From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) by sourceware.org (Postfix) with ESMTPS id 4CF1F3858D39 for ; Wed, 22 Nov 2023 14:16:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 4CF1F3858D39 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 4CF1F3858D39 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::633 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700662577; cv=none; b=xOE37P7VWYoagn2wcph2lZ2DWaWbg2PdE1x9uzOT4HgJ85cg5eGHk8oVu3DDAE7G8irjHomx1k/q9bTqg6gUsRkbmKrrKGvzLM2MotwU8wcZU15byio7wJdLKWwPmHkhyn9GwTB/XZ0rYvIaIHirwVxGnZz2lljIqIlDsuu2HaM= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700662577; c=relaxed/simple; bh=o++0V3qkNsnAI/Fq00D+rDv3ELfXrcImhjFWKu6B1os=; h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From; b=YR7xY0FOJKOuz4dbI8BrUG/B6V3slYWHfss4iaSncp/O+G05RsWrfxYfrKbhJL76O5vVu1KlpbAqpJxVcqYAi5jobYhcJMEil0+CbjvjQtjwVpBHYd62ozxJsCD6PMvIGAgw6OvQFyZImBK1/mLt8l4ibyxwkswsvrsVvY//f0Q= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pl1-x633.google.com with SMTP id d9443c01a7336-1ce627400f6so40006095ad.2 for ; Wed, 22 Nov 2023 06:16:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1700662573; x=1701267373; darn=sourceware.org; h=content-transfer-encoding:in-reply-to:organization:from:references :to:content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=P1NdaojwwzJT4oFB6+UBUJhmOtryK/szvzjTSNm4xus=; b=GnelDrQ45cSoFvRoQ/wdBSV3IjqUULTCsnuTu+KpkNsqYqL40sXeEjtOJAk42BRuvy jOesJ+RLXmEZsQhB3yaydAfSm8ofsNA57sTnNG8ii6hPeZ1C0lNtFsBVYR1RfQRwTNGd DTOnriPxDvbysZm+4MoAHUj+PkF5UVfIVqXHHUd7ol8qrrl7B3MKUb97NoMf7Wnhfm3z 3PmZ27WcqWcP+DliL246QFGuOU9til2ECUHfpGj7+egU4nO6xsZMYtmEOKzldXOEgJej IubEKfrEeKAxXXfkPP+OfDhQmepp0EOpTSTsWibhitAK08ZB/g370PtDGTEAtJDMa5SH 8z5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700662573; x=1701267373; h=content-transfer-encoding:in-reply-to:organization:from:references :to:content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=P1NdaojwwzJT4oFB6+UBUJhmOtryK/szvzjTSNm4xus=; b=aHthIxg+ngmjWVwz+K/26uvOSwheARrjsOo0p3pIG0KgT3/bjb3lOwYZoDMLEbBGOB A/1lb6tQCPHB5NNuCCcSd6RmVUXw4h61iaBwMPp9308SD5iv9H2eTse+BopMSYUr31QW xf2lkBnHDoEpGFGlrod8XvOiHtF4u79p92EwYa+cSMogn1O9ZI3ROB3iL0/n1QcxKrOh J3+kf39DNOfHL0O/dpzrDXpIFSMhvKl7UfpqBDijE+oeOpf4c75DNqCx8pyXSrvDK3Na f5+lYKzbQQESwBEMI8okUHaFIde74dCDo7eV5CIQzJT2pb2xxFfkHhmMsc80KS0wAXk0 HAQg== X-Gm-Message-State: AOJu0Yw0VZ/7wCxd1l3jsi9mocPAIz/Wl64T6ClH8Tztbih99dX2w7NX rVY3KPJGGmawR/Epkr5Q6paXvON5TjL0yg6k0zuT4g== X-Google-Smtp-Source: AGHT+IHjUKl6ttm/9wa+AtL5giuNBLQuharoa5ItN4U1VuMT4h70WcKbZr6lfiCVpIeZ8udxqtgKLA== X-Received: by 2002:a17:903:41c1:b0:1cc:665d:f818 with SMTP id u1-20020a17090341c100b001cc665df818mr2205783ple.68.1700662572552; Wed, 22 Nov 2023 06:16:12 -0800 (PST) Received: from ?IPV6:2804:1b3:a7c2:94e:bdbe:c355:6ac:193b? ([2804:1b3:a7c2:94e:bdbe:c355:6ac:193b]) by smtp.gmail.com with ESMTPSA id a4-20020a170902ee8400b001c9d011581dsm9887713pld.164.2023.11.22.06.16.10 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 22 Nov 2023 06:16:11 -0800 (PST) Message-ID: <6f71d0cf-6f2c-4b97-9b75-7b5f495735a1@linaro.org> Date: Wed, 22 Nov 2023 11:16:09 -0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [patch/idea v2] Add register scrambling to testsuite Content-Language: en-US To: libc-alpha@sourceware.org, Carlos O'Donell , DJ Delorie References: <5fa88a86-7bb5-69a0-9a51-a8b8c1cc888a@redhat.com> From: Adhemerval Zanella Netto Organization: Linaro In-Reply-To: <5fa88a86-7bb5-69a0-9a51-a8b8c1cc888a@redhat.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-11.