Author: lukecheeseman Date: Fri Aug 17 05:55:05 2018 New Revision: 340019 URL: http://llvm.org/viewvc/llvm-project?rev=340019&view=rev Log: [AArch64] - return address signing
- Add a command line options -msign-return-address to enable return address signing - Armv8.3a added instructions to sign the return address to help mitigate against ROP attacks - This patch adds command line options to generate function attributes that signal to the back whether return address signing instructions should be added Differential revision: https://reviews.llvm.org/D49793 Added: cfe/trunk/test/CodeGen/aarch64-sign-return-address.c Modified: cfe/trunk/include/clang/Driver/Options.td cfe/trunk/include/clang/Frontend/CodeGenOptions.def cfe/trunk/include/clang/Frontend/CodeGenOptions.h cfe/trunk/lib/CodeGen/TargetInfo.cpp cfe/trunk/lib/Driver/ToolChains/Clang.cpp cfe/trunk/lib/Frontend/CompilerInvocation.cpp Modified: cfe/trunk/include/clang/Driver/Options.td URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Driver/Options.td?rev=340019&r1=340018&r2=340019&view=diff ============================================================================== --- cfe/trunk/include/clang/Driver/Options.td (original) +++ cfe/trunk/include/clang/Driver/Options.td Fri Aug 17 05:55:05 2018 @@ -2030,6 +2030,10 @@ def ffixed_x18 : Flag<["-"], "ffixed-x18 def ffixed_x20 : Flag<["-"], "ffixed-x20">, Group<m_aarch64_Features_Group>, HelpText<"Reserve the x20 register (AArch64 only)">; +def msign_return_address : Joined<["-"], "msign-return-address=">, + Flags<[CC1Option]>, Group<m_Group>, + HelpText<"Select return address signing scope">, Values<"none,all,non-leaf">; + def msimd128 : Flag<["-"], "msimd128">, Group<m_wasm_Features_Group>; def mno_simd128 : Flag<["-"], "mno-simd128">, Group<m_wasm_Features_Group>; def mnontrapping_fptoint : Flag<["-"], "mnontrapping-fptoint">, Group<m_wasm_Features_Group>; Modified: cfe/trunk/include/clang/Frontend/CodeGenOptions.def URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Frontend/CodeGenOptions.def?rev=340019&r1=340018&r2=340019&view=diff ============================================================================== --- cfe/trunk/include/clang/Frontend/CodeGenOptions.def (original) +++ cfe/trunk/include/clang/Frontend/CodeGenOptions.def Fri Aug 17 05:55:05 2018 @@ -339,6 +339,7 @@ CODEGENOPT(ForceEmitVTables, 1, 0) /// Whether to emit an address-significance table into the object file. CODEGENOPT(Addrsig, 1, 0) +ENUM_CODEGENOPT(SignReturnAddress, SignReturnAddressScope, 2, None) #undef CODEGENOPT #undef ENUM_CODEGENOPT Modified: cfe/trunk/include/clang/Frontend/CodeGenOptions.h URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Frontend/CodeGenOptions.h?rev=340019&r1=340018&r2=340019&view=diff ============================================================================== --- cfe/trunk/include/clang/Frontend/CodeGenOptions.h (original) +++ cfe/trunk/include/clang/Frontend/CodeGenOptions.h Fri Aug 17 05:55:05 2018 @@ -108,6 +108,12 @@ public: Embed_Marker // Embed a marker as a placeholder for bitcode. }; + enum SignReturnAddressScope { + None, // No signing for any function + NonLeaf, // Sign the return address of functions that spill LR + All // Sign the return address of all functions + }; + /// The code model to use (-mcmodel). std::string CodeModel; Modified: cfe/trunk/lib/CodeGen/TargetInfo.