From patchwork Wed Oct 30 21:18:58 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sachin Monga <smonga@linux.ibm.com>
X-Patchwork-Id: 2004382
Return-Path: <libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256
 header.s=pp1 header.b=DYWMttPc;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org
 (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org;
 envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org;
 receiver=patchwork.ozlabs.org)
Received: from server2.sourceware.org (server2.sourceware.org
 [IPv6:2620:52:3:1:0:246e:9693:128c])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4Xf0Pm1QgPz1xx7
	for <incoming@patchwork.ozlabs.org>; Thu, 31 Oct 2024 08:19:40 +1100 (AEDT)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 311C2385781A
	for <incoming@patchwork.ozlabs.org>; Wed, 30 Oct 2024 21:19:38 +0000 (GMT)
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
 [148.163.156.1])
 by sourceware.org (Postfix) with ESMTPS id 118423858D33
 for <libc-alpha@sourceware.org>; Wed, 30 Oct 2024 21:19:09 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 118423858D33
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=linux.ibm.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linux.ibm.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 118423858D33
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=148.163.156.1
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1730323160; cv=none;
 b=WesGVVs9i9ruWOXNDckRoui4wdg7rwVJBOd3IB0q2kp6v5lzLIvm7FlHqfT1zE0mMuAjqHynNvtOSbTGIWOeAJvG86wpnCfHd6yuJV4MxuUnOgYlKKebOEif0EPZRBT0nYv330g8rp6PdlE7n2gV67yKePTzCdegVkP+loiyjlA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1730323160; c=relaxed/simple;
 bh=ToCAi3X8WMHwjc5TVgI921OZODy27iHyjfoH3+cJjQs=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=vNO2BQBropJGZW6NU2fYcUkSp9mZoK3np+dkL5mNALymxeTfcc79X3hA3MUnvT1vZGndsk3atwe8dJiOhYaTxzWlbjx7x1OwE6P+L3zczK9KanHJnZqFp1IhuOae8GH7Gc9kxTylI8vIhB38/yrsFBlLdOYwzPCdFtbC24LTzAU=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: from pps.filterd (m0356517.ppops.net [127.0.0.1])
 by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id
 49ULGXgK032652
 for <libc-alpha@sourceware.org>; Wed, 30 Oct 2024 21:19:09 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc
 :content-transfer-encoding:date:from:message-id:mime-version
 :subject:to; s=pp1; bh=SAkCkEjD0NimoQ6XpCBGr3U8IhNVd15gmdC55BFys
 mQ=; b=DYWMttPcFc71hmRAy17OZ/b+SWzIq8/zrDrECLm1IsiZZSXf9JtNuMAzg
 YW2F1HDTF6QBAnHr/caROT2f0dTHW59ZkdDZLNopxJmfzCUR4f6p3jwcWrGrNiN1
 P2pdHAwVIawsoQM3BzGxvcm/r4Rre0hTSX74Pstso0UlpNRVOW/+TQwi3+8qHeEY
 iLNwtV5Y4FC+Et6BNcXpaOckwB+/6YZP6pbCuX8imktpfJFSmBtG5IJvoQ7SOQqr
 Qg+KkGODctOmumiZ+eVHhx+CKJcqegMmRy4Ec2xvrcvJvjNM6CV5wSZnLdUdQtJ2
 s52mKtQmAPn2v8nyeQVOL6lpB2Dvw==
Received: from ppma22.wdc07v.mail.ibm.com
 (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92])
 by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42kvjfr0dg-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
 for <libc-alpha@sourceware.org>; Wed, 30 Oct 2024 21:19:08 +0000 (GMT)
Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1])
 by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id
 49UIekFD028193
 for <libc-alpha@sourceware.org>; Wed, 30 Oct 2024 21:19:07 GMT
Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229])
 by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 42hb4y22q1-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
 for <libc-alpha@sourceware.org>; Wed, 30 Oct 2024 21:19:07 +0000
Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com
 [10.20.54.100])
 by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 49ULJ3Mt49873158
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Wed, 30 Oct 2024 21:19:03 GMT
Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id C169F20043;
 Wed, 30 Oct 2024 21:19:03 +0000 (GMT)
Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id ED2AE20040;
 Wed, 30 Oct 2024 21:19:02 +0000 (GMT)
Received: from ltcd97-lp3.. (unknown [9.40.194.171])
 by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP;
 Wed, 30 Oct 2024 21:19:02 +0000 (GMT)
From: Sachin Monga <smonga@linux.ibm.com>
To: libc-alpha@sourceware.org
Cc: bergner@linux.ibm.com, murphyp@linux.ibm.com,
 Sachin Monga <smonga@linux.ibm.com>
Subject: [PATCH v2] powerpc64le: _init/_fini file changes for ROP
Date: Wed, 30 Oct 2024 16:18:58 -0500
Message-ID: <20241030211858.2456956-1-smonga@linux.ibm.com>
X-Mailer: git-send-email 2.47.0
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: Wpgv1w5DAzDbqqigC2ubJlcPPbfd2nHJ
X-Proofpoint-GUID: Wpgv1w5DAzDbqqigC2ubJlcPPbfd2nHJ
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30
 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 priorityscore=1501
 malwarescore=0 adultscore=0 mlxlogscore=810 lowpriorityscore=0
 suspectscore=0 clxscore=1015 bulkscore=0 impostorscore=0 spamscore=0
 phishscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.19.0-2409260000 definitions=main-2410300166
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org

The ROP instructions were added in ISA 3.1 (ie, Power10), however they
were defined so that if executed on older cpus, they would behave as
nops.  This allows us to emit them on older cpus and they'd just be
ignored, but if run on a Power10, then the binary would be ROP protected.