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,KAM_SHORT,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 22/11/23 10:34, Carlos O'Donell wrote: > On 6/15/22 16:37, DJ Delorie via Libc-alpha wrote: >> [added register clobbers, filled out ppc/x86 lists, added riscv] > > I was reviewing your patch queue and this was the last item. > > Changes requested. > >> Allow for target-specific register "scrambling" - loading arbitrary >> values into all registers that need not be call-saved. These values >> should be non-zero and invalid addresses, to help catch inadvertent >> uses of otherwise uninitialized registers. > > Suggest adding: > > The goal with this change is to add a minimal amount of register scrambling that > perturbs system state. The goal is not to cover all call paths, or to correctly > fuzz all assembly implementations (which we should have fewer of), or to insert > per-PLT call register fuzzing. This change is the smallest possible change that > adds the largest amount of state change to simulate an application having modified > the register states. If the compiler uses the registers between scrambling and > the assembly then that's fine too because they will then have non-zero values. > The machine implementations should not zero registers but use large values that > are not valid pointers. Maybe also add some state perturbation for ISA extensions, like AVX, VSX, NEON, etc? The original issue 0218463dd8265ed937622f88ac68c7d984fe0cfc that motivate this patch was originally for the powerpc vector extension. > >> >> Intended to help prevent bugs such as those fixed by >> 0218463dd8265ed937622f88ac68c7d984fe0cfc >> >> diff --git a/support/Makefile b/support/Makefile >> index 9b50eac117..91b940c379 100644 >> --- a/support/Makefile >> +++ b/support/Makefile >> @@ -76,6 +76,7 @@ libsupport-routines = \ >> support_quote_string \ >> support_record_failure \ >> support_run_diff \ >> + support_scramble_registers \ > > OK. Looks correctly sorted (lint-makefiles will fail if it isn't). > >> support_select_modifies_timeout \ >> support_select_normalizes_timeout \ >> support_set_small_thread_stack_size \ >> diff --git a/support/support.h b/support/support.h >> index d20051da4d..3d049575d0 100644 >> --- a/support/support.h >> +++ b/support/support.h >> @@ -233,6 +233,11 @@ void support_stack_free (struct support_stack *stack); >> The returned value is the lowest file descriptor number. */ >> int support_open_dev_null_range (int num, int flags, mode_t mode); >> >> +/* Write arbitrary values to all registers that can be written do, to >> + avoid assumptions about initial register contents in test >> + cases. */ >> +void support_scramble_registers (void); > > OK. > > >> + >> __END_DECLS >> >> #endif /* SUPPORT_H */ >> diff --git a/support/support_scramble_registers.c b/support/support_scramble_registers.c >> new file mode 100644 >> index 0000000000..d5e2d3fd6d >> --- /dev/null >> +++ b/support/support_scramble_registers.c >> @@ -0,0 +1,29 @@ >> +/* scramble any call-not-preserved registers >> + Copyright (C) 2022 Free Software Foundation, Inc. >> + This file is part of the GNU C Library. >> + >> + The GNU C Library is free software; you can redistribute it and/or >> + modify it under the terms of the GNU Lesser General Public >> + License as published by the Free Software Foundation; either >> + version 2.1 of the License, or (at your option) any later version. >> + >> + The GNU C Library is distributed in the hope that it will be useful, >> + but WITHOUT ANY WARRANTY; without even the implied warranty of >> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >> + Lesser General Public License for more details. >> + >> + You should have received a copy of the GNU Lesser General Public >> + License along with the GNU C Library; if not, see >> + . */ >> + >> +#include >> + >> +#include "scramble-regs.h" >> + >> +void >> +support_scramble_registers(void) >> +{ >> +#ifdef SCRAMBLE_REGS > > Typo-prone interface. > > Please either remove the macro e.g. provide a concrete inline function implementation. > > Or make it typo-safe with a centralized default that is typo-safe. > > See: https://sourceware.org/glibc/wiki/Wundef > >> + SCRAMBLE_REGS; >> +#endif >> +} > > > >> diff --git a/support/support_test_main.c b/support/support_test_main.c >> index 60307fd68e..0ccb182791 100644 >> --- a/support/support_test_main.c >> +++ b/support/support_test_main.c >> @@ -269,6 +269,8 @@ adjust_exit_status (int status) >> int >> support_test_main (int argc, char **argv, const struct test_config *config) >> { >> + support_scramble_registers(); > > OK. > >> + >> if (test_main_called) >> { >> printf ("error: test_main called for a second time\n"); >> diff --git a/sysdeps/generic/scramble-regs.h b/sysdeps/generic/scramble-regs.h >> new file mode 100644 >> index 0000000000..e3c158d475 >> --- /dev/null >> +++ b/sysdeps/generic/scramble-regs.h >> @@ -0,0 +1,36 @@ >> +/* scramble any call-not-preserved registers, target portion. >> + Copyright (C) 2022 Free Software Foundation, Inc. >> + This file is part of the GNU C Library. >> + >> + The GNU C Library is free software; you can redistribute it and/or >> + modify it under the terms of the GNU Lesser General Public >> + License as published by the Free Software Foundation; either >> + version 2.1 of the License, or (at your option) any later version. >> + >> + The GNU C Library is distributed in the hope that it will be useful, >> + but WITHOUT ANY WARRANTY; without even the implied warranty of >> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >> + Lesser General Public License for more details. >> + >> + You should have received a copy of the GNU Lesser General Public >> + License along with the GNU C Library; if not, see >> + . */ >> + >> +/* Example target-specific usage: >> + >> + #define SCRAMBLE_REGS \ >> + asm volatile ("movl %0, %%eax" :: "i" (1235) : "%eax"); \ >> + asm volatile ("movl %0, %%edx" :: "i" (3579) : "%edx"); >> + >> + Targets are encouraged to create their own target-specific sub-definitions, like >> + >> + #ifndef SCRAMBLE_REGS_FPU >> + #define SCRAMBLE_REGS_FPU >> + #endif >> + #define SCRAMBLE_REGS \ >> + SCRAMBLE_REGS_FPU \ >> + asm volatile ("..."); \ >> + >> +*/ >> + > > Could be a header that provides the function. > >> +/* #define SCRAMBLE_REGS */ >> diff --git a/sysdeps/powerpc/scramble-regs.h b/sysdeps/powerpc/scramble-regs.h >> new file mode 100644 >> index 0000000000..8480ac0da3 >> --- /dev/null >> +++ b/sysdeps/powerpc/scramble-regs.h >> @@ -0,0 +1,30 @@ >> +/* scramble any call-not-preserved registers, powerpc version >> + Copyright (C) 2022 Free Software Foundation, Inc. >> + This file is part of the GNU C Library. >> + >> + The GNU C Library is free software; you can redistribute it and/or >> + modify it under the terms of the GNU Lesser General Public >> + License as published by the Free Software Foundation; either >> + version 2.1 of the License, or (at your option) any later version. >> + >> + The GNU C Library is distributed in the hope that it will be useful, >> + but WITHOUT ANY WARRANTY; without even the implied warranty of >> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >> + Lesser General Public License for more details. >> + >> + You should have received a copy of the GNU Lesser General Public >> + License along with the GNU C Library; if not, see >> + . */ >> + >> +#define SCRAMBLE_REGS \ >> + asm volatile ("li 0, %0" :: "i" (0x1235) : "0"); \ >> + asm volatile ("li 3, %0" :: "i" (0x1235) : "3"); \ >> + asm volatile ("li 4, %0" :: "i" (0x1235) : "4"); \ >> + asm volatile ("li 5, %0" :: "i" (0x1235) : "5"); \ >> + asm volatile ("li 6, %0" :: "i" (0x1235) : "6"); \ >> + asm volatile ("li 7, %0" :: "i" (0x1235) : "7"); \ >> + asm volatile ("li 8, %0" :: "i" (0x1235) : "8"); \ >> + asm volatile ("li 9, %0" :: "i" (0x1235) : "9"); \ >> + asm volatile ("li 10, %0" :: "i" (0x1235) : "10"); \ >> + asm volatile ("li 11, %0" :: "i" (0x1235) : "11"); \ >> + asm volatile ("li 12, %0" :: "i" (0x1235) : "12"); > > Likewise. > > Prefer