speculation-hardening-sls.mir
4.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# RUN: llc -verify-machineinstrs -mtriple=aarch64-none-linux-gnu \
# RUN: -start-before aarch64-sls-hardening -o - %s \
# RUN: -mattr=harden-sls-retbr \
# RUN: | FileCheck %s --check-prefixes=CHECK,ISBDSB
# RUN: llc -verify-machineinstrs -mtriple=aarch64-none-linux-gnu \
# RUN: -start-before aarch64-sls-hardening -o - %s \
# RUN: -mattr=harden-sls-retbr -mattr=+sb \
# RUN: | FileCheck %s --check-prefixes=CHECK,SB
# Check that the SLS hardening pass also protects BRA* indirect branches that
# llvm currently does not generate.
--- |
@ptr_aa = private unnamed_addr constant [2 x i8*] [i8* blockaddress(@br_aa, %return), i8* blockaddress(@br_aa, %l2)], align 8
@ptr_aaz = private unnamed_addr constant [2 x i8*] [i8* blockaddress(@br_aaz, %return), i8* blockaddress(@br_aaz, %l2)], align 8
@ptr_ab = private unnamed_addr constant [2 x i8*] [i8* blockaddress(@br_ab, %return), i8* blockaddress(@br_ab, %l2)], align 8
@ptr_abz = private unnamed_addr constant [2 x i8*] [i8* blockaddress(@br_abz, %return), i8* blockaddress(@br_abz, %l2)], align 8
define dso_local i32 @br_aa(i32 %a, i32 %b, i32 %i) {
entry:
br label %l2
l2:
br label %return
return:
ret i32 undef
}
define dso_local i32 @br_aaz(i32 %a, i32 %b, i32 %i) {
entry:
br label %l2
l2:
br label %return
return:
ret i32 undef
}
define dso_local i32 @br_ab(i32 %a, i32 %b, i32 %i) {
entry:
br label %l2
l2:
br label %return
return:
ret i32 undef
}
define dso_local i32 @br_abz(i32 %a, i32 %b, i32 %i) {
entry:
br label %l2
l2:
br label %return
return:
ret i32 undef
}
...
---
name: br_aa
tracksRegLiveness: true
body: |
; CHECK-LABEL: br_aa:
bb.0.entry:
successors: %bb.2, %bb.1
liveins: $w2
$x8 = ADRP target-flags(aarch64-page) @ptr_aa
renamable $x8 = ADDXri $x8, target-flags(aarch64-pageoff, aarch64-nc) @ptr_aa, 0
renamable $x8 = LDRXroW killed renamable $x8, killed renamable $w2, 1, 1
BRAA killed renamable $x8, $sp
; CHECK: braa x8, sp
; ISBDSB-NEXT: dsb sy
; ISBDSB-NEXT: isb
; SB-NEXT: {{ sb$}}
bb.1.l2 (address-taken):
renamable $w0 = MOVZWi 1, 0
RET undef $lr, implicit $w0
bb.2.return (address-taken):
$w0 = ORRWrs $wzr, $wzr, 0
RET undef $lr, implicit $w0
...
---
name: br_aaz
tracksRegLiveness: true
body: |
; CHECK-LABEL: br_aaz:
bb.0.entry:
successors: %bb.2, %bb.1
liveins: $w2
$x8 = ADRP target-flags(aarch64-page) @ptr_aaz
renamable $x8 = ADDXri $x8, target-flags(aarch64-pageoff, aarch64-nc) @ptr_aaz, 0
renamable $x8 = LDRXroW killed renamable $x8, killed renamable $w2, 1, 1
BRAAZ killed renamable $x8
; CHECK: braaz x8
; ISBDSB-NEXT: dsb sy
; ISBDSB-NEXT: isb
; SB-NEXT: {{ sb$}}
bb.1.l2 (address-taken):
renamable $w0 = MOVZWi 1, 0
RET undef $lr, implicit $w0
bb.2.return (address-taken):
$w0 = ORRWrs $wzr, $wzr, 0
RET undef $lr, implicit $w0
...
---
name: br_ab
tracksRegLiveness: true
body: |
; CHECK-LABEL: br_ab:
bb.0.entry:
successors: %bb.2, %bb.1
liveins: $w2
$x8 = ADRP target-flags(aarch64-page) @ptr_ab
renamable $x8 = ADDXri $x8, target-flags(aarch64-pageoff, aarch64-nc) @ptr_ab, 0
renamable $x8 = LDRXroW killed renamable $x8, killed renamable $w2, 1, 1
BRAA killed renamable $x8, $sp
; CHECK: braa x8, sp
; ISBDSB-NEXT: dsb sy
; ISBDSB-NEXT: isb
; SB-NEXT: {{ sb$}}
bb.1.l2 (address-taken):
renamable $w0 = MOVZWi 1, 0
RET undef $lr, implicit $w0
bb.2.return (address-taken):
$w0 = ORRWrs $wzr, $wzr, 0
RET undef $lr, implicit $w0
...
---
name: br_abz
tracksRegLiveness: true
body: |
; CHECK-LABEL: br_abz:
bb.0.entry:
successors: %bb.2, %bb.1
liveins: $w2
$x8 = ADRP target-flags(aarch64-page) @ptr_abz
renamable $x8 = ADDXri $x8, target-flags(aarch64-pageoff, aarch64-nc) @ptr_abz, 0
renamable $x8 = LDRXroW killed renamable $x8, killed renamable $w2, 1, 1
BRAAZ killed renamable $x8
; CHECK: braaz x8
; ISBDSB-NEXT: dsb sy
; ISBDSB-NEXT: isb
; SB-NEXT: {{ sb$}}
bb.1.l2 (address-taken):
renamable $w0 = MOVZWi 1, 0
RET undef $lr, implicit $w0
bb.2.return (address-taken):
$w0 = ORRWrs $wzr, $wzr, 0
RET undef $lr, implicit $w0
...