xref: /llvm-project/llvm/lib/CodeGen/CFGuardLongjmp.cpp (revision 7d80ee5bdabbcb25b15fe54297d3f13793e4d8c2) 
1d157a9bcSAndrew Paverd //===-- CFGuardLongjmp.cpp - Longjmp symbols for CFGuard --------*- C++ -*-===//
2d157a9bcSAndrew Paverd //
3d157a9bcSAndrew Paverd // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4d157a9bcSAndrew Paverd // See https://llvm.org/LICENSE.txt for license information.
5d157a9bcSAndrew Paverd // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6d157a9bcSAndrew Paverd //
7d157a9bcSAndrew Paverd //===----------------------------------------------------------------------===//
8d157a9bcSAndrew Paverd ///
9d157a9bcSAndrew Paverd /// \file
10d157a9bcSAndrew Paverd /// This file contains a machine function pass to insert a symbol after each
11d157a9bcSAndrew Paverd /// call to _setjmp and store this in the MachineFunction's LongjmpTargets
12d157a9bcSAndrew Paverd /// vector. This will be used to emit the table of valid longjmp targets used
13d157a9bcSAndrew Paverd /// by Control Flow Guard.
14d157a9bcSAndrew Paverd ///
15d157a9bcSAndrew Paverd //===----------------------------------------------------------------------===//
16d157a9bcSAndrew Paverd 
17d157a9bcSAndrew Paverd #include "llvm/ADT/Statistic.h"
18d157a9bcSAndrew Paverd #include "llvm/CodeGen/MachineBasicBlock.h"
19d157a9bcSAndrew Paverd #include "llvm/CodeGen/MachineFunctionPass.h"
20d157a9bcSAndrew Paverd #include "llvm/CodeGen/MachineInstr.h"
21d157a9bcSAndrew Paverd #include "llvm/CodeGen/MachineModuleInfo.h"
22d157a9bcSAndrew Paverd #include "llvm/CodeGen/MachineOperand.h"
23d157a9bcSAndrew Paverd #include "llvm/CodeGen/Passes.h"
244169338eSNikita Popov #include "llvm/IR/Module.h"
2505da2fe5SReid Kleckner #include "llvm/InitializePasses.h"
26d157a9bcSAndrew Paverd 
27d157a9bcSAndrew Paverd using namespace llvm;
28d157a9bcSAndrew Paverd 
29d157a9bcSAndrew Paverd #define DEBUG_TYPE "cfguard-longjmp"
30d157a9bcSAndrew Paverd 
31d157a9bcSAndrew Paverd STATISTIC(CFGuardLongjmpTargets,
32d157a9bcSAndrew Paverd           "Number of Control Flow Guard longjmp targets");
33d157a9bcSAndrew Paverd 
34d157a9bcSAndrew Paverd namespace {
35d157a9bcSAndrew Paverd 
36d157a9bcSAndrew Paverd /// MachineFunction pass to insert a symbol after each call to _setjmp and store
37d157a9bcSAndrew Paverd /// this in the MachineFunction's LongjmpTargets vector.
38d157a9bcSAndrew Paverd class CFGuardLongjmp : public MachineFunctionPass {
39d157a9bcSAndrew Paverd public:
40d157a9bcSAndrew Paverd   static char ID;
41d157a9bcSAndrew Paverd 
42d157a9bcSAndrew Paverd   CFGuardLongjmp() : MachineFunctionPass(ID) {
43d157a9bcSAndrew Paverd     initializeCFGuardLongjmpPass(*PassRegistry::getPassRegistry());
44d157a9bcSAndrew Paverd   }
45d157a9bcSAndrew Paverd 
46d157a9bcSAndrew Paverd   StringRef getPassName() const override {
47d157a9bcSAndrew Paverd     return "Control Flow Guard longjmp targets";
48d157a9bcSAndrew Paverd   }
49d157a9bcSAndrew Paverd 
50d157a9bcSAndrew Paverd   bool runOnMachineFunction(MachineFunction &MF) override;
51d157a9bcSAndrew Paverd };
52d157a9bcSAndrew Paverd 
53d157a9bcSAndrew Paverd } // end anonymous namespace
54d157a9bcSAndrew Paverd 
55d157a9bcSAndrew Paverd char CFGuardLongjmp::ID = 0;
56d157a9bcSAndrew Paverd 
57d157a9bcSAndrew Paverd INITIALIZE_PASS(CFGuardLongjmp, "CFGuardLongjmp",
58d157a9bcSAndrew Paverd                 "Insert symbols at valid longjmp targets for /guard:cf", false,
59d157a9bcSAndrew Paverd                 false)
60d157a9bcSAndrew Paverd FunctionPass *llvm::createCFGuardLongjmpPass() { return new CFGuardLongjmp(); }
61d157a9bcSAndrew Paverd 
62d157a9bcSAndrew Paverd bool CFGuardLongjmp::runOnMachineFunction(MachineFunction &MF) {
63d157a9bcSAndrew Paverd 
64d157a9bcSAndrew Paverd   // Skip modules for which the cfguard flag is not set.