header name to be something clearly support related: support-scramble-regs.h. > >> diff --git a/sysdeps/riscv/scramble-regs.h b/sysdeps/riscv/scramble-regs.h >> new file mode 100644 >> index 0000000000..85bc1d501c >> --- /dev/null >> +++ b/sysdeps/riscv/scramble-regs.h >> @@ -0,0 +1,34 @@ >> +/* scramble any call-not-preserved registers, powerpc version >> + Copyright (C) 2022 Free Software Foundation, Inc. >> + This file is part of the GNU C Library. >> + >> + The GNU C Library is free software; you can redistribute it and/or >> + modify it under the terms of the GNU Lesser General Public >> + License as published by the Free Software Foundation; either >> + version 2.1 of the License, or (at your option) any later version. >> + >> + The GNU C Library is distributed in the hope that it will be useful, >> + but WITHOUT ANY WARRANTY; without even the implied warranty of >> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >> + Lesser General Public License for more details. >> + >> + You should have received a copy of the GNU Lesser General Public >> + License along with the GNU C Library; if not, see >> + . */ >> + >> +#define SCRAMBLE_REGS \ >> + asm volatile ("li t0, %0" :: "i" (0x13579bdf) : "t0"); \ >> + asm volatile ("li t1, %0" :: "i" (0x13579bdf) : "t1"); \ >> + asm volatile ("li t2, %0" :: "i" (0x13579bdf) : "t2"); \ >> + asm volatile ("li t3, %0" :: "i" (0x13579bdf) : "t3"); \ >> + asm volatile ("li t4, %0" :: "i" (0x13579bdf) : "t4"); \ >> + asm volatile ("li t5, %0" :: "i" (0x13579bdf) : "t5"); \ >> + asm volatile ("li t6, %0" :: "i" (0x13579bdf) : "t6"); \ >> + asm volatile ("li a0, %0" :: "i" (0x13579bdf) : "a0"); \ >> + asm volatile ("li a1, %0" :: "i" (0x13579bdf) : "a1"); \ >> + asm volatile ("li a2, %0" :: "i" (0x13579bdf) : "a2"); \ >> + asm volatile ("li a3, %0" :: "i" (0x13579bdf) : "a3"); \ >> + asm volatile ("li a4, %0" :: "i" (0x13579bdf) : "a4"); \ >> + asm volatile ("li a5, %0" :: "i" (0x13579bdf) : "a5"); \ >> + asm volatile ("li a6, %0" :: "i" (0x13579bdf) : "a6"); \ >> + asm volatile ("li a7, %0" :: "i" (0x13579bdf) : "a7"); >> diff --git a/sysdeps/x86_64/scramble-regs.h b/sysdeps/x86_64/scramble-regs.h >> new file mode 100644 >> index 0000000000..3993c3b843 >> --- /dev/null >> +++ b/sysdeps/x86_64/scramble-regs.h >> @@ -0,0 +1,31 @@ >> +/* scramble any call-not-preserved registers, x86_64 version >> + Copyright (C) 2022 Free Software Foundation, Inc. >> + This file is part of the GNU C Library. >> + >> + The GNU C Library is free software; you can redistribute it and/or >> + modify it under the terms of the GNU Lesser General Public >> + License as published by the Free Software Foundation; either >> + version 2.1 of the License, or (at your option) any later version. >> + >> + The GNU C Library is distributed in the hope that it will be useful, >> + but WITHOUT ANY WARRANTY; without even the implied warranty of >> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >> + Lesser General Public License for more details. >> + >> + You should have received a copy of the GNU Lesser General Public >> + License along with the GNU C Library; if not, see >> + . */ >> + >> +/* SysV ABI: preserve EBX, ESP, EBP and R12-R15. */ >> + >> +#define SCRAMBLE_REGS \ >> + asm volatile ("movl %0, %%eax" :: "i" (0x12345679) : "%eax"); \ >> + asm volatile ("movl %0, %%ecx" :: "i" (0x12345679) : "%ecx"); \ >> + asm volatile ("movl %0, %%edx" :: "i" (0x12345679) : "%edx"); \ >> + asm volatile ("movl %0, %%esi" :: "i" (0x12345679) : "%esi"); \ >> + asm volatile ("movl %0, %%edi" :: "i" (0x12345679) : "%edi"); \ >> + asm volatile ("mov %0, %%r8" :: "i" (0x12345679) : "%r8"); \ >> + asm volatile ("mov %0, %%r9" :: "i" (0x12345679) : "%r9"); \ >> + asm volatile ("mov %0, %%r10" :: "i" (0x12345679) : "%r10"); \ >> + asm volatile ("mov %0, %%r11" :: "i" (0x12345679) : "%r11"); \ >> + >> >