This is an archive of the discontinued LLVM Phabricator instance.

Differential D75934

Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI) [2/6]
AbandonedPublic

Authored by craig.topper on Mar 10 2020, 10:00 AM.

Details

Reviewers
andrew.w.kaylor
chandlerc
zbrid
george.burgess.iv
sconstab
Summary

This pass replaces each indirect call/jump with a direct call to a thunk that looks like:

lfence
jmpq *%r11

This ensures that if the value in register %r11 was loaded from memory, then
the value in %r11 is (architecturally) correct prior to the jump.

Also adds a new target feature to X86: +lvi-cfi
("cfi" meaning control-flow integrity)

The feature can be added via clang CLI using -mlvi-cfi.

Diff Detail

Event Timeline

sconstab created this revision.Mar 10 2020, 10:00 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 10 2020, 10:00 AM
Herald added subscribers: jfb, hiraditya, mgorny. · View Herald Transcript
craig.topper added inline comments.Mar 10 2020, 2:33 PM
clang/include/clang/Driver/Options.td
2298

Please add HelpText to these. It seems we've been bad about this and the lack of HelpText prevents the options from showing up in clang -help

sconstab added a reviewer: george.burgess.iv.Mar 11 2020, 9:26 AM
sconstab added a child revision: D75935: Add RET-hardening Support to X86 to mitigate Load Value Injection (LVI) [3/6].Mar 11 2020, 12:33 PM
sconstab retitled this revision from Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI) to Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI) [2/5].Mar 11 2020, 12:35 PM
sconstab updated this revision to Diff 249763.Mar 11 2020, 2:47 PM

Added help text for driver CLI options.

sconstab mentioned this in D75939: [x86][seses] Introduce SESES pass for LVI.Mar 12 2020, 8:32 AM
sconstab added a child revision: D76158: Add inline assembly load hardening mitigation for Load Value Injection (LVI) on X86 [6/6].Mar 13 2020, 1:50 PM
sconstab marked an inline comment as done.Mar 16 2020, 9:29 AM
sconstab retitled this revision from Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI) [2/5] to Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI) [2/6].
zbrid added a comment.Mar 17 2020, 12:26 PM

Looks great! Thanks for writing this! I had a bunch of nits (sorry!) and a few questions, otherwise LGTM. Please wait for sign off from at least one other person before submitting.

llvm/lib/Target/X86/X86FastISel.cpp
3209–3210

nit: Update comment?

llvm/lib/Target/X86/X86FrameLowering.cpp
966

Would it make sense to add a separate check for LVI-CFI and have a corresponding error message referencing specifically LVI-CFI rather than retpolines?

I wrote this in several spots, sorry about the repetition.

2709

Would it make sense to add a separate check for LVI-CFI and have a corresponding error message referencing specifically LVI-CFI rather than retpolines?

llvm/lib/Target/X86/X86ISelLowering.cpp
30565–30566

nit: Update comment to mention LVI-CFI

31854

Can you change this function name? If I'm understanding this code correctly, this no longer only applies to retpoline, but also to LVI thunks, so the naming is misleading.

llvm/lib/Target/X86/X86LoadValueInjectionIndirectThunks.cpp
80

I want to make sure I understand this correctly: You use this function to initialize InsertedThunks so that, for each module, InsertedThunks is shared across all the functions. This enables the Module to ensure the thunk is only inserted once. Is that right?

88

Why is 32-bit okay if it has SSE2 features? (Asking to understand since my processor knowledge is a bit weak. Thanks!)

93

Why did you decide to make this not skip functions with optnone?

99

I think this debugging message should be at the top of the function.

130

Should this use R11ThunkName instead of this string literal?

150

I see this list is from the retpoline pass. I don't know what each of these things do, but just wondering if you double checked these are the same attributes we want for this thunk?

llvm/lib/Target/X86/X86MCInstLower.cpp
1227

Would it make sense to add a separate check for LVI-CFI and have a corresponding error message referencing specifically LVI-CFI rather than retpolines?

1409

Would it make sense to add a separate check for LVI-CFI and have a corresponding error message referencing specifically LVI-CFI rather than retpolines?

llvm/test/CodeGen/X86/O0-pipeline.ll
76

nit: remove pass to follow what most of the other passes do here (requires change in pass code and here)

llvm/test/CodeGen/X86/O3-pipeline.ll
185

Same comment as in O0-pipeline.ll test

craig.topper added inline comments.Mar 17 2020, 1:09 PM
llvm/lib/Target/X86/X86LoadValueInjectionIndirectThunks.cpp
93

This suggestion came from myself and Andy Kaylor. skipFunction checks opt-bisect-limit and the optnone attribute. This would make the pass not run at -O0, but that seemed bad. The explicit optnone check here was to avoid the optnone behavior in skipFunction, but make opt-bisect-limit work. But looking this now, I think this left us in a situation where opt-bisect-limit doesn't work for this pass on optnone functions.

sconstab updated this revision to Diff 251193.Mar 18 2020, 3:21 PM

Addressed some of Zola's comments, and removed some unnecessary assertions.

sconstab marked 12 inline comments as done.Mar 18 2020, 3:28 PM
sconstab added inline comments.
llvm/lib/Target/X86/X86LoadValueInjectionIndirectThunks.cpp
80

As mentioned in a code comment at the beginning of this file, a lot of this code was lifted from X86RetpolineThunks.cpp, including the logic to insert one thunk per module. So I didn't actually compose this logic, but my understanding of it seems to match yours.

88

Actually it isn't okay (at this time), so you were correct to point this out. The thunks right now clearly only support 64-bit. It may be conceivable to support 32-bit that also has SSE2, but I think this would require some extra work.

130

I just removed the assertion because it wasn't really necessary.

150

I do think that these are correct. From the LLVM reference manual, NoUnwind means that "This function attribute indicates that the function never raises an exception," which should hold for the thunk. The Naked attribute "disables prologue / epilogue emission for the function," which is something we would not want.

sconstab mentioned this in D76458: Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI) [by modifying X86RetpolineThunks.cpp].Mar 19 2020, 3:03 PM
zbrid added a comment.Mar 19 2020, 3:10 PM

I followed up with Chandler about whether it would make sense to integrate this with the existing retpolines pass as you and Craig suggested. He supported the idea. Could you create a new patch(es) to do the refactor/renaming of the retpolines thunking pass and instruction scheduling conditionals to be more general and then add the LVI option?

mattdr added a subscriber: mattdr.Apr 10 2020, 5:10 PM

I accidentally spent time reviewing this, only to cross-reference something in the LLVM code and find another diff (https://reviews.llvm.org/D76812) was written to answer Zola's request and has already been submitted.

craig.topper commandeered this revision.Apr 10 2020, 5:25 PM
craig.topper abandoned this revision.
craig.topper edited reviewers, added: sconstab; removed: craig.topper.

This was superceded by D76812

craig.topper removed a child revision: D75935: Add RET-hardening Support to X86 to mitigate Load Value Injection (LVI) [3/6].Apr 10 2020, 5:28 PM
craig.topper removed a child revision: D76158: Add inline assembly load hardening mitigation for Load Value Injection (LVI) on X86 [6/6].

Revision Contents

PathSize
clang/
include/
clang/
Driver/
4 lines
lib/
Driver/
ToolChains/
Arch/
17 lines
llvm/
lib/
Target/
X86/
1 line
2 lines
9 lines
5 lines
10 lines
3 lines
4 lines
32 lines
10 lines
15 lines
2 lines
187 lines
8 lines
9 lines
2 lines
Transforms/
IPO/
3 lines
test/
CodeGen/
X86/
1 line
1 line
282 lines

Diff 251193

clang/include/clang/Driver/Options.td

Show First 20 LinesShow All 2,289 Lines▼ Show 20 Lines
def mno_stackrealign : Flag<["-"], "mno-stackrealign">, Group<m_Group>; def mno_stackrealign : Flag<["-"], "mno-stackrealign">, Group<m_Group>;
def mretpoline : Flag<["-"], "mretpoline">, Group<m_Group>, Flags<[CoreOption,DriverOption]>; def mretpoline : Flag<["-"], "mretpoline">, Group<m_Group>, Flags<[CoreOption,DriverOption]>;
def mno_retpoline : Flag<["-"], "mno-retpoline">, Group<m_Group>, Flags<[CoreOption,DriverOption]>; def mno_retpoline : Flag<["-"], "mno-retpoline">, Group<m_Group>, Flags<[CoreOption,DriverOption]>;
def mspeculative_load_hardening : Flag<["-"], "mspeculative-load-hardening">, def mspeculative_load_hardening : Flag<["-"], "mspeculative-load-hardening">,
Group<m_Group>, Flags<[CoreOption,CC1Option]>; Group<m_Group>, Flags<[CoreOption,CC1Option]>;
def mno_speculative_load_hardening : Flag<["-"], "mno-speculative-load-hardening">, def mno_speculative_load_hardening : Flag<["-"], "mno-speculative-load-hardening">,
Group<m_Group>, Flags<[CoreOption]>; Group<m_Group>, Flags<[CoreOption]>;
def mlvi_cfi : Flag<["-"], "mlvi-cfi">, Group<m_Group>, Flags<[CoreOption,DriverOption]>,
craig.topperAuthorUnsubmitted
Done
ReplyInline Actions

Please add HelpText to these. It seems we've been bad about this and the lack of HelpText prevents the options from showing up in clang -help

craig.topper: Please add HelpText to these. It seems we've been bad about this and the lack of HelpText…
HelpText<"Enable only control-flow mitigations for Load Value Injection (LVI)">;
def mno_lvi_cfi : Flag<["-"], "mno-lvi-cfi">, Group<m_Group>, Flags<[CoreOption,DriverOption]>,
HelpText<"Disable control-flow mitigations for Load Value Injection (LVI)">;
def mrelax : Flag<["-"], "mrelax">, Group<m_riscv_Features_Group>, def mrelax : Flag<["-"], "mrelax">, Group<m_riscv_Features_Group>,
HelpText<"Enable linker relaxation">; HelpText<"Enable linker relaxation">;
def mno_relax : Flag<["-"], "mno-relax">, Group<m_riscv_Features_Group>, def mno_relax : Flag<["-"], "mno-relax">, Group<m_riscv_Features_Group>,
HelpText<"Disable linker relaxation">; HelpText<"Disable linker relaxation">;
def msave_restore : Flag<["-"], "msave-restore">, Group<m_riscv_Features_Group>, def msave_restore : Flag<["-"], "msave-restore">, Group<m_riscv_Features_Group>,
HelpText<"Enable using library calls for save and restore">; HelpText<"Enable using library calls for save and restore">;
def mno_save_restore : Flag<["-"], "mno-save-restore">, Group<m_riscv_Features_Group>, def mno_save_restore : Flag<["-"], "mno-save-restore">, Group<m_riscv_Features_Group>,
▲ Show 20 LinesShow All 1,132 LinesShow Last 20 Lines

