This is an archive of the discontinued LLVM Phabricator instance.

Differential D61881

Deal with return-twice function such as vfork, setjmp when CET-IBT enabled
ClosedPublic

Authored by xiangzhangllvm on May 13 2019, 10:59 PM.

Details

Reviewers
LuoYuanke
craig.topper
annita.zhang
pengfei
Commits
rZORGeffbbba6384f: [X86] [CET] Deal with return-twice function such as vfork, setjmp when CET-IBT…
rGeffbbba6384f: [X86] [CET] Deal with return-twice function such as vfork, setjmp when CET-IBT…
rG6a0d432e9e0f: [X86] [CET] Deal with return-twice function such as vfork, setjmp when CET-IBT…
rL361342: [X86] [CET] Deal with return-twice function such as vfork, setjmp when
Summary

Return-twice functions will indirectly jump after the caller's position.
So when CET-IBT is enable, we should make sure these is endbr* instructions follow these Return-twice function caller. Like GCC does.

Diff Detail

Repository
rL LLVM

Event Timeline

xiangzhangllvm created this revision.May 13 2019, 10:59 PM
Herald added a project: Restricted Project. · View Herald TranscriptMay 13 2019, 10:59 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
MaskRay added a subscriber: MaskRay.May 13 2019, 11:10 PM
MaskRay added inline comments.
lib/Target/X86/X86IndirectBranchTracking.cpp
72

indent with clang-format.

78

++I;

139

for (const MachineInstr &MI : MBB)

xiangzhangllvm marked 3 inline comments as done.May 14 2019, 6:00 PM
xiangzhangllvm added inline comments.
lib/Target/X86/X86IndirectBranchTracking.cpp
72

Hi! Fang rui, Nice to see you here!
It will more than 80 chars if I aligned the "Machine..", Is it suitable to write like this: ?

bool
X86IndirectBranchTrackingPass::addENDBR(MachineBasicBlock &MBB,
                                        MachineBasicBlock::iterator I) const {
78

It seems same with ++I ? More performance ?

139

I used iterator I, because I want to pass I into BuildMI in addENDBR()

MaskRay added inline comments.May 14 2019, 7:24 PM
lib/Target/X86/X86IndirectBranchTracking.cpp
72

You may use clang-format (git diff -U0 --no-color 'HEAD^' | ~/llvm/tools/clang/tools/clang-format/clang-format-diff.py -i -p1). It reformats this block as:

bool X86IndirectBranchTrackingPass::addENDBR(
    MachineBasicBlock &MBB, MachineBasicBlock::iterator I) const {
78

Its https://llvm.org/docs/CodingStandards.html#prefer-preincrement

xiangzhangllvm updated this revision to Diff 199547.May 14 2019, 7:55 PM

Thank You very much! Fangrui

craig.topper added inline comments.May 15 2019, 6:01 PM
lib/Target/X86/X86IndirectBranchTracking.cpp
76–84

Is this really "I != MBB.end()"? MachineBasicBlock::iterator is an iterator into a linked list and I'm not sure what it means for that to be nullptr.

141

Variable names should be capitalized and use camel case. But I think this variable is unnecessary and you could just call I->isCall from the if.

test/CodeGen/X86/indirect-branch-tracking-r2.ll
10

funtion->function

70

Please reduce this to only the attributes necessary. target-cpu, no-trapping-math, etc. are all unnecessary.

xiangzhangllvm marked 4 inline comments as done.May 15 2019, 6:42 PM
xiangzhangllvm added inline comments.
lib/Target/X86/X86IndirectBranchTracking.cpp
76–84

Here we just want to use a special "value" to let the addENDBR() ignore the argument "I".
Yes, "I" should "point to" an MachineInstr, it should not be MBB.end() too.
I also feel it a little ugly here, but compile with no error. I'll rewrite to if (I != MBB.end()).
Thank you!

