This is an archive of the discontinued LLVM Phabricator instance.

Differential D100546

[ARM][AArch64] SLSHardening: make non-comdat thunks possible
ClosedPublic

Authored by danielkiss on Apr 15 2021, 4:18 AM.

Details

Reviewers
kristof.beyls
srhines
Commits
rG801ab71032e1: [ARM][AArch64] SLSHardening: make non-comdat thunks possible
Summary

Linker scripts might not handle COMDAT sections. SLSHardeing adds
new section for each __llvm_slsblr_thunk_xN. This new option allows
the generation of the thunks into the normal text section to handle these
exceptional cases.
,comdat or ,noncomdat can be added to harden-sls to control the codegen.
-mharden-sls=[all|retbr|blr],nocomdat.

Diff Detail

Event Timeline

danielkiss created this revision.Apr 15 2021, 4:18 AM
Herald added a subscriber: hiraditya. · View Herald TranscriptApr 15 2021, 4:18 AM
danielkiss requested review of this revision.Apr 15 2021, 4:18 AM
Herald added a project: Restricted Project. · View Herald TranscriptApr 15 2021, 4:18 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
tamas.petz added inline comments.Apr 15 2021, 4:22 AM
llvm/include/llvm/CodeGen/IndirectThunks.h
56

NIT: tabs to spaces

kristof.beyls added a comment.Apr 15 2021, 4:48 AM

Apart from maybe needing to run clang-format on the patch, the code changes look good to me.
Before this could be committed, this needs tests.

llvm/include/llvm/CodeGen/IndirectThunks.h
43–44

I'm not entirely sure, but is this how clang-format formats these lines?

Harbormaster completed remote builds in B98873: Diff 337706.Apr 15 2021, 5:20 AM
danielkiss updated this revision to Diff 344079.May 10 2021, 9:17 AM
danielkiss edited the summary of this revision. (Show Details)

Adding a fronted flag and tests.
comdat is still the default, feels fine but I'm not sure.

danielkiss marked 2 inline comments as done.May 10 2021, 9:19 AM
danielkiss added inline comments.
llvm/include/llvm/CodeGen/IndirectThunks.h
43–44

yes, patch went thru git clang-format

tamas.petz added a comment.May 10 2021, 9:30 AM

I have just a few small comments.

llvm/include/llvm/CodeGen/IndirectThunks.h
31

Is the default argument really required?

57

There are still TABs there.

danielkiss marked an inline comment as done.May 10 2021, 9:34 AM
danielkiss added inline comments.
llvm/include/llvm/CodeGen/IndirectThunks.h
31

yes, this function is called from x86 backed and I'd not change that.

57

I think these are spaces, could you please take a look at the raw diff?

Harbormaster completed remote builds in B103507: Diff 344079.May 10 2021, 9:40 AM
kristof.beyls added inline comments.May 11 2021, 5:57 AM
clang/lib/Driver/ToolChains/Arch/ARM.cpp
837–840 ↗(On Diff #344079)

I think it would be better if comdat/nocomdat were also communicated through Features.
It keeps the interface on this part of the code base consistent (no need to introduce a CmdArgs feature); and also makes sure that LTO vs non-LTO builds keep on behaving the same way, as the feature is set per function, not per translation unit.

I haven't really thought about how to best specify that feature. Maybe just have an extra 2 features: +harden-sls-comdat and +harden-sls-nocomdat?

llvm/test/CodeGen/AArch64/speculation-hardening-sls.ll
218–220 ↗(On Diff #344079)

Would it be possible to also have check lines for HARDEN-COMDAT-OFF, i.e. look for lines that HARDEN-COMDAT-OFF should produce?

llvm/test/CodeGen/ARM/speculation-hardening-sls.ll
249–251 ↗(On Diff #344079)

Would it be possible to also have check lines for HARDEN-COMDAT-OFF, i.e. look for lines that HARDEN-COMDAT-OFF should produce?

danielkiss added inline comments.May 11 2021, 1:27 PM
clang/lib/Driver/ToolChains/Arch/ARM.cpp
837–840 ↗(On Diff #344079)

I almost added a feature for the harden-sls-noncomdat but that is not really a HW feature so felt the backed flag is better.
One feature bit seems enough to describe the two states.

