This is an archive of the discontinued LLVM Phabricator instance.

[BranchAlign] Fix bug w/nop padding for SS manipulation
ClosedPublic

Authored by reames on Feb 28 2020, 8:54 AM.

Download Raw Diff

Details

Reviewers

skan
craig.topper
annita.zhang
jyknight

Commits

rG7049cf6496c9: [BranchAlign] Fix bug w/nop padding for SS manipulation

Summary

X86 has several instructions which are documented as enabling interrupts exactly one instruction *after* the one which changes the SS segment register. Inserting a nop between these two instructions allows an interrupt to arrive before the execution of the following instruction which changes semantic behaviour.

The list of instructions is documented in "Table 24-3. Format of Interruptibility State" in Volume 3c of the Intel manual. They basically all come down to different ways to write to the SS register.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

reames created this revision.Feb 28 2020, 8:54 AM

Herald added a project: Restricted Project. · View Herald TranscriptFeb 28 2020, 8:54 AM

Herald added subscribers: bollu, hiraditya, mcrosier. · View Herald Transcript

Harbormaster failed remote builds in B47598: Diff 247280!Feb 28 2020, 9:19 AM

LGTM if the patch is formatted.

This revision is now accepted and ready to land.Feb 29 2020, 2:49 AM

Closed by commit rG7049cf6496c9: [BranchAlign] Fix bug w/nop padding for SS manipulation (authored by reames). · Explain WhyMar 2 2020, 2:57 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

llvm/

lib/

Target/

X86/

MCTargetDesc/

X86AsmBackend.cpp

26 lines

test/

MC/

X86/

align-branch-64-system.s

68 lines

Diff 247732

llvm/lib/Target/X86/MCTargetDesc/X86AsmBackend.cpp

Show First 20 Lines • Show All 367 Lines • ▼ Show 20 Lines	bool X86AsmBackend::needAlign(MCObjectStreamer &OS) const {

// Branches only need to be aligned in 32-bit or 64-bit mode.		// Branches only need to be aligned in 32-bit or 64-bit mode.
if (!(STI.hasFeature(X86::Mode64Bit) \|\| STI.hasFeature(X86::Mode32Bit)))		if (!(STI.hasFeature(X86::Mode64Bit) \|\| STI.hasFeature(X86::Mode32Bit)))
return false;		return false;

return true;		return true;
}		}

		/// X86 has certain instructions which enable interrupts exactly one
		/// instruction after the instruction which stores to SS. Return true if the
		/// given instruction has such an interrupt delay slot.
		static bool hasInterruptDelaySlot(const MCInst &Inst) {
		switch (Inst.getOpcode()) {
		case X86::POPSS16:
		case X86::POPSS32:
		case X86::STI:
		return true;

		case X86::MOV16sr:
		case X86::MOV32sr:
		case X86::MOV64sr:
		case X86::MOV16sm:
		if (Inst.getOperand(0).getReg() == X86::SS)
		return true;
		break;
		}
		return false;
		}

/// Check if the instruction operand needs to be aligned. Padding is disabled		/// Check if the instruction operand needs to be aligned. Padding is disabled
/// before intruction which may be rewritten by linker(e.g. TLSCALL).		/// before intruction which may be rewritten by linker(e.g. TLSCALL).
bool X86AsmBackend::needAlignInst(const MCInst &Inst) const {		bool X86AsmBackend::needAlignInst(const MCInst &Inst) const {
// Linker may rewrite the instruction with variant symbol operand.		// Linker may rewrite the instruction with variant symbol operand.
if (hasVariantSymbol(Inst))		if (hasVariantSymbol(Inst))
return false;		return false;

const MCInstrDesc &InstDesc = MCII->get(Inst.getOpcode());		const MCInstrDesc &InstDesc = MCII->get(Inst.getOpcode());
Show All 12 Lines
/// Insert MCBoundaryAlignFragment before instructions to align branches.		/// Insert MCBoundaryAlignFragment before instructions to align branches.
void X86AsmBackend::alignBranchesBegin(MCObjectStreamer &OS,		void X86AsmBackend::alignBranchesBegin(MCObjectStreamer &OS,
const MCInst &Inst) {		const MCInst &Inst) {
if (!needAlign(OS))		if (!needAlign(OS))
return;		return;

MCFragment *CF = OS.getCurrentFragment();		MCFragment *CF = OS.getCurrentFragment();
bool NeedAlignFused = AlignBranchType & X86::AlignBranchFused;		bool NeedAlignFused = AlignBranchType & X86::AlignBranchFused;
if (NeedAlignFused && isMacroFused(PrevInst, Inst) && CF) {		if (hasInterruptDelaySlot(PrevInst)) {
		// If this instruction follows an interrupt enabling instruction with a one
		// instruction delay, inserting a nop would change behavior.
		} else if (NeedAlignFused && isMacroFused(PrevInst, Inst) && CF) {
// Macro fusion actually happens and there is no other fragment inserted		// Macro fusion actually happens and there is no other fragment inserted
// after the previous instruction. NOP can be emitted in PF to align fused		// after the previous instruction. NOP can be emitted in PF to align fused
// jcc.		// jcc.
if (auto *PF =		if (auto *PF =
dyn_cast_or_null<MCBoundaryAlignFragment>(CF->getPrevNode())) {		dyn_cast_or_null<MCBoundaryAlignFragment>(CF->getPrevNode())) {
const_cast<MCBoundaryAlignFragment *>(PF)->setEmitNops(true);		const_cast<MCBoundaryAlignFragment *>(PF)->setEmitNops(true);
const_cast<MCBoundaryAlignFragment *>(PF)->setFused(true);		const_cast<MCBoundaryAlignFragment *>(PF)->setFused(true);
}		}
▲ Show 20 Lines • Show All 735 Lines • Show Last 20 Lines

llvm/test/MC/X86/align-branch-64-system.s

This file was added.

				# RUN: llvm-mc -filetype=obj -triple x86_64-pc-linux-gnu --x86-align-branch-boundary=32 --x86-align-branch=jmp %s \| llvm-objdump -d --no-show-raw-insn - \| FileCheck %s

				# Exercise cases where we're enabling interrupts with one instruction delay
				# and thus can't add a nop in between without changing behavior.

				.text

				# CHECK: 1e: sti
				# CHECK: 1f: jmp
				.p2align 5
				.rept 30
				int3
				.endr
				sti
				jmp baz

				# CHECK: 5c: movq %rax, %ss
				# CHECK: 5f: jmp
				.p2align 5
				.rept 28
				int3
				.endr
				movq %rax, %ss
				jmp baz

				# CHECK: 9d: movl %esi, %ss
				# CHECK: 9f: jmp
				.p2align 5
				.rept 29
				int3
				.endr
				movl %esi, %ss
				jmp baz

				# movw and movl are interchangeable since we're only using the low 16 bits.
				# Both are generated as "MOV Sreg,r/m16**" (8E /r), but disassembled as movl
				# CHECK: dd: movl %esi, %ss
				# CHECK: df: jmp
				.p2align 5
				.rept 29
				int3
				.endr
				movw %si, %ss
				jmp baz

				# CHECK: 11b: movw (%esi), %ss
				# CHECK: 11e: jmp
				.p2align 5
				.rept 27
				int3
				.endr
				movw (%esi), %ss
				jmp baz

				# CHECK: 15b: movw (%rsi), %ss
				# CHECK: 15d: jmp
				.p2align 5
				.rept 27
				int3
				.endr
				movw (%rsi), %ss
				jmp baz


				int3
				.section ".text.other"
				bar:
				retq