clang/lib/Driver/ToolChains/Arch/X86.cpp

Show First 20 LinesShow All 140 Lines▼ Show 20 Linesvoid x86::getX86TargetFeatures(const Driver &D, const llvm::Triple &Triple,
} }
// Translate the high level `-mretpoline` flag to the specific target feature // Translate the high level `-mretpoline` flag to the specific target feature
// flags. We also detect if the user asked for retpoline external thunks but // flags. We also detect if the user asked for retpoline external thunks but
// failed to ask for retpolines themselves (through any of the different // failed to ask for retpolines themselves (through any of the different
// flags). This is a bit hacky but keeps existing usages working. We should // flags). This is a bit hacky but keeps existing usages working. We should
// consider deprecating this and instead warn if the user requests external // consider deprecating this and instead warn if the user requests external
// retpoline thunks and *doesn't* request some form of retpolines. // retpoline thunks and *doesn't* request some form of retpolines.
auto SpectreOpt = clang::driver::options::ID::OPT_INVALID;
if (Args.hasArgNoClaim(options::OPT_mretpoline, options::OPT_mno_retpoline, if (Args.hasArgNoClaim(options::OPT_mretpoline, options::OPT_mno_retpoline,
options::OPT_mspeculative_load_hardening, options::OPT_mspeculative_load_hardening,
options::OPT_mno_speculative_load_hardening)) { options::OPT_mno_speculative_load_hardening)) {
if (Args.hasFlag(options::OPT_mretpoline, options::OPT_mno_retpoline, if (Args.hasFlag(options::OPT_mretpoline, options::OPT_mno_retpoline,
false)) { false)) {
Features.push_back("+retpoline-indirect-calls"); Features.push_back("+retpoline-indirect-calls");
Features.push_back("+retpoline-indirect-branches"); Features.push_back("+retpoline-indirect-branches");
SpectreOpt = options::OPT_mretpoline;
} else if (Args.hasFlag(options::OPT_mspeculative_load_hardening, } else if (Args.hasFlag(options::OPT_mspeculative_load_hardening,
options::OPT_mno_speculative_load_hardening, options::OPT_mno_speculative_load_hardening,
false)) { false)) {
// On x86, speculative load hardening relies on at least using retpolines // On x86, speculative load hardening relies on at least using retpolines
// for indirect calls. // for indirect calls.
Features.push_back("+retpoline-indirect-calls"); Features.push_back("+retpoline-indirect-calls");
SpectreOpt = options::OPT_mspeculative_load_hardening;
} }
} else if (Args.hasFlag(options::OPT_mretpoline_external_thunk, } else if (Args.hasFlag(options::OPT_mretpoline_external_thunk,
options::OPT_mno_retpoline_external_thunk, false)) { options::OPT_mno_retpoline_external_thunk, false)) {
// FIXME: Add a warning about failing to specify `-mretpoline` and // FIXME: Add a warning about failing to specify `-mretpoline` and
// eventually switch to an error here. // eventually switch to an error here.
Features.push_back("+retpoline-indirect-calls"); Features.push_back("+retpoline-indirect-calls");
Features.push_back("+retpoline-indirect-branches"); Features.push_back("+retpoline-indirect-branches");
SpectreOpt = options::OPT_mretpoline_external_thunk;
}
auto LVIOpt = clang::driver::options::ID::OPT_INVALID;
if (Args.hasFlag(options::OPT_mlvi_cfi, options::OPT_mno_lvi_cfi, false)) {
Features.push_back("+lvi-cfi");
LVIOpt = options::OPT_mlvi_cfi;
}
if (SpectreOpt != clang::driver::options::ID::OPT_INVALID &&
LVIOpt != clang::driver::options::ID::OPT_INVALID) {
D.Diag(diag::err_drv_argument_not_allowed_with)
<< D.getOpts().getOptionName(SpectreOpt)
<< D.getOpts().getOptionName(LVIOpt);
} }
// Now add any that the user explicitly requested on the command line, // Now add any that the user explicitly requested on the command line,
// which may override the defaults. // which may override the defaults.
handleTargetFeaturesGroup(Args, Features, options::OPT_m_x86_Features_Group); handleTargetFeaturesGroup(Args, Features, options::OPT_m_x86_Features_Group);
} }

llvm/lib/Target/X86/CMakeLists.txt

Show First 20 LinesShow All 45 Lines▼ Show 20 Linesset(sources
X86IndirectBranchTracking.cpp X86IndirectBranchTracking.cpp
X86InterleavedAccess.cpp X86InterleavedAccess.cpp
X86InsertPrefetch.cpp X86InsertPrefetch.cpp
X86InstrFMA3Info.cpp X86InstrFMA3Info.cpp
X86InstrFoldTables.cpp X86InstrFoldTables.cpp
X86InstrInfo.cpp X86InstrInfo.cpp
X86EvexToVex.cpp X86EvexToVex.cpp
X86LegalizerInfo.cpp X86LegalizerInfo.cpp
X86LoadValueInjectionIndirectThunks.cpp
X86MCInstLower.cpp X86MCInstLower.cpp
X86MachineFunctionInfo.cpp X86MachineFunctionInfo.cpp
X86MacroFusion.cpp X86MacroFusion.cpp
X86OptimizeLEAs.cpp X86OptimizeLEAs.cpp
X86PadShortFunction.cpp X86PadShortFunction.cpp
X86RegisterBankInfo.cpp X86RegisterBankInfo.cpp
X86RegisterInfo.cpp X86RegisterInfo.cpp
X86RetpolineThunks.cpp X86RetpolineThunks.cpp
Show All 20 Lines

llvm/lib/Target/X86/X86.h

Show First 20 LinesShow All 131 Lines▼ Show 20 Lines
/// This pass insert wait instruction after X87 instructions which could raise /// This pass insert wait instruction after X87 instructions which could raise
/// fp exceptions when strict-fp enabled. /// fp exceptions when strict-fp enabled.
FunctionPass *createX86InsertX87waitPass(); FunctionPass *createX86InsertX87waitPass();
InstructionSelector *createX86InstructionSelector(const X86TargetMachine &TM, InstructionSelector *createX86InstructionSelector(const X86TargetMachine &TM,
X86Subtarget &, X86Subtarget &,
X86RegisterBankInfo &); X86RegisterBankInfo &);
FunctionPass *createX86LoadValueInjectionIndirectThunksPass();
FunctionPass *createX86SpeculativeLoadHardeningPass(); FunctionPass *createX86SpeculativeLoadHardeningPass();
void initializeEvexToVexInstPassPass(PassRegistry &); void initializeEvexToVexInstPassPass(PassRegistry &);
void initializeFixupBWInstPassPass(PassRegistry &); void initializeFixupBWInstPassPass(PassRegistry &);
void initializeFixupLEAPassPass(PassRegistry &); void initializeFixupLEAPassPass(PassRegistry &);
void initializeFPSPass(PassRegistry &); void initializeFPSPass(PassRegistry &);
void initializeWinEHStatePassPass(PassRegistry &); void initializeWinEHStatePassPass(PassRegistry &);
void initializeX86AvoidSFBPassPass(PassRegistry &); void initializeX86AvoidSFBPassPass(PassRegistry &);
void initializeX86CallFrameOptimizationPass(PassRegistry &); void initializeX86CallFrameOptimizationPass(PassRegistry &);
void initializeX86CmovConverterPassPass(PassRegistry &); void initializeX86CmovConverterPassPass(PassRegistry &);
void initializeX86CondBrFoldingPassPass(PassRegistry &); void initializeX86CondBrFoldingPassPass(PassRegistry &);
void initializeX86DomainReassignmentPass(PassRegistry &); void initializeX86DomainReassignmentPass(PassRegistry &);
void initializeX86ExecutionDomainFixPass(PassRegistry &); void initializeX86ExecutionDomainFixPass(PassRegistry &);
void initializeX86ExpandPseudoPass(PassRegistry &); void initializeX86ExpandPseudoPass(PassRegistry &);
void initializeX86FlagsCopyLoweringPassPass(PassRegistry &); void initializeX86FlagsCopyLoweringPassPass(PassRegistry &);
void initializeX86LoadValueInjectionIndirectThunksPassPass(PassRegistry &);
void initializeX86OptimizeLEAPassPass(PassRegistry &); void initializeX86OptimizeLEAPassPass(PassRegistry &);
void initializeX86SpeculativeLoadHardeningPassPass(PassRegistry &); void initializeX86SpeculativeLoadHardeningPassPass(PassRegistry &);
namespace X86AS { namespace X86AS {
enum : unsigned { enum : unsigned {
GS = 256, GS = 256,
FS = 257, FS = 257,
SS = 258, SS = 258,
Show All 9 Lines

llvm/lib/Target/X86/X86.td

Show First 20 LinesShow All 425 Lines▼ Show 20 Lines
def FeatureRetpolineExternalThunk def FeatureRetpolineExternalThunk
: SubtargetFeature< : SubtargetFeature<
"retpoline-external-thunk", "UseRetpolineExternalThunk", "true", "retpoline-external-thunk", "UseRetpolineExternalThunk", "true",
"When lowering an indirect call or branch using a `retpoline`, rely " "When lowering an indirect call or branch using a `retpoline`, rely "
"on the specified user provided thunk rather than emitting one " "on the specified user provided thunk rather than emitting one "
"ourselves. Only has effect when combined with some other retpoline " "ourselves. Only has effect when combined with some other retpoline "
"feature", [FeatureRetpolineIndirectCalls]>; "feature", [FeatureRetpolineIndirectCalls]>;
// Mitigate LVI attacks against indirect calls/branches and call returns
def FeatureLVIControlFlowIntegrity
: SubtargetFeature<
"lvi-cfi", "UseLVIControlFlowIntegrity", "true",
"Prevent indirect calls/branches from using a memory operand, and "
"precede all indirect calls/branches from a register with an "
"LFENCE instruction to serialize control flow. Also decompose RET "
"instructions into a POP+LFENCE+JMP sequence.">;
// Direct Move instructions. // Direct Move instructions.
def FeatureMOVDIRI : SubtargetFeature<"movdiri", "HasMOVDIRI", "true", def FeatureMOVDIRI : SubtargetFeature<"movdiri", "HasMOVDIRI", "true",
"Support movdiri instruction">; "Support movdiri instruction">;
def FeatureMOVDIR64B : SubtargetFeature<"movdir64b", "HasMOVDIR64B", "true", def FeatureMOVDIR64B : SubtargetFeature<"movdir64b", "HasMOVDIR64B", "true",
"Support movdir64b instruction">; "Support movdir64b instruction">;
def FeatureFastBEXTR : SubtargetFeature<"fast-bextr", "HasFastBEXTR", "true", def FeatureFastBEXTR : SubtargetFeature<"fast-bextr", "HasFastBEXTR", "true",
"Indicates that the BEXTR instruction is implemented as a single uop " "Indicates that the BEXTR instruction is implemented as a single uop "
▲ Show 20 LinesShow All 878 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86FastISel.cpp

Show First 20 LinesShow All 3,200 Lines▼ Show 20 Lines const auto *II =
CLI.CS ? dyn_cast<InvokeInst>(CLI.CS->getInstruction()) : nullptr; CLI.CS ? dyn_cast<InvokeInst>(CLI.CS->getInstruction()) : nullptr;
if ((CI && CI->doesNoCfCheck()) || (II && II->doesNoCfCheck())) if ((CI && CI->doesNoCfCheck()) || (II && II->doesNoCfCheck()))
return false; return false;
// Functions with no_caller_saved_registers that need special handling. // Functions with no_caller_saved_registers that need special handling.
if ((CI && CI->hasFnAttr("no_caller_saved_registers")) || if ((CI && CI->hasFnAttr("no_caller_saved_registers")) ||
(CalledFn && CalledFn->hasFnAttribute("no_caller_saved_registers"))) (CalledFn && CalledFn->hasFnAttribute("no_caller_saved_registers")))
return false; return false;
// Functions using retpoline for indirect calls need to use SDISel. // Functions using retpoline/LVI thunks for indirect calls need to use SDISel.
zbridUnsubmitted
Not Done
ReplyInline Actions

nit: Update comment?