141

Yes! make sense!

test/CodeGen/X86/indirect-branch-tracking-r2.ll
10

Yes!

70

OK! I'll simply them. Thank you!

xiangzhangllvm updated this revision to Diff 199718.May 15 2019, 7:33 PM
craig.topper added inline comments.May 15 2019, 9:40 PM
lib/Target/X86/X86IndirectBranchTracking.cpp
144

What if we passed I++ here and passed MBB.begin() on the other callsites. Could we then avoid two different cases in addENDBR?

xiangzhangllvm marked 2 inline comments as done.May 16 2019, 6:20 PM
xiangzhangllvm added inline comments.
lib/Target/X86/X86IndirectBranchTracking.cpp
139

I find here line 139 maybe problem:
I should change to

for (MachineBasicBlock::iterator I = MBB.begin(); I != MBB.end();  //because the MBB may update by insert endbr.
144

Hi Craig, we can not avoid.
because the 2 cases in addENDBR(MBB, I) are different.

one case is insert endbr after I
and another case is insert endbr before I

xiangzhangllvm marked an inline comment as done.May 16 2019, 6:27 PM
xiangzhangllvm added inline comments.
lib/Target/X86/X86IndirectBranchTracking.cpp
144

Sorry, I miss understand before. Your suggestion is right!
Here can pass "I+1" not "I++" to addENDBR()

xiangzhangllvm updated this revision to Diff 199959.May 16 2019, 7:14 PM
craig.topper accepted this revision.May 20 2019, 6:00 PM

LGTM

This revision is now accepted and ready to land.May 20 2019, 6:00 PM
xiangzhangllvm added a reviewer: pengfei.May 21 2019, 5:20 PM
Closed by commit rL361342: [X86] [CET] Deal with return-twice function such as vfork, setjmp when (authored by pengfei). · Explain WhyMay 21 2019, 5:47 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lib/
Target/
X86/
44 lines
test/
CodeGen/
X86/
76 lines

Diff 199718

lib/Target/X86/X86IndirectBranchTracking.cpp

Show First 20 LinesShow All 51 Lines▼ Show 20 Linesprivate:
/// Endbr opcode for the current machine function. /// Endbr opcode for the current machine function.
unsigned int EndbrOpcode; unsigned int EndbrOpcode;
/// Adds a new ENDBR instruction to the begining of the MBB. /// Adds a new ENDBR instruction to the begining of the MBB.
/// The function will not add it if already exists. /// The function will not add it if already exists.
/// It will add ENDBR32 or ENDBR64 opcode, depending on the target. /// It will add ENDBR32 or ENDBR64 opcode, depending on the target.
/// \returns true if the ENDBR was added and false otherwise. /// \returns true if the ENDBR was added and false otherwise.
bool addENDBR(MachineBasicBlock &MBB) const; bool addENDBR(MachineBasicBlock &MBB, MachineBasicBlock::iterator I) const;
}; };
} // end anonymous namespace } // end anonymous namespace
char X86IndirectBranchTrackingPass::ID = 0; char X86IndirectBranchTrackingPass::ID = 0;
FunctionPass *llvm::createX86IndirectBranchTrackingPass() { FunctionPass *llvm::createX86IndirectBranchTrackingPass() {
return new X86IndirectBranchTrackingPass(); return new X86IndirectBranchTrackingPass();
} }
bool X86IndirectBranchTrackingPass::addENDBR(MachineBasicBlock &MBB) const { bool X86IndirectBranchTrackingPass::addENDBR(
MachineBasicBlock &MBB, MachineBasicBlock::iterator I) const {
MaskRayUnsubmitted
Not Done
ReplyInline Actions

indent with clang-format.

