[clang] [llvm] [AArch64][PAC] Sign block addresses used in indirectbr. (PR #97647)
Anton Korobeynikov via llvm-commits
llvm-commits at lists.llvm.org
Mon Jul 22 13:54:31 PDT 2024
================
@@ -10685,6 +10689,26 @@ SDValue AArch64TargetLowering::LowerBR_JT(SDValue Op,
return DAG.getNode(ISD::BRIND, DL, MVT::Other, JTInfo, SDValue(Dest, 0));
}
+SDValue AArch64TargetLowering::LowerBRIND(SDValue Op, SelectionDAG &DAG) const {
+ MachineFunction &MF = DAG.getMachineFunction();
+ std::optional<uint16_t> BADisc =
+ Subtarget->getPtrAuthBlockAddressDiscriminator(MF.getFunction());
+ if (!BADisc)
+ return SDValue();
+
+ SDLoc DL(Op);
+ SDValue Chain = Op.getOperand(0);
+ SDValue Dest = Op.getOperand(1);
+
+ SDValue Disc = DAG.getTargetConstant(*BADisc, DL, MVT::i64);
+ SDValue Key = DAG.getTargetConstant(AArch64PACKey::IA, DL, MVT::i32);
+ SDValue AddrDisc = DAG.getRegister(AArch64::XZR, MVT::i64);
+
+ SDNode *BrA = DAG.getMachineNode(AArch64::BRA, DL, MVT::Other,
----------------
asl wrote:
This is a problematic piece of code. If jump table hardening is not enabled, then jump tables will be codegenerated using `BRIND` (see the code few lines above – directly at the end of `LowerBR_JT`) and the code here does not distinguish between indirect branches that has "register" destination and indirect branches as a result of jump table lowering...
The code above might check if `Dest` is `AArch64::JumpTableDest32` and do nothing in such case.
https://github.com/llvm/llvm-project/pull/97647
More information about the llvm-commits
mailing list