Skip to content

Commit

Permalink
Reuse shadowstack in cloned functions.
Browse files Browse the repository at this point in the history
  • Loading branch information
Pavel-Durov committed Jan 21, 2025
1 parent 7386572 commit 78c196a
Show file tree
Hide file tree
Showing 7 changed files with 77 additions and 32 deletions.
3 changes: 2 additions & 1 deletion llvm/include/llvm/Transforms/Yk/ModuleClone.h
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,8 @@

#include "llvm/Pass.h"

#define YK_CLONE_PREFIX "__yk_unopt_"
#define YK_UNOPT_PREFIX "__yk_unopt_"
#define YK_UNOPT_MAIN "__yk_unopt_main"
#define YK_CLONE_MODULE_CP_COUNT 2

namespace llvm {
Expand Down
2 changes: 1 addition & 1 deletion llvm/include/llvm/Transforms/Yk/ShadowStack.h
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
#include "llvm/Pass.h"

namespace llvm {
ModulePass *createYkShadowStackPass();
ModulePass *createYkShadowStackPass(uint64_t controlPointCount);
} // namespace llvm

#endif
2 changes: 1 addition & 1 deletion llvm/lib/CodeGen/TargetPassConfig.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1162,7 +1162,7 @@ bool TargetPassConfig::addISelPasses() {
}

if (YkShadowStack) {
addPass(createYkShadowStackPass());
addPass(createYkShadowStackPass(numberOfControlPoints));
}
// We insert the yk control point pass as late as possible. It has to run
// before instruction selection (or the machine IR won't reflect our
Expand Down
4 changes: 2 additions & 2 deletions llvm/lib/Transforms/Yk/ModuleClone.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ struct YkModuleClone : public ModulePass {
continue;
}
// Skip already cloned functions or functions with address taken.
if (F.hasAddressTaken() || F.getName().startswith(YK_CLONE_PREFIX)) {
if (F.hasAddressTaken() || F.getName().startswith(YK_UNOPT_PREFIX)) {
continue;
}
ValueToValueMapTy VMap;
Expand All @@ -96,7 +96,7 @@ struct YkModuleClone : public ModulePass {
}
// Rename function
auto originalName = F.getName().str();
auto cloneName = Twine(YK_CLONE_PREFIX) + originalName;
auto cloneName = Twine(YK_UNOPT_PREFIX) + originalName;
ClonedFunc->setName(cloneName);
ClonedFuncs[originalName] = ClonedFunc;
}
Expand Down
92 changes: 68 additions & 24 deletions llvm/lib/Transforms/Yk/ShadowStack.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -118,9 +118,14 @@ class YkShadowStack : public ModulePass {
Type *Int32Ty = nullptr;
Type *PointerSizedIntTy = nullptr;

private:
uint64_t controlPointCount;

public:
static char ID;
YkShadowStack() : ModulePass(ID) {

YkShadowStack(uint64_t controlPointCount)
: ModulePass(ID), controlPointCount(controlPointCount) {
initializeYkShadowStackPass(*PassRegistry::getPassRegistry());
}

Expand Down Expand Up @@ -271,6 +276,62 @@ class YkShadowStack : public ModulePass {
}
}

// Handle main() separatley, since it works slightly differently to other
// functions: it allocates the shadow stack
//
// For main clone: `__yk_unopt_main` we need to update the allocas
// while reusing the same shadow stack pointer as the original main.
//
// Note that since we assuming main() doesn't call main(), we can consider
// the shadow stack disused at the point main() returns. For this reason,
// there's no need to emit a shadow epilogue for main().
//
// YKFIXME: Investigate languages that don't have/use main as the first
// entry point.
void updateMainFunctions(DataLayout &DL, Module &M, GlobalVariable *SSGlobal,
LLVMContext &Context) {
Function *Main = M.getFunction(MAIN);
if (Main == nullptr || Main->isDeclaration()) {
Context.emitError("Unable to add shadow stack: could not find definition "
"of \"main\" function!");
return;
}

// Update the original main function.
std::map<AllocaInst *, size_t> MainAllocas;
std::vector<ReturnInst *> MainRets;
size_t SFrameSize = analyseFunction(*Main, DL, MainAllocas, MainRets);
CallInst *Malloc = insertMainPrologue(Main, SSGlobal, SFrameSize);
rewriteAllocas(DL, MainAllocas, Malloc);

