[clang] [clang] Wire -fptrauth-returns to "ptrauth-returns" fn attribute. (PR #102416)
Ahmed Bougacha via cfe-commits
cfe-commits at lists.llvm.org
Fri Aug 9 11:22:16 PDT 2024
https://github.com/ahmedbougacha updated https://github.com/llvm/llvm-project/pull/102416
>From 41061b347b7d0fa862f65896d4fc155cb0b791ba Mon Sep 17 00:00:00 2001
From: Ahmed Bougacha <ahmed at bougacha.org>
Date: Fri, 24 May 2024 20:24:26 -0700
Subject: [PATCH 1/2] [clang] Wire -fptrauth-returns to "ptrauth-returns" fn
attribute.
We already ended up with -fptrauth-returns, the feature macro, the lang
opt, and the actual backend lowering.
The only part left is threading it all through PointerAuthOptions, to
drive the addition of the "ptrauth-returns" attribute to generated
functions.
This also adds ptrauth_key_return_address to ptrauth.h.
---
clang/include/clang/Basic/PointerAuthOptions.h | 3 +++
clang/lib/CodeGen/CodeGenFunction.cpp | 2 ++
clang/lib/Frontend/CompilerInvocation.cpp | 4 +++-
clang/lib/Headers/ptrauth.h | 6 ++++++
4 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/clang/include/clang/Basic/PointerAuthOptions.h b/clang/include/clang/Basic/PointerAuthOptions.h
index 8f63cf2ad2bf27..a847bf4a4b4f6d 100644
--- a/clang/include/clang/Basic/PointerAuthOptions.h
+++ b/clang/include/clang/Basic/PointerAuthOptions.h
@@ -163,6 +163,9 @@ class PointerAuthSchema {
};
struct PointerAuthOptions {
+ /// Should return addresses be authenticated?
+ bool ReturnAddresses = false;
+
/// Do indirect goto label addresses need to be authenticated?
bool IndirectGotos = false;
diff --git a/clang/lib/CodeGen/CodeGenFunction.cpp b/clang/lib/CodeGen/CodeGenFunction.cpp
index af201554898f31..4dc57d0ff5b269 100644
--- a/clang/lib/CodeGen/CodeGenFunction.cpp
+++ b/clang/lib/CodeGen/CodeGenFunction.cpp
@@ -880,6 +880,8 @@ void CodeGenFunction::StartFunction(GlobalDecl GD, QualType RetTy,
// Add pointer authentication attributes.
const CodeGenOptions &CodeGenOpts = CGM.getCodeGenOpts();
+ if (CodeGenOpts.PointerAuth.ReturnAddresses)
+ Fn->addFnAttr("ptrauth-returns");
if (CodeGenOpts.PointerAuth.FunctionPointers)
Fn->addFnAttr("ptrauth-calls");
if (CodeGenOpts.PointerAuth.IndirectGotos)
diff --git a/clang/lib/Frontend/CompilerInvocation.cpp b/clang/lib/Frontend/CompilerInvocation.cpp
index 225bd6416ce5fc..e206cfe4172616 100644
--- a/clang/lib/Frontend/CompilerInvocation.cpp
+++ b/clang/lib/Frontend/CompilerInvocation.cpp
@@ -1511,13 +1511,15 @@ void CompilerInvocation::setDefaultPointerAuthOptions(
}
}
Opts.IndirectGotos = LangOpts.PointerAuthIndirectGotos;
+ Opts.ReturnAddresses = LangOpts.PointerAuthReturns;
}
static void parsePointerAuthOptions(PointerAuthOptions &Opts,
const LangOptions &LangOpts,
const llvm::Triple &Triple,
DiagnosticsEngine &Diags) {
- if (!LangOpts.PointerAuthCalls && !LangOpts.PointerAuthIndirectGotos)
+ if (!LangOpts.PointerAuthCalls && !LangOpts.PointerAuthIndirectGotos &&
+ !LangOpts.PointerAuthReturns)
return;
CompilerInvocation::setDefaultPointerAuthOptions(Opts, LangOpts, Triple);
diff --git a/clang/lib/Headers/ptrauth.h b/clang/lib/Headers/ptrauth.h
index 6cbdccff9a4c16..d489a67c533d41 100644
--- a/clang/lib/Headers/ptrauth.h
+++ b/clang/lib/Headers/ptrauth.h
@@ -28,6 +28,12 @@ typedef enum {
/* A process-specific key which can be used to sign data pointers. */
ptrauth_key_process_dependent_data = ptrauth_key_asdb,
+ /* The key used to sign return addresses on the stack.
+ The extra data is based on the storage address of the return address.
+ On AArch64, that is always the storage address of the return address + 8
+ (or, in other words, the value of the stack pointer on function entry) */
+ ptrauth_key_return_address = ptrauth_key_process_dependent_code,
+
/* The key used to sign C function pointers.
The extra data is always 0. */
ptrauth_key_function_pointer = ptrauth_key_process_independent_code,
>From b60a8bbfae887962b4b040dbe7c5542eedbfb12e Mon Sep 17 00:00:00 2001
From: Ahmed Bougacha <ahmed at bougacha.org>
Date: Fri, 9 Aug 2024 11:21:10 -0700
Subject: [PATCH 2/2] Restore attr codegen test.
I think it was dropped when the -fptrauth-returns flag landed in the
driver only without codegen.
---
clang/test/CodeGen/ptrauth-function-attributes.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/clang/test/CodeGen/ptrauth-function-attributes.c b/clang/test/CodeGen/ptrauth-function-attributes.c
index 6a09cd37bf4854..af73e0130c4e2c 100644
--- a/clang/test/CodeGen/ptrauth-function-attributes.c
+++ b/clang/test/CodeGen/ptrauth-function-attributes.c
@@ -1,9 +1,12 @@
// RUN: %clang_cc1 -triple arm64e-apple-ios -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,OFF
// RUN: %clang_cc1 -triple aarch64-linux-gnu -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,OFF
-// RUN: %clang_cc1 -triple arm64-apple-ios -fptrauth-calls -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,CALLS
+// RUN: %clang_cc1 -triple arm64-apple-ios -fptrauth-calls -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,CALLS
// RUN: %clang_cc1 -triple aarch64-linux-gnu -fptrauth-calls -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,CALLS
+// RUN: %clang_cc1 -triple arm64-apple-ios -fptrauth-returns -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,RETS
+// RUN: %clang_cc1 -triple aarch64-linux-gnu -fptrauth-returns -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,RETS
+
// RUN: %clang_cc1 -triple arm64-apple-ios -fptrauth-indirect-gotos -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,GOTOS
// RUN: %clang_cc1 -triple arm64e-apple-ios -fptrauth-indirect-gotos -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,GOTOS
// RUN: %clang_cc1 -triple aarch64-linux-gnu -fptrauth-indirect-gotos -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,GOTOS
@@ -14,6 +17,8 @@ void test() {
// CALLS: attributes #0 = {{{.*}} "ptrauth-calls" {{.*}}}
+// RETS: attributes #0 = {{{.*}} "ptrauth-returns" {{.*}}}
+
// GOTOS: attributes #0 = {{{.*}} "ptrauth-indirect-gotos" {{.*}}}
// OFF-NOT: attributes {{.*}} "ptrauth-
More information about the cfe-commits
mailing list