This is an archive of the discontinued LLVM Phabricator instance.

Differential D90424

AArch64: Use SBFX instead of UBFX to extract address granule in outlined HWASan checks.
ClosedPublic

Authored by pcc on Oct 29 2020, 1:54 PM.

Details

Reviewers
eugenis
hctim
Commits
rGc9b1a2b41dca: AArch64: Use SBFX instead of UBFX to extract address granule in outlined HWASan…
Summary

In a kernel (or in general in environments where bit 55 of the address
is set) the shadow base needs to point to the end of the shadow region,
not the beginning. Bit 55 needs to be sign extended into bits 52-63
of the shadow base offset, otherwise we end up loading from an invalid
address. We can do this by using SBFX instead of UBFX.

Using SBFX should have no effect in the userspace case where bit 55
of the address is clear so we do so unconditionally. I don't think
we need a ABI version bump for this (but one will come anyway when
we switch to x20 for the shadow base register).

Depends on D90422

Diff Detail

Event Timeline

pcc created this revision.Oct 29 2020, 1:54 PM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptOct 29 2020, 1:54 PM
Herald added subscribers: cfe-commits, danielkiss, hiraditya, kristof.beyls. · View Herald Transcript
pcc requested review of this revision.Oct 29 2020, 1:54 PM
pcc added a child revision: D90425: hwasan: Move fixed shadow behind opaque no-op cast as well..
Harbormaster completed remote builds in B76974: Diff 301743.Oct 29 2020, 2:14 PM
hctim accepted this revision.Oct 29 2020, 3:47 PM

LGTM

This revision is now accepted and ready to land.Oct 29 2020, 3:47 PM
eugenis accepted this revision.Oct 29 2020, 4:06 PM

LGTM

This revision was landed with ongoing or failed builds.Oct 30 2020, 12:53 PM
Closed by commit rGc9b1a2b41dca: AArch64: Use SBFX instead of UBFX to extract address granule in outlined HWASan… (authored by pcc). · Explain Why
This revision was automatically updated to reflect the committed changes.
pcc added a commit: rGc9b1a2b41dca: AArch64: Use SBFX instead of UBFX to extract address granule in outlined HWASan….

Revision Contents

PathSize
clang/
docs/
2 lines
llvm/
lib/
Target/
AArch64/
2 lines
test/
CodeGen/
AArch64/
4 lines

Diff 301996

clang/docs/HardwareAssistedAddressSanitizerDesign.rst

Show First 20 LinesShow All 90 Lines▼ Show 20 Lines foo:
// (arguments: x0 = address, x20 = shadow base; // (arguments: x0 = address, x20 = shadow base;
// "2" encodes the access type and size) // "2" encodes the access type and size)
ldr w0, [x0] // inline load ldr w0, [x0] // inline load
ldp x30, x20, [sp], #16 ldp x30, x20, [sp], #16
ret ret
[...] [...]
__hwasan_check_x0_2_short_v2: __hwasan_check_x0_2_short_v2:
ubfx x16, x0, #4, #52 // shadow offset sbfx x16, x0, #4, #52 // shadow offset
ldrb w16, [x20, x16] // load shadow tag ldrb w16, [x20, x16] // load shadow tag
cmp x16, x0, lsr #56 // extract address tag, compare with shadow tag cmp x16, x0, lsr #56 // extract address tag, compare with shadow tag
b.ne .Ltmp0 // jump to short tag handler on mismatch b.ne .Ltmp0 // jump to short tag handler on mismatch
.Ltmp1: .Ltmp1:
ret ret
.Ltmp0: .Ltmp0:
cmp w16, #15 // is this a short tag? cmp w16, #15 // is this a short tag?
b.hi .Ltmp2 // if not, error b.hi .Ltmp2 // if not, error
▲ Show 20 LinesShow All 180 LinesShow Last 20 Lines

llvm/lib/Target/AArch64/AArch64AsmPrinter.cpp

Show First 20 LinesShow All 342 Lines▼ Show 20 Lines OutStreamer->SwitchSection(OutContext.getELFSection(
ELF::SHF_EXECINSTR | ELF::SHF_ALLOC | ELF::SHF_GROUP, 0, ELF::SHF_EXECINSTR | ELF::SHF_ALLOC | ELF::SHF_GROUP, 0,
Sym->getName())); Sym->getName()));
OutStreamer->emitSymbolAttribute(Sym, MCSA_ELF_TypeFunction); OutStreamer->emitSymbolAttribute(Sym, MCSA_ELF_TypeFunction);
OutStreamer->emitSymbolAttribute(Sym, MCSA_Weak); OutStreamer->emitSymbolAttribute(Sym, MCSA_Weak);
OutStreamer->emitSymbolAttribute(Sym, MCSA_Hidden); OutStreamer->emitSymbolAttribute(Sym, MCSA_Hidden);
OutStreamer->emitLabel(Sym); OutStreamer->emitLabel(Sym);
OutStreamer->emitInstruction(MCInstBuilder(AArch64::UBFMXri) OutStreamer->emitInstruction(MCInstBuilder(AArch64::SBFMXri)
.addReg(AArch64::X16) .addReg(AArch64::X16)
.addReg(Reg) .addReg(Reg)
.addImm(4) .addImm(4)
.addImm(55), .addImm(55),
*STI); *STI);
OutStreamer->emitInstruction( OutStreamer->emitInstruction(
MCInstBuilder(AArch64::LDRBBroX) MCInstBuilder(AArch64::LDRBBroX)
.addReg(AArch64::W16) .addReg(AArch64::W16)
▲ Show 20 LinesShow All 1,063 LinesShow Last 20 Lines

