Home Explore Help
Sign In
SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git
1
0
Fork 0
Files
Tree: 91804c4350
Branches Tags
ydb
/
contrib
/
libs
/
llvm16
/
lib
/
Target
/
X86
/
X86IndirectBranchTracking.cpp

X86IndirectBranchTracking.cpp 6.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190 
  1. //===---- X86IndirectBranchTracking.cpp - Enables CET IBT mechanism -------===//
    2. 

  2. //
    3. 

  3. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
    4. 

  4. // See https://llvm.org/LICENSE.txt for license information.
    5. 

  5. // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
    6. 

  6. //
    7. 

  7. //===----------------------------------------------------------------------===//
    8. 

  8. //
    9. 

  9. // This file defines a pass that enables Indirect Branch Tracking (IBT) as part
    10. 

  10. // of Control-Flow Enforcement Technology (CET).
    11. 

  11. // The pass adds ENDBR (End Branch) machine instructions at the beginning of
    12. 

  12. // each basic block or function that is referenced by an indrect jump/call
    13. 

  13. // instruction.
    14. 

  14. // The ENDBR instructions have a NOP encoding and as such are ignored in
    15. 

  15. // targets that do not support CET IBT mechanism.
    16. 

  16. //===----------------------------------------------------------------------===//
    17. 

  17. 

  18. #include "X86.h"
    19. 

  19. #include "X86InstrInfo.h"
    20. 

  20. #include "X86Subtarget.h"
    21. 

  21. #include "X86TargetMachine.h"
    22. 

  22. #include "llvm/ADT/Statistic.h"
    23. 

  23. #include "llvm/CodeGen/MachineFunctionPass.h"
    24. 

  24. #include "llvm/CodeGen/MachineInstrBuilder.h"
    25. 

  25. #include "llvm/CodeGen/MachineModuleInfo.h"
    26. 

  26. 

  27. using namespace llvm;
    28. 

  28. 

  29. #define DEBUG_TYPE "x86-indirect-branch-tracking"
    30. 

  30. 

  31. cl::opt<bool> IndirectBranchTracking(
    32. 

  32.     "x86-indirect-branch-tracking", cl::init(false), cl::Hidden,
    33. 

  33.     cl::desc("Enable X86 indirect branch tracking pass."));
    34. 

  34. 

  35. STATISTIC(NumEndBranchAdded, "Number of ENDBR instructions added");
    36. 

  36. 

  37. namespace {
    38. 

  38. class X86IndirectBranchTrackingPass : public MachineFunctionPass {
    39. 

  39. public:
    40. 

  40.   X86IndirectBranchTrackingPass() : MachineFunctionPass(ID) {}
    41. 

  41. 

  42.   StringRef getPassName() const override {
    43. 

  43.     return "X86 Indirect Branch Tracking";
    44. 

  44.   }
    45. 

  45. 

  46.   bool runOnMachineFunction(MachineFunction &MF) override;
    47. 

  47. 

  48. private:
    49. 

  49.   static char ID;
    50. 

  50. 

  51.   /// Machine instruction info used throughout the class.
    52. 

  52.   const X86InstrInfo *TII = nullptr;
    53. 

  53. 

  54.   /// Endbr opcode for the current machine function.
    55. 

  55.   unsigned int EndbrOpcode = 0;
    56. 

  56. 

  57.   /// Adds a new ENDBR instruction to the beginning of the MBB.
    58. 

  58.   /// The function will not add it if already exists.
    59. 

  59.   /// It will add ENDBR32 or ENDBR64 opcode, depending on the target.
    60. 

  60.   /// \returns true if the ENDBR was added and false otherwise.
    61. 

  61.   bool addENDBR(MachineBasicBlock &MBB, MachineBasicBlock::iterator I) const;
    62. 

  62. };
    63. 

  63. 

  64. } // end anonymous namespace
    65. 

  65. 

  66. char X86IndirectBranchTrackingPass::ID = 0;
    67. 

  67. 

  68. FunctionPass *llvm::createX86IndirectBranchTrackingPass() {
    69. 

  69.   return new X86IndirectBranchTrackingPass();
    70. 

  70. }
    71. 

  71. 

  72. bool X86IndirectBranchTrackingPass::addENDBR(
    73. 

  73.     MachineBasicBlock &MBB, MachineBasicBlock::iterator I) const {
    74. 

  74.   assert(TII && "Target instruction info was not initialized");
    75. 

  75.   assert((X86::ENDBR64 == EndbrOpcode || X86::ENDBR32 == EndbrOpcode) &&
    76. 

  76.          "Unexpected Endbr opcode");
    77. 

  77. 

  78.   // If the MBB/I is empty or the current instruction is not ENDBR,
    79. 

  79.   // insert ENDBR instruction to the location of I.
    80. 

  80.   if (I == MBB.end() || I->getOpcode() != EndbrOpcode) {
    81. 

  81.     BuildMI(MBB, I, MBB.findDebugLoc(I), TII->get(EndbrOpcode));
    82. 

  82.     ++NumEndBranchAdded;
    83. 

  83.     return true;
    84. 

  84.   }
    85. 

  85.   return false;
    86. 

  86. }
    87. 

  87. 

  88. static bool IsCallReturnTwice(llvm::MachineOperand &MOp) {
    89. 

  89.   if (!MOp.isGlobal())
    90. 

  90.     return false;
    91. 

  91.   auto *CalleeFn = dyn_cast<Function>(MOp.getGlobal());
    92. 

  92.   if (!CalleeFn)
    93. 

  93.     return false;
    94. 

