From patchwork Wed Aug 9 21:16:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Uros Bizjak X-Patchwork-Id: 799964 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=gcc-patches-return-460141-incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.b="RWPg4MAT"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3xSPGH4bHGz9s7F for ; Thu, 10 Aug 2017 07:16:38 +1000 (AEST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender :mime-version:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; q=dns; s=default; b=rtmV3km6FaVYg2X b2F6lyu2+wYLzGpY7ROdOtoHEtBqloOj5TK3HZwEi2H0vsblScb4uNcnzPmus58D KPwJigRQ57fgLw+CV4fs8GwxI3lh66V+oodO3SsBSBzDBXWtNK6XpdkpjW4dcnV+ CzYwQRZ0Hp5+8DCV6JFK0QFwBNKM= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender :mime-version:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; s=default; bh=2oNvVNR/HnGdaVu8u/c3E w4cf9E=; b=RWPg4MATmQAtKniz2GGrO5OgZ7PE1k4PnWajPtk5ZO3r3w1+hPIaa gPrkhDfSnDGlc/9T/kIEMnLuvpGPAxK2e6jAIo3TeeZiOo5rCA7lM2+th/SQoY24 F81ED8ao8nR8n0kjM+E5ZhZ3z1tTtBAxDl20Dc+lYg4fOcxoP4ldeo= Received: (qmail 45286 invoked by alias); 9 Aug 2017 21:16:20 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 44171 invoked by uid 89); 9 Aug 2017 21:16:14 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-14.5 required=5.0 tests=AWL, BAYES_00, FREEMAIL_FROM, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_ASCII_DIVIDERS, RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_SPAM, SPF_PASS autolearn=ham version=3.3.2 spammy=Attached X-HELO: mail-ua0-f181.google.com Received: from mail-ua0-f181.google.com (HELO mail-ua0-f181.google.com) (209.85.217.181) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 09 Aug 2017 21:16:11 +0000 Received: by mail-ua0-f181.google.com with SMTP id k43so33688170uaf.3 for ; Wed, 09 Aug 2017 14:16:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=I831/UXMmgYV6vweyJOLj45CebSdQ3D294EwgxW78vU=; b=LygO2Rb4qO2Lrs4STM330SAJS8MZCh75evqwHGVpSiJDjKkRG7uMAmz053GjpBoW/5 00aJRsPi/0hJFTFaZSElAOxC0OqqBrnkPYXqhKu9erdEJobe9Lim7En/Z7qZTgOF5Xek VcKIrxDOgxQ76D2jC88cbSuPl/Ue/yJncyskNCjDi9AK68MDLs0Oj6607DWphHyfF34v VuHt+oAGW4C5KeVPIrHs3cFJHxLaCHIU6Yv+FTQMeuEy9O942dNxygcmC27eTpvC6rol M9PtaGv1nG1xVaBo2vT07UW4QYRgZ13kzapaumvLC/5FxNU8pYL7VRh0gJOqOR/QyZHw XKtw== X-Gm-Message-State: AHYfb5iEb7BdxbML2SaAamWsc+9PZTgxsFdf35PhN0MZ19oL/g7ciKTC wKcPfJSXuTRgDDuW45l7K8SN22SnlKky X-Received: by 10.176.4.111 with SMTP id 102mr7164449uav.146.1502313369915; Wed, 09 Aug 2017 14:16:09 -0700 (PDT) MIME-Version: 1.0 Received: by 10.103.68.218 with HTTP; Wed, 9 Aug 2017 14:16:09 -0700 (PDT) In-Reply-To: References: From: Uros Bizjak Date: Wed, 9 Aug 2017 23:16:09 +0200 Message-ID: Subject: Re: [PATCH, i386]: Make stack canary location customizable (PR target/81708) To: "gcc-patches@gcc.gnu.org" Cc: Andrew Lutomirski On Tue, Aug 8, 2017 at 6:54 PM, Uros Bizjak wrote: > Hello! > > Attached patch introduces -mstack-protector-guard-reg= and > -mstack-protector-guard-offset= options to make stack canary location > customizable. These are the same options powerpc has. Attached addition adds -mstack-protector-guard-symbol= option that overrides the offset to TLS stack protector canary with a symbol name. Using this option, stack protector canary can be loaded from specified symbol, relative to guard reg: gcc -O2 -fstack-protector-all -mstack-protector-guard=tls -mstack-protector-guard-reg=gs -mstack-protector-guard-symbol=my_guard movq %gs:my_guard(%rip), %rax movq %rax, 8(%rsp) xorl %eax, %eax movq 8(%rsp), %rax xorq %gs:my_guard(%rip), %rax 2017-08-09 Uros Bizjak PR target/81708 * config/i386/i386.opt (mstack-protector-guard-symbol=): New option * config/i386/i386.c (ix86_stack_protect_guard): Use ix86_stack_protect_guard_symbol_str to generate varible declaration. * doc/invoke.texi (x86 Options): Document -mstack-protector-guard-symbol= option. testsuite/ChangeLog: 2017-08-09 Uros Bizjak PR target/81708 * gcc.target/i386/stack-prot-sym.c: New test. Patch was bootstrapped and regression tested on x86_64-linux-gnu {,-m32}. I plan to commit the patch to mainline SVN in a couple of days. Uros. Index: config/i386/i386.c =================================================================== --- config/i386/i386.c (revision 250999) +++ config/i386/i386.c (working copy) @@ -45858,6 +45858,8 @@ ix86_mangle_type (const_tree type) } } +static