powerpc64le: ROP Changes for strncpy/ppc-mount

Add ROP protect instructions to strncpy and ppc-mount functions. Modify FRAME_MIN_SIZE to 48 bytes for ELFv2 to reserve additional 16 bytes for ROP save slot and padding. Signed-off-by: Sachin Monga <smonga@linux.ibm.com> Reviewed-by: Peter Bergner <bergner@linux.ibm.com>
2024-12-01 01:00:10 +00:00 · 2024-11-25 10:17:30 -05:00 · 2024-11-25 10:17:30 -05:00 · 2062e02772
commit 2062e02772
parent 68d7128942
4 changed files with 46 additions and 28 deletions
--- a/sysdeps/powerpc/powerpc64/le/power9/strncpy.S
+++ b/sysdeps/powerpc/powerpc64/le/power9/strncpy.S
@ -365,8 +365,8 @@ L(zero_padding_end):

 	.align	4
 L(zero_padding_memset):
-	std	r30,-8(r1)   /* Save r30 on the stack.  */
-	cfi_offset(r30, -8)
+	std	r30,-16(r1)  /* Save r30 on the stack.  */
+	cfi_offset(r30, -16)
 	mr	r30,r3       /* Save the return value of strncpy.  */
 	/* Prepare the call to memset.  */
 	mr	r3,r11       /* Pointer to the area to be zero-filled.  */
@ -380,6 +380,9 @@ L(zero_padding_memset):
 	mflr	r0
 	std	r0,16(r1)

+#ifdef __ROP_PROTECT__
+	hashst	0,FRAME_ROP_SAVE(r1)
+#endif
 	/* Create the stack frame.  */
 	stdu	r1,-FRAMESIZE(r1)
 	cfi_adjust_cfa_offset(FRAMESIZE)
@ -395,13 +398,16 @@ L(zero_padding_memset):
 	mr	r3,r30       /* Restore the return value of strncpy, i.e.:
 				dest.  For stpncpy, the return value is the
 				same as return value of memset.  */
-	ld	r30,FRAMESIZE-8(r1) /* Restore r30.  */
+	ld	r30,FRAMESIZE-16(r1) /* Restore r30.  */
 	/* Restore the stack frame.  */
 	addi	r1,r1,FRAMESIZE
 	cfi_adjust_cfa_offset(-FRAMESIZE)
 	/* Restore the link register.  */
 	mtlr	r0
 	cfi_restore(lr)
+#ifdef __ROP_PROTECT__
+	hashchk	0,FRAME_ROP_SAVE(r1)
+#endif
 	blr

 END (FUNC_NAME)
--- a/sysdeps/powerpc/powerpc64/power8/strncpy.S
+++ b/sysdeps/powerpc/powerpc64/power8/strncpy.S
@ -81,26 +81,26 @@ ENTRY (FUNC_NAME, 4)
 	rlwinm	r9,r4,0,19,19

 	/* Save some non-volatile registers on the stack.  */
-	std	r26,-48(r1)
-	std	r27,-40(r1)
+	std	r26,-56(r1)
+	std	r27,-48(r1)

 	rlwinm	r8,r10,0,19,19

-	std	r28,-32(r1)
-	std	r29,-24(r1)
+	std	r28,-40(r1)
+	std	r29,-32(r1)

 	cmpld	cr7,r9,r8

-	std	r30,-16(r1)
-	std	r31,-8(r1)
+	std	r30,-24(r1)
+	std	r31,-16(r1)

 	/* Update CFI.  */
-	cfi_offset(r26, -48)
-	cfi_offset(r27, -40)
-	cfi_offset(r28, -32)
-	cfi_offset(r29, -24)
-	cfi_offset(r30, -16)
-	cfi_offset(r31, -8)
+	cfi_offset(r26, -56)
+	cfi_offset(r27, -48)
+	cfi_offset(r28, -40)
+	cfi_offset(r29, -32)
+	cfi_offset(r30, -24)
+	cfi_offset(r31, -16)

 	beq	cr7,L(unaligned_lt_16)
 	rldicl	r9,r4,0,61
@ -205,12 +205,12 @@ L(short_path_loop_end_1):
 #endif
 L(short_path_loop_end):
 	/* Restore non-volatile registers.  */
-	ld	r26,-48(r1)
-	ld	r27,-40(r1)
-	ld	r28,-32(r1)
-	ld	r29,-24(r1)
-	ld	r30,-16(r1)
-	ld	r31,-8(r1)
+	ld	r26,-56(r1)
+	ld	r27,-48(r1)
+	ld	r28,-40(r1)
+	ld	r29,-32(r1)
+	ld	r30,-24(r1)
+	ld	r31,-16(r1)
 	blr

