This is an archive of the discontinued LLVM Phabricator instance.

Differential D80064

[X86] Disable LVI load hardening pass at O0
AbandonedPublic

Authored by nikic on May 16 2020, 9:06 AM.

Details

Reviewers
craig.topper
mattdr
sconstab
Summary

D75936 caused a compile-time regression for O0 builds (1.5% for sqlite), because the LVI load hardening pass requires a number of additional analysis passes. While load hardening is only performed if a function attribute is specified, the analysis passes will always be executed.

As it doesn't seem to be possible to only run the analysis passes if necessary, this change disables the LVI load hardening pass entirely at O0, on the assumption that this pass is only relevant for production binaries anyway.

Diff Detail

Event Timeline

nikic created this revision.May 16 2020, 9:06 AM
Herald added a project: Restricted Project. · View Herald TranscriptMay 16 2020, 9:06 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
sconstab added a comment.May 16 2020, 9:36 AM

I can accept this change if the driver can also emit a warning when LVI hardening is enabled with -O0. We already have a similar warning when LVI CFI protections are enabled with retpoline. The warning is emitted in clang/lib/Driver/ToolChains/Arch/X86.cpp.

Harbormaster failed remote builds in B56966: Diff 264444!May 16 2020, 10:33 AM
jethrogb added a subscriber: jethrogb.May 18 2020, 1:23 AM
In D80064#2040163, @sconstab wrote:

I can accept this change if the driver can also emit a warning when LVI hardening is enabled with -O0. We already have a similar warning when LVI CFI protections are enabled with retpoline. The warning is emitted in clang/lib/Driver/ToolChains/Arch/X86.cpp.

IIUC, this warning triggers only on particular command-line settings. However, the pass is activated by a function attribute, which may be enabled in different ways. I think there should be a warning if there is any function with the attribute but the pass not enabled.

mattdr added a comment.May 18 2020, 11:37 AM

Of course that raises a fun question: where do we put the code to make sure we warn if the pass is disabled? It can't be in the pass itself.

I agree we should find or create a good place for this warning to avoid users shooting themselves in the foot, but my opinion is that shouldn't block this change from landing.

sconstab added a comment.May 26 2020, 4:52 PM
In D80064#2041175, @jethrogb wrote:
In D80064#2040163, @sconstab wrote:

I can accept this change if the driver can also emit a warning when LVI hardening is enabled with -O0. We already have a similar warning when LVI CFI protections are enabled with retpoline. The warning is emitted in clang/lib/Driver/ToolChains/Arch/X86.cpp.

IIUC, this warning triggers only on particular command-line settings. However, the pass is activated by a function attribute, which may be enabled in different ways. I think there should be a warning if there is any function with the attribute but the pass not enabled.

Is there a way to do this in TargetMachine.cpp? The pass is inserted into the X86PassConfig. Is the module accessible at this point?

craig.topper added a comment.May 27 2020, 11:28 AM
In D80064#2056188, @sconstab wrote:
In D80064#2041175, @jethrogb wrote:
In D80064#2040163, @sconstab wrote:

I can accept this change if the driver can also emit a warning when LVI hardening is enabled with -O0. We already have a similar warning when LVI CFI protections are enabled with retpoline. The warning is emitted in clang/lib/Driver/ToolChains/Arch/X86.cpp.

IIUC, this warning triggers only on particular command-line settings. However, the pass is activated by a function attribute, which may be enabled in different ways. I think there should be a warning if there is any function with the attribute but the pass not enabled.

Is there a way to do this in TargetMachine.cpp? The pass is inserted into the X86PassConfig. Is the module accessible at this point?

I don't think so. The only thought I have is to add an O0 version of the pass that just errors. Or maybe does something simple like fence every load.

nikic added a comment.May 27 2020, 12:03 PM

It's possible to make the pass dependencies OptLevel dependent, so it would be possible to report an error directly from the pass. Do we have any error reporting mechanism that works this deep in the backend?

nikic added a comment.May 27 2020, 12:40 PM

I'm not really convinced that erroring in that case makes sense though. I expect that a typical use of this functionality is something like https://github.com/rust-lang/rust/pull/72655/files#diff-23a2e218f0f24d0c63cc4347012d83ff, in which case making +lvi-load-hardening at optnone an error doesn't help anyone. It just means extra complexity to not set the target features at optnone, leading to exactly the same place as we would with this patch, just reimplemented at a higher level in the frontend (or the user of the frontend).

