1 //===-- CFGuardLongjmp.cpp - Longjmp symbols for CFGuard --------*- C++ -*-===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 /// 9 /// \file 10 /// This file contains a machine function pass to insert a symbol after each 11 /// call to _setjmp and store this in the MachineFunction's LongjmpTargets 12 /// vector. This will be used to emit the table of valid longjmp targets used 13 /// by Control Flow Guard. 14 /// 15 //===----------------------------------------------------------------------===// 16 17 #include "llvm/ADT/Statistic.h" 18 #include "llvm/CodeGen/MachineBasicBlock.h" 19 #include "llvm/CodeGen/MachineFunctionPass.h" 20 #include "llvm/CodeGen/MachineInstr.h" 21 #include "llvm/CodeGen/MachineModuleInfo.h" 22 #include "llvm/CodeGen/MachineOperand.h" 23 #include "llvm/CodeGen/Passes.h" 24 25 using namespace llvm; 26 27 #define DEBUG_TYPE "cfguard-longjmp" 28 29 STATISTIC(CFGuardLongjmpTargets, 30 "Number of Control Flow Guard longjmp targets"); 31 32 namespace { 33 34 /// MachineFunction pass to insert a symbol after each call to _setjmp and store 35 /// this in the MachineFunction's LongjmpTargets vector. 36 class CFGuardLongjmp : public MachineFunctionPass { 37 public: 38 static char ID; 39 40 CFGuardLongjmp() : MachineFunctionPass(ID) { 41 initializeCFGuardLongjmpPass(*PassRegistry::getPassRegistry()); 42 } 43 44 StringRef getPassName() const override { 45 return "Control Flow Guard longjmp targets"; 46 } 47 48 bool runOnMachineFunction(MachineFunction &MF) override; 49 }; 50 51 } // end anonymous namespace 52 53 char CFGuardLongjmp::ID = 0; 54 55 INITIALIZE_PASS(CFGuardLongjmp, "CFGuardLongjmp", 56 "Insert symbols at valid longjmp targets for /guard:cf", false, 57 false) 58 FunctionPass *llvm::createCFGuardLongjmpPass() { return new CFGuardLongjmp(); } 59 60 bool CFGuardLongjmp::runOnMachineFunction(MachineFunction &MF) { 61 62 // Skip modules for which the cfguard flag is not set. 63 if (!MF.getMMI().getModule()->getModuleFlag("cfguard")) 64 return false; 65 66 // Skip functions that do not have calls to _setjmp. 67 if (!MF.getFunction().callsFunctionThatReturnsTwice()) 68 return false; 69 70 SmallVector<MachineInstr *, 8> SetjmpCalls; 71 72 // Iterate over all instructions in the function and add calls to functions 73 // that return twice to the list of targets. 74 for (MachineBasicBlock &MBB : MF) { 75 for (MachineInstr &MI : MBB) { 76 77 // Skip instructions that are not calls. 78 if (!MI.isCall() || MI.getNumOperands() < 1) 79 continue; 80 81 // Iterate over operands to find calls to global functions. 82 for (MachineOperand &MO : MI.operands()) { 83 if (!MO.isGlobal()) 84 continue; 85 86 auto *F = dyn_cast<Function>(MO.getGlobal()); 87 if (!F) 88 continue; 89 90 // If the instruction calls a function that returns twice, add 91 // it to the list of targets. 92 if (F->hasFnAttribute(Attribute::ReturnsTwice)) { 93 SetjmpCalls.push_back(&MI); 94 break; 95 } 96 } 97 } 98 } 99 100 if (SetjmpCalls.empty()) 101 return false; 102 103 unsigned SetjmpNum = 0; 104 105 // For each possible target, create a new symbol and insert it immediately 106 // after the call to setjmp. Add this symbol to the MachineFunction's list 107 // of longjmp targets. 108 for (MachineInstr *Setjmp : SetjmpCalls) { 109 SmallString<128> SymbolName; 110 raw_svector_ostream(SymbolName) << "$cfgsj_" << MF.getName() << SetjmpNum++; 111 MCSymbol *SjSymbol = MF.getContext().getOrCreateSymbol(SymbolName); 112 113 Setjmp->setPostInstrSymbol(MF, SjSymbol); 114 MF.addLongjmpTarget(SjSymbol); 115 CFGuardLongjmpTargets++; 116 } 117 118 return true; 119 } 120