[PATCH] D140363: Remove incorrectly implemented -mibt-seal

Fangrui Song via Phabricator via cfe-commits Mon, 19 Dec 2022 18:52:34 -0800

MaskRay created this revision.
MaskRay added reviewers: joaomoreira, kees, nickdesaulniers, pcc, samitolvanen, 
xiangzhangllvm.
Herald added subscribers: StephenFan, pengfei, hiraditya.
Herald added a project: All.
MaskRay requested review of this revision.
Herald added projects: clang, LLVM.
Herald added subscribers: llvm-commits, cfe-commits.


The option does not work as intended and will not be needed when hidden
visibility is used. A function needs ENDBR if it may be reached
indirectly. If we make ThinLTO combine the address-taken property, then
the condition can be expressed with:

`AddressTaken || (!F.hasLocalLinkage() && (VisibleToRegularObj || 
!F.hasHiddenVisibility()))`

The current `F.hasAddressTaken()` condition does not take into acount of
address-significance in another bitcode file or ELF relocatable file.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D140363

Files:
  clang/include/clang/Basic/CodeGenOptions.def
  clang/include/clang/Driver/Options.td
  clang/lib/CodeGen/CodeGenModule.cpp
  clang/lib/Driver/ToolChains/Clang.cpp
  clang/lib/Frontend/CompilerInvocation.cpp
  clang/test/CodeGen/X86/x86-cf-protection.c
  llvm/lib/Target/X86/X86IndirectBranchTracking.cpp
  llvm/test/CodeGen/X86/ibtseal-kernel.ll
  llvm/test/CodeGen/X86/ibtseal-large.ll
  llvm/test/CodeGen/X86/ibtseal-small.ll

Index: llvm/test/CodeGen/X86/ibtseal-small.ll
===================================================================
--- llvm/test/CodeGen/X86/ibtseal-small.ll
+++ /dev/null
@@ -1,19 +0,0 @@
-; RUN: llc < %s -O2 -mtriple=x86_64-unknown-linux-gnu -x86-indirect-branch-tracking --code-model=small | FileCheck %s --check-prefix=CHECK-SMALL-IBTSEAL
-
-; CHECK-SMALL-IBTSEAL: foo:
-; CHECK-SMALL-IBTSEAL: endbr
-; CHECK-SMALL-IBTSEAL: bar:
-; CHECK-SMALL-IBTSEAL: endbr
-
-target triple = "x86_64-unknown-linux-gnu"
-
-define dso_local void @foo() {
-  ret void
-}
-
-define dso_local ptr @bar() {
-  ret ptr @foo
-}
-
-!llvm.module.flags = !{!1}
-!1 = !{i32 4, !"ibt-seal", i32 1}
Index: llvm/test/CodeGen/X86/ibtseal-large.ll
===================================================================
--- llvm/test/CodeGen/X86/ibtseal-large.ll
+++ /dev/null
@@ -1,19 +0,0 @@
-; RUN: llc < %s -O2 -mtriple=x86_64-unknown-linux-gnu -x86-indirect-branch-tracking --code-model=large | FileCheck %s --check-prefix=CHECK-LARGE-IBTSEAL
-
-; CHECK-LARGE-IBTSEAL: foo:
-; CHECK-LARGE-IBTSEAL: endbr
-; CHECK-LARGE-IBTSEAL: bar:
-; CHECK-LARGE-IBTSEAL: endbr
-
-target triple = "x86_64-unknown-linux-gnu"
-
-define dso_local void @foo() {
-  ret void
-}
-
-define dso_local ptr @bar() {
-  ret ptr @foo
-}
-
-!llvm.module.flags = !{!1}
-!1 = !{i32 4, !"ibt-seal", i32 1}
Index: llvm/test/CodeGen/X86/ibtseal-kernel.ll
===================================================================
--- llvm/test/CodeGen/X86/ibtseal-kernel.ll
+++ /dev/null
@@ -1,19 +0,0 @@
-; RUN: llc < %s -O2 -mtriple=x86_64-unknown-linux-gnu -x86-indirect-branch-tracking --code-model=kernel | FileCheck %s --check-prefix=CHECK-KERNEL-IBTSEAL
-
-; CHECK-KERNEL-IBTSEAL: foo:
-; CHECK-KERNEL-IBTSEAL: endbr
-; CHECK-KERNEL-IBTSEAL: bar:
-; CHECK-KERNEL-IBTSEAL-NOT: endbr
-
-target triple = "x86_64-unknown-linux-gnu"
-
-define dso_local void @foo() {
-  ret void
-}
-
-define dso_local ptr @bar() {
-  ret ptr @foo
-}
-
-!llvm.module.flags = !{!1}
-!1 = !{i32 4, !"ibt-seal", i32 1}
Index: llvm/lib/Target/X86/X86IndirectBranchTracking.cpp
===================================================================
--- llvm/lib/Target/X86/X86IndirectBranchTracking.cpp
+++ llvm/lib/Target/X86/X86IndirectBranchTracking.cpp
@@ -102,23 +102,10 @@
   if (F.doesNoCfCheck())
     return false;
 
