[llvm] [StackProtector] Clear out stack protector slot (PR #65461)
Bill Wendling via llvm-commits
llvm-commits at lists.llvm.org
Wed Sep 6 03:42:09 PDT 2023
https://github.com/bwendling created https://github.com/llvm/llvm-project/pull/65461:
Don't leave the stack protector guard information on the stack after exiting the function. This helps to prevent information leaking.
>From 0be85da38100d5bef218cbf3dc05901630fe7635 Mon Sep 17 00:00:00 2001
From: Bill Wendling <morbo at google.com>
Date: Tue, 5 Sep 2023 18:59:50 -0700
Subject: [PATCH] [StackProtector] Clear out stack protector slot
Don't leave the stack protector guard information on the stack after
exiting the function. This helps to prevent information leaking.
---
llvm/lib/CodeGen/StackProtector.cpp | 6 ++++++
llvm/test/CodeGen/RISCV/stack-protector-target.ll | 1 +
llvm/test/CodeGen/X86/2009-04-14-IllegalRegs.ll | 1 +
llvm/test/CodeGen/X86/stack-protector-2.ll | 5 +++++
llvm/test/CodeGen/X86/stack-protector-no-return.ll | 3 +++
llvm/test/CodeGen/X86/stack-protector-recursively.ll | 1 +
6 files changed, 17 insertions(+)
diff --git a/llvm/lib/CodeGen/StackProtector.cpp b/llvm/lib/CodeGen/StackProtector.cpp
index 387b653f8815367..850cdf5be8999e3 100644
--- a/llvm/lib/CodeGen/StackProtector.cpp
+++ b/llvm/lib/CodeGen/StackProtector.cpp
@@ -565,6 +565,7 @@ bool StackProtector::InsertStackProtectors() {
// br i1 %3, label %CallStackCheckFailBlk, label %SP_return
//
// SP_return:
+ // store StackGuardSlot, i64 0
// ret ...
//
// CallStackCheckFailBlk:
@@ -601,6 +602,11 @@ bool StackProtector::InsertStackProtectors() {
Cmp->setPredicate(Cmp->getInversePredicate());
BI->swapSuccessors();
+
+ // Clear the stack guard value from registers before returning.
+ B.SetInsertPoint(NewBB, NewBB->begin());
+ B.CreateStore(ConstantInt::get(B.getIntPtrTy(M->getDataLayout()), 0), AI,
+ true);
}
}
diff --git a/llvm/test/CodeGen/RISCV/stack-protector-target.ll b/llvm/test/CodeGen/RISCV/stack-protector-target.ll
index 410b89df1f35c77..d4ccf67947101e3 100644
--- a/llvm/test/CodeGen/RISCV/stack-protector-target.ll
+++ b/llvm/test/CodeGen/RISCV/stack-protector-target.ll
@@ -17,6 +17,7 @@ define void @func() sspreq nounwind {
; FUCHSIA-RISCV64-NEXT: ld a1, 16(sp)
; FUCHSIA-RISCV64-NEXT: bne a0, a1, .LBB0_2
; FUCHSIA-RISCV64-NEXT: # %bb.1: # %SP_return
+; FUCHSIA-RISCV64-NEXT: sd zero, 16(sp)
; FUCHSIA-RISCV64-NEXT: ld ra, 24(sp) # 8-byte Folded Reload
; FUCHSIA-RISCV64-NEXT: addi sp, sp, 32
; FUCHSIA-RISCV64-NEXT: ret
diff --git a/llvm/test/CodeGen/X86/2009-04-14-IllegalRegs.ll b/llvm/test/CodeGen/X86/2009-04-14-IllegalRegs.ll
index 822f6a4c4616e92..603aedf4e48c79e 100644
--- a/llvm/test/CodeGen/X86/2009-04-14-IllegalRegs.ll
+++ b/llvm/test/CodeGen/X86/2009-04-14-IllegalRegs.ll
@@ -47,6 +47,7 @@ define i32 @z() nounwind ssp {
; CHECK-NEXT: jne LBB0_3
; CHECK-NEXT: ## %bb.2: ## %SP_return
; CHECK-NEXT: movl {{[-0-9]+}}(%e{{[sb]}}p), %eax ## 4-byte Reload
+; CHECK-NEXT: movl $0, {{[0-9]+}}(%esp)
; CHECK-NEXT: addl $148, %esp
; CHECK-NEXT: popl %esi
; CHECK-NEXT: popl %edi
diff --git a/llvm/test/CodeGen/X86/stack-protector-2.ll b/llvm/test/CodeGen/X86/stack-protector-2.ll
index bd69981714757f8..f23ecb17a017997 100644
--- a/llvm/test/CodeGen/X86/stack-protector-2.ll
+++ b/llvm/test/CodeGen/X86/stack-protector-2.ll
@@ -21,6 +21,7 @@ define void @store_captures() #0 {
; CHECK-NEXT: [[TMP1:%.*]] = icmp eq ptr [[STACKGUARD1]], [[TMP0]]
; CHECK-NEXT: br i1 [[TMP1]], label [[SP_RETURN:%.*]], label [[CALLSTACKCHECKFAILBLK:%.*]], !prof !0
; CHECK: SP_return:
