Skip to content

Commit 9930f3e

Browse files
oskarwirgaoskarwirga
authoredDec 10, 2023
[AArch64] Fix case of 0 dynamic alloc when stack probing (#74877)
 I accidentally closed #74806 If the dynamic allocation size is 0, then we will still probe the current sp value despite not decrementing sp! This results in overwriting stack data, in my case the stack canary. The fix here is just to load the value of [sp] into xzr which is essentially a no-op but still performs a read/probe of the new page.
·
llvmorg-21-initllvmorg-18.1.0-rc1
1 parent cd6e462 commit 9930f3e

File tree

5 files changed

+18
-18
lines changed

5 files changed

+18
-18
lines changed
 

‎llvm/lib/Target/AArch64/AArch64InstrInfo.cpp

+3-3
Original file line numberDiff line numberDiff line change
@@ -9532,9 +9532,9 @@ AArch64InstrInfo::probedStackAlloc(MachineBasicBlock::iterator MBBI,
95329532
.addImm(AArch64_AM::getShifterImm(AArch64_AM::LSL, 0))
95339533
.setMIFlags(Flags);
95349534

9535-
// STR XZR, [SP]
9536-
BuildMI(*ExitMBB, ExitMBB->end(), DL, TII->get(AArch64::STRXui))
9537-
.addReg(AArch64::XZR)
9535+
// LDR XZR, [SP]
9536+
BuildMI(*ExitMBB, ExitMBB->end(), DL, TII->get(AArch64::LDRXui))
9537+
.addReg(AArch64::XZR, RegState::Define)
95389538
.addReg(AArch64::SP)
95399539
.addImm(0)
95409540
.setMIFlags(Flags);

‎llvm/test/CodeGen/AArch64/stack-probing-64k.ll

+1-1
Original file line numberDiff line numberDiff line change
@@ -313,7 +313,7 @@ define void @static_16_align_131072(ptr %out) #0 {
313313
; CHECK-NEXT: b .LBB9_1
314314
; CHECK-NEXT: .LBB9_3: // %entry
315315
; CHECK-NEXT: mov sp, x9
316-
; CHECK-NEXT: str xzr, [sp]
316+
; CHECK-NEXT: ldr xzr, [sp]
317317
; CHECK-NEXT: mov x8, sp
318318
; CHECK-NEXT: str x8, [x0]
319319
; CHECK-NEXT: mov sp, x29