-  const X86TargetMachine *TM =
-      static_cast<const X86TargetMachine *>(&MF.getTarget());
-  Metadata *IBTSeal = M->getModuleFlag("ibt-seal");
-
-  switch (TM->getCodeModel()) {
+  switch (MF.getTarget().getCodeModel()) {
   // Large code model functions always reachable through indirect calls.
   case CodeModel::Large:
     return true;
-  // Only address taken functions in LTO'ed kernel are reachable indirectly.
-  // IBTSeal implies LTO, thus only check if function is address taken.
-  case CodeModel::Kernel:
-    // Check if ibt-seal was enabled (implies LTO is being used).
-    if (IBTSeal) {
-      return F.hasAddressTaken();
-    }
-    // if !IBTSeal, fall into default case.
-    [[fallthrough]];
   // Address taken or externally linked functions may be reachable.
   default:
     return (F.hasAddressTaken() || !F.hasLocalLinkage());
Index: clang/test/CodeGen/X86/x86-cf-protection.c
===================================================================
--- clang/test/CodeGen/X86/x86-cf-protection.c
+++ clang/test/CodeGen/X86/x86-cf-protection.c
@@ -1,17 +1,12 @@
 // RUN: %clang_cc1 -E -triple i386 -dM -o - -fcf-protection=return %s | FileCheck %s --check-prefix=RETURN
 // RUN: %clang_cc1 -E -triple i386 -dM -o - -fcf-protection=branch %s | FileCheck %s --check-prefix=BRANCH
 // RUN: %clang_cc1 -E -triple i386 -dM -o - -fcf-protection=full %s   | FileCheck %s --check-prefix=FULL
-// RUN: %clang_cc1 -emit-llvm -triple i386 -o - -fcf-protection=branch -mibt-seal -flto %s | FileCheck %s --check-prefixes=CFPROT,IBTSEAL
-// RUN: %clang_cc1 -emit-llvm -triple i386 -o - -fcf-protection=branch -flto %s | FileCheck %s --check-prefixes=CFPROT,NOIBTSEAL
-// RUN: %clang_cc1 -emit-llvm -triple i386 -o - -fcf-protection=branch -mibt-seal %s | FileCheck %s --check-prefixes=CFPROT,NOIBTSEAL
 // RUN: not %clang_cc1 -emit-llvm-only -triple i386 -target-cpu pentium-mmx -fcf-protection=branch %s 2>&1 | FileCheck %s --check-prefix=NOCFPROT
 
 // RETURN: #define __CET__ 2
 // BRANCH: #define __CET__ 1
 // FULL: #define __CET__ 3
 // CFPROT: !{i32 8, !"cf-protection-branch", i32 1}
-// IBTSEAL: !{i32 8, !"ibt-seal", i32 1}
-// NOIBTSEAL-NOT: "ibt-seal", i32 1
 
 // NOCFPROT: error: option 'cf-protection=branch' cannot be specified on this target
 
