mirror of
https://git.yoctoproject.org/poky
synced 2026-04-25 15:32:13 +02:00
2a6c675b9a
(From OE-Core rev: c001e2af10d8afa13c8f50632a074c5a9a00d7bb) Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
118 lines
4.8 KiB
Diff
118 lines
4.8 KiB
Diff
commit 0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2
|
|
Author: ostannard <oliver.stannard@arm.com>
|
|
Date: Mon Feb 26 12:23:25 2024 +0000
|
|
|
|
[ARM] Update IsRestored for LR based on all returns (#82745)
|
|
|
|
PR #75527 fixed ARMFrameLowering to set the IsRestored flag for LR based
|
|
on all of the return instructions in the function, not just one.
|
|
However, there is also code in ARMLoadStoreOptimizer which changes
|
|
return instructions, but it set IsRestored based on the one instruction
|
|
it changed, not the whole function.
|
|
|
|
The fix is to factor out the code added in #75527, and also call it from
|
|
ARMLoadStoreOptimizer if it made a change to return instructions.
|
|
|
|
Fixes #80287.
|
|
|
|
(cherry picked from commit 749384c08e042739342c88b521c8ba5dac1b9276)
|
|
|
|
Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2]
|
|
CVE: CVE-2024-31852
|
|
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
|
|
---
|
|
diff --git a/llvm/lib/Target/ARM/ARMFrameLowering.cpp b/llvm/lib/Target/ARM/ARMFrameLowering.cpp
|
|
index a9acf338ebf5..13d3cbf650ed 100644
|
|
--- a/llvm/lib/Target/ARM/ARMFrameLowering.cpp
|
|
+++ b/llvm/lib/Target/ARM/ARMFrameLowering.cpp
|
|
@@ -2289,10 +2289,7 @@ void ARMFrameLowering::determineCalleeSaves(MachineFunction &MF,
|
|
AFI->setLRIsSpilled(SavedRegs.test(ARM::LR));
|
|
}
|
|
|
|
-void ARMFrameLowering::processFunctionBeforeFrameFinalized(
|
|
- MachineFunction &MF, RegScavenger *RS) const {
|
|
- TargetFrameLowering::processFunctionBeforeFrameFinalized(MF, RS);
|
|
-
|
|
+void ARMFrameLowering::updateLRRestored(MachineFunction &MF) {
|
|
MachineFrameInfo &MFI = MF.getFrameInfo();
|
|
if (!MFI.isCalleeSavedInfoValid())
|
|
return;
|
|
@@ -2316,6 +2313,12 @@ void ARMFrameLowering::processFunctionBeforeFrameFinalized(
|
|
}
|
|
}
|
|
|
|
+void ARMFrameLowering::processFunctionBeforeFrameFinalized(
|
|
+ MachineFunction &MF, RegScavenger *RS) const {
|
|
+ TargetFrameLowering::processFunctionBeforeFrameFinalized(MF, RS);
|
|
+ updateLRRestored(MF);
|
|
+}
|
|
+
|
|
void ARMFrameLowering::getCalleeSaves(const MachineFunction &MF,
|
|
BitVector &SavedRegs) const {
|
|
TargetFrameLowering::getCalleeSaves(MF, SavedRegs);
|
|
diff --git a/llvm/lib/Target/ARM/ARMFrameLowering.h b/llvm/lib/Target/ARM/ARMFrameLowering.h
|
|
index 67505b61a5e1..b13b76d7086c 100644
|
|
--- a/llvm/lib/Target/ARM/ARMFrameLowering.h
|
|
+++ b/llvm/lib/Target/ARM/ARMFrameLowering.h
|
|
@@ -58,6 +58,10 @@ public:
|
|
void determineCalleeSaves(MachineFunction &MF, BitVector &SavedRegs,
|
|
RegScavenger *RS) const override;
|
|
|
|
+ /// Update the IsRestored flag on LR if it is spilled, based on the return
|
|
+ /// instructions.
|
|
+ static void updateLRRestored(MachineFunction &MF);
|
|
+
|
|
void processFunctionBeforeFrameFinalized(
|
|
MachineFunction &MF, RegScavenger *RS = nullptr) const override;
|
|
|
|
diff --git a/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp b/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp
|
|
index fd06bfdf352c..561c1396190d 100644
|
|
--- a/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp
|
|
+++ b/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp
|
|
@@ -2060,17 +2060,6 @@ bool ARMLoadStoreOpt::MergeReturnIntoLDM(MachineBasicBlock &MBB) {
|
|
MO.setReg(ARM::PC);
|
|
PrevMI.copyImplicitOps(*MBB.getParent(), *MBBI);
|
|
MBB.erase(MBBI);
|
|
- // We now restore LR into PC so it is not live-out of the return block
|
|
- // anymore: Clear the CSI Restored bit.
|
|
- MachineFrameInfo &MFI = MBB.getParent()->getFrameInfo();
|
|
- // CSI should be fixed after PrologEpilog Insertion
|
|
- assert(MFI.isCalleeSavedInfoValid() && "CSI should be valid");
|
|
- for (CalleeSavedInfo &Info : MFI.getCalleeSavedInfo()) {
|
|
- if (Info.getReg() == ARM::LR) {
|
|
- Info.setRestored(false);
|
|
- break;
|
|
- }
|
|
- }
|
|
return true;
|
|
}
|
|
}
|
|
@@ -2118,16 +2107,24 @@ bool ARMLoadStoreOpt::runOnMachineFunction(MachineFunction &Fn) {
|
|
isThumb2 = AFI->isThumb2Function();
|
|
isThumb1 = AFI->isThumbFunction() && !isThumb2;
|
|
|
|
- bool Modified = false;
|
|
+ bool Modified = false, ModifiedLDMReturn = false;
|
|
for (MachineFunction::iterator MFI = Fn.begin(), E = Fn.end(); MFI != E;
|
|
++MFI) {
|
|
MachineBasicBlock &MBB = *MFI;
|
|
Modified |= LoadStoreMultipleOpti(MBB);
|
|
if (STI->hasV5TOps())
|
|
- Modified |= MergeReturnIntoLDM(MBB);
|
|
+ ModifiedLDMReturn |= MergeReturnIntoLDM(MBB);
|
|
if (isThumb1)
|
|
Modified |= CombineMovBx(MBB);
|
|
}
|
|
+ Modified |= ModifiedLDMReturn;
|
|
+
|
|
+ // If we merged a BX instruction into an LDM, we need to re-calculate whether
|
|
+ // LR is restored. This check needs to consider the whole function, not just
|
|
+ // the instruction(s) we changed, because there may be other BX returns which
|
|
+ // still need LR to be restored.
|
|
+ if (ModifiedLDMReturn)
|
|
+ ARMFrameLowering::updateLRRestored(Fn);
|
|
|
|
Allocator.DestroyAll();
|
|
return Modified;
|
|
|