen/aarch64-sign-return-address.c Fri Aug 17 05:55:05 2018
@@ -0,0 +1,14 @@
+// RUN: %clang -target aarch64-arm-none-eabi -S -emit-llvm -o - -msign-return-address=none %s | FileCheck %s --check-prefix=CHECK-NONE
+// RUN: %clang -target aarch64-arm-none-eabi -S -emit-llvm -o - -msign-return-address=non-leaf %s | FileCheck %s --check-prefix=CHECK-PARTIAL
+// RUN: %clang -target aarch64-arm-none-eabi -S -emit-llvm -o - -msign-return-address=all %s | FileCheck %s --check-prefix=CHECK-ALL
+
+// CHECK-NONE: @foo() #[[ATTR:[0-9]*]]
+// CHECK-NONE-NOT: attributes #[[ATTR]] = { {{.*}} "sign-return-address"={{.*}} }}
+
+// CHECK-PARTIAL: @foo() #[[ATTR:[0-9]*]]
+// CHECK-PARTIAL: attributes #[[ATTR]] = { {{.*}} "sign-return-address"="non-leaf" {{.*}}}
+
+// CHECK-ALL: @foo() #[[ATTR:[0-9]*]]
+// CHECK-ALL: attributes #[[ATTR]] = { {{.*}} "sign-return-address"="all" {{.*}} }
+
+void foo() {}
More information about the cfe-commits
mailing list