danielkiss updated this revision to Diff 346151.May 18 2021, 5:41 AM

address review comments.

danielkiss marked 5 inline comments as done.May 18 2021, 5:42 AM
kristof.beyls accepted this revision.May 18 2021, 7:48 AM

Thanks @danielkiss !
I only have a few nit picky remarks.
Overall looks good!

clang/lib/Driver/ToolChains/Arch/AArch64.cpp
275 ↗(On Diff #346151)

I'm wondering if the '(EnableRetBr || EnableBlr)' condition is needed here?
Just dropping it would make this code a little bit simpler.
I'm assuming here of course that the semantics of the +harden-sls-comdat target feature is to not produce comdat sections in case any of the other sls-hardening target features would produce thunks.
I agree this is a bit of a nit pick though.

clang/lib/Driver/ToolChains/Arch/ARM.cpp
837 ↗(On Diff #346151)

Same comment/thought on the "(EnableRetBr || EnableBlr)" condition as on the AArch64 side.

llvm/lib/Target/AArch64/AArch64.td
528 ↗(On Diff #346151)

I think it would be more accurate if the word "thunk" would be present in the documentation.
What about the following:
"Generate thunk code for SLS mitigation in the normal text section"?

llvm/lib/Target/ARM/ARM.td
578 ↗(On Diff #346151)

Same comment as on the AArch64 side on using the word "thunk" somewhere in the help text.

This revision is now accepted and ready to land.May 18 2021, 7:48 AM
Harbormaster completed remote builds in B105024: Diff 346151.May 18 2021, 9:19 AM
danielkiss updated this revision to Diff 346425.May 19 2021, 6:00 AM
danielkiss marked 4 inline comments as done.
danielkiss added inline comments.
clang/lib/Driver/ToolChains/Arch/AArch64.cpp
275 ↗(On Diff #346151)

the check is a bit overkill, the backend won't do anything anyway without the EnableRetBr || EnableBlr

Harbormaster completed remote builds in B105214: Diff 346425.May 19 2021, 6:26 AM
kristof.beyls accepted this revision.May 19 2021, 9:41 AM

LGTM.

jcai19 added a subscriber: jcai19.May 19 2021, 9:44 AM
This revision was landed with ongoing or failed builds.May 20 2021, 8:07 AM
Closed by commit rG801ab71032e1: [ARM][AArch64] SLSHardening: make non-comdat thunks possible (authored by danielkiss). · Explain Why
This revision was automatically updated to reflect the committed changes.
danielkiss marked an inline comment as done.
danielkiss added a commit: rG801ab71032e1: [ARM][AArch64] SLSHardening: make non-comdat thunks possible.
Herald added a project: Restricted Project. · View Herald TranscriptMay 20 2021, 8:07 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript

Revision Contents

PathSize
llvm/
include/
llvm/
CodeGen/
17 lines
lib/
Target/
AArch64/
6 lines
ARM/
7 lines

Diff 337706

llvm/include/llvm/CodeGen/IndirectThunks.h

Show All 21 Lines
namespace llvm { namespace llvm {
template <typename Derived> class ThunkInserter { template <typename Derived> class ThunkInserter {
Derived &getDerived() { return *static_cast<Derived *>(this); } Derived &getDerived() { return *static_cast<Derived *>(this); }
protected: protected:
bool InsertedThunks; bool InsertedThunks;
void doInitialization(Module &M) {} void doInitialization(Module &M) {}
void createThunkFunction(MachineModuleInfo &MMI, StringRef Name); void createThunkFunction(MachineModuleInfo &MMI, StringRef Name,
bool Comdat = true);
tamas.petzUnsubmitted
Done
ReplyInline Actions

Is the default argument really required?

tamas.petz: Is the default argument really required?
danielkissAuthorUnsubmitted
Done
ReplyInline Actions

yes, this function is called from x86 backed and I'd not change that.

