[clang] [clang] Implement -fptrauth-auth-traps. (PR #102417)

Ahmed Bougacha via cfe-commits Wed, 07 Aug 2024 19:50:18 -0700

https://github.com/ahmedbougacha created 
https://github.com/llvm/llvm-project/pull/102417


This provides -fptrauth-auth-traps, which at the frontend level only controls 
the addition of the "ptrauth-auth-traps" function attribute.  The attribute in 
turn controls various aspects of backend codegen, by providing the guarantee 
that every "auth" operation generated will trap on failure.  This can either be 
delegated to the hardware (if FPAC is known to be available), in which case 
this attribute doesn't change codegen.  Or, if FPAC isn't available, the 
backend emits additional instructions to check and trap on auth failure.

>From ab05f9206c9e3b5a29b520a90529b082a9a978d0 Mon Sep 17 00:00:00 2001
From: Ahmed Bougacha <ah...@bougacha.org>
Date: Fri, 21 Jun 2024 14:54:02 -0700
Subject: [PATCH] [clang] Enable pointer authentication auth-failure traps.

---
 clang/include/clang/Basic/PointerAuthOptions.h   | 3 +++
 clang/lib/CodeGen/CodeGenFunction.cpp            | 2 ++
 clang/lib/Frontend/CompilerInvocation.cpp        | 4 +++-
 clang/test/CodeGen/ptrauth-function-attributes.c | 5 +++++
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/clang/include/clang/Basic/PointerAuthOptions.h 
b/clang/include/clang/Basic/PointerAuthOptions.h
index 8f63cf2ad2bf2..74caa26b10b1f 100644
--- a/clang/include/clang/Basic/PointerAuthOptions.h
+++ b/clang/include/clang/Basic/PointerAuthOptions.h
@@ -166,6 +166,9 @@ struct PointerAuthOptions {
   /// Do indirect goto label addresses need to be authenticated?
   bool IndirectGotos = false;
 
+  /// Do authentication failures cause a trap?
+  bool AuthTraps = false;
+
   /// The ABI for C function pointers.
   PointerAuthSchema FunctionPointers;
 
diff --git a/clang/lib/CodeGen/CodeGenFunction.cpp 
b/clang/lib/CodeGen/CodeGenFunction.cpp
index af201554898f3..2b7a03a9a3b90 100644
--- a/clang/lib/CodeGen/CodeGenFunction.cpp
+++ b/clang/lib/CodeGen/CodeGenFunction.cpp
@@ -884,6 +884,8 @@ void CodeGenFunction::StartFunction(GlobalDecl GD, QualType 
RetTy,
     Fn->addFnAttr("ptrauth-calls");
   if (CodeGenOpts.PointerAuth.IndirectGotos)
     Fn->addFnAttr("ptrauth-indirect-gotos");
+  if (CodeGenOpts.PointerAuth.AuthTraps)
+    Fn->addFnAttr("ptrauth-auth-traps");
 
   // Apply xray attributes to the function (as a string, for now)
   bool AlwaysXRayAttr = false;
diff --git a/clang/lib/Frontend/CompilerInvocation.cpp 
b/clang/lib/Frontend/CompilerInvocation.cpp
index 225bd6416ce5f..86e24929c6b63 100644
--- a/clang/lib/Frontend/CompilerInvocation.cpp
+++ b/clang/lib/Frontend/CompilerInvocation.cpp
@@ -1511,13 +1511,15 @@ void CompilerInvocation::setDefaultPointerAuthOptions(
     }
   }
   Opts.IndirectGotos = LangOpts.PointerAuthIndirectGotos;
+  Opts.AuthTraps = LangOpts.PointerAuthAuthTraps;
 }
 
 static void parsePointerAuthOptions(PointerAuthOptions &Opts,
                                     const LangOptions &LangOpts,
                                     const llvm::Triple &Triple,
                                     DiagnosticsEngine &Diags) {
-  if (!LangOpts.PointerAuthCalls && !LangOpts.PointerAuthIndirectGotos)
+  if (!LangOpts.PointerAuthCalls && !LangOpts.PointerAuthIndirectGotos &&
+      !LangOpts.PointerAuthAuthTraps)
     return;
 
   CompilerInvocation::setDefaultPointerAuthOptions(Opts, LangOpts, Triple);
diff --git a/clang/test/CodeGen/ptrauth-function-attributes.c 
b/clang/test/CodeGen/ptrauth-function-attributes.c
index 6a09cd37bf485..b7da5bba887db 100644
--- a/clang/test/CodeGen/ptrauth-function-attributes.c
+++ b/clang/test/CodeGen/ptrauth-function-attributes.c
@@ -8,6 +8,9 @@
 // RUN: %clang_cc1 -triple arm64e-apple-ios  -fptrauth-indirect-gotos 
-emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,GOTOS
 // RUN: %clang_cc1 -triple aarch64-linux-gnu -fptrauth-indirect-gotos 
-emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,GOTOS
 
+// RUN: %clang_cc1 -triple arm64e-apple-ios  -fptrauth-auth-traps -emit-llvm 
%s -o - | FileCheck %s --check-prefixes=ALL,TRAPS
+// RUN: %clang_cc1 -triple aarch64-linux-gnu -fptrauth-auth-traps -emit-llvm 
%s -o - | FileCheck %s --check-prefixes=ALL,TRAPS
+
 // ALL: define {{(dso_local )?}}void @test() #0
 void test() {
 }
@@ -16,4 +19,6 @@ void test() {
 
 // GOTOS: attributes #0 = {{{.*}} "ptrauth-indirect-gotos" {{.*}}}
 
+// TRAPS: attributes #0 = {{{.*}} "ptrauth-auth-traps" {{.*}}}
+
 // OFF-NOT: attributes {{.*}} "ptrauth-

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang] Implement -fptrauth-auth-traps. (PR #102417)

Reply via email to