From patchwork Fri Apr 25 19:25:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sachin Monga X-Patchwork-Id: 111039 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 85D653858408 for ; Fri, 25 Apr 2025 19:26:51 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 85D653858408 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=lUay9LHB X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by sourceware.org (Postfix) with ESMTPS id E88573858D20 for ; Fri, 25 Apr 2025 19:26:10 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E88573858D20 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linux.ibm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org E88573858D20 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=148.163.156.1 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1745609171; cv=none; b=Hkczx2pK9sh4HZkHgIW9RkkS4E9tXUxttSrc/sWisOdrI2JSm93MxBqDS8rnV9xlAX+1Bd5Qc7M+9Nlo3wD5rw//PiVCzU60ki/KuBFsuhObRx7BOd11TCHpi020Y0FaPghjfKl1n9zQYq6L8pm2dxGmP+YXS7ymnBvatisT2kQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1745609171; c=relaxed/simple; bh=mumtJcnVb6D4wXuWRQqPt1wanMSsnwuL1TSCTEBtdxE=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=XoGBpKpZLRMgOisAvtaaUtytolPu8HWY1RMpZErS/qWqEmtBKjYDS6FEWWbYVfTQ4BJiJn2PE/mwbUhgYNCtzoo7poOdj6UbldH3XiAC7Ee6tgP+OxBO1mN+nyZDuCJEqgJ4ASXSCeUIriBMPNt4qyWb5TFXqbekS6yNfYSxXRQ= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E88573858D20 Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 53PB015Q006481 for ; Fri, 25 Apr 2025 19:26:10 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:message-id:mime-version :subject:to; s=pp1; bh=24R5B2v0bfQC1L2NrpGdsrT3cG7AxwcEJvenKsF8G y4=; b=lUay9LHB34aEHjcOK3CvjP8KdirFnFDj+lasoBYBAm9LEKu2HZD889bjx JV0hH9aTTGRxs9BuC2tcxdrRNPrzgysko8gFiRUcNqyy8ghRhNlWyNSzNMcMAWws lCjLi084aFSx7Wswg/r8ACjYBFRw1AadGiGgubCGelzWtyURnFboLG+bzmvYF4Xe 6Yg6E48QKtZEl2tu5j79rCC4/BkwlI+wwGToXdWFu3xRGEv2xlXeVHiMqDF1QoOp tKYmYEaMItYpoHs97VBrcvTNR8k9HzDHFWAozE0MbcsLFehynqDx2edOygEqTVMy hLQv78J3CJzZgkvnm0uK6X8YDrPEA== Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 467wd9n7gn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 25 Apr 2025 19:26:09 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 53PG83dw004072 for ; Fri, 25 Apr 2025 19:26:08 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 466jg06uba-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 25 Apr 2025 19:26:08 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 53PJQ5HP46399874 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 25 Apr 2025 19:26:05 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 49B7020049; Fri, 25 Apr 2025 19:26:05 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A365620040; Fri, 25 Apr 2025 19:26:04 +0000 (GMT) Received: from kubota.pok.stglabs.ibm.com (unknown [9.114.39.181]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 25 Apr 2025 19:26:04 +0000 (GMT) From: Sachin Monga To: libc-alpha@sourceware.org Cc: bergner@linux.ibm.com, Sachin Monga Subject: [PATCH v1] Enable -mrop-protect through configure command Date: Fri, 25 Apr 2025 14:25:57 -0500 Message-ID: <20250425192557.2929221-1-smonga@linux.ibm.com> X-Mailer: git-send-email 2.43.5 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: Hpizv_ViqRnAIygntXcABCRzGmfnAAnw X-Proofpoint-ORIG-GUID: Hpizv_ViqRnAIygntXcABCRzGmfnAAnw X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNDI1MDEzNiBTYWx0ZWRfX+l7IBJAHtApU 0xm6ons2UOyEnZTEfASDyvckjbV4/w3OSR3+hute5edZZU+PKbHSWOXWN/VB9boI8qc74QZpSrg ptcikc57u4NMZMOr/rwsIh90h73YAkRNuzHbxp8GGLgoZfKLBcPeU/oGVDPLT9r8HmAR/gP3K9m jw6PTcaLHypA0zlLb5l32fLUmtpypevblWMOFR2Mzd/U4tuHNrAQkxpanhtt0LrkqXu+42Yz3Ue r2Kk7SuLM+ep/lZviiEutrO7gx52myS0ZB4/rVPrXt7oX2g8dI4xcPsVDGO2RKsJZAwcftiJFdW dWf3xEke9iEoo5vueMbGo5iM/M2QVGApLBWxDjXT5KPKcgA7Bu4K+0yQisLMVUC5txdZAaBt7ts hCVp27eGcq3E/3zqJ5J1JG1bI5wbpC1md/7F3gxD7g/N4JwGxci+zhhnGIfrPvFm4OPzoEZj X-Authority-Analysis: v=2.4 cv=M5lNKzws c=1 sm=1 tr=0 ts=680be1d1 cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=XR8D0OoHHMoA:10 a=VnNF1IyMAAAA:8 a=go-Wveafen3c4gj2W7gA:9 a=3ZKOabzyN94A:10 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-04-25_06,2025-04-24_02,2025-02-21_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 