[llvm] dfcf697 - [X86] Fix fentry handling in X86IndirectBranchTracking.cpp
Phoebe Wang via llvm-commits
llvm-commits at lists.llvm.org
Mon Dec 6 20:10:11 PST 2021
Author: Joao Moreira
Date: 2021-12-07T12:10:03+08:00
New Revision: dfcf69770bc522b9e411c66454934a37c1f35332
URL: https://github.com/llvm/llvm-project/commit/dfcf69770bc522b9e411c66454934a37c1f35332
DIFF: https://github.com/llvm/llvm-project/commit/dfcf69770bc522b9e411c66454934a37c1f35332.diff
LOG: [X86] Fix fentry handling in X86IndirectBranchTracking.cpp
When compiling with indirect branch tracking and fentry (-fcf-protection=branch -mfentry -pg) the X86IndirectBranchTrackingPass will attempt to place endbr in basic blocks, checking for Calls/IsCallReturnTwice. For calling the function IsCallReturnTwice(), the pass attempts to retrieve the first operand of the respective machine instruction. Since FENTRY_CALL is considered a call, and it does not have any argument, the condition inside the pass will attempt to call IsCallReturnTwice on the machine instruction, but since it does not have operands, it will lead into a crash.
Kudos to Alyssa Milburn for helping in the issue triage. The diff brings a test, but to reproduce the problem, follow the steps below.
```
echo "int main() {};" > repro.c
clang repro.c -fcf-protection=branch -mfentry -pg
```
Reviewed By: craig.topper
Differential Revision: https://reviews.llvm.org/D111108
Added:
llvm/test/CodeGen/X86/fentry-ibt.ll
Modified:
llvm/lib/Target/X86/X86IndirectBranchTracking.cpp
Removed:
################################################################################
diff --git a/llvm/lib/Target/X86/X86IndirectBranchTracking.cpp b/llvm/lib/Target/X86/X86IndirectBranchTracking.cpp
index 732b2b1a5ada6..6642f46e64b2f 100644
--- a/llvm/lib/Target/X86/X86IndirectBranchTracking.cpp
+++ b/llvm/lib/Target/X86/X86IndirectBranchTracking.cpp
@@ -137,8 +137,10 @@ bool X86IndirectBranchTrackingPass::runOnMachineFunction(MachineFunction &MF) {
Changed |= addENDBR(MBB, MBB.begin());
for (MachineBasicBlock::iterator I = MBB.begin(); I != MBB.end(); ++I) {
- if (I->isCall() && IsCallReturnTwice(I->getOperand(0)))
+ if (I->isCall() && I->getNumOperands() > 0 &&
+ IsCallReturnTwice(I->getOperand(0))) {
Changed |= addENDBR(MBB, std::next(I));
+ }
}
// Exception handle may indirectly jump to catch pad, So we should add
diff --git a/llvm/test/CodeGen/X86/fentry-ibt.ll b/llvm/test/CodeGen/X86/fentry-ibt.ll
new file mode 100644
index 0000000000000..8285f4dfa8dc6
--- /dev/null
+++ b/llvm/test/CodeGen/X86/fentry-ibt.ll
@@ -0,0 +1,17 @@
+; RUN: llc %s -o - -verify-machineinstrs | FileCheck %s
+
+define void @test1() #0 {
+entry:
+ ret void
+
+; CHECK-LABEL: @test1
+; CHECK: endbr64
+; CHECK: callq __fentry__
+; CHECK-NOT: mcount
+; CHECK: retq
+}
+
+!llvm.module.flags = !{!0}
+
+attributes #0 = { "fentry-call"="true" }
+!0 = !{i32 4, !"cf-protection-branch", i32 1}
More information about the llvm-commits
mailing list