zbrid: nit: Update comment?
if (Subtarget->useRetpolineIndirectCalls()) if (Subtarget->useRetpolineIndirectCalls() ||
Subtarget->useLVIControlFlowIntegrity())
return false; return false;
// Handle only C, fastcc, and webkit_js calling conventions for now. // Handle only C, fastcc, and webkit_js calling conventions for now.
switch (CC) { switch (CC) {
default: return false; default: return false;
case CallingConv::C: case CallingConv::C:
case CallingConv::Fast: case CallingConv::Fast:
case CallingConv::Tail: case CallingConv::Tail:
▲ Show 20 LinesShow All 800 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86FrameLowering.cpp

Show First 20 LinesShow All 955 Lines▼ Show 20 Lines
void X86FrameLowering::emitStackProbeCall(MachineFunction &MF, void X86FrameLowering::emitStackProbeCall(MachineFunction &MF,
MachineBasicBlock &MBB, MachineBasicBlock &MBB,
MachineBasicBlock::iterator MBBI, MachineBasicBlock::iterator MBBI,
const DebugLoc &DL, const DebugLoc &DL,
bool InProlog) const { bool InProlog) const {
bool IsLargeCodeModel = MF.getTarget().getCodeModel() == CodeModel::Large; bool IsLargeCodeModel = MF.getTarget().getCodeModel() == CodeModel::Large;
// FIXME: Add retpoline support and remove this. // FIXME: Add retpoline and LVI thunk support and remove this.
if (Is64Bit && IsLargeCodeModel && STI.useRetpolineIndirectCalls()) if (Is64Bit && IsLargeCodeModel && STI.useRetpolineIndirectCalls())
report_fatal_error("Emitting stack probe calls on 64-bit with the large " report_fatal_error("Emitting stack probe calls on 64-bit with the large "
zbridUnsubmitted
Done
ReplyInline Actions

Would it make sense to add a separate check for LVI-CFI and have a corresponding error message referencing specifically LVI-CFI rather than retpolines?

I wrote this in several spots, sorry about the repetition.

zbrid: Would it make sense to add a separate check for LVI-CFI and have a corresponding error message…
"code model and retpoline not yet implemented."); "code model and retpoline not yet implemented.");
if (Is64Bit && IsLargeCodeModel && STI.useLVIControlFlowIntegrity())
report_fatal_error("Emitting stack probe calls on 64-bit with the large "
"code model and LVI thunks not yet implemented.");
unsigned CallOp; unsigned CallOp;
if (Is64Bit) if (Is64Bit)
CallOp = IsLargeCodeModel ? X86::CALL64r : X86::CALL64pcrel32; CallOp = IsLargeCodeModel ? X86::CALL64r : X86::CALL64pcrel32;
else else
CallOp = X86::CALLpcrel32; CallOp = X86::CALLpcrel32;
StringRef Symbol = STI.getTargetLowering()->getStackProbeSymbolName(MF); StringRef Symbol = STI.getTargetLowering()->getStackProbeSymbolName(MF);
▲ Show 20 LinesShow All 1,721 Lines▼ Show 20 Lines if (Is64Bit && MF.getTarget().getCodeModel() == CodeModel::Large) {
// because __morestack manipulates the stack directly. // because __morestack manipulates the stack directly.
// //
// To avoid these issues, perform an indirect call via a read-only memory // To avoid these issues, perform an indirect call via a read-only memory
// location containing the address. // location containing the address.
// //
// This solution is not perfect, as it assumes that the .rodata section // This solution is not perfect, as it assumes that the .rodata section
// is laid out within 2^31 bytes of each function body, but this seems // is laid out within 2^31 bytes of each function body, but this seems
// to be sufficient for JIT. // to be sufficient for JIT.
// FIXME: Add retpoline support and remove the error here.. // FIXME: Add retpoline and LVI thunk support and remove the error here..
if (STI.useRetpolineIndirectCalls()) if (STI.useRetpolineIndirectCalls())
zbridUnsubmitted
Done
ReplyInline Actions

Would it make sense to add a separate check for LVI-CFI and have a corresponding error message referencing specifically LVI-CFI rather than retpolines?

zbrid: Would it make sense to add a separate check for LVI-CFI and have a corresponding error message…
report_fatal_error("Emitting morestack calls on 64-bit with the large " report_fatal_error("Emitting morestack calls on 64-bit with the large "
"code model and retpoline not yet implemented."); "code model and retpoline not yet implemented.");
if (STI.useLVIControlFlowIntegrity())
report_fatal_error("Emitting morestack calls on 64-bit with the large "
"code model and LVI thunks not yet implemented.");
BuildMI(allocMBB, DL, TII.get(X86::CALL64m)) BuildMI(allocMBB, DL, TII.get(X86::CALL64m))
.addReg(X86::RIP) .addReg(X86::RIP)
.addImm(0) .addImm(0)
.addReg(0) .addReg(0)
.addExternalSymbol("__morestack_addr") .addExternalSymbol("__morestack_addr")
.addReg(0); .addReg(0);
MF.getMMI().setUsesMorestackAddr(true); MF.getMMI().setUsesMorestackAddr(true);
} else { } else {
▲ Show 20 LinesShow All 736 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86ISelDAGToDAG.cpp

Show First 20 LinesShow All 1,017 Lines▼ Show 20 Lines case X86ISD::FXOR: {
CurDAG->DeleteNode(N); CurDAG->DeleteNode(N);
continue; continue;
} }
} }
if (OptLevel != CodeGenOpt::None && if (OptLevel != CodeGenOpt::None &&
// Only do this when the target can fold the load into the call or // Only do this when the target can fold the load into the call or
// jmp. // jmp.
!Subtarget->useRetpolineIndirectCalls() && !(Subtarget->useRetpolineIndirectCalls() ||
Subtarget->useLVIControlFlowIntegrity()) &&
((N->getOpcode() == X86ISD::CALL && !Subtarget->slowTwoMemOps()) || ((N->getOpcode() == X86ISD::CALL && !Subtarget->slowTwoMemOps()) ||
(N->getOpcode() == X86ISD::TC_RETURN && (N->getOpcode() == X86ISD::TC_RETURN &&
(Subtarget->is64Bit() || (Subtarget->is64Bit() ||
!getTargetMachine().isPositionIndependent())))) { !getTargetMachine().isPositionIndependent())))) {
/// Also try moving call address load from outside callseq_start to just /// Also try moving call address load from outside callseq_start to just
/// before the call to allow it to be folded. /// before the call to allow it to be folded.
/// ///
/// [Load chain] /// [Load chain]
▲ Show 20 LinesShow All 4,566 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86ISelLowering.h

Show First 20 LinesShow All 1,469 Lines▼ Show 20 Lines MachineBasicBlock *EmitLoweredProbedAlloca(MachineInstr &MI,
MachineBasicBlock *BB) const; MachineBasicBlock *BB) const;
MachineBasicBlock *EmitLoweredTLSAddr(MachineInstr &MI, MachineBasicBlock *EmitLoweredTLSAddr(MachineInstr &MI,
MachineBasicBlock *BB) const; MachineBasicBlock *BB) const;
MachineBasicBlock *EmitLoweredTLSCall(MachineInstr &MI, MachineBasicBlock *EmitLoweredTLSCall(MachineInstr &MI,
MachineBasicBlock *BB) const; MachineBasicBlock *BB) const;
MachineBasicBlock *EmitLoweredRetpoline(MachineInstr &MI, MachineBasicBlock *EmitLoweredThunk(MachineInstr &MI,
MachineBasicBlock *BB) const; MachineBasicBlock *BB) const;
MachineBasicBlock *emitEHSjLjSetJmp(MachineInstr &MI, MachineBasicBlock *emitEHSjLjSetJmp(MachineInstr &MI,
MachineBasicBlock *MBB) const; MachineBasicBlock *MBB) const;
void emitSetJmpShadowStackFix(MachineInstr &MI, void emitSetJmpShadowStackFix(MachineInstr &MI,
MachineBasicBlock *MBB) const; MachineBasicBlock *MBB) const;
MachineBasicBlock *emitEHSjLjLongJmp(MachineInstr &MI, MachineBasicBlock *emitEHSjLjLongJmp(MachineInstr &MI,
▲ Show 20 LinesShow All 139 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86ISelLowering.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 30,556 Lines▼ Show 20 Linesbool X86TargetLowering::isVectorClearMaskLegal(ArrayRef<int> Mask,
if (!Subtarget.hasAVX2()) if (!Subtarget.hasAVX2())
if (VT == MVT::v32i8 || VT == MVT::v16i16) if (VT == MVT::v32i8 || VT == MVT::v16i16)
return false; return false;
// Just delegate to the generic legality, clear masks aren't special. // Just delegate to the generic legality, clear masks aren't special.
return isShuffleMaskLegal(Mask, VT); return isShuffleMaskLegal(Mask, VT);
} }
bool X86TargetLowering::areJTsAllowed(const Function *Fn) const { bool X86TargetLowering::areJTsAllowed(const Function *Fn) const {
// If the subtarget is using retpolines, we need to not generate jump tables. // If the subtarget is using retpolines or LVI thunks, we need to not generate
zbridUnsubmitted
Done
ReplyInline Actions

