Sync gadget fixup optimization from base.

From Brad.
2021-07-12 23:54:05 +00:00 · 2021-07-12 23:54:05 +00:00 · 44e2d604f5
commit 44e2d604f5
parent e086eb7a5e
2 changed files with 43 additions and 4 deletions
--- a/devel/llvm/Makefile
+++ b/devel/llvm/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.278 2021/06/27 16:10:23 jca Exp $
+# $OpenBSD: Makefile,v 1.279 2021/07/12 23:54:05 jca Exp $

 # XXX If broken on an architecture, remove the arch from LLVM_ARCHS.
 ONLY_FOR_ARCHS = ${LLVM_ARCHS}
@ -18,7 +18,7 @@ PKGSPEC-main =	llvm-=${LLVM_V}
 PKGNAME-main =	llvm-${LLVM_V}
 PKGNAME-python =	py3-llvm-${LLVM_V}
 PKGNAME-lldb =	lldb-${LLVM_V}
-REVISION-main =	2
+REVISION-main =	3

 CATEGORIES =	devel

--- a/devel/llvm/patches/patch-lib_Target_X86_X86FixupGadgets_cpp
+++ b/devel/llvm/patches/patch-lib_Target_X86_X86FixupGadgets_cpp
@ -1,4 +1,4 @@
-$OpenBSD: patch-lib_Target_X86_X86FixupGadgets_cpp,v 1.4 2019/07/06 15:06:36 jca Exp $
+$OpenBSD: patch-lib_Target_X86_X86FixupGadgets_cpp,v 1.5 2021/07/12 23:54:05 jca Exp $

 - Add a clang pass that identifies potential ROP gadgets and replaces ROP
  friendly instructions with safe alternatives. This initial commit fixes
@ -6,11 +6,12 @@ $OpenBSD: patch-lib_Target_X86_X86FixupGadgets_cpp,v 1.4 2019/07/06 15:06:36 jca
  Additional problematic instructions can be fixed incrementally using
  this framework.
 - Improve the X86FixupGadgets pass
+- Optimize gadget fixups for MOV instructions

 Index: lib/Target/X86/X86FixupGadgets.cpp
 --- lib/Target/X86/X86FixupGadgets.cpp.orig
 +++ lib/Target/X86/X86FixupGadgets.cpp
-@@ -0,0 +1,670 @@
+@@ -0,0 +1,708 @@
 +//===-- X86FixupGadgets.cpp - Fixup Instructions that make ROP Gadgets ----===//
 +//
 +//                     The LLVM Compiler Infrastructure
@ -103,6 +104,7 @@ Index: lib/Target/X86/X86FixupGadgets.cpp
 +  unsigned getEquivalentRegForReg(unsigned oreg, unsigned nreg) const;
 +  bool hasImplicitUseOrDef(const MachineInstr &MI, unsigned Reg1,
 +                           unsigned Reg2) const;
+  bool fixupWithoutExchange(MachineInstr &MI);
 +
 +  bool fixupInstruction(MachineFunction &MF, MachineBasicBlock &MBB,
 +                        MachineInstr &MI, struct FixupInfo Info);
@ -576,6 +578,38 @@ Index: lib/Target/X86/X86FixupGadgets.cpp
 +  return false;
 +}
 +
+bool FixupGadgetsPass::fixupWithoutExchange(MachineInstr &MI) {
+  switch (MI.getOpcode()) {
+    case X86::MOV8rr_REV:
+      MI.setDesc(TII->get(X86::MOV8rr));
+      break;
+    case X86::MOV16rr_REV:
+      MI.setDesc(TII->get(X86::MOV16rr));
+      break;
+    case X86::MOV32rr_REV:
+      MI.setDesc(TII->get(X86::MOV32rr));
+      break;
+    case X86::MOV64rr_REV:
+      MI.setDesc(TII->get(X86::MOV64rr));
+      break;
+    case X86::MOV8rr:
+      MI.setDesc(TII->get(X86::MOV8rr_REV));
+      break;
+    case X86::MOV16rr:
+      MI.setDesc(TII->get(X86::MOV16rr_REV));
+      break;
+    case X86::MOV32rr:
+      MI.setDesc(TII->get(X86::MOV32rr_REV));
+      break;
+    case X86::MOV64rr:
+      MI.setDesc(TII->get(X86::MOV64rr_REV));
+      break;
+    default:
+      return false;
+  }
+  return true;
+}
+
 +bool FixupGadgetsPass::fixupInstruction(MachineFunction &MF,
 +                                        MachineBasicBlock &MBB,
 +                                        MachineInstr &MI, FixupInfo Info) {
@ -623,6 +657,11 @@ Index: lib/Target/X86/X86FixupGadgets.cpp
 +    SwapReg2 = treg;
 +  }
 +
+  // Check for specific instructions we can fix without the xchg dance
+  if (fixupWithoutExchange(MI)) {
+      return true;
+  }
+
 +  // Swap the two registers to start
 +  BuildMI(MBB, MI, DL, TII->get(XCHG))
 +      .addReg(SwapReg1, RegState::Define)