[v3] powerpc64le: _init/_fini file changes for ROP
Checks
Context |
Check |
Description |
redhat-pt-bot/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 |
success
|
Build passed
|
linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 |
success
|
Test passed
|
redhat-pt-bot/TryBot-32bit |
success
|
Build for i686
|
linaro-tcwg-bot/tcwg_glibc_build--master-arm |
success
|
Build passed
|
linaro-tcwg-bot/tcwg_glibc_check--master-arm |
success
|
Test passed
|
Commit Message
The ROP instructions were added in ISA 3.1 (ie, Power10), however they
were defined so that if executed on older cpus, they would behave as
nops. This allows us to emit them on older cpus and they'd just be
ignored, but if run on a Power10, then the binary would be ROP protected.
-mrop-protect is needed to compile glibc for ROP enablement.
However, power7 and earlier files should not use it.
Hash instructions use negative offsets so the default position
of ROP pointer is FRAME_ROP_SAVE from caller's SP.
Modified FRAME_MIN_SIZE_PARM to 112 for elfAbi2 to reserve
additional 16 bytes for ROP save slot and padding.
Signed-off-by: Sachin Monga <smonga@linux.ibm.com>
---
The patch is reg tested.
>This removes using -mrop-protect from the power7 tuned files, but how does that
>stop us from using -mrop-protect on the power4 through power6 specific files?
>I believe you're currently enabling ROP in the build by adding -mrop-protect to
>CFLAGS. Would it be better to do something similar to how we build for a specific
>cpu? Ie, instead of adding -mcpu=XXX to CFLAGS, we use the --with-cpu=XXX config
>option. Maybe we could do something similar via --enable-... or --with-rop={yes,no}?
>I'm unsure if that would end up being similar in the end, but it is worth checking on.
I agree. As discussed offline,I'll share a seperate patch on enablement of ROP through
configure script.
>Please don't combine FRAME_MIN_SIZE_PARM into a single entry outside the
>_CALL_ELF test. I know the ELFv1 and ELFv2 values are now the same, but
>the plan is to eventually enable this from non ELFv2 compiles too, in which
>case we'll have to update its FRAME_MIN_SIZE_PARM and then they'll diverge
>again. Better to just keep the separate macros for now. Also please move
>the FRAME_ROP_SAVE definition to the ELFv2 section. This should catch any
>current non ELFv2 usage of that and cause an error. If the ELFv1 value of
>that ends up being the same, then we can combine it later.
This is incorporated in the below revised patch.
sysdeps/powerpc/powerpc64/crti.S | 6 ++++++
sysdeps/powerpc/powerpc64/crtn.S | 6 ++++++
sysdeps/powerpc/powerpc64/multiarch/Makefile | 2 ++
sysdeps/powerpc/powerpc64/sysdep.h | 3 ++-
4 files changed, 16 insertions(+), 1 deletion(-)
@@ -68,6 +68,9 @@ BODY_LABEL (_init):
LOCALENTRY(_init)
mflr 0
std 0, FRAME_LR_SAVE(r1)
+#ifdef __ROP_PROTECT__
+ hashst 0, FRAME_ROP_SAVE(r1)
+#endif
stdu r1, -FRAME_MIN_SIZE_PARM(r1)
#if PREINIT_FUNCTION_WEAK
addis r9, r2, .LC0@toc@ha
@@ -87,4 +90,7 @@ BODY_LABEL (_fini):
LOCALENTRY(_fini)
mflr 0
std 0, FRAME_LR_SAVE(r1)
+#ifdef __ROP_PROTECT__
+ hashst 0, FRAME_ROP_SAVE(r1)
+#endif
stdu r1, -FRAME_MIN_SIZE_PARM(r1)
@@ -42,10 +42,16 @@
addi r1, r1, FRAME_MIN_SIZE_PARM
ld r0, FRAME_LR_SAVE(r1)
mtlr r0
+#ifdef __ROP_PROTECT__
+ hashchk 0, FRAME_ROP_SAVE(r1)
+#endif
blr
.section .fini,"ax",@progbits
addi r1, r1, FRAME_MIN_SIZE_PARM
ld r0, FRAME_LR_SAVE(r1)
mtlr r0
+#ifdef __ROP_PROTECT__
+ hashchk 0, FRAME_ROP_SAVE(r1)
+#endif
blr
@@ -38,7 +38,9 @@ sysdep_routines += memchr-power10 memcmp-power10 memcpy-power10 \
strlen-power9 strncpy-power9 stpncpy-power9 strlen-power10
endif
CFLAGS-strncase-power7.c += -mcpu=power7 -funroll-loops
+CFLAGS-strncase-power7.c := $(filter-out -mrop-protect, $(CFLAGS-strncase-power7))
CFLAGS-strncase_l-power7.c += -mcpu=power7 -funroll-loops
+CFLAGS-strncase_l-power7.c := $(filter-out -mrop-protect, $(CFLAGS-strncase-power7_l))
endif
# Called during static initialization
@@ -31,8 +31,9 @@
#define FRAME_TOC_SAVE 40
#define FRAME_PARM_SAVE 48
#else
+#define FRAME_ROP_SAVE -8 /* Default ROP slot */
#define FRAME_MIN_SIZE 32
-#define FRAME_MIN_SIZE_PARM 96
+#define FRAME_MIN_SIZE_PARM 112 /* ++ROP ++Padding for _CALL_ELF=2 */
#define FRAME_TOC_SAVE 24
#define FRAME_PARM_SAVE 32
#endif