nit: Update comment to mention LVI-CFI

zbrid: nit: Update comment to mention LVI-CFI
if (Subtarget.useRetpolineIndirectBranches()) // jump tables.
if (Subtarget.useRetpolineIndirectBranches() ||
Subtarget.useLVIControlFlowIntegrity())
return false; return false;
// Otherwise, fallback on the generic logic. // Otherwise, fallback on the generic logic.
return TargetLowering::areJTsAllowed(Fn); return TargetLowering::areJTsAllowed(Fn);
} }
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// X86 Scheduler Hooks // X86 Scheduler Hooks
▲ Show 20 LinesShow All 1,186 Lines▼ Show 20 Lines if (Subtarget.is64Bit()) {
addDirectMem(MIB, X86::EAX); addDirectMem(MIB, X86::EAX);
MIB.addReg(X86::EAX, RegState::ImplicitDefine).addRegMask(RegMask); MIB.addReg(X86::EAX, RegState::ImplicitDefine).addRegMask(RegMask);
} }
MI.eraseFromParent(); // The pseudo instruction is gone now. MI.eraseFromParent(); // The pseudo instruction is gone now.
return BB; return BB;
} }
static unsigned getOpcodeForRetpoline(unsigned RPOpc) { static unsigned getOpcodeForThunk(unsigned RPOpc) {
switch (RPOpc) { switch (RPOpc) {
case X86::RETPOLINE_CALL32: case X86::RETPOLINE_CALL32:
return X86::CALLpcrel32; return X86::CALLpcrel32;
case X86::RETPOLINE_CALL64: case X86::RETPOLINE_CALL64:
return X86::CALL64pcrel32; return X86::CALL64pcrel32;
case X86::LVI_THUNK_CALL64:
return X86::CALL64pcrel32;
case X86::RETPOLINE_TCRETURN32: case X86::RETPOLINE_TCRETURN32:
return X86::TCRETURNdi; return X86::TCRETURNdi;
case X86::RETPOLINE_TCRETURN64: case X86::RETPOLINE_TCRETURN64:
return X86::TCRETURNdi64; return X86::TCRETURNdi64;
case X86::LVI_THUNK_TCRETURN64:
return X86::TCRETURNdi64;
} }
llvm_unreachable("not retpoline opcode"); llvm_unreachable("not retpoline opcode");
} }
static const char *getRetpolineSymbol(const X86Subtarget &Subtarget, static const char *getThunkSymbol(const X86Subtarget &Subtarget,
unsigned Reg) { unsigned Reg) {
if (Subtarget.useRetpolineExternalThunk()) { if (Subtarget.useRetpolineExternalThunk()) {
// When using an external thunk for retpolines, we pick names that match the // When using an external thunk for retpolines, we pick names that match the
// names GCC happens to use as well. This helps simplify the implementation // names GCC happens to use as well. This helps simplify the implementation
// of the thunks for kernels where they have no easy ability to create // of the thunks for kernels where they have no easy ability to create
// aliases and are doing non-trivial configuration of the thunk's body. For // aliases and are doing non-trivial configuration of the thunk's body. For
// example, the Linux kernel will do boot-time hot patching of the thunk // example, the Linux kernel will do boot-time hot patching of the thunk
// bodies and cannot easily export aliases of these to loaded modules. // bodies and cannot easily export aliases of these to loaded modules.
// //
Show All 18 Lines case X86::EDI:
return "__x86_indirect_thunk_edi"; return "__x86_indirect_thunk_edi";
case X86::R11: case X86::R11:
assert(Subtarget.is64Bit() && "Should not be using a 64-bit thunk!"); assert(Subtarget.is64Bit() && "Should not be using a 64-bit thunk!");
return "__x86_indirect_thunk_r11"; return "__x86_indirect_thunk_r11";
} }
llvm_unreachable("unexpected reg for retpoline"); llvm_unreachable("unexpected reg for retpoline");
} }
if (Subtarget.useLVIControlFlowIntegrity()) {
assert(Subtarget.is64Bit() && "Should not be using a 64-bit thunk!");
assert(Reg == X86::R11 && "Invalid register for LVI CFI");
return "__x86_indirect_thunk_r11";
}
// When targeting an internal COMDAT thunk use an LLVM-specific name. // When targeting an internal COMDAT thunk use an LLVM-specific name.
switch (Reg) { switch (Reg) {
case X86::EAX: case X86::EAX:
assert(!Subtarget.is64Bit() && "Should not be using a 32-bit thunk!"); assert(!Subtarget.is64Bit() && "Should not be using a 32-bit thunk!");
return "__llvm_retpoline_eax"; return "__llvm_retpoline_eax";
case X86::ECX: case X86::ECX:
assert(!Subtarget.is64Bit() && "Should not be using a 32-bit thunk!"); assert(!Subtarget.is64Bit() && "Should not be using a 32-bit thunk!");
return "__llvm_retpoline_ecx"; return "__llvm_retpoline_ecx";
case X86::EDX: case X86::EDX:
assert(!Subtarget.is64Bit() && "Should not be using a 32-bit thunk!"); assert(!Subtarget.is64Bit() && "Should not be using a 32-bit thunk!");
return "__llvm_retpoline_edx"; return "__llvm_retpoline_edx";
case X86::EDI: case X86::EDI:
assert(!Subtarget.is64Bit() && "Should not be using a 32-bit thunk!"); assert(!Subtarget.is64Bit() && "Should not be using a 32-bit thunk!");
return "__llvm_retpoline_edi"; return "__llvm_retpoline_edi";
case X86::R11: case X86::R11:
assert(Subtarget.is64Bit() && "Should not be using a 64-bit thunk!"); assert(Subtarget.is64Bit() && "Should not be using a 64-bit thunk!");
return "__llvm_retpoline_r11"; return "__llvm_retpoline_r11";
} }
llvm_unreachable("unexpected reg for retpoline"); llvm_unreachable("unexpected reg for retpoline");
} }
MachineBasicBlock * MachineBasicBlock *
X86TargetLowering::EmitLoweredRetpoline(MachineInstr &MI, X86TargetLowering::EmitLoweredThunk(MachineInstr &MI,
zbridUnsubmitted
Not Done
ReplyInline Actions

Can you change this function name? If I'm understanding this code correctly, this no longer only applies to retpoline, but also to LVI thunks, so the naming is misleading.

zbrid: Can you change this function name? If I'm understanding this code correctly, this no longer…
MachineBasicBlock *BB) const { MachineBasicBlock *BB) const {
// Copy the virtual register into the R11 physical register and // Copy the virtual register into the R11 physical register and
// call the retpoline thunk. // call the retpoline thunk.
DebugLoc DL = MI.getDebugLoc(); DebugLoc DL = MI.getDebugLoc();
const X86InstrInfo *TII = Subtarget.getInstrInfo(); const X86InstrInfo *TII = Subtarget.getInstrInfo();
Register CalleeVReg = MI.getOperand(0).getReg(); Register CalleeVReg = MI.getOperand(0).getReg();
unsigned Opc = getOpcodeForRetpoline(MI.getOpcode()); unsigned Opc = getOpcodeForThunk(MI.getOpcode());
// Find an available scratch register to hold the callee. On 64-bit, we can // Find an available scratch register to hold the callee. On 64-bit, we can
// just use R11, but we scan for uses anyway to ensure we don't generate // just use R11, but we scan for uses anyway to ensure we don't generate
// incorrect code. On 32-bit, we use one of EAX, ECX, or EDX that isn't // incorrect code. On 32-bit, we use one of EAX, ECX, or EDX that isn't
// already a register use operand to the call to hold the callee. If none // already a register use operand to the call to hold the callee. If none
// are available, use EDI instead. EDI is chosen because EBX is the PIC base // are available, use EDI instead. EDI is chosen because EBX is the PIC base
// register and ESI is the base pointer to realigned stack frames with VLAs. // register and ESI is the base pointer to realigned stack frames with VLAs.
SmallVector<unsigned, 3> AvailableRegs; SmallVector<unsigned, 3> AvailableRegs;
Show All 17 Lines if (MaybeReg) {
AvailableReg = MaybeReg; AvailableReg = MaybeReg;
break; break;
} }
} }
if (!AvailableReg) if (!AvailableReg)
report_fatal_error("calling convention incompatible with retpoline, no " report_fatal_error("calling convention incompatible with retpoline, no "
"available registers"); "available registers");
const char *Symbol = getRetpolineSymbol(Subtarget, AvailableReg); const char *Symbol = getThunkSymbol(Subtarget, AvailableReg);
BuildMI(*BB, MI, DL, TII->get(TargetOpcode::COPY), AvailableReg) BuildMI(*BB, MI, DL, TII->get(TargetOpcode::COPY), AvailableReg)
.addReg(CalleeVReg); .addReg(CalleeVReg);
MI.getOperand(0).ChangeToES(Symbol); MI.getOperand(0).ChangeToES(Symbol);
MI.setDesc(TII->get(Opc)); MI.setDesc(TII->get(Opc));
MachineInstrBuilder(*BB->getParent(), &MI) MachineInstrBuilder(*BB->getParent(), &MI)
.addReg(AvailableReg, RegState::Implicit | RegState::Kill); .addReg(AvailableReg, RegState::Implicit | RegState::Kill);
return BB; return BB;
▲ Show 20 LinesShow All 761 Lines▼ Show 20 LinesX86TargetLowering::EmitInstrWithCustomInserter(MachineInstr &MI,
default: llvm_unreachable("Unexpected instr type to insert"); default: llvm_unreachable("Unexpected instr type to insert");
case X86::TLS_addr32: case X86::TLS_addr32:
case X86::TLS_addr64: case X86::TLS_addr64:
case X86::TLS_base_addr32: case X86::TLS_base_addr32:
case X86::TLS_base_addr64: case X86::TLS_base_addr64:
return EmitLoweredTLSAddr(MI, BB); return EmitLoweredTLSAddr(MI, BB);
case X86::RETPOLINE_CALL32: case X86::RETPOLINE_CALL32:
case X86::RETPOLINE_CALL64: case X86::RETPOLINE_CALL64:
case X86::LVI_THUNK_CALL64:
case X86::RETPOLINE_TCRETURN32: case X86::RETPOLINE_TCRETURN32:
case X86::RETPOLINE_TCRETURN64: case X86::RETPOLINE_TCRETURN64:
return EmitLoweredRetpoline(MI, BB); case X86::LVI_THUNK_TCRETURN64:
return EmitLoweredThunk(MI, BB);
case X86::CATCHRET: case X86::CATCHRET:
return EmitLoweredCatchRet(MI, BB); return EmitLoweredCatchRet(MI, BB);
case X86::SEG_ALLOCA_32: case X86::SEG_ALLOCA_32:
case X86::SEG_ALLOCA_64: case X86::SEG_ALLOCA_64:
return EmitLoweredSegAlloca(MI, BB); return EmitLoweredSegAlloca(MI, BB);
case X86::PROBED_ALLOCA_32: case X86::PROBED_ALLOCA_32:
case X86::PROBED_ALLOCA_64: case X86::PROBED_ALLOCA_64:
return EmitLoweredProbedAlloca(MI, BB); return EmitLoweredProbedAlloca(MI, BB);
▲ Show 20 LinesShow All 15,853 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86InstrCompiler.td

Show First 20 LinesShow All 1,193 Lines▼ Show 20 Linesdef : Pat<(X86tcret (i32 tglobaladdr:$dst), imm:$off),
Requires<[NotLP64]>; Requires<[NotLP64]>;
def : Pat<(X86tcret (i32 texternalsym:$dst), imm:$off), def : Pat<(X86tcret (i32 texternalsym:$dst), imm:$off),
(TCRETURNdi texternalsym:$dst, imm:$off)>, (TCRETURNdi texternalsym:$dst, imm:$off)>,
Requires<[NotLP64]>; Requires<[NotLP64]>;
def : Pat<(X86tcret ptr_rc_tailcall:$dst, imm:$off), def : Pat<(X86tcret ptr_rc_tailcall:$dst, imm:$off),
(TCRETURNri64 ptr_rc_tailcall:$dst, imm:$off)>, (TCRETURNri64 ptr_rc_tailcall:$dst, imm:$off)>,
Requires<[In64BitMode, NotUseRetpolineIndirectCalls]>; Requires<[In64BitMode, NotUseRetpolineIndirectCalls,
NotUseLVIIndirectThunks]>;
// Don't fold loads into X86tcret requiring more than 6 regs. // Don't fold loads into X86tcret requiring more than 6 regs.
// There wouldn't be enough scratch registers for base+index. // There wouldn't be enough scratch registers for base+index.
def : Pat<(X86tcret_6regs (load addr:$dst), imm:$off), def : Pat<(X86tcret_6regs (load addr:$dst), imm:$off),
(TCRETURNmi64 addr:$dst, imm:$off)>, (TCRETURNmi64 addr:$dst, imm:$off)>,
Requires<[In64BitMode, NotUseRetpolineIndirectCalls]>; Requires<[In64BitMode, NotUseRetpolineIndirectCalls,
NotUseLVIIndirectThunks]>;
def : Pat<(X86tcret ptr_rc_tailcall:$dst, imm:$off),
(LVI_THUNK_TCRETURN64 ptr_rc_tailcall:$dst, imm:$off)>,
Requires<[In64BitMode, UseLVIIndirectThunks]>;
def : Pat<(X86tcret ptr_rc_tailcall:$dst, imm:$off), def : Pat<(X86tcret ptr_rc_tailcall:$dst, imm:$off),
(RETPOLINE_TCRETURN64 ptr_rc_tailcall:$dst, imm:$off)>, (RETPOLINE_TCRETURN64 ptr_rc_tailcall:$dst, imm:$off)>,
Requires<[In64BitMode, UseRetpolineIndirectCalls]>; Requires<[In64BitMode, UseRetpolineIndirectCalls]>;
def : Pat<(X86tcret ptr_rc_tailcall:$dst, imm:$off), def : Pat<(X86tcret ptr_rc_tailcall:$dst, imm:$off),
(RETPOLINE_TCRETURN32 ptr_rc_tailcall:$dst, imm:$off)>, (RETPOLINE_TCRETURN32 ptr_rc_tailcall:$dst, imm:$off)>,
Requires<[Not64BitMode, UseRetpolineIndirectCalls]>; Requires<[Not64BitMode, UseRetpolineIndirectCalls]>;
▲ Show 20 LinesShow All 922 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86InstrControl.td

