[llvm-branch-commits] [llvm] [BOLT] Gadget scanner: detect signing oracles (PR #134146)
Kristof Beyls via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Mon Apr 28 10:34:43 PDT 2025
================
@@ -591,7 +591,9 @@ obscure_indirect_call_arg_nocfg:
.globl safe_lr_at_function_entry_nocfg
.type safe_lr_at_function_entry_nocfg, at function
safe_lr_at_function_entry_nocfg:
-// CHECK-NOT: safe_lr_at_function_entry_nocfg
+// Due to state being reset after a label, paciasp is reported as
+// a signing oracle - this is a known false positive, ignore it.
+// CHECK-NOT: non-protected call{{.*}}safe_lr_at_function_entry_nocfg
cbz x0, 1f
ret // LR is safe at the start of the function
1:
----------------
kbeyls wrote:
Thanks, that's useful info to know!
FWIW, my experience on pac-ret is that most code generated by the compiler follows mostly the same very regular structure, so I'm not surprised that you're not getting many false positives on llvm-test-suite.
In my experience with pac-ret scanning, you get most false positives when scanning across a full distribution, on pieces of code that were not generated by a popular compiler, such as hand-written assembly...
https://github.com/llvm/llvm-project/pull/134146
More information about the llvm-branch-commits
mailing list