AArch64: Use SBFX instead of UBFX to extract address granule in outli…

…ned HWASan checks. In a kernel (or in general in environments where bit 55 of the address is set) the shadow base needs to point to the end of the shadow region, not the beginning. Bit 55 needs to be sign extended into bits 52-63 of the shadow base offset, otherwise we end up loading from an invalid address. We can do this by using SBFX instead of UBFX. Using SBFX should have no effect in the userspace case where bit 55 of the address is clear so we do so unconditionally. I don't think we need a ABI version bump for this (but one will come anyway when we switch to x20 for the shadow base register). Differential Revision: https://reviews.llvm.org/D90424
llvm · Oct 30, 2020 · c9b1a2b · c9b1a2b
1 parent 3859fc6
commit c9b1a2b
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/clang/docs/HardwareAssistedAddressSanitizerDesign.rst b/clang/docs/HardwareAssistedAddressSanitizerDesign.rst
@@ -96,7 +96,7 @@ Currently, the following sequence is used:
 
   [...]
   __hwasan_check_x0_2_short_v2:
-        ubfx    x16, x0, #4, #52                        // shadow offset
+        sbfx    x16, x0, #4, #52                        // shadow offset
         ldrb    w16, [x20, x16]                         // load shadow tag
         cmp     x16, x0, lsr #56                        // extract address tag, compare with shadow tag
         b.ne    .Ltmp0                                  // jump to short tag handler on mismatch

diff --git a/llvm/lib/Target/AArch64/AArch64AsmPrinter.cpp b/llvm/lib/Target/AArch64/AArch64AsmPrinter.cpp
@@ -348,7 +348,7 @@ void AArch64AsmPrinter::EmitHwasanMemaccessSymbols(Module &M) {
     OutStreamer->emitSymbolAttribute(Sym, MCSA_Hidden);
     OutStreamer->emitLabel(Sym);
 
-    OutStreamer->emitInstruction(MCInstBuilder(AArch64::UBFMXri)
+    OutStreamer->emitInstruction(MCInstBuilder(AArch64::SBFMXri)
                                      .addReg(AArch64::X16)
                                      .addReg(Reg)
                                      .addImm(4)

diff --git a/llvm/test/CodeGen/AArch64/hwasan-check-memaccess.ll b/llvm/test/CodeGen/AArch64/hwasan-check-memaccess.ll
@@ -38,7 +38,7 @@ declare void @llvm.hwasan.check.memaccess.shortgranules(i8*, i8*, i32)
 ; CHECK-NEXT: .weak __hwasan_check_x0_2_short_v2
 ; CHECK-NEXT: .hidden __hwasan_check_x0_2_short_v2
 ; CHECK-NEXT: __hwasan_check_x0_2_short_v2:
-; CHECK-NEXT: ubfx x16, x0, #4, #52
+; CHECK-NEXT: sbfx x16, x0, #4, #52
 ; CHECK-NEXT: ldrb w16, [x20, x16]
 ; CHECK-NEXT: cmp x16, x0, lsr #56
 ; CHECK-NEXT: b.ne .Ltmp0
@@ -69,7 +69,7 @@ declare void @llvm.hwasan.check.memaccess.shortgranules(i8*, i8*, i32)
 ; CHECK-NEXT: .weak __hwasan_check_x1_1
 ; CHECK-NEXT: .hidden __hwasan_check_x1_1
 ; CHECK-NEXT: __hwasan_check_x1_1:
-; CHECK-NEXT: ubfx x16, x1, #4, #52
+; CHECK-NEXT: sbfx x16, x1, #4, #52
 ; CHECK-NEXT: ldrb w16, [x9, x16]
 ; CHECK-NEXT: cmp x16, x1, lsr #56
 ; CHECK-NEXT: b.ne .Ltmp3