[RISCV] Add option to enable hardware shadow stack.

Yeting Kuo · Yeting Kuo · commit 7ee57c4e2823 · 2024-01-08T13:30:46.000+08:00
diff --git a/clang/docs/ShadowCallStack.rst b/clang/docs/ShadowCallStack.rst
@@ -58,7 +58,8 @@ the operating system should be preferred since otherwise all thread creation
 and destruction would need to be intercepted by the application.
 
 The instrumentation makes use of the platform register ``x18`` on AArch64,
-``x3`` (``gp``) on RISC-V without `Zicfiss`_ and ``ssp`` on RISCV with `Zicfiss`_.
+``x3`` (``gp``) on RISC-V with software shadow stack and ``ssp`` on RISC-V with
+hardware shadow stack, which needs `Zicfiss`_ and ``-mllvm -riscv-hardware-shadow-stack``.
 For simplicity we will refer to this as the ``SCSReg``. On some platforms,
 ``SCSReg`` is reserved, and on others, it is designated as a scratch register.
 This generally means that any code that may run on the same thread as code compiled with ShadowCallStack must either target
@@ -152,8 +153,8 @@ Usage
 
 To enable ShadowCallStack, just pass the ``-fsanitize=shadow-call-stack`` flag
 to both compile and link command lines. On aarch64, you also need to pass
-``-ffixed-x18`` unless your target already reserves ``x18``. On RISC-V without
-`Zicfiss`_, ``x3`` (``gp``) is always reserved. It is, however, important to
+``-ffixed-x18`` unless your target already reserves ``x18``. On RISC-V with software
+shadow stack, ``x3`` (``gp``) is always reserved. It is, however, important to
 disable GP relaxation in the linker. This can be done with the ``--no-relax-gp``
 flag in GNU ld.
 
diff --git a/llvm/lib/Target/RISCV/RISCVFrameLowering.cpp b/llvm/lib/Target/RISCV/RISCVFrameLowering.cpp
@@ -27,6 +27,11 @@
 
 using namespace llvm;
 
+static cl::opt<bool>
+    HardwareShadowStack("riscv-hardware-shadow-stack", cl::init(false),
+                        cl::Hidden,
+                        cl::desc("Enable hardware shadow stack with Zicfiss."));
+
 static const Register AllPopRegs[] = {
     RISCV::X1,  RISCV::X8,  RISCV::X9,  RISCV::X18, RISCV::X19,
     RISCV::X20, RISCV::X21, RISCV::X22, RISCV::X23, RISCV::X24,
@@ -52,7 +57,9 @@ static void emitSCSPrologue(MachineFunction &MF, MachineBasicBlock &MBB,
     return;
 
   const RISCVInstrInfo *TII = STI.getInstrInfo();
-  if (STI.hasFeature(RISCV::FeatureStdExtZicfiss)) {
+  if (HardwareShadowStack) {
+    if (!STI.hasFeature(RISCV::FeatureStdExtZicfiss))
+      report_fatal_error("Hardware shadow stack needs Zicfiss to be enabled");
     BuildMI(MBB, MI, DL, TII->get(RISCV::SSPUSH)).addReg(RAReg);
     return;
   }
@@ -112,7 +119,9 @@ static void emitSCSEpilogue(MachineFunction &MF, MachineBasicBlock &MBB,
     return;
 
   const RISCVInstrInfo *TII = STI.getInstrInfo();
-  if (STI.hasFeature(RISCV::FeatureStdExtZicfiss)) {
+  if (HardwareShadowStack) {
+    if (!STI.hasFeature(RISCV::FeatureStdExtZicfiss))
+      report_fatal_error("Hardware shadow stack needs Zicfiss to be enabled");
     BuildMI(MBB, MI, DL, TII->get(RISCV::SSPOPCHK)).addReg(RAReg);
     return;
   }
diff --git a/llvm/test/CodeGen/RISCV/shadowcallstack.ll b/llvm/test/CodeGen/RISCV/shadowcallstack.ll
@@ -3,9 +3,9 @@
 ; RUN:   | FileCheck %s --check-prefix=RV32
 ; RUN: llc -mtriple=riscv64 -verify-machineinstrs < %s \
 ; RUN:   | FileCheck %s --check-prefix=RV64
-; RUN: llc -mtriple=riscv32 -mattr=+experimental-zicfiss -verify-machineinstrs < %s \
+; RUN: llc -mtriple=riscv32 -mattr=+experimental-zicfiss -riscv-hardware-shadow-stack -verify-machineinstrs < %s \
 ; RUN:   | FileCheck %s --check-prefix=RV32-ZICFISS
-; RUN: llc -mtriple=riscv64 -mattr=+experimental-zicfiss -verify-machineinstrs < %s \
+; RUN: llc -mtriple=riscv64 -mattr=+experimental-zicfiss -riscv-hardware-shadow-stack -verify-machineinstrs < %s \
 ; RUN:   | FileCheck %s --check-prefix=RV64-ZICFISS
 
 define void @f1() shadowcallstack {
