bjoernager/rust
bjoernager/rust
1
Fork 0
Code Issues Pull requests Activity

Add codegen option for branch protection and pointer authentication on AArch64

Browse source 
The branch-protection codegen option enables the use of hint-space pointer
authentication code for AArch64 targets
This commit is contained in:
James McGregor 2021-07-13 12:14:26 +01:00 committed by Jamie Cunliffe
parent 2446a21595
commit 837cc1687f
12 changed files with 266 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

54
compiler/rustc_codegen_llvm/src/attributes.rs
View file

@ -9,7 +9,7 @@ use rustc_hir::def_id::DefId;
use rustc_middle::middle::codegen_fn_attrs::CodegenFnAttrFlags;
use rustc_middle::ty::layout::HasTyCtxt;
use rustc_middle::ty::{self, TyCtxt};
use rustc_session::config::OptLevel;
use rustc_session::config::{BranchProtection, OptLevel, PAuthKey};
use rustc_session::Session;
use rustc_target::spec::abi::Abi;
use rustc_target::spec::{FramePointer, SanitizerSet, StackProbeType, StackProtector};
@ -203,6 +203,58 @@ pub fn non_lazy_bind(sess: &Session, llfn: &'ll Value) {
}
}
pub fn set_branch_protection(sess: &Session, llfn: &'ll Value) {
// Setting PAC/BTI function attributes is only necessary for LLVM 11 and earlier.
// For LLVM 12 and greater, module-level metadata attributes are set in
// `compiler/rustc_codegen_llvm/src/context.rs`.
if llvm_util::get_version() >= (12, 0, 0) {
return;
}
let BranchProtection { bti, pac_ret: pac } = sess.opts.cg.branch_protection;
if bti {
llvm::AddFunctionAttrString(
llfn,
llvm::AttributePlace::Function,
cstr!("branch-target-enforcement"),
);
}
if let Some(pac_opts) = pac {
if pac_opts.leaf {
llvm::AddFunctionAttrStringValue(
llfn,
llvm::AttributePlace::Function,
cstr!("sign-return-address"),
cstr!("non-leaf"),
);
} else {
llvm::AddFunctionAttrStringValue(
llfn,
llvm::AttributePlace::Function,
cstr!("sign-return-address"),
cstr!("all"),
);
}
match pac_opts.key {
PAuthKey::A => llvm::AddFunctionAttrStringValue(
llfn,
llvm::AttributePlace::Function,
cstr!("sign-return-address-key"),
cstr!("a_key"),
),
PAuthKey::B => llvm::AddFunctionAttrStringValue(
llfn,
llvm::AttributePlace::Function,
cstr!("sign-return-address-key"),
cstr!("b_key"),
),
}
}
}
pub(crate) fn default_optimisation_attrs(sess: &Session, llfn: &'ll Value) {
match sess.opts.optimize {
OptLevel::Size => {

34
compiler/rustc_codegen_llvm/src/context.rs
View file

@ -21,7 +21,7 @@ use rustc_middle::ty::layout::{
};
use rustc_middle::ty::{self, Instance, Ty, TyCtxt};
use rustc_middle::{bug, span_bug};
use rustc_session::config::{CFGuard, CrateType, DebugInfo};
use rustc_session::config::{BranchProtection, CFGuard, CrateType, DebugInfo, PAuthKey};
use rustc_session::Session;
use rustc_span::source_map::Span;
use rustc_span::symbol::Symbol;
@ -242,6 +242,38 @@ pub unsafe fn create_module(
}
}
if sess.target.arch == "aarch64" {
let BranchProtection { bti, pac_ret: pac } = sess.opts.cg.branch_protection;
llvm::LLVMRustAddModuleFlag(
llmod,
"branch-target-enforcement\0".as_ptr().cast(),
bti.into(),
);
if let Some(pac_opts) = pac {
llvm::LLVMRustAddModuleFlag(llmod, "sign-return-address\0".as_ptr().cast(), 1);
llvm::LLVMRustAddModuleFlag(
llmod,
"sign-return-address-all\0".as_ptr().cast(),
pac_opts.leaf.into(),
);
llvm::LLVMRustAddModuleFlag(
llmod,
"sign-return-address-with-bkey\0".as_ptr().cast(),
if pac_opts.key == PAuthKey::A { 0 } else { 1 },
);
} else {
llvm::LLVMRustAddModuleFlag(llmod, "sign-return-address\0".as_ptr().cast(), 0);
llvm::LLVMRustAddModuleFlag(llmod, "sign-return-address-all\0".as_ptr().cast(), 0);
llvm::LLVMRustAddModuleFlag(
llmod,
"sign-return-address-with-bkey\0".as_ptr().cast(),
0,
);
}
}
llmod
}

5
compiler/rustc_codegen_llvm/src/declare.rs
View file

@ -45,8 +45,13 @@ fn declare_raw_fn(
llvm::Attribute::NoRedZone.apply_llfn(Function, llfn);
}
if cx.tcx.sess.target.arch == "aarch64" {
attributes::set_branch_protection(cx.tcx.sess, llfn);
}
attributes::default_optimisation_attrs(cx.tcx.sess, llfn);
attributes::non_lazy_bind(cx.sess(), llfn);
llfn
}