From patchwork Fri May 14 03:34:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bill Schmidt X-Patchwork-Id: 1478302 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=8.43.85.97; helo=sourceware.org; envelope-from=gcc-patches-bounces@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.a=rsa-sha256 header.s=default header.b=dXZX0tqT; dkim-atps=neutral Received: from sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FhDgY1x0tz9sWW for ; Fri, 14 May 2021 13:35:19 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E950B38930DA; Fri, 14 May 2021 03:35:15 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E950B38930DA DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1620963316; bh=F/VtlTtLcjLW5rXCkyAQ4oLOfHzFhSU/urn7etnWHfU=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=dXZX0tqT1BFfN12mZui7tL1qJBA/ssoehLNVqn64jNf4xzK/XHEubAR3RZl0ryJYT hrG4egsaEdOVvtXOquVHfqu/5aAOXdZTSpU8DYtksZbYTxvlhKa2EL2QKo4n+h8iBS hDjipg5OLTw9TYyrRz4Gl/F0Bevr0ilbcPO5ICDE= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by sourceware.org (Postfix) with ESMTPS id CF655385482C for ; Fri, 14 May 2021 03:35:13 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org CF655385482C Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 14E3Y74A191392; Thu, 13 May 2021 23:35:12 -0400 Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 38hcr1wes9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 13 May 2021 23:35:12 -0400 Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 14E3YLCe195583; Thu, 13 May 2021 23:35:11 -0400 Received: from ppma04wdc.us.ibm.com (1a.90.2fa9.ip4.static.sl-reverse.com [169.47.144.26]) by mx0b-001b2d01.pphosted.com with ESMTP id 38hcr1wes0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 13 May 2021 23:35:11 -0400 Received: from pps.filterd (ppma04wdc.us.ibm.com [127.0.0.1]) by ppma04wdc.us.ibm.com (8.16.0.43/8.16.0.43) with SMTP id 14E3MN60017305; Fri, 14 May 2021 03:35:11 GMT Received: from b01cxnp22035.gho.pok.ibm.com (b01cxnp22035.gho.pok.ibm.com [9.57.198.25]) by ppma04wdc.us.ibm.com with ESMTP id 38hc7a1khu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 14 May 2021 03:35:11 +0000 Received: from b01ledav003.gho.pok.ibm.com (b01ledav003.gho.pok.ibm.com [9.57.199.108]) by b01cxnp22035.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 14E3ZAKh14352754 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 14 May 2021 03:35:10 GMT Received: from b01ledav003.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C2B6BB2067; Fri, 14 May 2021 03:35:10 +0000 (GMT) Received: from b01ledav003.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A9B92B205F; Fri, 14 May 2021 03:35:10 +0000 (GMT) Received: from ltcden2-lp1.aus.stglabs.ibm.com (unknown [9.53.174.68]) by b01ledav003.gho.pok.ibm.com (Postfix) with ESMTPS; Fri, 14 May 2021 03:35:10 +0000 (GMT) Received: by ltcden2-lp1.aus.stglabs.ibm.com (Postfix, from userid 1006) id BD6794169DC4; Thu, 13 May 2021 22:35:09 -0500 (CDT) To: gcc-patches@gcc.gnu.org Subject: [PATCHv2 0/4] ROP support Date: Thu, 13 May 2021 22:34:53 -0500 Message-Id: X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: dc6zFsTIUKVC-ri8qWef0MNOrImEobyY X-Proofpoint-ORIG-GUID: OP2PLrJib7qLCAvV7-PHxi_kkQy0QQK8 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-05-14_01:2021-05-12, 2021-05-14 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 impostorscore=0 lowpriorityscore=0 clxscore=1015 malwarescore=0 bulkscore=0 mlxlogscore=999 mlxscore=0 adultscore=0 phishscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2105140021 X-Spam-Status: No, score=-7.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_EF, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Bill Schmidt via Gcc-patches From: Bill Schmidt Reply-To: Bill Schmidt Cc: Bill Schmidt , dje.gcc@gmail.com, segher@kernel.crashing.org Errors-To: gcc-patches-bounces@gcc.gnu.org Sender: "Gcc-patches" This is version 2 of the ROP support patch, addressing comments by Will Schmidt and Segher Boessenkool. I've attempted to implement all of your excellent suggestions; otherwise the series is unchanged. I decided to repost the whole series rather than just the patches needing further approval, since all have changed. Add POWER10 support for hashst[p] and hashchk[p] operations. When the -mrop-protect option is selected, any function that loads the link register from memory before returning must have protection in the prologue and epilogue to ensure the link register save location has not been compromised. If -mprivileged is also specified, the protection instructions generated require supervisor privilege. The patches are broken up into logical chunks: - Option handling - Instruction generation - Predefined macro handling - Test cases Bootstrapped and tested on a POWER10 system with no regressions. Tests on a kernel that enables user-space ROP mitigation were successful. Is this series ok for trunk? I would also like to later backport these patches to GCC for the 11.2 release. Thanks! Bill Bill Schmidt (4): rs6000: Add -mrop-protect and -mprivileged flags rs6000: Emit ROP-mitigation instructions in prologue and epilogue rs6000: Conditionally define __ROP_PROTECT__ rs6000: Add ROP tests gcc/config/rs6000/rs6000-c.c | 3 + gcc/config/rs6000/rs6000-internal.h | 2 + gcc/config/rs6000/rs6000-logue.c | 74 +++++++++++++++++++++--- gcc/config/rs6000/rs6000.c | 4 ++ gcc/config/rs6000/rs6000.md | 47 +++++++++++++++ gcc/config/rs6000/rs6000.opt | 8 +++ gcc/doc/invoke.texi | 20 ++++++- gcc/testsuite/gcc.target/powerpc/rop-1.c | 17 ++++++ gcc/testsuite/gcc.target/powerpc/rop-2.c | 17 ++++++ gcc/testsuite/gcc.target/powerpc/rop-3.c | 18 ++++++ gcc/testsuite/gcc.target/powerpc/rop-4.c | 15 +++++ gcc/testsuite/gcc.target/powerpc/rop-5.c | 13 +++++ 12 files changed, 229 insertions(+), 9 deletions(-) create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-1.c create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-2.c create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-3.c create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-4.c create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-5.c