[PATCH] D143235: [AArch64] Avoid lowering setjmp call to CALL_BTI if harden-sls-blr is enabled

Pengxuan Zheng via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Thu Feb 2 17:10:30 PST 2023 

pzheng created this revision.
pzheng added reviewers: DavidSpickett, danielkiss, stuij, kristof.beyls.
Herald added a subscriber: hiraditya.
Herald added a project: All.
pzheng requested review of this revision.
Herald added a project: LLVM.
Herald added a subscriber: llvm-commits.

Commit c3b9819 <https://reviews.llvm.org/rGc3b98194df5572bc9b33024b48457538a7213b4c> enabled inserting "bti j" after call to setjmp through lowering
setjmp calls to AArch64ISD::CALL_BTI which is later pattern matched to pseudo
instruction BLR_BTI. However, the lowering to BLR_BTI is infeasible if SLS BLR
mitigation (harden-sls-blr) is enabled because the pattern
`Requires<[NoSLSBLRMitigation]>`. Therefore, when harden-sls-blr is enabled,
ISel crashes due to the "can not select AArch64ISD::CALL_BTI" error. This patch
fixes this corner case by avoiding lowering setjmp call to CLL_BTI if
harden-sls-blr is enabled.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D143235

Files:
  llvm/lib/Target/AArch64/AArch64FastISel.cpp
  llvm/lib/Target/AArch64/AArch64ISelLowering.cpp
  llvm/lib/Target/AArch64/GISel/AArch64CallLowering.cpp
  llvm/test/CodeGen/AArch64/setjmp-bti.ll


Index: llvm/test/CodeGen/AArch64/setjmp-bti.ll
===================================================================
--- llvm/test/CodeGen/AArch64/setjmp-bti.ll
+++ llvm/test/CodeGen/AArch64/setjmp-bti.ll
@@ -7,6 +7,12 @@
 ; RUN: FileCheck %s --check-prefix=NOBTI
 ; RUN: llc -mtriple=aarch64-none-linux-gnu -fast-isel -mattr=+no-bti-at-return-twice < %s | \
 ; RUN: FileCheck %s --check-prefix=NOBTI
+; RUN: llc -mtriple=aarch64-none-linux-gnu -mattr=+harden-sls-blr < %s | \
+; RUN: FileCheck %s --check-prefix=SLS
+; RUN: llc -mtriple=aarch64-none-linux-gnu -global-isel -mattr=+harden-sls-blr < %s | \
+; RUN: FileCheck %s --check-prefix=SLS
+; RUN: llc -mtriple=aarch64-none-linux-gnu -fast-isel -mattr=+harden-sls-blr < %s | \
+; RUN: FileCheck %s --check-prefix=SLS
 
 ; C source
 ; --------
@@ -36,6 +42,14 @@
 ; NOBTI-NOT: hint #36
 ; NOBTI:     bl notsetjmp
 ; NOBTI-NOT: hint #36
+
+; SLS-LABEL: bbb:
+; SLS:     bl setjmp
+; SLS-NOT: hint #36
+; SLS:     bl __llvm_slsblr_thunk_x{{[0-9]+}}
+; SLS-NOT: hint #36
+; SLS:     bl notsetjmp
+; SLS-NOT: hint #36
 entry:
   %fnptr = alloca ptr, align 8
   %call = call i32 @setjmp(ptr noundef null) #0
Index: llvm/lib/Target/AArch64/GISel/AArch64CallLowering.cpp
===================================================================
--- llvm/lib/Target/AArch64/GISel/AArch64CallLowering.cpp
+++ llvm/lib/Target/AArch64/GISel/AArch64CallLowering.cpp
@@ -1178,7 +1178,7 @@
   // instruction.
   else if (Info.CB &&
            Info.CB->getAttributes().hasFnAttr(Attribute::ReturnsTwice) &&
-           !Subtarget.noBTIAtReturnTwice() &&
+           !Subtarget.noBTIAtReturnTwice() && !Subtarget.hardenSlsBlr() &&
            MF.getInfo<AArch64FunctionInfo>()->branchTargetEnforcement())
     Opc = AArch64::BLR_BTI;
   else
Index: llvm/lib/Target/AArch64/AArch64ISelLowering.cpp
===================================================================
--- llvm/lib/Target/AArch64/AArch64ISelLowering.cpp
+++ llvm/lib/Target/AArch64/AArch64ISelLowering.cpp
@@ -7675,7 +7675,7 @@
     Function *ARCFn = *objcarc::getAttachedARCFunction(CLI.CB);
     auto GA = DAG.getTargetGlobalAddress(ARCFn, DL, PtrVT);
     Ops.insert(Ops.begin() + 1, GA);
-  } else if (GuardWithBTI)
+  } else if (GuardWithBTI && !Subtarget->hardenSlsBlr())
     CallOpc = AArch64ISD::CALL_BTI;
 
   // Returns a chain and a flag for retval copy to use.
Index: llvm/lib/Target/AArch64/AArch64FastISel.cpp
===================================================================
--- llvm/lib/Target/AArch64/AArch64FastISel.cpp
+++ llvm/lib/Target/AArch64/AArch64FastISel.cpp
@@ -3154,7 +3154,7 @@
   // Allow SelectionDAG isel to handle calls to functions like setjmp that need
   // a bti instruction following the call.
   if (CLI.CB && CLI.CB->hasFnAttr(Attribute::ReturnsTwice) &&
-      !Subtarget->noBTIAtReturnTwice() &&
+      !Subtarget->noBTIAtReturnTwice() && !Subtarget->hardenSlsBlr() &&
       MF->getInfo<AArch64FunctionInfo>()->branchTargetEnforcement())
     return false;
 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D143235.494478.patch
Type: text/x-patch
Size: 3001 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20230203/2a13a1ac/attachment.bin>

More information about the llvm-commits mailing list