‎llvm/test/CodeGen/AArch64/stack-probing-dynamic.ll

+8-8
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ define void @dynamic(i64 %size, ptr %out) #0 {
2828
; CHECK-NEXT: b .LBB0_1
2929
; CHECK-NEXT: .LBB0_3:
3030
; CHECK-NEXT: mov sp, x8
31-
; CHECK-NEXT: str xzr, [sp]
31+
; CHECK-NEXT: ldr xzr, [sp]
3232
; CHECK-NEXT: str x8, [x1]
3333
; CHECK-NEXT: mov sp, x29
3434
; CHECK-NEXT: .cfi_def_cfa wsp, 16
@@ -72,7 +72,7 @@ define void @dynamic_fixed(i64 %size, ptr %out1, ptr %out2) #0 {
7272
; CHECK-NEXT: b .LBB1_1
7373
; CHECK-NEXT: .LBB1_3:
7474
; CHECK-NEXT: mov sp, x8
75-
; CHECK-NEXT: str xzr, [sp]
75+
; CHECK-NEXT: ldr xzr, [sp]
7676
; CHECK-NEXT: str x8, [x2]
7777
; CHECK-NEXT: mov sp, x29
7878
; CHECK-NEXT: .cfi_def_cfa wsp, 16
@@ -122,7 +122,7 @@ define void @dynamic_align_64(i64 %size, ptr %out) #0 {
122122
; CHECK-NEXT: b .LBB2_1
123123
; CHECK-NEXT: .LBB2_3:
124124
; CHECK-NEXT: mov sp, x8
125-
; CHECK-NEXT: str xzr, [sp]
125+
; CHECK-NEXT: ldr xzr, [sp]
126126
; CHECK-NEXT: str x8, [x1]
127127
; CHECK-NEXT: mov sp, x29
128128
; CHECK-NEXT: .cfi_def_cfa wsp, 32
@@ -167,7 +167,7 @@ define void @dynamic_align_8192(i64 %size, ptr %out) #0 {
167167
; CHECK-NEXT: mov sp, x9
168168
; CHECK-NEXT: add x9, x0, #15
169169
; CHECK-NEXT: mov x8, sp
170-
; CHECK-NEXT: str xzr, [sp]
170+
; CHECK-NEXT: ldr xzr, [sp]
171171
; CHECK-NEXT: and x9, x9, #0xfffffffffffffff0
172172
; CHECK-NEXT: mov x19, sp
173173
; CHECK-NEXT: sub x8, x8, x9
@@ -181,7 +181,7 @@ define void @dynamic_align_8192(i64 %size, ptr %out) #0 {
181181
; CHECK-NEXT: b .LBB3_4
182182
; CHECK-NEXT: .LBB3_6:
183183
; CHECK-NEXT: mov sp, x8
184-
; CHECK-NEXT: str xzr, [sp]
184+
; CHECK-NEXT: ldr xzr, [sp]
185185
; CHECK-NEXT: str x8, [x1]
186186
; CHECK-NEXT: mov sp, x29
187187
; CHECK-NEXT: .cfi_def_cfa wsp, 32
@@ -221,7 +221,7 @@ define void @dynamic_64k_guard(i64 %size, ptr %out) #0 "stack-probe-size"="65536
221221
; CHECK-NEXT: b .LBB4_1
222222
; CHECK-NEXT: .LBB4_3:
223223
; CHECK-NEXT: mov sp, x8
224-
; CHECK-NEXT: str xzr, [sp]
224+
; CHECK-NEXT: ldr xzr, [sp]
225225
; CHECK-NEXT: str x8, [x1]
226226
; CHECK-NEXT: mov sp, x29
227227
; CHECK-NEXT: .cfi_def_cfa wsp, 16
@@ -265,7 +265,7 @@ define void @no_reserved_call_frame(i64 %n) #0 {
265265
; CHECK-NEXT: b .LBB5_1
266266
; CHECK-NEXT: .LBB5_3: // %entry
267267
; CHECK-NEXT: mov sp, x0
268-
; CHECK-NEXT: str xzr, [sp]
268+
; CHECK-NEXT: ldr xzr, [sp]
269269
; CHECK-NEXT: sub sp, sp, #1104
270270
; CHECK-NEXT: str xzr, [sp]
271271
; CHECK-NEXT: bl callee_stack_args
@@ -344,7 +344,7 @@ define void @dynamic_sve(i64 %size, ptr %out) #0 "target-features"="+sve" {
344344
; CHECK-NEXT: b .LBB7_1
345345
; CHECK-NEXT: .LBB7_3:
346346
; CHECK-NEXT: mov sp, x8
347-
; CHECK-NEXT: str xzr, [sp]
347+
; CHECK-NEXT: ldr xzr, [sp]
348348
; CHECK-NEXT: str x8, [x1]
349349
; CHECK-NEXT: mov sp, x29
350350
; CHECK-NEXT: .cfi_def_cfa wsp, 32

