From 58e8e3505d3673ab629f8c4f7857307368fbbd4f Mon Sep 17 00:00:00 2001 From: Peter Collingbourne Date: Thu, 19 Mar 2015 22:02:10 +0000 Subject: [PATCH] LowerBitSets: Avoid reusing byte set addresses. Each use of the byte array uses a different alias. This makes the backend less likely to reuse previously computed byte array addresses, improving the security of the CFI mechanism based on this pass. Differential Revision: http://reviews.llvm.org/D8455 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@232770 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Transforms/IPO/LowerBitSets.cpp | 17 ++++++++++++++++- test/Transforms/LowerBitSets/simple.ll | 12 ++++++++---- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/lib/Transforms/IPO/LowerBitSets.cpp b/lib/Transforms/IPO/LowerBitSets.cpp index 9c1fc33c310..fe00d92f70b 100644 --- a/lib/Transforms/IPO/LowerBitSets.cpp +++ b/lib/Transforms/IPO/LowerBitSets.cpp @@ -38,6 +38,11 @@ STATISTIC(NumByteArraysCreated, "Number of byte arrays created"); STATISTIC(NumBitSetCallsLowered, "Number of bitset calls lowered"); STATISTIC(NumBitSetDisjointSets, "Number of disjoint sets of bitsets"); +static cl::opt AvoidReuse( + "lowerbitsets-avoid-reuse", + cl::desc("Try to avoid reuse of byte array addresses using aliases"), + cl::Hidden, cl::init(true)); + bool BitSetInfo::containsGlobalOffset(uint64_t Offset) const { if (Offset < ByteOffset) return false; @@ -389,7 +394,17 @@ Value *LowerBitSets::createBitSetTest(IRBuilder<> &B, BitSetInfo &BSI, BAI = createByteArray(BSI); } - Value *ByteAddr = B.CreateGEP(BAI->ByteArray, BitOffset); + Constant *ByteArray = BAI->ByteArray; + if (!LinkerSubsectionsViaSymbols && AvoidReuse) { + // Each use of the byte array uses a different alias. This makes the + // backend less likely to reuse previously computed byte array addresses, + // improving the security of the CFI mechanism based on this pass. + ByteArray = GlobalAlias::create( + BAI->ByteArray->getType()->getElementType(), 0, + GlobalValue::PrivateLinkage, "bits_use", ByteArray, M); + } + + Value *ByteAddr = B.CreateGEP(ByteArray, BitOffset); Value *Byte = B.CreateLoad(ByteAddr); Value *ByteAndMask = B.CreateAnd(Byte, BAI->Mask); diff --git a/test/Transforms/LowerBitSets/simple.ll b/test/Transforms/LowerBitSets/simple.ll index 34c2fdd011d..8694d67f460 100644 --- a/test/Transforms/LowerBitSets/simple.ll +++ b/test/Transforms/LowerBitSets/simple.ll @@ -38,6 +38,10 @@ target datalayout = "e-p:32:32" !llvm.bitsets = !{ !0, !1, !2, !3, !4, !5, !6, !7 } +; CHECK: @bits_use{{[0-9]*}} = private alias i8* @bits{{[0-9]*}} +; CHECK: @bits_use{{[0-9]*}} = private alias i8* @bits{{[0-9]*}} +; CHECK: @bits_use{{[0-9]*}} = private alias i8* @bits{{[0-9]*}} + ; CHECK: @a = alias getelementptr inbounds ({ i32, [0 x i8], [63 x i32], [4 x i8], i32, [0 x i8], [2 x i32] }, { i32, [0 x i8], [63 x i32], [4 x i8], i32, [0 x i8], [2 x i32] }* [[G]], i32 0, i32 0) ; CHECK: @b = alias getelementptr inbounds ({ i32, [0 x i8], [63 x i32], [4 x i8], i32, [0 x i8], [2 x i32] }, { i32, [0 x i8], [63 x i32], [4 x i8], i32, [0 x i8], [2 x i32] }* [[G]], i32 0, i32 2) ; CHECK: @c = alias getelementptr inbounds ({ i32, [0 x i8], [63 x i32], [4 x i8], i32, [0 x i8], [2 x i32] }, { i32, [0 x i8], [63 x i32], [4 x i8], i32, [0 x i8], [2 x i32] }* [[G]], i32 0, i32 4) @@ -57,8 +61,8 @@ target datalayout = "e-p:32:32" ; CHECK-DARWIN: [[G]] = private constant -; CHECK: @bits = private alias getelementptr inbounds ([68 x i8], [68 x i8]* [[BA]], i32 0, i32 0) -; CHECK: @bits1 = private alias getelementptr inbounds ([68 x i8], [68 x i8]* [[BA]], i32 0, i32 0) +; CHECK: @bits{{[0-9]*}} = private alias getelementptr inbounds ([68 x i8], [68 x i8]* [[BA]], i32 0, i32 0) +; CHECK: @bits{{[0-9]*}} = private alias getelementptr inbounds ([68 x i8], [68 x i8]* [[BA]], i32 0, i32 0) declare i1 @llvm.bitset.test(i8* %ptr, metadata %bitset) nounwind readnone @@ -76,7 +80,7 @@ define i1 @foo(i32* %p) { ; CHECK: [[R6:%[^ ]*]] = icmp ult i32 [[R5]], 68 ; CHECK: br i1 [[R6]] - ; CHECK: [[R8:%[^ ]*]] = getelementptr i8, i8* @bits, i32 [[R5]] + ; CHECK: [[R8:%[^ ]*]] = getelementptr i8, i8* @bits_use{{[0-9]*}}, i32 [[R5]] ; CHECK: [[R9:%[^ ]*]] = load i8, i8* [[R8]] ; CHECK: [[R10:%[^ ]*]] = and i8 [[R9]], 1 ; CHECK: [[R11:%[^ ]*]] = icmp ne i8 [[R10]], 0 @@ -119,7 +123,7 @@ define i1 @baz(i32* %p) { ; CHECK: [[T6:%[^ ]*]] = icmp ult i32 [[T5]], 66 ; CHECK: br i1 [[T6]] - ; CHECK: [[T8:%[^ ]*]] = getelementptr i8, i8* @bits1, i32 [[T5]] + ; CHECK: [[T8:%[^ ]*]] = getelementptr i8, i8* @bits_use{{[0-9]*}}, i32 [[T5]] ; CHECK: [[T9:%[^ ]*]] = load i8, i8* [[T8]] ; CHECK: [[T10:%[^ ]*]] = and i8 [[T9]], 2 ; CHECK: [[T11:%[^ ]*]] = icmp ne i8 [[T10]], 0 -- 2.34.1