Fixed Issue #31.

Fixed the instrumentation of 64-bit jumps that read their target operand from memory so that they ensure that the target is in kernel memory. Fixes Issue #31.
jtcriswell · Apr 19, 2018 · 38e6832 · 38e6832
1 parent 491397d
commit 38e6832
Showing 1 changed file with 15 additions and 2 deletions.
diff --git a/llvm/lib/Target/X86/X86CFIOptPass.cpp b/llvm/lib/Target/X86/X86CFIOptPass.cpp
@@ -753,11 +753,24 @@ void X86CFIOptPass::insertCheckJmp64m(MachineBasicBlock& MBB, MachineInstr* MI,
     else
       abort();
 
+    //
+    // Save the register on the stack.
     // pushl %reg
+    //
     BuildMI (MBB,MI,dl,TII->get(X86::PUSH64r)).addReg(reg);
 
-    // MOV64rm  mem_loc, %reg
-    BuildMI(MBB,MI,dl,TII->get(X86::MOV64rm),reg)
+    //
+    // Load the bitmask into the register.
+    //
+    BuildMI(MBB,MI,dl,TII->get(X86::MOV32ri),reg).addImm(0x7fffff80);
+    BuildMI(MBB,MI,dl,TII->get(X86::SHL64ri),reg).addReg(reg).addImm(32);
+
+    //
+    // Use a bitwise OR to mask the target (stored in memory) with the mask and
+    // place the result into the register.
+    //
+    BuildMI(MBB,MI,dl,TII->get(X86::OR64rm),reg)
+      .addReg(reg)                         // target register operand
       .addReg(MI->getOperand(0).getReg())  // base
       .addImm(MI->getOperand(1).getImm())  // scale
       .addReg(MI->getOperand(2).getReg())  // index