search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[AArch64] Prevent argument promotion of vector with size > 128 bits (#70034)
[llvm-project.git] / llvm / lib / Target / AArch64 / AArch64PointerAuth.cpp
blob5d11f0d22574c90a6a004a5325a70ea0d6acbafd
1 //===-- AArch64PointerAuth.cpp -- Harden code using PAuth ------------------==//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8
9 #include "AArch64PointerAuth.h"
10
11 #include "AArch64.h"
12 #include "AArch64InstrInfo.h"
13 #include "AArch64MachineFunctionInfo.h"
14 #include "AArch64Subtarget.h"
15 #include "llvm/CodeGen/MachineBasicBlock.h"
16 #include "llvm/CodeGen/MachineInstrBuilder.h"
17 #include "llvm/CodeGen/MachineModuleInfo.h"
18
19 using namespace llvm;
20 using namespace llvm::AArch64PAuth;
21
22 #define AARCH64_POINTER_AUTH_NAME "AArch64 Pointer Authentication"
23
24 namespace {
25
26 class AArch64PointerAuth : public MachineFunctionPass {
27 public:
28 static char ID;
29
30 AArch64PointerAuth() : MachineFunctionPass(ID) {}
31
32 bool runOnMachineFunction(MachineFunction &MF) override;
33
34 StringRef getPassName() const override { return AARCH64_POINTER_AUTH_NAME; }
35
36 private:
37 /// An immediate operand passed to BRK instruction, if it is ever emitted.
38 const unsigned BrkOperand = 0xc471;
39
40 const AArch64Subtarget *Subtarget = nullptr;
41 const AArch64InstrInfo *TII = nullptr;
42 const AArch64RegisterInfo *TRI = nullptr;
43
44 void signLR(MachineFunction &MF, MachineBasicBlock::iterator MBBI) const;
45
46 void authenticateLR(MachineFunction &MF,
47 MachineBasicBlock::iterator MBBI) const;
48
49 bool checkAuthenticatedLR(MachineBasicBlock::iterator TI) const;
50 };
51
52 } // end anonymous namespace
53
54 INITIALIZE_PASS(AArch64PointerAuth, "aarch64-ptrauth",
55 AARCH64_POINTER_AUTH_NAME, false, false)
56
57 FunctionPass *llvm::createAArch64PointerAuthPass() {
58 return new AArch64PointerAuth();
59 }
60
61 char AArch64PointerAuth::ID = 0;
62
63 void AArch64PointerAuth::signLR(MachineFunction &MF,
64 MachineBasicBlock::iterator MBBI) const {
65 const AArch64FunctionInfo *MFnI = MF.getInfo<AArch64FunctionInfo>();
66 bool UseBKey = MFnI->shouldSignWithBKey();
67 bool EmitCFI = MFnI->needsDwarfUnwindInfo(MF);
68 bool NeedsWinCFI = MF.hasWinCFI();
69
70 MachineBasicBlock &MBB = *MBBI->getParent();
71
72 // Debug location must be unknown, see AArch64FrameLowering::emitPrologue.
73 DebugLoc DL;
74
75 if (UseBKey) {
76 BuildMI(MBB, MBBI, DL, TII->get(AArch64::EMITBKEY))
77 .setMIFlag(MachineInstr::FrameSetup);
78 }
79
80 // No SEH opcode for this one; it doesn't materialize into an
81 // instruction on Windows.
