Preserve bound registers for pointer pass/return

We need to save/restore bound registers and add a BND prefix before
branches in _dl_runtime_profile so that bound registers for pointer
pass and return are preserved when LD_AUDIT is used.

	[BZ #18134]
	* sysdeps/i386/configure.ac: Set HAVE_MPX_SUPPORT.
	* sysdeps/i386/configure: Regenerated.
	* sysdeps/i386/dl-trampoline.S (PRESERVE_BND_REGS_PREFIX): New.
	(_dl_runtime_profile): Save and restore Intel MPX return bound
	registers when calling _dl_call_pltexit.  Add
	PRESERVE_BND_REGS_PREFIX before return.
	* sysdeps/i386/link-defines.sym (LRV_BND0_OFFSET): New.
	(LRV_BND1_OFFSET): Likewise.
	* sysdeps/x86/bits/link.h (La_i86_retval): Add lrv_bnd0 and
	lrv_bnd1.
	* sysdeps/x86_64/dl-trampoline.S (_dl_runtime_profile): Fix
	typo in bndmov encoding.
	* sysdeps/x86_64/dl-trampoline.h: Properly save and restore
	Intel MPX bound registers.  Add PRESERVE_BND_REGS_PREFIX before
	branch instructions to preserve bounds.
This commit is contained in:
Igor Zamyatin 2015-07-09 06:50:12 -07:00 committed by H.J. Lu
parent 632b3db8e2
commit 14c5cbabc2
9 changed files with 119 additions and 27 deletions

View File

@ -1,3 +1,23 @@
2015-07-09 Igor Zamyatin <igor.zamyatin@intel.com>
H.J. Lu <hongjiu.lu@intel.com>
[BZ #18134]
* sysdeps/i386/configure.ac: Set HAVE_MPX_SUPPORT.
* sysdeps/i386/configure: Regenerated.
* sysdeps/i386/dl-trampoline.S (PRESERVE_BND_REGS_PREFIX): New.
(_dl_runtime_profile): Save and restore Intel MPX return bound
registers when calling _dl_call_pltexit. Add
PRESERVE_BND_REGS_PREFIX before return.
* sysdeps/i386/link-defines.sym (LRV_BND0_OFFSET): New.
(LRV_BND1_OFFSET): Likewise.
* sysdeps/x86/bits/link.h (La_i86_retval): Add lrv_bnd0 and
lrv_bnd1.
* sysdeps/x86_64/dl-trampoline.S (_dl_runtime_profile): Fix
typo in bndmov encoding.
* sysdeps/x86_64/dl-trampoline.h: Properly save and restore
Intel MPX bound registers. Add PRESERVE_BND_REGS_PREFIX before
branch instructions to preserve bounds.
2015-07-09 Adhemerval Zanella <adhemerval.zanella@linaro.org> 2015-07-09 Adhemerval Zanella <adhemerval.zanella@linaro.org>
* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc-le.abilist * sysdeps/unix/sysv/linux/powerpc/powerpc64/libc-le.abilist

14
NEWS
View File

@ -21,13 +21,13 @@ Version 2.22
18049, 18068, 18080, 18093, 18100, 18104, 18110, 18111, 18116, 18125, 18049, 18068, 18080, 18093, 18100, 18104, 18110, 18111, 18116, 18125,
18128, 18138, 18185, 18196, 18197, 18206, 18210, 18211, 18217, 18219, 18128, 18138, 18185, 18196, 18197, 18206, 18210, 18211, 18217, 18219,
18220, 18221, 18234, 18244, 18245, 18247, 18287, 18319, 18324, 18333, 18220, 18221, 18234, 18244, 18245, 18247, 18287, 18319, 18324, 18333,
18346, 18371, 18383, 18397, 18400, 18409, 18410, 18412, 18418, 18422, 18346, 18371, 18383, 18397, 18400, 18409, 18410, 18412, 18134, 18418,
18434, 18435, 18444, 18468, 18469, 18470, 18479, 18483, 18495, 18496, 18422, 18434, 18435, 18444, 18468, 18469, 18470, 18479, 18483, 18495,
18497, 18498, 18502, 18507, 18508, 18512, 18513, 18519, 18520, 18522, 18496, 18497, 18498, 18502, 18507, 18508, 18512, 18513, 18519, 18520,
18527, 18528, 18529, 18530, 18532, 18533, 18534, 18536, 18539, 18540, 18522, 18527, 18528, 18529, 18530, 18532, 18533, 18534, 18536, 18539,
18542, 18544, 18545, 18546, 18547, 18549, 18553, 18557, 18558, 18569, 18540, 18542, 18544, 18545, 18546, 18547, 18549, 18553, 18557, 18558,
18583, 18585, 18586, 18592, 18593, 18594, 18602, 18612, 18613, 18619, 18569, 18583, 18585, 18586, 18592, 18593, 18594, 18602, 18612, 18613,
18633, 18641, 18643, 18648. 18619, 18633, 18641, 18643, 18648.
* Cache information can be queried via sysconf() function on s390 e.g. with * Cache information can be queried via sysconf() function on s390 e.g. with
_SC_LEVEL1_ICACHE_SIZE as argument. _SC_LEVEL1_ICACHE_SIZE as argument.

