[clang] [clang] Implement -fptrauth-auth-traps. (PR #102417)

Ahmed Bougacha via cfe-commits cfe-commits at lists.llvm.org
Wed Aug 7 19:50:08 PDT 2024 

https://github.com/ahmedbougacha created https://github.com/llvm/llvm-project/pull/102417

This provides -fptrauth-auth-traps, which at the frontend level only controls the addition of the "ptrauth-auth-traps" function attribute.  The attribute in turn controls various aspects of backend codegen, by providing the guarantee that every "auth" operation generated will trap on failure.  This can either be delegated to the hardware (if FPAC is known to be available), in which case this attribute doesn't change codegen.  Or, if FPAC isn't available, the backend emits additional instructions to check and trap on auth failure.

>From ab05f9206c9e3b5a29b520a90529b082a9a978d0 Mon Sep 17 00:00:00 2001
From: Ahmed Bougacha <ahmed at bougacha.org>
Date: Fri, 21 Jun 2024 14:54:02 -0700
Subject: [PATCH] [clang] Enable pointer authentication auth-failure traps.

---
 clang/include/clang/Basic/PointerAuthOptions.h   | 3 +++
 clang/lib/CodeGen/CodeGenFunction.cpp            | 2 ++
 clang/lib/Frontend/CompilerInvocation.cpp        | 4 +++-
 clang/test/CodeGen/ptrauth-function-attributes.c | 5 +++++
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/clang/include/clang/Basic/PointerAuthOptions.h b/clang/include/clang/Basic/PointerAuthOptions.h
index 8f63cf2ad2bf2..74caa26b10b1f 100644
--- a/clang/include/clang/Basic/PointerAuthOptions.h
+++ b/clang/include/clang/Basic/PointerAuthOptions.h
@@ -166,6 +166,9 @@ struct PointerAuthOptions {
   /// Do indirect goto label addresses need to be authenticated?
   bool IndirectGotos = false;
 
+  /// Do authentication failures cause a trap?
+  bool AuthTraps = false;
+
   /// The ABI for C function pointers.
   PointerAuthSchema FunctionPointers;
 
diff --git a/clang/lib/CodeGen/CodeGenFunction.cpp b/clang/lib/CodeGen/CodeGenFunction.cpp
index af201554898f3..2b7a03a9a3b90 100644
--- a/clang/lib/CodeGen/CodeGenFunction.cpp
+++ b/clang/lib/CodeGen/CodeGenFunction.cpp
@@ -884,6 +884,8 @@ void CodeGenFunction::StartFunction(GlobalDecl GD, QualType RetTy,
     Fn->addFnAttr("ptrauth-calls");
   if (CodeGenOpts.PointerAuth.IndirectGotos)
     Fn->addFnAttr("ptrauth-indirect-gotos");
+  if (CodeGenOpts.PointerAuth.AuthTraps)
+    Fn->addFnAttr("ptrauth-auth-traps");
 
   // Apply xray attributes to the function (as a string, for now)
   bool AlwaysXRayAttr = false;
diff --git a/clang/lib/Frontend/CompilerInvocation.cpp b/clang/lib/Frontend/CompilerInvocation.cpp
index 225bd6416ce5f..86e24929c6b63 100644
--- a/clang/lib/Frontend/CompilerInvocation.cpp
+++ b/clang/lib/Frontend/CompilerInvocation.cpp
@@ -1511,13 +1511,15 @@ void CompilerInvocation::setDefaultPointerAuthOptions(
     }
   }
   Opts.IndirectGotos = LangOpts.PointerAuthIndirectGotos;
+  Opts.AuthTraps = LangOpts.PointerAuthAuthTraps;
 }
 
 static void parsePointerAuthOptions(PointerAuthOptions &Opts,
                                     const LangOptions &LangOpts,
                                     const llvm::Triple &Triple,
                                     DiagnosticsEngine &Diags) {
-  if (!LangOpts.PointerAuthCalls && !LangOpts.PointerAuthIndirectGotos)
+  if (!LangOpts.PointerAuthCalls && !LangOpts.PointerAuthIndirectGotos &&
+      !LangOpts.PointerAuthAuthTraps)
     return;
 
   CompilerInvocation::setDefaultPointerAuthOptions(Opts, LangOpts, Triple);
diff --git a/clang/test/CodeGen/ptrauth-function-attributes.c b/clang/test/CodeGen/ptrauth-function-attributes.c
index 6a09cd37bf485..b7da5bba887db 100644
--- a/clang/test/CodeGen/ptrauth-function-attributes.c
+++ b/clang/test/CodeGen/ptrauth-function-attributes.c
@@ -8,6 +8,9 @@
 // RUN: %clang_cc1 -triple arm64e-apple-ios  -fptrauth-indirect-gotos -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,GOTOS
 // RUN: %clang_cc1 -triple aarch64-linux-gnu -fptrauth-indirect-gotos -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,GOTOS
 
+// RUN: %clang_cc1 -triple arm64e-apple-ios  -fptrauth-auth-traps -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,TRAPS
+// RUN: %clang_cc1 -triple aarch64-linux-gnu -fptrauth-auth-traps -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,TRAPS
+
 // ALL: define {{(dso_local )?}}void @test() #0
 void test() {
 }
@@ -16,4 +19,6 @@ void test() {
 
 // GOTOS: attributes #0 = {{{.*}} "ptrauth-indirect-gotos" {{.*}}}
 
+// TRAPS: attributes #0 = {{{.*}} "ptrauth-auth-traps" {{.*}}}
+
 // OFF-NOT: attributes {{.*}} "ptrauth-

More information about the cfe-commits mailing list