MaskRay: indent with clang-format.
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

Hi! Fang rui, Nice to see you here!
It will more than 80 chars if I aligned the "Machine..", Is it suitable to write like this: ?

bool
X86IndirectBranchTrackingPass::addENDBR(MachineBasicBlock &MBB,
                                        MachineBasicBlock::iterator I) const {
xiangzhangllvm: Hi! Fang rui, Nice to see you here! It will more than 80 chars if I aligned the "Machine..", Is…
MaskRayUnsubmitted
Not Done
ReplyInline Actions

You may use clang-format (git diff -U0 --no-color 'HEAD^' | ~/llvm/tools/clang/tools/clang-format/clang-format-diff.py -i -p1). It reformats this block as:

bool X86IndirectBranchTrackingPass::addENDBR(
    MachineBasicBlock &MBB, MachineBasicBlock::iterator I) const {
MaskRay: You may use clang-format (`git diff -U0 --no-color 'HEAD^' | ~/llvm/tools/clang/tools/clang…
assert(TII && "Target instruction info was not initialized"); assert(TII && "Target instruction info was not initialized");
assert((X86::ENDBR64 == EndbrOpcode || X86::ENDBR32 == EndbrOpcode) && assert((X86::ENDBR64 == EndbrOpcode || X86::ENDBR32 == EndbrOpcode) &&
"Unexpected Endbr opcode"); "Unexpected Endbr opcode");
if (I != MBB.end()) {
if (EndbrOpcode != I->getOpcode()) {
++I;
MaskRayUnsubmitted
Not Done
ReplyInline Actions

++I;

MaskRay: `++I;`
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

It seems same with ++I ? More performance ?

xiangzhangllvm: It seems same with ++I ? More performance ?
MaskRayUnsubmitted
Not Done
ReplyInline Actions

Its https://llvm.org/docs/CodingStandards.html#prefer-preincrement

MaskRay: Its https://llvm.org/docs/CodingStandards.html#prefer-preincrement
BuildMI(MBB, I, MBB.findDebugLoc(I), TII->get(EndbrOpcode));
++NumEndBranchAdded;
return true;
}
return false;
}
craig.topperUnsubmitted
Not Done
ReplyInline Actions

Is this really "I != MBB.end()"? MachineBasicBlock::iterator is an iterator into a linked list and I'm not sure what it means for that to be nullptr.

craig.topper: Is this really "I != MBB.end()"? MachineBasicBlock::iterator is an iterator into a linked list…
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

Here we just want to use a special "value" to let the addENDBR() ignore the argument "I".
Yes, "I" should "point to" an MachineInstr, it should not be MBB.end() too.
I also feel it a little ugly here, but compile with no error. I'll rewrite to if (I != MBB.end()).
Thank you!