82 BuildMI(MBB, MBBI, DL,
83 TII->get(UseBKey ? AArch64::PACIBSP : AArch64::PACIASP))
84 .setMIFlag(MachineInstr::FrameSetup);
85
86 if (EmitCFI) {
87 unsigned CFIIndex =
88 MF.addFrameInst(MCCFIInstruction::createNegateRAState(nullptr));
89 BuildMI(MBB, MBBI, DL, TII->get(TargetOpcode::CFI_INSTRUCTION))
90 .addCFIIndex(CFIIndex)
91 .setMIFlags(MachineInstr::FrameSetup);
92 } else if (NeedsWinCFI) {
93 BuildMI(MBB, MBBI, DL, TII->get(AArch64::SEH_PACSignLR))
94 .setMIFlag(MachineInstr::FrameSetup);
95 }
96 }
97
98 void AArch64PointerAuth::authenticateLR(
99 MachineFunction &MF, MachineBasicBlock::iterator MBBI) const {
100 const AArch64FunctionInfo *MFnI = MF.getInfo<AArch64FunctionInfo>();
101 bool UseBKey = MFnI->shouldSignWithBKey();
102 bool EmitAsyncCFI = MFnI->needsAsyncDwarfUnwindInfo(MF);
103 bool NeedsWinCFI = MF.hasWinCFI();
104
105 MachineBasicBlock &MBB = *MBBI->getParent();
106 DebugLoc DL = MBBI->getDebugLoc();
107 // MBBI points to a PAUTH_EPILOGUE instruction to be replaced and
108 // TI points to a terminator instruction that may or may not be combined.
109 // Note that inserting new instructions "before MBBI" and "before TI" is
110 // not the same because if ShadowCallStack is enabled, its instructions
111 // are placed between MBBI and TI.
112 MachineBasicBlock::iterator TI = MBB.getFirstInstrTerminator();
113
114 // The AUTIASP instruction assembles to a hint instruction before v8.3a so
115 // this instruction can safely used for any v8a architecture.
116 // From v8.3a onwards there are optimised authenticate LR and return
117 // instructions, namely RETA{A,B}, that can be used instead. In this case the
118 // DW_CFA_AARCH64_negate_ra_state can't be emitted.
119 bool TerminatorIsCombinable =
120 TI != MBB.end() && TI->getOpcode() == AArch64::RET;
121 if (Subtarget->hasPAuth() && TerminatorIsCombinable && !NeedsWinCFI &&
122 !MF.getFunction().hasFnAttribute(Attribute::ShadowCallStack)) {
123 unsigned CombinedRetOpcode = UseBKey ? AArch64::RETAB : AArch64::RETAA;
124 BuildMI(MBB, TI, DL, TII->get(CombinedRetOpcode)).copyImplicitOps(*TI);
125 MBB.erase(TI);
126 } else {
127 unsigned AutOpcode = UseBKey ? AArch64::AUTIBSP : AArch64::AUTIASP;
128 BuildMI(MBB, MBBI, DL, TII->get(AutOpcode))
129 .setMIFlag(MachineInstr::FrameDestroy);
130
131 if (EmitAsyncCFI) {
132 unsigned CFIIndex =
133 MF.addFrameInst(MCCFIInstruction::createNegateRAState(nullptr));
134 BuildMI(MBB, MBBI, DL, TII->get(TargetOpcode::CFI_INSTRUCTION))
135 .addCFIIndex(CFIIndex)
136 .setMIFlags(MachineInstr::FrameDestroy);
137 }
138 if (NeedsWinCFI) {
139 BuildMI(MBB, MBBI, DL, TII->get(AArch64::SEH_PACSignLR))
140 .setMIFlag(MachineInstr::FrameDestroy);
141 }
142 }
143 }
144
145 namespace {
146
147 // Mark dummy LDR instruction as volatile to prevent removing it as dead code.
148 MachineMemOperand *createCheckMemOperand(MachineFunction &MF,
149 const AArch64Subtarget &Subtarget) {
150 MachinePointerInfo PointerInfo(Subtarget.getAddressCheckPSV());
151 auto MOVolatileLoad =
152 MachineMemOperand::MOLoad | MachineMemOperand::MOVolatile;
153
154 return MF.getMachineMemOperand(PointerInfo, MOVolatileLoad, 4, Align(4));
155 }
156
157 } // namespace
158
159 MachineBasicBlock &llvm::AArch64PAuth::checkAuthenticatedRegister(
160 MachineBasicBlock::iterator MBBI, AuthCheckMethod Method,
161 Register AuthenticatedReg, Register TmpReg, bool UseIKey, unsigned BrkImm) {
162
163 MachineBasicBlock &MBB = *MBBI->getParent();
164 MachineFunction &MF = *MBB.getParent();
165 const AArch64Subtarget &Subtarget = MF.getSubtarget<AArch64Subtarget>();
166 const AArch64InstrInfo *TII = Subtarget.getInstrInfo();
167 DebugLoc DL = MBBI->getDebugLoc();
168
169 // First, handle the methods not requiring creating extra MBBs.
