[llvm] d938ec4 - [AArch64] Avoid incompatibility between SLSBLR mitigation and BTI codegen.

Kristof Beyls via llvm-commits llvm-commits at lists.llvm.org
Thu Jun 18 22:26:59 PDT 2020 

Author: Kristof Beyls
Date: 2020-06-19T06:21:54+01:00
New Revision: d938ec4509c47d461377527fc2877ae14b91275c

URL: https://github.com/llvm/llvm-project/commit/d938ec4509c47d461377527fc2877ae14b91275c
DIFF: https://github.com/llvm/llvm-project/commit/d938ec4509c47d461377527fc2877ae14b91275c.diff

LOG: [AArch64] Avoid incompatibility between SLSBLR mitigation and BTI codegen.

A "BTI c" instruction only allows jumping/calling to using a BLR* instruction.
However, the SLSBLR mitigation changes a BLR to a BR to implement the
function call. Therefore, a "BTI c" check that passed before could
trigger after the BLR->BL change done by the SLSBLR mitigation.
However, if the register used in BR is X16 or X17, this trigger will not
fire (see ArmARM for further details).

Therefore, this patch simply changes the function stubs for the SLSBLR
mitigation from
__llvm_slsblr_thunk_x<N>:
    br x<N>
    SpeculationBarrier
to
__llvm_slsblr_thunk_x<N>:
    mov x16, x<N>
    br  x16
    SpeculationBarrier

Differential Revision: https://reviews.llvm.org/D81405

Added: 
    

Modified: 
    llvm/lib/Target/AArch64/AArch64SLSHardening.cpp
    llvm/test/CodeGen/AArch64/speculation-hardening-sls.ll

Removed: 
    


################################################################################
diff  --git a/llvm/lib/Target/AArch64/AArch64SLSHardening.cpp b/llvm/lib/Target/AArch64/AArch64SLSHardening.cpp
index 9d225fa89fa4..0baf22a51c92 100644
--- a/llvm/lib/Target/AArch64/AArch64SLSHardening.cpp
+++ b/llvm/lib/Target/AArch64/AArch64SLSHardening.cpp
@@ -223,7 +223,12 @@ void SLSBLRThunkInserter::populateThunk(MachineFunction &MF) {
   //      BR xN
   //      barrierInsts
   Entry->addLiveIn(ThunkReg);
-  BuildMI(Entry, DebugLoc(), TII->get(AArch64::BR)).addReg(ThunkReg);
+  // MOV X16, ThunkReg == ORR X16, XZR, ThunkReg, LSL #0
+  BuildMI(Entry, DebugLoc(), TII->get(AArch64::ORRXrs), AArch64::X16)
+      .addReg(AArch64::XZR)
+      .addReg(ThunkReg)
+      .addImm(0);
+  BuildMI(Entry, DebugLoc(), TII->get(AArch64::BR)).addReg(AArch64::X16);
   // Make sure the thunks do not make use of the SB extension in case there is
   // a function somewhere that will call to it that for some reason disabled
   // the SB extension locally on that function, even though it's enabled for

diff  --git a/llvm/test/CodeGen/AArch64/speculation-hardening-sls.ll b/llvm/test/CodeGen/AArch64/speculation-hardening-sls.ll
index b7ea875dc661..90d27830134a 100644
--- a/llvm/test/CodeGen/AArch64/speculation-hardening-sls.ll
+++ b/llvm/test/CodeGen/AArch64/speculation-hardening-sls.ll
@@ -203,14 +203,16 @@ entry:
 }
 
 ; HARDEN-label: __llvm_slsblr_thunk_x0:
-; HARDEN:    br x0
+; HARDEN:    mov x16, x0
+; HARDEN:    br x16
 ; ISBDSB-NEXT: dsb sy
 ; ISBDSB-NEXT: isb
 ; SB-NEXT:     dsb sy
 ; SB-NEXT:     isb
 ; HARDEN-NEXT: .Lfunc_end
 ; HARDEN-label: __llvm_slsblr_thunk_x19:
-; HARDEN:    br x19
+; HARDEN:    mov x16, x19
+; HARDEN:    br x16
 ; ISBDSB-NEXT: dsb sy
 ; ISBDSB-NEXT: isb
 ; SB-NEXT:     dsb sy

More information about the llvm-commits mailing list