danielkiss: yes, this function is called from x86 backed and I'd not change that.
public: public:
void init(Module &M) { void init(Module &M) {
InsertedThunks = false; InsertedThunks = false;
getDerived().doInitialization(M); getDerived().doInitialization(M);
} }
// return `true` if `MMI` or `MF` was modified // return `true` if `MMI` or `MF` was modified
bool run(MachineModuleInfo &MMI, MachineFunction &MF); bool run(MachineModuleInfo &MMI, MachineFunction &MF);
}; };
template <typename Derived> template <typename Derived>
void ThunkInserter<Derived>::createThunkFunction(MachineModuleInfo &MMI, void ThunkInserter<Derived>::createThunkFunction(MachineModuleInfo &MMI,
StringRef Name) { StringRef Name, bool Comdat) {
kristof.beylsUnsubmitted
Done
ReplyInline Actions

I'm not entirely sure, but is this how clang-format formats these lines?

kristof.beyls: I'm not entirely sure, but is this how clang-format formats these lines?
danielkissAuthorUnsubmitted
Done
ReplyInline Actions

yes, patch went thru git clang-format

danielkiss: yes, patch went thru `git clang-format`
assert(Name.startswith(getDerived().getThunkPrefix()) && assert(Name.startswith(getDerived().getThunkPrefix()) &&
"Created a thunk with an unexpected prefix!"); "Created a thunk with an unexpected prefix!");
Module &M = const_cast<Module &>(*MMI.getModule()); Module &M = const_cast<Module &>(*MMI.getModule());
LLVMContext &Ctx = M.getContext(); LLVMContext &Ctx = M.getContext();
auto Type = FunctionType::get(Type::getVoidTy(Ctx), false); auto Type = FunctionType::get(Type::getVoidTy(Ctx), false);
Function *F = Function *F = Function::Create(Type,
Function::Create(Type, GlobalValue::LinkOnceODRLinkage, Name, &M); Comdat ? GlobalValue::LinkOnceODRLinkage
: GlobalValue::InternalLinkage,
Name, &M);
if (Comdat) {
F->setVisibility(GlobalValue::HiddenVisibility); F->setVisibility(GlobalValue::HiddenVisibility);
tamas.petzUnsubmitted
Done
ReplyInline Actions

NIT: tabs to spaces

tamas.petz: NIT: tabs to spaces
F->setComdat(M.getOrInsertComdat(Name)); F->setComdat(M.getOrInsertComdat(Name));
tamas.petzUnsubmitted
Done
ReplyInline Actions

There are still TABs there.

tamas.petz: There are still TABs there.
danielkissAuthorUnsubmitted
Done
ReplyInline Actions

I think these are spaces, could you please take a look at the raw diff?

danielkiss: I think these are spaces, could you please take a look at the raw diff?
}
// Add Attributes so that we don't create a frame, unwind information, or // Add Attributes so that we don't create a frame, unwind information, or
// inline. // inline.
AttrBuilder B; AttrBuilder B;
B.addAttribute(llvm::Attribute::NoUnwind); B.addAttribute(llvm::Attribute::NoUnwind);
B.addAttribute(llvm::Attribute::Naked); B.addAttribute(llvm::Attribute::Naked);
F->addAttributes(llvm::AttributeList::FunctionIndex, B); F->addAttributes(llvm::AttributeList::FunctionIndex, B);
▲ Show 20 LinesShow All 49 LinesShow Last 20 Lines

