[PATCH] D129016: [PowerPC] implemented @llvm.ppc.kill.canary to corrupt stack guard
Paul Scoropan via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Jul 19 09:37:21 PDT 2022
pscoro updated this revision to Diff 445853.
pscoro added a comment.
formatted comments
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D129016/new/
https://reviews.llvm.org/D129016
Files:
llvm/lib/Target/PowerPC/PPCISelLowering.cpp
Index: llvm/lib/Target/PowerPC/PPCISelLowering.cpp
===================================================================
--- llvm/lib/Target/PowerPC/PPCISelLowering.cpp
+++ llvm/lib/Target/PowerPC/PPCISelLowering.cpp
@@ -10699,12 +10699,12 @@
MachineFunction &MF = DAG.getMachineFunction();
const Module *M = MF.getMMI().getModule();
- /* If SafeStack or !StackProtector, kill_canary not supported */
+ // If SafeStack or !StackProtector, kill_canary is not supported.
if (MF.getFunction().hasFnAttribute(Attribute::SafeStack) ||
!MF.getFunction().hasStackProtectorFnAttr()) {
DAG.ReplaceAllUsesOfValueWith(
SDValue(Op.getNode(), 0),
- Op->getOperand(0)); // prepare node for deletion
+ Op->getOperand(0));
break;
}
@@ -10713,44 +10713,39 @@
SDValue Load;
SDValue Store;
- const uint64_t XORWord =
- 0xFFFFFFFFFFFFFFFF; // XORing with 0b111...111 will never
- // result in the original word
+ // The new stored canary word should never be the same as the canary word
+ // before corruption, so we XOR the canary word with all 1 bits.
+ const uint64_t XORWord = 0xFFFFFFFFFFFFFFFF;
- if (useLoadStackGuardNode()) { // linux uses LOAD_STACK_GUARD node instead
- // of having a canary word global value
+ // Linux uses LOAD_STACK_GUARD node instead of a canary global value.
+ if (useLoadStackGuardNode()) {
MachineSDNode *LSG =
DAG.getMachineNode(PPC::LOAD_STACK_GUARD, DL, VT, Op->getOperand(0));
Load = SDValue(LSG, 0);
- /* frame index used to determine stack guard location if
- * LOAD_STACK_GUARD is used */
+ // Frame index used to determine stack guard location if
+ // LOAD_STACK_GUARD is used.
MachineFrameInfo &MFI = MF.getFrameInfo();
- int SPI = MFI.getStackProtectorIndex(); // should return -1
+ int SPI = MFI.getStackProtectorIndex();
PPCFunctionInfo *FuncInfo = MF.getInfo<PPCFunctionInfo>();
SDValue FIN = DAG.getFrameIndex(FuncInfo->getVarArgsFrameIndex(), VT);
- // XOR canary word and store back
Store = DAG.getStore(
Op->getOperand(0), DL,
DAG.getNode(ISD::XOR, DL, VT, Load, DAG.getConstant(XORWord, DL, VT)),
- DAG.getNode( // add frame index, stack protector index, return node
- // result
- ISD::ADD, DL, VT, FIN, DAG.getConstant(SPI, DL, VT)),
+ DAG.getNode(ISD::ADD, DL, VT, FIN, DAG.getConstant(SPI, DL, VT)),
MachinePointerInfo());
- } else if (Value *GV =
- getSDagStackGuard(*M)) { // on aix, load from global value
+ } else if (Value *GV = getSDagStackGuard(*M)) {
+ // AIX load from global value.
VT = DAG.getTargetLoweringInfo().getValueType(DAG.getDataLayout(),
GV->getType(), true);
SDValue CanaryLoc =
DAG.getGlobalAddress(dyn_cast<GlobalValue>(GV), DL, VT);
- // Load from global value
Load = DAG.getLoad(VT, DL, Op->getOperand(0), CanaryLoc,
MachinePointerInfo());
- // XOR canary word and store back
Store = DAG.getStore(
Op->getOperand(0), DL,
DAG.getNode(ISD::XOR, DL, VT, Load, DAG.getConstant(XORWord, DL, VT)),
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D129016.445853.patch
Type: text/x-patch
Size: 3403 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20220719/8331bbb3/attachment.bin>
More information about the llvm-commits
mailing list