From: Peter Bergner <bergner@linux.ibm.com>
To: Segher Boessenkool <segher@kernel.crashing.org>,
"Kewen.Lin" <linkw@linux.ibm.com>
Cc: GCC Patches <gcc-patches@gcc.gnu.org>
Subject: [PING][PATCH] rs6000: ROP - Emit hashst and hashchk insns on Power8 and later [PR114759]
Date: Mon, 24 Jun 2024 16:24:11 -0500 [thread overview]
Message-ID: <d05526e5-5f17-4c59-8d77-327b12df7ceb@linux.ibm.com> (raw)
In-Reply-To: <1a420e3e-3285-4e0b-87bd-6714fedc0f4f@linux.ibm.com>
Ping. [Message-ID: <1a420e3e-3285-4e0b-87bd-6714fedc0f4f@linux.ibm.com>]
Peter
On 6/19/24 4:14 PM, Peter Bergner wrote:
> We currently only emit the ROP-protect hash* insns for Power10, where the
> insns were added to the architecture. We want to emit them for earlier
> cpus (where they operate as NOPs), so that if those older binaries are
> ever executed on a Power10, then they'll be protected from ROP attacks.
> Binutils accepts hashst and hashchk back to Power8, so change GCC to emit
> them for Power8 and later. This matches clang's behavior.
>
> This patch is independent of the ROP shrink-wrap fix submitted earlier.
> This passed bootstrap and regtesting on powerpc64le-linux with no regressions.
> Ok for trunk?
>
> Peter
>
>
>
> 2024-06-19 Peter Bergner <bergner@linux.ibm.com>
>
> gcc/
> PR target/114759
> * config/rs6000/rs6000-logue.cc (rs6000_stack_info): Use TARGET_POWER8.
> (rs6000_emit_prologue): Likewise.
> * config/rs6000/rs6000.md (hashchk): Likewise.
> (hashst): Likewise.
> Fix whitespace.
>
> gcc/testsuite/
> PR target/114759
> * gcc.target/powerpc/pr114759-2.c: New test.
> * lib/target-supports.exp (rop_ok): Use
> check_effective_target_has_arch_pwr8.
> ---
> gcc/config/rs6000/rs6000-logue.cc | 6 +++---
> gcc/config/rs6000/rs6000.md | 6 +++---
> gcc/testsuite/gcc.target/powerpc/pr114759-2.c | 17 +++++++++++++++++
> gcc/testsuite/lib/target-supports.exp | 2 +-
> 4 files changed, 24 insertions(+), 7 deletions(-)
> create mode 100644 gcc/testsuite/gcc.target/powerpc/pr114759-2.c
>
> diff --git a/gcc/config/rs6000/rs6000-logue.cc b/gcc/config/rs6000/rs6000-logue.cc
> index c384e48e378..bd363b625a4 100644
> --- a/gcc/config/rs6000/rs6000-logue.cc
> +++ b/gcc/config/rs6000/rs6000-logue.cc
> @@ -716,7 +716,7 @@ rs6000_stack_info (void)
> info->calls_p = (!crtl->is_leaf || cfun->machine->ra_needs_full_frame);
> info->rop_hash_size = 0;
>
> - if (TARGET_POWER10
> + if (TARGET_POWER8
> && info->calls_p
> && DEFAULT_ABI == ABI_ELFv2
> && rs6000_rop_protect)
> @@ -3277,7 +3277,7 @@ rs6000_emit_prologue (void)
> /* NOTE: The hashst isn't needed if we're going to do a sibcall,
> but there's no way to know that here. Harmless except for
> performance, of course. */
> - if (TARGET_POWER10 && rs6000_rop_protect && info->rop_hash_size != 0)
> + if (TARGET_POWER8 && rs6000_rop_protect && info->rop_hash_size != 0)
> {
> gcc_assert (DEFAULT_ABI == ABI_ELFv2);
> rtx stack_ptr = gen_rtx_REG (Pmode, STACK_POINTER_REGNUM);
> @@ -5056,7 +5056,7 @@ rs6000_emit_epilogue (enum epilogue_type epilogue_type)
>
> /* The ROP hash check must occur after the stack pointer is restored
> (since the hash involves r1), and is not performed for a sibcall. */