mlxscore=0 priorityscore=1501 impostorscore=0 mlxlogscore=999 lowpriorityscore=0 bulkscore=0 clxscore=1011 adultscore=0 malwarescore=0 suspectscore=0 spamscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2504070000 definitions=main-2504250136 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_LOW, RCVD_IN_HOSTKARMA_W, RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org powerpc64le: Add --enable-rop-protection=yes for configure command. Suffix -mrop-protect to only ppc64le configured builds with ROP. Flag error when ROP is configured but the compiler is unsupportive. Add -mno-rop-protect for Power7 specific source files. Signed-off-by: Sachin Monga --- This patch is reg tested. Makeconfig | 5 ++- config.make.in | 4 ++ configure | 18 +++++++++ configure.ac | 9 +++++ sysdeps/powerpc/powerpc64/configure | 41 ++++++++++++++++++++ sysdeps/powerpc/powerpc64/configure.ac | 22 +++++++++++ sysdeps/powerpc/powerpc64/multiarch/Makefile | 4 +- 7 files changed, 99 insertions(+), 4 deletions(-) diff --git a/Makeconfig b/Makeconfig index a2ea4f6a33..3c70addd1f 100644 --- a/Makeconfig +++ b/Makeconfig @@ -1000,7 +1000,7 @@ endif # $(+cflags) == "" # otherwise require specifying __attribute__ ((nocommon)) on a # case-by-case basis). +cflags += $(cflags-cpu) $(+gccwarn) $(+merge-constants) $(+math-flags) \ - $(+stack-protector) -fno-common + $(+stack-protector) -fno-common $(cflags-rop) +gcc-nowarn := -w # We must filter out elf because the early bootstrap of the dynamic loader @@ -1169,7 +1169,8 @@ endif ifndef ASFLAGS ASFLAGS := $(filter -g% -fdebug-prefix-map=%,$(CFLAGS)) endif -override ASFLAGS += -Werror=undef $(ASFLAGS-config) $(asflags-cpu) +override ASFLAGS += -Werror=undef $(ASFLAGS-config) $(asflags-cpu) \ + $(asflags-rop) move-if-change = $(SHELL) $(..)scripts/move-if-change diff --git a/config.make.in b/config.make.in index 59897eaec2..90e3172394 100644 --- a/config.make.in +++ b/config.make.in @@ -38,6 +38,8 @@ config-os = @host_os@ config-sysdirs = @sysnames@ cflags-cpu = @libc_cv_cc_submachine@ asflags-cpu = @libc_cv_cc_submachine@ +cflags-rop = @rop_protection@ +asflags-rop = @rop_protection@ config-extra-cflags = @libc_extra_cflags@ config-extra-cppflags = @libc_extra_cppflags@ @@ -64,6 +66,8 @@ have-fpie = @libc_cv_fpie@ have-ssp = @libc_cv_ssp@ stack-protector = @stack_protector@ no-stack-protector = @no_stack_protector@ +rop-protection = @rop_protection@ +no-rop-protection = @no_rop_protection@ fortify-source = @fortify_source@ no-fortify-source = @no_fortify_source@ have-selinux = @have_selinux@ diff --git a/configure b/configure index d11dcf97c5..f3203a4366 100755 --- a/configure +++ b/configure @@ -620,6 +620,8 @@ DEFINES static_nss profile libc_cv_multidir +no_rop_protection +rop_protection libc_cv_test_x86_have_amx_tile test_enable_cet libc_cv_test_cc_mprefer_vector_width @@ -805,6 +807,7 @@ enable_hardcoded_path_in_tests enable_hidden_plt enable_bind_now enable_stack_protector +enable_rop_protection enable_static_nss enable_force_install enable_maintainer_mode @@ -1478,6 +1481,9 @@ Optional Features: --enable-stack-protector=[yes|no|all|strong] Use -fstack-protector[-all|-strong] to detect glibc buffer overflows + --enable-rop-protection=[yes|no] + Use --enable-rop-protection[yes|no] to emit ROP + instructions --enable-static-nss build static NSS modules [default=no] --disable-force-install don't force installation of files from this package, even if they are older than the installed files @@ -4616,6 +4622,16 @@ all|yes|no|strong) ;; *) as_fn_error $? "Not a valid argument for --enable-stack-protector: \"$enable_stack_protector\"" "$LINENO" 5;; esac +# Check whether --enable-rop-protection was given. +if test ${enable_rop_protection+y} +then : + enableval=$enable_rop_protection; enable_rop_protection=$enableval +else case e in #( + e) enable_rop_protection=no ;; +esac +fi + # Check whether --enable-static-nss was given. if test ${enable_static_nss+y} then : @@ -9180,6 +9196,8 @@ have-libgcc_s = $libc_cv_have_libgcc_s" + + # Set the `multidir' variable by grabbing the variable from the