llvm/lib/Target/AArch64/AArch64SLSHardening.cpp

Show All 32 Lines
#include <cassert> #include <cassert>
using namespace llvm; using namespace llvm;
#define DEBUG_TYPE "aarch64-sls-hardening" #define DEBUG_TYPE "aarch64-sls-hardening"
#define AARCH64_SLS_HARDENING_NAME "AArch64 sls hardening pass" #define AARCH64_SLS_HARDENING_NAME "AArch64 sls hardening pass"
static cl::opt<bool>
ComdatThunks("aarch64-sls-hardening-comdat",
cl::desc("Output SLS hardening thunks in comdats"),
cl::init(true), cl::Hidden);
namespace { namespace {
class AArch64SLSHardening : public MachineFunctionPass { class AArch64SLSHardening : public MachineFunctionPass {
public: public:
const TargetInstrInfo *TII; const TargetInstrInfo *TII;
const TargetRegisterInfo *TRI; const TargetRegisterInfo *TRI;
const AArch64Subtarget *ST; const AArch64Subtarget *ST;
▲ Show 20 LinesShow All 146 Lines▼ Show 20 Lines
}; };
} // namespace } // namespace
void SLSBLRThunkInserter::insertThunks(MachineModuleInfo &MMI) { void SLSBLRThunkInserter::insertThunks(MachineModuleInfo &MMI) {
// FIXME: It probably would be possible to filter which thunks to produce // FIXME: It probably would be possible to filter which thunks to produce
// based on which registers are actually used in BLR instructions in this // based on which registers are actually used in BLR instructions in this
// function. But would that be a worthwhile optimization? // function. But would that be a worthwhile optimization?
for (auto T : SLSBLRThunks) for (auto T : SLSBLRThunks)
createThunkFunction(MMI, T.Name); createThunkFunction(MMI, T.Name, ComdatThunks);
} }
void SLSBLRThunkInserter::populateThunk(MachineFunction &MF) { void SLSBLRThunkInserter::populateThunk(MachineFunction &MF) {
// FIXME: How to better communicate Register number, rather than through // FIXME: How to better communicate Register number, rather than through
// name and lookup table? // name and lookup table?
assert(MF.getName().startswith(getThunkPrefix())); assert(MF.getName().startswith(getThunkPrefix()));
auto ThunkIt = llvm::find_if( auto ThunkIt = llvm::find_if(
SLSBLRThunks, [&MF](auto T) { return T.Name == MF.getName(); }); SLSBLRThunks, [&MF](auto T) { return T.Name == MF.getName(); });
▲ Show 20 LinesShow All 232 LinesShow Last 20 Lines

llvm/lib/Target/ARM/ARMSLSHardening.cpp

Show All 24 Lines
#include <cassert> #include <cassert>
using namespace llvm; using namespace llvm;
#define DEBUG_TYPE "arm-sls-hardening" #define DEBUG_TYPE "arm-sls-hardening"
#define ARM_SLS_HARDENING_NAME "ARM sls hardening pass" #define ARM_SLS_HARDENING_NAME "ARM sls hardening pass"
static cl::opt<bool>
ComdatThunks("arm-sls-hardening-comdat",
cl::desc("Output SLS hardening thunks in comdats"),
cl::init(true), cl::Hidden);
namespace { namespace {
class ARMSLSHardening : public MachineFunctionPass { class ARMSLSHardening : public MachineFunctionPass {
public: public:
const TargetInstrInfo *TII; const TargetInstrInfo *TII;
const ARMSubtarget *ST; const ARMSubtarget *ST;
static char ID; static char ID;
▲ Show 20 LinesShow All 133 Lines▼ Show 20 Lines
}; };
} // namespace } // namespace
void SLSBLRThunkInserter::insertThunks(MachineModuleInfo &MMI) { void SLSBLRThunkInserter::insertThunks(MachineModuleInfo &MMI) {
// FIXME: It probably would be possible to filter which thunks to produce // FIXME: It probably would be possible to filter which thunks to produce
// based on which registers are actually used in indirect calls in this // based on which registers are actually used in indirect calls in this
// function. But would that be a worthwhile optimization? // function. But would that be a worthwhile optimization?
for (auto T : SLSBLRThunks) for (auto T : SLSBLRThunks)
createThunkFunction(MMI, T.Name); createThunkFunction(MMI, T.Name, ComdatThunks);
} }
void SLSBLRThunkInserter::populateThunk(MachineFunction &MF) { void SLSBLRThunkInserter::populateThunk(MachineFunction &MF) {
// FIXME: How to better communicate Register number, rather than through // FIXME: How to better communicate Register number, rather than through
// name and lookup table? // name and lookup table?
assert(MF.getName().startswith(getThunkPrefix())); assert(MF.getName().startswith(getThunkPrefix()));
auto ThunkIt = llvm::find_if( auto ThunkIt = llvm::find_if(
SLSBLRThunks, [&MF](auto T) { return T.Name == MF.getName(); }); SLSBLRThunks, [&MF](auto T) { return T.Name == MF.getName(); });
▲ Show 20 LinesShow All 226 LinesShow Last 20 Lines