Show First 20 LinesShow All 328 Lines▼ Show 20 Lineslet isCall = 1, Uses = [RSP, SSP], SchedRW = [WriteJump] in {
// that the offset between an arbitrary immediate and the call will fit in // that the offset between an arbitrary immediate and the call will fit in
// the 32-bit pcrel field that we have. // the 32-bit pcrel field that we have.
def CALL64pcrel32 : Ii32PCRel<0xE8, RawFrm, def CALL64pcrel32 : Ii32PCRel<0xE8, RawFrm,
(outs), (ins i64i32imm_brtarget:$dst), (outs), (ins i64i32imm_brtarget:$dst),
"call{q}\t$dst", []>, OpSize32, "call{q}\t$dst", []>, OpSize32,
Requires<[In64BitMode]>; Requires<[In64BitMode]>;
def CALL64r : I<0xFF, MRM2r, (outs), (ins GR64:$dst), def CALL64r : I<0xFF, MRM2r, (outs), (ins GR64:$dst),
"call{q}\t{*}$dst", [(X86call GR64:$dst)]>, "call{q}\t{*}$dst", [(X86call GR64:$dst)]>,
Requires<[In64BitMode,NotUseRetpolineIndirectCalls]>; Requires<[In64BitMode,NotUseRetpolineIndirectCalls,
NotUseLVIIndirectThunks]>;
def CALL64m : I<0xFF, MRM2m, (outs), (ins i64mem:$dst), def CALL64m : I<0xFF, MRM2m, (outs), (ins i64mem:$dst),
"call{q}\t{*}$dst", [(X86call (loadi64 addr:$dst))]>, "call{q}\t{*}$dst", [(X86call (loadi64 addr:$dst))]>,
Requires<[In64BitMode,FavorMemIndirectCall, Requires<[In64BitMode,FavorMemIndirectCall,
NotUseRetpolineIndirectCalls]>; NotUseRetpolineIndirectCalls,
NotUseLVIIndirectThunks]>;
// Non-tracking calls for IBT, use with caution. // Non-tracking calls for IBT, use with caution.
let isCodeGenOnly = 1 in { let isCodeGenOnly = 1 in {
def CALL64r_NT : I<0xFF, MRM2r, (outs), (ins GR64 : $dst), def CALL64r_NT : I<0xFF, MRM2r, (outs), (ins GR64 : $dst),
"call{q}\t{*}$dst",[(X86NoTrackCall GR64 : $dst)]>, "call{q}\t{*}$dst",[(X86NoTrackCall GR64 : $dst)]>,
Requires<[In64BitMode]>, NOTRACK; Requires<[In64BitMode]>, NOTRACK;
def CALL64m_NT : I<0xFF, MRM2m, (outs), (ins i64mem : $dst), def CALL64m_NT : I<0xFF, MRM2m, (outs), (ins i64mem : $dst),
"call{q}\t{*}$dst", "call{q}\t{*}$dst",
▲ Show 20 LinesShow All 45 Lines▼ Show 20 Lineslet isPseudo = 1, isCall = 1, isCodeGenOnly = 1,
SchedRW = [WriteJump] in { SchedRW = [WriteJump] in {
def RETPOLINE_CALL32 : def RETPOLINE_CALL32 :
PseudoI<(outs), (ins GR32:$dst), [(X86call GR32:$dst)]>, PseudoI<(outs), (ins GR32:$dst), [(X86call GR32:$dst)]>,
Requires<[Not64BitMode,UseRetpolineIndirectCalls]>; Requires<[Not64BitMode,UseRetpolineIndirectCalls]>;
def RETPOLINE_CALL64 : def RETPOLINE_CALL64 :
PseudoI<(outs), (ins GR64:$dst), [(X86call GR64:$dst)]>, PseudoI<(outs), (ins GR64:$dst), [(X86call GR64:$dst)]>,
Requires<[In64BitMode,UseRetpolineIndirectCalls]>; Requires<[In64BitMode,UseRetpolineIndirectCalls]>;
def LVI_THUNK_CALL64 :
PseudoI<(outs), (ins GR64:$dst), [(X86call GR64:$dst)]>,
Requires<[In64BitMode,UseLVIIndirectThunks]>;
// Retpoline variant of indirect tail calls. // Retpoline variant of indirect tail calls.
let isTerminator = 1, isReturn = 1, isBarrier = 1 in { let isTerminator = 1, isReturn = 1, isBarrier = 1 in {
def RETPOLINE_TCRETURN64 : def RETPOLINE_TCRETURN64 :
PseudoI<(outs), (ins GR64:$dst, i32imm:$offset), []>; PseudoI<(outs), (ins GR64:$dst, i32imm:$offset), []>;
def RETPOLINE_TCRETURN32 : def RETPOLINE_TCRETURN32 :
PseudoI<(outs), (ins GR32:$dst, i32imm:$offset), []>; PseudoI<(outs), (ins GR32:$dst, i32imm:$offset), []>;
} }
// LVI thunk variant of indirect tail calls.
let isTerminator = 1, isReturn = 1, isBarrier = 1 in {
def LVI_THUNK_TCRETURN64 :
PseudoI<(outs), (ins GR64:$dst, i32imm:$offset), []>;
}
} }
// Conditional tail calls are similar to the above, but they are branches // Conditional tail calls are similar to the above, but they are branches
// rather than barriers, and they use EFLAGS. // rather than barriers, and they use EFLAGS.
let isCall = 1, isTerminator = 1, isReturn = 1, isBranch = 1, let isCall = 1, isTerminator = 1, isReturn = 1, isBranch = 1,
isCodeGenOnly = 1, SchedRW = [WriteJump] in isCodeGenOnly = 1, SchedRW = [WriteJump] in
let Uses = [RSP, EFLAGS, SSP] in { let Uses = [RSP, EFLAGS, SSP] in {
def TCRETURNdi64cc : PseudoI<(outs), def TCRETURNdi64cc : PseudoI<(outs),
(ins i64i32imm_brtarget:$dst, i32imm:$offset, (ins i64i32imm_brtarget:$dst, i32imm:$offset,
i32imm:$cond), []>; i32imm:$cond), []>;
// This gets substituted to a conditional jump instruction in MC lowering. // This gets substituted to a conditional jump instruction in MC lowering.
def TAILJMPd64_CC : PseudoI<(outs), def TAILJMPd64_CC : PseudoI<(outs),
(ins i64i32imm_brtarget:$dst, i32imm:$cond), []>; (ins i64i32imm_brtarget:$dst, i32imm:$cond), []>;
} }

llvm/lib/Target/X86/X86InstrInfo.td

Show First 20 LinesShow All 999 Lines▼ Show 20 Lines
def FavorMemIndirectCall : Predicate<"!Subtarget->slowTwoMemOps()">; def FavorMemIndirectCall : Predicate<"!Subtarget->slowTwoMemOps()">;
def HasFastMem32 : Predicate<"!Subtarget->isUnalignedMem32Slow()">; def HasFastMem32 : Predicate<"!Subtarget->isUnalignedMem32Slow()">;
def HasFastLZCNT : Predicate<"Subtarget->hasFastLZCNT()">; def HasFastLZCNT : Predicate<"Subtarget->hasFastLZCNT()">;
def HasFastSHLDRotate : Predicate<"Subtarget->hasFastSHLDRotate()">; def HasFastSHLDRotate : Predicate<"Subtarget->hasFastSHLDRotate()">;
def HasERMSB : Predicate<"Subtarget->hasERMSB()">; def HasERMSB : Predicate<"Subtarget->hasERMSB()">;
def HasMFence : Predicate<"Subtarget->hasMFence()">; def HasMFence : Predicate<"Subtarget->hasMFence()">;
def UseRetpolineIndirectCalls : Predicate<"Subtarget->useRetpolineIndirectCalls()">; def UseRetpolineIndirectCalls : Predicate<"Subtarget->useRetpolineIndirectCalls()">;
def NotUseRetpolineIndirectCalls : Predicate<"!Subtarget->useRetpolineIndirectCalls()">; def NotUseRetpolineIndirectCalls : Predicate<"!Subtarget->useRetpolineIndirectCalls()">;
def UseLVIIndirectThunks : Predicate<"Subtarget->useLVIControlFlowIntegrity()">;
def NotUseLVIIndirectThunks : Predicate<"!Subtarget->useLVIControlFlowIntegrity()">;
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// X86 Instruction Format Definitions. // X86 Instruction Format Definitions.
// //
include "X86InstrFormats.td" include "X86InstrFormats.td"
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
▲ Show 20 LinesShow All 2,579 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86LoadValueInjectionIndirectThunks.cpp

  • This file was added.
//=- X86LoadValueInjectionIndirectThunks.cpp - Construct LVI thunks for x86 -=//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
///
/// Description: This pass replaces each indirect call/jump with a direct call
/// to a thunk that looks like:
/// ```
/// lfence
/// jmpq *%r11
/// ```
/// This ensures that if the value in register %r11 was loaded from memory, then
/// the value in %r11 is (architecturally) correct prior to the jump.
///
/// Note: A lot of this code was lifted from X86RetpolineThunks.cpp.
///
//===----------------------------------------------------------------------===//
#include "X86.h"
#include "X86InstrBuilder.h"
#include "X86Subtarget.h"
#include "llvm/CodeGen/MachineFunction.h"
#include "llvm/CodeGen/MachineInstrBuilder.h"
#include "llvm/CodeGen/MachineModuleInfo.h"
#include "llvm/CodeGen/Passes.h"
#include "llvm/CodeGen/TargetPassConfig.h"
#include "llvm/IR/IRBuilder.h"
#include "llvm/IR/Instructions.h"
#include "llvm/IR/Module.h"
#include "llvm/InitializePasses.h"
#include "llvm/Support/Debug.h"
#include "llvm/Support/raw_ostream.h"
using namespace llvm;
#define PASS_KEY "x86-lvi-thunks"
#define DEBUG_TYPE PASS_KEY
static const char R11ThunkName[] = "__x86_indirect_thunk_r11";
namespace {
class X86LoadValueInjectionIndirectThunksPass : public MachineFunctionPass {
public:
X86LoadValueInjectionIndirectThunksPass() : MachineFunctionPass(ID) {}
StringRef getPassName() const override {
return "X86 Load Value Injection (LVI) Indirect Thunks";
}
bool doInitialization(Module &M) override;
bool runOnMachineFunction(MachineFunction &F) override;
void getAnalysisUsage(AnalysisUsage &AU) const override {
MachineFunctionPass::getAnalysisUsage(AU);
AU.addRequired<MachineModuleInfoWrapperPass>();
AU.addPreserved<MachineModuleInfoWrapperPass>();
}
static char ID;
private:
MachineModuleInfo *MMI;
const TargetMachine *TM;
const X86Subtarget *STI;
const X86InstrInfo *TII;
bool InsertedThunks;
void createThunkFunction(Module &M, StringRef Name);
void populateThunk(MachineFunction &MF, unsigned Reg);
};
} // end anonymous namespace
char X86LoadValueInjectionIndirectThunksPass::ID = 0;
bool X86LoadValueInjectionIndirectThunksPass::doInitialization(Module &M) {
InsertedThunks = false;
zbridUnsubmitted
Not Done
ReplyInline Actions

