1; NOTE: Assertions have been autogenerated by utils/update_llc_test_checks.py 2; RUN: llc < %s -O2 -mtriple=x86_64-unknown-unknown -x86-indirect-branch-tracking | FileCheck %s 3 4; This test is for CET enhancement. 5; 6; ENDBR32 and ENDBR64 have specific opcodes: 7; ENDBR32: F3 0F 1E FB 8; ENDBR64: F3 0F 1E FA 9; And we want that attackers won’t find unintended ENDBR32/64 10; opcode matches in the binary 11; Here’s an example: 12; If the compiler had to generate asm for the following code: 13; a = 0xF30F1EFA 14; it could, for example, generate: 15; mov 0xF30F1EFA, dword ptr[a] 16; In such a case, the binary would include a gadget that starts 17; with a fake ENDBR64 opcode. Therefore, we split such generation 18; into multiple operations, let it not shows in the binary. 19 20; 0xF30F1EFA == -217112838 ~0xF30F1EFA == 217112837 (0xCF0E105) 21; 0x000123F32E0F1EFA == 321002333478650 22; ~0x000123F32E0F1EFA == -321002333478651 (0XFFFEDC0CD1F0E105) 23 24; test for MOV64ri 25define dso_local i64 @foo(i64* %azx) #0 { 26; CHECK-LABEL: foo: 27; CHECK: # %bb.0: # %entry 28; CHECK-NEXT: endbr64 29; CHECK-NEXT: movq %rdi, -{{[0-9]+}}(%rsp) 30; CHECK-NEXT: movabsq $-321002333478651, %rax # imm = 0xFFFEDC0CD1F0E105 31; CHECK-NEXT: notq %rax 32; CHECK-NEXT: andq %rax, (%rdi) 33; CHECK-NEXT: movq -{{[0-9]+}}(%rsp), %rax 34; CHECK-NEXT: movq (%rax), %rax 35; CHECK-NEXT: retq 36entry: 37 %azx.addr = alloca i64*, align 8 38 store i64* %azx, i64** %azx.addr, align 8 39 %0 = load i64*, i64** %azx.addr, align 8 40 %1 = load i64, i64* %0, align 8 41 %and = and i64 %1, 321002333478650 42 %2 = load i64*, i64** %azx.addr, align 8 43 store i64 %and, i64* %2, align 8 44 %3 = load i64*, i64** %azx.addr, align 8 45 %4 = load i64, i64* %3, align 8 46 ret i64 %4 47} 48 49@bzx = dso_local local_unnamed_addr global i32 -217112837, align 4 50 51; test for AND32ri 52define dso_local i32 @foo2() local_unnamed_addr #0 { 53; CHECK-LABEL: foo2: 54; CHECK: # %bb.0: # %entry 55; CHECK-NEXT: endbr64 56; CHECK-NEXT: movl {{.*}}(%rip), %ecx 57; CHECK-NEXT: addl %ecx, %ecx 58; CHECK-NEXT: movl $217112837, %eax # imm = 0xCF0E105 59; CHECK-NEXT: notl %eax 60; CHECK-NEXT: andl %ecx, %eax 61; CHECK-NEXT: retq 62entry: 63 %0 = load i32, i32* @bzx, align 4 64 %mul = shl nsw i32 %0, 1 65 %and = and i32 %mul, -217112838 66 ret i32 %and 67} 68 69 70@czx = dso_local global i32 -217112837, align 4 71 72; test for AND32mi 73define dso_local nonnull i32* @foo3() local_unnamed_addr #0 { 74; CHECK-LABEL: foo3: 75; CHECK: # %bb.0: # %entry 76; CHECK-NEXT: endbr64 77; CHECK-NEXT: movl $217112837, %eax # imm = 0xCF0E105 78; CHECK-NEXT: notl %eax 79; CHECK-NEXT: andl %eax, {{.*}}(%rip) 80; CHECK-NEXT: movl $czx, %eax 81; CHECK-NEXT: retq 82entry: 83 %0 = load i32, i32* @czx, align 4 84 %and = and i32 %0, -217112838 85 store i32 %and, i32* @czx, align 4 86 ret i32* @czx 87} 88 89; test for MOV32mi 90define dso_local i32 @foo4() #0 { 91; CHECK-LABEL: foo4: 92; CHECK: # %bb.0: # %entry 93; CHECK-NEXT: endbr64 94; CHECK-NEXT: movl $217112837, %eax # imm = 0xCF0E105 95; CHECK-NEXT: notl %eax 96; CHECK-NEXT: movl %eax, -{{[0-9]+}}(%rsp) 97; CHECK-NEXT: retq 98entry: 99 %dzx = alloca i32, align 4 100 store i32 -217112838, i32* %dzx, align 4 101 %0 = load i32, i32* %dzx, align 4 102 ret i32 %0 103} 104 105define dso_local i64 @foo5() #0 { 106; CHECK-LABEL: foo5: 107; CHECK: # %bb.0: # %entry 108; CHECK-NEXT: endbr64 109; CHECK-NEXT: movabsq $-4077854459, %rax # imm = 0xFFFFFFFF0CF0E105 110; CHECK-NEXT: notq %rax 111; CHECK-NEXT: movq %rax, -{{[0-9]+}}(%rsp) 112; CHECK-NEXT: retq 113entry: 114 %ezx = alloca i64, align 8 115 store i64 4077854458, i64* %ezx, align 8 116 %0 = load i64, i64* %ezx, align 8 117 ret i64 %0 118} 119