View File

@ -240,6 +240,33 @@ $as_echo "$libc_cv_cc_novzeroupper" >&6; }
config_vars="$config_vars config_vars="$config_vars
config-cflags-novzeroupper = $libc_cv_cc_novzeroupper" config-cflags-novzeroupper = $libc_cv_cc_novzeroupper"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Intel MPX support" >&5
$as_echo_n "checking for Intel MPX support... " >&6; }
if ${libc_cv_asm_mpx+:} false; then :
$as_echo_n "(cached) " >&6
else
cat > conftest.s <<\EOF
bndmov %bnd0,(%esp)
EOF
if { ac_try='${CC-cc} -c $ASFLAGS conftest.s 1>&5'
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
(eval $ac_try) 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; }; then
libc_cv_asm_mpx=yes
else
libc_cv_asm_mpx=no
fi
rm -f conftest*
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_asm_mpx" >&5
$as_echo "$libc_cv_asm_mpx" >&6; }
if test $libc_cv_asm_mpx == yes; then
$as_echo "#define HAVE_MPX_SUPPORT 1" >>confdefs.h
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for AVX2 support" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for AVX2 support" >&5
$as_echo_n "checking for AVX2 support... " >&6; } $as_echo_n "checking for AVX2 support... " >&6; }
if ${libc_cv_cc_avx2+:} false; then : if ${libc_cv_cc_avx2+:} false; then :

View File

@ -88,6 +88,21 @@ LIBC_TRY_CC_OPTION([-mno-vzeroupper],
]) ])
LIBC_CONFIG_VAR([config-cflags-novzeroupper], [$libc_cv_cc_novzeroupper]) LIBC_CONFIG_VAR([config-cflags-novzeroupper], [$libc_cv_cc_novzeroupper])
dnl Check whether asm supports Intel MPX
AC_CACHE_CHECK(for Intel MPX support, libc_cv_asm_mpx, [dnl
cat > conftest.s <<\EOF
bndmov %bnd0,(%esp)
EOF
if AC_TRY_COMMAND(${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD); then
libc_cv_asm_mpx=yes
else
libc_cv_asm_mpx=no
fi
rm -f conftest*])
if test $libc_cv_asm_mpx == yes; then
AC_DEFINE(HAVE_MPX_SUPPORT)
fi
dnl Check if -mavx2 works. dnl Check if -mavx2 works.
AC_CACHE_CHECK(for AVX2 support, libc_cv_cc_avx2, [dnl AC_CACHE_CHECK(for AVX2 support, libc_cv_cc_avx2, [dnl
LIBC_TRY_CC_OPTION([-mavx2], [libc_cv_cc_avx2=yes], [libc_cv_cc_avx2=no]) LIBC_TRY_CC_OPTION([-mavx2], [libc_cv_cc_avx2=yes], [libc_cv_cc_avx2=no])