65*7d80ee5bSMatt Arsenault   if (!MF.getFunction().getParent()->getModuleFlag("cfguard"))
66d157a9bcSAndrew Paverd     return false;
67d157a9bcSAndrew Paverd 
68d157a9bcSAndrew Paverd   // Skip functions that do not have calls to _setjmp.
69d157a9bcSAndrew Paverd   if (!MF.getFunction().callsFunctionThatReturnsTwice())
70d157a9bcSAndrew Paverd     return false;
71d157a9bcSAndrew Paverd 
72d157a9bcSAndrew Paverd   SmallVector<MachineInstr *, 8> SetjmpCalls;
73d157a9bcSAndrew Paverd 
74d157a9bcSAndrew Paverd   // Iterate over all instructions in the function and add calls to functions
75d157a9bcSAndrew Paverd   // that return twice to the list of targets.
76d157a9bcSAndrew Paverd   for (MachineBasicBlock &MBB : MF) {
77d157a9bcSAndrew Paverd     for (MachineInstr &MI : MBB) {
78d157a9bcSAndrew Paverd 
79d157a9bcSAndrew Paverd       // Skip instructions that are not calls.
80d157a9bcSAndrew Paverd       if (!MI.isCall() || MI.getNumOperands() < 1)
81d157a9bcSAndrew Paverd         continue;
82d157a9bcSAndrew Paverd 
83d157a9bcSAndrew Paverd       // Iterate over operands to find calls to global functions.
84d157a9bcSAndrew Paverd       for (MachineOperand &MO : MI.operands()) {
85d157a9bcSAndrew Paverd         if (!MO.isGlobal())
86d157a9bcSAndrew Paverd           continue;
87d157a9bcSAndrew Paverd 
88d157a9bcSAndrew Paverd         auto *F = dyn_cast<Function>(MO.getGlobal());
89d157a9bcSAndrew Paverd         if (!F)
90d157a9bcSAndrew Paverd           continue;
91d157a9bcSAndrew Paverd 
92d157a9bcSAndrew Paverd         // If the instruction calls a function that returns twice, add
93d157a9bcSAndrew Paverd         // it to the list of targets.
94d157a9bcSAndrew Paverd         if (F->hasFnAttribute(Attribute::ReturnsTwice)) {
95d157a9bcSAndrew Paverd           SetjmpCalls.push_back(&MI);
96d157a9bcSAndrew Paverd           break;
97d157a9bcSAndrew Paverd         }
98d157a9bcSAndrew Paverd       }
99d157a9bcSAndrew Paverd     }
100d157a9bcSAndrew Paverd   }
101d157a9bcSAndrew Paverd 
102d157a9bcSAndrew Paverd   if (SetjmpCalls.empty())
103d157a9bcSAndrew Paverd     return false;
104d157a9bcSAndrew Paverd 
105d157a9bcSAndrew Paverd   unsigned SetjmpNum = 0;
106d157a9bcSAndrew Paverd 
107d157a9bcSAndrew Paverd   // For each possible target, create a new symbol and insert it immediately
108d157a9bcSAndrew Paverd   // after the call to setjmp. Add this symbol to the MachineFunction's list
109d157a9bcSAndrew Paverd   // of longjmp targets.
110d157a9bcSAndrew Paverd   for (MachineInstr *Setjmp : SetjmpCalls) {
111d157a9bcSAndrew Paverd     SmallString<128> SymbolName;
112d157a9bcSAndrew Paverd     raw_svector_ostream(SymbolName) << "$cfgsj_" << MF.getName() << SetjmpNum++;
113d157a9bcSAndrew Paverd     MCSymbol *SjSymbol = MF.getContext().getOrCreateSymbol(SymbolName);
114d157a9bcSAndrew Paverd 
115d157a9bcSAndrew Paverd     Setjmp->setPostInstrSymbol(MF, SjSymbol);
116d157a9bcSAndrew Paverd     MF.addLongjmpTarget(SjSymbol);
117d157a9bcSAndrew Paverd     CFGuardLongjmpTargets++;
118d157a9bcSAndrew Paverd   }
119d157a9bcSAndrew Paverd 
120d157a9bcSAndrew Paverd   return true;
121d157a9bcSAndrew Paverd }
122