‎llvm/test/CodeGen/AArch64/stack-probing-sve.ll

+5-5
Original file line numberDiff line numberDiff line change
@@ -115,7 +115,7 @@ define void @sve_17_vector(ptr %out) #0 {
115115
; CHECK-NEXT: b .LBB3_1
116116
; CHECK-NEXT: .LBB3_3: // %entry
117117
; CHECK-NEXT: mov sp, x9
118-
; CHECK-NEXT: str xzr, [sp]
118+
; CHECK-NEXT: ldr xzr, [sp]
119119
; CHECK-NEXT: .cfi_def_cfa_register wsp
120120
; CHECK-NEXT: addvl sp, sp, #17
121121
; CHECK-NEXT: .cfi_def_cfa wsp, 16
@@ -351,7 +351,7 @@ define void @sve_16v_1p_csr(<vscale x 4 x float> %a) #0 {
351351
; CHECK-NEXT: b .LBB9_1
352352
; CHECK-NEXT: .LBB9_3: // %entry
353353
; CHECK-NEXT: mov sp, x9
354-
; CHECK-NEXT: str xzr, [sp]
354+
; CHECK-NEXT: ldr xzr, [sp]
355355
; CHECK-NEXT: .cfi_def_cfa_register wsp
356356
; CHECK-NEXT: str p8, [sp, #7, mul vl] // 2-byte Folded Spill
357357
; CHECK-NEXT: str z23, [sp, #1, mul vl] // 16-byte Folded Spill
@@ -467,7 +467,7 @@ define void @sve_1_vector_4096_arr(ptr %out) #0 {
467467
; CHECK-NEXT: b .LBB11_1
468468
; CHECK-NEXT: .LBB11_3: // %entry
469469
; CHECK-NEXT: mov sp, x9
470-
; CHECK-NEXT: str xzr, [sp]
470+
; CHECK-NEXT: ldr xzr, [sp]
471471
; CHECK-NEXT: .cfi_def_cfa_register wsp
472472
; CHECK-NEXT: addvl sp, sp, #31
473473
; CHECK-NEXT: .cfi_escape 0x0f, 0x0f, 0x8f, 0x00, 0x11, 0x90, 0xe0, 0x00, 0x22, 0x11, 0x88, 0x02, 0x92, 0x2e, 0x00, 0x1e, 0x22 // sp + 12304 + 264 * VG
@@ -516,7 +516,7 @@ define void @sve_1_vector_16_arr_align_8192(ptr %out) #0 {
516516
; CHECK-NEXT: b .LBB12_1
517517
; CHECK-NEXT: .LBB12_3: // %entry
518518
; CHECK-NEXT: mov sp, x9
519-
; CHECK-NEXT: str xzr, [sp]
519+
; CHECK-NEXT: ldr xzr, [sp]
520520
; CHECK-NEXT: mov sp, x29
521521
; CHECK-NEXT: .cfi_def_cfa wsp, 16
522522
; CHECK-NEXT: ldp x29, x30, [sp], #16 // 16-byte Folded Reload
@@ -616,7 +616,7 @@ define void @sve_1028_64k_guard(ptr %out) #0 "stack-probe-size"="65536" {
616616
; CHECK-NEXT: b .LBB14_1
617617
; CHECK-NEXT: .LBB14_3: // %entry
618618
; CHECK-NEXT: mov sp, x9
619-
; CHECK-NEXT: str xzr, [sp]
619+
; CHECK-NEXT: ldr xzr, [sp]
620620
; CHECK-NEXT: .cfi_def_cfa_register wsp
621621
; CHECK-NEXT: addvl sp, sp, #31
622622
; CHECK-NEXT: .cfi_escape 0x0f, 0x0d, 0x8f, 0x00, 0x11, 0x10, 0x22, 0x11, 0x90, 0x0e, 0x92, 0x2e, 0x00, 0x1e, 0x22 // sp + 16 + 1808 * VG

‎llvm/test/CodeGen/AArch64/stack-probing.ll

+1-1
Original file line numberDiff line numberDiff line change
@@ -400,7 +400,7 @@ define void @static_16_align_8192(ptr %out) #0 {
400400
; CHECK-NEXT: b .LBB13_1
401401
; CHECK-NEXT: .LBB13_3: // %entry
402402
; CHECK-NEXT: mov sp, x9
403-
; CHECK-NEXT: str xzr, [sp]
403+
; CHECK-NEXT: ldr xzr, [sp]
404404
; CHECK-NEXT: mov x8, sp
405405
; CHECK-NEXT: str x8, [x0]
406406
; CHECK-NEXT: mov sp, x29

0 commit comments

Comments
 (0)
Please sign in to comment.