+; CHECK-NEXT: store volatile i64 0, ptr [[STACKGUARDSLOT]], align 8
; CHECK-NEXT: ret void
; CHECK: CallStackCheckFailBlk:
; CHECK-NEXT: call void @__stack_chk_fail()
@@ -74,6 +75,7 @@ define void @store_addrspacecast_captures() #0 {
; CHECK-NEXT: [[TMP1:%.*]] = icmp eq ptr [[STACKGUARD1]], [[TMP0]]
; CHECK-NEXT: br i1 [[TMP1]], label [[SP_RETURN:%.*]], label [[CALLSTACKCHECKFAILBLK:%.*]], !prof !0
; CHECK: SP_return:
+; CHECK-NEXT: store volatile i64 0, ptr [[STACKGUARDSLOT]], align 8
; CHECK-NEXT: ret void
; CHECK: CallStackCheckFailBlk:
; CHECK-NEXT: call void @__stack_chk_fail()
@@ -111,6 +113,7 @@ define void @cmpxchg_captures() #0 {
; CHECK-NEXT: [[TMP2:%.*]] = icmp eq ptr [[STACKGUARD1]], [[TMP1]]
; CHECK-NEXT: br i1 [[TMP2]], label [[SP_RETURN:%.*]], label [[CALLSTACKCHECKFAILBLK:%.*]], !prof !0
; CHECK: SP_return:
+; CHECK-NEXT: store volatile i64 0, ptr [[STACKGUARDSLOT]], align 8
; CHECK-NEXT: ret void
; CHECK: CallStackCheckFailBlk:
; CHECK-NEXT: call void @__stack_chk_fail()
@@ -145,6 +148,7 @@ define void @memset_captures(i64 %c) #0 {
; CHECK-NEXT: [[TMP2:%.*]] = icmp eq ptr [[STACKGUARD1]], [[TMP1]]
; CHECK-NEXT: br i1 [[TMP2]], label [[SP_RETURN:%.*]], label [[CALLSTACKCHECKFAILBLK:%.*]], !prof !0
; CHECK: SP_return:
+; CHECK-NEXT: store volatile i64 0, ptr [[STACKGUARDSLOT]], align 8
; CHECK-NEXT: ret void
; CHECK: CallStackCheckFailBlk:
; CHECK-NEXT: call void @__stack_chk_fail()
@@ -204,6 +208,7 @@ entry:
; CHECK-NEXT: %2 = icmp eq ptr %StackGuard1, %1
; CHECK-NEXT: br i1 %2, label %SP_return, label %CallStackCheckFailBlk
; CHECK: SP_return: ; preds = %if.then
+; CHECK-NEXT: store volatile i64 0, ptr [[STACKGUARDSLOT]], align 8
; CHECK-NEXT: %call = call i32 @foo_no_return(i32 1)
; CHECK-NEXT: br label %return
; CHECK: if.end: ; preds = %entry
diff --git a/llvm/test/CodeGen/X86/stack-protector-no-return.ll b/llvm/test/CodeGen/X86/stack-protector-no-return.ll
index cfebf0080a6d6ef..541ab5d558612aa 100644
--- a/llvm/test/CodeGen/X86/stack-protector-no-return.ll
+++ b/llvm/test/CodeGen/X86/stack-protector-no-return.ll
@@ -22,6 +22,7 @@ define void @_Z7catchesv() #0 personality ptr null {
; CHECK-NEXT: cmpq (%rsp), %rax
; CHECK-NEXT: jne .LBB0_6
; CHECK-NEXT: # %bb.2: # %SP_return
+; CHECK-NEXT: movq $0, (%rsp)
; CHECK-NEXT: .Ltmp2:
; CHECK-NEXT: xorl %eax, %eax
; CHECK-NEXT: xorl %edi, %edi
@@ -34,6 +35,7 @@ define void @_Z7catchesv() #0 personality ptr null {
; CHECK-NEXT: cmpq (%rsp), %rax
; CHECK-NEXT: jne .LBB0_6
; CHECK-NEXT: # %bb.5: # %SP_return3
+; CHECK-NEXT: movq $0, (%rsp)
; CHECK-NEXT: popq %rax
; CHECK-NEXT: .cfi_def_cfa_offset 8
; CHECK-NEXT: retq
@@ -67,6 +69,7 @@ define void @_Z7catchesv() #0 personality ptr null {
; DISNOTET-NEXT: cmpq (%rsp), %rax
; DISNOTET-NEXT: jne .LBB0_5
; DISNOTET-NEXT: # %bb.4: # %SP_return
+; DISNOTET-NEXT: movq $0, (%rsp)
; DISNOTET-NEXT: popq %rax
; DISNOTET-NEXT: .cfi_def_cfa_offset 8
; DISNOTET-NEXT: retq
diff --git a/llvm/test/CodeGen/X86/stack-protector-recursively.ll b/llvm/test/CodeGen/X86/stack-protector-recursively.ll
index ad7af3f302a628d..f2c7d6143f675e3 100644
--- a/llvm/test/CodeGen/X86/stack-protector-recursively.ll
+++ b/llvm/test/CodeGen/X86/stack-protector-recursively.ll
@@ -12,6 +12,7 @@ define dso_local void @__stack_chk_fail() local_unnamed_addr #0 {
; CHECK-NEXT: cmpq (%rsp), %rax
; CHECK-NEXT: jne .LBB0_2
; CHECK-NEXT: # %bb.1: # %SP_return
+; CHECK-NEXT: movq $0, (%rsp)
; CHECK-NEXT: callq foo at PLT
; CHECK-NEXT: .LBB0_2: # %CallStackCheckFailBlk
; CHECK-NEXT: callq __stack_chk_fail
More information about the llvm-commits
mailing list