[PATCH] D87320: [X86] Check if call is indirect before emitting NT_CALL
Joao Moreira via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Sep 8 11:59:13 PDT 2020
joaomoreira created this revision.
joaomoreira added reviewers: craig.topper, erichkeane, xiangzhangllvm, RKSimon, oren_ben_simhon.
Herald added subscribers: llvm-commits, hiraditya.
Herald added a project: LLVM.
joaomoreira requested review of this revision.
The notrack prefix is a relaxation of CET policies which makes it possible to indirectly call targets which do not have an ENDBR instruction in the landing address. To emit a call with this prefix, the special attribute "nocf_check" is used. When used as a function attribute, a CallInst targeting the respective function will return true for the method "doesNoCfCheck()", no matter if it is a direct call (and such should remain like this, as the information that the to-be-called function won't perform control-flow checks is useful in other contexts). Yet, when emitting an X86ISD::NT_CALL, the respective CallInst should be verified for its indirection, allowing that the prefixed calls are only emitted in the right situations.
To reproduce the bug, compile the following using the -fcf-protection=full flag.
int __attribute__((nocf_check)) foo(int a) {};
int main() {
foo(42);
}
https://reviews.llvm.org/D87320
Files:
llvm/lib/Target/X86/X86ISelLowering.cpp
Index: llvm/lib/Target/X86/X86ISelLowering.cpp
===================================================================
--- llvm/lib/Target/X86/X86ISelLowering.cpp
+++ llvm/lib/Target/X86/X86ISelLowering.cpp
@@ -3854,6 +3854,7 @@
const auto *II = dyn_cast_or_null<InvokeInst>(CLI.CB);
bool HasNoCfCheck =
(CI && CI->doesNoCfCheck()) || (II && II->doesNoCfCheck());
+ bool IsIndirectCall = (CI && CI->isIndirectCall());
const Module *M = MF.getMMI().getModule();
Metadata *IsCFProtectionSupported = M->getModuleFlag("cf-protection-branch");
@@ -4336,7 +4337,7 @@
return Ret;
}
- if (HasNoCfCheck && IsCFProtectionSupported) {
+ if (HasNoCfCheck && IsCFProtectionSupported && IsIndirectCall) {
Chain = DAG.getNode(X86ISD::NT_CALL, dl, NodeTys, Ops);
} else {
Chain = DAG.getNode(X86ISD::CALL, dl, NodeTys, Ops);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D87320.290557.patch
Type: text/x-patch
Size: 851 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20200908/6a278c4e/attachment.bin>
More information about the llvm-commits
mailing list