// If we have two control points, we need to update the cloned main
// function as well.
if (controlPointCount == 2) {
Function *MainClone = M.getFunction(YK_UNOPT_MAIN);
if (MainClone == nullptr || MainClone->isDeclaration()) {
Context.emitError(
"Unable to add shadow stack: could not find definition "
"of \"__yk_unopt_main\" function!");
return;
}

std::map<AllocaInst *, size_t> MainCloneAllocas;
std::vector<ReturnInst *> MainCloneRets;
size_t SFrameSizeClone =
analyseFunction(*MainClone, DL, MainCloneAllocas, MainCloneRets);

// Insert a load of SSGlobal at the beginning of MainClone.
BasicBlock &EntryBB = MainClone->getEntryBlock();
Instruction *FirstNonPHI = EntryBB.getFirstNonPHI();
IRBuilder<> BuilderClone(FirstNonPHI);

// Load the current shadow stack pointer from the global variable.
LoadInst *LoadedSSPtr = BuilderClone.CreateLoad(Int8PtrTy, SSGlobal);
// Replace all allocas in MainClone with the loaded shadow stack pointer.
rewriteAllocas(DL, MainCloneAllocas, LoadedSSPtr);
}
}

bool runOnModule(Module &M) override {
LLVMContext &Context = M.getContext();

Expand All @@ -291,35 +352,16 @@ class YkShadowStack : public ModulePass {
SSGlobal->setInitializer(
ConstantPointerNull::get(cast<PointerType>(Int8PtrTy)));

// Handle main() separatley, since it works slightly differently to other
// functions: it allocates the shadow stack.
//
// Note that since we assuming main() doesn't call main(), we can consider
// the shadow stack disused at the point main() returns. For this reason,
// there's no need to emit a shadow epilogue for main().
//
// YKFIXME: Investigate languages that don't have/use main as the first
// entry point.
Function *Main = M.getFunction(MAIN);
if (Main == nullptr || Main->isDeclaration()) {
Context.emitError("Unable to add shadow stack: could not find definition "
"of \"main\" function!");
}
std::map<AllocaInst *, size_t> MainAllocas;
std::vector<ReturnInst *> MainRets;
size_t SFrameSize = analyseFunction(*Main, DL, MainAllocas, MainRets);
CallInst *Malloc = insertMainPrologue(Main, SSGlobal, SFrameSize);
rewriteAllocas(DL, MainAllocas, Malloc);
updateMainFunctions(DL, M, SSGlobal, Context);

// Instrument each remaining function with shadow stack code.
for (Function &F : M) {
if (F.empty()) {
// skip declarations.
continue;
}

if (F.getName() == MAIN || F.getName().startswith(YK_CLONE_PREFIX)) {
// We've handled main already.
// skip already handled main and unopt functions
if (F.getName() == MAIN || F.getName() == YK_UNOPT_MAIN) {
continue;
}

Expand Down Expand Up @@ -349,4 +391,6 @@ class YkShadowStack : public ModulePass {
char YkShadowStack::ID = 0;
INITIALIZE_PASS(YkShadowStack, DEBUG_TYPE, "yk shadowstack", false, false)

ModulePass *llvm::createYkShadowStackPass() { return new YkShadowStack(); }
ModulePass *llvm::createYkShadowStackPass(uint64_t controlPointCount) {
return new YkShadowStack(controlPointCount);
}
2 changes: 1 addition & 1 deletion llvm/lib/Transforms/Yk/StackMaps.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ class YkStackmaps : public ModulePass {
for (Function &F : M) {
if (F.empty()) // skip declarations.
continue;
if (F.getName().startswith(YK_CLONE_PREFIX)) // skip cloned functions
if (F.getName().startswith(YK_UNOPT_PREFIX)) // skip cloned functions
continue;

LivenessAnalysis LA(&F);
Expand Down
4 changes: 2 additions & 2 deletions llvm/lib/YkIR/YkIRWriter.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1795,7 +1795,7 @@ class YkIRWriter {
int functionCount = 0;
for (llvm::Function &F : M) {
// Skip cloned functions
if (!StringRef(F.getName()).startswith(YK_CLONE_PREFIX)) {
if (!StringRef(F.getName()).startswith(YK_UNOPT_PREFIX)) {
FunctionIndexMap[&F] = functionCount;
functionCount++;
}
Expand All @@ -1805,7 +1805,7 @@ class YkIRWriter {
// funcs:
for (llvm::Function &F : M) {
// Skip cloned functions
if (StringRef(F.getName()).startswith(YK_CLONE_PREFIX)) {
if (StringRef(F.getName()).startswith(YK_UNOPT_PREFIX)) {
continue;
}
serialiseFunc(F);
Expand Down

0 comments on commit 78c196a

Please sign in to comment.