170 switch (Method) {
171 default:
172 break;
173 case AuthCheckMethod::None:
174 return MBB;
175 case AuthCheckMethod::DummyLoad:
176 BuildMI(MBB, MBBI, DL, TII->get(AArch64::LDRWui), getWRegFromXReg(TmpReg))
177 .addReg(AArch64::LR)
178 .addImm(0)
179 .addMemOperand(createCheckMemOperand(MF, Subtarget));
180 return MBB;
181 }
182
183 // Control flow has to be changed, so arrange new MBBs.
184
185 // At now, at least an AUT* instruction is expected before MBBI
186 assert(MBBI != MBB.begin() &&
187 "Cannot insert the check at the very beginning of MBB");
188 // The block to insert check into.
189 MachineBasicBlock *CheckBlock = &MBB;
190 // The remaining part of the original MBB that is executed on success.
191 MachineBasicBlock *SuccessBlock = MBB.splitAt(*std::prev(MBBI));
192
193 // The block that explicitly generates a break-point exception on failure.
194 MachineBasicBlock *BreakBlock =
195 MF.CreateMachineBasicBlock(MBB.getBasicBlock());
196 MF.push_back(BreakBlock);
197 MBB.splitSuccessor(SuccessBlock, BreakBlock);
198
199 assert(CheckBlock->getFallThrough() == SuccessBlock);
200 BuildMI(BreakBlock, DL, TII->get(AArch64::BRK)).addImm(BrkImm);
201
202 switch (Method) {
203 case AuthCheckMethod::None:
204 case AuthCheckMethod::DummyLoad:
205 llvm_unreachable("Should be handled above");
206 case AuthCheckMethod::HighBitsNoTBI:
207 BuildMI(CheckBlock, DL, TII->get(AArch64::EORXrs), TmpReg)
208 .addReg(AuthenticatedReg)
209 .addReg(AuthenticatedReg)
210 .addImm(1);
211 BuildMI(CheckBlock, DL, TII->get(AArch64::TBNZX))
212 .addReg(TmpReg)
213 .addImm(62)
214 .addMBB(BreakBlock);
215 return *SuccessBlock;
216 case AuthCheckMethod::XPACHint:
217 assert(AuthenticatedReg == AArch64::LR &&
218 "XPACHint mode is only compatible with checking the LR register");
219 assert(UseIKey && "XPACHint mode is only compatible with I-keys");
220 BuildMI(CheckBlock, DL, TII->get(AArch64::ORRXrs), TmpReg)
221 .addReg(AArch64::XZR)
222 .addReg(AArch64::LR)
223 .addImm(0);
224 BuildMI(CheckBlock, DL, TII->get(AArch64::XPACLRI));
225 BuildMI(CheckBlock, DL, TII->get(AArch64::SUBSXrs), AArch64::XZR)
226 .addReg(TmpReg)
227 .addReg(AArch64::LR)
228 .addImm(0);
229 BuildMI(CheckBlock, DL, TII->get(AArch64::Bcc))
230 .addImm(AArch64CC::NE)
231 .addMBB(BreakBlock);
232 return *SuccessBlock;
233 }
234 llvm_unreachable("Unknown AuthCheckMethod enum");
235 }
236
237 unsigned llvm::AArch64PAuth::getCheckerSizeInBytes(AuthCheckMethod Method) {
238 switch (Method) {
239 case AuthCheckMethod::None:
240 return 0;
241 case AuthCheckMethod::DummyLoad:
242 return 4;
243 case AuthCheckMethod::HighBitsNoTBI:
244 return 12;
245 case AuthCheckMethod::XPACHint:
246 return 20;
247 }
248 llvm_unreachable("Unknown AuthCheckMethod enum");
249 }
250
251 bool AArch64PointerAuth::checkAuthenticatedLR(
252 MachineBasicBlock::iterator TI) const {
253 AuthCheckMethod Method = Subtarget->getAuthenticatedLRCheckMethod();
254
255 if (Method == AuthCheckMethod::None)
256 return false;
257
258 // FIXME If FEAT_FPAC is implemented by the CPU, this check can be skipped.
