[llvm-branch-commits] [llvm] [AArch64][PAC] Support BLRA* instructions in SLS Hardening pass (PR #97605)
Kristof Beyls via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Fri Jul 5 02:13:54 PDT 2024
================
@@ -221,13 +339,19 @@ void SLSHardeningInserter::populateThunk(MachineFunction &MF) {
// __llvm_slsblr_thunk_xN:
// BR xN
// barrierInsts
----------------
kbeyls wrote:
As part of reviewing this, I was wondering why the actual thunk content is
```
// __llvm_slsblr_thunk_{aa|ab|aaz|abz|}_xN_{xM}:
// MOV X16, Xn
// BR X16 | BRA{A|B} X16, Xm | BRA{A|B}Z X16
// barrierInsts
```
I had to use git blame to remind myself of why I changed this about 4 years ago,
pointing to this commit: https://github.com/llvm/llvm-project/commit/d938ec4509c47d461377527fc2877ae14b91275c
I think it would be useful to add an explanation similar to the one on that commit message
to the comment here to explain why the `mov X16, Xn` is needed, as
it is non-trivial. The explanation on the original commit message is:
```
A "BTI c" instruction only allows jumping/calling to using a BLR* instruction.
However, the SLSBLR mitigation changes a BLR to a BR to implement the
function call. Therefore, a "BTI c" check that passed before could
trigger after the BLR->BR change done by the SLSBLR mitigation.
However, if the register used in BR is X16 or X17, this trigger will not
fire (see ArmARM for further details).
```
https://github.com/llvm/llvm-project/pull/97605
More information about the llvm-branch-commits
mailing list