-mrop-protect is needed to compile glibc for ROP enablement.
However, power7 and earlier files should not use it.

Hash instructions use negative offsets so the default position
of ROP pointer is FRAME_ROP_SAVE from caller's SP.

Modified FRAME_MIN_SIZE_PARM to 112 for elfAbi2 to reserve
additional 16 bytes for ROP save slot and padding.

Signed-off-by: Sachin Monga <smonga@linux.ibm.com>
---
The patch was built on powerpc64le-linux and regression tested
with no errors.
 sysdeps/powerpc/powerpc64/crti.S             | 6 ++++++
 sysdeps/powerpc/powerpc64/crtn.S             | 6 ++++++
 sysdeps/powerpc/powerpc64/multiarch/Makefile | 2 ++
 sysdeps/powerpc/powerpc64/sysdep.h           | 4 ++--
 4 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/sysdeps/powerpc/powerpc64/crti.S b/sysdeps/powerpc/powerpc64/crti.S
index 71bdddfb3b..e977bc4b9c 100644
--- a/sysdeps/powerpc/powerpc64/crti.S
+++ b/sysdeps/powerpc/powerpc64/crti.S
@@ -68,6 +68,9 @@ BODY_LABEL (_init):
 	LOCALENTRY(_init)
 	mflr 0
 	std 0, FRAME_LR_SAVE(r1)
+#ifdef	__ROP_PROTECT__
+	hashst 0, FRAME_ROP_SAVE(r1)
+#endif
 	stdu r1, -FRAME_MIN_SIZE_PARM(r1)
 #if PREINIT_FUNCTION_WEAK
 	addis r9, r2, .LC0@toc@ha
@@ -87,4 +90,7 @@ BODY_LABEL (_fini):
 	LOCALENTRY(_fini)
 	mflr 0
 	std 0, FRAME_LR_SAVE(r1)
+#ifdef	__ROP_PROTECT__
+	hashst 0, FRAME_ROP_SAVE(r1)
+#endif
 	stdu r1, -FRAME_MIN_SIZE_PARM(r1)
diff --git a/sysdeps/powerpc/powerpc64/crtn.S b/sysdeps/powerpc/powerpc64/crtn.S
index 4e91231f2c..a37e159950 100644
--- a/sysdeps/powerpc/powerpc64/crtn.S
+++ b/sysdeps/powerpc/powerpc64/crtn.S
@@ -42,10 +42,16 @@
 	addi r1, r1, FRAME_MIN_SIZE_PARM
 	ld r0, FRAME_LR_SAVE(r1)
 	mtlr r0
+#ifdef	__ROP_PROTECT__
+	hashchk 0, FRAME_ROP_SAVE(r1)
+#endif
 	blr
 
 	.section .fini,"ax",@progbits
 	addi r1, r1, FRAME_MIN_SIZE_PARM
 	ld r0, FRAME_LR_SAVE(r1)
 	mtlr r0
+#ifdef	__ROP_PROTECT__
+	hashchk 0, FRAME_ROP_SAVE(r1)
+#endif
 	blr
diff --git a/sysdeps/powerpc/powerpc64/multiarch/Makefile b/sysdeps/powerpc/powerpc64/multiarch/Makefile
index b847c19049..840e517dad 100644
--- a/sysdeps/powerpc/powerpc64/multiarch/Makefile
+++ b/sysdeps/powerpc/powerpc64/multiarch/Makefile
@@ -38,7 +38,9 @@ sysdep_routines += memchr-power10 memcmp-power10 memcpy-power10 \
 		   strlen-power9 strncpy-power9 stpncpy-power9 strlen-power10
 endif
 CFLAGS-strncase-power7.c += -mcpu=power7 -funroll-loops
+CFLAGS-strncase-power7.c := $(filter-out -mrop-protect, $(CFLAGS-strncase-power7))
 CFLAGS-strncase_l-power7.c += -mcpu=power7 -funroll-loops
+CFLAGS-strncase_l-power7.c := $(filter-out -mrop-protect, $(CFLAGS-strncase-power7_l))
 endif
 
 # Called during static initialization
diff --git a/sysdeps/powerpc/powerpc64/sysdep.h b/sysdeps/powerpc/powerpc64/sysdep.h
index c439b06121..ba614172ed 100644
--- a/sysdeps/powerpc/powerpc64/sysdep.h
+++ b/sysdeps/powerpc/powerpc64/sysdep.h
@@ -24,15 +24,15 @@
 /* Stack frame offsets.  */
 #define FRAME_BACKCHAIN		0
 #define FRAME_CR_SAVE		8
+#define FRAME_ROP_SAVE		-8 /* Default ROP slot */
 #define FRAME_LR_SAVE		16
+#define FRAME_MIN_SIZE_PARM	112 /* ++ROP ++Padding for _CALL_ELF=2 */
 #if _CALL_ELF != 2
 #define FRAME_MIN_SIZE		112
-#define FRAME_MIN_SIZE_PARM	112
 #define FRAME_TOC_SAVE		40
 #define FRAME_PARM_SAVE		48
 #else
 #define FRAME_MIN_SIZE		32
-#define FRAME_MIN_SIZE_PARM	96
 #define FRAME_TOC_SAVE		24
 #define FRAME_PARM_SAVE		32
 #endif