From patchwork Fri Jan 12 22:33:06 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bill Schmidt <wschmidt@linux.vnet.ibm.com>
X-Patchwork-Id: 860219
Return-Path: 
 <gcc-patches-return-471065-incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org
	(client-ip=209.132.180.131; helo=sourceware.org;
	envelope-from=gcc-patches-return-471065-incoming=patchwork.ozlabs.org@gcc.gnu.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org
	header.b="Us9LkP6Q"; dkim-atps=neutral
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3zJHZv1nm6z9ryk
	for <incoming@patchwork.ozlabs.org>;
	Sat, 13 Jan 2018 09:33:27 +1100 (AEDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:to:cc
	:from:subject:date:mime-version:content-type
	:content-transfer-encoding:message-id; q=dns; s=default; b=GWUWq
	Z9Q5HiuCg6tdSS+4j3TA2wKZvYcBlEH5Nvv7BYBpxFQZx8YzMWL73Z6mN7xazKyH
	KZ+3qDurvHs/+vHJVxfhQEnacf4nL92/iuEqmDSJLvlKSuJBBhZtsnpu+7KqB6jZ
	u+R/TlNExMigJCjR8kZJ14mtkOv61rHapXLFqw=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:to:cc
	:from:subject:date:mime-version:content-type
	:content-transfer-encoding:message-id; s=default; bh=zkzy/RR5d+U
	ldZSVSnlXmbT0E48=; b=Us9LkP6QszoO6S2HiXAcmY63KQhECDABwocDh04wOAJ
	c09vBk7TpfUehFAGMPbxYDlA4/PjVpJpZaCCsPckk/fy06lEeZcdKGKUEqvsgJPM
	G76YtN30Ek9A3pwZT/SsU5bZeSpyhrk0Uj5vSczxnDzpiVxgHULMyiI6kLza+JAk
	=
Received: (qmail 29701 invoked by alias); 12 Jan 2018 22:33:17 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: 
 <mailto:gcc-patches-unsubscribe-incoming=patchwork.ozlabs.org@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org
Received: (qmail 29559 invoked by uid 89); 12 Jan 2018 22:33:16 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-10.6 required=5.0 tests=AWL, BAYES_00,
	GIT_PATCH_2, GIT_PATCH_3, KAM_ASCII_DIVIDERS,
	KAM_LAZY_DOMAIN_SECURITY,
	RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.2 spammy=gg, nn,
	6173
X-HELO: mx0a-001b2d01.pphosted.com
Received: from mx0a-001b2d01.pphosted.com (HELO mx0a-001b2d01.pphosted.com)
	(148.163.156.1) by sourceware.org
	(qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP;
	Fri, 12 Jan 2018 22:33:13 +0000
Received: from pps.filterd (m0098396.ppops.net [127.0.0.1])	by
	mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
	w0CMX50T121599	for <gcc-patches@gcc.gnu.org>;
	Fri, 12 Jan 2018 17:33:12 -0500
Received: from e36.co.us.ibm.com (e36.co.us.ibm.com [32.97.110.154])	by
	mx0a-001b2d01.pphosted.com with ESMTP id
	2ff39anpsf-1	(version=TLSv1.2 cipher=AES256-SHA bits=256
	verify=NOT)	for <gcc-patches@gcc.gnu.org>;
	Fri, 12 Jan 2018 17:33:11 -0500
Received: from localhost	by e36.co.us.ibm.com with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted	for
	<gcc-patches@gcc.gnu.org> from <wschmidt@linux.vnet.ibm.com>;
	Fri, 12 Jan 2018 15:33:10 -0700
Received: from b03cxnp07028.gho.boulder.ibm.com (9.17.130.15)	by
	e36.co.us.ibm.com (192.168.1.136) with IBM ESMTP SMTP
	Gateway: Authorized Use Only! Violators will be prosecuted;
	Fri, 12 Jan 2018 15:33:07 -0700
Received: from b03ledav001.gho.boulder.ibm.com
	(b03ledav001.gho.boulder.ibm.com [9.17.130.232])	by
	b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0)
	with ESMTP id w0CMX7aM66715782; Fri, 12 Jan 2018 15:33:07 -0700
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])	by
	IMSVA (Postfix) with ESMTP id 097816E038;
	Fri, 12 Jan 2018 15:33:07 -0700 (MST)
Received: from bigmac.rchland.ibm.com (unknown [9.10.86.189])	by
	b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP id
	ACADD6E03D; Fri, 12 Jan 2018 15:33:06 -0700 (MST)
To: GCC Patches <gcc-patches@gcc.gnu.org>
Cc: Segher Boessenkool <segher@kernel.crashing.org>,
	David Edelsohn <dje.gcc@gmail.com>, amodra@gmail.com
From: Bill Schmidt <wschmidt@linux.vnet.ibm.com>
Subject: [PATCH,
	rs6000] Add -msafe-indirect-jumps option and implement safe bctrl
Date: Fri, 12 Jan 2018 16:33:06 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13;
	rv:52.0) Gecko/20100101 Thunderbird/52.5.2
MIME-Version: 1.0
X-TM-AS-GCONF: 00
x-cbid: 18011222-0020-0000-0000-00000D4B9907
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008366; HX=3.00000241; KW=3.00000007;
	PH=3.00000004; SC=3.00000245; SDB=6.00974121; UDB=6.00493640;
	IPR=6.00754066; BA=6.00005775; NDR=6.00000001; ZLA=6.00000005;
	ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000;
	ZU=6.00000002; MB=3.00019009; XFM=3.00000015;
	UTC=2018-01-12 22:33:09
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18011222-0021-0000-0000-00005FAAE566
Message-Id: <0d2655b0-d226-7791-0795-2217ec2b5f4f@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, ,
	definitions=2018-01-12_12:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0
	bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0
	impostorscore=0 adultscore=0 classifier=spam adjust=0
	reason=mlx scancount=1 engine=8.0.1-1709140000
	definitions=main-1801120298
X-IsSubscribed: yes

