[Bug target/115389] New: Invalid ROP hashst offset is emitted when using -mabi=no-altivec

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug target/115389] New: Invalid ROP hashst offset is emitted when using -mabi=no-altivec
@ 2024-06-07 21:34 bergner at gcc dot gnu.org
  2024-06-07 21:36 ` [Bug target/115389] " bergner at gcc dot gnu.org
                   ` (5 more replies)
  0 siblings, 6 replies; 7+ messages in thread
From: bergner at gcc dot gnu.org @ 2024-06-07 21:34 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115389

            Bug ID: 115389
           Summary: Invalid ROP hashst offset is emitted when using
                    -mabi=no-altivec
           Product: gcc
           Version: 15.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: target
          Assignee: unassigned at gcc dot gnu.org
          Reporter: bergner at gcc dot gnu.org
  Target Milestone: ---

We emit a hashst instruction with an invalid offset when compiling with
-mabi=no-altivec.

bergner@ltcd97-lp3:~/ROP$ cat bug.c 
extern void foo (void);
long
bar (void)
{
  foo ();
  return 0;
}
bergner@ltcd97-lp3:~/ROP$ gcc -c -O2 -mcpu=power10 -mrop-protect -mno-vsx
-mno-altivec -mabi=altivec bug.c
bergner@ltcd97-lp3:~/ROP$ gcc -c -O2 -mcpu=power10 -mrop-protect -mno-vsx
-mno-altivec -mabi=no-altivec bug.c 
/tmp/ccSzxbv5.s: Assembler messages:
/tmp/ccSzxbv5.s:15: Error: invalid offset: must be in the range [-512, -8] and
be a multiple of 8
/tmp/ccSzxbv5.s:25: Error: invalid offset: must be in the range [-512, -8] and
be a multiple of 8

The bug is we only compute the ROP hash save slot offset when
TARGET_ALTIVEC_ABI is true. If TARGET_ALTIVEC_ABI is false and we enable ROP
mitigation, then we use the initialized value of zero which is an illegal
offset value for hashst and hashchk.

This has been broken since the rs6000 ROP mitigation code was first added, so
not a regression.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Bug target/115389] Invalid ROP hashst offset is emitted when using -mabi=no-altivec
  2024-06-07 21:34 [Bug target/115389] New: Invalid ROP hashst offset is emitted when using -mabi=no-altivec bergner at gcc dot gnu.org
@ 2024-06-07 21:36 ` bergner at gcc dot gnu.org
  2024-06-11 22:54 ` segher at gcc dot gnu.org
                   ` (4 subsequent siblings)
  5 siblings, 0 replies; 7+ messages in thread
From: bergner at gcc dot gnu.org @ 2024-06-07 21:36 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115389

Peter Bergner <bergner at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|unassigned at gcc dot gnu.org      |bergner at gcc dot gnu.org
             Target|                            |powerpc64le-linux
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2024-06-07
                 CC|                            |linkw at gcc dot gnu.org,
                   |                            |segher at gcc dot gnu.org
             Status|UNCONFIRMED                 |ASSIGNED

--- Comment #1 from Peter Bergner <bergner at gcc dot gnu.org> ---
I have a patch I'm testing.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Bug target/115389] Invalid ROP hashst offset is emitted when using -mabi=no-altivec
  2024-06-07 21:34 [Bug target/115389] New: Invalid ROP hashst offset is emitted when using -mabi=no-altivec bergner at gcc dot gnu.org
  2024-06-07 21:36 ` [Bug target/115389] " bergner at gcc dot gnu.org
@ 2024-06-11 22:54 ` segher at gcc dot gnu.org
  2024-06-11 22:55 ` segher at gcc dot gnu.org
                   ` (3 subsequent siblings)
  5 siblings, 0 replies; 7+ messages in thread
From: segher at gcc dot gnu.org @ 2024-06-11 22:54 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115389

--- Comment #2 from Segher Boessenkool <segher at gcc dot gnu.org> ---
So, what value do we output? And why?

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Bug target/115389] Invalid ROP hashst offset is emitted when using -mabi=no-altivec
  2024-06-07 21:34 [Bug target/115389] New: Invalid ROP hashst offset is emitted when using -mabi=no-altivec bergner at gcc dot gnu.org
  2024-06-07 21:36 ` [Bug target/115389] " bergner at gcc dot gnu.org
  2024-06-11 22:54 ` segher at gcc dot gnu.org
@ 2024-06-11 22:55 ` segher at gcc dot gnu.org
  2024-06-12  3:16 ` bergner at gcc dot gnu.org
                   ` (2 subsequent siblings)
  5 siblings, 0 replies; 7+ messages in thread
From: segher at gcc dot gnu.org @ 2024-06-11 22:55 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115389

--- Comment #3 from Segher Boessenkool <segher at gcc dot gnu.org> ---
(In reply to Segher Boessenkool from comment #2)
> So, what value do we output? And why?