  94.   AttributeList Attrs = CalleeFn->getAttributes();
    95. 

  95.   return Attrs.hasFnAttr(Attribute::ReturnsTwice);
    96. 

  96. }
    97. 

  97. 

  98. // Checks if function should have an ENDBR in its prologue
    99. 

  99. static bool needsPrologueENDBR(MachineFunction &MF, const Module *M) {
    100. 

  100.   Function &F = MF.getFunction();
    101. 

  101. 

  102.   if (F.doesNoCfCheck())
    103. 

  103.     return false;
    104. 

  104. 

  105.   switch (MF.getTarget().getCodeModel()) {
    106. 

  106.   // Large code model functions always reachable through indirect calls.
    107. 

  107.   case CodeModel::Large:
    108. 

  108.     return true;
    109. 

  109.   // Address taken or externally linked functions may be reachable.
    110. 

  110.   default:
    111. 

  111.     return (F.hasAddressTaken() || !F.hasLocalLinkage());
    112. 

  112.   }
    113. 

  113. }
    114. 

  114. 

  115. bool X86IndirectBranchTrackingPass::runOnMachineFunction(MachineFunction &MF) {
    116. 

  116.   const X86Subtarget &SubTarget = MF.getSubtarget<X86Subtarget>();
    117. 

  117. 

  118.   const Module *M = MF.getMMI().getModule();
    119. 

  119.   // Check that the cf-protection-branch is enabled.
    120. 

  120.   Metadata *isCFProtectionSupported = M->getModuleFlag("cf-protection-branch");
    121. 

  121. 

  122.   //  NB: We need to enable IBT in jitted code if JIT compiler is CET
    123. 

  123.   //  enabled.
    124. 

  124.   const X86TargetMachine *TM =
    125. 

  125.       static_cast<const X86TargetMachine *>(&MF.getTarget());
    126. 

  126. #ifdef __CET__
    127. 

  127.   bool isJITwithCET = TM->isJIT();
    128. 

  128. #else
    129. 

  129.   bool isJITwithCET = false;
    130. 

  130. #endif
    131. 

  131.   if (!isCFProtectionSupported && !IndirectBranchTracking && !isJITwithCET)
    132. 

  132.     return false;
    133. 

  133. 

  134.   // True if the current MF was changed and false otherwise.
    135. 

  135.   bool Changed = false;
    136. 

  136. 

  137.   TII = SubTarget.getInstrInfo();
    138. 

  138.   EndbrOpcode = SubTarget.is64Bit() ? X86::ENDBR64 : X86::ENDBR32;
    139. 

  139. 

  140.   // If function is reachable indirectly, mark the first BB with ENDBR.
    141. 

  141.   if (needsPrologueENDBR(MF, M)) {
    142. 

  142.     auto MBB = MF.begin();
    143. 

  143.     Changed |= addENDBR(*MBB, MBB->begin());
    144. 

  144.   }
    145. 

  145. 

  146.   for (auto &MBB : MF) {
    147. 

  147.     // Find all basic blocks that their address was taken (for example
    148. 

  148.     // in the case of indirect jump) and add ENDBR instruction.
    149. 

  149.     if (MBB.hasAddressTaken())
    150. 

  150.       Changed |= addENDBR(MBB, MBB.begin());
    151. 

  151. 

  152.     for (MachineBasicBlock::iterator I = MBB.begin(); I != MBB.end(); ++I) {
    153. 

  153.       if (I->isCall() && I->getNumOperands() > 0 &&
    154. 

  154.           IsCallReturnTwice(I->getOperand(0))) {
    155. 

  155.         Changed |= addENDBR(MBB, std::next(I));
    156. 

  156.       }
    157. 

  157.     }
    158. 

  158. 

  159.     // Exception handle may indirectly jump to catch pad, So we should add
    160. 

  160.     // ENDBR before catch pad instructions. For SjLj exception model, it will
    161. 

  161.     // create a new BB(new landingpad) indirectly jump to the old landingpad.
    162. 

  162.     if (TM->Options.ExceptionModel == ExceptionHandling::SjLj) {
    163. 

  163.       for (MachineBasicBlock::iterator I = MBB.begin(); I != MBB.end(); ++I) {
    164. 

  164.         // New Landingpad BB without EHLabel.
    165. 

  165.         if (MBB.isEHPad()) {
    166. 

  166.           if (I->isDebugInstr())
    167. 

  167.             continue;
    168. 

  168.           Changed |= addENDBR(MBB, I);
    169. 

  169.           break;
    170. 

  170.         } else if (I->isEHLabel()) {
    171. 

  171.           // Old Landingpad BB (is not Landingpad now) with
    172. 

  172.           // the the old "callee" EHLabel.
    173. 

  173.           MCSymbol *Sym = I->getOperand(0).getMCSymbol();
    174. 

  174.           if (!MF.hasCallSiteLandingPad(Sym))
    175. 

  175.             continue;
    176. 

  176.           Changed |= addENDBR(MBB, std::next(I));
    177. 

  177.           break;
    178. 

  178.         }
    179. 

  179.       }
    180. 

  180.     } else if (MBB.isEHPad()){
    181. 

  181.       for (MachineBasicBlock::iterator I = MBB.begin(); I != MBB.end(); ++I) {
    182. 

  182.         if (!I->isEHLabel())
    183. 

  183.           continue;
    184. 

  184.         Changed |= addENDBR(MBB, std::next(I));
    185. 

  185.         break;
    186. 

  186.       }
    187. 

  187.     }
    188. 

  188.   }
    189. 

  189.   return Changed;
    190. 

  190. }
    191.