compiler. # We do it once and save the result in a generated makefile. libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory` diff --git a/configure.ac b/configure.ac index d068bb5082..838332cbee 100644 --- a/configure.ac +++ b/configure.ac @@ -272,6 +272,13 @@ all|yes|no|strong) ;; *) AC_MSG_ERROR([Not a valid argument for --enable-stack-protector: "$enable_stack_protector"]);; esac +dnl Build glibc with -mrop-protect. +AC_ARG_ENABLE([rop-protection], + AS_HELP_STRING([--enable-rop-protection=@<:@yes|no@:>@], + [Use --enable-rop-protection[yes|no] to emit ROP instructions]), + [enable_rop_protection=$enableval], + [enable_rop_protection=no]) + dnl On some platforms we cannot use dynamic loading. We must provide dnl static NSS modules. AC_ARG_ENABLE([static-nss], @@ -2077,6 +2084,8 @@ LIBC_CONFIG_VAR([have-libgcc_s], [$libc_cv_have_libgcc_s]) AC_SUBST(libc_cv_test_cc_mprefer_vector_width) AC_SUBST(test_enable_cet) AC_SUBST(libc_cv_test_x86_have_amx_tile) +AC_SUBST(rop_protection) +AC_SUBST(no_rop_protection) # Set the `multidir' variable by grabbing the variable from the compiler. # We do it once and save the result in a generated makefile. diff --git a/sysdeps/powerpc/powerpc64/configure b/sysdeps/powerpc/powerpc64/configure index 3e3a83505a..053252ff25 100644 --- a/sysdeps/powerpc/powerpc64/configure +++ b/sysdeps/powerpc/powerpc64/configure @@ -78,3 +78,44 @@ then : fi +# If the user enabled ROP protection, then require that the compiler +# supports the compiler option that enables ROP. +if test "$enable_rop_protection" = yes; then + rop_protection="-mrop-protect" + no_rop_protection="-mno-rop-protect" + OLD_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $rop_protection" + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if the compiler supports -mrop-protect" >&5 +printf %s "checking if the compiler supports -mrop-protect... " >&6; } +if test ${libc_cv_rop+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #ifndef __ROP_PROTECT__ + #error compiler does not support -mrop-protect + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + libc_cv_rop=yes +else case e in #( + e) libc_cv_rop=no ;; +esac +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $libc_cv_rop" >&5 +printf "%s\n" "$libc_cv_rop" >&6; } + if test $libc_cv_rop = no; then + as_fn_error $? "$CC doesn't support -mrop-protect" "$LINENO" 5 + fi + CFLAGS="$OLD_CFLAGS" +fi + diff --git a/sysdeps/powerpc/powerpc64/configure.ac b/sysdeps/powerpc/powerpc64/configure.ac index 225d66ef1a..439eb6dca6 100644 --- a/sysdeps/powerpc/powerpc64/configure.ac +++ b/sysdeps/powerpc/powerpc64/configure.ac @@ -43,3 +43,25 @@ EOF rm -rf conftest.*]) AS_IF([test x$libc_cv_ppc64_notoc = xyes], [AC_DEFINE(USE_PPC64_NOTOC)]) + +# If the user enabled ROP protection, then require that the compiler +# supports the compiler option that enables ROP. +if test "$enable_rop_protection" = yes; then + rop_protection="-mrop-protect" + no_rop_protection="-mno-rop-protect" + OLD_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $rop_protection" + AC_CACHE_CHECK([if the compiler supports -mrop-protect], + libc_cv_rop, [ + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #ifndef __ROP_PROTECT__ + #error compiler does not support -mrop-protect + #endif + ]])], + [libc_cv_rop=yes], + [libc_cv_rop=no])]) + if test $libc_cv_rop = no; then + AC_MSG_ERROR([$CC doesn't support -mrop-protect]) + fi + CFLAGS="$OLD_CFLAGS" +fi diff --git a/sysdeps/powerpc/powerpc64/multiarch/Makefile b/sysdeps/powerpc/powerpc64/multiarch/Makefile index dc7c5b14ee..304c0d28c7 100644 --- a/sysdeps/powerpc/powerpc64/multiarch/Makefile +++ b/sysdeps/powerpc/powerpc64/multiarch/Makefile @@ -38,8 +38,8 @@ sysdep_routines += memchr-power10 memcmp-power10 memcpy-power10 \ stpcpy-power9 strlen-power9 strncpy-power9 stpncpy-power9 \ strlen-power10 endif -CFLAGS-strncase-power7.c += -mcpu=power7 -funroll-loops -CFLAGS-strncase_l-power7.c += -mcpu=power7 -funroll-loops +CFLAGS-strncase-power7.c += -mcpu=power7 -funroll-loops $(no-rop-protection) +CFLAGS-strncase_l-power7.c += -mcpu=power7 -funroll-loops $(no-rop-protection) endif # Called during static initialization