It would be nice if the assembler told us, btw :-)

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Bug target/115389] Invalid ROP hashst offset is emitted when using -mabi=no-altivec
  2024-06-07 21:34 [Bug target/115389] New: Invalid ROP hashst offset is emitted when using -mabi=no-altivec bergner at gcc dot gnu.org
                   ` (2 preceding siblings ...)
  2024-06-11 22:55 ` segher at gcc dot gnu.org
@ 2024-06-12  3:16 ` bergner at gcc dot gnu.org
  2024-06-17 13:14 ` cvs-commit at gcc dot gnu.org
  2024-06-17 13:15 ` bergner at gcc dot gnu.org
  5 siblings, 0 replies; 7+ messages in thread
From: bergner at gcc dot gnu.org @ 2024-06-12  3:16 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115389

--- Comment #4 from Peter Bergner <bergner at gcc dot gnu.org> ---
(In reply to Segher Boessenkool from comment #2)
> So, what value do we output? And why?
The invalid offset is zero, so: hashst r0,0(r1)
As the assembler mentions, the range of valid offsets is [-512,-8] and the
offset must be a multiple of 8.

The "bug" is that we initialize rop_hash_save_offset to zero very early, before
any option processing.  Later, we compute the actual offset, but only in the
case where Altivec is enabled (TARGET_ALTIVEC_ABI is true).  If Altivec is
disabled as in this test case, we end up using rop_hash_save_offset's invalid
initial zero value.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Bug target/115389] Invalid ROP hashst offset is emitted when using -mabi=no-altivec
  2024-06-07 21:34 [Bug target/115389] New: Invalid ROP hashst offset is emitted when using -mabi=no-altivec bergner at gcc dot gnu.org
                   ` (3 preceding siblings ...)
  2024-06-12  3:16 ` bergner at gcc dot gnu.org
@ 2024-06-17 13:14 ` cvs-commit at gcc dot gnu.org
  2024-06-17 13:15 ` bergner at gcc dot gnu.org
  5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-06-17 13:14 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115389

--- Comment #5 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Peter Bergner <bergner@gcc.gnu.org>:

https://gcc.gnu.org/g:c70eea0dba5f223d49c80cfb3e80e87b74330aac

commit r15-1377-gc70eea0dba5f223d49c80cfb3e80e87b74330aac
Author: Peter Bergner <bergner@linux.ibm.com>
Date:   Fri Jun 14 14:36:20 2024 -0500

    rs6000: Compute rop_hash_save_offset for non-Altivec compiles [PR115389]

    We currently only compute the offset for the ROP hash save location in
    the stack frame for Altivec compiles.  For non-Altivec compiles when we
    emit ROP mitigation instructions, we use a default offset of zero which
    corresponds to the backchain save location which will get clobbered on
    any call.  The fix is to compute the ROP hash save location for all
    compiles.

    2024-06-14  Peter Bergner  <bergner@linux.ibm.com>

    gcc/
            PR target/115389
            * config/rs6000/rs6000-logue.cc (rs6000_stack_info): Compute
            rop_hash_save_offset for non-Altivec compiles.

    gcc/testsuite
            PR target/115389
            * gcc.target/powerpc/pr115389.c: New test.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Bug target/115389] Invalid ROP hashst offset is emitted when using -mabi=no-altivec
  2024-06-07 21:34 [Bug target/115389] New: Invalid ROP hashst offset is emitted when using -mabi=no-altivec bergner at gcc dot gnu.org
                   ` (4 preceding siblings ...)
  2024-06-17 13:14 ` cvs-commit at gcc dot gnu.org
@ 2024-06-17 13:15 ` bergner at gcc dot gnu.org
  5 siblings, 0 replies; 7+ messages in thread
From: bergner at gcc dot gnu.org @ 2024-06-17 13:15 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115389

--- Comment #6 from Peter Bergner <bergner at gcc dot gnu.org> ---
Fixed on trunk.  I will let it burn-in on trunk for a couple of days before
pushing the backports.

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2024-06-17 13:15 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-06-07 21:34 [Bug target/115389] New: Invalid ROP hashst offset is emitted when using -mabi=no-altivec bergner at gcc dot gnu.org
2024-06-07 21:36 ` [Bug target/115389] " bergner at gcc dot gnu.org
2024-06-11 22:54 ` segher at gcc dot gnu.org
2024-06-11 22:55 ` segher at gcc dot gnu.org
2024-06-12  3:16 ` bergner at gcc dot gnu.org
2024-06-17 13:14 ` cvs-commit at gcc dot gnu.org
2024-06-17 13:15 ` bergner at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).