xiangzhangllvm: Here we just want to use a special "value" to let the addENDBR() ignore the argument "I". Yes…
auto MI = MBB.begin(); auto MI = MBB.begin();
// If the MBB is empty or the first instruction is not ENDBR, // If the MBB is empty or the first instruction is not ENDBR,
// add the ENDBR instruction to the beginning of the MBB. // add the ENDBR instruction to the beginning of the MBB.
if (MI == MBB.end() || EndbrOpcode != MI->getOpcode()) { if (MI == MBB.end() || EndbrOpcode != MI->getOpcode()) {
BuildMI(MBB, MI, MBB.findDebugLoc(MI), TII->get(EndbrOpcode)); BuildMI(MBB, MI, MBB.findDebugLoc(MI), TII->get(EndbrOpcode));
NumEndBranchAdded++; ++NumEndBranchAdded;
return true; return true;
} }
return false;
}
bool IsCallReturnTwice(llvm::MachineOperand &MOp) {
if (!MOp.isGlobal())
return false;
auto *CalleeFn = dyn_cast<Function>(MOp.getGlobal());
if (!CalleeFn)
return false;
AttributeList Attrs = CalleeFn->getAttributes();
if (Attrs.hasAttribute(AttributeList::FunctionIndex, Attribute::ReturnsTwice))
return true;
return false; return false;
} }
bool X86IndirectBranchTrackingPass::runOnMachineFunction(MachineFunction &MF) { bool X86IndirectBranchTrackingPass::runOnMachineFunction(MachineFunction &MF) {
const X86Subtarget &SubTarget = MF.getSubtarget<X86Subtarget>(); const X86Subtarget &SubTarget = MF.getSubtarget<X86Subtarget>();
// Check that the cf-protection-branch is enabled. // Check that the cf-protection-branch is enabled.
Metadata *isCFProtectionSupported = Metadata *isCFProtectionSupported =
Show All 9 Linesbool X86IndirectBranchTrackingPass::runOnMachineFunction(MachineFunction &MF) {
// Non-internal function or function whose address was taken, can be // Non-internal function or function whose address was taken, can be
// accessed through indirect calls. Mark the first BB with ENDBR instruction // accessed through indirect calls. Mark the first BB with ENDBR instruction
// unless nocf_check attribute is used. // unless nocf_check attribute is used.
if ((MF.getFunction().hasAddressTaken() || if ((MF.getFunction().hasAddressTaken() ||
!MF.getFunction().hasLocalLinkage()) && !MF.getFunction().hasLocalLinkage()) &&
!MF.getFunction().doesNoCfCheck()) { !MF.getFunction().doesNoCfCheck()) {
auto MBB = MF.begin(); auto MBB = MF.begin();
Changed |= addENDBR(*MBB); Changed |= addENDBR(*MBB, MBB->end());
} }
for (auto &MBB : MF) for (auto &MBB : MF) {
// Find all basic blocks that their address was taken (for example // Find all basic blocks that their address was taken (for example
// in the case of indirect jump) and add ENDBR instruction. // in the case of indirect jump) and add ENDBR instruction.
if (MBB.hasAddressTaken()) if (MBB.hasAddressTaken())
Changed |= addENDBR(MBB); Changed |= addENDBR(MBB, MBB.end());
for (MachineBasicBlock::iterator I = MBB.begin(), E = MBB.end(); I != E;
MaskRayUnsubmitted
Not Done
ReplyInline Actions

for (const MachineInstr &MI : MBB)

MaskRay: `for (const MachineInstr &MI : MBB)`
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

I used iterator I, because I want to pass I into BuildMI in addENDBR()

xiangzhangllvm: I used iterator I, because I want to pass I into BuildMI in addENDBR()
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

I find here line 139 maybe problem:
I should change to

for (MachineBasicBlock::iterator I = MBB.begin(); I != MBB.end();  //because the MBB may update by insert endbr.
xiangzhangllvm: I find here line 139 maybe problem: I should change to ``` for (MachineBasicBlock::iterator I…
++I) {
if (!I->isCall())
craig.topperUnsubmitted
Not Done
ReplyInline Actions

Variable names should be capitalized and use camel case. But I think this variable is unnecessary and you could just call I->isCall from the if.

craig.topper: Variable names should be capitalized and use camel case. But I think this variable is…
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

Yes! make sense!

xiangzhangllvm: Yes! make sense!
continue;
if (IsCallReturnTwice(I->getOperand(0)))
Changed |= addENDBR(MBB, I);
craig.topperUnsubmitted
Not Done
ReplyInline Actions

What if we passed I++ here and passed MBB.begin() on the other callsites. Could we then avoid two different cases in addENDBR?

craig.topper: What if we passed I++ here and passed MBB.begin() on the other callsites. Could we then avoid…
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

Hi Craig, we can not avoid.
because the 2 cases in addENDBR(MBB, I) are different.

one case is insert endbr after I
and another case is insert endbr before I

xiangzhangllvm: Hi Craig, we can not avoid. because the 2 cases in addENDBR(MBB, I) are different. one case is…
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

