Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/contrib/llvm-project/llvm/lib/CodeGen/AsmPrinter/WinCFGuard.cpp
35271 views
1
//===-- CodeGen/AsmPrinter/WinCFGuard.cpp - Control Flow Guard Impl ------===//

2
//

3
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.

4
// See https://llvm.org/LICENSE.txt for license information.

5
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception

6
//

7
//===----------------------------------------------------------------------===//

8
//

9
// This file contains support for writing the metadata for Windows Control Flow

10
// Guard, including address-taken functions and valid longjmp targets.

11
//

12
//===----------------------------------------------------------------------===//

13


14
#include "WinCFGuard.h"

15
#include "llvm/CodeGen/AsmPrinter.h"

16
#include "llvm/CodeGen/MachineFunction.h"

17
#include "llvm/CodeGen/MachineModuleInfo.h"

18
#include "llvm/IR/Constants.h"

19
#include "llvm/IR/InstrTypes.h"

20
#include "llvm/IR/Module.h"

21
#include "llvm/MC/MCObjectFileInfo.h"

22
#include "llvm/MC/MCStreamer.h"

23


24
#include <vector>

25


26
using namespace llvm;

27


28
WinCFGuard::WinCFGuard(AsmPrinter *A) : Asm(A) {}

29


30
WinCFGuard::~WinCFGuard() = default;

31


32
void WinCFGuard::endFunction(const MachineFunction *MF) {

33


34
  // Skip functions without any longjmp targets.

35
  if (MF->getLongjmpTargets().empty())

36
    return;

37


38
  // Copy the function's longjmp targets to a module-level list.

39
  llvm::append_range(LongjmpTargets, MF->getLongjmpTargets());

40
}

41


42
/// Returns true if this function's address is escaped in a way that might make

43
/// it an indirect call target. Function::hasAddressTaken gives different

44
/// results when a function is called directly with a function prototype

45
/// mismatch, which requires a cast.

46
static bool isPossibleIndirectCallTarget(const Function *F) {

47
  SmallVector<const Value *, 4> Users{F};

48
  while (!Users.empty()) {

49
    const Value *FnOrCast = Users.pop_back_val();

50
    for (const Use &U : FnOrCast->uses()) {

51
      const User *FnUser = U.getUser();

52
      if (isa<BlockAddress>(FnUser))

53
        continue;

54
      if (const auto *Call = dyn_cast<CallBase>(FnUser)) {

55
        if (!Call->isCallee(&U))

56
          return true;

57
      } else if (isa<Instruction>(FnUser)) {

58
        // Consider any other instruction to be an escape. This has some weird

59
        // consequences like no-op intrinsics being an escape or a store *to* a

60
        // function address being an escape.

61
        return true;

62
      } else if (const auto *C = dyn_cast<Constant>(FnUser)) {

63
        // If this is a constant pointer cast of the function, don't consider

64
        // this escape. Analyze the uses of the cast as well. This ensures that

65
        // direct calls with mismatched prototypes don't end up in the CFG

66
        // table. Consider other constants, such as vtable initializers, to

67
        // escape the function.

68
        if (C->stripPointerCasts() == F)

69
          Users.push_back(FnUser);

70
        else

71
          return true;

72
      }

73
    }

74
  }

75
  return false;

76
}

77


78
MCSymbol *WinCFGuard::lookupImpSymbol(const MCSymbol *Sym) {

79
  if (Sym->getName().starts_with("__imp_"))

80
    return nullptr;

81
  return Asm->OutContext.lookupSymbol(Twine("__imp_") + Sym->getName());

82
}

83


84
void WinCFGuard::endModule() {

85
  const Module *M = Asm->MMI->getModule();

86
  std::vector<const MCSymbol *> GFIDsEntries;

87
  std::vector<const MCSymbol *> GIATsEntries;

88
  for (const Function &F : *M) {

89
    if (isPossibleIndirectCallTarget(&F)) {

90
      // If F is a dllimport and has an "__imp_" symbol already defined, add the

91
      // "__imp_" symbol to the .giats section.

92
      if (F.hasDLLImportStorageClass()) {

93
        if (MCSymbol *impSym = lookupImpSymbol(Asm->getSymbol(&F))) {

94
          GIATsEntries.push_back(impSym);

95
        }

96
      }

97
      // Add the function's symbol to the .gfids section.

98
      // Note: For dllimport functions, MSVC sometimes does not add this symbol

99
      // to the .gfids section, but only adds the corresponding "__imp_" symbol

100
      // to the .giats section. Here we always add the symbol to the .gfids

101
      // section, since this does not introduce security risks.

102
      GFIDsEntries.push_back(Asm->getSymbol(&F));

103
    }

104
  }

105


106
  if (GFIDsEntries.empty() && GIATsEntries.empty() && LongjmpTargets.empty())

107
    return;

108


109
  // Emit the symbol index of each GFIDs entry to form the .gfids section.

110
  auto &OS = *Asm->OutStreamer;

111
  OS.switchSection(Asm->OutContext.getObjectFileInfo()->getGFIDsSection());

112
  for (const MCSymbol *S : GFIDsEntries)

113
    OS.emitCOFFSymbolIndex(S);

114


115
  // Emit the symbol index of each GIATs entry to form the .giats section.

116
  OS.switchSection(Asm->OutContext.getObjectFileInfo()->getGIATsSection());

117
  for (const MCSymbol *S : GIATsEntries) {

118
    OS.emitCOFFSymbolIndex(S);

119
  }

120


121
  // Emit the symbol index of each longjmp target to form the .gljmp section.

122
  OS.switchSection(Asm->OutContext.getObjectFileInfo()->getGLJMPSection());

123
  for (const MCSymbol *S : LongjmpTargets) {

124
    OS.emitCOFFSymbolIndex(S);

125
  }

126
}

127


128