I want to make sure I understand this correctly: You use this function to initialize InsertedThunks so that, for each module, InsertedThunks is shared across all the functions. This enables the Module to ensure the thunk is only inserted once. Is that right?

zbrid: I want to make sure I understand this correctly: You use this function to initialize…
sconstabUnsubmitted
Done
ReplyInline Actions

As mentioned in a code comment at the beginning of this file, a lot of this code was lifted from X86RetpolineThunks.cpp, including the logic to insert one thunk per module. So I didn't actually compose this logic, but my understanding of it seems to match yours.

sconstab: As mentioned in a code comment at the beginning of this file, a lot of this code was lifted…
return false;
}
bool X86LoadValueInjectionIndirectThunksPass::runOnMachineFunction(
MachineFunction &MF) {
LLVM_DEBUG(dbgs() << "***** " << getPassName() << " : " << MF.getName()
<< " *****\n");
STI = &MF.getSubtarget<X86Subtarget>();
zbridUnsubmitted
Not Done
ReplyInline Actions

Why is 32-bit okay if it has SSE2 features? (Asking to understand since my processor knowledge is a bit weak. Thanks!)

zbrid: Why is 32-bit okay if it has SSE2 features? (Asking to understand since my processor knowledge…
sconstabUnsubmitted
Done
ReplyInline Actions

Actually it isn't okay (at this time), so you were correct to point this out. The thunks right now clearly only support 64-bit. It may be conceivable to support 32-bit that also has SSE2, but I think this would require some extra work.

sconstab: Actually it isn't okay (at this time), so you were correct to point this out. The thunks right…
if (!STI->is64Bit())
return false; // FIXME: support 32-bit
// Don't skip functions with the "optnone" attr but participate in opt-bisect.
const Function &F = MF.getFunction();
zbridUnsubmitted
Not Done
ReplyInline Actions

Why did you decide to make this not skip functions with optnone?

zbrid: Why did you decide to make this not skip functions with optnone?
craig.topperAuthorUnsubmitted
Not Done
ReplyInline Actions

This suggestion came from myself and Andy Kaylor. skipFunction checks opt-bisect-limit and the optnone attribute. This would make the pass not run at -O0, but that seemed bad. The explicit optnone check here was to avoid the optnone behavior in skipFunction, but make opt-bisect-limit work. But looking this now, I think this left us in a situation where opt-bisect-limit doesn't work for this pass on optnone functions.

craig.topper: This suggestion came from myself and Andy Kaylor. skipFunction checks opt-bisect-limit and the…
if (!F.hasOptNone() && skipFunction(F))
return false;
TM = &MF.getTarget();
TII = STI->getInstrInfo();
MMI = &getAnalysis<MachineModuleInfoWrapperPass>().getMMI();
zbridUnsubmitted
Done
ReplyInline Actions

I think this debugging message should be at the top of the function.

zbrid: I think this debugging message should be at the top of the function.
Module &M = const_cast<Module &>(*MMI->getModule());
// If this function is not a thunk, check to see if we need to insert
// a thunk.
if (MF.getName() != R11ThunkName) {
// If we've already inserted a thunk, nothing else to do.
if (InsertedThunks)
return false;
// Only add a thunk if one of the functions has the LVI-CFI feature
// enabled in its subtarget
if (!STI->useLVIControlFlowIntegrity())
return false;
// Otherwise, we need to insert the thunk.
// WARNING: This is not really a well behaving thing to do in a function
// pass. We extract the module and insert a new function (and machine
// function) directly into the module.
LLVM_DEBUG(dbgs() << "Creating thunk procedure" << '\n');
createThunkFunction(M, R11ThunkName);
InsertedThunks = true;
return true;
}
LLVM_DEBUG(dbgs() << "Populating thunk" << '\n');
populateThunk(MF, X86::R11);
return true;
}
void X86LoadValueInjectionIndirectThunksPass::createThunkFunction(
Module &M, StringRef Name) {
zbridUnsubmitted
Not Done
ReplyInline Actions

Should this use R11ThunkName instead of this string literal?

zbrid: Should this use R11ThunkName instead of this string literal?
sconstabUnsubmitted
Done
ReplyInline Actions

I just removed the assertion because it wasn't really necessary.

sconstab: I just removed the assertion because it wasn't really necessary.
LLVMContext &Ctx = M.getContext();
auto Type = FunctionType::get(Type::getVoidTy(Ctx), false);
Function *F =
Function::Create(Type, GlobalValue::LinkOnceODRLinkage, Name, &M);
F->setVisibility(GlobalValue::HiddenVisibility);
F->setComdat(M.getOrInsertComdat(Name));
// Add Attributes so that we don't create a frame, unwind information, or
// inline.
AttrBuilder B;
B.addAttribute(llvm::Attribute::NoUnwind);
B.addAttribute(llvm::Attribute::Naked);
F->addAttributes(llvm::AttributeList::FunctionIndex, B);
// Populate our function a bit so that we can verify.
BasicBlock *Entry = BasicBlock::Create(Ctx, "entry", F);
IRBuilder<> Builder(Entry);
Builder.CreateRetVoid();
zbridUnsubmitted
Not Done
ReplyInline Actions

I see this list is from the retpoline pass. I don't know what each of these things do, but just wondering if you double checked these are the same attributes we want for this thunk?

zbrid: I see this list is from the retpoline pass. I don't know what each of these things do, but just…
sconstabUnsubmitted
Done
ReplyInline Actions

I do think that these are correct. From the LLVM reference manual, NoUnwind means that "This function attribute indicates that the function never raises an exception," which should hold for the thunk. The Naked attribute "disables prologue / epilogue emission for the function," which is something we would not want.

sconstab: I do think that these are correct. From the LLVM reference manual, NoUnwind means that "This…
// MachineFunctions/MachineBasicBlocks aren't created automatically for the
// IR-level constructs we already made. Create them and insert them into the
// module.
MachineFunction &MF = MMI->getOrCreateMachineFunction(*F);
MachineBasicBlock *EntryMBB = MF.CreateMachineBasicBlock(Entry);
// Insert EntryMBB into MF. It's not in the module until we do this.
MF.insert(MF.end(), EntryMBB);
}
void X86LoadValueInjectionIndirectThunksPass::populateThunk(MachineFunction &MF,
unsigned Reg) {
// Set MF properties. We never use vregs...
MF.getProperties().set(MachineFunctionProperties::Property::NoVRegs);
// Grab the entry MBB and erase any other blocks. O0 codegen appears to
// generate two bbs for the entry block.
MachineBasicBlock *Entry = &MF.front();
Entry->clear();
while (MF.size() > 1)
MF.erase(std::next(MF.begin()));
BuildMI(Entry, DebugLoc(), TII->get(X86::LFENCE));
BuildMI(Entry, DebugLoc(), TII->get(X86::JMP64r)).addReg(Reg);
Entry->addLiveIn(Reg);
return;
}
INITIALIZE_PASS_BEGIN(X86LoadValueInjectionIndirectThunksPass, PASS_KEY,
"X86 LVI indirect thunk inserter", false, false)
INITIALIZE_PASS_DEPENDENCY(MachineModuleInfoWrapperPass)
INITIALIZE_PASS_END(X86LoadValueInjectionIndirectThunksPass, PASS_KEY,
"X86 LVI indirect thunk inserter", false, false)
FunctionPass *llvm::createX86LoadValueInjectionIndirectThunksPass() {
return new X86LoadValueInjectionIndirectThunksPass();
}

llvm/lib/Target/X86/X86MCInstLower.cpp

Show First 20 LinesShow All 1,218 Lines▼ Show 20 Lines case MachineOperand::MO_Immediate:
// Currently, we only support relative addressing with statepoints. // Currently, we only support relative addressing with statepoints.
// Otherwise, we'll need a scratch register to hold the target // Otherwise, we'll need a scratch register to hold the target
// immediate. You'll fail asserts during load & relocation if this // immediate. You'll fail asserts during load & relocation if this
// address is to far away. (TODO: support non-relative addressing) // address is to far away. (TODO: support non-relative addressing)
break; break;
case MachineOperand::MO_Register: case MachineOperand::MO_Register:
// FIXME: Add retpoline support and remove this. // FIXME: Add retpoline support and remove this.
if (Subtarget->useRetpolineIndirectCalls()) if (Subtarget->useRetpolineIndirectCalls())
report_fatal_error("Lowering register statepoints with retpoline not " report_fatal_error("Lowering register statepoints with retpoline not "
zbridUnsubmitted
Done
ReplyInline Actions

Would it make sense to add a separate check for LVI-CFI and have a corresponding error message referencing specifically LVI-CFI rather than retpolines?

zbrid: Would it make sense to add a separate check for LVI-CFI and have a corresponding error message…
"yet implemented."); "yet implemented.");
if (Subtarget->useLVIControlFlowIntegrity())
report_fatal_error("Lowering register statepoints with LVI thunks not "
"yet implemented.");
CallTargetMCOp = MCOperand::createReg(CallTarget.getReg()); CallTargetMCOp = MCOperand::createReg(CallTarget.getReg());
CallOpcode = X86::CALL64r; CallOpcode = X86::CALL64r;
break; break;
default: default:
llvm_unreachable("Unsupported operand type in statepoint call target"); llvm_unreachable("Unsupported operand type in statepoint call target");
break; break;
} }
▲ Show 20 LinesShow All 159 Lines▼ Show 20 Lines if (!(CalleeMO.isImm() && !CalleeMO.getImm())) {
Register ScratchReg = MI.getOperand(ScratchIdx).getReg(); Register ScratchReg = MI.getOperand(ScratchIdx).getReg();
if (X86II::isX86_64ExtendedReg(ScratchReg)) if (X86II::isX86_64ExtendedReg(ScratchReg))
EncodedBytes = 13; EncodedBytes = 13;
else else
EncodedBytes = 12; EncodedBytes = 12;
EmitAndCountInstruction( EmitAndCountInstruction(
MCInstBuilder(X86::MOV64ri).addReg(ScratchReg).addOperand(CalleeMCOp)); MCInstBuilder(X86::MOV64ri).addReg(ScratchReg).addOperand(CalleeMCOp));
// FIXME: Add retpoline support and remove this. // FIXME: Add retpoline and LVI thunk support and remove this.
if (Subtarget->useRetpolineIndirectCalls()) if (Subtarget->useRetpolineIndirectCalls())
report_fatal_error( report_fatal_error(
zbridUnsubmitted
Done
ReplyInline Actions

Would it make sense to add a separate check for LVI-CFI and have a corresponding error message referencing specifically LVI-CFI rather than retpolines?

zbrid: Would it make sense to add a separate check for LVI-CFI and have a corresponding error message…
"Lowering patchpoint with retpoline not yet implemented."); "Lowering patchpoint with retpoline not yet implemented.");
if (Subtarget->useLVIControlFlowIntegrity())
report_fatal_error(
"Lowering patchpoint with LVI thunks not yet implemented.");
EmitAndCountInstruction(MCInstBuilder(X86::CALL64r).addReg(ScratchReg)); EmitAndCountInstruction(MCInstBuilder(X86::CALL64r).addReg(ScratchReg));
} }
// Emit padding. // Emit padding.
unsigned NumBytes = opers.getNumPatchBytes(); unsigned NumBytes = opers.getNumPatchBytes();
assert(NumBytes >= EncodedBytes && assert(NumBytes >= EncodedBytes &&
"Patchpoint can't request size less than the length of a call."); "Patchpoint can't request size less than the length of a call.");
▲ Show 20 LinesShow All 1,248 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86Subtarget.h

