[PATCH] D134931: AArch64: Don't use RETA[AB] when ShadowCallStack is enabled.

Peter Collingbourne via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Thu Sep 29 18:31:34 PDT 2022 

pcc created this revision.
pcc added a reviewer: danielkiss.
Herald added subscribers: hiraditya, kristof.beyls.
Herald added a project: All.
pcc requested review of this revision.
Herald added a project: LLVM.

When returning from a function with both SCS and PAC-RET enabled, we need to
authenticate the return address from the stack and then load from the SCS,
but this was happening in the reverse order when RETA[AB] were being used.
Fix it by disabling the use of RETA[AB] when SCS is enabled.

Fixes pr58072.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D134931

Files:
  llvm/lib/Target/AArch64/AArch64FrameLowering.cpp
  llvm/test/CodeGen/AArch64/sign-return-address.ll


Index: llvm/test/CodeGen/AArch64/sign-return-address.ll
===================================================================
--- llvm/test/CodeGen/AArch64/sign-return-address.ll
+++ llvm/test/CodeGen/AArch64/sign-return-address.ll
@@ -79,6 +79,13 @@
   ret i32 %call
 }
 
+; CHECK-LABEL: @non_leaf_scs
+; CHECK-NOT:   retaa
+define i32 @non_leaf_scs(i32 %x) "sign-return-address"="non-leaf" shadowcallstack "target-features"="+v8.3a,+reserve-x18"  {
+  %call = call i32 @foo(i32 %x)
+  ret i32 %call
+}
+
 ; CHECK-LABEL: @leaf_sign_all_v83
 ; CHECK:        pacia x30, sp
 ; CHECK-NEXT:  .cfi_negate_ra_state
Index: llvm/lib/Target/AArch64/AArch64FrameLowering.cpp
===================================================================
--- llvm/lib/Target/AArch64/AArch64FrameLowering.cpp
+++ llvm/lib/Target/AArch64/AArch64FrameLowering.cpp
@@ -1864,8 +1864,9 @@
   // From v8.3a onwards there are optimised authenticate LR and return
   // instructions, namely RETA{A,B}, that can be used instead. In this case the
   // DW_CFA_AARCH64_negate_ra_state can't be emitted.
-  if (Subtarget.hasPAuth() && MBBI != MBB.end() &&
-      MBBI->getOpcode() == AArch64::RET_ReallyLR) {
+  if (Subtarget.hasPAuth() &&
+      !MF.getFunction().hasFnAttribute(Attribute::ShadowCallStack) &&
+      MBBI != MBB.end() && MBBI->getOpcode() == AArch64::RET_ReallyLR) {
     BuildMI(MBB, MBBI, DL,
             TII->get(MFI.shouldSignWithBKey() ? AArch64::RETAB : AArch64::RETAA))
         .copyImplicitOps(*MBBI);


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D134931.464122.patch
Type: text/x-patch
Size: 1493 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20220930/2497965c/attachment.bin>

More information about the llvm-commits mailing list