GTY(()) tree ix86_tls_stack_chk_guard_decl; + static tree ix86_stack_protect_guard (void) { @@ -45864,15 +45866,47 @@ ix86_stack_protect_guard (void) if (TARGET_SSP_TLS_GUARD) { tree type_node = lang_hooks.types.type_for_mode (ptr_mode, 1); - int qual = ENCODE_QUAL_ADDR_SPACE (ix86_stack_protector_guard_reg); + tree type = build_qualified_type (type_node, qual); + tree t; - tree type = build_qualified_type (type_node, qual); - tree asptrtype = build_pointer_type (type); - tree sspoff = build_int_cst (asptrtype, - ix86_stack_protector_guard_offset); - tree t = build2 (MEM_REF, asptrtype, sspoff, - build_int_cst (asptrtype, 0)); + if (global_options_set.x_ix86_stack_protector_guard_symbol_str) + { + t = ix86_tls_stack_chk_guard_decl; + + if (t == NULL) + { + rtx x; + + t = build_decl + (UNKNOWN_LOCATION, VAR_DECL, + get_identifier (ix86_stack_protector_guard_symbol_str), + type); + TREE_STATIC (t) = 1; + TREE_PUBLIC (t) = 1; + DECL_EXTERNAL (t) = 1; + TREE_USED (t) = 1; + TREE_THIS_VOLATILE (t) = 1; + DECL_ARTIFICIAL (t) = 1; + DECL_IGNORED_P (t) = 1; + + /* Do not share RTL as the declaration is visible outside of + current function. */ + x = DECL_RTL (t); + RTX_FLAG (x, used) = 1; + + ix86_tls_stack_chk_guard_decl = t; + } + } + else + { + tree asptrtype = build_pointer_type (type); + + t = build_int_cst (asptrtype, ix86_stack_protector_guard_offset); + t = build2 (MEM_REF, asptrtype, t, + build_int_cst (asptrtype, 0)); + } + return t; } Index: config/i386/i386.opt =================================================================== --- config/i386/i386.opt (revision 250999) +++ config/i386/i386.opt (working copy) @@ -938,6 +938,10 @@ Use the given offset for addressing the stack-prot TargetVariable HOST_WIDE_INT ix86_stack_protector_guard_offset = 0 +mstack-protector-guard-symbol= +Target RejectNegative Joined Integer Var(ix86_stack_protector_guard_symbol_str) +Use the given symbol for addressing the stack-protector guard. + mmitigate-rop Target Var(flag_mitigate_rop) Init(0) Attempt to avoid generating instruction sequences containing ret bytes. Index: doc/invoke.texi =================================================================== --- doc/invoke.texi (revision 250999) +++ doc/invoke.texi (working copy) @@ -1216,7 +1216,8 @@ See RS/6000 and PowerPC Options. -mavx256-split-unaligned-load -mavx256-split-unaligned-store @gol -malign-data=@var{type} -mstack-protector-guard=@var{guard} @gol -mstack-protector-guard-reg=@var{reg} @gol --mstack-protector-guard-offset=@var{offset} -mmitigate-rop @gol +-mstack-protector-guard-offset=@var{offset} @gol +-mstack-protector-guard-symbol=@var{symbol} -mmitigate-rop @gol -mgeneral-regs-only -mcall-ms2sysv-xlogues} @emph{x86 Windows Options} @@ -22753,9 +22754,11 @@ The @option{-mno-compat-align-parm} option is the @item -mstack-protector-guard=@var{guard} @itemx -mstack-protector-guard-reg=@var{reg} @itemx -mstack-protector-guard-offset=@var{offset} +@itemx -mstack-protector-guard-symbol=@var{symbol} @opindex mstack-protector-guard @opindex mstack-protector-guard-reg @opindex mstack-protector-guard-offset +@opindex mstack-protector-guard-symbol Generate stack protection code using canary at @var{guard}. Supported locations are @samp{global} for global canary or @samp{tls} for per-thread canary in the TLS block (the default with GNU libc version 2.4 or later). @@ -22765,7 +22768,8 @@ With the latter choice the options @option{-mstack-protector-guard-offset=@var{offset}} furthermore specify which register to use as base register for reading the canary, and from what offset from that base register. The default for those is as specified in the -relevant ABI. +relevant ABI. @option{-mstack-protector-guard-symbol=@var{symbol}} overrides +the offset with a symbol reference to a canary in the TLS block. @end table @node RX Options Index: testsuite/gcc.target/i386/stack-prot-sym.c =================================================================== --- testsuite/gcc.target/i386/stack-prot-sym.c (nonexistent) +++ testsuite/gcc.target/i386/stack-prot-sym.c (working copy) @@ -0,0 +1,6 @@ +/* { dg-do compile } */ +/* { dg-options "-O2 -fstack-protector-all -mstack-protector-guard=tls -mstack-protector-guard-reg=gs -mstack-protector-guard-symbol=my_guard" } */ + +void f(void) { } + +/* { dg-final { scan-assembler "gs:my_guard" } } */