Show First 20 LinesShow All 419 Lines▼ Show 20 Linesprotected:
/// Deprecated flag, query `UseRetpolineIndirectCalls` and /// Deprecated flag, query `UseRetpolineIndirectCalls` and
/// `UseRetpolineIndirectBranches` instead. /// `UseRetpolineIndirectBranches` instead.
bool DeprecatedUseRetpoline = false; bool DeprecatedUseRetpoline = false;
/// When using a retpoline thunk, call an externally provided thunk rather /// When using a retpoline thunk, call an externally provided thunk rather
/// than emitting one inside the compiler. /// than emitting one inside the compiler.
bool UseRetpolineExternalThunk = false; bool UseRetpolineExternalThunk = false;
/// Prevent generation of indirect call/branch instructions from memory,
/// and force all indirect call/branch instructions from a register to be
/// preceded by an LFENCE. Also decompose RET instructions into a
/// POP+LFENCE+JMP sequence.
bool UseLVIControlFlowIntegrity = false;
/// Use software floating point for code generation. /// Use software floating point for code generation.
bool UseSoftFloat = false; bool UseSoftFloat = false;
/// Use alias analysis during code generation. /// Use alias analysis during code generation.
bool UseAA = false; bool UseAA = false;
/// The minimum alignment known to hold of the stack frame on /// The minimum alignment known to hold of the stack frame on
/// entry to the function and which must be maintained by every function. /// entry to the function and which must be maintained by every function.
▲ Show 20 LinesShow All 272 Lines▼ Show 20 Linespublic:
bool hasENQCMD() const { return HasENQCMD; } bool hasENQCMD() const { return HasENQCMD; }
bool useRetpolineIndirectCalls() const { return UseRetpolineIndirectCalls; } bool useRetpolineIndirectCalls() const { return UseRetpolineIndirectCalls; }
bool useRetpolineIndirectBranches() const { bool useRetpolineIndirectBranches() const {
return UseRetpolineIndirectBranches; return UseRetpolineIndirectBranches;
} }
bool useRetpolineExternalThunk() const { return UseRetpolineExternalThunk; } bool useRetpolineExternalThunk() const { return UseRetpolineExternalThunk; }
bool preferMaskRegisters() const { return PreferMaskRegisters; } bool preferMaskRegisters() const { return PreferMaskRegisters; }
bool useGLMDivSqrtCosts() const { return UseGLMDivSqrtCosts; } bool useGLMDivSqrtCosts() const { return UseGLMDivSqrtCosts; }
bool useLVIControlFlowIntegrity() const { return UseLVIControlFlowIntegrity; }
unsigned getPreferVectorWidth() const { return PreferVectorWidth; } unsigned getPreferVectorWidth() const { return PreferVectorWidth; }
unsigned getRequiredVectorWidth() const { return RequiredVectorWidth; } unsigned getRequiredVectorWidth() const { return RequiredVectorWidth; }
// Helper functions to determine when we should allow widening to 512-bit // Helper functions to determine when we should allow widening to 512-bit
// during codegen. // during codegen.
// TODO: Currently we're always allowing widening on CPUs without VLX, // TODO: Currently we're always allowing widening on CPUs without VLX,
// because for many cases we don't have a better option. // because for many cases we don't have a better option.
▲ Show 20 LinesShow All 131 Lines▼ Show 20 Linespublic:
unsigned char classifyBlockAddressReference() const; unsigned char classifyBlockAddressReference() const;
/// Return true if the subtarget allows calls to immediate address. /// Return true if the subtarget allows calls to immediate address.
bool isLegalToCallImmediateAddr() const; bool isLegalToCallImmediateAddr() const;
/// If we are using retpolines, we need to expand indirectbr to avoid it /// If we are using retpolines, we need to expand indirectbr to avoid it
/// lowering to an actual indirect jump. /// lowering to an actual indirect jump.
bool enableIndirectBrExpand() const override { bool enableIndirectBrExpand() const override {
return useRetpolineIndirectBranches(); return useRetpolineIndirectBranches() || useLVIControlFlowIntegrity();
} }
/// Enable the MachineScheduler pass for all X86 subtargets. /// Enable the MachineScheduler pass for all X86 subtargets.
bool enableMachineScheduler() const override { return true; } bool enableMachineScheduler() const override { return true; }
bool enableEarlyIfConversion() const override; bool enableEarlyIfConversion() const override;
void getPostRAMutations(std::vector<std::unique_ptr<ScheduleDAGMutation>> void getPostRAMutations(std::vector<std::unique_ptr<ScheduleDAGMutation>>
Show All 12 Lines

llvm/lib/Target/X86/X86TargetMachine.cpp

Show First 20 LinesShow All 76 Lines▼ Show 20 Linesextern "C" LLVM_EXTERNAL_VISIBILITY void LLVMInitializeX86Target() {
initializeX86CmovConverterPassPass(PR); initializeX86CmovConverterPassPass(PR);
initializeX86ExpandPseudoPass(PR); initializeX86ExpandPseudoPass(PR);
initializeX86ExecutionDomainFixPass(PR); initializeX86ExecutionDomainFixPass(PR);
initializeX86DomainReassignmentPass(PR); initializeX86DomainReassignmentPass(PR);
initializeX86AvoidSFBPassPass(PR); initializeX86AvoidSFBPassPass(PR);
initializeX86SpeculativeLoadHardeningPassPass(PR); initializeX86SpeculativeLoadHardeningPassPass(PR);
initializeX86FlagsCopyLoweringPassPass(PR); initializeX86FlagsCopyLoweringPassPass(PR);
initializeX86CondBrFoldingPassPass(PR); initializeX86CondBrFoldingPassPass(PR);
initializeX86LoadValueInjectionIndirectThunksPassPass(PR);
initializeX86OptimizeLEAPassPass(PR); initializeX86OptimizeLEAPassPass(PR);
} }
static std::unique_ptr<TargetLoweringObjectFile> createTLOF(const Triple &TT) { static std::unique_ptr<TargetLoweringObjectFile> createTLOF(const Triple &TT) {
if (TT.isOSBinFormatMachO()) { if (TT.isOSBinFormatMachO()) {
if (TT.getArch() == Triple::x86_64) if (TT.getArch() == Triple::x86_64)
return std::make_unique<X86_64MachoTargetObjectFile>(); return std::make_unique<X86_64MachoTargetObjectFile>();
return std::make_unique<TargetLoweringObjectFileMachO>(); return std::make_unique<TargetLoweringObjectFileMachO>();
▲ Show 20 LinesShow All 429 Lines▼ Show 20 Linesvoid X86PassConfig::addPreEmitPass() {
addPass(createX86InsertX87waitPass()); addPass(createX86InsertX87waitPass());
} }
void X86PassConfig::addPreEmitPass2() { void X86PassConfig::addPreEmitPass2() {
const Triple &TT = TM->getTargetTriple(); const Triple &TT = TM->getTargetTriple();
const MCAsmInfo *MAI = TM->getMCAsmInfo(); const MCAsmInfo *MAI = TM->getMCAsmInfo();
addPass(createX86RetpolineThunksPass()); addPass(createX86RetpolineThunksPass());
addPass(createX86LoadValueInjectionIndirectThunksPass());
// Insert extra int3 instructions after trailing call instructions to avoid // Insert extra int3 instructions after trailing call instructions to avoid
// issues in the unwinder. // issues in the unwinder.
if (TT.isOSWindows() && TT.getArch() == Triple::x86_64) if (TT.isOSWindows() && TT.getArch() == Triple::x86_64)
addPass(createX86AvoidTrailingCallPass()); addPass(createX86AvoidTrailingCallPass());
// Verify basic block incoming and outgoing cfa offset and register values and // Verify basic block incoming and outgoing cfa offset and register values and
// correct CFA calculation rule where needed by inserting appropriate CFI // correct CFA calculation rule where needed by inserting appropriate CFI
Show All 13 Lines

llvm/lib/Transforms/IPO/WholeProgramDevirt.cpp

Show First 20 LinesShow All 1,247 Lines▼ Show 20 Lines auto Apply = [&](CallSiteInfo &CSInfo) {
if (CSInfo.AllCallSitesDevirted) if (CSInfo.AllCallSitesDevirted)
return; return;
for (auto &&VCallSite : CSInfo.CallSites) { for (auto &&VCallSite : CSInfo.CallSites) {
CallSite CS = VCallSite.CS; CallSite CS = VCallSite.CS;
// Jump tables are only profitable if the retpoline mitigation is enabled. // Jump tables are only profitable if the retpoline mitigation is enabled.
Attribute FSAttr = CS.getCaller()->getFnAttribute("target-features"); Attribute FSAttr = CS.getCaller()->getFnAttribute("target-features");
if (FSAttr.hasAttribute(Attribute::None) || if (FSAttr.hasAttribute(Attribute::None) ||
!FSAttr.getValueAsString().contains("+retpoline")) !(FSAttr.getValueAsString().contains("+retpoline") ||
FSAttr.getValueAsString().contains("+lvi-cfi")))
continue; continue;
if (RemarksEnabled) if (RemarksEnabled)
VCallSite.emitRemark("branch-funnel", VCallSite.emitRemark("branch-funnel",
JT->stripPointerCasts()->getName(), OREGetter); JT->stripPointerCasts()->getName(), OREGetter);
// Pass the address of the vtable in the nest register, which is r10 on // Pass the address of the vtable in the nest register, which is r10 on
// x86_64. // x86_64.
▲ Show 20 LinesShow All 900 LinesShow Last 20 Lines

llvm/test/CodeGen/X86/O0-pipeline.ll

Show First 20 LinesShow All 67 Lines▼ Show 20 Lines
; CHECK-NEXT: X86 vzeroupper inserter ; CHECK-NEXT: X86 vzeroupper inserter
; CHECK-NEXT: X86 Discriminate Memory Operands ; CHECK-NEXT: X86 Discriminate Memory Operands
; CHECK-NEXT: X86 Insert Cache Prefetches ; CHECK-NEXT: X86 Insert Cache Prefetches
; CHECK-NEXT: X86 insert wait instruction ; CHECK-NEXT: X86 insert wait instruction
; CHECK-NEXT: Contiguously Lay Out Funclets ; CHECK-NEXT: Contiguously Lay Out Funclets
; CHECK-NEXT: StackMap Liveness Analysis ; CHECK-NEXT: StackMap Liveness Analysis
; CHECK-NEXT: Live DEBUG_VALUE analysis ; CHECK-NEXT: Live DEBUG_VALUE analysis
; CHECK-NEXT: X86 Retpoline Thunks ; CHECK-NEXT: X86 Retpoline Thunks
; CHECK-NEXT: X86 Load Value Injection (LVI) Indirect Thunks
zbridUnsubmitted
Done
ReplyInline Actions

nit: remove pass to follow what most of the other passes do here (requires change in pass code and here)

zbrid: nit: remove pass to follow what most of the other passes do here (requires change in pass code…
; CHECK-NEXT: Check CFA info and insert CFI instructions if needed ; CHECK-NEXT: Check CFA info and insert CFI instructions if needed
; CHECK-NEXT: Lazy Machine Block Frequency Analysis ; CHECK-NEXT: Lazy Machine Block Frequency Analysis
; CHECK-NEXT: Machine Optimization Remark Emitter ; CHECK-NEXT: Machine Optimization Remark Emitter
; CHECK-NEXT: X86 Assembly Printer ; CHECK-NEXT: X86 Assembly Printer
; CHECK-NEXT: Free MachineFunction ; CHECK-NEXT: Free MachineFunction
define void @f() { define void @f() {
ret void ret void
} }

llvm/test/CodeGen/X86/O3-pipeline.ll

Show First 20 LinesShow All 176 Lines▼ Show 20 Lines
; CHECK-NEXT: Compressing EVEX instrs to VEX encoding when possible ; CHECK-NEXT: Compressing EVEX instrs to VEX encoding when possible
; CHECK-NEXT: X86 Discriminate Memory Operands ; CHECK-NEXT: X86 Discriminate Memory Operands
; CHECK-NEXT: X86 Insert Cache Prefetches ; CHECK-NEXT: X86 Insert Cache Prefetches
; CHECK-NEXT: X86 insert wait instruction ; CHECK-NEXT: X86 insert wait instruction
; CHECK-NEXT: Contiguously Lay Out Funclets ; CHECK-NEXT: Contiguously Lay Out Funclets
; CHECK-NEXT: StackMap Liveness Analysis ; CHECK-NEXT: StackMap Liveness Analysis
; CHECK-NEXT: Live DEBUG_VALUE analysis ; CHECK-NEXT: Live DEBUG_VALUE analysis
; CHECK-NEXT: X86 Retpoline Thunks ; CHECK-NEXT: X86 Retpoline Thunks
; CHECK-NEXT: X86 Load Value Injection (LVI) Indirect Thunks
zbridUnsubmitted
Done
ReplyInline Actions

