]> git.ipfire.org Git - thirdparty/glibc.git/commitdiff
powerpc64le: _init/_fini file changes for ROP
authorSachin Monga <smonga@linux.ibm.com>
Wed, 20 Nov 2024 21:50:00 +0000 (16:50 -0500)
committerPeter Bergner <bergner@linux.ibm.com>
Wed, 20 Nov 2024 21:50:34 +0000 (16:50 -0500)
The ROP instructions were added in ISA 3.1 (ie, Power10), however they
were defined so that if executed on older cpus, they would behave as
nops.  This allows us to emit them on older cpus and they'd just be
ignored, but if run on a Power10, then the binary would be ROP protected.

Hash instructions use negative offsets so the default position
of ROP pointer is FRAME_ROP_SAVE from caller's SP.

Modified FRAME_MIN_SIZE_PARM to 112 for ELFv2 to reserve
additional 16 bytes for ROP save slot and padding.

Signed-off-by: Sachin Monga <smonga@linux.ibm.com>
Reviewed-by: Peter Bergner <bergner@linux.ibm.com>
sysdeps/powerpc/powerpc64/crti.S
sysdeps/powerpc/powerpc64/crtn.S
sysdeps/powerpc/powerpc64/sysdep.h

index 71bdddfb3b01a6a5c65a1eb3f6b208895b414521..e977bc4b9c74fc29227c06fb020f473dd93c6895 100644 (file)
@@ -68,6 +68,9 @@ BODY_LABEL (_init):
        LOCALENTRY(_init)
        mflr 0
        std 0, FRAME_LR_SAVE(r1)
+#ifdef __ROP_PROTECT__
+       hashst 0, FRAME_ROP_SAVE(r1)
+#endif
        stdu r1, -FRAME_MIN_SIZE_PARM(r1)
 #if PREINIT_FUNCTION_WEAK
        addis r9, r2, .LC0@toc@ha
@@ -87,4 +90,7 @@ BODY_LABEL (_fini):
        LOCALENTRY(_fini)
        mflr 0
        std 0, FRAME_LR_SAVE(r1)
+#ifdef __ROP_PROTECT__
+       hashst 0, FRAME_ROP_SAVE(r1)
+#endif
        stdu r1, -FRAME_MIN_SIZE_PARM(r1)
index 4e91231f2c1954f4a582f33678c92b44b7cb9ffe..a37e159950869055d7812edb7ec9476ef65cafb4 100644 (file)
        addi r1, r1, FRAME_MIN_SIZE_PARM
        ld r0, FRAME_LR_SAVE(r1)
        mtlr r0
+#ifdef __ROP_PROTECT__
+       hashchk 0, FRAME_ROP_SAVE(r1)
+#endif
        blr
 
        .section .fini,"ax",@progbits
        addi r1, r1, FRAME_MIN_SIZE_PARM
        ld r0, FRAME_LR_SAVE(r1)
        mtlr r0
+#ifdef __ROP_PROTECT__
+       hashchk 0, FRAME_ROP_SAVE(r1)
+#endif
        blr
index c439b061218b18d5d9fb2fd5c6fc069bdc52c389..b5c70e526e52c8aaf943861a47966381b754f7af 100644 (file)
@@ -31,8 +31,9 @@
 #define FRAME_TOC_SAVE         40
 #define FRAME_PARM_SAVE                48
 #else
+#define FRAME_ROP_SAVE         -8
 #define FRAME_MIN_SIZE         32
-#define FRAME_MIN_SIZE_PARM    96
+#define FRAME_MIN_SIZE_PARM    112 /* Includes space for the ROP save slot */
 #define FRAME_TOC_SAVE         24
 #define FRAME_PARM_SAVE                32
 #endif