Sorry, I miss understand before. Your suggestion is right!
Here can pass "I+1" not "I++" to addENDBR()

xiangzhangllvm: Sorry, I miss understand before. Your suggestion is right! Here can pass "I+1" not "I++" to…
}
}
return Changed; return Changed;
} }

test/CodeGen/X86/indirect-branch-tracking-r2.ll

  • This file was added.
; RUN: llc -mtriple=x86_64-unknown-unknown < %s | FileCheck %s --check-prefix=X64
; RUN: llc -mtriple=i386-unknown-unknown < %s | FileCheck %s --check-prefix=X86
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; foo
;; -----
;; Checks ENDBR insertion after return twice functions.
;; setjmp, sigsetjmp, savectx, vfork, getcontext
;; setzx is not return twice function, should not followed by endbr.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
craig.topperUnsubmitted
Not Done
ReplyInline Actions

funtion->function

craig.topper: funtion->function
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

Yes!

xiangzhangllvm: Yes!
; X64: callq setjmp
; X64-NEXT: endbr64
; X64: callq setzx
; X64-NEXT: xorl
; X64: callq sigsetjmp
; X64-NEXT: endbr64
; X64: callq savectx
; X64-NEXT: endbr64
; X64: callq vfork
; X64-NEXT: endbr64
; X64: callq getcontext
; X64-NEXT: endbr64
; X86: calll setjmp
; X86-NEXT: endbr32
; X86: calll setzx
; X86-NEXT: xorl
; X86: calll sigsetjmp
; X86-NEXT: endbr32
; X86: calll savectx
; X86-NEXT: endbr32
; X86: calll vfork
; X86-NEXT: endbr32
; X86: calll getcontext
; X86-NEXT: endbr32
; Function Attrs: noinline nounwind optnone uwtable
define dso_local void @foo() #0 {
entry:
%call = call i32 (i32, ...) bitcast (i32 (...)* @setjmp to i32 (i32, ...)*)(i32 0) #1
%call1 = call i32 (i32, ...) bitcast (i32 (...)* @setzx to i32 (i32, ...)*)(i32 0)
%call2 = call i32 (i32, ...) bitcast (i32 (...)* @sigsetjmp to i32 (i32, ...)*)(i32 0) #1
%call3 = call i32 (i32, ...) bitcast (i32 (...)* @setzx to i32 (i32, ...)*)(i32 0)
%call4 = call i32 (i32, ...) bitcast (i32 (...)* @savectx to i32 (i32, ...)*)(i32 0) #1
%call5 = call i32 @vfork() #1
%call6 = call i32 (i32, ...) bitcast (i32 (...)* @setzx to i32 (i32, ...)*)(i32 0)
%call7 = call i32 (i32, ...) bitcast (i32 (...)* @getcontext to i32 (i32, ...)*)(i32 0) #1
ret void
}
; Function Attrs: returns_twice
declare dso_local i32 @setjmp(...) #1
declare dso_local i32 @setzx(...)
; Function Attrs: returns_twice
declare dso_local i32 @sigsetjmp(...) #1
; Function Attrs: returns_twice
declare dso_local i32 @savectx(...) #1
; Function Attrs: returns_twice
declare dso_local i32 @vfork() #1
; Function Attrs: returns_twice
declare dso_local i32 @getcontext(...) #1
attributes #0 = { noinline nounwind optnone uwtable }
attributes #1 = { returns_twice }
craig.topperUnsubmitted
Not Done
ReplyInline Actions

Please reduce this to only the attributes necessary. target-cpu, no-trapping-math, etc. are all unnecessary.

craig.topper: Please reduce this to only the attributes necessary. target-cpu, no-trapping-math, etc. are all…
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

OK! I'll simply them. Thank you!

xiangzhangllvm: OK! I'll simply them. Thank you!
!llvm.module.flags = !{!0, !1, !2}
!0 = !{i32 1, !"wchar_size", i32 4}
!1 = !{i32 4, !"cf-protection-return", i32 1}
!2 = !{i32 4, !"cf-protection-branch", i32 1}