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/TargetInfo.cpp?rev=340019&r1=340018&r2=340019&view=diff ============================================================================== --- cfe/trunk/lib/CodeGen/TargetInfo.cpp (original) +++ cfe/trunk/lib/CodeGen/TargetInfo.cpp Fri Aug 17 05:55:05 2018 @@ -4969,6 +4969,23 @@ public: } bool doesReturnSlotInterfereWithArgs() const override { return false; } + + void setTargetAttributes(const Decl *D, llvm::GlobalValue *GV, + CodeGen::CodeGenModule &CGM) const override { + const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(D); + if (!FD) + return; + llvm::Function *Fn = cast<llvm::Function>(GV); + + auto Kind = CGM.getCodeGenOpts().getSignReturnAddress(); + if (Kind == CodeGenOptions::SignReturnAddressScope::None) + return; + + Fn->addFnAttr("sign-return-address", + Kind == CodeGenOptions::SignReturnAddressScope::All + ? "all" + : "non-leaf"); + } }; class WindowsAArch64TargetCodeGenInfo : public AArch64TargetCodeGenInfo { Modified: cfe/trunk/lib/Driver/ToolChains/Clang.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Driver/ToolChains/Clang.cpp?rev=340019&r1=340018&r2=340019&view=diff ============================================================================== --- cfe/trunk/lib/Driver/ToolChains/Clang.cpp (original) +++ cfe/trunk/lib/Driver/ToolChains/Clang.cpp Fri Aug 17 05:55:05 2018 @@ -1455,6 +1455,11 @@ void Clang::AddAArch64TargetArgs(const A else CmdArgs.push_back("-aarch64-enable-global-merge=true"); } + + if (Arg *A = Args.getLastArg(options::OPT_msign_return_address)) { + CmdArgs.push_back( + Args.MakeArgString(Twine("-msign-return-address=") + A->getValue())); + } } void Clang::AddMIPSTargetArgs(const ArgList &Args, Modified: cfe/trunk/lib/Frontend/CompilerInvocation.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Frontend/CompilerInvocation.cpp?rev=340019&r1=340018&r2=340019&view=diff ============================================================================== --- cfe/trunk/lib/Frontend/CompilerInvocation.cpp (original) +++ cfe/trunk/lib/Frontend/CompilerInvocation.cpp Fri Aug 17 05:55:05 2018 @@ -1125,6 +1125,20 @@ static bool ParseCodeGenArgs(CodeGenOpti Opts.Addrsig = Args.hasArg(OPT_faddrsig); + if (Arg *A = Args.getLastArg(OPT_msign_return_address)) { + StringRef SignScope = A->getValue(); + if (SignScope.equals_lower("none")) + Opts.setSignReturnAddress(CodeGenOptions::SignReturnAddressScope::None); + else if (SignScope.equals_lower("all")) + Opts.setSignReturnAddress(CodeGenOptions::SignReturnAddressScope::All); + else if (SignScope.equals_lower("non-leaf")) + Opts.setSignReturnAddress( + CodeGenOptions::SignReturnAddressScope::NonLeaf); + else + Diags.Report(diag::err_drv_invalid_value) + << A->getAsString(Args) << A->getValue(); + } + return Success; } Added: cfe/trunk/test/CodeGen/aarch64-sign-return-address.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGen/aarch64-sign-return-address.c?rev=340019&view=auto ============================================================================== --- cfe/trunk/test/CodeGen/aarch64-sign-return-address.c (added) +++ cfe/trunk/test/CodeGen/aarch64-sign-return-address.c Fri Aug 17 05:55:05 2018 @@ -0,0 +1,14 @@ +// RUN: %clang -target aarch64-arm-none-eabi -S -emit-llvm -o - -msign-return-address=none %s | FileCheck %s --check-prefix=CHECK-NONE +// RUN: %clang -target aarch64-arm-none-eabi -S -emit-llvm -o - -msign-return-address=non-leaf %s | FileCheck %s --check-prefix=CHECK-PARTIAL +// RUN: %clang -target aarch64-arm-none-eabi -S -emit-llvm -o - -msign-return-address=all %s | FileCheck %s --check-prefix=CHECK-ALL + +// CHECK-NONE: @foo() #[[ATTR:[0-9]*]] +// CHECK-NONE-NOT: attributes #[[ATTR]] = { {{.*}} "sign-return-address"={{.*}} }} + +// CHECK-PARTIAL: @foo() #[[ATTR:[0-9]*]] +// CHECK-PARTIAL: attributes #[[ATTR]] = { {{.*}} "sign-return-address"="non-leaf" {{.*}}} + +// CHECK-ALL: @foo() #[[ATTR:[0-9]*]] +// CHECK-ALL: attributes #[[ATTR]] = { {{.*}} "sign-return-address"="all" {{.*}} } + +void foo() {} _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