 	/* This code pads the remainder of dest with NULL bytes.  The algorithm
@ -242,6 +242,9 @@ L(zero_pad_start_1):
 	mflr	r0
 	std	r0,16(r1)

+#ifdef __ROP_PROTECT__
+	hashst	0,FRAME_ROP_SAVE(r1)
+#endif
 	/* Create the stack frame.  */
 	stdu	r1,-FRAMESIZE(r1)
 	cfi_adjust_cfa_offset(FRAMESIZE)
@ -261,18 +264,21 @@ L(zero_pad_start_1):
 #endif

 	/* Restore non-volatile registers and return.  */
-	ld	r26,FRAMESIZE-48(r1)
-	ld	r27,FRAMESIZE-40(r1)
-	ld	r28,FRAMESIZE-32(r1)
-	ld	r29,FRAMESIZE-24(r1)
-	ld	r30,FRAMESIZE-16(r1)
-	ld	r31,FRAMESIZE-8(r1)
+	ld	r26,FRAMESIZE-56(r1)
+	ld	r27,FRAMESIZE-48(r1)
+	ld	r28,FRAMESIZE-40(r1)
+	ld	r29,FRAMESIZE-32(r1)
+	ld	r30,FRAMESIZE-24(r1)
+	ld	r31,FRAMESIZE-16(r1)
 	/* Restore the stack frame.  */
 	addi	r1,r1,FRAMESIZE
 	cfi_adjust_cfa_offset(-FRAMESIZE)
 	/* Restore the link register.  */
 	mtlr	r0
 	cfi_restore(lr)
+#ifdef __ROP_PROTECT__
+	hashchk	0,FRAME_ROP_SAVE(r1)
+#endif
 	blr

 	/* The common case where [src]+16 will not cross a 4K page boundary.
--- a/sysdeps/powerpc/powerpc64/ppc-mcount.S
+++ b/sysdeps/powerpc/powerpc64/ppc-mcount.S
@ -25,6 +25,9 @@ ENTRY(_mcount)
 	mflr		 r4
 	ld		 r11, 0(r1)
 	std		 r4, FRAME_LR_SAVE(r1)
+#ifdef __ROP_PROTECT__
+	hashst		 r4, FRAME_ROP_SAVE(r1)
+#endif
 	stdu		 r1,-FRAME_MIN_SIZE(r1)
 	cfi_adjust_cfa_offset (FRAME_MIN_SIZE)
 	cfi_offset (lr, FRAME_LR_SAVE)
@ -36,5 +39,8 @@ ENTRY(_mcount)
 	ld		 r0, FRAME_MIN_SIZE+FRAME_LR_SAVE(r1)
 	mtlr		 r0
 	addi		 r1,r1,FRAME_MIN_SIZE
+#ifdef __ROP_PROTECT__
+	hashchk		 0, FRAME_ROP_SAVE(r1)
+#endif
 	blr
 END(_mcount)
--- a/sysdeps/powerpc/powerpc64/sysdep.h
+++ b/sysdeps/powerpc/powerpc64/sysdep.h
@ -32,7 +32,7 @@
 #define FRAME_PARM_SAVE		48
 #else
 #define FRAME_ROP_SAVE		-8
-#define FRAME_MIN_SIZE		32
+#define FRAME_MIN_SIZE		48  /* Includes space for the ROP save slot */
 #define FRAME_MIN_SIZE_PARM	112 /* Includes space for the ROP save slot */
 #define FRAME_TOC_SAVE		24
 #define FRAME_PARM_SAVE		32