Same comment as in O0-pipeline.ll test

zbrid: Same comment as in O0-pipeline.ll test
; CHECK-NEXT: Check CFA info and insert CFI instructions if needed ; CHECK-NEXT: Check CFA info and insert CFI instructions if needed
; CHECK-NEXT: Lazy Machine Block Frequency Analysis ; CHECK-NEXT: Lazy Machine Block Frequency Analysis
; CHECK-NEXT: Machine Optimization Remark Emitter ; CHECK-NEXT: Machine Optimization Remark Emitter
; CHECK-NEXT: X86 Assembly Printer ; CHECK-NEXT: X86 Assembly Printer
; CHECK-NEXT: Free MachineFunction ; CHECK-NEXT: Free MachineFunction
define void @f() { define void @f() {
ret void ret void
} }

llvm/test/CodeGen/X86/lvi-hardening-indirectbr.ll

  • This file was added.
; RUN: llc -verify-machineinstrs -mtriple=x86_64-unknown < %s | FileCheck %s --check-prefix=X64
; RUN: llc -verify-machineinstrs -mtriple=x86_64-unknown -O0 < %s | FileCheck %s --check-prefix=X64FAST
;
; Note that a lot of this code was lifted from retpoline.ll.
declare void @bar(i32)
; Test a simple indirect call and tail call.
define void @icall_reg(void (i32)* %fp, i32 %x) #0 {
entry:
tail call void @bar(i32 %x)
tail call void %fp(i32 %x)
tail call void @bar(i32 %x)
tail call void %fp(i32 %x)
ret void
}
; X64-LABEL: icall_reg:
; X64-DAG: movq %rdi, %[[fp:[^ ]*]]
; X64-DAG: movl %esi, %[[x:[^ ]*]]
; X64: movl %esi, %edi
; X64: callq bar
; X64-DAG: movl %[[x]], %edi
; X64-DAG: movq %[[fp]], %r11
; X64: callq __x86_indirect_thunk_r11
; X64: movl %[[x]], %edi
; X64: callq bar
; X64-DAG: movl %[[x]], %edi
; X64-DAG: movq %[[fp]], %r11
; X64: jmp __x86_indirect_thunk_r11 # TAILCALL
; X64FAST-LABEL: icall_reg:
; X64FAST: callq bar
; X64FAST: callq __x86_indirect_thunk_r11
; X64FAST: callq bar
; X64FAST: jmp __x86_indirect_thunk_r11 # TAILCALL
@global_fp = external global void (i32)*
; Test an indirect call through a global variable.
define void @icall_global_fp(i32 %x, void (i32)** %fpp) #0 {
%fp1 = load void (i32)*, void (i32)** @global_fp
call void %fp1(i32 %x)
%fp2 = load void (i32)*, void (i32)** @global_fp
tail call void %fp2(i32 %x)
ret void
}
; X64-LABEL: icall_global_fp:
; X64-DAG: movl %edi, %[[x:[^ ]*]]
; X64-DAG: movq global_fp(%rip), %r11
; X64: callq __x86_indirect_thunk_r11
; X64-DAG: movl %[[x]], %edi
; X64-DAG: movq global_fp(%rip), %r11
; X64: jmp __x86_indirect_thunk_r11 # TAILCALL
; X64FAST-LABEL: icall_global_fp:
; X64FAST: movq global_fp(%rip), %r11
; X64FAST: callq __x86_indirect_thunk_r11
; X64FAST: movq global_fp(%rip), %r11
; X64FAST: jmp __x86_indirect_thunk_r11 # TAILCALL
%struct.Foo = type { void (%struct.Foo*)** }
; Test an indirect call through a vtable.
define void @vcall(%struct.Foo* %obj) #0 {
%vptr_field = getelementptr %struct.Foo, %struct.Foo* %obj, i32 0, i32 0
%vptr = load void (%struct.Foo*)**, void (%struct.Foo*)*** %vptr_field
%vslot = getelementptr void(%struct.Foo*)*, void(%struct.Foo*)** %vptr, i32 1
%fp = load void(%struct.Foo*)*, void(%struct.Foo*)** %vslot
tail call void %fp(%struct.Foo* %obj)
tail call void %fp(%struct.Foo* %obj)
ret void
}
; X64-LABEL: vcall:
; X64: movq %rdi, %[[obj:[^ ]*]]
; X64: movq (%rdi), %[[vptr:[^ ]*]]
; X64: movq 8(%[[vptr]]), %[[fp:[^ ]*]]
; X64: movq %[[fp]], %r11
; X64: callq __x86_indirect_thunk_r11
; X64-DAG: movq %[[obj]], %rdi
; X64-DAG: movq %[[fp]], %r11
; X64: jmp __x86_indirect_thunk_r11 # TAILCALL
; X64FAST-LABEL: vcall:
; X64FAST: callq __x86_indirect_thunk_r11
; X64FAST: jmp __x86_indirect_thunk_r11 # TAILCALL
declare void @direct_callee()
define void @direct_tail() #0 {
tail call void @direct_callee()
ret void
}
; X64-LABEL: direct_tail:
; X64: jmp direct_callee # TAILCALL
; X64FAST-LABEL: direct_tail:
; X64FAST: jmp direct_callee # TAILCALL
declare void @nonlazybind_callee() #1
define void @nonlazybind_caller() #0 {
call void @nonlazybind_callee()
tail call void @nonlazybind_callee()
ret void
}
; X64-LABEL: nonlazybind_caller:
; X64: movq nonlazybind_callee@GOTPCREL(%rip), %[[REG:.*]]
; X64: movq %[[REG]], %r11
; X64: callq __x86_indirect_thunk_r11
; X64: movq %[[REG]], %r11
; X64: jmp __x86_indirect_thunk_r11 # TAILCALL
; X64FAST-LABEL: nonlazybind_caller:
; X64FAST: movq nonlazybind_callee@GOTPCREL(%rip), %r11
; X64FAST: callq __x86_indirect_thunk_r11
; X64FAST: movq nonlazybind_callee@GOTPCREL(%rip), %r11
; X64FAST: jmp __x86_indirect_thunk_r11 # TAILCALL
; Check that a switch gets lowered using a jump table
define void @switch_jumptable(i32* %ptr, i64* %sink) #0 {
; X64-LABEL: switch_jumptable:
; X64_NOT: jmpq *
entry:
br label %header
header:
%i = load volatile i32, i32* %ptr
switch i32 %i, label %bb0 [
i32 1, label %bb1
i32 2, label %bb2
i32 3, label %bb3
i32 4, label %bb4
i32 5, label %bb5
i32 6, label %bb6
i32 7, label %bb7
i32 8, label %bb8
i32 9, label %bb9
]
bb0:
store volatile i64 0, i64* %sink
br label %header
bb1:
store volatile i64 1, i64* %sink
br label %header
bb2:
store volatile i64 2, i64* %sink
br label %header
bb3:
store volatile i64 3, i64* %sink
br label %header
bb4:
store volatile i64 4, i64* %sink
br label %header
bb5:
store volatile i64 5, i64* %sink
br label %header
bb6:
store volatile i64 6, i64* %sink
br label %header
bb7:
store volatile i64 7, i64* %sink
br label %header
bb8:
store volatile i64 8, i64* %sink
br label %header
bb9:
store volatile i64 9, i64* %sink
br label %header
}
@indirectbr_rewrite.targets = constant [10 x i8*] [i8* blockaddress(@indirectbr_rewrite, %bb0),
i8* blockaddress(@indirectbr_rewrite, %bb1),
i8* blockaddress(@indirectbr_rewrite, %bb2),
i8* blockaddress(@indirectbr_rewrite, %bb3),
i8* blockaddress(@indirectbr_rewrite, %bb4),
i8* blockaddress(@indirectbr_rewrite, %bb5),
i8* blockaddress(@indirectbr_rewrite, %bb6),
i8* blockaddress(@indirectbr_rewrite, %bb7),
i8* blockaddress(@indirectbr_rewrite, %bb8),
i8* blockaddress(@indirectbr_rewrite, %bb9)]
; Check that when thunks are enabled the indirectbr instruction gets
; rewritten to use switch, and that in turn doesn't get lowered as a jump
; table.
define void @indirectbr_rewrite(i64* readonly %p, i64* %sink) #0 {
; X64-LABEL: indirectbr_rewrite:
; X64-NOT: jmpq *
entry:
%i0 = load i64, i64* %p
%target.i0 = getelementptr [10 x i8*], [10 x i8*]* @indirectbr_rewrite.targets, i64 0, i64 %i0
%target0 = load i8*, i8** %target.i0
indirectbr i8* %target0, [label %bb1, label %bb3]
bb0:
store volatile i64 0, i64* %sink
br label %latch
bb1:
store volatile i64 1, i64* %sink
br label %latch
bb2:
store volatile i64 2, i64* %sink
br label %latch
bb3:
store volatile i64 3, i64* %sink
br label %latch
bb4:
store volatile i64 4, i64* %sink
br label %latch
bb5:
store volatile i64 5, i64* %sink
br label %latch
bb6:
store volatile i64 6, i64* %sink
br label %latch
bb7:
store volatile i64 7, i64* %sink
br label %latch
bb8:
store volatile i64 8, i64* %sink
br label %latch
bb9:
store volatile i64 9, i64* %sink
br label %latch
latch:
%i.next = load i64, i64* %p
%target.i.next = getelementptr [10 x i8*], [10 x i8*]* @indirectbr_rewrite.targets, i64 0, i64 %i.next
%target.next = load i8*, i8** %target.i.next
; Potentially hit a full 10 successors here so that even if we rewrite as
; a switch it will try to be lowered with a jump table.
indirectbr i8* %target.next, [label %bb0,
label %bb1,
label %bb2,
label %bb3,
label %bb4,
label %bb5,
label %bb6,
label %bb7,
label %bb8,
label %bb9]
}
; Lastly check that the necessary thunks were emitted.
;
; X64-LABEL: .section .text.__x86_indirect_thunk_r11,{{.*}},__x86_indirect_thunk_r11,comdat
; X64-NEXT: .hidden __x86_indirect_thunk_r11
; X64-NEXT: .weak __x86_indirect_thunk_r11
; X64: __x86_indirect_thunk_r11:
; X64-NEXT: # {{.*}} # %entry
; X64-NEXT: lfence
; X64-NEXT: jmpq *%r11
attributes #0 = { "target-features"="+lvi-cfi" }
attributes #1 = { nonlazybind }