git.ipfire.org Git - thirdparty/gcc.git/commit

author	Richard Sandiford <richard.sandiford@arm.com>
	Wed, 5 Aug 2020 14:18:36 +0000 (15:18 +0100)
committer	Giuliano Belinassi <giuliano.belinassi@usp.br>
	Mon, 17 Aug 2020 18:07:40 +0000 (15:07 -0300)
commit	6316834ed9731a385236b9ebdcc8057aeb40b508
tree	6bf2e5e821f404f303f54eb9ab7d71418c20f9a2	tree
parent	7d823797d2298e12a56c79504a5d255894cd32c8	commit \| diff

aarch64: Clear canary value after stack_protect_test [PR96191]

The stack_protect_test patterns were leaving the canary value in the
temporary register, meaning that it was often still in registers on
return from the function.  An attacker might therefore have been
able to use it to defeat stack-smash protection for a later function.

gcc/
PR target/96191
* config/aarch64/aarch64.md (stack_protect_test_<mode>): Set the
CC register directly, instead of a GPR.  Replace the original GPR
destination with an extra scratch register.  Zero out operand 3
after use.
(stack_protect_test): Update accordingly.

gcc/testsuite/
PR target/96191
* gcc.target/aarch64/stack-protector-1.c: New test.
* gcc.target/aarch64/stack-protector-2.c: Likewise.

gcc/config/aarch64/aarch64.md		diff \| blob \| blame \| history
gcc/testsuite/gcc.target/aarch64/stack-protector-1.c	[new file with mode: 0644]	blob
gcc/testsuite/gcc.target/aarch64/stack-protector-2.c	[new file with mode: 0644]	blob