> - if (TARGET_POWER10
> + if (TARGET_POWER8
> && rs6000_rop_protect
> && info->rop_hash_size != 0
> && epilogue_type != EPILOGUE_TYPE_SIBCALL)
> diff --git a/gcc/config/rs6000/rs6000.md b/gcc/config/rs6000/rs6000.md
> index a5d20594789..694076e311f 100644
> --- a/gcc/config/rs6000/rs6000.md
> +++ b/gcc/config/rs6000/rs6000.md
> @@ -15808,9 +15808,9 @@ (define_insn "*cmpeqb_internal"
>
> (define_insn "hashst"
> [(set (match_operand:DI 0 "simple_offsettable_mem_operand" "=m")
> - (unspec_volatile:DI [(match_operand:DI 1 "int_reg_operand" "r")]
> + (unspec_volatile:DI [(match_operand:DI 1 "int_reg_operand" "r")]
> UNSPEC_HASHST))]
> - "TARGET_POWER10 && rs6000_rop_protect"
> + "TARGET_POWER8 && rs6000_rop_protect"
> {
> static char templ[32];
> const char *p = rs6000_privileged ? "p" : "";
> @@ -15823,7 +15823,7 @@ (define_insn "hashchk"
> [(unspec_volatile [(match_operand:DI 0 "int_reg_operand" "r")
> (match_operand:DI 1 "simple_offsettable_mem_operand" "m")]
> UNSPEC_HASHCHK)]
> - "TARGET_POWER10 && rs6000_rop_protect"
> + "TARGET_POWER8 && rs6000_rop_protect"
> {
> static char templ[32];
> const char *p = rs6000_privileged ? "p" : "";
> diff --git a/gcc/testsuite/gcc.target/powerpc/pr114759-2.c b/gcc/testsuite/gcc.target/powerpc/pr114759-2.c
> new file mode 100644
> index 00000000000..3881ebd416e
> --- /dev/null
> +++ b/gcc/testsuite/gcc.target/powerpc/pr114759-2.c
> @@ -0,0 +1,17 @@
> +/* { dg-do compile } */
> +/* { dg-options "-O2 -mdejagnu-cpu=power8 -mrop-protect" } */
> +/* { dg-require-effective-target rop_ok } Only enable on supported ABIs. */
> +
> +/* Verify we generate ROP-protect hash insns when compiling for Power8. */
> +
> +extern void foo (void);
> +
> +int
> +bar (void)
> +{
> + foo ();
> + return 5;
> +}
> +
> +/* { dg-final { scan-assembler-times {\mhashst\M} 1 } } */
> +/* { dg-final { scan-assembler-times {\mhashchk\M} 1 } } */
> diff --git a/gcc/testsuite/lib/target-supports.exp b/gcc/testsuite/lib/target-supports.exp
> index e307f4e69ef..b1ef4e8eaef 100644
> --- a/gcc/testsuite/lib/target-supports.exp
> +++ b/gcc/testsuite/lib/target-supports.exp
> @@ -7339,7 +7339,7 @@ proc check_effective_target_powerpc_elfv2 { } {
> # Return 1 if this is a PowerPC target supporting -mrop-protect
>
> proc check_effective_target_rop_ok { } {
> - return [check_effective_target_power10_ok] && [check_effective_target_powerpc_elfv2]
> + return [check_effective_target_has_arch_pwr8] && [check_effective_target_powerpc_elfv2]
> }
>
> # The VxWorks SPARC simulator accepts only EM_SPARC executables and
next prev parent reply other threads:[~2024-06-25 9:40 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-19 21:14 [PATCH] " Peter Bergner
2024-06-24 21:24 ` Peter Bergner [this message]
2024-07-03 9:01 ` Kewen.Lin
2024-07-03 15:05 ` Peter Bergner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d05526e5-5f17-4c59-8d77-327b12df7ceb@linux.ibm.com \
--to=bergner@linux.ibm.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=linkw@linux.ibm.com \
--cc=segher@kernel.crashing.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).