Message ID | cover.1619400506.git.wschmidt@linux.ibm.com |
---|---|
Headers | show |
Series | ROP support | expand |
On Sun, 2021-04-25 at 20:50 -0500, Bill Schmidt via Gcc-patches wrote: > Add POWER10 support for hashst[p] and hashchk[p] operations. When > the -mrop-protect option is selected, any function that loads the > link > register from memory before returning must have protection in the > prologue and epilogue to ensure the link register save location has > not been compromised. If -mprivileged is also specified, the > protection instructions generated require supervisor privilege. Hi, Is -mprivileged tied directly to ROP, or is it a 'generic' option? As is, it looks like it can be considered generic, so could be also used for other cases where we would want to generate instructions that require supervisor privilege. Additional comments on the subsequent patches.. thanks -Will > > The patches are broken up into logical chunks: > - Option handling > - Instruction generation > - Predefined macro handling > - Test cases > > Bootstrapped and tested on a POWER10 system with no regressions. > Tests on a kernel that enables user-space ROP mitigation were > successful. Is this series ok for trunk? I would also like to later > backport these patches to GCC for the 11.2 release. > > Thanks! > Bill > > Bill Schmidt (4): > rs6000: Add -mrop-protect and -mprivileged flags > rs6000: Emit ROP-protect instructions in prologue and epilogue > rs6000: Conditionally define __ROP_PROTECT__ > rs6000: Add ROP tests > > gcc/config/rs6000/rs6000-c.c | 3 + > gcc/config/rs6000/rs6000-internal.h | 2 + > gcc/config/rs6000/rs6000-logue.c | 86 +++++++++++++++++++++- > -- > gcc/config/rs6000/rs6000.c | 7 ++ > gcc/config/rs6000/rs6000.md | 39 +++++++++++ > gcc/config/rs6000/rs6000.opt | 6 ++ > gcc/doc/invoke.texi | 19 +++++- > gcc/testsuite/gcc.target/powerpc/rop-1.c | 16 +++++ > gcc/testsuite/gcc.target/powerpc/rop-2.c | 16 +++++ > gcc/testsuite/gcc.target/powerpc/rop-3.c | 19 ++++++ > gcc/testsuite/gcc.target/powerpc/rop-4.c | 14 ++++ > gcc/testsuite/gcc.target/powerpc/rop-5.c | 17 +++++ > 12 files changed, 231 insertions(+), 13 deletions(-) > create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-1.c > create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-2.c > create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-3.c > create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-4.c > create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-5.c >
On 4/26/21 11:01 AM, will schmidt wrote: > On Sun, 2021-04-25 at 20:50 -0500, Bill Schmidt via Gcc-patches wrote: >> Add POWER10 support for hashst[p] and hashchk[p] operations. When >> the -mrop-protect option is selected, any function that loads the >> link >> register from memory before returning must have protection in the >> prologue and epilogue to ensure the link register save location has >> not been compromised. If -mprivileged is also specified, the >> protection instructions generated require supervisor privilege. > Hi, > > Is -mprivileged tied directly to ROP, or is it a 'generic' option? > > As > is, it looks like it can be considered generic, so could be also used > for other cases where we would want to generate instructions that > require supervisor privilege. Yes, this is deliberately designed to be orthogonal from the specific ROP support. That is, ROP is the first use, but other future uses are anticipated. Bill > > Additional comments on the subsequent patches.. > thanks > -Will > >> The patches are broken up into logical chunks: >> - Option handling >> - Instruction generation >> - Predefined macro handling >> - Test cases >> >> Bootstrapped and tested on a POWER10 system with no regressions. >> Tests on a kernel that enables user-space ROP mitigation were >> successful. Is this series ok for trunk? I would also like to later >> backport these patches to GCC for the 11.2 release. >> >> Thanks! >> Bill >> >> Bill Schmidt (4): >> rs6000: Add -mrop-protect and -mprivileged flags >> rs6000: Emit ROP-protect instructions in prologue and epilogue >> rs6000: Conditionally define __ROP_PROTECT__ >> rs6000: Add ROP tests >> >> gcc/config/rs6000/rs6000-c.c | 3 + >> gcc/config/rs6000/rs6000-internal.h | 2 + >> gcc/config/rs6000/rs6000-logue.c | 86 +++++++++++++++++++++- >> -- >> gcc/config/rs6000/rs6000.c | 7 ++ >> gcc/config/rs6000/rs6000.md | 39 +++++++++++ >> gcc/config/rs6000/rs6000.opt | 6 ++ >> gcc/doc/invoke.texi | 19 +++++- >> gcc/testsuite/gcc.target/powerpc/rop-1.c | 16 +++++ >> gcc/testsuite/gcc.target/powerpc/rop-2.c | 16 +++++ >> gcc/testsuite/gcc.target/powerpc/rop-3.c | 19 ++++++ >> gcc/testsuite/gcc.target/powerpc/rop-4.c | 14 ++++ >> gcc/testsuite/gcc.target/powerpc/rop-5.c | 17 +++++ >> 12 files changed, 231 insertions(+), 13 deletions(-) >> create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-1.c >> create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-2.c >> create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-3.c >> create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-4.c >> create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-5.c >>
Hi! I'd like to ping this series. It has slightly higher priority from my perspective, since I'd like this to be backported in time for GCC 11.2. Thanks! Bill On 4/25/21 8:50 PM, Bill Schmidt via Gcc-patches wrote: > Add POWER10 support for hashst[p] and hashchk[p] operations. When > the -mrop-protect option is selected, any function that loads the link > register from memory before returning must have protection in the > prologue and epilogue to ensure the link register save location has > not been compromised. If -mprivileged is also specified, the > protection instructions generated require supervisor privilege. > > The patches are broken up into logical chunks: > - Option handling > - Instruction generation > - Predefined macro handling > - Test cases > > Bootstrapped and tested on a POWER10 system with no regressions. > Tests on a kernel that enables user-space ROP mitigation were > successful. Is this series ok for trunk? I would also like to later > backport these patches to GCC for the 11.2 release. > > Thanks! > Bill > > Bill Schmidt (4): > rs6000: Add -mrop-protect and -mprivileged flags > rs6000: Emit ROP-protect instructions in prologue and epilogue > rs6000: Conditionally define __ROP_PROTECT__ > rs6000: Add ROP tests > > gcc/config/rs6000/rs6000-c.c | 3 + > gcc/config/rs6000/rs6000-internal.h | 2 + > gcc/config/rs6000/rs6000-logue.c | 86 +++++++++++++++++++++--- > gcc/config/rs6000/rs6000.c | 7 ++ > gcc/config/rs6000/rs6000.md | 39 +++++++++++ > gcc/config/rs6000/rs6000.opt | 6 ++ > gcc/doc/invoke.texi | 19 +++++- > gcc/testsuite/gcc.target/powerpc/rop-1.c | 16 +++++ > gcc/testsuite/gcc.target/powerpc/rop-2.c | 16 +++++ > gcc/testsuite/gcc.target/powerpc/rop-3.c | 19 ++++++ > gcc/testsuite/gcc.target/powerpc/rop-4.c | 14 ++++ > gcc/testsuite/gcc.target/powerpc/rop-5.c | 17 +++++ > 12 files changed, 231 insertions(+), 13 deletions(-) > create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-1.c > create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-2.c > create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-3.c > create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-4.c > create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-5.c >