View File

@ -19,6 +19,12 @@
#include <sysdep.h> #include <sysdep.h>
#include <link-defines.h> #include <link-defines.h>
#ifdef HAVE_MPX_SUPPORT
# define PRESERVE_BND_REGS_PREFIX bnd
#else
# define PRESERVE_BND_REGS_PREFIX .byte 0xf2
#endif
.text .text
.globl _dl_runtime_resolve .globl _dl_runtime_resolve
.type _dl_runtime_resolve, @function .type _dl_runtime_resolve, @function
@ -172,6 +178,13 @@ _dl_runtime_profile:
movl %edx, LRV_EDX_OFFSET(%esp) movl %edx, LRV_EDX_OFFSET(%esp)
fstpt LRV_ST0_OFFSET(%esp) fstpt LRV_ST0_OFFSET(%esp)
fstpt LRV_ST1_OFFSET(%esp) fstpt LRV_ST1_OFFSET(%esp)
#ifdef HAVE_MPX_SUPPORT
bndmov %bnd0, LRV_BND0_OFFSET(%esp)
bndmov %bnd1, LRV_BND1_OFFSET(%esp)
#else
.byte 0x66,0x0f,0x1b,0x44,0x24,LRV_BND0_OFFSET
.byte 0x66,0x0f,0x1b,0x4c,0x24,LRV_BND1_OFFSET
#endif
pushl %esp pushl %esp
cfi_adjust_cfa_offset (4) cfi_adjust_cfa_offset (4)
# Address of La_i86_regs area. # Address of La_i86_regs area.
@ -185,9 +198,17 @@ _dl_runtime_profile:
movl LRV_EDX_OFFSET(%esp), %edx movl LRV_EDX_OFFSET(%esp), %edx
fldt LRV_ST1_OFFSET(%esp) fldt LRV_ST1_OFFSET(%esp)
fldt LRV_ST0_OFFSET(%esp) fldt LRV_ST0_OFFSET(%esp)
#ifdef HAVE_MPX_SUPPORT
bndmov LRV_BND0_OFFSET(%esp), %bnd0
bndmov LRV_BND1_OFFSET(%esp), %bnd1
#else
.byte 0x66,0x0f,0x1a,0x44,0x24,LRV_BND0_OFFSET
.byte 0x66,0x0f,0x1a,0x4c,0x24,LRV_BND1_OFFSET
#endif
# Restore stack before return. # Restore stack before return.
addl $(LRV_SIZE + 4 + LR_SIZE + 4), %esp addl $(LRV_SIZE + 4 + LR_SIZE + 4), %esp
cfi_adjust_cfa_offset (-(LRV_SIZE + 4 + LR_SIZE + 4)) cfi_adjust_cfa_offset (-(LRV_SIZE + 4 + LR_SIZE + 4))
PRESERVE_BND_REGS_PREFIX
ret ret
cfi_endproc cfi_endproc
.size _dl_runtime_profile, .-_dl_runtime_profile .size _dl_runtime_profile, .-_dl_runtime_profile

View File

@ -16,3 +16,5 @@ LRV_EAX_OFFSET offsetof (struct La_i86_retval, lrv_eax)
LRV_EDX_OFFSET offsetof (struct La_i86_retval, lrv_edx) LRV_EDX_OFFSET offsetof (struct La_i86_retval, lrv_edx)
LRV_ST0_OFFSET offsetof (struct La_i86_retval, lrv_st0) LRV_ST0_OFFSET offsetof (struct La_i86_retval, lrv_st0)
LRV_ST1_OFFSET offsetof (struct La_i86_retval, lrv_st1) LRV_ST1_OFFSET offsetof (struct La_i86_retval, lrv_st1)
LRV_BND0_OFFSET offsetof (struct La_i86_retval, lrv_bnd0)
LRV_BND1_OFFSET offsetof (struct La_i86_retval, lrv_bnd1)

View File

@ -38,6 +38,8 @@ typedef struct La_i86_retval
uint32_t lrv_edx; uint32_t lrv_edx;
long double lrv_st0; long double lrv_st0;
long double lrv_st1; long double lrv_st1;
uint64_t lrv_bnd0;
uint64_t lrv_bnd1;
} La_i86_retval; } La_i86_retval;

View File

@ -206,8 +206,8 @@ _dl_runtime_profile:
# else # else
.byte 0x66,0x0f,0x1b,0x84,0x24;.long (LR_BND_OFFSET) .byte 0x66,0x0f,0x1b,0x84,0x24;.long (LR_BND_OFFSET)
.byte 0x66,0x0f,0x1b,0x8c,0x24;.long (LR_BND_OFFSET + BND_SIZE) .byte 0x66,0x0f,0x1b,0x8c,0x24;.long (LR_BND_OFFSET + BND_SIZE)
.byte 0x66,0x0f,0x1b,0x84,0x24;.long (LR_BND_OFFSET + BND_SIZE*2) .byte 0x66,0x0f,0x1b,0x94,0x24;.long (LR_BND_OFFSET + BND_SIZE*2)
.byte 0x66,0x0f,0x1b,0x8c,0x24;.long (LR_BND_OFFSET + BND_SIZE*3) .byte 0x66,0x0f,0x1b,0x9c,0x24;.long (LR_BND_OFFSET + BND_SIZE*3)
# endif # endif
# endif # endif

