Re: [PATCH 0/4] [rs6000] ROP support

Mon, 26 Apr 2021 09:33:45 -0700 

On 4/26/21 11:01 AM, will schmidt wrote:

On Sun, 2021-04-25 at 20:50 -0500, Bill Schmidt via Gcc-patches wrote:

Add POWER10 support for hashst[p] and hashchk[p] operations.  When
the -mrop-protect option is selected, any function that loads the
link
register from memory before returning must have protection in the
prologue and epilogue to ensure the link register save location has
not been compromised.  If -mprivileged is also specified, the
protection instructions generated require supervisor privilege.

Hi,

Is -mprivileged tied directly to ROP, or is it a 'generic' option?

As
is, it looks like it can be considered generic, so could be also used
for other cases where we would want to generate instructions that
require supervisor privilege.
Yes, this is deliberately designed to be orthogonal from the specific ROP support.  That is, ROP is the first use, but other future uses are anticipated. 

Bill



Additional comments on the subsequent patches..
thanks
-Will


The patches are broken up into logical chunks:
  - Option handling
  - Instruction generation
  - Predefined macro handling
  - Test cases

Bootstrapped and tested on a POWER10 system with no regressions.
Tests on a kernel that enables user-space ROP mitigation were
successful.  Is this series ok for trunk?  I would also like to later
backport these patches to GCC for the 11.2 release.

Thanks!
Bill

Bill Schmidt (4):
   rs6000: Add -mrop-protect and -mprivileged flags
   rs6000: Emit ROP-protect instructions in prologue and epilogue
   rs6000: Conditionally define __ROP_PROTECT__
   rs6000: Add ROP tests

  gcc/config/rs6000/rs6000-c.c             |  3 +
  gcc/config/rs6000/rs6000-internal.h      |  2 +
  gcc/config/rs6000/rs6000-logue.c         | 86 +++++++++++++++++++++-
--
  gcc/config/rs6000/rs6000.c               |  7 ++
  gcc/config/rs6000/rs6000.md              | 39 +++++++++++
  gcc/config/rs6000/rs6000.opt             |  6 ++
  gcc/doc/invoke.texi                      | 19 +++++-
  gcc/testsuite/gcc.target/powerpc/rop-1.c | 16 +++++
  gcc/testsuite/gcc.target/powerpc/rop-2.c | 16 +++++
  gcc/testsuite/gcc.target/powerpc/rop-3.c | 19 ++++++
  gcc/testsuite/gcc.target/powerpc/rop-4.c | 14 ++++
  gcc/testsuite/gcc.target/powerpc/rop-5.c | 17 +++++
  12 files changed, 231 insertions(+), 13 deletions(-)
  create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-1.c
  create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-2.c
  create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-3.c
  create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-4.c
  create mode 100644 gcc/testsuite/gcc.target/powerpc/rop-5.c

Reply via email to