I think this should either be silently disabled at optnone (as this patch does), or as @craig.topper suggests, it should fence every load as a conservative approach.

sconstab mentioned this in D80964: [X86] Add an Unoptimized Load Value Injection (LVI) Load Hardening Pass.Jun 1 2020, 5:10 PM
sconstab added a comment.Jun 3 2020, 6:31 PM

@nikic I have posted https://reviews.llvm.org/D80964 as an alternative to this patch.

nikic abandoned this revision.Jun 5 2020, 1:18 PM

Abandoning this one in favor of D80964, which makes more sense to me.

Revision Contents

PathSize
llvm/
lib/
Target/
X86/
6 lines
test/
CodeGen/
X86/
4 lines

Diff 264444

lib/Target/X86/X86TargetMachine.cpp

Show First 20 LinesShow All 491 Lines▼ Show 20 Lines
} }
void X86PassConfig::addMachineSSAOptimization() { void X86PassConfig::addMachineSSAOptimization() {
addPass(createX86DomainReassignmentPass()); addPass(createX86DomainReassignmentPass());
TargetPassConfig::addMachineSSAOptimization(); TargetPassConfig::addMachineSSAOptimization();
} }
void X86PassConfig::addPostRegAlloc() { void X86PassConfig::addPostRegAlloc() {
addPass(createX86FloatingPointStackifierPass()); addPass(createX86FloatingPointStackifierPass());
// LVI load hardening requires a number of analysis passes that we do not
// want to run at optnone.
if (getOptLevel() != CodeGenOpt::None)
addPass(createX86LoadValueInjectionLoadHardeningPass()); addPass(createX86LoadValueInjectionLoadHardeningPass());
} }
void X86PassConfig::addPreSched2() { addPass(createX86ExpandPseudoPass()); } void X86PassConfig::addPreSched2() { addPass(createX86ExpandPseudoPass()); }
void X86PassConfig::addPreEmitPass() { void X86PassConfig::addPreEmitPass() {
if (getOptLevel() != CodeGenOpt::None) { if (getOptLevel() != CodeGenOpt::None) {
addPass(new X86ExecutionDomainFix()); addPass(new X86ExecutionDomainFix());
addPass(createBreakFalseDeps()); addPass(createBreakFalseDeps());
▲ Show 20 LinesShow All 55 LinesShow Last 20 Lines

test/CodeGen/X86/O0-pipeline.ll

Show First 20 LinesShow All 49 Lines▼ Show 20 Lines
; CHECK-NEXT: MachineDominator Tree Construction ; CHECK-NEXT: MachineDominator Tree Construction
; CHECK-NEXT: X86 EFLAGS copy lowering ; CHECK-NEXT: X86 EFLAGS copy lowering
; CHECK-NEXT: X86 WinAlloca Expander ; CHECK-NEXT: X86 WinAlloca Expander
; CHECK-NEXT: Eliminate PHI nodes for register allocation ; CHECK-NEXT: Eliminate PHI nodes for register allocation
; CHECK-NEXT: Two-Address instruction pass ; CHECK-NEXT: Two-Address instruction pass
; CHECK-NEXT: Fast Register Allocator ; CHECK-NEXT: Fast Register Allocator
; CHECK-NEXT: Bundle Machine CFG Edges ; CHECK-NEXT: Bundle Machine CFG Edges
; CHECK-NEXT: X86 FP Stackifier ; CHECK-NEXT: X86 FP Stackifier
; CHECK-NEXT: MachineDominator Tree Construction
; CHECK-NEXT: Machine Natural Loop Construction
; CHECK-NEXT: Machine Dominance Frontier Construction
; CHECK-NEXT: X86 Load Value Injection (LVI) Load Hardening
; CHECK-NEXT: Fixup Statepoint Caller Saved ; CHECK-NEXT: Fixup Statepoint Caller Saved
; CHECK-NEXT: Lazy Machine Block Frequency Analysis ; CHECK-NEXT: Lazy Machine Block Frequency Analysis
; CHECK-NEXT: Machine Optimization Remark Emitter ; CHECK-NEXT: Machine Optimization Remark Emitter
; CHECK-NEXT: Prologue/Epilogue Insertion & Frame Finalization ; CHECK-NEXT: Prologue/Epilogue Insertion & Frame Finalization
; CHECK-NEXT: Post-RA pseudo instruction expansion pass ; CHECK-NEXT: Post-RA pseudo instruction expansion pass
; CHECK-NEXT: X86 pseudo instruction expansion pass ; CHECK-NEXT: X86 pseudo instruction expansion pass
; CHECK-NEXT: Analyze Machine Code For Garbage Collection ; CHECK-NEXT: Analyze Machine Code For Garbage Collection
; CHECK-NEXT: Insert fentry calls ; CHECK-NEXT: Insert fentry calls
Show All 22 Lines