search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[mlir] More fixes for 9fddaf6b14102963f12dbb9730f101fc52e662c1
[llvm-project.git] / llvm / lib / Target / AArch64 / AArch64PointerAuth.h
blobd6947f0d22aacb36531eb78b7a88713c5b20f18b
1 //===-- AArch64PointerAuth.h -- Harden code using PAuth ---------*- C++ -*-===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8
9 #ifndef LLVM_LIB_TARGET_AARCH64_AARCH64POINTERAUTH_H
10 #define LLVM_LIB_TARGET_AARCH64_AARCH64POINTERAUTH_H
11
12 #include "llvm/CodeGen/MachineBasicBlock.h"
13 #include "llvm/CodeGen/Register.h"
14
15 namespace llvm {
16 namespace AArch64PAuth {
17
18 /// Variants of check performed on an authenticated pointer.
19 ///
20 /// In cases such as authenticating the LR value when performing a tail call
21 /// or when re-signing a signed pointer with a different signing schema,
22 /// a failed authentication may not generate an exception on its own and may
23 /// create an authentication or signing oracle if not checked explicitly.
24 ///
25 /// A number of check methods modify control flow in a similar way by
26 /// rewriting the code
27 ///
28 /// ```
29 /// <authenticate LR>
30 /// <more instructions>
31 /// ```
32 ///
33 /// as follows:
34 ///
35 /// ```
36 /// <authenticate LR>
37 /// <method-specific checker>
38 /// on_fail:
39 /// brk <code>
40 /// on_success:
41 /// <more instructions>
42 ///
43 /// ```
44 enum class AuthCheckMethod {
45 /// Do not check the value at all
46 None,
47
48 /// Perform a load to a temporary register
49 DummyLoad,
50
51 /// Check by comparing bits 62 and 61 of the authenticated address.
52 ///
53 /// This method modifies control flow and inserts the following checker:
54 ///
55 /// ```
56 /// eor Xtmp, Xn, Xn, lsl #1
57 /// tbz Xtmp, #62, on_success
58 /// ```
59 HighBitsNoTBI,
60
61 /// Check by comparing the authenticated value with an XPAC-ed one without
62 /// using PAuth instructions not encoded as HINT. Can only be applied to LR.
63 ///
64 /// This method modifies control flow and inserts the following checker:
65 ///
66 /// ```
67 /// mov Xtmp, LR
68 /// xpaclri ; encoded as "hint #7"
69 /// ; Note: at this point, the LR register contains the address as if
70 /// ; the authentication succeeded and the temporary register contains the
71 /// ; *real* result of authentication.
72 /// cmp Xtmp, LR
73 /// b.eq on_success
74 /// ```
75 XPACHint,
76
77 /// Similar to XPACHint but using Armv8.3-only XPAC instruction, thus
78 /// not restricted to LR:
79 /// ```
80 /// mov Xtmp, Xn
81 /// xpac(i|d) Xn
82 /// cmp Xtmp, Xn
83 /// b.eq on_success
84 /// ```
85 XPAC,
86 };
87
88 #define AUTH_CHECK_METHOD_CL_VALUES_COMMON \
89 clEnumValN(AArch64PAuth::AuthCheckMethod::None, "none", \
90 "Do not check authenticated address"), \
91 clEnumValN(AArch64PAuth::AuthCheckMethod::DummyLoad, "load", \
92 "Perform dummy load from authenticated address"), \
93 clEnumValN( \
94 AArch64PAuth::AuthCheckMethod::HighBitsNoTBI, "high-bits-notbi", \
95 "Compare bits 62 and 61 of address (TBI should be disabled)"), \
96 clEnumValN(AArch64PAuth::AuthCheckMethod::XPAC, "xpac", \
97 "Compare with the result of XPAC (requires Armv8.3-a)")
98
99 #define AUTH_CHECK_METHOD_CL_VALUES_LR \
100 AUTH_CHECK_METHOD_CL_VALUES_COMMON, \
101 clEnumValN(AArch64PAuth::AuthCheckMethod::XPACHint, "xpac-hint", \
102 "Compare with the result of XPACLRI")
103
104 /// Returns the number of bytes added by checkAuthenticatedRegister.
105 unsigned getCheckerSizeInBytes(AuthCheckMethod Method);
106
107 } // end namespace AArch64PAuth
108 } // end namespace llvm
109
110 #endif
LLVM monorepo