259
260 assert(!TI->getMF()->hasWinCFI() && "WinCFI is not yet supported");
261
262 // The following code may create a signing oracle:
263 //
264 // <authenticate LR>
265 // TCRETURN ; the callee may sign and spill the LR in its prologue
266 //
267 // To avoid generating a signing oracle, check the authenticated value
268 // before possibly re-signing it in the callee, as follows:
269 //
270 // <authenticate LR>
271 // <check if LR contains a valid address>
272 // b.<cond> break_block
273 // ret_block:
274 // TCRETURN
275 // break_block:
276 // brk <BrkOperand>
277 //
278 // or just
279 //
280 // <authenticate LR>
281 // ldr tmp, [lr]
282 // TCRETURN
283
284 // TmpReg is chosen assuming X16 and X17 are dead after TI.
285 assert(AArch64InstrInfo::isTailCallReturnInst(*TI) &&
286 "Tail call is expected");
287 Register TmpReg =
288 TI->readsRegister(AArch64::X16, TRI) ? AArch64::X17 : AArch64::X16;
289 assert(!TI->readsRegister(TmpReg, TRI) &&
290 "More than a single register is used by TCRETURN");
291
292 checkAuthenticatedRegister(TI, Method, AArch64::LR, TmpReg, /*UseIKey=*/true,
293 BrkOperand);
294
295 return true;
296 }
297
298 bool AArch64PointerAuth::runOnMachineFunction(MachineFunction &MF) {
299 const auto *MFnI = MF.getInfo<AArch64FunctionInfo>();
300 if (!MFnI->shouldSignReturnAddress(true))
301 return false;
302
303 Subtarget = &MF.getSubtarget<AArch64Subtarget>();
304 TII = Subtarget->getInstrInfo();
305 TRI = Subtarget->getRegisterInfo();
306
307 SmallVector<MachineBasicBlock::iterator> DeletedInstrs;
308 SmallVector<MachineBasicBlock::iterator> TailCallInstrs;
309
310 bool Modified = false;
311 bool HasAuthenticationInstrs = false;
312
313 for (auto &MBB : MF) {
314 for (auto &MI : MBB) {
315 auto It = MI.getIterator();
316 switch (MI.getOpcode()) {
317 default:
318 if (AArch64InstrInfo::isTailCallReturnInst(MI))
319 TailCallInstrs.push_back(It);
320 break;
321 case AArch64::PAUTH_PROLOGUE:
322 signLR(MF, It);
323 DeletedInstrs.push_back(It);
324 Modified = true;
325 break;
326 case AArch64::PAUTH_EPILOGUE:
327 authenticateLR(MF, It);
328 DeletedInstrs.push_back(It);
329 Modified = true;
330 HasAuthenticationInstrs = true;
331 break;
332 }
333 }
334 }
335
336 // FIXME Do we need to emit any PAuth-related epilogue code at all
337 // when SCS is enabled?
338 if (HasAuthenticationInstrs &&
339 !MFnI->needsShadowCallStackPrologueEpilogue(MF)) {
340 for (auto TailCall : TailCallInstrs)
341 Modified |= checkAuthenticatedLR(TailCall);
342 }
343
344 for (auto MI : DeletedInstrs)
345 MI->eraseFromParent();
346
347 return Modified;
348 }
LLVM monorepo