Hi,

This patch adds a new option for the compiler to produce only "safe" indirect
jumps, in the sense that these jumps are deliberately mispredicted to inhibit
speculative execution.  For now, this option is undocumented; this may change
at some future date.  It is intended eventually for the linker to also honor
this flag when creating PLT stubs, for example.

In addition to the new option, I've included changes to indirect calls for
the ELFv2 ABI when the option is specified.  In place of bctrl, we generate
a seteq followed by a beqctrl-.  Using the CR0.eq bit is safe since CR0 is
volatile over the call.

Future patches will address uses of the bctr instruction, which will require
a virtual condition register, since no assumptions can be made about CR
availability at bctr locations.

Bootstrapped and tested on powerpc64le-linux-gnu with no regressions.  Is this
okay for trunk?

Thanks,
Bill


[gcc]

2018-01-12  Bill Schmidt  <wschmidt@linux.vnet.ibm.com>

	* config/rs6000/rs6000.c (rs6000_opt_vars): Add entry for
	safe-indirect-jumps.
	* config/rs6000/rs6000.md (*call_indirect_elfv2<mode>): Restrict
	to case where -msafe-indirect-jumps is not in effect.
	(*call_indirect_elf2<mode>_safe): New define_insn.
	(*call_value_indirect_elfv2<mode>): Restrict to case where
	-msafe-indirect-jumps is not in effect.
	(*call_value_indirect_elfv2<mode>_safe): New define_insn.
	* config/rs6000/rs6000.opt (msafe-indirect-jumps): New option.

[gcc/testsuite]

2018-01-12  Bill Schmidt  <wschmidt@linux.vnet.ibm.com>

	* gcc.target/powerpc/safe-indirect-jump-1.c: New file.

Index: gcc/config/rs6000/rs6000.c
===================================================================
--- gcc/config/rs6000/rs6000.c	(revision 256364)
+++ gcc/config/rs6000/rs6000.c	(working copy)
@@ -36726,6 +36726,9 @@ static struct rs6000_opt_var const rs6000_opt_vars
   { "sched-epilog",
     offsetof (struct gcc_options, x_TARGET_SCHED_PROLOG),
     offsetof (struct cl_target_option, x_TARGET_SCHED_PROLOG), },
+  { "safe-indirect-jumps",
+    offsetof (struct gcc_options, x_rs6000_safe_indirect_jumps),
+    offsetof (struct cl_target_option, x_rs6000_safe_indirect_jumps), },
 };
 
