[PATCH] D69097: [AArch64][MachineOutliner] Return address signing for outlined functions
Oliver Stannard (Linaro) via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Fri Nov 1 09:10:48 PDT 2019
ostannard added a comment.
I've reverted this (rGa3f474542 <https://reviews.llvm.org/rGa3f4745428814d71dec66f83ee3431abd962a3e8>) because it is causing failures when an instruction which modifies SP gets outlined. here's a reproducer:
int *volatile v;
void foo() {
int a;
v = &a;
v = &a;
v = &a;
v = &a;
v = &a;
v = &a;
v = &a;
}
void bar() {
int a;
v = &a;
v = &a;
v = &a;
v = &a;
v = &a;
v = &a;
v = &a;
}
Which gets compiled to:
$ /work/llvm/build/bin/clang --target=aarch64--none-eabi -march=armv8.3-a -c test2.c -o - -S -Oz -mbranch-protection=pac-ret+leaf
.text
.file "test2.c"
.globl foo // -- Begin function foo
.p2align 2
.type foo, at function
foo: // @foo
// %bb.0: // %entry
paciasp
sub sp, sp, #16 // =16
mov x0, x30
bl OUTLINED_FUNCTION_0
mov x30, x0
retaa
.Lfunc_end0:
.size foo, .Lfunc_end0-foo
// -- End function
.globl bar // -- Begin function bar
.p2align 2
.type bar, at function
bar: // @bar
// %bb.0: // %entry
paciasp
sub sp, sp, #16 // =16
mov x0, x30
bl OUTLINED_FUNCTION_0
mov x30, x0
retaa
.Lfunc_end1:
.size bar, .Lfunc_end1-bar
// -- End function
.p2align 2 // -- Begin function OUTLINED_FUNCTION_0
.type OUTLINED_FUNCTION_0, at function
OUTLINED_FUNCTION_0: // @OUTLINED_FUNCTION_0
.cfi_sections .debug_frame
.cfi_startproc
// %bb.0:
paciasp
.cfi_negate_ra_state
adrp x8, v
add x9, sp, #12 // =12
str x9, [x8, :lo12:v]
str x9, [x8, :lo12:v]
str x9, [x8, :lo12:v]
str x9, [x8, :lo12:v]
str x9, [x8, :lo12:v]
str x9, [x8, :lo12:v]
str x9, [x8, :lo12:v]
add sp, sp, #16 // =16
retaa
.Lfunc_end2:
.size OUTLINED_FUNCTION_0, .Lfunc_end2-OUTLINED_FUNCTION_0
.cfi_endproc
// -- End function
.type v, at object // @v
.comm v,8,8
.ident "clang version 10.0.0 (https://github.com/llvm/llvm-project.git 7849862f46933306454342b0e8ee05e4e6806646)"
.section ".note.GNU-stack","", at progbits
.addrsig
.addrsig_sym v
The problem is the instruction `add sp, sp, #16` in `OUTLINED_FUNCTION_0`. This causes `SP` to have a different value for the `paciasp` and `retaa` instructions, so the signature does not match, and the return causes a fault.
I think we need some additional checks to avoid outlining anything which modifies SP when doing return address signing (though it would be valid to outline a balanced sub/add pair).
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D69097/new/
https://reviews.llvm.org/D69097
More information about the llvm-commits
mailing list