[PATCH] D143915: [llvm][AArch64] Fix an interaction of SLS and BTI after a returns twice call
David Spickett via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Mon Feb 13 07:31:31 PST 2023
DavidSpickett created this revision.
Herald added subscribers: hiraditya, kristof.beyls.
Herald added a project: All.
DavidSpickett requested review of this revision.
Herald added a project: LLVM.
Herald added a subscriber: llvm-commits.
This fixes the combination of two things:
- Placing a BTI after calls to a returns twice function like setjmp. This allows the setjmp to return with a br instead of a ret.
- Straight line speculation mitigations that replace BLR with a BL to a thunk that does the mitigation, and then goes to the original target.
Originally I marked AArch64call_bti as requiring that SLS mitigation
be disabled. This caused a crash when you tried to codegen with both.
Since CALL_BTI tried to match with AArch64call_bti but could not.
This change does 2 things:
- Follow the pattern set by AArch64call and add 2 patterns for AArch64call_bti. One with no IP (interprocedural) registers, and one with. For SLS mitigation off and on respectively.
- Modify the sls hardening pass to iterate through bundled instructions, as the AArch64 KCFI pass does.
Since there is a 1:1 replacement of the BLR with a BL,
the bundle remains intact. This is checked with an MIR test.
The ir -> asm testing is updated to add runs with the sls
mitigation enabled.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D143915
Files:
llvm/lib/Target/AArch64/AArch64InstrInfo.td
llvm/lib/Target/AArch64/AArch64SLSHardening.cpp
llvm/test/CodeGen/AArch64/setjmp-bti.ll
llvm/test/CodeGen/AArch64/speculation-hardening-sls-blr-bti.mir
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D143915.496978.patch
Type: text/x-patch
Size: 6926 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20230213/0515a4f9/attachment.bin>
More information about the llvm-commits
mailing list