Index: clang/lib/Frontend/CompilerInvocation.cpp
===================================================================
--- clang/lib/Frontend/CompilerInvocation.cpp
+++ clang/lib/Frontend/CompilerInvocation.cpp
@@ -1495,9 +1495,6 @@
   else if (Opts.CFProtectionBranch)
     GenerateArg(Args, OPT_fcf_protection_EQ, "branch", SA);
 
-  if (Opts.IBTSeal)
-    GenerateArg(Args, OPT_mibt_seal, SA);
-
   if (Opts.FunctionReturnThunks)
     GenerateArg(Args, OPT_mfunction_return_EQ, "thunk-extern", SA);
 
@@ -1857,9 +1854,6 @@
       Opts.FunctionReturnThunks = static_cast<unsigned>(Val);
   }
 
-  if (Opts.PrepareForLTO && Args.hasArg(OPT_mibt_seal))
-    Opts.IBTSeal = 1;
-
   for (auto *A :
        Args.filtered(OPT_mlink_bitcode_file, OPT_mlink_builtin_bitcode)) {
     CodeGenOptions::BitcodeFileToLink F;
Index: clang/lib/Driver/ToolChains/Clang.cpp
===================================================================
--- clang/lib/Driver/ToolChains/Clang.cpp
+++ clang/lib/Driver/ToolChains/Clang.cpp
@@ -6361,9 +6361,6 @@
         Args.MakeArgString(Twine("-fcf-protection=") + A->getValue()));
   }
 
-  if (IsUsingLTO)
-    Args.AddLastArg(CmdArgs, options::OPT_mibt_seal);
-
   if (Arg *A = Args.getLastArg(options::OPT_mfunction_return_EQ))
     CmdArgs.push_back(
         Args.MakeArgString(Twine("-mfunction-return=") + A->getValue()));
Index: clang/lib/CodeGen/CodeGenModule.cpp
===================================================================
--- clang/lib/CodeGen/CodeGenModule.cpp
+++ clang/lib/CodeGen/CodeGenModule.cpp
@@ -775,9 +775,6 @@
                               1);
   }
 
-  if (CodeGenOpts.IBTSeal)
-    getModule().addModuleFlag(llvm::Module::Min, "ibt-seal", 1);
-
   if (CodeGenOpts.FunctionReturnThunks)
     getModule().addModuleFlag(llvm::Module::Override, "function_return_thunk_extern", 1);
 
Index: clang/include/clang/Driver/Options.td
===================================================================
--- clang/include/clang/Driver/Options.td
+++ clang/include/clang/Driver/Options.td
@@ -2047,8 +2047,6 @@
 def fcf_protection : Flag<["-"], "fcf-protection">, Group<f_Group>, Flags<[CoreOption, CC1Option]>,
   Alias<fcf_protection_EQ>, AliasArgs<["full"]>,
   HelpText<"Enable cf-protection in 'full' mode">;
-def mibt_seal : Flag<["-"], "mibt-seal">, Group<m_Group>, Flags<[CoreOption, CC1Option]>,
-  HelpText<"Optimize fcf-protection=branch/full (requires LTO).">;
 def mfunction_return_EQ : Joined<["-"], "mfunction-return=">,
   Group<m_Group>, Flags<[CoreOption, CC1Option]>,
   HelpText<"Replace returns with jumps to ``__x86_return_thunk`` (x86 only, error otherwise)">,
Index: clang/include/clang/Basic/CodeGenOptions.def
===================================================================
--- clang/include/clang/Basic/CodeGenOptions.def
+++ clang/include/clang/Basic/CodeGenOptions.def
@@ -105,7 +105,6 @@
                                       ///< set to full or return.
 CODEGENOPT(CFProtectionBranch , 1, 0) ///< if -fcf-protection is
                                       ///< set to full or branch.
-CODEGENOPT(IBTSeal, 1, 0)             ///< set to optimize CFProtectionBranch.
 CODEGENOPT(FunctionReturnThunks, 1, 0) ///< -mfunction-return={keep|thunk-extern}
 CODEGENOPT(IndirectBranchCSPrefix, 1, 0) ///< if -mindirect-branch-cs-prefix
                                          ///< is set.

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D140363: Remove incorrectly implemented -mibt-seal

Reply via email to