View File

@ -63,20 +63,6 @@
movaps (LR_XMM_OFFSET + XMM_SIZE*6)(%rsp), %xmm6 movaps (LR_XMM_OFFSET + XMM_SIZE*6)(%rsp), %xmm6
movaps (LR_XMM_OFFSET + XMM_SIZE*7)(%rsp), %xmm7 movaps (LR_XMM_OFFSET + XMM_SIZE*7)(%rsp), %xmm7
#ifndef __ILP32__
# ifdef HAVE_MPX_SUPPORT
bndmov (LR_BND_OFFSET)(%rsp), %bnd0 # Restore bound
bndmov (LR_BND_OFFSET + BND_SIZE)(%rsp), %bnd1 # registers.
bndmov (LR_BND_OFFSET + BND_SIZE*2)(%rsp), %bnd2
bndmov (LR_BND_OFFSET + BND_SIZE*3)(%rsp), %bnd3
# else
.byte 0x66,0x0f,0x1a,0x84,0x24;.long (LR_BND_OFFSET)
.byte 0x66,0x0f,0x1a,0x8c,0x24;.long (LR_BND_OFFSET + BND_SIZE)
.byte 0x66,0x0f,0x1a,0x94,0x24;.long (LR_BND_OFFSET + BND_SIZE*2)
.byte 0x66,0x0f,0x1a,0x9c,0x24;.long (LR_BND_OFFSET + BND_SIZE*3)
# endif
#endif
#ifdef RESTORE_AVX #ifdef RESTORE_AVX
/* Check if any xmm0-xmm7 registers are changed by audit /* Check if any xmm0-xmm7 registers are changed by audit
module. */ module. */
@ -154,8 +140,24 @@
1: 1:
#endif #endif
#ifndef __ILP32__
# ifdef HAVE_MPX_SUPPORT
bndmov (LR_BND_OFFSET)(%rsp), %bnd0 # Restore bound
bndmov (LR_BND_OFFSET + BND_SIZE)(%rsp), %bnd1 # registers.
bndmov (LR_BND_OFFSET + BND_SIZE*2)(%rsp), %bnd2
bndmov (LR_BND_OFFSET + BND_SIZE*3)(%rsp), %bnd3
# else
.byte 0x66,0x0f,0x1a,0x84,0x24;.long (LR_BND_OFFSET)
.byte 0x66,0x0f,0x1a,0x8c,0x24;.long (LR_BND_OFFSET + BND_SIZE)
.byte 0x66,0x0f,0x1a,0x94,0x24;.long (LR_BND_OFFSET + BND_SIZE*2)
.byte 0x66,0x0f,0x1a,0x9c,0x24;.long (LR_BND_OFFSET + BND_SIZE*3)
# endif
#endif
mov 16(%rbx), %R10_LP # Anything in framesize? mov 16(%rbx), %R10_LP # Anything in framesize?
test %R10_LP, %R10_LP test %R10_LP, %R10_LP
PRESERVE_BND_REGS_PREFIX
jns 3f jns 3f
/* There's nothing in the frame size, so there /* There's nothing in the frame size, so there
@ -174,6 +176,7 @@
addq $48, %rsp # Adjust the stack to the return value addq $48, %rsp # Adjust the stack to the return value
# (eats the reloc index and link_map) # (eats the reloc index and link_map)
cfi_adjust_cfa_offset(-48) cfi_adjust_cfa_offset(-48)
PRESERVE_BND_REGS_PREFIX
jmp *%r11 # Jump to function address. jmp *%r11 # Jump to function address.
3: 3:
@ -200,6 +203,7 @@
movq 32(%rdi), %rsi movq 32(%rdi), %rsi
movq 40(%rdi), %rdi movq 40(%rdi), %rdi
PRESERVE_BND_REGS_PREFIX
call *%r11 call *%r11
mov 24(%rbx), %rsp # Drop the copied stack content mov 24(%rbx), %rsp # Drop the copied stack content
@ -280,11 +284,11 @@
#ifndef __ILP32__ #ifndef __ILP32__
# ifdef HAVE_MPX_SUPPORT # ifdef HAVE_MPX_SUPPORT
bndmov LRV_BND0_OFFSET(%rcx), %bnd0 # Restore bound registers. bndmov LRV_BND0_OFFSET(%rsp), %bnd0 # Restore bound registers.
bndmov LRV_BND1_OFFSET(%rcx), %bnd1 bndmov LRV_BND1_OFFSET(%rsp), %bnd1
# else # else
.byte 0x66,0x0f,0x1a,0x81;.long (LRV_BND0_OFFSET) .byte 0x66,0x0f,0x1a,0x84,0x24;.long (LRV_BND0_OFFSET)
.byte 0x66,0x0f,0x1a,0x89;.long (LRV_BND1_OFFSET) .byte 0x66,0x0f,0x1a,0x8c,0x24;.long (LRV_BND1_OFFSET)
# endif # endif
#endif #endif
@ -299,6 +303,7 @@
addq $48, %rsp # Adjust the stack to the return value addq $48, %rsp # Adjust the stack to the return value
# (eats the reloc index and link_map) # (eats the reloc index and link_map)
cfi_adjust_cfa_offset(-48) cfi_adjust_cfa_offset(-48)
PRESERVE_BND_REGS_PREFIX
retq retq
#ifdef MORE_CODE #ifdef MORE_CODE