 /* Inner function to handle attribute((target("..."))) and #pragma GCC target
Index: gcc/config/rs6000/rs6000.md
===================================================================
--- gcc/config/rs6000/rs6000.md	(revision 256364)
+++ gcc/config/rs6000/rs6000.md	(working copy)
@@ -11222,11 +11222,22 @@
 	 (match_operand 1 "" "g,g"))
    (set (reg:P TOC_REGNUM) (unspec:P [(match_operand:P 2 "const_int_operand" "n,n")] UNSPEC_TOCSLOT))
    (clobber (reg:P LR_REGNO))]
-  "DEFAULT_ABI == ABI_ELFv2"
+  "DEFAULT_ABI == ABI_ELFv2 && !rs6000_safe_indirect_jumps"
   "b%T0l\;<ptrload> 2,%2(1)"
   [(set_attr "type" "jmpreg")
    (set_attr "length" "8")])
 
+;; Variant with deliberate misprediction.
+(define_insn "*call_indirect_elfv2<mode>_safe"
+  [(call (mem:SI (match_operand:P 0 "register_operand" "c,*l"))
+	 (match_operand 1 "" "g,g"))
+   (set (reg:P TOC_REGNUM) (unspec:P [(match_operand:P 2 "const_int_operand" "n,n")] UNSPEC_TOCSLOT))
+   (clobber (reg:P LR_REGNO))]
+  "DEFAULT_ABI == ABI_ELFv2 && rs6000_safe_indirect_jumps"
+  "seteq\;beq%T0l-\;<ptrload> 2,%2(1)"
+  [(set_attr "type" "jmpreg")
+   (set_attr "length" "12")])
+
 (define_insn "*call_value_indirect_elfv2<mode>"
   [(set (match_operand 0 "" "")
 	(call (mem:SI (match_operand:P 1 "register_operand" "c,*l"))
@@ -11233,11 +11244,22 @@
 	      (match_operand 2 "" "g,g")))
    (set (reg:P TOC_REGNUM) (unspec:P [(match_operand:P 3 "const_int_operand" "n,n")] UNSPEC_TOCSLOT))
    (clobber (reg:P LR_REGNO))]
-  "DEFAULT_ABI == ABI_ELFv2"
+  "DEFAULT_ABI == ABI_ELFv2 && !rs6000_safe_indirect_jumps"
   "b%T1l\;<ptrload> 2,%3(1)"
   [(set_attr "type" "jmpreg")
    (set_attr "length" "8")])
 
+; Variant with deliberate misprediction.
+(define_insn "*call_value_indirect_elfv2<mode>_safe"
+  [(set (match_operand 0 "" "")
+	(call (mem:SI (match_operand:P 1 "register_operand" "c,*l"))
+	      (match_operand 2 "" "g,g")))
+   (set (reg:P TOC_REGNUM) (unspec:P [(match_operand:P 3 "const_int_operand" "n,n")] UNSPEC_TOCSLOT))
+   (clobber (reg:P LR_REGNO))]
+  "DEFAULT_ABI == ABI_ELFv2 && rs6000_safe_indirect_jumps"
+  "seteq\;beq%T1l-\;<ptrload> 2,%3(1)"
+  [(set_attr "type" "jmpreg")
+   (set_attr "length" "12")])
 
 ;; Call subroutine returning any type.
 (define_expand "untyped_call"
Index: gcc/config/rs6000/rs6000.opt
===================================================================
--- gcc/config/rs6000/rs6000.opt	(revision 256364)
+++ gcc/config/rs6000/rs6000.opt	(working copy)
@@ -617,3 +617,8 @@ Use the given offset for addressing the stack-prot
 
 TargetVariable
 long rs6000_stack_protector_guard_offset = 0
+
+;; -msafe-indirect-jumps adds deliberate misprediction to indirect
+;; branches via the CTR.
+msafe-indirect-jumps
+Target Undocumented Var(rs6000_safe_indirect_jumps) Init(0) Save
Index: gcc/testsuite/gcc.target/powerpc/safe-indirect-jump-1.c
===================================================================
--- gcc/testsuite/gcc.target/powerpc/safe-indirect-jump-1.c	(nonexistent)
+++ gcc/testsuite/gcc.target/powerpc/safe-indirect-jump-1.c	(working copy)
@@ -0,0 +1,14 @@
+/* { dg-do compile { target { powerpc64le-*-* } } } */
+/* { dg-options "-msafe-indirect-jumps" } */
+
+/* Test for deliberate misprediction of indirect calls for ELFv2.  */
+
+extern int (*f)();
+
+int bar ()
+{
+  return (*f) ();
+}
+
+/* { dg-final { scan-assembler "seteq" } } */
+/* { dg-final { scan-assembler "beqctrl-" } } */