llvm/test/CodeGen/AArch64/hwasan-check-memaccess.ll

Show All 32 Lines
declare void @llvm.hwasan.check.memaccess(i8*, i8*, i32) declare void @llvm.hwasan.check.memaccess(i8*, i8*, i32)
declare void @llvm.hwasan.check.memaccess.shortgranules(i8*, i8*, i32) declare void @llvm.hwasan.check.memaccess.shortgranules(i8*, i8*, i32)
; CHECK: .section .text.hot,"axG",@progbits,__hwasan_check_x0_2_short_v2,comdat ; CHECK: .section .text.hot,"axG",@progbits,__hwasan_check_x0_2_short_v2,comdat
; CHECK-NEXT: .type __hwasan_check_x0_2_short_v2,@function ; CHECK-NEXT: .type __hwasan_check_x0_2_short_v2,@function
; CHECK-NEXT: .weak __hwasan_check_x0_2_short_v2 ; CHECK-NEXT: .weak __hwasan_check_x0_2_short_v2
; CHECK-NEXT: .hidden __hwasan_check_x0_2_short_v2 ; CHECK-NEXT: .hidden __hwasan_check_x0_2_short_v2
; CHECK-NEXT: __hwasan_check_x0_2_short_v2: ; CHECK-NEXT: __hwasan_check_x0_2_short_v2:
; CHECK-NEXT: ubfx x16, x0, #4, #52 ; CHECK-NEXT: sbfx x16, x0, #4, #52
; CHECK-NEXT: ldrb w16, [x20, x16] ; CHECK-NEXT: ldrb w16, [x20, x16]
; CHECK-NEXT: cmp x16, x0, lsr #56 ; CHECK-NEXT: cmp x16, x0, lsr #56
; CHECK-NEXT: b.ne .Ltmp0 ; CHECK-NEXT: b.ne .Ltmp0
; CHECK-NEXT: .Ltmp1: ; CHECK-NEXT: .Ltmp1:
; CHECK-NEXT: ret ; CHECK-NEXT: ret
; CHECK-NEXT: .Ltmp0: ; CHECK-NEXT: .Ltmp0:
; CHECK-NEXT: cmp w16, #15 ; CHECK-NEXT: cmp w16, #15
; CHECK-NEXT: b.hi .Ltmp2 ; CHECK-NEXT: b.hi .Ltmp2
Show All 14 Lines
; CHECK-NEXT: br x16 ; CHECK-NEXT: br x16
; CHECK: .section .text.hot,"axG",@progbits,__hwasan_check_x1_1,comdat ; CHECK: .section .text.hot,"axG",@progbits,__hwasan_check_x1_1,comdat
; CHECK-NEXT: .type __hwasan_check_x1_1,@function ; CHECK-NEXT: .type __hwasan_check_x1_1,@function
; CHECK-NEXT: .weak __hwasan_check_x1_1 ; CHECK-NEXT: .weak __hwasan_check_x1_1
; CHECK-NEXT: .hidden __hwasan_check_x1_1 ; CHECK-NEXT: .hidden __hwasan_check_x1_1
; CHECK-NEXT: __hwasan_check_x1_1: ; CHECK-NEXT: __hwasan_check_x1_1:
; CHECK-NEXT: ubfx x16, x1, #4, #52 ; CHECK-NEXT: sbfx x16, x1, #4, #52
; CHECK-NEXT: ldrb w16, [x9, x16] ; CHECK-NEXT: ldrb w16, [x9, x16]
; CHECK-NEXT: cmp x16, x1, lsr #56 ; CHECK-NEXT: cmp x16, x1, lsr #56
; CHECK-NEXT: b.ne .Ltmp3 ; CHECK-NEXT: b.ne .Ltmp3
; CHECK-NEXT: .Ltmp4: ; CHECK-NEXT: .Ltmp4:
; CHECK-NEXT: ret ; CHECK-NEXT: ret
; CHECK-NEXT: .Ltmp3: ; CHECK-NEXT: .Ltmp3:
; CHECK-NEXT: stp x0, x1, [sp, #-256]! ; CHECK-NEXT: stp x0, x1, [sp, #-256]!
; CHECK-NEXT: stp x29, x30, [sp, #232] ; CHECK-NEXT: stp x29, x30, [sp, #232]
; CHECK-NEXT: mov x0, x1 ; CHECK-NEXT: mov x0, x1
; CHECK-NEXT: mov x1, #1 ; CHECK-NEXT: mov x1, #1
; CHECK-NEXT: adrp x16, :got:__hwasan_tag_mismatch ; CHECK-NEXT: adrp x16, :got:__hwasan_tag_mismatch
; CHECK-NEXT: ldr x16, [x16, :got_lo12:__hwasan_tag_mismatch] ; CHECK-NEXT: ldr x16, [x16, :got_lo12:__hwasan_tag_mismatch]
; CHECK-NEXT: br x16 ; CHECK-NEXT: br x16